This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Depends on D130820
Differential Revision: https://phabricator.services.mozilla.com/D122392
In some cases (doing video decode on the CPU and uploading the result
with dmabuf) we'll need to use `DMA_BUF_IOCTL_SYNC` in the RDD process.
This patch allows that ioctl type ('b', used only by dmabuf and Android
binder; the latter doesn't apply on Desktop), for forward compatibility
with any future usage of dmabuf ioctls.
Differential Revision: https://phabricator.services.mozilla.com/D133715
Mesa tries to get the XDG cache directory value, but if `$XDG_CACHE_HOME`
is unset it tries to call `getpwuid_r` for the home directory instead of
checking the environment, and passwd lookup can use sockets (to connect to
`nscd`, or a server like NIS or LDAP). This patch changes the RDD sandbox
policy to simply return an error instead of treating it as an unexpected
event.
Also, we don't allow access to that directory in the RDD process's
filesystem policy, so there's no point in Mesa trying to find it.
Differential Revision: https://phabricator.services.mozilla.com/D133713
As discussed in the previous patch, we'd like to allow these syscalls for
any thread of the calling process, but technical limitations mean that we
have to restrict them to the calling thread (or not at all). Therefore,
they are allowed for the calling thread, and EPERM is returned otherwise.
This is a slight problem for Mesa, which in some cases changes a
thread's own scheduler attributes and in other places tries to modify
other threads, but at least if we allow this safe subset it's possible
that a future Mesa version could work within that.
The impact of denying the other-thread case of these syscalls should be
limited to slightly reduced performance via suboptimal scheduling.
Differential Revision: https://phabricator.services.mozilla.com/D133712
These syscalls operate on a given thread ID, or 0 to indicate the
calling thread; the seccomp-bpf policy can allow the fixed value 0, and
a SIGSYS trap handler can check for the current thread's ID and remap it
to 0, but we don't have a safe way to check if it's another thread of
the current process (which is the policy we'd like to have). If they
weren't filtered at all, they could act on any thread of any process
owned by the same user, which is not ideal.
Currently the GMP process policy allows them for the calling thread
and treats them as unexpected syscalls otherwise (crashing by default
on Nightly, else ENOSYS), while the content process policy allows them
without filtering (bug 1413313) and we need also them in the RDD process
(this bug). The direction we're going to take is to allow them on the
current thread and fail with EPERM otherwise.
This patch, therefore, changes the default behavior to EPERM and moves
the code into the policy superclass so that other process types can share it.
Differential Revision: https://phabricator.services.mozilla.com/D133711
The original SandboxTesting protocol assumed tests would just care about
whether operations succeeded or failed, but now we have tests that check
for specific error codes. Currently that doesn't work well: getting an
error with the wrong error code is misreported as the syscall succeeding.
This patch changes the protocol to simply indicate whether the test
passed and give an unstructured message about what happened, and fixes
the `SandboxTestingChild::*Test` methods to include the relevant
information in the message.
Differential Revision: https://phabricator.services.mozilla.com/D132853
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
unlink("") will always return -ENOENT if passed to the kernel, so just
do the same thing here. We need this as empty paths can't be whitelisted.
Differential Revision: https://phabricator.services.mozilla.com/D132174
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
Building with --disable-xul has been busted since _at least_ bug
1082579, for more than 7 years (I didn't try to track that down
further). It's time to recognize that the option serves no purpose.
Differential Revision: https://phabricator.services.mozilla.com/D133161
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
I considered removing this class initially, but it's actually a pretty
useful abstraction over the DateTimeFormat interface when used
specifically with Gecko. It applies the OS preferences and provides some
caching behavior.
Differential Revision: https://phabricator.services.mozilla.com/D131671
-Wshadow warnings are not enabled globally, so these -Wno-shadow suppressions have no effect. I had intended to enable -Wshadow globally along with these suppressions in some directories (in bug 1272513), but that was blocked by other issues.
There are too many -Wshadow warnings (now over 2000) to realistically fix them all. We should remove all these unnecessary -Wno-shadow flags cluttering many moz.build files.
Differential Revision: https://phabricator.services.mozilla.com/D132289
I considered removing this class initially, but it's actually a pretty
useful abstraction over the DateTimeFormat interface when used
specifically with Gecko. It applies the OS preferences and provides some
caching behavior.
Differential Revision: https://phabricator.services.mozilla.com/D131671
Changes:
1. For the `intel` drivers [on newer hardware][VCS2], access to SysV IPC
is granted. There is a slight restriction: `semget` and `shmget` are
restricted to the fixed `key_t` value used by the driver; however,
the other calls take shm/sem identifiers, which are dynamically
assigned and globally scoped, so an attacker could still access
other resources. This is considered a reasonable tradeoff for not
needing to allow this (or, eventually, any GPU access) in the content
process, which is much easier for malicious content to attack than
RDD.
2. Access to devices in `/dev/dri` and the `DRM_IOCTL_*` ioctls (type `'d'`).
3. Read access to the parts of sysfs used by Mesa to do device detection;
again, given the choice we'd rather allow this in RDD than content.
4. Read access to directories containing libraries, for plugin loading.
5. Allowing `kcmp` in the special case of comparing the process's
own fds, for `amdgpu` (already allowed for content).
6. The `eventfd2` syscall, which we use in connection with dma-buf.
[VCS2]: https://github.com/intel/media-driver/blob/77b3b2a6c366/media_driver/linux/common/os/mos_os_specific.c#L1508-L1512
Differential Revision: https://phabricator.services.mozilla.com/D131680
Minor functional changes:
1. `fcntl` `F_DUPFD_CLOEXEC` is now allowed everywhere instead of
just content. It's the obvious (and maybe only? and probably
only portable) way for a library to `dup` and atomically set the
close-on-exec flag, and appears harmless.
2. `ioctl`s used by the `isatty` function are denied with `ENOTTY` by
default in all processes, instead of being treated as an invalid
syscall, and this now applies to `TIOCGWINSZ` (used by musl) as well
as `TCGETS` (used by glibc). Nothing new is allowed here; it's just
that this is treated as an expected denial.
3. Getting the real or effective user or group ID is allowed everywhere.
Every process type except RDD previously did, and RDD soon will. See
also the new comment about why GMP may not always need it, but that
it's not very meaningful to block.
Refactoring, no functional change intended:
1. The policy for the `kcmp` syscall as used by Mesa's `amdgpu` driver
is now in a protected method of SandboxPolicyCommon, but is used only
in the content process as previously. A later patch will also apply
it to the RDD process, so this avoids code duplication.
Differential Revision: https://phabricator.services.mozilla.com/D131679
On 32-bit x86, Linux originally used a single system call, ipc(2), for
all SysV IPC. This is similar to socketcall(2), but the arguments are
passed directly (shifted by one position) instead of indirected via
a pointer, so seccomp-bpf can filter them normally. Also similar to
socketcall(2), individual syscalls were added later (in kernel 5.1,
vs. 4.3 for socket calls), so the policy needs to handle both of them,
adjusting argument offsets as needed. This patch adds an argument to
`EvaluateIpcCall` to allow that.
Differential Revision: https://phabricator.services.mozilla.com/D131678
For running in FIPS mode, NSS needs to check /proc/sys/crypto/fips_enabled, to be able to tell whether FIPS is enabled or not.
FIPS also mandates using /dev/random instead of /dev/urandom.
Differential Revision: https://phabricator.services.mozilla.com/D129126
This patch introduces ipcclientcerts, a PKCS#11 module that the socket process
can load to get access to client certificates and keys managed by the parent
process. This enables client certificate authentication to work with the socket
process (particularly for keys stored outside of NSS, as with osclientcerts or
third-party PKCS#11 modules).
Differential Revision: https://phabricator.services.mozilla.com/D122392
If we get `MSG_CTRUNC` back from `recvmsg` in this context, it means
a file descriptor couldn't be received; because the sender will never
attach too many fds, the only reasonable cause is fd exhaustion in the
receiving process. Therefore, we should return `EMFILE` ("Too many open
files") instead of `EMSGSIZE` ("Message too long") to reduce confusion
when reading log messages.
Differential Revision: https://phabricator.services.mozilla.com/D129891
Acording to crash reports, obsfucating the NSS DB locations did not help, so
this patch un-does the changes and un-migrates any migrated DB locations.
Differential Revision: https://phabricator.services.mozilla.com/D129323
This is a fairly significant update, so required a few changes to Gecko code, but I've commented on the interesting details, so they should be easy to find
Differential Revision: https://phabricator.services.mozilla.com/D129465
This adds a new cross call using the chromium shared memory IPC to proxy use of
the Uniscribe line breaker, because it cannot be used in the content process
with win32k lockdown enabled.
If the text being processed is too long to fit into the IPC params then it is
processed in chunks.
This change implements an INPTR_TYPE in the sandbox, which appears to have
been removed at some point.
It also fixes a bug in OpcodeFactory::MakeOpAction, so that a null param is
passed and we can use an empty parameter set.
New files are in chromium-shim as these are most likely to require changes and
this means we will not have to update the main chromium patch.
Depends on D129125
Differential Revision: https://phabricator.services.mozilla.com/D126809
We still rely on dynamic loading to find the symbols, but since we get
them from libxul, we don't need to load the library before activating
the process sandbox anymore.
Differential Revision: https://phabricator.services.mozilla.com/D128333
The SandoxedWasmLibrary now represents the wasm static library, which
is automatically converted to C via wasm2c. The corresponding source
is handled like a normal source, and the rlbox library is generated
as a normal GeckoSharedLibrary with no xpcom linkage.
Differential Revision: https://phabricator.services.mozilla.com/D128329
If the `XAUTHORITY` env var is unset, libXau will fall back to
`$HOME/.Xauthority`, but our content sandbox policy didn't handle that
case when it needs to allow access to that file; this patch corrects
that oversight.
This broke WebGL as of bug 1635451, because we no longer eagerly connect
to the X server before sandbox startup, only as needed for WebGL.
Usually the `XAUTHORITY` env var is set even if the file is in its
default location, but some environments (including but not limited to
the Linux VMs on Chrome OS) do not set it.
Differential Revision: https://phabricator.services.mozilla.com/D127984
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
```
2021-09-30 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.71 final
[2257d7391ec1] [NSS_3_71_RTM] <NSS_3_71_BRANCH>
2021-09-24 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* .hgtags:
Added tag NSS_3_71_BETA1 for changeset 2199f01d7f1e
[17957377f710] <NSS_3_71_BRANCH>
```
Differential Revision: https://phabricator.services.mozilla.com/D127116
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
Some crash reports appear to be indicating that initializing NSS' certificate
and key databases is taking on the order of minutes in some cases, which is
unexpected. One hypothesis is that third-party software is opening these DBs at
the same time that NSS is operating on them, causing contention and thus
slowness. This patch experimentally (in Nightly only) renames these DBs in the
hopes that third-party software might not recognize them as the DBs it's
looking for, and will thus leave them alone.
Differential Revision: https://phabricator.services.mozilla.com/D126028
This removes the `@CommandProvider` decorator and the need to implement
mach commands inside subclasses of `MachCommandBase`, and moves all
existing commands out from classes to module level functions.
Differential Revision: https://phabricator.services.mozilla.com/D121512
NSS shutdown happens in ShutdownXPCOM, after PSM (namely, nsINSSComponent) has
been shut down. Unloading temporarily-loaded PKCS#11 modules like the built-in
roots module and the osclientcerts module when PSM shuts down is redundant,
because this will happen when NSS shuts down anyway. Furthermore, doing so can
run afoul of some race conditions in NSS, so removing this redundant code is
the way to go.
Differential Revision: https://phabricator.services.mozilla.com/D126141
HandshakeDone will be called after a handshake is finished and also after the certificate verifications are done.
The code relies on HandshakeDone to signal that the handshake is done. When early-data is not available HandshakeDone is responsible for setting up a Http2 session if needed. There are 2 outcomes when early-data is used:
1) early-data is accepted and transaction continues polling for read,
2) early-data is rejected. In this case, the transaction is restarted as well as polling flags, i.e. the connection will stop polling for read and start polling for write.
Another difference is that a transaction that is started during the early-data period will behave as a normal transaction, i.e. it will write data and continue polling for read to receive response. The special cases during early-data(mWaitingFor0RTTResponse==true) are removed from nsHttpConnection::OnSocketWritable().
EnsureNPNComplete is only responsible for driving handshake and checking the early-data availability. All logic for finishing a handshake (i.e. checking whether early-data is accepted and checking alpn value) has been moved to HandshakeDone.
The patch also extracts FinishNPNSetup that is responsible for the bookkeeping after a handshake is done or fails, e.g. resetting transactions if 0Rtt is used but handshake fails, updating timings and sending telemetry.
HandshakeDone needs to be dispatched so that it is not called inside nss locks. The side effect of this is that nsHttpConnection::OnSocketWritable() may be called in between HandshakeDone being dispatched and executed. Therefore we still need to keep CheckCanWrite0RTTData(). This can be fixed in a follow up patch.
Side cleanups:
Remove mNotTrustedMitmDetected - his was used for ESNI, but it is not used anymore
Differential Revision: https://phabricator.services.mozilla.com/D123824
This removes the `@CommandProvider` decorator and the need to implement
mach commands inside subclasses of `MachCommandBase`, and moves all
existing commands out from classes to module level functions.
Differential Revision: https://phabricator.services.mozilla.com/D121512
This removes the `@CommandProvider` decorator and the need to implement
mach commands inside subclasses of `MachCommandBase`, and moves all
existing commands out from classes to module level functions.
Differential Revision: https://phabricator.services.mozilla.com/D121512
HandshakeDone will be called after a handshake is finished and also after the certificate verifications are done.
The code relies on HandshakeDone to signal that the handshake is done. When early-data is not available HandshakeDone is responsible for setting up a Http2 session if needed. There are 2 outcomes when early-data is used:
1) early-data is accepted and transaction continues polling for read,
2) early-data is rejected. In this case, the transaction is restarted as well as polling flags, i.e. the connection will stop polling for read and start polling for write.
Another difference is that a transaction that is started during the early-data period will behave as a normal transaction, i.e. it will write data and continue polling for read to receive response. The special cases during early-data(mWaitingFor0RTTResponse==true) are removed from nsHttpConnection::OnSocketWritable().
EnsureNPNComplete is only responsible for driving handshake and checking the early-data availability. All logic for finishing a handshake (i.e. checking whether early-data is accepted and checking alpn value) has been moved to HandshakeDone.
The patch also extracts FinishNPNSetup that is responsible for the bookkeeping after a handshake is done or fails, e.g. resetting transactions if 0Rtt is used but handshake fails, updating timings and sending telemetry.
HandshakeDone needs to be dispatched so that it is not called inside nss locks. The side effect of this is that nsHttpConnection::OnSocketWritable() may be called in between HandshakeDone being dispatched and executed. Therefore we still need to keep CheckCanWrite0RTTData(). This can be fixed in a follow up patch.
Side cleanups:
Remove mNotTrustedMitmDetected - his was used for ESNI, but it is not used anymore
Differential Revision: https://phabricator.services.mozilla.com/D123824
The goal here is to ensure we can always rely on `AppShutdown::GetShutdownPhase` to be in sync with the "real" application status, mainly this was needed for xpcshell tests to not break if we add assertions on our shutdown state on some global singletons.
We keep the existing observer notification topics but force them (on the parent process) to be issued through the new `advanceShutdownPhase` function of the startup service using the `ShutdownPhase` enum. This way we can synchronize `AppShutdown`'s internal status accordingly.
Some further notes:
# The `MOZ_ASSERT(AppShutdown::IsNoOrLegalShutdownTopic(aTopic));` in `NotifyObservers` helped a lot to identify missing cases. I think we should keep it in order to stay safe.
# Introducing the `cenum IDLShutdownPhase` helps to keep the knowledge about the mapping from shutdown phases to observer topics exclusively inside AppShutdown.cpp. Still callers must know what they do in order to choose a proper phase, of course.
# However we must be aware that `AppShutdown` this way can be kept in sync with the shutdown notifications only in the parent process and that `GetCurrentShutdownPhase` might not give the correct result in child processes. We might want to file a follow up bug that adds some asserts to avoid improper use of `AppShutdown` functions in child processes (but I do not want to make this patch bigger as needed to solve the blocking dependency for bug 1697972).
# The socket process is one example of a child process that "overloads" shutdown topics. I was wondering if it is the right call to use the very same topic names here to request shutdown to the socket process or if it should have its own topics. Those topics triggered the assert and thus I had to disable it for child processes, for now.
# This goes together with the more general approach to define process type specific shutdown phases (and hence mappings to topics) as drafted very roughly in bug 1697745.
# This patch seemed to trigger a known intermittent more often, thus the change here in `ServiceWorkerManager`.
Differential Revision: https://phabricator.services.mozilla.com/D124350
These includes provide some types and functionality that these files need. In
the default build environment, there's no issue because they pick up these
includes via piggybacking on neighboring files that they're unified with; but
in a non-unified build, the files need to directly have these includes, to
avoid build errors.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1730265#c0 for the specific
build errors being addressed here.
Differential Revision: https://phabricator.services.mozilla.com/D125285
This was previously attempted in bug 1658042, but the library function that
this relies on (SecKeyIsAlgorithmSupported) was causing OS dialogs to appear on
our test machines, so it wasn't a viable option. Something seems to have
changed in the meantime (perhaps these dialogs were a bug in macOS?), and now
the function works as expected without dialogs.
Differential Revision: https://phabricator.services.mozilla.com/D124114
The Widevine CDM tries to open certain procfs/sysfs files, as noted
in the bug, but doesn't appear to need them; some of them are opened
repeatedly, causing log spam. This patch suppresses logging for the
files where this is known to happen, by adding "opened file" objects
that always silently fail.
It would also be possible to turn off all of this logging by default
and make it conditional on MOZ_SANDBOX_LOGGING, but it's relatively
low-noise (compared to content process file access) and provides some
value (see bug 1725828), so for now let's leave it enabled and just
blocklist a few files.
Differential Revision: https://phabricator.services.mozilla.com/D123562
```
2021-08-26 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/ssl/tls13con.c:
Backed out changeset fae49696d374
[e55700ee052e] [NSS_3_70_BETA1] <NSS_3_70_BRANCH>
* tests/tlsfuzzer/config.json.in, tests/tlsfuzzer/tlsfuzzer.sh:
Backed out changeset 7c3a0a99f7fa
[e79531c04e6b] <NSS_3_70_BRANCH>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.70 Beta
[cc0d44da6a0e]
2021-08-26 John M. Schanck <jschanck@mozilla.com>
* tests/tlsfuzzer/config.json.in, tests/tlsfuzzer/tlsfuzzer.sh:
Bug 1662515 - Enable tlsfuzzer/test-tls13-zero-content-type.py
r=bbeurdouche,djackson
[7c3a0a99f7fa]
2021-08-26 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/ssl/tls13con.c:
Bug 1662515 - Fix incorrect alert after successful decryption
r=djackson
[fae49696d374]
2021-08-24 Robert Relyea <rrelyea@redhat.com>
* tests/cert/cert.sh, tests/common/init.sh, tests/sdr/sdr.sh:
Bug 1726022 Update test case to verify fix.
Updated test cases to verify pbe caching fix. NOTE: putting
passwords on databases are key to reproducing the original issue.
[ff19b674c468]
2021-08-24 John M. Schanck <jschanck@mozilla.com>
* gtests/ssl_gtest/tls_ech_unittest.cc:
Bug 1714579 - Explicitly disable downgrade check in
TlsConnectStreamTls13.EchOuterWith12Max r=nss-reviewers,bbeurdouche
Depends on D123535
[608fd450d499]
* gtests/ssl_gtest/ssl_version_unittest.cc:
Bug 1714579 - Explicitly disable downgrade check in
TlsConnectTest.DisableFalseStartOnFallback r=nss-
reviewers,bbeurdouche
Depends on D122988
[7bd94de62243]
2021-08-24 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/util/nssb64d.c:
Formatting for lib/util
[db95b15ce1ff]
2021-08-24 John M. Schanck <jschanck@mozilla.com>
* lib/util/nssb64d.c:
Bug 1681975 - Avoid using a lookup table in nssb64d r=bbeurdouche
[d454db6ad1fb]
2021-08-24 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/freebl/sha512.c:
Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
r=jschanck
[7e31b8f7f741]
2021-08-24 John M. Schanck <jschanck@mozilla.com>
* lib/ssl/sslsock.c:
Bug 1714579 Change default value of enableHelloDowngradeCheck to
true r=mt
Firefox sets enableHelloDowngradeCheck to true by default, as of
[1576790](https://bugzilla.mozilla.org/show_bug.cgi?id=1576790). We
have a two year old open issue noting some issues with that
[1590870](https://bugzilla.mozilla.org/show_bug.cgi?id=1590870), but
I see no reason not to update the default in NSS.
[52137aa125f5]
2021-08-24 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* gtests/pk11_gtest/pk11_hpke_unittest.cc:
Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc r=jschanck
The clang-format target was failing.
https://treeherder.mozilla.org/logviewer?job_id=348100377&repo=nss-
try
[36bc1c231bf6]
```
Differential Revision: https://phabricator.services.mozilla.com/D123784
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
```
2021-08-17 Robert Relyea <rrelyea@redhat.com>
* lib/softoken/lowpbe.c:
Bug 1726022 Cache additional PBE entries
Firefox password manager is slow to load (22s for 361 passwords on
an i7), using 100% CPU and causing laptop fans to spin up
Possible solution based on increasing the number of cache entries
used by the PKCS5v2 values as the current code thrashes the cache as
we use 2 pbe's per read operation.
This patch is tested for correctness, but not fixing the issue. New
test cases are needed.
[fe82761e35aa] [tip]
```
Differential Revision: https://phabricator.services.mozilla.com/D123442
Chrome has removed 3DES completely[0], but we're still seeing some uses of it
in telemetry. Our assumption is that this is either due to old devices that
can't be upgraded, and hence probably use TLS 1.0, or servers that bafflingly
choose 3DES when there are other, better, ciphersuites in common.
This patch allows 3DES to only be enabled when deprecated versions of TLS are
enabled. This should protect users against the latter case (where 3DES is
unnecessary) while allowing them to use it in the former case (where it may be
necessary).
NB: The only 3DES ciphersuite gecko makes possible to enable is
TLS_RSA_WITH_3DES_EDE_CBC_SHA. This patch also changes the preference
corresponding to this ciphersuite from "security.ssl3.rsa_des_ede3_sha" to
"security.ssl3.deprecated.rsa_des_ede3_sha".
[0] https://www.chromestatus.com/feature/6678134168485888
Differential Revision: https://phabricator.services.mozilla.com/D121797