2021-05-28 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.66 final
[46633639570c] [NSS_3_66_RTM] <NSS_3_66_BRANCH>
* .hgtags:
Added tag NSS_3_66_BETA1 for changeset ef591b9d25a3
[9904a426633e] <NSS_3_66_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D116223
SecCertificateCopyNormalizedIssuerSequence and
SecCertificateCopyNormalizedSubjectSequence normalize DN sequences (shocking, I
know). This means that if the output from these functions is used to identify
certificates, naively comparing bytes will result in mismatches. Since
normalization is unnecessary and unwanted, we should avoid these functions in
osclientcerts.
Differential Revision: https://phabricator.services.mozilla.com/D115942
2021-05-25 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/ckfw/builtins/certdata.txt:
Bug 1710716 - Remove Expired Sonera Class2 CA from NSS. r=bwilson
Depends on D115882
[ef591b9d25a3] [tip]
* lib/ckfw/builtins/certdata.txt:
Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis
Root Certification Authority. r=bwilson
Depends on D115877
[f7ff828026cd]
* lib/ckfw/builtins/certdata.txt:
Bug 1708307 - Remove Trustis FPS Root CA from NSS. r=bwilson
[4ef15c2043cf]
* lib/ckfw/builtins/certdata.txt:
Bug 1707097 - Add Certum Trusted Root CA to NSS. r=bwilson
Depends on D115890
[4f4982362348]
* lib/ckfw/builtins/certdata.txt:
Bug 1707097 - Add Certum EC-384 CA to NSS. r=bwilson
Depends on D115889
[171e74b54ca4]
* lib/ckfw/builtins/certdata.txt:
Bug 1703942 - Add ANF Secure Server Root CA to NSS. r=bwilson
Depends on D115888
[e189b4f85ce5]
* lib/ckfw/builtins/certdata.txt:
Bug 1697071 - Add GLOBALTRUST 2020 root cert to NSS. r=bwilson
[487e89fcb141]
2021-05-20 Robert Relyea <rrelyea@redhat.com>
* doc/certutil.xml, doc/html/certutil.html, doc/html/derdump.html,
doc/html/modutil.html, doc/html/pk12util.html, doc/html/pp.html,
doc/html/signver.html, doc/html/ssltap.html, doc/modutil.xml,
doc/nroff/certutil.1, doc/nroff/crlutil.1, doc/nroff/derdump.1,
doc/nroff/modutil.1, doc/nroff/pk12util.1, doc/nroff/pp.1,
doc/nroff/signtool.1, doc/nroff/signver.1, doc/nroff/ssltap.1,
doc/nroff/vfychain.1, doc/nroff/vfyserv.1, doc/pk12util.xml,
doc/signver.xml:
Bug 1712184 NSS tools manpages need to be updated to reflect that
sqlite is the default database.
This patch does 2 things:
1) update certutil.xml pk12util.xml modutil.xml and signver.xml to
reflect the fact the the sql database is default. Many of these also
has examples of specifying sql:dirname which is now the default. I
did not replace them with dbm:dirname since we don't want to
encourage regressing back. The one exception is in the paragraph
explaining how to get to the old database format.
2) I ran make in the diretory to update the .1 and .html files
generated from the .xml files. There are a number of old updates to
the .xml files which haven't been picked up in their corresponding
html or man page files. This updates are included in this patch.
It is really only necessary to review the changes to the .xml files,
the rest were reviewed when their patches were applied.
bob
[da25615e92c8]
2021-05-24 Mike Hommey <mh@glandium.org>
* lib/freebl/freebl.gyp:
Bug 1712230 - Don't build ppc-gcm.s with clang integrated assembler.
r=bbeurdouche
Like intel-gcm.s.
[2300e178c90f]
2021-05-20 Robert Relyea <rrelyea@redhat.com>
* lib/freebl/blapi.h:
Bug 1712211 Strict prototype error when trying to compile nss code
that includes blapi.h
in blapi.h, strict prototypes compiles fail on: extern
BLAKE2BContext *BLAKE2B_NewContext();
This patch fixes that problem.
[207465bda46a]
Differential Revision: https://phabricator.services.mozilla.com/D115972
- Move the decision logic for Win32k Lockdown to a common area where it can
be re-used
- Cache the Win32k Lockdown state, since the result will never change
- Add IDL to allow JavaScript to query it
- Add it to the "about:support" page
- Add an annotation to Crash Reporter after the first time it's read
Differential Revision: https://phabricator.services.mozilla.com/D114850
Win32k Lockdown requires WebRender, but WR is not currently guaranteed
on all computers. It can also fail to initialize and fallback to
non-WR render path.
We don't want a situation where "Win32k Lockdown + No WR" occurs without
the user explicitly requesting unsupported behavior.
Differential Revision: https://phabricator.services.mozilla.com/D114849
2021-05-11 Robert Relyea <rrelyea@redhat.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libssl3.so.txt, cmd/selfserv/selfserv.c,
cmd/strsclnt/strsclnt.c, cmd/tstclnt/tstclnt.c, lib/nss/nss.def,
lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11load.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11priv.h,
lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11slot.c,
lib/pk11wrap/secmodt.h, lib/softoken/config.mk,
lib/softoken/fips_algorithms.h, lib/softoken/fipstokn.c,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
lib/softoken/sftkmessage.c, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h,
lib/ssl/sslinfo.c, lib/ssl/sslt.h, lib/util/pkcs11n.h,
tests/ssl/ssl.sh, tests/ssl/sslcov.txt:
Bug 1710773 NSS needs FIPS 180-3 FIPS indicators. r=mt
Changes from the review: The while loop was taken out of it's
subshell pipe, which prevented the selfserv PID from being passed on
to the final selfserv-kill. This eventally lead to a freeze on
windows.
The last paragraph of ISO 19790:2012 section 7.2.4.2 states:
All services shall [02.24] provide an indicator when the service
utilises an approved cryptographic algorithm, security function or
process in an approved manner and those services or processes
specified in 7.4.3
This means our libraries need to grow an API or provide some
additional information via contexts or similar in order for an
application to be able to query this indicator. This can't be just a
Security Policy description because ISO 24759:2017 section 6.2.4.2
states:
TE02.24.02: The tester shall execute all services and verify that
the indicator provides an unambiguous indication of whether the
service utilizes an approved cryptographic algorithm, security
function or process in an approved manner or not.
The indicator can't be just a marker over an algorithm either,
because it needs to show different values based on whether the
algorithm parameters causes the algorithm to run in approved or non-
approved mode (ie keys outside of valid range for RSA means RSA is
being used in non-approved mode ...)
For NSS, there is a PKCS #11 design: https://docs.google.com/documen
t/d/1Me9YksPE7K1Suvk9Ls5PqJXPpDmpAboLsrq0z54m_tA/edit?usp=sharing
This patch implments the above design as well as: 1) NSS proper
functions to access these indicators from either the pk11wrap layer
or the ssl layer. 2) Updates to the ssl tests which will output the
value of the
Changes decription by file: cmd/selfserv/selfserv.c Add a FIPS
indicator if the connection was excuted in FIPS mode on a FIPS
token. cmd/strsclnt/strsclnt.c Add a FIPS indicator if the
connection was excuted in FIPS mode on a FIPS token.
cmd/tstclnt/tstclnt.c Add a FIPS indicator if the connection was
excuted in FIPS mode on a FIPS token. lib/nss/nss.def Add the new
pk11 functions to access the fips indicator. lib/pk11wrap/pk11cxt.c
Implement a function to get the FIPS indicator for the current
PK11Context. lib/pk11wrap/pk11load.c Get the fips indicator function
from the PKCS #11 module using the vendor function interface from
PKCS #11 v3.0 lib/pk11wrap/pk11obj.c Implement a function to get the
FIPS indicator for a specific PKCS #11 object.
lib/pk11wrap/pk11priv.h Add a generalized helper function to get the
FIPS indicator used by all the other exported functions to get FIPS
indicator. lib/pk11wrap/pk11pub.h Add function to get the FIPS
indicator for the current PK11Context. lib/pk11wrap/pk11slot.c
Implement a generalized helper function to get the FIPS indicator.
Implement a function to get the FIPS indicator for the latest single
shot operation on the slot. lib/pk11wrap/secmodt.h Add a new field
to hold the fipsIndicator function. lib/softoken/fips_algorithms.h
New sample header which vendors can replace with their own table. In
the default NSS case, the table in this header will be empty.
lib/softoken/fipstokn.c Add Vendor specific interface for the FIPS
indicator to the FIPS token. lib/softoken/pkcs11.c Add Vendor
specific interface for the FIPS indicator to the non-FIPS token.
Factor out the code tha maps an attribute value to a mechanism flag
to it's own file so it can be used by other parts of softoken. (new
function is in pkcs11u.c Implement the function that returns the
FIPS indicator. This function fetches the indicator from either the
session or the object or both. The session indicator is in the
crypto context (except the last operation indicator, which is in the
session itself. The object indicator is in the base object.
lib/softoken/pkcs11c.c Record the FIPS indicator in the various
helper function.
- sftk_TerminateOp is called when a crypto operation had been
finalized, so we can store that fips indicator in the lastOpWasFIPS
field.
- sftk_InitGeneric is called when a crypto operation has been
initialized, so we can make a preliminary determination if the
operation is within the FIPS policy (could later change bases on
other operations. For this to work, we need the actual mechanism, so
pMechanism is now a parameter to sftk_InitGeneric.
- sftk_HKDF - HKDF when used in TLS has the unusual characteristic
that the salt could actually be a key. In this case, usually the
base key is some known public value which would not be FIPS
generated, but the security is based on whether the salt is really a
FIPS generated key. In this case we redo the calculation based on
the salt key. lib/softoken/pkcs11i.h
- add the FIPS indicators to the various structures (crypto contexts,
sessions, objects).
- add the FIPS indicators function list
- add pMechanism the the sftkInitGeneric function.
- add the helper function to map Attribute Types to Mechanism Flags.
- add the function that will look up the current operation in the FIPS
table to determine that it is allowed by policy.
lib/softoken/pkcs11u.c
- include the new fips_algorithms.h (if NSS_FIPS_DISABLED is not on)
- handle the FIPS status for objects and session on creation an copy.
- implement the helper function to map Attribute Types to Mechanism
Flags.
- get the key length of a key. This involves getting the key type and
then using the key type to determin the appropriate attribute to
fetch. Most keys it's simply the CKA_VALUE. ECC is special, we get
the key length from the curve. Since only a subset of curves can be
FIPS Curves, we use key length to return false for other curves.
- the handle special function handles any unusal semantics for various
mechanism types. This function precodes possible mechanism semantics
we may need to check. The special handling can be selected by the
mechanism table in fips_algorithms.h
- sftk_operationIsFIPS - the actual function to determine if the
givelib/n operation is in the FIPS table. lib/softoken/sftkmessage.c
- just need to update the sftk_InitGeneric function to pass the
mechanism. lib/ssl/ssl3con.c
- and functions to query the underlying crypto contexts to see if the
current ssl session is running in FIPS approved mode based on the
security policy. It does so by checking the CipherSpecIsFIPS
function to verify that both the mac and the encryption algorithm
FIPS conforms to the ciphers in the security profile (using
PK11_GetFIPSStatus). We check both the cipher specs for read and
write. These underlying specs depends on the keys used in these
specs being generated with FIPS approved algorithms as well, so this
verifies the kea and kdf functions as well. lib/ssl/sslimpl.h
- ass ssl_isFIPS() so it can be used by other files here in the ssl
directory. lib/ssl/sslinfo.c
- set the new isFIPS field in the existing sslinfo structure.
SSL_GetChannelInfo knows how to handle sslinfo structures that are
smaller then expected and larger than expected. unknown fields will
be set to '0' (so new applications running against old versions will
always get zero for new fields). sslinfo that are smaller will only
return a the subset the calling application expects (so old
applications will not get the new fields). lib/ssl/sslt.h
- Add the new isFIPS field (must be at the end of the ChannelInfo
structure). lib/util/pkcs11n.h
- add the new FIPS indicator defines. tests/ssl/ssl.h
- The main changes was to turn on verbose for the coverage tests so we
can test the FIPS indicators on various cipher suites. NOTE: this
only works with either NSS_TEST_FIPS_ALGORIHTMS set, or a vendor
fips_algorthims.h, so vendors will need to do their own test
interpretation. While working in ssl.sh I fixed an number of other
issues:
- many tests that were skipped in FIPS mode were skipped not because
they didn't work in FIPS mode, but because tstclnt requires a
password when running in FIPS mode. I've now added the password if
the function is running in fips mode and removed the fips
restrictions.
- dtls had a race condition. the server side needed to come up before
the client, but couldn't end before the client ran. We already had a
sleep to guarrentee the former, I added a sleep before sending the
server it's data to handle the latter.
- CURVE25519 is the default ECC curve, but it's not a fiPS curve, so I
disable it in FIPS mode so we will actually get FIPS indicators when
using ECDHE.
- I added TLS 1.3 to the coverage tests.
[40edc4f4c117] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D115625
- Move the decision logic for Win32k Lockdown to a common area where it can
be re-used
- Cache the Win32k Lockdown state, since the result will never change
- Add IDL to allow JavaScript to query it
- Add it to the "about:support" page
- Add an annotation to Crash Reporter after the first time it's read
Differential Revision: https://phabricator.services.mozilla.com/D114850
Win32k Lockdown requires WebRender, but WR is not currently guaranteed
on all computers. It can also fail to initialize and fallback to
non-WR render path.
We don't want a situation where "Win32k Lockdown + No WR" occurs without
the user explicitly requesting unsupported behavior.
Differential Revision: https://phabricator.services.mozilla.com/D114849
This patch removes the ability for Firefox profiles to receive dynamic HSTS
preloading information via kinto/remote settings. This feature was implemented
some time ago but was never used. It is being removed to make upcoming changes
easier.
Differential Revision: https://phabricator.services.mozilla.com/D115315
This patch removes some unnecessary leftover declarations from
nsISiteSecurityService.idl that could have been removed in previous patches.
Differential Revision: https://phabricator.services.mozilla.com/D115314
Enabling osclientcerts by default may have an impact on how long it takes to
scan for client authentication certificates. This patch adds telemetry to
measure this.
Differential Revision: https://phabricator.services.mozilla.com/D115257
When doing (e.g.) `MOZ_LOG=PlatformDecoderModule:4`, ffmpeg ends up doing
`ioctl(TCGETS, ...)` via `tcgetattr`, and this crashes the RDD. We don't care
much about the result, so let's just say `ENOTTY`.
Differential Revision: https://phabricator.services.mozilla.com/D113162
As an intermediate step to allow mach commands as standalone functions, the MachCommandBase
subclass instance that currently corresponds to self has to be made available as a separate
argument (named command_context).
Differential Revision: https://phabricator.services.mozilla.com/D109650
2021-05-14 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.65 final
[0e785b3a4a10] [NSS_3_65_RTM] <NSS_3_65_BRANCH>
* .hgtags:
Added tag NSS_3_65_BETA1 for changeset 1bdb4713e2f0
[6f4869107d74] <NSS_3_65_BRANCH>
2021-05-11 Robert Relyea <rrelyea@redhat.com>
* gtests/pk11_gtest/pk11_hpke_unittest.cc:
fix clang format error from patch for bug 1709750
[1bdb4713e2f0] [NSS_3_65_BETA1]
* coreconf/NetBSD.mk:
Bug 1709654 Update for NetBSD configuration patch by Thomas Klausner
r=rrelyea
In the NetBSD configuration, the symbol hiding flags are not
defined. This leads to conflicts when openssl and nss are linked
into the same binary. For a longer discussion on the topic, see
https://groups.google.com/a/mozilla.org/g/dev-tech-
crypto/c/Al0Pt0zhARE
Match more closely to OpenBSD.mk, and in particular, hide symbols
(MAPFILE).
- fix wrong value of CPU_ARCH on NetBSD/evbarm-earmv7f
- s/aarch64eb/aarch64/
[a7769615f285]
Differential Revision: https://phabricator.services.mozilla.com/D115135
R. Martinho Fernandes
ffxbld
Kershaw Chang
David Parks
Alexandre Lissy
Alexandre Lissy
M. Sirringhaus
Dana Keeler
Brindusan Cristian
Dorel Luca
Benjamin Beurdouche
Joel Maher
Iulian Moraru
Valentin Gosu
Henrik Skupin
Andi-Bogdan Postelnicu
Chris Martin
Csoregi Natalia
Petr Sumbera
Mike Hommey
Paul Adenot
Alex Lopez