Граф коммитов

159 Коммитов

Автор SHA1 Сообщение Дата
Dana Keeler 5c87e14fbc Bug 1660580 - avoid CERTCertificate in AppTrustDomain and AppSignatureVerification r=kjacobs,bbeurdouche
Limitations in the NSS PKCS7 API prevent completely avoiding CERTCertificate in
this implementation, but these changes avoid a large number of unnecessary
certificate decoding operations.

Differential Revision: https://phabricator.services.mozilla.com/D87930
2020-09-09 22:45:42 +00:00
Simon Giesecke cd8b8939b9 Bug 1648010 - Replace uses of NS_LITERAL_STRING/NS_LITERAL_CSTRING macros by _ns literals. r=geckoview-reviewers,jgilbert,agi,hsivonen,froydnj
Differential Revision: https://phabricator.services.mozilla.com/D80860
2020-07-01 08:29:29 +00:00
Simon Giesecke 92497d5662 Bug 1613985 - Use default for equivalent-to-default constructors/destructors in security. r=rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D65499

--HG--
extra : moz-landing-system : lando
2020-03-16 10:56:56 +00:00
Bogdan Tara c60fd3fdd2 Backed out 4 changesets (bug 1613985) for causing build bustages CLOSED TREE
Backed out changeset fba0caac746c (bug 1613985)
Backed out changeset 8605d7a19107 (bug 1613985)
Backed out changeset 41e858fbf235 (bug 1613985)
Backed out changeset 847433cf1e0a (bug 1613985)
2020-03-16 12:41:41 +02:00
Simon Giesecke 554d54a0be Bug 1613985 - Use default for equivalent-to-default constructors/destructors in security. r=rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D65499

--HG--
extra : moz-landing-system : lando
2020-03-16 09:57:45 +00:00
Mike Shal 6133e75b71 Bug 1620449 - Convert gen_cert_header.py to py3; r=firefox-build-system-reviewers,rstewart
Differential Revision: https://phabricator.services.mozilla.com/D65632

--HG--
extra : moz-landing-system : lando
2020-03-06 17:31:15 +00:00
Mike Shal d8e4653d19 Bug 1611326 - Default to py3_action, and add a py2 attribute to GENERATED_FILES; r=firefox-build-system-reviewers,rstewart
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.

Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D60919

--HG--
extra : moz-landing-system : lando
2020-02-14 13:22:46 +00:00
Cosmin Sabou ff39f9206d Backed out 2 changesets (bug 1613263, bug 1611326) for presummably causing l10n langpack bustages. a=backout
Backed out changeset 77e54e76848a (bug 1611326)
Backed out changeset 36ba18ac3a68 (bug 1613263)
2020-02-14 15:02:21 +02:00
Mike Shal ad0c283ab2 Bug 1611326 - Default to py3_action, and add a py2 attribute to GENERATED_FILES; r=firefox-build-system-reviewers,rstewart
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.

Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D60919

--HG--
extra : moz-landing-system : lando
2020-02-13 23:07:04 +00:00
Brindusan Cristian e2fb6b8344 Backed out changeset 7fefed11f117 (bug 1611326) for build bustages at update-1.xpi.stub. CLOSED TREE 2020-02-13 23:33:34 +02:00
Mike Shal e6464dd404 Bug 1611326 - Default to py3_action, and add a py2 attribute to GENERATED_FILES; r=firefox-build-system-reviewers,rstewart
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.

Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.

Differential Revision: https://phabricator.services.mozilla.com/D60919

--HG--
extra : moz-landing-system : lando
2020-02-13 20:31:50 +00:00
Gabriele Svelto 5dc21d568c Bug 1600545 - Remove useless inclusions of header files generated from IDL files in modules/, netwerk/, parser/, security/, startupcache/, storage/, toolkit/, tools/, uriloader/, widget/, xpcom/ and xpfe/ r=Ehsan
The inclusions were removed with the following very crude script and the
resulting breakage was fixed up by hand. The manual fixups did either
revert the changes done by the script, replace a generic header with a more
specific one or replace a header with a forward declaration.

find . -name "*.idl" | grep -v web-platform | grep -v third_party | while read path; do
    interfaces=$(grep "^\(class\|interface\).*:.*" "$path" | cut -d' ' -f2)
    if [ -n "$interfaces" ]; then
        if [[ "$interfaces" == *$'\n'* ]]; then
          regexp="\("
          for i in $interfaces; do regexp="$regexp$i\|"; done
          regexp="${regexp%%\\\|}\)"
        else
          regexp="$interfaces"
        fi
        interface=$(basename "$path")
        rg -l "#include.*${interface%%.idl}.h" . | while read path2; do
            hits=$(grep -v "#include.*${interface%%.idl}.h" "$path2" | grep -c "$regexp" )
            if [ $hits -eq 0 ]; then
                echo "Removing ${interface} from ${path2}"
                grep -v "#include.*${interface%%.idl}.h" "$path2" > "$path2".tmp
                mv -f "$path2".tmp "$path2"
            fi
        done
    fi
done

Differential Revision: https://phabricator.services.mozilla.com/D55444

--HG--
extra : moz-landing-system : lando
2019-12-06 09:17:57 +00:00
Sean Feng 40b8004e12 Bug 1580304 - Remove nsNSSCertList/nsIX509CertList r=keeler
nsNSSCertList/nsIX509CertList are redundant, and also contructing
them are expensive. so it is replaced by Array<nsIX509Cert>

Differential Revision: https://phabricator.services.mozilla.com/D44245

--HG--
extra : moz-landing-system : lando
2019-11-22 19:25:31 +00:00
Dana Keeler 13ed5551e3 bug 1594510 - update all TrustDomain implementations in mozilla-central due to the mozilla::pkix API change in bug 1593141 r=mbirghan
Bug 1593141 adds a parameter to mozilla::pkix::TrustDomain::CheckRevocation.
This patch updates all TrustDomain implementations in mozilla-central to
reflect this.

Differential Revision: https://phabricator.services.mozilla.com/D52066

--HG--
extra : moz-landing-system : lando
2019-11-15 18:26:45 +00:00
Ricky Stewart c010710916 Bug 1586358 - Replace existing instances of GENERATED_FILES with references to the GeneratedFile template r=firefox-build-system-reviewers,mshal
(Same content as bad revision https://phabricator.services.mozilla.com/D48230, but with a very small change to config/external/icu/data/moz.build to fix the build breakage.)

Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=833f6a69fcac689488a640b43e8e0bdaa086a56c

Differential Revision: https://phabricator.services.mozilla.com/D48409

--HG--
extra : moz-landing-system : lando
2019-10-07 21:15:19 +00:00
Daniel Varga 052ef806b5 Backed out changeset 8d95f2c8867b (bug 1586358) for build bustage with FATAL ERROR PROCESSING MOZBUILD FILE. On a CLOSED TREE
--HG--
extra : rebase_source : 325fbad2455afc7f693087e75fa57dba79f4d86b
2019-10-07 20:22:08 +03:00
Ricky Stewart 940d91af38 Bug 1586358 - Replace existing instances of GENERATED_FILES with references to the GeneratedFile template r=nalexander
This patch doesn't remove all references to GENERATED_FILES, but does remove most of them, leaving only those which can't be trivially translated to the new template.

Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e4a25230c3992b9c5519ceb351fb37f6b2bf605e

Differential Revision: https://phabricator.services.mozilla.com/D48230

--HG--
extra : moz-landing-system : lando
2019-10-07 15:31:05 +00:00
Barret Rennie b0cbc31990 Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.

This (de)serialization will address the performance issues present in the
current implementation.

As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.

Differential Revision: https://phabricator.services.mozilla.com/D35090

--HG--
extra : moz-landing-system : lando
2019-08-28 18:55:31 +00:00
Dorel Luca b09fe526aa Backed out 4 changesets (bug 1510569) for build bustage. CLOSED TREE
Backed out changeset d7db6a1935ce (bug 1510569)
Backed out changeset 03b7cf756a7f (bug 1510569)
Backed out changeset fa318eec0e76 (bug 1510569)
Backed out changeset cecb17bd8c03 (bug 1510569)
2019-08-28 21:46:40 +03:00
Barret Rennie 4ab0fd7d38 Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.

This (de)serialization will address the performance issues present in the
current implementation.

As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.

Differential Revision: https://phabricator.services.mozilla.com/D35090

--HG--
extra : moz-landing-system : lando
2019-08-28 18:00:16 +00:00
Oana Pop Rus 3223cd3dc2 Backed out 4 changesets (bug 1510569) for causing build bustage on a CLOSED TREE
Backed out changeset eae555c11f25 (bug 1510569)
Backed out changeset 2fb8938d16db (bug 1510569)
Backed out changeset b480af862022 (bug 1510569)
Backed out changeset 642cd6323cdc (bug 1510569)
2019-08-21 22:55:43 +03:00
Barret Rennie d8a4453540 Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.

This (de)serialization will address the performance issues present in the
current implementation.

As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.

Differential Revision: https://phabricator.services.mozilla.com/D35090

--HG--
extra : moz-landing-system : lando
2019-08-21 18:24:56 +00:00
Moritz Birghan e58c39f78e Bug 1549015 - Removes privilegedPackageRoot r=keeler
nsIX509CertDB::PrivilegedPackageRoot was added in bug 1178518 to support privileged packaged apps for Firefox OS. However, we no longer need to support this use-case.

Differential Revision: https://phabricator.services.mozilla.com/D38655

--HG--
extra : moz-landing-system : lando
2019-07-24 19:54:41 +00:00
Moritz Birghan c3b9c4615e Bug 1559520 - Removes nsIX509CertDB::DeveloperImportedRoot r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D38052

--HG--
extra : moz-landing-system : lando
2019-07-22 13:16:13 +00:00
Dana Keeler 098bc1f91c bug 1555854 - avoid creating transient threads in PSM (particularly CryptoTask) r=KevinJacobs
CryptoTask is a helper class that makes it easier to implement code that runs on
a background thread and then notifies completion on the main thread (this is
useful for not blocking the main thread with long-running cryptography or I/O).
Before this patch, each CryptoTask would create a new thread each time it ran,
which was inefficient. This patch updates CryptoTask to use the stream transport
service (which is essentially a pool of threads for doing exactly these kinds of
things and notably is not to be confused with the socket transport service) to
run each task. Additionally, there were a few places in PSM where we
unnecessarily created new threads to perform similar tasks. These now use the
stream transport service as well.

Differential Revision: https://phabricator.services.mozilla.com/D33534

--HG--
extra : moz-landing-system : lando
2019-06-03 23:47:48 +00:00
Dana Keeler f6d8b5d8e2 bug 1549249 - build bustage follow-up r=mt,dveditz a=tomprince
SECItem uses an unsigned int to indicate its length. We need to cast a size_t
down to the appropriate size. This is safe because what we're casting will
always fit in an unsigned int on the platforms we're using (it's just the size
of the intermediate certificate we added).

Differential Revision: https://phabricator.services.mozilla.com/D30144

--HG--
extra : source : 24bb6566385fc566f1a6b98ea24cad7d0af7e3a3
2019-05-07 00:16:00 +00:00
Dana Keeler c41a8afa77 bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=ryanvm
Summary:
Our previous approach to making this intermediate available relied on being able
to add it to the user's NSS cert DB. This does work in the majority of cases,
but there are some situations where it doesn't work (e.g. if the user's DB is
set to read only, if they've configured Firefox to run in "nocertdb" mode, if
they have a master password but forgot it, and so on). This patch compiles the
intermediate in to Firefox in the same way we incorporate the root, so it should
always be available.

At the same time, this patch reverts the changes from
023dd959512e2cfa685187616560f91efa91183c and
1d35f8d88bdd007e01d42c4ff76c6d10d7c01a98 (the patches that implemented the
original approach) because they should no longer be necessary.

Reviewers: jcj!, kmag!

Tags: #secure-revision

Bug #: 1549249

Differential Revision: https://phabricator.services.mozilla.com/D30090

--HG--
extra : amend_source : dd475918be3f263a4a363c66a60edc708d3bdcca
extra : histedit_source : b6861a1d7c7ddbe07d5df73d76734d9a48ee3164%2C54cbc4b0446ff1ee3dc860bb2d3798ba8f662566
2019-05-06 10:42:52 -07:00
Dana Keeler 4852002ac3 bug 1525343 - increase add-on manifest size limit r=Alex_Gaynor
Differential Revision: https://phabricator.services.mozilla.com/D19452

--HG--
extra : moz-landing-system : lando
2019-02-12 22:01:16 +00:00
Sylvestre Ledru 265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
Franziskus Kiefer a52a8495f9 Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium
Differential Revision: https://phabricator.services.mozilla.com/D2725
Differential Revision: https://phabricator.services.mozilla.com/D2860

--HG--
extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
2018-10-02 14:59:34 +02:00
Sylvestre Ledru 9fa6cfa8d4 Bug 1464869 - Run autopep8 on security/ r=fkiefer
MozReview-Commit-ID: K3aWVqsO0O8

--HG--
extra : rebase_source : 6bcf97b8b4a6e70113f36d8097f26816ce4b0acf
2018-05-26 06:47:27 -07:00
Kris Maglione 250e7028e3 Bug 1385057: Remove most code for handling unpacked side-loaded extensions. r=aswan,keeler
MozReview-Commit-ID: H4cSRBws4Ml

--HG--
extra : rebase_source : ddddef92344b6414ae4e5635b9841fcc274dfca9
2018-05-09 16:04:04 -07:00
David Keeler e218ab3e3b bug 1460350 - re-land bug 1415991 (remove support for verifying signed unpacked add-ons) r=kmag
(Backed out changeset 6bbf8dc0b86e (which was a backout of changeset 0a5795108e0a))

MozReview-Commit-ID: EZFn7dLBcdh

--HG--
extra : rebase_source : 8fac1e33a7f108a248ecde35779b2c63ce7d9172
2018-05-09 10:19:37 -07:00
David Keeler 889e55fc5b bug 1439732 - fixup for backing out bug 1415991 post bug 1421084 (so Firefox 60 only) r=jcj
MozReview-Commit-ID: 4Hn9mt1TWwN

--HG--
extra : amend_source : 4cb25adb27986ec650d85762aecb5aae0cd29502
2018-02-20 12:28:01 -08:00
David Keeler 1d724da30f Backed out changeset 0a5795108e0a
MozReview-Commit-ID: DT67yB63lSn

--HG--
extra : rebase_source : ae106a256be2361a116cd1a14adb5a6d4b49ebe3
2018-02-20 12:21:55 -08:00
David Keeler ad5cec4768 bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert
MozReview-Commit-ID: ErL7ZjAGVVC

--HG--
extra : rebase_source : 2869aafaef729f0ad190f957919e8b9c40700477
2018-01-24 14:29:08 -08:00
David Keeler e8cc0ba1ce bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert
As of bug 1417680, the NSS shutdown tracking infrastructure is unnecessary (and
does nothing anyway). This series of changesets removes the remaining pieces in
a way that is hopefully easy to confirm is correct.

MozReview-Commit-ID: 8Y5wpsyNlGc

--HG--
extra : rebase_source : ef6b481510d949e404a4ef5615097d66e566c947
2018-01-23 10:37:47 -08:00
Franziskus Kiefer a881c4a167 Bug 1403844 - Verify COSE signature on add-ons, r=keeler
Summary:
MozReview-Commit-ID: 6YorBs4mY8B

Check for COSE signatures in add-ons.

Reviewers: keeler

Bug #: 1403844

Differential Revision: https://phabricator.services.mozilla.com/D298

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed.zip => security/manager/ssl/tests/unit/test_signed_apps/cose_multiple_signed_with_pkcs7.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/cose_signed.zip => security/manager/ssl/tests/unit/test_signed_apps/cose_signed_with_pkcs7.zip
rename : third_party/rust/cose/src/cbor/mod.rs => third_party/rust/moz_cbor/src/lib.rs
extra : rebase_source : 0494590eb222e2c936e353e4dd6cf9fac8d822f3
2018-01-08 11:46:51 +01:00
Sylvestre Ledru 9bfe27d903 Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
MozReview-Commit-ID: 7duJk2gSd4m

--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
2017-12-07 22:09:15 +01:00
David Keeler 13b5a0e017 bug 1421413 - add a preference to control which add-on signature algorithms are valid r=jcj
MozReview-Commit-ID: EwkpY9ADAtw

--HG--
extra : rebase_source : 7fce75b0ff7b42057840df0450d97ce840a69c89
2017-11-28 14:24:11 -08:00
David Keeler d49916e353 bug 1415991 - remove support for signed unpacked addons r=jcj,rhelmer
Unfortunately we have a number of add-on installation tests that rely on
unpacked addons verifying as signed. The test infrastructure achieves this by
monkey-patching nsIX509CertDB.verifySignedDirectoryAsync to always succeed.
These tests are, in general, not actually testing the successful verification of
signed unpacked add-ons but rather other aspects of add-on installation,
updating, etc.. Some of these tests are certainly no longer relevant now that
legacy add-ons aren't supported, but we don't have the time to go through all of
them at the moment (this blocks updating add-on signature verification to use
COSE signatures, which we need to ship in 59 or we're probably not shipping at
all).

MozReview-Commit-ID: 3TVPK703mUy

--HG--
extra : rebase_source : 5bf0b72a4d7c8ade702334345fdc3bf6a8761b15
2017-11-09 11:19:23 -08:00
David Keeler 6922b82c52 bug 1357815 - 4/4: go a bit overboard on testcases for SHA-256 support in add-on signatures r=jcj
MozReview-Commit-ID: K4WYTYPXpi1

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha1_and_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1-256_p7-1-256.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha1_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_and_sha256_manifest_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1-256_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha1_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-1_sf-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/sha256_manifest_sha1_and_sha256_signature_file.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1-256_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256_manifest.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-1_p7-1.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/signed_app_sha256.zip => security/manager/ssl/tests/unit/test_signed_apps/app_mf-256_sf-256_p7-256.zip
extra : rebase_source : f56c5c9309590bd37d933e8e8fbff8535296b874
2017-10-27 11:20:33 -07:00
David Keeler 6034b39937 bug 1357815 - 3/4: support SHA256 in PKCS#7 signatures on add-ons r=dveditz,jcj
As a result of this patch, the hash algorithm used in add-on signature
verification will come from the PKCS#7 signature. If SHA-256 is present, it will
be used. SHA-1 is used as a fallback. Otherwise, the signature is invalid.

This means that, for example, if the PKCS#7 signature only has SHA-1 but there
are SHA-256 hashes in the signature file and/or manifest file, only the SHA-1
hashes in the signature file and manifest file will be used, if they are present
(and verification will fail if they are not present). Similarly, if the PKCS#7
signature has SHA-256, there must be SHA-256 hashes in the signature file and
manifest file (even if SHA-1 is also present in the PKCS#7 signature).

MozReview-Commit-ID: K3OQEpIrnUW

--HG--
extra : rebase_source : 704a2a18e166bfaf3e3d944d13918054bd012000
2017-10-24 15:27:53 -07:00
David Keeler 7617737c9f bug 1357815 - 2/4: refactor away unnecessary parts of certificate verification in add-on signature verification r=jcj
MozReview-Commit-ID: 4JKWIZ0wnuO

--HG--
extra : rebase_source : 7f032046b3a81c2b3f2135451af07a1e38e94664
2017-10-24 13:32:02 -07:00
David Keeler 543678ab80 bug 1357815 - 1/4: move VerifyCMSDetachedSignatureIncludingCertificate to where it's used r=jcj
MozReview-Commit-ID: JsBPGhDxQoS

--HG--
extra : rebase_source : 88a1c0b73762f28c53ffd645f2eba260743a4062
2017-10-24 13:18:14 -07:00
David Keeler 83ca10065e bug 1180826 - add support for sha256 digests in add-on signature manifests r=dveditz,jcj
MozReview-Commit-ID: HTlm6esgPUx

--HG--
extra : rebase_source : 50f082dea0b2afb1e9099fb94364863a4d85543b
2017-10-09 13:53:23 -07:00
David Keeler 14bdb29dc1 bug 1407081 - rework signed app tests for flexibility with upcoming hash algorithm changes r=Cykesiopka,jcj
MozReview-Commit-ID: 6HnJPrG7GfK

--HG--
rename : security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py => security/manager/ssl/tests/unit/sign_app.py
rename : dom/manifest/test/blue-150.png => security/manager/ssl/tests/unit/test_signed_apps/app/data/image.png
rename : security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/signed_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip => security/manager/ssl/tests/unit/test_signed_apps/unsigned_app.zip
rename : security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der => security/manager/ssl/tests/unit/test_signed_apps/xpcshellTestRoot.der
extra : rebase_source : eacc6ec67b282c93e86254693f48c8bdf6f55816
2017-10-10 16:55:09 -07:00
Chris Peterson 5698729243 Bug 870698 - Part 10: Replace Append(NS_LITERAL_STRING("")) with AppendLiteral(u""). r=erahm
The NS_LITERAL_STRING macro creates a temporary nsLiteralString to encapsulate the char16_t string literal and its length, but AssignLiteral() can determine the char16_t string literal's length at compile-time without nsLiteralString.

MozReview-Commit-ID: H9I6vNDMdIr

--HG--
extra : rebase_source : cf537a1f65af003c6c4f8919b925b0f305c1dd4d
extra : source : 13b89ce4e6a66c840f82a335c71f5a12938aba22
2017-09-07 18:32:54 -07:00
Nicholas Nethercote 72c884bf74 Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
--HG--
extra : rebase_source : d317b25be2ec21d1a60d25da3689e46cdce0b649
2017-07-31 14:28:48 +10:00
Bevis Tseng d1637b9c5a Bug 1372453 - Part 2: Name the caller of ProxyReleaseEvent. r=billm
MozReview-Commit-ID: LYhSWnZkq0i
2017-06-14 09:27:17 +08:00