Now that we have an always present test token, we can add more tests, and make
other tests not intermittently fail.
MozReview-Commit-ID: LRLmOGGjshb
--HG--
extra : rebase_source : 3c92e93d03355633271b79529a4288aa5770424a
This allow tests to opt out of pkcs11testmodule's current cyclic token
insertions and removals, which is useful for some tests, but an annoyance for
others.
MozReview-Commit-ID: 790uzLZkdtN
--HG--
extra : rebase_source : ee30ef1c25328bd799526cc24849277594e74caa
The PR_SetError() + PR_GetError() pattern currently used is error prone and
unnecessary. The functions involved can instead return mozilla::pkix::Result,
which is equally expressive and more robust.
MozReview-Commit-ID: Hkd39eqTvds
--HG--
extra : rebase_source : f09e37c6a3a930c30cce003139df86bc84d771ee
strnlen() is available on all the platforms we care about, so we should use that
instead.
MozReview-Commit-ID: H3ac5AHiRJk
--HG--
extra : rebase_source : 911f292e97facf5807a1bc1654bdbc1fab87c8bc
extra : histedit_source : 17ff8322acc90bb88efd428aab1e0e0fc785ed61
Deleting certs via the cert manager results in a confirmation dialog popping up.
This dialog contains a list of certs that were selected for deletion.
Currently, only the Common Name of each cert is used to represent it in the list.
This is a problem for certs that don't have a CN. More jarringly, the cert
manager itself falls back to various other attributes, so for example selecting
a cert that is represented by its OU ends up popping up a dialog where an empty
list is shown.
MozReview-Commit-ID: 3z4BebW8Ucd
--HG--
extra : rebase_source : 468eb3de470e3ec42471c80183a9c48ebfb130c9
extra : histedit_source : 90e1d2fc73aaba4ded68d933b6ea3a6092d60636
The existing code in head.js is moved out because it doesn't need to be there
now, and probably not in the near future.
MozReview-Commit-ID: GWUW9wT3fzF
--HG--
extra : rebase_source : b7ba2a621df205bda8bdb0cbd493a22ce49a705f
extra : histedit_source : e9094261bc717ffd0a320b180fba4aab21122fa4
This adds the following locations:
HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
to the location that was already being searched, which is:
HKLM\SOFTWARE\Microsoft\SystemCertificates
MozReview-Commit-ID: LGOT4YNEqLV
--HG--
extra : rebase_source : 735230f03b4e9b94f350cdbd3930b68975824458
This is mostly a preliminary review request, although I think everything that
should be done in this bug is present. This intentionally does not include
support for decoding extensions or subject public keys.
MozReview-Commit-ID: 4ewu66Xx411
--HG--
extra : rebase_source : 6105cf16e46d5d2cc9355cf38f8d0098a8a40462
The code is used in comm-central, but is unused in mozilla-central. It will be
imported into comm-central in Bug 1297368.
MozReview-Commit-ID: BEY9BR0YRiD
--HG--
extra : rebase_source : 6d34c1e82cd749a009f26be50fde0537373f2f9e
Typically, the interfaces involved don't need to use raw char/char16_t strings,
and hence can benefit from the additional safety of using the Mozilla string
classes.
In some places, this patch also changes some UTF-16 APIs to UTF-8 where the
implementations can never actually support UTF-16. This reduces the amount of
code and runtime conversion.
MozReview-Commit-ID: y8o5wLBohe
--HG--
extra : rebase_source : 130c8b77a98d21d5b9a0efeccae8861d89fa8f02
Bug 1275841 switched some IDL types from "string" to "AUTF8String".
This had the unintentional effect of breaking decryption of previously saved
passwords that contained special characters.
In particular, the AUTF8String type means XPConnect may convert any strings
using that type to UTF-16 when crossing XPConnect boundaries.
However, crypto-SDR.js (responsible for encrypting and decrypting for the
password manager) expects to do conversions between UTF-16 and UTF-8 itself.
What ends up happening is crypto-SDR.js decrypts a saved password and tries to
convert from UTF-8 to UTF-16, but fails because the decrypted text is already
UTF-16.
The solution is to use ACString instead of AUTF8String. ACString does not result
in automatic encoding changes, so the expectations of crypto-SDR.js are met
again, and lets SecretDecoderRing.cpp keep the benefit of working with smart
string types.
This change probably breaks passwords saved after Bug 1275841 landed and before
this patch landed, but the number of passwords this patch breaks is probably
much lower than the number of passwords that would be broken if this patch did
not land.
MozReview-Commit-ID: 6Z01zfwJ6t7
--HG--
extra : rebase_source : 514e78f2e1c2cef3b3692656b20daf3b068a4fee
Before this patch, nsPKCS12Blob::digest_read used size_forward to perform a size
check on a buffer. However, the entire set of {digest_open, digest_close,
digest_read, digest_write} was unnecessary because NSS provides this
functionality by default when using SEC_PKCS12DecoderStart. This patch
simplifies things by removing the extraneous implementations.
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
MozReview-Commit-ID: ES1JruCtDdX
--HG--
extra : rebase_source : 2ac6c93c49f2862fc0b9e595eb0598cd1ea4bedf
The functions aren't necessary now that we have BitwiseCast.
MozReview-Commit-ID: 2nzOuwAop4Y
--HG--
extra : rebase_source : 0cb2c16f484a81b2e77384564973b58ac2d10fb9
The functions aren't necessary now that we have BitwiseCast.
MozReview-Commit-ID: 2nzOuwAop4Y
--HG--
extra : rebase_source : 196449249eec75b8eb10e59662231c3f4e83c268
As of bug 1284946, nothing uses nsPSMBackgroundThread, so it's just dead code
that is removed by this patch.
MozReview-Commit-ID: 24HWFHIeCX9
--HG--
extra : rebase_source : 0cdf572fa2b742d9a78b6f099d8a2cf465813ccb
The root with the nickname "Equifax Secure CA" was removed from NSS in bug
1296689 (confusingly, "Equifax Secure CA" doesn't appear in the subject DN of
that certificate, which is "OU=Equifax Secure Certificate
Authority,O=Equifax,C=US"). This removes the dependency on that root as well as
fixes dumpGoogleRoots.js to automatically handle this sort of thing in the
future.
MozReview-Commit-ID: KIEPBnliufX
--HG--
extra : rebase_source : 819b0168e28d73c66f2e23d19f513cce214bcc78
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:
nsAutoCString spec;
uri->GetSpec(spec);
printf("uri: %s", spec.get());
to be changed to this:
printf("uri: %s", uri->GetSpecOrDefault().get());
This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.
I will fold this into part 1 before landing.
--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
NSPR should generally be avoided in favour of modern C++ code.
This patch does not convert uses of the NSS Base64 functions. It does however
take the opportunity to switch over some IDL functions to use the safer Mozilla
string classes, and fixes Bug 1251050 along the way.
MozReview-Commit-ID: CM8g9DzIcnC
--HG--
extra : rebase_source : 9d07db1bcefc9d9ed6a1f7e102f5c01bd9caa522
enum classes are in general safer than plain enums, and as such should be
preferred.
MozReview-Commit-ID: 1FK89SNhdk4
--HG--
extra : rebase_source : 764c4855026c02d8c9e33ca33637fec54ea5ca31
The patch is generated from following command:
rgrep -l unused.h|xargs sed -i -e s,mozilla/unused.h,mozilla/Unused.h,
MozReview-Commit-ID: AtLcWApZfES
--HG--
rename : mfbt/unused.h => mfbt/Unused.h
The Mozilla string classes don't require manual memory management and
automatically keep track of length, making them a safer choice than raw C
strings.
MozReview-Commit-ID: EwCiiP9EhDr
--HG--
extra : transplant_source : %05%D4%B6s%C1%DBye%2C3%C3%85%DB%22%91h%B4%27%E1l
1. encrypt() and decrypt() are C++ only.
The only callers are in SecretDecoderRing.cpp, and binary add-ons aren't
supported anymore. So, there is no need for these methods to be defined in the
IDL, and they should be treated as private to the nsISecretDecoderRing
implementation.
2. nsISecretDecoderRingConfig has never been implemented.
The interface and implementation are currently just bloat. If there is a need
for specifying the window for prompts in the future, a better way can be devised
then.
MozReview-Commit-ID: 1wXCDTIBJA2
--HG--
extra : transplant_source : %D7%27%5E3%BF%E9%16%0E%A3%8B%E1%8E%ADj%3F%25%B3i%9Al
The interfaces defined within have basically nothing to do with Necko.
MozReview-Commit-ID: 5J4D3w61Yry
--HG--
rename : netwerk/base/nsISecretDecoderRing.idl => security/manager/ssl/nsISecretDecoderRing.idl
extra : transplant_source : %AAP%26%5D%DE%ED%F6Q%C4%5Eia%F1%84T%8D%A7E%8Aw
There are currently two ways of naming files containing the implementation of
interface nsIFoo:
1. nsFoo.(cpp|h) (previous convention)
2. Foo.(cpp|h) (new convention)
nsSDR.(cpp|h) matches neither of these. Renaming the files to follow convention
makes it easier to discover what the files implement, and increases codebase
consistency.
MozReview-Commit-ID: 3ThPxPouiie
--HG--
rename : security/manager/ssl/nsSDR.cpp => security/manager/ssl/SecretDecoderRing.cpp
rename : security/manager/ssl/nsSDR.h => security/manager/ssl/SecretDecoderRing.h
extra : transplant_source : %7D%FC%AD%9C%E8%AD%CFz%FE%F2%D6%1E%A0%0A%06sk%3D%AD%AC
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.
The patch also removes a handful of redundant checks on infallible setters.
--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
This patch adds tests for the core aspects of the client authentication code,
mainly to ensure the client auth process even works.
MozReview-Commit-ID: DzV4BuwlrDE
--HG--
extra : rebase_source : 43224d3159964f02b175e8c54491b2cabba2cb8a
Update the prior patch to use MOZ_RELEASE_ASSERT so that we cleanly crash
if there's still an error somewhere in this logic, instead of deadlocking
on beta (but crashing on aurora).
MozReview-Commit-ID: InttEcC55Dn
--HG--
extra : rebase_source : c79726acbaf1eb8374500f43cd3c7d33362466ad
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.
As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.
--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
This fixes two issues:
1. nsNSSShutDownList::evaporateAllNSSResources could deadlock by acquiring
sListLock and then the singleton's mNSSActivityStateLock in
nsNSSActivityState::restrictActivityToCurrentThread.
2. Calling UnloadLoadableRoots before
nsNSSShutDownList::evaporateAllNSSResources could result in removing modules
that were still in use, causing assertion failures and potential crashes.
MozReview-Commit-ID: 8ZgZTVw7sWh
--HG--
extra : rebase_source : 43452add4612b3d12c2b877c3a38169c9676f445
It appears the wallet code was not included during the initial 2007 import of
code from CVS to Mercurial, so anything referencing wallet has been dead code
ever since.
MozReview-Commit-ID: BRTd1M0DsT0
--HG--
extra : transplant_source : %BC%FC%05%AE%B5%8C%DC%21J%DC%B4%B17M%19%AA%F3%B9%05L
ScopedAutoSECItem is useful for:
1. Removing manual memory management.
2. Getting rid of this pattern:
> UniqueSECItem item(SECITEM_AllocItem(nullptr, nullptr, 0));
While this pattern works, ScopedAutoSECItem is slightly superior in that it
doesn't unnecessarily cause a SECItem to be allocated from the heap.
MozReview-Commit-ID: 8DPD9gtzeru
--HG--
extra : transplant_source : %10l%27C%12%3E%08%85q%06%1A%FC%FB%DE%F9%A3%99%0AN%A1
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.
Using the hostname instead avoids this problem.
MozReview-Commit-ID: 6XjGCknWNi9
--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
(r=ckerschb,r=mayhemer,r=jld,r=smaug,r=dkeeler,r=jmaher,p=ally)
The WebRTC implementation inherits cipher suite preferences from PSM and then
enables a few mandatory ones and disables a number of undesirable ones. If PSM
makes a change to a cipher suite preference that isn't in WebRTC's whitelist or
blacklist, compatibility issues can arise. See bug 1288246 for an example.
--HG--
rename : security/manager/ssl/tests/unit/test_fallback_cipher.js => security/manager/ssl/tests/unit/test_weak_crypto.js
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
Bug 1084025 added this telemetry to measure the impact of bumping the fallback limit.
But we already bumped the fallback limit to TLS 1.2 long before. We will not need this kind of telemetry until we bump the fallback limit to TLS 1.3 that will not happen in the near future. So let's just remove wasting resource for now.
MozReview-Commit-ID: 22o8FirlYql
--HG--
extra : rebase_source : c04b6a7aa7bf8970b22c24dcb1d8f0184330cb43
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and
getUsagesString. These APIs were problematic in that the synchronous ones would
cause certificate verification to block the main thread and the asynchronous one
was needlessly indirect in its definition (it made use of two additional
special-case xpidl types) and needlessly complex in its implementation (it
required nsNSSComponent to manually manage a background thread without the aid
of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs
would return string descriptions of the usages the certificate in question had
been verified for rather than using more concrete identifiers or values. This
paradigm is usable but imprecise. The new nsIX509CertDB API
asyncVerifyCertAtTime is much more expressive, enforces off-main-thread
computation, and makes use of CryptoTask for a simple implementation. Using this
API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional
benefit, this removes a ton of obsolete C++ code.
MozReview-Commit-ID: KXVTcjAKehu
--HG--
extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
The changes in bug 1217602 missed that browser_certViewer.js should have been
updated to use a nsIDialogParamBlock instead of a (mock) nsIPKIParamBlock.
"Luckily" the test harness completely ignored the errors resulting from this
oversight.
MozReview-Commit-ID: JlA62L5PPW8
--HG--
extra : rebase_source : ec06cd026f3aec8cc7a7c032cd1c9a9c5a8e9536
PSM JS code already pass these rules, so enabling these rules will just help
catch future bugs.
MozReview-Commit-ID: AXM2VoG8jBP
--HG--
extra : transplant_source : 4h%89%5BV7%C6%FB%B2%80%CE%B16%DC%22%BA%20%09%FB%92
There are a few places in nsNSSCertificateDB.cpp where the following is done:
1. GetRawDER() is called on a nsIX509Cert to obtain the DER representation of
the cert.
2. The DER is used to construct a CERTCertificate for use with NSS functions.
This step of converting to the DER is unnecessary, since GetCert() will provide
an already constructed CERTCertificate.
MozReview-Commit-ID: 35KMYI7dCXc
--HG--
extra : transplant_source : %CA%ED%AC/%E3%29D%BB%8D%0F%A9Y%19%B2%E7a%1B%BE%ADv
This API (nsIX509CertDB.asyncVerifyCertAtTime) will eventually replace
nsIX509Cert.getUsagesArray, nsIX509Cert.requestUsagesArrayAsync, and
nsIX509Cert.getUsagesString because those APIs are architecturally problematic
and don't give very precise information in any case.
MozReview-Commit-ID: OzQaBnDRIo
--HG--
extra : rebase_source : 270de8dfa5ed5221a1e012661161842c0afb3e70
There are a few places in PSM where the result of an NSS function returning
char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator
when the string eventually gets destroyed.
This is basically Bug 1281564, but the free() call is buried within the Mozilla
string code instead.
MozReview-Commit-ID: HVSMyRpLnjS
--HG--
extra : transplant_source : Msmc%DB%16%23%87%00%A1%05%ABB%0BD%97%3B%A1%E7x
Nothing in the file requires functionality provided by the CPP unit test harness,
so making the file a GTest makes it more accessible.
MozReview-Commit-ID: FaAtF0blCwV
--HG--
rename : security/manager/ssl/tests/compiled/TestMD4.cpp => security/manager/ssl/tests/gtest/MD4Test.cpp
extra : transplant_source : edV%1F%0B97%1B%25%FA%0ABH%14%F5%A2Ms/%7E
Currently, running all the PSM GTests involves providing a filter that catches
all the various tests. This is annoying and error prone.
The changes here make running all PSM GTests as easy as:
mach gtest "psm*"
MozReview-Commit-ID: EqaysNvwJaQ
--HG--
extra : transplant_source : %0CCM%99%12%18%8D%B9%DD%84%0C%A06%0Ba%AD%A7%EB%B3%FB
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).
MozReview-Commit-ID: LmX27hQfFJU
--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
This makes the certificate viewer able to shrink itself down a bit on small
screen sizes. Without this patch, the "Close" button would be off the screen on
small resolutions like 1024x768. On larger screen sizes, this patch should have
no effect on the initial size of the certificate viewer window (although it now
can be made smaller manually).
MozReview-Commit-ID: IET9dxx23Xc
--HG--
extra : rebase_source : 487c88d626df7184502226b9ce02410adc504f12
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.
A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.
MozReview-Commit-ID: CE7Uc2ntwmZ
--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
concatenation of the CN of the server cert and the port of the server, and
|issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
benefit of letting implementations skip null checks due to the use of
references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
more logical, and paves the way for future changes.
This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.
This also fixes the following:
1. Lack of localisation notes.
MozReview-Commit-ID: FTc6XecJd6h
--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
This allows nsNSSCertificate::FormatUIStrings() to be reimplemented in JS, which
is a necessary step for making nsIClientAuthDialogs::ChooseCertificate() pass an
nsIArray of nsIX509Certs.
Also removes some deprecated and unused constants.
MozReview-Commit-ID: CJITKVlUEtP
--HG--
extra : transplant_source : %1C%09%B2%B5%F4%C4%28%1A%B2%E5%CFsu%8B%B6W%8El%9Cn
There are a few places in PSM where free() is used to free memory allocated by
NSS instead of PORT_Free() (or higher level deallocation functions that end up
calling PORT_Free()).
In practice, PORT_Free() is just a wrapper around PR_Free(), which is just a
wrapper around free() if we don't ask NSPR to use a zone allocator.
Gecko explicitly tells NSPR not to use a zone allocator, so the changes here are
mainly for making the code more obviously correct.
This patch also includes some misc cleanup.
MozReview-Commit-ID: 9Ccg5OwlhWR
--HG--
extra : rebase_source : 768979a4bedb1cbdab2398d2a416429d9a241dd6
4361f2ad66
renamed transport_security_state_static.certs to
transport_security_state_static.pins, so the URL needs to be updated to avoid
a 404.
MozReview-Commit-ID: 1FmYdi0mMcI
--HG--
extra : rebase_source : 25ebf2290cab6ee12f98bc65972b696c45d506d0
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.
MozReview-Commit-ID: HfbcrAv4bCJ
--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.
MozReview-Commit-ID: LWtqLmsBPV2
--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.
MozReview-Commit-ID: GQuu6NolF4D
--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
Scoped.h is deprecated in favour of the standardised UniquePtr.
This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.
This patch also changes parameters and return types of various functions to make
ownership more explicit.
MozReview-Commit-ID: BFbtCDjENzy
--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
This patch removes an infallible duplication of the base64-encoded string,
which can be large.
--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
mOnStateLocationChangeReentranceDetection and nsAutoAtomic form an unnecessarily
threadsafe reentrance prevention mechanism that can be replaced by
mozilla::ReentrancyGuard.
MozReview-Commit-ID: KWDdFD5TpCk
--HG--
extra : rebase_source : c3e0a9ad32ff169c6afb00dd10099835b6196682
Prior to the changes here, nsNSSCertValidity had the following issues:
- Did not check for NSS shut down.
- Provided an irrelevant zero argument constructor.
- Did not explicitly delete the unwanted copy constructor and assignment
operators.
- Misc style issues.
- Did not have a dedicated test.
MozReview-Commit-ID: JUPtk1OjsNg
--HG--
extra : rebase_source : 2f6475c842b8c1c2570a7a5e4e9f87f0bb12deae
Firefox no longer supports DSA cipher suites, so this telemetry is dead code.
MozReview-Commit-ID: G3ipd0TADM
--HG--
extra : rebase_source : 6cd2b10727107c048010d39b24e328f5539a7220
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.
MozReview-Commit-ID: ENQ8QC6Nl9o
--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
These reinterpret_casts can be static_casts or const_casts instead.
MozReview-Commit-ID: 1KQDWHO9CGS
--HG--
extra : rebase_source : a629d91577bdcb6d7fd94416e61ad46ca43f945d
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.
MozReview-Commit-ID: Aw2rlJfrT6J
--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
MozReview-Commit-ID: HE8UY1hOuph
--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
In bug 317630, in the call to PK11_ConfigurePKCS11, the order of the strings
provided was switched such that the FIPS token description appeared before the
FIPS slot description, when in fact the reverse should happen.
|let| is generally preferred over |var| in PSM JS.
MozReview-Commit-ID: 7SJWQSKFxI4
--HG--
extra : rebase_source : 387c6259ffa2cb0585ff366edc568ccc39bfd902
The rationale behind nsIEntropyCollector was to supplement NSS' source of
entropy with randomness from mouse move events. This obviously doesn't work on
platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its
random number generator with robust randomness from the operating system, this
is unnecessary anyway. The primary concern is that initialization of the random
number generator must happen after forking, which is exactly what we do with the
child process in e10s mode.
MozReview-Commit-ID: GYQDElSCZy0
--HG--
extra : rebase_source : 6273a78203121c4d4ddf3ed97451f393ceef4b88
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.
MozReview-Commit-ID: 4l2Er5rkeI0
--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.
MozReview-Commit-ID: JtNH2lJsjwx
--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes CERTCertList parameters of various functions to make ownership more
explicit.
MozReview-Commit-ID: EXqxTK6inqy
--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.
MozReview-Commit-ID: 1VS4Dney4WX
--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf
Also adds some missing l10n entries to nsserrors.properties (but not for errors
that are specific to TLS 1.3, since TLS 1.3 is not yet finalised).
MozReview-Commit-ID: A42fmTDTe8W
--HG--
extra : transplant_source : x%F7s%DB%05%B4%81%9Dm%FDC%A1f%B3%0D%7DR%C1%BA%B1
Key size enforcement for TLS certificates happens at two levels: PSM and NSS.
PSM enforces a minimum of 1024 bits. NSS enforces a minimum of 1023 bits by
default. The NSS error is not overridable, but the PSM error is. This change
allows users to connect to devices with small RSA keys (as little as 512 bits)
using the certificate error override functionality.
MozReview-Commit-ID: 2TZ8c4I3hXC
--HG--
extra : rebase_source : a9c550f15261c711e789a670c90c129c65802ff0
This change replaces the hardcoded 'sourceis' in nsIContentSignatureVerifier and
ContentSignatureVerifier.cpp with a string parameter which allows the caller
to specify which hostname the signing certificate must be valid for. This allows
us to create and use new signing certificates without having to wait for new
sources to ride the trains.
MozReview-Commit-ID: KGpOVOuJrk3
The follow issues are fixed:
- Returning a failure result when failing to get a pref value instead of more
gracefully falling back to a default.
- Using an enum instead of a more strongly typed enum class.
- Using a pref branch instead of the preferred Preferences.h API.
- Manual memory management.
- Unnecessary use of pointers.
MozReview-Commit-ID: FKw5kBhnwxL
--HG--
extra : transplant_source : %21K%E2%83/%A5%AB%DB3%F4%FB%2CUD%9E%B6l%1C%3A%22
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.
Updates per keeler review comments:
- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review
April 11-12:
- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest
April 15:
- Rebase to latest
MozReview-Commit-ID: 6T8jNmwFvHJ
--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
Cykesiopka
Carsten "Tomcat" Book
Sergei Chernov
Phil Ringnalda
ffxbld
Ryan VanderMeulen
David Keeler
Sebastian Hengst
Mark Goodwin
Martin Thomson
Kate McKinley
Masatoshi Kimura
EKR
Joseph Yeh
Wes Kocher
Michael Layzell
Thomas Wisniewski
Jared Wein
Nicholas Nethercote
Dragana Damjanovic
Kan-Ru Chen
Robert Strong
Igor
J.C. Jones
David Cook
Tom Schuster
Makoto Kato
Iris Hsiao
Franziskus Kiefer
Tom Tromey
Chris Peterson
Thomas Zimmermann
Johann Hofmann
Richard Barnes
Onno Ekker
Jonas Sicking
Mathieu Leplatre
Johnathan Nightingale
Hasse
Chuck Lee
Randell Jesup
Kyle Huey
Jacek Caban
Tim Taubert