Don't show the login in about:logins if the username or password cannot be decrypted.
Differential Revision: https://phabricator.services.mozilla.com/D40845
--HG--
extra : moz-landing-system : lando
Don't show the login in about:logins if the username or password cannot be decrypted.
Differential Revision: https://phabricator.services.mozilla.com/D40845
--HG--
extra : moz-landing-system : lando
security-prefs.js is #included into greprefs.js, but there's no good reason for
it to be separate from all.js. Having it separate makes it easier to overlook,
and all.js has a bunch of `security.*` prefs in it anyway.
This patch inlines it into all.js. It inlines it at the start of the file to
minimize the risk of the change, so that the prefs end up in greprefs.js in the
same order as before.
Differential Revision: https://phabricator.services.mozilla.com/D40919
--HG--
extra : moz-landing-system : lando
There are no longer any consumers of the JS-implemented
`FakeTransportSecurityInfo` class, so it can be removed. That removes the last
JS-implemented `nsITransportSecurityInfo` instance and it therefore can be
marked `builtinclass`.
Differential Revision: https://phabricator.services.mozilla.com/D40355
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer
use JS-implemented `nsITransportSecurityInfo` instances in test cases.
This patch migrates `test_sss_resetState.js` to use `add_connection_test()` to
get a valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40352
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_sss_originAttributes.js` to use `add_connection_test()` to get a
valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40351
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer
use JS-implemented `nsITransportSecurityInfo` instances in test cases.
This patch migrates `test_sss_enumerate.js` to use `add_connection_test()` to
get a valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40350
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_pinning_header_parsing.js` to use `add_connection_test()` to get
a valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40349
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_ocsp_must_staple.js` to use `add_connection_test()` to get a
valid `nsITransportSecurityInfo` instance for the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40348
--HG--
extra : moz-landing-system : lando
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_forget_about_site_security_headers.js to use
`add_connection_test()` to get a valid `nsITransportSecurityInfo` instance for
the unit tests.
Differential Revision: https://phabricator.services.mozilla.com/D40347
--HG--
extra : moz-landing-system : lando
There is now a contract ID for `nsITransportSecurityInfo`, allowing
`mozilla::psm::TransportSecurityInfo` instances to be created from JS. Tests
using a JS-implemented `nsITransportSecurityInfo` that were not modifying,
e.g., the `serverCert` attribute have been updated to create a
`mozilla::psm::TransportSecurityInfo` via the contract.
Differential Revision: https://phabricator.services.mozilla.com/D40346
--HG--
extra : moz-landing-system : lando
This patch does not change the existing servers to use the new mechanism, rather
attempting to be minimalist. I filed Bug 1569222 for that.
Differential Revision: https://phabricator.services.mozilla.com/D39518
--HG--
extra : moz-landing-system : lando
nsIX509CertDB::PrivilegedPackageRoot was added in bug 1178518 to support privileged packaged apps for Firefox OS. However, we no longer need to support this use-case.
Differential Revision: https://phabricator.services.mozilla.com/D38655
--HG--
extra : moz-landing-system : lando
This patch removes nsIClientAuthUserDecision and add another output parameter to nsIClientAuthDialogs.chooseCertificate.
Differential Revision: https://phabricator.services.mozilla.com/D38074
--HG--
extra : moz-landing-system : lando
This patch adds a new pref, "security.tls.enable_delegated_credentials",
default false, which controls the NSS option SSL_ENABLE_DELEGATED_CREDENTIALS.
Tests are in D37918.
Differential Revision: https://phabricator.services.mozilla.com/D37907
--HG--
extra : moz-landing-system : lando
When a test crashes, the harness skips all of the remaining tests in the
directory. That means that with crashes skipped, we now try to run a whole lot
more tests than we did before, and a lot of them fail under Fission.
This patch adds annotations to the new failures that show up after part 1.
Differential Revision: https://phabricator.services.mozilla.com/D38726
--HG--
extra : rebase_source : 292157039c88fc615f5de41679e96e72766ac4db
Bug 1543795 configured lmdb to use less memory when opening a database in
read/write mode, so we can remove the workaround code in cert_storage that was
added in bug 1538093 as a way to mitigate the memory usage.
Differential Revision: https://phabricator.services.mozilla.com/D38525
--HG--
extra : moz-landing-system : lando
My preference was to annotate most of the failing tests with `fail-if` so that
if they start passing, the `fail-if` needs to be removed and they need to keep
passing. That doesn't work for tests that timeout, or which trigger failures
from their cleanup functions, however, so those tests need skip-if. And tests
with fail in their cleanup functions likely leave the browser in an
inconsistent state for subsequent tests, anyway, so really should be skipped
regardless.
There are some remaining tests which still fail because of crashes. I chose
not to skip them here, but to fix the crashes in separate bugs instead.
Differential Revision: https://phabricator.services.mozilla.com/D38247
--HG--
extra : rebase_source : 39ba8fec2e882cfe577c5f2b58ab7e4b461f1178
Before the nsNSSCertificateDB::AddCert() function encoded the given DER input into Base64 and then called nsNSSCertificateDB::AddCertFromBase64() to do the remaining work. In nsNSSCertificateDB::AddCertFromBase64() the input was then eventually decoded back into DER.
Now nsNSSCertificateDB::AddCertFromBase64() encodes its input into DER and then calls nsNSSCertificateDB::AddCert() which now does the remaining work without converting between formats.
Differential Revision: https://phabricator.services.mozilla.com/D37738
--HG--
extra : moz-landing-system : lando
As originally implemented, nsISiteSecurityService.removeState allowed direct
access to remove HSTS state. It also provided the implementation for when the
browser encountered an HSTS header with "max-age=0". In bug 775370, it was
updated to store an entry that would override preloaded information when
processing such headers. However, this meant that the semantics of the direct
access API had changed. Preloaded information could be overridden if a user
invoked the "forget about this site" feature. This change fixes the public API
(and renames it to "resetState") so it actually behaves as its consumers expect.
Reviewers: jcj!, KevinJacobs!
Tags: #secure-revision
Bug #: 1564481
Differential Revision: https://phabricator.services.mozilla.com/D38108
--HG--
extra : rebase_source : 8dd5460d3fd3c0ce92746cc83fae220d6e2a83cf
extra : amend_source : 171ebb015e9f9ae775f0caa22e161d41970f3d51
When we migrate SpecialPowers to a JSWindowActor, it will no longer be able to
use synchronous IPC messaging, which means that its current synchronous APIs
will have to become asynchronous.
This patch doesn't change the behavior of those functions, but it does change
their callers to `await` their return values rather than using them directly.
This pattern will work the same whether the functions return a promise or a
plain value, which simplifies the migration.
Differential Revision: https://phabricator.services.mozilla.com/D35053
--HG--
extra : rebase_source : baffba2107b175250573baae3f54d48becbd2a16
extra : source : b4ed40bea2698802ef562a0931c0b560737fb89d
Previously, OneCRL was part of the add-on blocklist system. Now that we use
kinto/remote settings, using AddonTestUtils in test_blocklist_onecrl.js is
unnecessary (and it was exposing a preexisting issue with how CacheObserver uses
prefs).
Differential Revision: https://phabricator.services.mozilla.com/D36377
--HG--
extra : moz-landing-system : lando
Avoid race between off-main-thread loading of roots and flipping the
pref by making sure initialization is done.
Differential Revision: https://phabricator.services.mozilla.com/D36348
--HG--
extra : rebase_source : 56c035d5a8c429f99c8b1dfcfe3e014d8f02a6c0
This patche changes only security/manager/ssl/SSLServerCertVerification.cpp.
Differential Revision: https://phabricator.services.mozilla.com/D28741
--HG--
extra : moz-landing-system : lando
This also removes the two extra copies of the byte buffer that we had; we don't
need to copy it more than once. Once we have it in an std::vector, we can pass
that around by reference, not by value or by creating new vectors from copies
of its buffer.
Differential Revision: https://phabricator.services.mozilla.com/D34630
--HG--
extra : moz-landing-system : lando
The UTF-16 to UTF-8 conversion is now handled by XPConnect, because we're using AUTF8String for the type.
Differential Revision: https://phabricator.services.mozilla.com/D34560
--HG--
extra : moz-landing-system : lando
At some point in the past, test_cert_storage.js needed to initialize the add-on
system to start the blocklist system, which is where revocation updates used to
come from. This appears to no longer be the case and the code in question can be
removed (and it should be removed because it's causing intermittent failures).
Differential Revision: https://phabricator.services.mozilla.com/D33993
--HG--
extra : moz-landing-system : lando
This patch saves the CRLite enrollment state of every preloaded intermediate to
cert_storage. This is an intermediate (hah) step towards actually checking
CRLite state. We still have to implement downloading and updating the CRLite
bloom filter cascades and implement checking these filters when we encounter a
certificate issued from an enrolled intermediate (this work will be done in
future bugs).
Differential Revision: https://phabricator.services.mozilla.com/D33074
--HG--
extra : moz-landing-system : lando
CryptoTask is a helper class that makes it easier to implement code that runs on
a background thread and then notifies completion on the main thread (this is
useful for not blocking the main thread with long-running cryptography or I/O).
Before this patch, each CryptoTask would create a new thread each time it ran,
which was inefficient. This patch updates CryptoTask to use the stream transport
service (which is essentially a pool of threads for doing exactly these kinds of
things and notably is not to be confused with the socket transport service) to
run each task. Additionally, there were a few places in PSM where we
unnecessarily created new threads to perform similar tasks. These now use the
stream transport service as well.
Differential Revision: https://phabricator.services.mozilla.com/D33534
--HG--
extra : moz-landing-system : lando
PSM has two instances of TLS bookkeeping structures ("SharedSSLState"): a
"public" one for most connections and a "private" one that automatically clears
its state when the last private browsing context (usually a window) closes.
Since we moved to separating connections by origin attributes, the latter is
largely redundant because keying by origin attributes already separates
connections from different contexts, even when using the "public" shared TLS
state structure. However, it still has the advantage of clearing its state when
the last private browsing context closes. This patch updates the decision of
which SharedSSLState to use by taking into account origin attributes. That is,
if the origin attributes of the connection has a private browsing ID that isn't
the default (unset), we'll use the auto-clearing SharedSSLState. This has the
effect of auto-clearing cached client auth certificate state for private
contexts when the last private browsing window closes. It also clears
accumulated TLS intolerance state in the private context, but that isn't as
relevant any more since we don't do TLS fallback by default.
Differential Revision: https://phabricator.services.mozilla.com/D33099
--HG--
extra : moz-landing-system : lando
There are ongoing lmdb issues we need to sort out before we can ship
cert_storage (see e.g. bug 1538541 and bug 1550174).
Differential Revision: https://phabricator.services.mozilla.com/D32885
--HG--
extra : moz-landing-system : lando
The initial implementation made some incorrect assumptions about the data that
was in our data set and used the wrong field to identify the certificates to
delete when they are removed from our preload list. Now that the data set has
the expected field (the hash of the whole certificate), we can use it instead.
Differential Revision: https://phabricator.services.mozilla.com/D32380
--HG--
extra : moz-landing-system : lando
This fixes issues with the NSS and LibSecret keystore not correctly rejecting unlocking of the key store.
Updated for dynamic loading of LibSecret and a bug workaround added elsewhere (updated green try below)
Depends on D9969.
Differential Revision: https://phabricator.services.mozilla.com/D7713
--HG--
extra : moz-landing-system : lando
Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no
mechanism available for FIDO U2F JS API operations on Android. The exposed API
is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API
operations on Android, and we should disable the u2f preference so that
window.u2f is not set inappropriately.
Updated to fix test_interfaces.js
Differential Revision: https://phabricator.services.mozilla.com/D31695
--HG--
extra : moz-landing-system : lando
In bug 1056341 we introduced a search budget to mozilla::pkix to attempt to work
around the problem of having an extremely large search space given a set of
certificates all with the same subject and issuer distinguished names but
different public keys. In the end, though, there is probably no good value to
choose for the budget that is small enough to run quickly on the wide range of
hardware our users have and yet is large enough that we're confident won't break
someone's complicated pki setup (looking at you, the US federal government).
To address this, use the observation that as long as an intermediate can't *add*
information necessary to build a certificate chain (e.g. stapled SCTs), we
should never need a self-signed intermediate (as in, its own key verifies the
signature on it and its subject and issuer distinguished names are identical) to
build a trusted chain (since the exact same chain without that intermediate
should be valid). Given this, we simply skip all self-signed non-trust anchor
CA certificates during path building.
Differential Revision: https://phabricator.services.mozilla.com/D31368
--HG--
extra : moz-landing-system : lando
Christian Holler
Mark Banner
Matthew Noorenberghe
ffxbld
Nicholas Nethercote
arthur.iakab
Dragana Damjanovic
Cosmin Sabou
J.C. Jones
Sylvestre Ledru
Daniel Varga
Jared Wein
Tom Schuster
Moritz Birghan
Andreea Pavel
Barret Rennie
Kershaw Chang
Gurzau Raul
Johann Hofmann
Ciure Andrei
Bogdan Tara
Kannan Vijayan
Boris Zbarsky
Kris Maglione
Dana Keeler
Tim Nguyen
Carolina
Victor Porof
Razvan Maries
Csoregi Natalia
Oana Pop Rus
Narcis Beleuzu
shindli
Julien Cristau
Andrea Marchesini
Noemi Erli
Myk Melez
Mathieu Leplatre
Masatoshi Kimura
prathiksha
Jonathan Kingston
Zibi Braniecki
Nihanth Subramanya
Kevin Jacobs