2020-02-27 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp,
gtests/ssl_gtest/ssl_masking_unittest.cc,
gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h,
gtests/ssl_gtest/tls_hkdf_unittest.cc,
gtests/ssl_gtest/tls_protect.cc, lib/ssl/dtls13con.c,
lib/ssl/ssl3con.c, lib/ssl/ssl3prot.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslprimitive.c,
lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13esni.c,
lib/ssl/tls13hkdf.c, lib/ssl/tls13hkdf.h, lib/ssl/tls13replay.c:
Bug 1608892 - Update DTLS 1.3 to draft-34 r=mt
This patch updates the DTLS 1.3 implementation to draft-34. Notable
changes:
1) Key separation via `ssl_protocol_variant`. 2) No longer apply
sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed
removal of workarounds for unpadded (<16B) ciphertexts being used as
input to `SSL_CreateMask`. 3) Compile ssl_gtests in
`UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all
gtests are compiled this way if `--fuzz`, but lib/ssl only if
`--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode,
but not lib/ssl, since the masking mismatch will break filters). 4)
Parameterize masking tests, as appropriate. 5) Reject non-empty
legacy_cookie, and test. 6) Reject ciphertexts <16B in length in
`dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`).
[52a75c5373ef] [tip]
2020-02-24 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr>
* lib/cryptohi/secsign.c:
Bug 1617387 fix compiler warning r=jcj
[ab0e7e272e36]
2020-02-24 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/p384ecdh-vectors.h,
gtests/common/testvectors/p521ecdh-vectors.h,
gtests/common/wycheproof/genTestVectors.py,
gtests/common/wycheproof/source_vectors/ecdh_secp384r1_test.json,
gtests/common/wycheproof/source_vectors/ecdh_secp521r1_test.json,
gtests/pk11_gtest/pk11_ecdh_unittest.cc:
Bug 1612259 - Add Wycheproof vectors for P384 and P521 ECDH.
r=bbeurdouche
[badb4da1ec85]
2020-02-19 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mplogic.h:
Bug 1609751 - Additional tests for mp_comba r=mt
Verify that when clamping, the upper 4 bytes of an `mp_digit` is
checked.
[a5e8c14016cd]
2020-02-19 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr>
* lib/freebl/ecl/ecp_25519.c:
Bug 1561337: fix compiler warning r=jcj
[4c771e6a79db]
Differential Revision: https://phabricator.services.mozilla.com/D64683
--HG--
extra : moz-landing-system : lando
WebAuthn needs to write a test to confirm it's prohibited when accessed via
an IP address. This adds the capability to get a SecureContext for an IP host.
It uses 127.0.0.2 so as to bypass restrictions on 127.0.0.1, and the use of .1
as a special-market in ssltunnel.
Differential Revision: https://phabricator.services.mozilla.com/D63570
--HG--
extra : moz-landing-system : lando
Introduced in:
8aeca4fa64
Shipping in glib 2.63.5 (available in Debian experimental)
Thanks to @padenot for the suggestion!
Differential Revision: https://phabricator.services.mozilla.com/D63451
--HG--
extra : moz-landing-system : lando
This removes `nsAutoPtr` usage from ipc/. security/ failed to build due to missing includes so I fixed that as well. IDB was using `ThreadLocal` from ipc which had a member changed to a `UniquePtr` so needed to be updated as well. localstorage was missing some includes.
Differential Revision: https://phabricator.services.mozilla.com/D63745
--HG--
extra : moz-landing-system : lando
On macOS, dynamic libraries with thread-local-storage don't get unloaded. So,
if the osclientcerts library gets "unloaded", it doesn't actually go away. We
stop its background thread, so this isn't a problem, but if the osclientcerts
library gets re-enabled, all of its state comes back the same as before. So,
when NSS calls C_Initialize again, things like the manager proxy will already
be initialized. Before this patch, this situation would be an error. This patch
handles this case by dropping the old manager proxy and creating a new one.
Differential Revision: https://phabricator.services.mozilla.com/D63264
--HG--
extra : moz-landing-system : lando
Before this, every time NSS wanted to open a new session (C_OpenSession),
osclientcerts would look for new client certificates/keys in the OS store. It
turns out, NSS wants to open new sessions often, so this was slow. This patch
adds a timestamp to the manager and ensures that it searches for new objects no
more than once every 3 seconds.
Additionally, this patch adds the optimization that if NSS tries to search for
PKCS#11 objects with attributes that osclientcerts doesn't support,
osclientcerts returns an empty search early, rather than enumerating every
object and finding no matches.
In the future we may need to be smarter about how we match objects during
searches. Rather than iterating through every object, we could build lookup
tables that would be much more time efficient.
Differential Revision: https://phabricator.services.mozilla.com/D62982
--HG--
extra : moz-landing-system : lando
2020-02-18 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/dtlscon.c,
lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c:
Bug 1615208 - Send DTLS version numbers in DTLS 1.3
supported_versions extension r=mt
This patch modifies `supported_versions` encodings to reflect DTLS
versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include
`[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd,
0xfeff]`, causing compatibility issues.
[9e0d34a6cf91] [tip]
2020-02-12 Mikael Urankar <mikael.urankar@gmail.com>
* lib/freebl/Makefile, lib/freebl/freebl.gyp:
Bug 1612177 - Set -march=armv7 when compiling gcm-arm32-neon, in
order to enable NEON code generation.
[4413841bd26d]
2020-02-14 Dmitry Baryshkov <dbaryshkov@gmail.com>
* gtests/freebl_gtest/blake2b_unittest.cc, lib/freebl/blake2b.c:
Bug 1431940 - remove dereference before NULL check in BLAKE2B code.
r=kjacobs
[5e661906698f]
2020-02-12 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/sslnonce.c:
Bug 1614870 - Free sid->peerID before reallocating in
ssl_DecodeResumptionToken. r=mt
This patch adds a missing `PORT_Free()` when reallocating
`sid->PeerID`, and adds a test for a non-empty PeerID.
[1eb4e00b016e]
Differential Revision: https://phabricator.services.mozilla.com/D63220
--HG--
extra : moz-landing-system : lando
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.
Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D60919
--HG--
extra : moz-landing-system : lando
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.
Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D60919
--HG--
extra : moz-landing-system : lando
See bug 1613275 and bug 1607845. In bug 1607845, the aim was to regenerate all
test certificates that would be expiring. Unfortunately, a few were missed:
* build/pgo/certs/ certificate DBs and mochitest.client are regenerated in a
different way than the rest of the certificates in bug 1607845. These would
probably best be addressed by formally documenting the process of
re-generating all of the certificates.
* security/manager/ssl/tests/unit/test_certDB_import/ certificates were
missed by mistake. It's unclear how this happened.
* security/manager/ssl/tests/unit/test_intermediate_preloads/ were missed
because there was no test_intermediate_preloads entry in the TEST_DIRS
section of security/manager/ssl/tests/unit/moz.build, which means that the
build system never knew to re-generate those certificates, even after
un-commenting-out the contents of
security/manager/ssl/tests/unit/test_intermediate_preloads/moz.build
* security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.der
was DER, not PEM, and we don't have a way to automatically re-generate DER
certificates in the same way. However, it didn't even need to be DER.
Differential Revision: https://phabricator.services.mozilla.com/D61712
--HG--
extra : moz-landing-system : lando
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.
Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D60919
--HG--
extra : moz-landing-system : lando
2020-02-10 Robert Relyea <rrelyea@redhat.com>
* lib/freebl/cmac.c:
Bug 1610687 - Crash on unaligned CMACContext.aes.keySchedule when
using AES-NI intrinsics r=kjacobs
[046a6f5bfb27]
* lib/util/pkcs11t.h:
Bug 1611209 - Value of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL are
swapped r=rrelyea
[df142975f4f6]
2020-02-11 Victor Tapia <victor.tapia@canonical.com>
* lib/pk11wrap/pk11util.c, lib/sysinit/nsssysinit.c:
Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS
is not enabled on build r=jcj,rrelyea
[55ba54adfcae]
2020-02-11 J.C. Jones <jjones@mozilla.com>
* lib/sysinit/nsssysinit.c:
Bug 1614786 - Fixup for ‘getFIPSEnv’ being unused r=kjacobs
Fixes a regression from Bug 1582169
../../lib/sysinit/nsssysinit.c:153:1: error: ‘getFIPSEnv’ defined
but not used [-Werror=unused-function]
[06925efe306b]
2020-02-11 Dana Keeler <dkeeler@mozilla.com>
* cmd/lib/secutil.c,
lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c:
bug 1538980 - null-terminate ascii input in SECU_ReadDERFromFile so
strstr is safe to call r=jcj,kjacobs
[735ed2e47040] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D62451
--HG--
extra : moz-landing-system : lando
This patch implements osclientcerts for macOS.
Because the SDK we build with isn't recent enough, some of the functions we
need aren't guaranteed to be available. To handle this, we load the Security
framework at runtime and attempt to locate the symbols we need. If this
succeeds, then operation proceeds as normal. Otherwise, the module will report
that there are no certificates/keys available.
Differential Revision: https://phabricator.services.mozilla.com/D59957
--HG--
extra : moz-landing-system : lando
This patch implements osclientcerts for macOS.
Because the SDK we build with isn't recent enough, some of the functions we
need aren't guaranteed to be available. To handle this, we load the Security
framework at runtime and attempt to locate the symbols we need. If this
succeeds, then operation proceeds as normal. Otherwise, the module will report
that there are no certificates/keys available.
Differential Revision: https://phabricator.services.mozilla.com/D59957
--HG--
extra : moz-landing-system : lando
2020-02-07 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.50 final
[5bb3927fa234] [NSS_3_50_RTM] <NSS_3_50_BRANCH>
2020-02-05 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA2 for changeset b91bbf7a88c9
[a8656c823c1f] <NSS_3_50_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D62106
--HG--
extra : moz-landing-system : lando
Kevin Jacobs
Moritz Birghan
shindli
ffxbld
manas
Kershaw Chang
J.C. Jones
Simon Giesecke
Sylvestre Ledru
Eric Rahm
Michael Froman
Mike Shal
Csoregi Natalia
Dana Keeler
Cosmin Sabou
Andy Grover
Brindusan Cristian
Julian
J.C. Jones
Daniel Varga
Emilio Cobos Álvarez
Philipp Zech
David Major