The clockid_t type on Linux has a space of values with encode a pid and
refer to various measures of another process's CPU usage; clock_getres
would, thereby, allow probing whether other processes exist. This is
a relatively small information leak into the sandboxes, but there's no
reason to allow it.
Differential Revision: https://phabricator.services.mozilla.com/D54081
--HG--
extra : moz-landing-system : lando
The `clockid_t` type on Linux has a space of values which encode a pid
and allow measuring the CPU usage of other processes; we don't want to
allow sandboxed processes to do that.
Differential Revision: https://phabricator.services.mozilla.com/D54080
--HG--
extra : moz-landing-system : lando
It seems newer glibc versions implement nanosleep() in terms of
clock_nanosleep(), which broke the profiler due to the sandbox rules
whitelisting the former but not the later.
Unfortunate that the profiler will fail in old Firefox versions though... :/
Differential Revision: https://phabricator.services.mozilla.com/D53879
--HG--
extra : moz-landing-system : lando
The delegated credentials xpcshell tests use the TLS test server framework,
which currently uses a hard-coded port, so these tests need to run serially.
Differential Revision: https://phabricator.services.mozilla.com/D53301
--HG--
extra : moz-landing-system : lando
2019-11-09 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixbuild_tests.cpp,
gtests/mozpkix_gtest/pkixcert_extension_tests.cpp,
gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp,
gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp,
gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp,
gtests/mozpkix_gtest/pkixgtest.h,
lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp:
bug 1593141 - add validity period beginning argument to
mozilla::pkix::TrustDomain::CheckRevocation r=jcj
This allows TrustDomain implementations to make decisions based on
when the validity period of a certificate began. For instance, if an
implementation has revocation information that is valid and complete
as of a particular time, but a certificate's validity period begins
after that time, the implementation may decide to disregard this
revocation information on the basis that the information it has
available cannot possibly apply to that certificate.
[e8f2720c8254] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D53228
--HG--
extra : histedit_source : 8561f7624eabd6cf2113f5585035e84ff82d26b3
Bug 1593141 adds a parameter to mozilla::pkix::TrustDomain::CheckRevocation.
This patch updates all TrustDomain implementations in mozilla-central to
reflect this.
Differential Revision: https://phabricator.services.mozilla.com/D52066
--HG--
extra : moz-landing-system : lando
The minidump-analyzer tool was originally conceived to be used from the crash
report client and as such was installed in the crash reporter client
application bundle on macOS. It was later adapted to work from Firefox itself
but this caused linking problems when invoked from the Firefox app bundle.
This patch moves the minidump-analyzer into the Firefox app bundle and adapts
the relevant code to find it there.
The minidump-analyzer was also not signed like the rest of our executables and
this patch addresses that issue too.
Differential Revision: https://phabricator.services.mozilla.com/D52910
--HG--
extra : moz-landing-system : lando
2019-11-13 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1591363 - Fixup double-free of params in nsc_SetupPBEKeyGen
r=keeler
Caused in commit 7ef8d2604494.
[87f35ba4c82f] [tip]
2019-11-07 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/ctr.c:
Bug 1592869 - Use NEON for ctr_xor. r=kjacobs
Using NEON for ctr_xor, aes_ctr can improve 30%-40%i decode/encode
time on Cortex-A72.
[d244c7287908]
2019-11-12 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c,
lib/pk11wrap/pk11skey.c, lib/softoken/pkcs11c.c:
Bug 1591363 - PBKDF2 memory leaks in NSC_GenerateKey. r=jcj
A memory leak was reported and confirmed in this bug. However,
during the "manual" analysis of the flow, another possible leak was
found. I created a patch for both leaks, added gtests for unexpected
keySizes and adjusted the general syntax of the gtest file.
[7ef8d2604494]
2019-11-11 Tom Prince <mozilla@hocat.ca>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/windows/setup.sh:
Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcj
[c33b214b2ec8]
2019-11-08 Daiki Ueno <dueno@redhat.com>
* gtests/ssl_gtest/ssl_dhe_unittest.cc,
gtests/ssl_gtest/ssl_ecdh_unittest.cc,
gtests/ssl_gtest/tls_connect.h, lib/ssl/ssl3con.c:
Bug 1566131, check policy against hash algorithms used for
ServerKeyExchange, r=mt
Summary: This adds necessary policy checks in
`ssl3_ComputeCommonKeyHash()`, right before calculating hashes. Note
that it currently doesn't check MD5 as it still needs to be allowed
in TLS 1.1 or earlier and many tests fail if we change that.
Reviewers: mt
Reviewed By: mt
Bug #: 1566131
[c08947c6af57]
2019-11-08 Kai Engert <kaie@kuix.de>
* coreconf/coreconf.dep:
Dummy change, trigger a build to test latest NSPR commits.
[e766899c72a5]
* automation/taskcluster/graph/src/extend.js:
Bug 1579836 - Execute NSPR tests as part of NSS continuous
integration. r=jcj
[46bfbabf7e75]
2019-11-08 Dustin J. Mitchell <dustin@mozilla.com>
* automation/taskcluster/graph/npm-shrinkwrap.json,
automation/taskcluster/graph/package.json,
automation/taskcluster/graph/src/image_builder.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/tools.sh,
automation/taskcluster/windows/gen_certs.sh,
automation/taskcluster/windows/run_tests.sh:
Bug 1594891 - Updates to run correctly on the new TC deployment
r=jcj
* Update the Taskcluster client used in the decision task to one
that understands Taskcluster rootUrls.
* Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL
* the absence of this variale signals an "old" worker so we use an
"old" URL
[67d630e7cb7c]
2019-11-07 Tom Prince <mozilla@hocat.ca>
* .taskcluster.yml, automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js:
Bug 1591275: Switch workers to use AWS Provder; r=kjacobs
[a2bebaad41dd]
2019-11-06 Daiki Ueno <dueno@redhat.com>
* gtests/pk11_gtest/pk11_module_unittest.cc:
Bug 1577803, clang-format, a=bustage
[c9014b2892d5]
* gtests/pk11_gtest/pk11_module_unittest.cc,
gtests/pkcs11testmodule/pkcs11testmodule.cpp,
lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11slot.c, lib/pk11wrap/secmodti.h,
lib/util/pkcs11t.h:
Bug 1577803, pk11wrap: set friendly flag if token implements
CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea
Summary: This makes NSS look for CKO_PROFILE object at token
initialization time to check if it implements the [[ https://docs
.oasis-open.org/pkcs11/pkcs11-profiles/v3.0/pkcs11-profiles-v3.0.pdf
| Public Certificates Token profile ]] as defined in PKCS #11 v3.0.
If it is found, the token is automatically marked as friendly so no
authentication attempts will be made when accessing certificates.
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
[b39c8eeabe6a]
2019-11-06 Martin Thomson <mt@lowentropy.net>
* lib/freebl/blinit.c, lib/freebl/gcm-ppc.c:
Bug 1566126 - clang-format, a=bustage
[6125200fbc88]
2019-11-06 Lauri Kasanen <cand@gmx.com>
* lib/freebl/Makefile, lib/freebl/altivec-types.h,
lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-ppc.c, lib/freebl/gcm.c, lib/freebl/gcm.h:
Bug 1566126 - freebl: POWER GHASH Vector Acceleration, r=mt
Implementation for POWER8 adapted from the ARM paper:
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf
Benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 \
-v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on POWER8 3.3GHz.
NSS_DISABLE_HW_CRYPTO=1 mode in symmkey opreps cxreps context op
time(sec) thrgput aes_gcm_e 309Mb 192 5M 0 0.000 10000.000 10.001
30Mb
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 829Mb 192 14M 0 0.000 10000.000 10.001 82Mb
Notable operf results, sw: samples % image name symbol name 226033
59.3991 libfreeblpriv3.so bmul 80606 21.1824 libfreeblpriv3.so
rijndael_encryptBlock128 28851 7.5817 libfreeblpriv3.so
gcm_HashMult_sftw
hw: 213899 56.2037 libfreeblpriv3.so rijndael_encryptBlock128 45233
11.8853 libfreeblpriv3.so gcm_HashMult_hw
So the ghash part is ~5.6x faster.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
[3d7e509d6d20]
2019-11-05 Marcus Burghardt <mburghardt@mozilla.com>
* lib/certdb/certdb.c, lib/util/secport.h:
Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c. r=mt
Bug 1588015 introduced in NSPR a new way to ASSERT values where the
arguments are always used avoiding "unused variable" errors. This
was implemented in NSS, at certdb.c.
[73c28cad3dbb]
2019-11-05 Daiki Ueno <dueno@redhat.com>
* cpputil/nss_scoped_ptrs.h, gtests/manifest.mn,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_module_unittest.cc,
gtests/pkcs11testmodule/Makefile, gtests/pkcs11testmodule/config.mk,
gtests/pkcs11testmodule/manifest.mn,
gtests/pkcs11testmodule/pkcs11testmodule.cpp,
gtests/pkcs11testmodule/pkcs11testmodule.def,
gtests/pkcs11testmodule/pkcs11testmodule.gyp,
gtests/pkcs11testmodule/pkcs11testmodule.rc, nss.gyp:
Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea
Summary: This adds a mock PKCS #11 module from Firefox and add basic
tests around it. This is needed for proper testing of PKCS #11 v3.0
profile objects (D45669).
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
[0a86945adf74]
Differential Revision: https://phabricator.services.mozilla.com/D52779
--HG--
extra : moz-landing-system : lando
2019-11-13 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1591363 - Fixup double-free of params in nsc_SetupPBEKeyGen
r=keeler
Caused in commit 7ef8d2604494.
[87f35ba4c82f] [tip]
2019-11-07 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/ctr.c:
Bug 1592869 - Use NEON for ctr_xor. r=kjacobs
Using NEON for ctr_xor, aes_ctr can improve 30%-40%i decode/encode
time on Cortex-A72.
[d244c7287908]
2019-11-12 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c,
lib/pk11wrap/pk11skey.c, lib/softoken/pkcs11c.c:
Bug 1591363 - PBKDF2 memory leaks in NSC_GenerateKey. r=jcj
A memory leak was reported and confirmed in this bug. However,
during the "manual" analysis of the flow, another possible leak was
found. I created a patch for both leaks, added gtests for unexpected
keySizes and adjusted the general syntax of the gtest file.
[7ef8d2604494]
2019-11-11 Tom Prince <mozilla@hocat.ca>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/windows/setup.sh:
Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcj
[c33b214b2ec8]
2019-11-08 Daiki Ueno <dueno@redhat.com>
* gtests/ssl_gtest/ssl_dhe_unittest.cc,
gtests/ssl_gtest/ssl_ecdh_unittest.cc,
gtests/ssl_gtest/tls_connect.h, lib/ssl/ssl3con.c:
Bug 1566131, check policy against hash algorithms used for
ServerKeyExchange, r=mt
Summary: This adds necessary policy checks in
`ssl3_ComputeCommonKeyHash()`, right before calculating hashes. Note
that it currently doesn't check MD5 as it still needs to be allowed
in TLS 1.1 or earlier and many tests fail if we change that.
Reviewers: mt
Reviewed By: mt
Bug #: 1566131
[c08947c6af57]
2019-11-08 Kai Engert <kaie@kuix.de>
* coreconf/coreconf.dep:
Dummy change, trigger a build to test latest NSPR commits.
[e766899c72a5]
* automation/taskcluster/graph/src/extend.js:
Bug 1579836 - Execute NSPR tests as part of NSS continuous
integration. r=jcj
[46bfbabf7e75]
2019-11-08 Dustin J. Mitchell <dustin@mozilla.com>
* automation/taskcluster/graph/npm-shrinkwrap.json,
automation/taskcluster/graph/package.json,
automation/taskcluster/graph/src/image_builder.js,
automation/taskcluster/graph/src/queue.js,
automation/taskcluster/scripts/tools.sh,
automation/taskcluster/windows/gen_certs.sh,
automation/taskcluster/windows/run_tests.sh:
Bug 1594891 - Updates to run correctly on the new TC deployment
r=jcj
* Update the Taskcluster client used in the decision task to one
that understands Taskcluster rootUrls.
* Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL
* the absence of this variale signals an "old" worker so we use an
"old" URL
[67d630e7cb7c]
2019-11-07 Tom Prince <mozilla@hocat.ca>
* .taskcluster.yml, automation/taskcluster/graph/src/extend.js,
automation/taskcluster/graph/src/queue.js:
Bug 1591275: Switch workers to use AWS Provder; r=kjacobs
[a2bebaad41dd]
2019-11-06 Daiki Ueno <dueno@redhat.com>
* gtests/pk11_gtest/pk11_module_unittest.cc:
Bug 1577803, clang-format, a=bustage
[c9014b2892d5]
* gtests/pk11_gtest/pk11_module_unittest.cc,
gtests/pkcs11testmodule/pkcs11testmodule.cpp,
lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11slot.c, lib/pk11wrap/secmodti.h,
lib/util/pkcs11t.h:
Bug 1577803, pk11wrap: set friendly flag if token implements
CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea
Summary: This makes NSS look for CKO_PROFILE object at token
initialization time to check if it implements the [[ https://docs
.oasis-open.org/pkcs11/pkcs11-profiles/v3.0/pkcs11-profiles-v3.0.pdf
| Public Certificates Token profile ]] as defined in PKCS #11 v3.0.
If it is found, the token is automatically marked as friendly so no
authentication attempts will be made when accessing certificates.
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
[b39c8eeabe6a]
2019-11-06 Martin Thomson <mt@lowentropy.net>
* lib/freebl/blinit.c, lib/freebl/gcm-ppc.c:
Bug 1566126 - clang-format, a=bustage
[6125200fbc88]
2019-11-06 Lauri Kasanen <cand@gmx.com>
* lib/freebl/Makefile, lib/freebl/altivec-types.h,
lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-ppc.c, lib/freebl/gcm.c, lib/freebl/gcm.h:
Bug 1566126 - freebl: POWER GHASH Vector Acceleration, r=mt
Implementation for POWER8 adapted from the ARM paper:
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf
Benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 \
-v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on POWER8 3.3GHz.
NSS_DISABLE_HW_CRYPTO=1 mode in symmkey opreps cxreps context op
time(sec) thrgput aes_gcm_e 309Mb 192 5M 0 0.000 10000.000 10.001
30Mb
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 829Mb 192 14M 0 0.000 10000.000 10.001 82Mb
Notable operf results, sw: samples % image name symbol name 226033
59.3991 libfreeblpriv3.so bmul 80606 21.1824 libfreeblpriv3.so
rijndael_encryptBlock128 28851 7.5817 libfreeblpriv3.so
gcm_HashMult_sftw
hw: 213899 56.2037 libfreeblpriv3.so rijndael_encryptBlock128 45233
11.8853 libfreeblpriv3.so gcm_HashMult_hw
So the ghash part is ~5.6x faster.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
[3d7e509d6d20]
2019-11-05 Marcus Burghardt <mburghardt@mozilla.com>
* lib/certdb/certdb.c, lib/util/secport.h:
Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c. r=mt
Bug 1588015 introduced in NSPR a new way to ASSERT values where the
arguments are always used avoiding "unused variable" errors. This
was implemented in NSS, at certdb.c.
[73c28cad3dbb]
2019-11-05 Daiki Ueno <dueno@redhat.com>
* cpputil/nss_scoped_ptrs.h, gtests/manifest.mn,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_module_unittest.cc,
gtests/pkcs11testmodule/Makefile, gtests/pkcs11testmodule/config.mk,
gtests/pkcs11testmodule/manifest.mn,
gtests/pkcs11testmodule/pkcs11testmodule.cpp,
gtests/pkcs11testmodule/pkcs11testmodule.def,
gtests/pkcs11testmodule/pkcs11testmodule.gyp,
gtests/pkcs11testmodule/pkcs11testmodule.rc, nss.gyp:
Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea
Summary: This adds a mock PKCS #11 module from Firefox and add basic
tests around it. This is needed for proper testing of PKCS #11 v3.0
profile objects (D45669).
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
[0a86945adf74]
Differential Revision: https://phabricator.services.mozilla.com/D52779
--HG--
extra : moz-landing-system : lando
As Chrome has removed support for the HPKP (HTTP Public Key Pinning) header,
continuing to support it in Firefox is a compatibility risk. This patch adds
the preference "security.cert_pinning.hpkp.enabled" and sets it to false by
default. As such, the platform will no longer process the HPKP header nor
consult any cached HPKP information for certificate pins.
Preloaded (statically-compiled) pins are still enabled in Firefox by default.
This patch also disables dynamically setting pins via our remote security
settings infrastructure, as it uses the same backend and represents similar
compatibility risk.
Differential Revision: https://phabricator.services.mozilla.com/D52773
--HG--
extra : moz-landing-system : lando
2019-11-04 Marcus Burghardt <mburghardt@mozilla.com>
* lib/pk11wrap/pk11cert.c:
Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj
Fixed controls to avoid crashes caused by slots possibly without a
token in pk11_fastCert. Also, improved arguments controls in
PK11_MakeCertFromHandle.
[dc9552c2aa77] [tip]
2019-11-01 Franziskus Kiefer <franziskuskiefer@gmail.com>
* gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_des_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/softoken/pkcs11c.c:
Bug 1591742 - check des iv length and add test for it, r=jcj,kjacobs
Summary: Let's make sure the DES IV has the length we expect it to
have.
Bug #: 1591742
[35857ae98190]
2019-11-01 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp, lib/mozpkix
/test-lib/pkixtestnss.cpp, tests/gtests/gtests.sh:
Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj
[27a29997f598]
2019-11-01 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs
Update NSC_Decrypt length in constant time
[7f578a829b29]
2019-11-01 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/queue.js:
Bug 1562671 - Limit Master Password KDF iterations for NSS
continuous integration tests. r=mt
[c8b490583b86]
* lib/softoken/lgglue.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h,
lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c:
Bug 1562671 - Add environment variables to control Master Password
KDF iteration count. Disable iteration count for legacy DBM storage
by default. r=rrelyea
[ced91a705aa3]
2019-11-01 Bob Relyea <rrelyea@redhat.com>
* lib/softoken/legacydb/keydb.c, lib/softoken/lgglue.c,
lib/softoken/pkcs11.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h,
lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c:
Bug 1562671 - Support higher iteration count for Master Password
KDF. Bob Relyea's base patch. Requires the follow-up patch. r=kaie
[6619bb43d746]
2019-10-28 Martin Thomson <mt@lowentropy.net>
* coreconf/Linux.mk, coreconf/WIN32.mk, coreconf/command.mk,
coreconf/config.gypi, coreconf/rules.mk, lib/freebl/aes-armv8.c,
lib/freebl/aes-x86.c, lib/freebl/config.mk, lib/freebl/freebl.gyp,
lib/freebl/intel-aes.h, lib/freebl/intel-gcm-wrap.c,
lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/ssl/config.mk,
lib/ssl/ssl.gyp:
Bug 1590972 - Use -std=c99 for all C code, r=jcj
This switches to using -std=c99 for compiling all C code.
Previously, we only enabled this option for lib/freebl and lib/ssl.
For Linux, this means we need to define _DEFAULT_SOURCE to access
some of the functions we use. On glibc 2.12 (our oldest supported
version), we also need to define _BSD_SOURCE to access these
functions.
The only tricky part is dealing with partial C99 implementation in
gcc 4.4. From what I've seen, the only problem is that - in that
mode - it doesn't support nesting of unnamed fields:
https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Unnamed-Fields.html
This also switches from -std=c++0x to -std=c++11 as the 0x variant,
though identical in meaning, is deprecated.
[dbba7db4b79d]
2019-10-30 Giulio Benetti <giulio.benetti@benettiengineering.com>
* lib/freebl/aes-armv8.c, lib/freebl/rijndael.c:
Bug 1590676 - Fix build if arm doesn't support NEON r=kjacobs
At the moment NSS assumes that ARM supports NEON extension but this
is not true and leads to build failure on ARM without NEON
extension. Add check to assure USE_HW_AES is not defined if ARM
without NEON extension is used.
[58f2471ace3b]
2019-10-30 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/tls_agent.cc:
Bug 1575411 - Disable EMS for tests, a=bustage
[6e5f69781137]
2019-10-29 J.C. Jones <jjones@mozilla.com>
* gtests/ssl_gtest/tls_esni_unittest.cc:
Bug 1590970 - Fix clang-format from
e7956ee3ba1b6d05e3175bbcd795583fde867720 r=me
[d1e43cb9f227]
2019-10-29 Giulio Benetti <giulio.benetti@benettiengineering.com>
* lib/ssl/tls13esni.c:
Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c
r=jcj
[df5e9021809a]
2019-10-29 Martin Thomson <martin.thomson@gmail.com>
* lib/ssl/ssl.h, lib/ssl/sslsock.c:
Bug 1575411 - Enable extended master secret by default,
r=jcj,kjacobs
See the bug for discussion about the implications of this.
[d1c68498610d]
2019-10-29 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/sslexp.h:
Bug 1590970 - Stop using time() for ESNI tests, r=kjacobs
Summary: The ESNI tests were using time() rather than PR_Now(), so
they slipped the net when I went looking for bad time functions. Now
they do the right thing again.
What we were probably seeing in the intermittents was the case where
we set the time for most of the SSL functions to PR_Now(), and that
was just before a second rollover. Then, when time() was called, it
returned t+1 so the ESNI keys that were being generated in the ESNI
tests were given a notBefore time that was in the future relative to
the time being given to the TLS stack. Had the ESNI keys generation
been given time() - 1 for notBefore, as I have done here, this would
never have turned up.
Reviewers: kjacobs
Tags: #secure-revision
Bug #: 1590970
[e7956ee3ba1b]
Differential Revision: https://phabricator.services.mozilla.com/D51858
--HG--
extra : moz-landing-system : lando
This patch provides Delegated Credential information (authKeyBits and signature scheme) to CertVerifier such that we can enforce a policy check and disallow weak keys in the Delegated Credential.
This information is not passed from http3 - adding this will be done in a separate bug.
Differential Revision: https://phabricator.services.mozilla.com/D47181
--HG--
rename : security/manager/ssl/tests/unit/test_delegated_credentials/delegated-selfsigned.key => security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key
rename : security/manager/ssl/tests/unit/test_delegated_credentials/delegated-selfsigned.key.keyspec => security/manager/ssl/tests/unit/test_delegated_credentials/delegated.key.keyspec
extra : moz-landing-system : lando
Add separate entitlement files for the browser (aka parent process) and plugin-container processes. Leave the old production and developer entitlement files in place.
Once automation has been updated to use the new process-specific entitlement files (bug 1593072), the older entitlement files can be removed.
Future work will change the process-specific entitlements to be minimized for each process type.
Update codesign.bash to
1) use the separate browser and plugin-container entitlement files
2) only sign executables with entitlements, not sign unnecessary files
3) output to a .dmg instead of a .zip file.
Differential Revision: https://phabricator.services.mozilla.com/D52117
--HG--
extra : moz-landing-system : lando
Revert bug 1570581 by removing the AppleEvent entitlement from our hardened runtime configuration for both production and development.
Now that native messaging helpers are started 'disclaimed' with a new attribution chain, the entitlement is not needed.
Differential Revision: https://phabricator.services.mozilla.com/D48029
--HG--
extra : moz-landing-system : lando
2019-11-04 Marcus Burghardt <mburghardt@mozilla.com>
* lib/pk11wrap/pk11cert.c:
Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj
Fixed controls to avoid crashes caused by slots possibly without a
token in pk11_fastCert. Also, improved arguments controls in
PK11_MakeCertFromHandle.
[dc9552c2aa77] [tip]
2019-11-01 Franziskus Kiefer <franziskuskiefer@gmail.com>
* gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_des_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/softoken/pkcs11c.c:
Bug 1591742 - check des iv length and add test for it, r=jcj,kjacobs
Summary: Let's make sure the DES IV has the length we expect it to
have.
Bug #: 1591742
[35857ae98190]
2019-11-01 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp, lib/mozpkix
/test-lib/pkixtestnss.cpp, tests/gtests/gtests.sh:
Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj
[27a29997f598]
2019-11-01 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs
Update NSC_Decrypt length in constant time
[7f578a829b29]
2019-11-01 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/queue.js:
Bug 1562671 - Limit Master Password KDF iterations for NSS
continuous integration tests. r=mt
[c8b490583b86]
* lib/softoken/lgglue.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h,
lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c:
Bug 1562671 - Add environment variables to control Master Password
KDF iteration count. Disable iteration count for legacy DBM storage
by default. r=rrelyea
[ced91a705aa3]
2019-11-01 Bob Relyea <rrelyea@redhat.com>
* lib/softoken/legacydb/keydb.c, lib/softoken/lgglue.c,
lib/softoken/pkcs11.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h,
lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c:
Bug 1562671 - Support higher iteration count for Master Password
KDF. Bob Relyea's base patch. Requires the follow-up patch. r=kaie
[6619bb43d746]
2019-10-28 Martin Thomson <mt@lowentropy.net>
* coreconf/Linux.mk, coreconf/WIN32.mk, coreconf/command.mk,
coreconf/config.gypi, coreconf/rules.mk, lib/freebl/aes-armv8.c,
lib/freebl/aes-x86.c, lib/freebl/config.mk, lib/freebl/freebl.gyp,
lib/freebl/intel-aes.h, lib/freebl/intel-gcm-wrap.c,
lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/ssl/config.mk,
lib/ssl/ssl.gyp:
Bug 1590972 - Use -std=c99 for all C code, r=jcj
This switches to using -std=c99 for compiling all C code.
Previously, we only enabled this option for lib/freebl and lib/ssl.
For Linux, this means we need to define _DEFAULT_SOURCE to access
some of the functions we use. On glibc 2.12 (our oldest supported
version), we also need to define _BSD_SOURCE to access these
functions.
The only tricky part is dealing with partial C99 implementation in
gcc 4.4. From what I've seen, the only problem is that - in that
mode - it doesn't support nesting of unnamed fields:
https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Unnamed-Fields.html
This also switches from -std=c++0x to -std=c++11 as the 0x variant,
though identical in meaning, is deprecated.
[dbba7db4b79d]
2019-10-30 Giulio Benetti <giulio.benetti@benettiengineering.com>
* lib/freebl/aes-armv8.c, lib/freebl/rijndael.c:
Bug 1590676 - Fix build if arm doesn't support NEON r=kjacobs
At the moment NSS assumes that ARM supports NEON extension but this
is not true and leads to build failure on ARM without NEON
extension. Add check to assure USE_HW_AES is not defined if ARM
without NEON extension is used.
[58f2471ace3b]
2019-10-30 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/tls_agent.cc:
Bug 1575411 - Disable EMS for tests, a=bustage
[6e5f69781137]
2019-10-29 J.C. Jones <jjones@mozilla.com>
* gtests/ssl_gtest/tls_esni_unittest.cc:
Bug 1590970 - Fix clang-format from
e7956ee3ba1b6d05e3175bbcd795583fde867720 r=me
[d1e43cb9f227]
2019-10-29 Giulio Benetti <giulio.benetti@benettiengineering.com>
* lib/ssl/tls13esni.c:
Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c
r=jcj
[df5e9021809a]
2019-10-29 Martin Thomson <martin.thomson@gmail.com>
* lib/ssl/ssl.h, lib/ssl/sslsock.c:
Bug 1575411 - Enable extended master secret by default,
r=jcj,kjacobs
See the bug for discussion about the implications of this.
[d1c68498610d]
2019-10-29 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/sslexp.h:
Bug 1590970 - Stop using time() for ESNI tests, r=kjacobs
Summary: The ESNI tests were using time() rather than PR_Now(), so
they slipped the net when I went looking for bad time functions. Now
they do the right thing again.
What we were probably seeing in the intermittents was the case where
we set the time for most of the SSL functions to PR_Now(), and that
was just before a second rollover. Then, when time() was called, it
returned t+1 so the ESNI keys that were being generated in the ESNI
tests were given a notBefore time that was in the future relative to
the time being given to the TLS stack. Had the ESNI keys generation
been given time() - 1 for notBefore, as I have done here, this would
never have turned up.
Reviewers: kjacobs
Tags: #secure-revision
Bug #: 1590970
[e7956ee3ba1b]
Differential Revision: https://phabricator.services.mozilla.com/D51858
--HG--
extra : moz-landing-system : lando
Revert bug 1570581 by removing the AppleEvent entitlement from our hardened runtime configuration for both production and development.
Now that native messaging helpers are started 'disclaimed' with a new attribution chain, the entitlement is not needed.
Differential Revision: https://phabricator.services.mozilla.com/D48029
--HG--
extra : moz-landing-system : lando
This code is compiled when `MOZ_NEW_CERT_STORAGE` is not defined, which is the
case on beta.
Differential Revision: https://phabricator.services.mozilla.com/D51559
--HG--
extra : moz-landing-system : lando
2019-10-28 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_filter.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslt.h,
lib/ssl/tls13con.c:
Bug 1588244 - Store TLS 1.3 peerDelegCred, authKeyBits, and scheme
in SSLPreliminaryChannelInfo. r=mt
This patch adjusts where we set `authKeyBits` (Et al.) for TLS 1.3,
such that `CertVerifier` can check the strength of a delegated
credential keypair.
The corresponding PSM changeset is in D47181.
[fcdda17cdc36] [tip]
2019-10-28 Kai Engert <kaie@kuix.de>
* coreconf/coreconf.dep:
Dummy change, trigger a build after bustage to test latest NSPR
commit
[ec2adf31fb8c]
2019-10-26 Martin Thomson <mt@lowentropy.net>
* lib/ssl/sslauth.c, lib/ssl/sslcon.c, lib/ssl/tls13esni.c:
Bug 1590970 - Use ssl_Time consistently, r=kjacobs
I missed a few places that used PR_Now() before.
[c6021063e64a]
2019-10-22 Deian Stefan <deian@cs.ucsd.edu>
* gtests/pk11_gtest/pk11_cbc_unittest.cc:
Bug 1459141 - A few more CBC padding tests. r=jcj
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.
[38f1c92a5e11]
2019-10-22 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/btoa/btoa.c:
Bug 1590339 - Fix MemoryLeak in btoa.c. r=kjacobs
[5feab64d2d20]
2019-10-21 Marcus Burghardt <mburghardt@mozilla.com>
* lib/ckfw/builtins/testlib/certdata-testlib.txt:
Bug 1589810 - Uninitialized variable warnings from certdata.perl.
r=mt
[3f40060ca7b3]
2019-10-19 Martin Thomson <martin.thomson@gmail.com>
* gtests/ssl_gtest/ssl_version_unittest.cc:
Bug 1573118 - Fix busted unit tests, r=jcj
These unit tests were broken by the change to TLS version defaults.
In retrospect, this shouldn't have been surprising, but now that it
I'm seeing bustage, I'm somewhat surprised that there are so few
failures.
[7e0b8364687b]
* lib/ssl/sslsock.c:
Bug 1573118 - Enable TLS 1.3 by default, r=jcj
As planned for 3.47, but now for 3.48.
[bc77cf318f38]
2019-10-18 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, automation/abi-check/previous-nss-
release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.48 beta
[0e7dd2050d09]
* .hgtags:
Added tag NSS_3_47_RTM for changeset 7ccb4ade5577
[dcadb95b9d77] <NSS_3_47_BRANCH>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 final
[7ccb4ade5577] [NSS_3_47_RTM] <NSS_3_47_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D50840
--HG--
extra : moz-landing-system : lando
Add the com.apple.security.smartcard entitlement to Firefox's entitlements list.
Needed for clients of some CryptoTokenKit.framework API's, per SmartCardServices(7).
Differential Revision: https://phabricator.services.mozilla.com/D51303
--HG--
extra : moz-landing-system : lando
Lots of these callbacks have a non-`void*` final parameter, which UBSAN
complains about. This commit changes them to have a `void*` parameter.
This requires undoing the machinery added in the first two commits of bug
1473631: `TypePrefChangeFunc` and `PREF_CHANGE_METHOD`. The resulting code is
simpler (which is good) and more boilerplate-y (which is bad) but avoids the
undefined behaviour (which is good).
Differential Revision: https://phabricator.services.mozilla.com/D50901
--HG--
extra : moz-landing-system : lando
This patch converts the certList attribute of nsITransportSecurityInfo
from nsIX509CertList to Array<nsIx509Cert>
Differential Revision: https://phabricator.services.mozilla.com/D48745
--HG--
extra : moz-landing-system : lando
OS.File.writeAtomic expects either a utf-8 string or a typed array. This patch
fixes instances in pippki.js in certificate export where this was not
guaranteed to be the case. It also extends the test for this functionality to
cover more cases.
Differential Revision: https://phabricator.services.mozilla.com/D50117
--HG--
extra : moz-landing-system : lando
Bug 1267643 removed filtering of client certificates based on the
"certificate_authorities" list sent in the client certificate request from the
server in TLS handshakes because it is impossible to implement as specified
without false negatives (i.e. excluding certificates that could be usable but
don't seem to be according to the certificates the client is aware of). In
practice, however, it seems enough users rely on this behavior[0] that we
should add it back until the platform can save client certificate selections
across restarts and the "select one automatically" option is removed (see also
bug 634697).
[0] See e.g. bug 1588703, bug 1590297, bug 1590596, bug 1074195 comment 27,
and any other duplicates of this bug.
Differential Revision: https://phabricator.services.mozilla.com/D50355
--HG--
extra : moz-landing-system : lando
This change enables the version downgrade sentinel across all channels. We
don't have good telemetry on this, but Chrome reports 0.02%, which is low enough
to just make the change without additional validation on our end.
This only really affects intercepting middleboxes that forward the real server's
ServerHello.random. That's a terrible idea, and, as above, the evidence
suggests that this is now rare enough to have those boxes break connections.
The pref will remain for those cases where problems persist.
Differential Revision: https://phabricator.services.mozilla.com/D50387
--HG--
extra : moz-landing-system : lando
Update sandbox rules to allow services and files needed for global UI system preferences.
Update tests now that stat() calls on the filesystem are permitted.
Differential Revision: https://phabricator.services.mozilla.com/D50298
--HG--
extra : moz-landing-system : lando
Most of these tests have been disabled for a long time; they run well
in the current test environment.
This completes my review of skipped Android tests.
Differential Revision: https://phabricator.services.mozilla.com/D49954
--HG--
extra : moz-landing-system : lando
This patch converts the certList attribute of nsITransportSecurityInfo
from nsIX509CertList to Array<nsIx509Cert>
Differential Revision: https://phabricator.services.mozilla.com/D48745
--HG--
extra : moz-landing-system : lando
2019-10-18 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 final
[7ccb4ade5577] [NSS_3_47_RTM] <NSS_3_47_BRANCH>
* .hgtags:
Added tag NSS_3_47_BETA4 for changeset d3c8638f85cd
[d5bd7be1bf2a]
Differential Revision: https://phabricator.services.mozilla.com/D49813
--HG--
extra : moz-landing-system : lando
2019-10-18 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Rewrite softoken CBC pad check to be constant
r=jcj,kjacobs
[d3c8638f85cd] [NSS_3_47_BETA4]
2019-10-17 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc:
Bug 1589120 - Additional test vectors for CBC padding. r=jcj
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.
[7f17b911ac99]
* gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp:
Bug 1589120 - Tests for padded AES key wrap r=jcj
This patch adds test vectors for padded AES Key Wrap. AES-CBC and
3DES-CBC ports of the same vectors will be included in a separate
revision.
[fb4d9b6ea2c4]
2019-10-16 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h, lib/ssl/tls13subcerts.c,
tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh:
Bug 1588244 - SSLExp_DelegateCredential to support 'rsaEncryption'
end-entity certs with default scheme override r=mt
If an end-entity cert has an SPKI type of 'rsaEncryption', override
the DC alg to be `ssl_sig_rsa_pss_rsae_sha256`.
[93383e0fb833]
2019-10-16 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA3 for changeset f10c3e0757b7
[fa8a67bee2dc]
Differential Revision: https://phabricator.services.mozilla.com/D49774
--HG--
extra : moz-landing-system : lando
The internal representation of certList has been converted to
cert array, and this patch does it for the serialization.
Differential Revision: https://phabricator.services.mozilla.com/D49347
--HG--
extra : moz-landing-system : lando
Adds support for creating and using a PSandboxTesting actor in the GPU process.
Differential Revision: https://phabricator.services.mozilla.com/D42386
--HG--
extra : moz-landing-system : lando
This patch includes a new browser chrome mochitest that uses a new XPCOM service (moxISandboxTest) to create a new top-level actor (PSandboxTesting) between the chrome process and any supported child processes (in later parts of this patch set). The framework is makes it easy to add new C/C++ instructions to be tested for permission under real sandbox conditions. Test results can be conditioned on the type of OS, process, sandbox level, etc.
Differential Revision: https://phabricator.services.mozilla.com/D37706
--HG--
extra : moz-landing-system : lando
2019-10-16 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Backed out changeset 474d62c9d0db for PK11_Wrap/Unwrap
issues r=me
[f10c3e0757b7] [NSS_3_47_BETA3]
2019-10-15 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA2 for changeset f657d65428c6
[3ca8b20b24ee]
* cmd/addbuiltin/addbuiltin.c:
Bug 1465613 - Fixup clang format a=bustage
[f657d65428c6] [NSS_3_47_BETA2]
2019-10-11 Marcus Burghardt <mburghardt@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, cmd/addbuiltin/addbuiltin.c,
cmd/lib/secutil.c, gtests/softoken_gtest/manifest.mn,
gtests/softoken_gtest/softoken_gtest.gyp,
gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc,
lib/certdb/certdb.c, lib/certdb/certt.h, lib/ckfw/builtins/README,
lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/manifest.mn,
lib/ckfw/builtins/nssckbi.h, lib/ckfw/builtins/testlib/Makefile,
lib/ckfw/builtins/testlib/builtins-testlib.gyp,
lib/ckfw/builtins/testlib/certdata-testlib.txt,
lib/ckfw/builtins/testlib/config.mk,
lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/builtins/testlib
/nssckbi-testlib.rc,
lib/ckfw/builtins/testlib/testcert_err_distrust.txt,
lib/ckfw/builtins/testlib/testcert_no_distrust.txt,
lib/ckfw/builtins/testlib/testcert_ok_distrust.txt,
lib/ckfw/manifest.mn, lib/nss/nss.def, lib/pki/pki3hack.c,
lib/softoken/sdb.c, lib/util/pkcs11n.h, nss.gyp, tests/cert/cert.sh:
Bug 1465613 - Created two new fields for scheduled distrust from
builtins and updated support commands. r=jcj,kjacobs,mt
Added two new fields do scheduled distrust of CAs in
nssckbi/builtins. Also, created a testlib to validate these fields
with gtests.
[52024949df95]
2019-10-14 Martin Thomson <martin.thomson@gmail.com>
* lib/ssl/tls13con.c:
Bug 1588557 - Fix debug statement, r=jcj
[0f563a2571c3]
2019-10-15 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/lib/pkixcert.cpp:
bug 1579060 - fix handling of issuerUniqueID and subjectUniqueID in
mozilla::pkix::BackCert r=jcj
According to RFC 5280, the definitions of issuerUniqueID and
subjectUniqueID in TBSCertificate are as follows:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
where UniqueIdentifier is a BIT STRING.
IMPLICIT tags replace the tag of the underlying type. For these
fields, there is no specified class (just a tag number within the
class), and the underlying type of BIT STRING is "primitive" (i.e.
not constructed). Thus, the tags should be of the form CONTEXT
SPECIFIC | [number in class], which comes out to 0x81 and 0x82,
respectively.
When originally implemented, mozilla::pkix incorrectly required that
the CONSTRUCTED bit also be set for these fields. Consequently, the
library would reject any certificate that actually contained these
fields. Evidently such certificates are rare.
[c50f933d37a5]
2019-10-14 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Rewrite softoken CBC pad check to be constant time.
r=kjacobs,jcj
[474d62c9d0db]
2019-10-11 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA1 for changeset 93245f5733b3
[f60dbafbc182]
Differential Revision: https://phabricator.services.mozilla.com/D49470
--HG--
extra : moz-landing-system : lando
2019-10-15 J.C. Jones <jjones@mozilla.com>
* cmd/addbuiltin/addbuiltin.c:
Bug 1465613 - Fixup clang format a=bustage
[f657d65428c6] [NSS_3_47_BETA2]
2019-10-11 Marcus Burghardt <mburghardt@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, cmd/addbuiltin/addbuiltin.c,
cmd/lib/secutil.c, gtests/softoken_gtest/manifest.mn,
gtests/softoken_gtest/softoken_gtest.gyp,
gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc,
lib/certdb/certdb.c, lib/certdb/certt.h, lib/ckfw/builtins/README,
lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/manifest.mn,
lib/ckfw/builtins/nssckbi.h, lib/ckfw/builtins/testlib/Makefile,
lib/ckfw/builtins/testlib/builtins-testlib.gyp,
lib/ckfw/builtins/testlib/certdata-testlib.txt,
lib/ckfw/builtins/testlib/config.mk,
lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/builtins/testlib
/nssckbi-testlib.rc,
lib/ckfw/builtins/testlib/testcert_err_distrust.txt,
lib/ckfw/builtins/testlib/testcert_no_distrust.txt,
lib/ckfw/builtins/testlib/testcert_ok_distrust.txt,
lib/ckfw/manifest.mn, lib/nss/nss.def, lib/pki/pki3hack.c,
lib/softoken/sdb.c, lib/util/pkcs11n.h, nss.gyp, tests/cert/cert.sh:
Bug 1465613 - Created two new fields for scheduled distrust from
builtins and updated support commands. r=jcj,kjacobs,mt
Added two new fields do scheduled distrust of CAs in
nssckbi/builtins. Also, created a testlib to validate these fields
with gtests.
[52024949df95]
2019-10-14 Martin Thomson <martin.thomson@gmail.com>
* lib/ssl/tls13con.c:
Bug 1588557 - Fix debug statement, r=jcj
[0f563a2571c3]
2019-10-15 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/lib/pkixcert.cpp:
bug 1579060 - fix handling of issuerUniqueID and subjectUniqueID in
mozilla::pkix::BackCert r=jcj
According to RFC 5280, the definitions of issuerUniqueID and
subjectUniqueID in TBSCertificate are as follows:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
where UniqueIdentifier is a BIT STRING.
IMPLICIT tags replace the tag of the underlying type. For these
fields, there is no specified class (just a tag number within the
class), and the underlying type of BIT STRING is "primitive" (i.e.
not constructed). Thus, the tags should be of the form CONTEXT
SPECIFIC | [number in class], which comes out to 0x81 and 0x82,
respectively.
When originally implemented, mozilla::pkix incorrectly required that
the CONSTRUCTED bit also be set for these fields. Consequently, the
library would reject any certificate that actually contained these
fields. Evidently such certificates are rare.
[c50f933d37a5]
2019-10-14 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Rewrite softoken CBC pad check to be constant time.
r=kjacobs,jcj
[474d62c9d0db]
2019-10-11 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA1 for changeset 93245f5733b3
[f60dbafbc182]
Differential Revision: https://phabricator.services.mozilla.com/D49365
--HG--
extra : moz-landing-system : lando
This patch intends to change the internal reprensentation of certList
from nsIX509CertList to Array for TransportSecurityInfo.
Differential Revision: https://phabricator.services.mozilla.com/D48744
--HG--
extra : moz-landing-system : lando
2019-10-11 Kai Engert <kaie@kuix.de>
* automation/release/nspr-version.txt:
Bug 1583068 - Require NSPR version 4.23 r=jcj
[93245f5733b3] [NSS_3_47_BETA1]
2019-10-11 Kevin Jacobs <kjacobs@mozilla.com>
* coreconf/config.gypi, lib/freebl/freebl.gyp:
Bug 1152625 - Add gyp flag for disabling ARM HW AES r=jcj
Adds an option to disable ARMv8 HW AES, if `-Ddisable_arm_hw_aes=1`
is passed to build.sh.
Depends on D34473
[9abcea09fdd4]
2019-10-11 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/aes-armv8.c:
Bug 1152625 - Part 2. Remove __builtin_assume to avoid crash on PGO.
r=kjacobs,mt
`AESContext->iv` doesn't align to 16 bytes on PGO build, so we
should remove __builtin_assume. Also, I guess that `expandedKey` has
same problem.
[1b0f5c5335ee]
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/aes-armv8.h,
lib/freebl/freebl.gyp, lib/freebl/intel-aes.h,
lib/freebl/rijndael.c:
Bug 1152625 - Support AES HW acceleration on ARMv8. r=kjacobs,jcj
[efb895a43899]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_ciphersuite_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_fuzz_unittest.cc,
gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/ssl3exthandle.c, lib/ssl/sslimpl.h, lib/ssl/tls13con.c:
Bug 1549225 - Up front Signature Scheme validation, r=ueno
Summary: This patch started as an attempt to ensure that a DSA
signature scheme would not be advertised if we weren't willing to
negotiate versions less than TLS 1.3. Then I realized that we didn't
do the same for PKCS#1 RSA.
Then I realized that we were still willing to try to establish
connections when we had a certificate that we couldn't use.
Then I realized that ssl3_config_match_init() wasn't being run
consistently. On resumption, we only ran it when we were PARANOID.
That's silly because we weren't checking policies.
Then I realized that we were allowing ECDSA certificates to be used
when the named group in the certificate was disabled. We weren't
enforcing that consistently either. However, I also discovered that
the check we have wouldn't work without a tweak because in TLS 1.3
the named group is part of the signature scheme; the configured
named groups are only used prior to TLS 1.3 when selecting
ECDSA/ECDH certificates.
So that sounds like a lot of changes but what it boils down to is
more robust checking of the configuration prior to starting a
connection. As a result, we should be offering fewer options that
we're unwilling or unable to follow through on. A good number of
tests needed tweaking as a result because we were relying on getting
past the checks in those tests. No real problems were found as a
result; this just moves failures that might arise from
misconfiguration a little earlier in the process.
[9b418f0a4912]
2019-10-08 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc,
lib/pk11wrap/pk11pk12.c:
Bug 1586947 - Store nickname during EC key import. r=jcj
This patch stores the nickname (if specified) during EC key import.
This was already done for all other key types.
[c319019aee75]
2019-10-08 Marcus Burghardt <mburghardt@mozilla.com>
* lib/certdb/stanpcertdb.c, lib/pk11wrap/pk11load.c,
lib/pki/pki3hack.c:
Bug 1586456 - Unnecessary conditional in pki3hack, pk11load and
stanpcertdb. r=jcj
Some conditionals that are always true were removed.
[b34061c3a377]
Differential Revision: https://phabricator.services.mozilla.com/D49030
--HG--
extra : moz-landing-system : lando
During path building, mozilla::pkix filters out candidate certificates provided
by trust domains where the subject distinguished name does not match the issuer
distinguished name of the certificate it's trying to find an issuer for.
However, if there's a problem decoding the candidate issuer certificate,
mozilla::pkix will make a note of this error, regardless of if that certificate
was potentially a suitable issuer. If no trusted path is found, the error from
that unrelated certificate may ultimately be returned by mozilla::pkix,
resulting in confusion.
Before this patch, NSSCertDBTrustDomain could cause this behavior by blithely
passing every known 3rd party certificate to mozilla::pkix (other sources of
certificates already filter on subject distinguished name). This patch adds
filtering to 3rd party certificates as well.
Differential Revision: https://phabricator.services.mozilla.com/D48120
--HG--
extra : moz-landing-system : lando
Allow access to extra services needed to open file pickers from the Flash process on 10.15.
Differential Revision: https://phabricator.services.mozilla.com/D48145
--HG--
extra : moz-landing-system : lando
2019-10-03 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary.
r=jcj
ECB mode should not require an IV.
[dc86215aea17] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Check mechanism param and param length before casting
to mechanism-specific structs. r=jcj
This patch adds missing PKCS11 input parameter checks, which are
needed prior to casting to mechanism-specific structs.
[53d92a324080]
Differential Revision: https://phabricator.services.mozilla.com/D48109
--HG--
extra : moz-landing-system : lando
2019-10-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1577953 - Support longer (up to RFC maximum) HKDF outputs r=jcj
HKDF-Expand enforces a maximum output length much shorter than
stated in the RFC. This patch aligns the implementation with the RFC
by allocating more output space when necessary.
[c0913ad7a560] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/curve25519-vectors.h,
gtests/pk11_gtest/pk11_curve25519_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_vectors.h,
gtests/pk11_gtest/pk11_signature_test.h:
Bug 1558234 - Additional EC key tests, r=jcj
Adds additional EC key corner case testing.
[c20364849713]
Differential Revision: https://phabricator.services.mozilla.com/D47805
--HG--
extra : moz-landing-system : lando
This patch sets the preference order for `TLS_CHACHA20_POLY1305_SHA256` over `TLS_AES_128_GCM_SHA256` for ARM builds.
As noted in the bug, this is far from an ideal way to do this. The implementation is purposefully simplistic so as to minimize any performance hit. If we want to accept doing this configuration for every new TLS connection, `SSL_CipherSuiteOrderGet` **will** return the pref-filtered (i.e. only the enabled) ciphers, but in the default NSS order. We would have to build a new list by referencing this output with another ordered list defined in PSM. If we want to leave NSS as-is (instead of offering a global reconfiguration API), we should do this.
Differential Revision: https://phabricator.services.mozilla.com/D47485
--HG--
extra : rebase_source : 0252cf321225cd644a463fd94561fd6af38b3837
extra : source : 4836c05dd2eee11bf9d836fb0505e77450b0651b
This patch sets the preference order for `TLS_CHACHA20_POLY1305_SHA256` over `TLS_AES_128_GCM_SHA256` for ARM builds.
As noted in the bug, this is far from an ideal way to do this. The implementation is purposefully simplistic so as to minimize any performance hit. If we want to accept doing this configuration for every new TLS connection, `SSL_CipherSuiteOrderGet` **will** return the pref-filtered (i.e. only the enabled) ciphers, but in the default NSS order. We would have to build a new list by referencing this output with another ordered list defined in PSM. If we want to leave NSS as-is (instead of offering a global reconfiguration API), we should do this.
Differential Revision: https://phabricator.services.mozilla.com/D47485
--HG--
extra : moz-landing-system : lando
2019-09-27 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h,
lib/softoken/pkcs11u.c:
Bug 1508776 - Remove unneeded refcounting from SFTKSession
r=mt,kjacobs
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that,
NSC_CloseSession can just call `sftk_DestroySession` directly and
leave `sftk_FreeSession` as a no-op to be removed in the future.
[5619cbbca3db] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D47631
--HG--
extra : moz-landing-system : lando
The intent of adding this pref is to allow us to change defaults for
security.tls.version.min for a progressive rollout of a TLS 1.0 and 1.1
deprecation. During that process, we'd like to offer the option to enable these
old TLS versions, without adding a pref override that would cause those versions
to remain enabled once we finish the rollout.
Those people who have triggered the override will be able to access TLS 1.0 and
1.1 sites until we eventually remove the code that respects this pref. What is
likely to happen is that this pref will remain in code past the end of our
rollout for part of a release cycle, plus maybe the next cycle depending on
how timing works out.
This pref is a simple boolean that we'll remove in March 2020.
Differential Revision: https://phabricator.services.mozilla.com/D45798
--HG--
extra : moz-landing-system : lando
The intent of adding this pref is to allow us to change defaults for
security.tls.version.min for a progressive rollout of a TLS 1.0 and 1.1
deprecation. During that process, we'd like to offer the option to enable these
old TLS versions, without adding a pref override that would cause those versions
to remain enabled once we finish the rollout.
Those people who have triggered the override will be able to access TLS 1.0 and
1.1 sites until we eventually remove the code that respects this pref. What is
likely to happen is that this pref will remain in code past the end of our
rollout for part of a release cycle, plus maybe the next cycle depending on
how timing works out.
This pref is a simple boolean that we'll remove in March 2020.
Differential Revision: https://phabricator.services.mozilla.com/D45798
--HG--
extra : moz-landing-system : lando
This patch makes the certificate authentication work with TransportSecurityInfo, so that it can be used for nsNSSSocketInfo and a quic's version of the security info class.
Also it adds a new AuthCertificateHookWithInfo function that will be called by Http3Session to authenticate certificates.
Differential Revision: https://phabricator.services.mozilla.com/D44064
--HG--
extra : moz-landing-system : lando
2019-09-23 Daiki Ueno <dueno@redhat.com>
* gtests/ssl_gtest/ssl_recordsize_unittest.cc, lib/ssl/ssl3con.c,
tests/tlsfuzzer/config.json.in, tests/tlsfuzzer/tlsfuzzer.sh:
Bug 1580286, account for IV size when checking TLS 1.2 records, r=mt
Summary: This increases the limit of record expansion by 16 so that
it doesn't reject maximum block padding when HMAC-SHA384 is used.
To test this, tlsfuzzer is updated to the latest version (commit
80d7932ead1d8dae6e555cfd2b1c4c5beb2847df).
Reviewers: mt
Reviewed By: mt
Bug #: 1580286
[03039d4fad57] [tip]
2019-09-20 Kai Engert <kaie@kuix.de>
* tests/smime/smime.sh:
Bug 1577448 - Create additional nested S/MIME test messages for
Thunderbird. r=jcj
[57977ceea00e]
2019-09-19 Kai Engert <kaie@kuix.de>
* automation/taskcluster/docker-gcc-4.4/Dockerfile,
automation/taskcluster/graph/src/try_syntax.js,
automation/taskcluster/scripts/build.sh,
automation/taskcluster/scripts/build_gyp.sh,
automation/taskcluster/scripts/build_nspr.sh,
automation/taskcluster/scripts/check_abi.sh,
automation/taskcluster/scripts/gen_coverage_report.sh,
automation/taskcluster/scripts/run_coverity.sh,
automation/taskcluster/scripts/run_scan_build.sh,
automation/taskcluster/windows/build.sh,
automation/taskcluster/windows/build_gyp.sh:
Bug 1399095 - Allow nss-try to be used to test NSPR changes.
r=kjacobs
[6e1a8a7cb469]
2019-09-16 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_cipherorder_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, lib/ssl/ssl3con.c, lib/ssl/sslexp.h,
lib/ssl/sslsock.c:
Bug 1267894 - New functions for CipherSuites Ordering and gtests.
r=jcj,kjacobs,mt
Created two new experimental functions which permit the caller
change the default order of CipherSuites used during the handshake.
[2deb38fc1d68]
2019-09-18 Christian Weisgerber <naddy@mips.inka.de>
* tests/policy/policy.sh, tests/ssl/ssl.sh:
Bug 1581507 - Fix unportable grep expression in test scripts
r=marcusburghardt
[edc1e405afa4]
2019-09-18 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/jar/jarfile.c:
Bug 1234830 - [CID 1242894][CID 1242852] unused values.
r=kaie,r=kjacobs
[b6d3f5c95aad]
2019-09-18 Kai Engert <kaie@kuix.de>
* cmd/symkeyutil/symkeyutil.c:
Bug 1581759 - fix incorrect if condition in symkeyutil. r=kjacobs
[306550105228]
Differential Revision: https://phabricator.services.mozilla.com/D46967
--HG--
extra : moz-landing-system : lando
Most of these tests have been disabled for a long time; they run well
in the current test environment.
Differential Revision: https://phabricator.services.mozilla.com/D46642
--HG--
extra : moz-landing-system : lando
Using left shift on a uint8_t promotes it to a signed integer. If the shift is
large enough that the sign bit gets affected, we have undefined behavior. This
patch fixes this by first casting to uint32_t.
Differential Revision: https://phabricator.services.mozilla.com/D46820
--HG--
extra : moz-landing-system : lando
CERT_FindUserCertsByUsage is inefficient when the corpus of known certificates
consists mostly of certificates that don't have corresponding private keys,
which is expected to be the case for most Firefox users. This change updates
the "does the user have any client certificates" functionality to use the more
efficient "FindNonCACertificatesWithPrivateKeys" function added in bug 1573542.
Differential Revision: https://phabricator.services.mozilla.com/D46499
--HG--
extra : moz-landing-system : lando
Before this patch, Firefox would call CERT_FindUserCertsByUsage to gather all
known client certificates. This function enumerates all known certificates and
filters some of them out. When there are many certificates that are not client
certificates (e.g. roots and intermediates), this is inefficient. Since this is
likely to be the case for most users, this patch optimizes this task by instead
first searching for private keys and then gathering all certificates that have
corresponding public keys.
Differential Revision: https://phabricator.services.mozilla.com/D46187
--HG--
extra : moz-landing-system : lando
2019-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/derprint.c:
Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj
Check for pointer wrap on output-length check in the derdump
utility.
[a3ee4f26b4c1] [tip]
2019-09-18 Giulio Benetti <giulio.benetti@micronovasrl.com>
* lib/freebl/gcm-aarch64.c:
Bug 1580126 - Fix build failure on aarch64_be while building
freebl/gcm r=kjacobs
Build failure is caused by different #ifdef conditions in gcm.c and
gcm-aarch64.c that leads to double declaration of the same gcm_*
functions.
Fix #ifdef condition in gcm-aarch64.c making it the same as the one
in gcm.c.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[fa0d958de0c3]
2019-09-17 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/extend.js:
Bug 1385039 - Build NSPR tests as part of NSS continuous
integration. r=kjacobs
[cc97f1a93038]
2019-09-17 Landry Breuil <landry@openbsd.org>
* lib/freebl/Makefile:
Bug 1581391 - include gcm-aarch64 on all unices, not only linux
r=kjacobs
[e7b4f293fa4e]
2019-09-17 Martin Thomson <mt@lowentropy.net>
* mach:
Bug 1581041 - Rename mach-commands to mach-completion, r=jcj
This means that we can point our completion at the gecko one.
[bc91272fcbdc]
2019-09-16 Jenine <jenine_c@outlook.com>
* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
r=marcusburghardt
[4569b745f74e]
2019-09-13 Daiki Ueno <dueno@redhat.com>
* lib/certhigh/certvfy.c:
Bug 1542207, fix policy check on signature algorithms, r=rrelyea
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1542207
[ed8a41d16c1c]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[c66dd879d16a]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* automation/taskcluster/graph/src/queue.js:
Bug 1579290 - Disable LSAN during builds, r=ueno
Summary: See the bug description for details.
[f28f3d7b7cf0]
2019-09-13 Kai Engert <kaie@kuix.de>
* Makefile, build.sh, coreconf/nspr.sh, help.txt:
Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
build/run NSPR tests. r=jcj
[8b4a226f7d23]
2019-09-11 Kai Engert <kaie@kuix.de>
* nss.gyp:
Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
[1fe61aadaf57]
2019-09-10 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/pk12util/pk12util.c:
Bug 1579036 - Define error when trying to export non-existent cert
with pk12util. r=jcj
[65ab97f03c89]
2019-09-04 Martin Thomson <mt@lowentropy.net>
* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
Bug 1578626 - Remove undefined nullptr decrement, r=keeler
Summary: This uses uintptr_t to avoid the worst. It still looks
terrible and might trip static analysis warnings, but the
reinterpret_cast should hide that.
This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
an assertion so that we'll at least fail the test on those systems.
(We could use GTEST_SKIP instead, but we don't have that in the
version of gtest that we use.)
Reviewers: keeler
Tags: #secure-revision
Bug #: 1578626
[d2485b1c997e]
2019-09-05 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1578751 - Ensure a consistent style for
pk11_find_certs_unittest.cc. r=jcj
Adjusted the style and clang-format after the changes in some var
names.
[e95fee7f59e5]
Differential Revision: https://phabricator.services.mozilla.com/D46246
--HG--
extra : moz-landing-system : lando
If code acquires a handle on the certificate verifier before the loadable roots
background task completes, that instance of the verifier may not know about any
enterprise certificates loaded, and so early certificate verifications relying
on those certificates may fail. To prevent this, this patch ensures that the
background task has completed before returning the handle. Note that there
should be no effect on performance since CertVerifier already ensures that the
background task has completed internally before looking for potential issuer
certificates.
Differential Revision: https://phabricator.services.mozilla.com/D46224
--HG--
extra : moz-landing-system : lando
Calling CERT_NewTempCertificate on an enterprise certificate is inefficient
because NSS tries (and fails) to find a copy of that certificate in its internal
data structures (which includes querying softoken, which involves hitting the
disk). We can avoid doing so for these certificates in
NSSCertDBTrustDomain::GetCertTrust because we already know what trust values
they should have (after checking the relevant blocklists).
Differential Revision: https://phabricator.services.mozilla.com/D45588
--HG--
extra : moz-landing-system : lando
about:certificate is always trusted and we don't have to use the content principal in browser.js
Differential Revision: https://phabricator.services.mozilla.com/D45939
--HG--
extra : moz-landing-system : lando
This patch adds a new `mIsDelegatedCredential` parameter to nsITransportSecurityInfo, indicating whether or not a delegated credential keypair was used in the TLS handshake (see: https://tools.ietf.org/html/draft-ietf-tls-subcerts-03) .
This functionality is only available if _security.tls.enable_delegated_credentials_ is set to true.
Differential Revision: https://phabricator.services.mozilla.com/D39807
--HG--
extra : moz-landing-system : lando
This patch adds a new `mIsDelegatedCredential` parameter to nsITransportSecurityInfo, indicating whether or not a delegated credential keypair was used in the TLS handshake (see: https://tools.ietf.org/html/draft-ietf-tls-subcerts-03) .
This functionality is only available if _security.tls.enable_delegated_credentials_ is set to true.
Differential Revision: https://phabricator.services.mozilla.com/D39807
--HG--
extra : moz-landing-system : lando
Clearkey previously relied on OpenAES to do its encryption. In order to
facilitate future changes and the need for CBC support, switch to NSS, which
should be more flexible and actively maintained.
Differential Revision: https://phabricator.services.mozilla.com/D41993
--HG--
extra : moz-landing-system : lando
To determine whether speculative connections can be established, mozilla::net::CanEnableSpeculativeConnect checks:
1. if there is any removable slot, and
2. if there is any user cert and a private key that can be used for client authentication
However, in practice some HSM's are not removable and (1) is not sufficient, which results in a random PIN prompt appearing at (2).
This patch tighten (1) so that it also checks there is no "unfriendly" token which requires authentication anyway.
Differential Revision: https://phabricator.services.mozilla.com/D44809
--HG--
extra : moz-landing-system : lando
2019-08-30 Alexander Scheel <ascheel@redhat.com>
* automation/taskcluster/scripts/build_softoken.sh,
cmd/lib/pk11table.c, gtests/pk11_gtest/pk11_aes_cmac_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/pk11wrap/debug_module.c,
lib/pk11wrap/pk11mech.c, lib/softoken/pkcs11.c,
lib/softoken/pkcs11c.c, lib/util/pkcs11t.h:
Bug 1570501 - Expose AES-CMAC in PKCS #11 API, r=mt
[cf0df88aa807] [tip]
* cpputil/freebl_scoped_ptrs.h, gtests/freebl_gtest/cmac_unittests.cc,
gtests/freebl_gtest/freebl_gtest.gyp, lib/freebl/blapi.h,
lib/freebl/cmac.c, lib/freebl/cmac.h, lib/freebl/exports.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/ldvector.c,
lib/freebl/loader.c, lib/freebl/loader.h, lib/freebl/manifest.mn:
Bug 1570501 - Add AES-CMAC implementation to freebl, r=mt
[a42c6882ba1b]
2019-09-05 David Cooper <dcooper16@gmail.com>
* lib/smime/cmssiginfo.c:
Bug 657379 - NSS uses the wrong OID for signatureAlgorithm field of
signerInfo in CMS for DSA and ECDSA. r=rrelyea
[7a83b248de30]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Backed out changeset 934c8d0e7aba
It turned out to cause some new errors in LSan; backing out for now.
[34a254dd1357]
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[934c8d0e7aba]
2019-08-30 Kevin Jacobs <kjacobs@mozilla.com>
* coreconf/WIN32.mk:
Bug 1576664 - Remove -mms-bitfields from win32 makefile r=jcj
[bf4de7985f3d]
2019-08-29 Dana Keeler <dkeeler@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
bug 1577038 - add PK11_GetCertsFromPrivateKey r=jcj,kjacobs
PK11_GetCertFromPrivateKey only returns one certificate with a
public key that matches the given private key. This change
introduces PK11_GetCertsFromPrivateKey, which returns a list of all
certificates with public keys that match the given private key.
[9befa8d296c0]
2019-08-30 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 beta
[685cea0a7b48]
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.46 final
[decbf7bd40fd] [NSS_3_46_RTM]
Differential Revision: https://phabricator.services.mozilla.com/D44927
--HG--
extra : moz-landing-system : lando
The "unknown" bucket is inconsistent and often much higher than we expect. This
patch splits that bucket by adding the categories "from softoken (cert9.db)",
"from an external PKCS#11 token", and "imported from the OS via the 'Enterprise
Roots' feature". Hopefully this will give us more insight into this data.
Differential Revision: https://phabricator.services.mozilla.com/D44065
--HG--
extra : moz-landing-system : lando
2019-08-30 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.46 final
[decbf7bd40fd] [NSS_3_46_RTM]
2019-08-27 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_46_BETA2 for changeset 24b0fc700203
[29cd579e74e4]
Differential Revision: https://phabricator.services.mozilla.com/D44206
--HG--
extra : moz-landing-system : lando
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.
This (de)serialization will address the performance issues present in the
current implementation.
As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.
Differential Revision: https://phabricator.services.mozilla.com/D35090
--HG--
extra : moz-landing-system : lando
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.
This (de)serialization will address the performance issues present in the
current implementation.
As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.
Differential Revision: https://phabricator.services.mozilla.com/D35090
--HG--
extra : moz-landing-system : lando
2019-08-27 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/build_gyp.sh,
automation/taskcluster/windows/build_gyp.sh, fuzz/fuzz.gyp,
gtests/pk11_gtest/pk11_gtest.gyp,
gtests/softoken_gtest/softoken_gtest.gyp, tests/all.sh,
tests/ssl/ssl.sh:
Bug 1485533 - Close gaps in taskcluster SSL testing. r=mt
This patch increases SSL testing on taskcluster, specifically,
running an additional 395 tests on each SSL cycle (more for FIPS
targets), and adding a new 'stress' cycle.
Notable changes:
1) This patch removes SSL stress tests from the default
`NSS_SSL_RUN` list in all.sh and ssl.sh. If stress tests are needed,
this variable must be set to include.
2) The "normal_normal" case is added to `NSS_SSL_TESTS` for all
targets. FIPS targets also run "normal_fips", "fips_normal", and
"fips_fips".
3) `--enable-libpkix` is now set for all taskcluster "build.sh"
builds in order to support a number of OCSP tests that were
previously not run.
[24b0fc700203] [NSS_3_46_BETA2]
2019-08-23 Edouard Oger <eoger@fastmail.com>
* lib/sqlite/Makefile, lib/sqlite/sqlite.gyp:
Bug 1549847 - Ignore sqlite compilation warnings. r=mt
[7f146eb7adac]
2019-08-23 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_46_BETA1 for changeset 44aa330de2aa
[d3035cc9dc73]
Differential Revision: https://phabricator.services.mozilla.com/D43724
--HG--
extra : moz-landing-system : lando
ffxbld
Jed Davis
J.C. Jones
Emilio Cobos Álvarez
Dana Keeler
Ehsan Akhgari
Victor Porof
Tim Nguyen
Sean Feng
Gabriele Svelto
Csoregi Natalia
Kevin Jacobs
Haik Aftandilian
Ciure Andrei
Gian-Carlo Pascutto
Bob Owen
Narcis Beleuzu
Brindusan Cristian
Nicholas Nethercote
Nihanth Subramanya
Dorel Luca
Dragana Damjanovic
Andreea Pavel
Razvan Maries
Gijs Kruitbosch
Martin Thomson
Marcus Burghardt
Geoff Brown
Daniel Varga
Mihai Alexandru Michis
Srujana Peddinti
Johann Hofmann
Ricky Stewart
Kris Maglione
Junior Hsu
Sylvestre Ledru
Cameron McCormack
shravanrn@gmail.com
Anny Gakhokidze
Kershaw Chang
Aaron Klotz
dleblanccyr
Coroiu Cristina
Carolina
Brian Grinstead
Andrew Halberstadt
Cosmin Sabou
Zibi Braniecki
Henri Sivonen
J.C. Jones
Moritz Birghan
Ryan Alderete
Daiki Ueno
Kershaw Chang
Barret Rennie