This patch enables PSM and Firefox to use TLS 1.3 Encrypted Client Hello (draft -08). Specifically:
- Compile NSS with NSS_ENABLE_DRAFT_HPKE=1
- Add ECH "public_name" handling in SSLServerCertVerification.cpp (see: https://tools.ietf.org/html/draft-ietf-tls-esni-08#section-6.3.2)
- Adds `mIsAcceptedEch` to TransportSecurityInfo, and xpcshell tests for ECH use cases
- Adds EncryptedClientHelloServer to facilitate the xpcshell tests
- Un-ifdef Set/GetEchConfigs code in nsNSSIOLayer.cpp. Also reverted the Base64 encoding and decoding, as the data returned from DNS is already decoded (wire-format).
Differential Revision: https://phabricator.services.mozilla.com/D92651
This patch updates test_sanctions_symantec_apple_google.js to test a chain through an allow-listed Apple intermediate certificate chaining to a Symantec root certificate that is present in NSS.
Differential Revision: https://phabricator.services.mozilla.com/D98511
This patch changes a test referencing //VeriSign Class 3 Public Primary Certification Authority - G4//, which was removed in bug 1670769, with a similar VeriSign root CA that still exists and meets the same requirements for the test.
Differential Revision: https://phabricator.services.mozilla.com/D98510
2020-12-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ckfw/builtins/nssckbi.h:
Bug 1678189 - December 2020 batch of root changes,
NSS_BUILTINS_LIBRARY_VERSION 2.46. r=bbeurdouche
[f8c49b334e51] [tip]
* lib/ckfw/builtins/certdata.txt:
Bug 1678166 - Add NAVER Global Root Certification Authority root
cert to NSS. r=bbeurdouche,KathleenWilson
[b9742b439a81]
2020-12-01 Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
* lib/ckfw/builtins/certdata.txt:
Bug 1670769 - Remove 10 GeoTrust, thawte, and VeriSign root certs
from NSS. r=kjacobs,KathleenWilson
[4c69d6d0cf21]
2020-12-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/ssl3exthandle.c:
Bug 1674819 - Fix undefined shift when fuzzing r=bbeurdouche
In fuzzer mode, session tickets are serialized without any
encryption or integrity protection. This leads to a post-deserialize
UBSAN error when shifting by a fuzzed (large) authType value. A real
NSS server will not produce these values.
[a51fae403328]
2020-11-30 Benjamin Beurdouche <benjamin.beurdouche@inria.fr>
* build.sh, coreconf/config.gypi, lib/ckfw/builtins/testlib/builtins-
testlib.gyp, lib/ckfw/builtins/testlib/nssckbi-testlib.def, nss.gyp:
Bug 1678384 - Add a build flag to allow building nssckbi-testlib in
m-c r=kjacobs
[22bf7c680b60]
2020-12-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/dev/devslot.c:
Bug 1679290 - Don't hold slot lock when taking session lock
r=bbeurdouche
[[ https://hg.mozilla.org/projects/nss/rev/0ed11a5835ac1556ff978362c
d61069d48f4c5db | 0ed11a5835ac1556ff978362cd61069d48f4c5db ]] fixed
a number of race conditions related to NSSSlot member accesses.
Unfortunately the locking order that was imposed by that patch has
been found to cause problems for at least one PKCS11 module,
libnsspem.
This patch drops nested locking in favor of unlocking/re-locking.
While this isn't perfect, the original problem in bug 1663661 was
that `slot->token` could become NULL, which we can easily check
after reacquiring.
[19585ccc7a1f]
2020-11-25 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/blinit.c:
Bug 1678990 - Use __ARM_FEATURE_CRYPTO for feature detection.
r=bbeurdouche
Actually, we have CPU feature detection for Linux and FreeBSD on
aarch64 platform. But others don't.
macOS doesn't has any CPU feature detection for ARM Crypto
Extension, but toolchain default is turned on. So we should respect
__ARM_FEATURE_CRYPTO.
[f1e48fbead3d]
2020-11-19 Lauri Kasanen <cand@gmx.com>
* lib/freebl/Makefile:
Bug 1642174 - Resolve sha512-p8.o: ABI version 2 is not compatible
with ABI version 1 output. r=jcj Don't try to build the SHA-2
accelerated asm on old-ABI ppc.
Currently make only, I don't have enough gyp-fu to do that side.
However, the reporters of 1642174 and 1635625 both used make, not
gyp.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
[d806f7992b10]
Differential Revision: https://phabricator.services.mozilla.com/D98509
Before this patch, when RemoteSecuritySettings would download multiple new
stashes, it would add the first one to cert_storage, which would reconstruct
the in-memory representation of all of the issuer/serial hashmaps/sets
(including preexisting ones), and then RemoteSecuritySettings would add the
second one, and cert_storage would reconstruct the entire in-memory
representation of the issuer/serial hashmaps/sets again, and so on, re-doing
all of the work each time. This is essentially O(n^2) work. This patch improves
both RemoteSecuritySettings and cert_storage to minimize this work, reducing it
to O(n).
Differential Revision: https://phabricator.services.mozilla.com/D97829
This allows us to avoid calling any NSSCertificateDB methods on the main
thread or allocating memory for xpconnect wrappers of cert objects.
Differential Revision: https://phabricator.services.mozilla.com/D97970
This removes telemetry regarding baseline requirements sections 9.2.1 and 9.2.2
(subject alternative name and subject common name) that is no longer necessary.
More specifically, this removes the histogram categories
BR_9_2_1_SUBJECT_ALT_NAMES and BR_9_2_2_SUBJECT_COMMON_NAME.
Differential Revision: https://phabricator.services.mozilla.com/D97507
This patch uses nsICertStorage.hasPriorData() and a new local field on the
CRLite filter Remote Settings collection to avoid re-downloading and
re-processing CRLite filters and stashes that have already been put into
cert_storage.
Differential Revision: https://phabricator.services.mozilla.com/D97381
Some PSM services need to be initialized on the main thread. Before this patch,
this was achieved by dispatching a synchronous task to the main thread in the
event that a different thread was attempting to acquire a given service for the
first time. However, with the upcoming removal of the nested event loop in the
XPCOM service instantiation code (see other patches in this bug), this can
cause a deadlock. This patch avoids the deadlock by removing the synchronous
dispatch and ensuring that these services get initialized on the main thread
relatively early, when PSM itself is initialized.
Differential Revision: https://phabricator.services.mozilla.com/D94145
This method only is async in order to allow callers to wait for a process switch
triggered by the call to `loadURI` to be finished before resolving. With
DocumentChannel, we should never trigger a process switch eagerly like this
again, so we don't need any of the async behaviour here anymore.
This part is largely mechanical changes to tests, removing the `await` calls on
`loadURI`, and a follow-up part will remove the actual async logic from
`BrowserTestUtils.loadURI`.
Differential Revision: https://phabricator.services.mozilla.com/D94641
The new infrastructure consists of a separate bridge between the content and the
parent process and a separate local storage database in the parent process.
The new infrastructure can be used for storing and sharing of private browsing
data across content processes.
This patch only creates necessary infrastructure, actual enabling of storing and
sharing of data across content processes will be done in a follow-up patch.
Differential Revision: https://phabricator.services.mozilla.com/D96562
Eventually it needs to be possible for osclientcerts to differentiate between
keys that can and can't perform modern cryptography (RSA-PSS being the main
issue). This is because PSM and NSS need to know not to offer to use a key that
can't actually perform the signing operation in question. However, the current
implementation can be very slow if the user has slow hardware with a number of
keys on it. Since PSM and NSS changes are required to make use of this
differentiation anyway, the best approach for now seems to be to skip this step.
Differential Revision: https://phabricator.services.mozilla.com/D96148
Bug 1634065 will involve changing when nsCertOverrideService gets initialized.
It turns out that doing this causes
services/crypto/tests/unit/test_crypto_random.js to fail various assertions in
the JS engine. It's unclear what the underlying issue is, but the failures
happen as a result of marking nsCertOverrideService as a shutdown blocker
unconditionally in its initialization. This patch works around this by marking
the service as a blocker only when there's a write event happening, which is
arguably more correct anyway.
Differential Revision: https://phabricator.services.mozilla.com/D95899
Do not use SPDY or HTTP3 for internal security operations. It could result
in the silent upgrade to ssl, which in turn could require an SSL
operation to fulfill something like an OCSP fetch, which is an
endless loop.
Differential Revision: https://phabricator.services.mozilla.com/D95295
This method only is async in order to allow callers to wait for a process switch
triggered by the call to `loadURI` to be finished before resolving. With
DocumentChannel, we should never trigger a process switch eagerly like this
again, so we don't need any of the async behaviour here anymore.
This part is largely mechanical changes to tests, removing the `await` calls on
`loadURI`, and a follow-up part will remove the actual async logic from
`BrowserTestUtils.loadURI`.
Differential Revision: https://phabricator.services.mozilla.com/D94641
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
When the CRLite mode is "enforce" and a certificate is found to be covered by
CRLite, this patch makes it so the implementation will not fall back to
processing OCSP (whether stapled, cached, or fetched). This also updates
test_crlite_filters.js to use a more recent, realistic filter and stash.
Differential Revision: https://phabricator.services.mozilla.com/D94499
Andreea Pavel
Razvan Maries
Kevin Jacobs
ffxbld
Dana Keeler
Valentin Gosu
Simon Giesecke
Emilio Cobos Álvarez
Sylvestre Ledru
Tim Giles
Peter Van der Beken
Mihai Alexandru Michis
Nika Layzell
Moritz Birghan
Jan Varga
Dragana Damjanovic
Ricky Stewart
Bogdan Tara