Граф коммитов

331 Коммитов

Автор SHA1 Сообщение Дата
Sylvestre Ledru 5de63ef061 Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandium
MozReview-Commit-ID: 5orfnoude7h

--HG--
extra : rebase_source : 1ed9a6b56e1d27221a07624767a7fb0e6147117f
2017-12-08 13:46:13 +01:00
Sylvestre Ledru 9bfe27d903 Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandium
MozReview-Commit-ID: 7duJk2gSd4m

--HG--
extra : rebase_source : 7312fe276e561e8c034a5f6749774ae812727f9c
2017-12-07 22:09:15 +01:00
David Keeler cdac966d1b bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
MozReview-Commit-ID: 2qoJz5gDPyY

--HG--
extra : rebase_source : 89ccda87138ac02004d290f621e9d53dcddc08ff
2017-11-15 15:24:58 -08:00
Andreea Pavel 3039b5c625 Backed out 1 changesets (bug 1417677) for failing security/manager/ssl/tests/unit/test_broken_fips.js r=backout on a CLOSED TREE
Backed out changeset 614a09e35ff0 (bug 1417677)
2017-11-17 12:49:16 +02:00
David Keeler 82c2e0ec18 bug 1413336 - (7/7) regenerate all the certificates! r=Cykesiopka
Also regenerate the test_signed_app.js testcases.

MozReview-Commit-ID: 483uNQT0wuG

--HG--
extra : rebase_source : 4dfddf89d151dceb970a1a9139a5c90e6b578f8c
2017-11-08 12:57:03 -08:00
David Keeler dcb596244e bug 1417677 - remove "security.use_sqldb" and always use the sqlite-backed NSS DBs r=jcj
MozReview-Commit-ID: 2qoJz5gDPyY

--HG--
extra : rebase_source : c84d7975fa30c753af7481d04e2db8c19daff180
2017-11-15 15:24:58 -08:00
David Keeler ab21773795 bug 1417277 - remove support for MOZPSM_NSSDBDIR_OVERRIDE r=jcj
MOZPSM_NSSDBDIR_OVERRIDE was added in bug 462919 for integration with xulrunner
applications. Upcoming changes we're aiming to make with how PSM handles NSS and
the certificate/key databases (e.g. making the sqlite-backed implementation
mandatory) mean we have to take this feature into account. xulrunner isn't
supported any longer. Searching the web for "MOZPSM_NSSDBDIR_OVERRIDE" yields
two kinds of results: mozilla-central source code and a man page for nss-gui,
which it seems is the only project that ever made use of
MOZPSM_NSSDBDIR_OVERRIDE (and hasn't been updated since 2013, from what I can
tell). I think it's fair to conclude that this isn't a widely-used (let alone
known) feature. To make development easier, we should remove it.

MozReview-Commit-ID: 56vcTYSzDPq

--HG--
extra : rebase_source : 683a65bcd79182c04524562bc26ed5925f5d902b
2017-11-14 16:38:34 -08:00
David Keeler 2d6eb184f1 bug 1368868 - give up on ocsp stapling strictness because we can't have nice things r=jcj
MozReview-Commit-ID: nbX0c251oC

--HG--
extra : rebase_source : 2adda43c5ea137c17474e4b9303107f4ba3815ff
2017-11-08 15:50:26 -08:00
David Keeler 67fd50d803 bug 1410546 - Disable EV treatment for "Security Communication EV RootCA1" root certificate r=mgoodwin
MozReview-Commit-ID: 7sERUm9gaQX

--HG--
extra : rebase_source : 9ec46921974dd9fce19fa4a3308804dfdc8c731d
2017-11-02 13:19:04 -07:00
J.C. Jones ce24b2607a Bug 1409259 - Add Symantec root and Apple/Google intermediate lists r=keeler
This is the list of affected Symantec roots and the Apple and Google carved out
sub-CAs being whitelisted. These lists are created using the crtshToDNStruct
tool.

These sub-CAs are to be explicitly whitelisted in the distrust logic being
applied to Symantec root CAs.

Sources:
https://groups.google.com/d/msg/mozilla.dev.security.policy/FLHRT79e3XE/riCrpXsfAgAJ
https://groups.google.com/d/msg/mozilla.dev.security.policy/FLHRT79e3XE/90qkf8jsAQAJ

MozReview-Commit-ID: 3atUGcjG6GD
* * *
[mq]: crtsh_linting

MozReview-Commit-ID: 5gGq5DZXEIi
* * *
[mq]: fix_crtsh_script

MozReview-Commit-ID: JRgkD6OODnO
* * *
[mq]: fix_crtsh_also

MozReview-Commit-ID: Gza1HnYic2I

--HG--
extra : rebase_source : 8ca642964d3ce0308b8081fc52713d9f0104024d
2017-10-18 17:17:20 -07:00
J.C. Jones 8cd0cda935 Bug 1409259 - Refactor "TrustOverrides" header for existing trust overrides r=keeler
Since we'll need the same structs and mechanisms to work with the Symantec roots,
this patch makes the matching function generic and moves it into a new header,
"TrustOverrides.h".

This also moves the GlobalSignData out into "TrustOverride-GlobalSignData.inc"
and the WoSign/StartCom to "TrustOverride-StartComAndWoSignData.inc".

MozReview-Commit-ID: 2yWcvrngKwr

--HG--
rename : security/certverifier/StartComAndWoSignData.inc => security/certverifier/TrustOverride-StartComAndWoSignData.inc
extra : rebase_source : 26d86765277563ddafd5bbf0f4372ccdb280d062
2017-10-16 23:17:52 -07:00
David Keeler 3961574fa2 bug 1381154 - remove smartcard monitoring threads r=jcj,mgoodwin
Modified from bug 1248818 comment 11:
Before this patch, if a user had a smart card (PKCS#11 device) with removable
slots, Firefox would launch a thread for each module and loop, calling
SECMOD_WaitForAnyTokenEvent to be alerted to any insertions/removals. At
shutdown, we would call SECMOD_CancelWait, which would cancel any waiting
threads. However, since that involved calling 3rd party code, we really had no
idea if these modules were behaving correctly (and, indeed, they often weren't,
judging by the shutdown crashes we were getting).
The real solution is to stop relying on PKCS#11, but since that's unlikely in
the near future, the next best thing would be to load these modules in a child
process. That way, misbehaving modules don't cause Firefox to hang/crash/etc.
That's a lot of engineering work, though, so what this patch does is avoids the
issue by never calling SECMOD_WaitForAnyTokenEvent (and thus we never have to
call SECMOD_CancelWait, etc.). Instead, every time Firefox performs an operation
that may be affected by a newly added or removed smart card, it first has NSS
refresh its view of any removable slots. This is similar to how we ensure the
loadable roots module has been loaded (see bug 1372656).

MozReview-Commit-ID: JpmLdV7Vvor

--HG--
extra : rebase_source : d3503d19fa9297106d661a017a38c30969fa39b4
2017-09-28 14:27:21 -07:00
David Keeler 65f33e8410 bug 1257362 - remove the code-signing usage from certverifier as nothing uses it r=Cykesiopka
MozReview-Commit-ID: 6nWy8k6fMvw

--HG--
extra : rebase_source : fa9f78d39b89bfd3416a7a869bf6436d19ac74bc
2017-10-02 16:24:38 -07:00
David Keeler 6bbfc835f0 bug 1406396 - work around NSS utils potentially loading spurious root cert modules r=mgoodwin
NSS command-line utilities may add a built-in root certificate module with the
name "Root Certs" if run on a profile that has a copy of the module file (which
is an unexpected configuration in general for Firefox). This can cause breakage.
To work around this, PSM now simply deletes any module named "Root Certs" at
startup. In an effort to prevent PSM from deleting unrelated modules
coincidentally named "Root Certs", we also prevent the user from using the
Firefox UI to name modules "Root Certs".

MozReview-Commit-ID: ABja3wpShO9

--HG--
extra : rebase_source : cfc62fb3fabf491a72f009601f3ec6973244642e
2017-10-13 11:27:30 -07:00
J.C. Jones d01c97d43a Bug 1392852 - Disable EV treatment for old StartCom root certificates r=keeler
Per the root program's request, this patch removes EV treatment for three
StartCom roots:

1) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA

2) CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11

3) CN=StartCom Certification Authority G2, OU=null, O=StartCom Ltd., C=IL
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95

MozReview-Commit-ID: COOu1zvoNWG

--HG--
extra : rebase_source : 68ce6ebd850f3a796bb52e71d05b02b8d860c9f7
2017-10-16 16:14:06 -07:00
J.C. Jones 11a9b47490 Bug 1387261 - Remove EV treatment for WoSign roots r=keeler
Per the root program's request, this patch removes EV treatment for four WoSign
roots:

Common Name: CA 沃通根证书
SHA-256 Fingerprint: D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54

Common Name: Certification Authority of WoSign
SHA-256 Fingerprint: 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08

Common Name: Certification Authority of WoSign G2
SHA-256 Fingerprint: D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16

Common Name: CA WoSign ECC Root
SHA-256 Fingerprint: 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02

MozReview-Commit-ID: Bxp9LgvxCsp

--HG--
extra : rebase_source : 065d98cc654d3fb22c17ea185253ce917b48e270
2017-10-16 16:08:56 -07:00
David Keeler d26e95be10 bug 1257403 - don't bother verifying CA or email certificates when importing r=Cykesiopka
Incidentally, this means we can remove certificateUsageVerifyCA and
certificateUsageStatusResponder from CertVerifier, since we no longer use them.

MozReview-Commit-ID: Bbqn8fShfTm

--HG--
extra : rebase_source : 012cb08dcbe33fe889c9f6824959b1a02cd0bdc7
2017-09-22 15:42:20 -07:00
Chris Peterson 9f4c1f5278 Bug 870698 - Part 1: Replace Assign("") with AssignLiteral(""). r=erahm
MozReview-Commit-ID: A0u9PP49OW3

--HG--
extra : rebase_source : 7d5286959f510eb4b7df1b7e32d5b9b58719c48b
extra : intermediate-source : f552b4a78236c42bc09030b3eb008725a3edb9c8
extra : source : 26ac4a1014f6661a70e3bf9f552407e12c2c3981
2017-09-03 22:12:56 -07:00
David Keeler bae8112f6b bug 1400913 - back out the functionality changes from bug 1364159 (but keep the test) r=jcj
Bug 1364159 introduced an optimization that attempted to avoid reading from the
user's cached certificate database as much as possible when building a verified
certificate chain. Unfortunately this had the side-effect of not preferring root
certificates in path building, which can result in unnecessarily long chains
(which rather defeats the purpose, since it means more signature verifications).
This patch reverts the functionality changes from that bug but keeps the test
that was added (the test didn't directly test the functionality changes - it's
more of a check that path building will query the cached certificate db when
necessary).

MozReview-Commit-ID: I56THTLUytH

--HG--
extra : rebase_source : 7db9597e25b98942450840519d707046cc660781
2017-09-18 10:28:58 -07:00
David Keeler 9f77404d3f bug 1398932 - add a preference for enabling the sqlite-backed NSS databases r=Cykesiopka,jcj
In the future, bug 1377940 will make the sqlite-backed databases the default,
but until we're sure this will stick we want to be able to control this with a
Firefox-only change. The use of a preference to configure which format to use
will hopefully allow us to restore the old behavior quickly and relatively
safely if necessary. Note that doing this should be done with care; any changes
made in the sqlite databases after upgrade migration will not be reflected if
we need to go back to the old database format. Thus, user data (imported CAs,
client certificates, and keys) can be lost.

MozReview-Commit-ID: tkovdiCU9v

--HG--
extra : rebase_source : e74358bd65afb5844fa8fc5b729eba2bbc5bb2db
2017-09-06 14:31:27 -07:00
Kris Maglione 6bad4f8ef7 Bug 1366511: Part 3 - Add mozilla::ToResult() to convert other result types to equivalent Result. r=nbp,ehsan
Also adds a mozilla/ResultExtensions.h header to define the appropriate
conversion functions for nsresult and PRResult. This is in a separate header
since those types are not available in Spidermonkey, and this is the pattern
other *Extensions.h headers follow.

Also removes equivalent NS_TRY macros and WrapNSResult inlines that served the
same purpose in existing code, and are no longer necessary.

MozReview-Commit-ID: A85PCAeyWhx

--HG--
extra : rebase_source : a5988ff770888f901dd0798e7717bcf6254460cd
2017-08-29 21:28:31 -07:00
Stephanie Ouillon 73e9f686e8 Bug 1343202 - Utility function for decoding an InclusionProof structure; r=ckerschb,keeler
MozReview-Commit-ID: 1x2Cwan8nLL

--HG--
extra : rebase_source : 079a8945f4d04be06dd99b776246d9b96930613a
2017-08-18 09:50:49 +02:00
Stephanie Ouillon 3bac94ec4a Bug 1343202 - Move Buffer definition into its own file; r=keeler,rbarnes
MozReview-Commit-ID: JHAXllvfG3x

--HG--
extra : rebase_source : 4c18c882bea0f1d4f507baa47910672d80d73c72
2017-08-17 09:23:29 +02:00
David Keeler d11da41c16 bug 1389664 - centralize on-demand empty pin initialization of the user's NSS database r=Cykesiopka,jcj
The sqlite-backed NSS database implementation requires explicitly setting some
kind of pin (password, really). To maintain behavior compatibility with the old
database implementation, we set the pin to the empty string as necessary.
Previously this would only happen on Android (NSS_DISABLE_DBM builds), but
because we're moving towards using the sqlite-backed implementation on all
platforms, we should enable this code everywhere and move it to a more central
location.

This also fixes some now-unnecessary test behavior.

MozReview-Commit-ID: KKtxmvOZt78

--HG--
extra : rebase_source : 0de061928bf63b62386a4e244b326610d32cd122
2017-07-18 15:05:58 -07:00
David Keeler 8b85837b61 bug 1372656 - load loadable roots on a background thread r=Cykesiopka,jcj
In a profile, loading the loadable roots PKCS#11 module (i.e. the built-in root
CA module) accounted for about 60% of the time to initialize PSM/NSS. Since we
only need the roots module loaded when we're actually looking for an issuing
certificate or querying a certificate's trust, we can do the load
asynchronously (where it hopefully finishes before we actually need it, because
otherwise we'll have to wait anyway).

MozReview-Commit-ID: JyY6NtpQAUj

--HG--
extra : rebase_source : f63a697b18a409dd042289afa2b727b09f81f19f
2017-06-08 16:10:00 -07:00
David Keeler f60f796fb1 bug 1356623 - remove now-unnecessary CNNIC certificate whitelist r=jcj
As a result of CNNIC issuing an unconstrained intermediate certificate that
misissued an end-entity certificate for google.com (see bug 1146026 and
bug 1177209), we implemented a system that would in theory enable Firefox to
continue to trust certificates that were valid at the time but not newly issued
certificates. This consisted of a whitelist added in bug 1151512. The CNNIC
roots have since been removed from NSS in bug 1380868. We can now remove the
whitelist in Firefox.

MozReview-Commit-ID: 7VXOuvwzbct

--HG--
extra : rebase_source : 20e6e39c40417a9b7f2962e06cf9de85e3e08ee8
2017-08-03 16:17:11 -07:00
Kate McKinley a85cfefb59 Bug 1380872 remove EV treatment for "China Internet Network Information Center EV Certificates Root" r=keeler
Disable EV treatment in preparation for removing the CNNIC root certificates
from NSS.

MozReview-Commit-ID: Anz1vXqABUM

--HG--
extra : rebase_source : 694d8321b9f5994fe57e81cb3169681c5e491910
2017-07-18 11:18:47 -07:00
Kate McKinley 67464ef73c Bug 1380821 remove EV treatment for UTN-USERFirst-Hardware r=keeler
The CA, Comodo, has requested that we remove the UTN-USERFirst-Hardware
root certificate from NSS. First remove EV treatment.

MozReview-Commit-ID: 8OTsevYOuKq

--HG--
extra : rebase_source : aabb219bcbee1c667bae29df618449df4b50d548
2017-07-18 11:28:26 -07:00
Nicholas Nethercote 3e439bb4f8 Bug 1376638 - Minimize uses of prmem.h. r=glandium.
It's silly to use prmem.h within Firefox code given that in our configuration
its functions are just wrappers for malloc() et al. (Indeed, in some places we
mix PR_Malloc() with free(), or malloc() with PR_Free().)

This patch removes all uses, except for the places where we need to use
PR_Free() to free something allocated by another NSPR function; in those cases
I've added a comment explaining which function did the allocation.

--HG--
extra : rebase_source : 0f781bca68b5bf3c4c191e09e277dfc8becffa09
2017-06-30 19:05:41 -07:00
Cykesiopka 0adca03a5d Bug 1368107 - Remove TransportSecurityInfo::GetHostNameRaw(). r=keeler
GetHostNameRaw() returns a char* string, which is less safe and ergonomic
compared to the Mozilla string classes. GetHostName() can be used instead.

MozReview-Commit-ID: GYvTnISNN35

--HG--
extra : rebase_source : da257f5fba2c26cd92d932c3d1d363458b84a65b
2017-06-03 13:35:51 +08:00
David Keeler 3e029fa5c8 bug 1359514 - remove EV treatment for "Swisscom Root EV CA 2" r=kmckinley
The "Swisscom Root EV CA 2" root is no longer in use and will be removed from
the built-in root CA list. However, we have to remove its EV treatment first.

MozReview-Commit-ID: 2TZRt5px7bl

--HG--
extra : rebase_source : 68902555ffe62a973cfaac3af531e96aa288a339
2017-05-25 13:55:15 -07:00
David Keeler 3ddfb3c1ce bug 1364159 - potentially avoid calling CERT_CreateSubjectCertList in NSSCertDBTrustDomain::FindIssuer r=Cykesiopka,jcj
CERT_CreateSubjectCertList is not an inexpensive function call, since it
enumerates the certificate database (i.e. reads from disk a lot). If we're
verifying for a TLS handshake, however, we should already have in memory a
certificate chain sent by the peer (there are some cases where we won't, such as
session resumption (see bug 731478)). If we can, we should use those
certificates before falling back to calling CERT_CreateSubjectCertList.

MozReview-Commit-ID: ASjVGsELb1O

--HG--
extra : rebase_source : 1efc635d4a98079c87f77ef3794e4b2f20eec59f
2017-05-11 16:41:12 -07:00
Cykesiopka 7b21c27198 Bug 1308143 - Clean up ExtendedValidation.cpp. r=keeler
In general, the changes here attempt to:
1. Fix up the style to match modern PSM style.
2. Shorten unnecessarily long code.
3. Reduce global scope pollution.

MozReview-Commit-ID: GFyqFgV0RLD

--HG--
extra : source : 8cb5ee464e42ff07324922abeffef00c7cb1fb1b
2017-05-09 00:53:21 +08:00
Cykesiopka a05d6a925c Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak --enable-warnings-as-errors builds. r=keeler
MSVC 2017 headers aren't warning free at the -Wall level.
Since PSM enables -Wall in some moz.build files, this breaks
--enable-warnings-as-errors builds.
As a temporary measure, disable enough warnings to get working builds.

MozReview-Commit-ID: G0oUsAYYct2

--HG--
extra : rebase_source : dc37783c89e66a54510c9940f9eaa5a4340ef43e
2017-05-05 00:41:33 +08:00
David Keeler c138b8d0b6 bug 1349312 - part 1/2: patch CT implementation to include debug-only test logs r=Cykesiopka,jcj
MozReview-Commit-ID: Gay4bliuiDc

This modifies getCTKnownLogs.py to inject 3 debug-only Certificate Transparency
log keys and 2 organizations ("Mozilla Test Org 1" and "2") for use with
integration tests. Also updates CTKnownLogs.h as generated by the python script.

The debug logs use the "default", "secp256r1", and "alternate" keys that are
already present in our testing infrastructure (see pykey.py).

--HG--
extra : rebase_source : 3d4fc736f840cd080fab6b8c6c5b53cc9361abf2
2017-04-19 14:02:26 -07:00
David Keeler 455ab646d3 bug 1337950 - work around failing to load a FIPS PKCS#11 module DB in NSS initialization r=Cykesiopka,jcj
Firefox essentially does not support running NSS in FIPS mode any longer. This
has always been the case on Android from what I can tell and it has been the
case on OS X since at least version 34 (see bug 1047584). It became the case on
Windows as of version 53 (see bug 1295937). Unfortunately, before this patch,
if a user attempted to run an affected version of Firefox using a profile
directory containing an NSS database collection that had FIPS enabled, NSS
initialization would fail and fall back to running in no DB mode, which had the
side-effect of making any saved passwords and certificates unavailable. This
patch attempts to detect and work around this failure mode by moving the
PKCS#11 module DB (which is where the FIPS bit is set) to a backup location and
basically running with a fresh, non-FIPS module DB. This allows Firefox to
initialize NSS with the preexisting key and certificate databases available.

MozReview-Commit-ID: 1E4u1ngZyRv

--HG--
rename : security/manager/ssl/tests/unit/test_sdr_preexisting.js => security/manager/ssl/tests/unit/test_broken_fips.js
rename : security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db => security/manager/ssl/tests/unit/test_broken_fips/key3.db
extra : rebase_source : 887f457e998d6e57c6536573fbe3cb10547fe154
2017-04-20 10:31:22 -07:00
David Keeler af0ce9fbd6 bug 1357226 - work around a library inefficiency with EC keys when verifying ECDSA signatures r=fkiefer,jcj
Calling VFY_VerifyDigestDirect causes the provided SECKEYPublicKey to be
reimported to the softoken regardless of if it already exists on it. EC keys
must be verified upon import (to see if the point is on the curve to avoid some
small subgroup attacks), and so repeatedly doing this with a static key (say,
for example, a key corresponding to a built-in certificate transparency log) is
inefficient. This patch alters the certificate transparency implementation to
import these keys each once and then use PK11_Verify for ECDSA signature
verification, which doesn't have the same drawback.

Since this change causes CertVerifier to hold an NSS resource (via its
MultiLogCTVerifier having a list of CTLogVerifier, each of which now has a
SECKEYPublicKey), nsNSSComponent has to make sure it goes away before shutting
down NSS. This patch ensures this happens in nsNSSComponent::ShutdownNSS().

MozReview-Commit-ID: 6VSmz7S53y2

--HG--
extra : rebase_source : 4994db9de80a6c1aec3d7e322ff30d040140ce92
2017-04-11 14:11:28 -07:00
David Keeler 07f34ebd2f bug 1352262 - make OCSP timeout values configurable r=Cykesiopka,jcj
The default OCSP timeout for soft-fail DV is still 2 seconds. This patch makes
it configurable on the interval (0, 5] seconds.

The default OCSP timeout for EV and hard-fail DV is still 10 seconds. This patch
makes it configurable on the interval (0, 20] seconds.

MozReview-Commit-ID: CPd8pwYrJhj

--HG--
extra : rebase_source : 45bd7d06ea013f0a776ea18be9408dedb18271d8
2017-03-31 15:21:40 -07:00
Adam Velebil 69da80395b Bug 1308100 - Replace PL_strlen/PL_strnlen with strlen/strnlen;r=erahm
MozReview-Commit-ID: CGnzomkIsi5
***
Bug 1308100 - Replace PL_strlen/PL_strnlen with strlen/strnlen;r?erahm

--HG--
extra : rebase_source : a14b1538ed91848ecd02fb4607bce4cb9b2ab7c4
2017-04-13 20:47:00 +02:00
David Keeler 47263aefb3 bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj
(adapted from bug 1349762 comment 0)
Google Trust Services (GTS) recently purchased two roots from GlobalSign that
are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC
Root CA - R4".

However, GTS does not have an EV audit, so we are going to turn off EV treatment
for both of those root certificates.

But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended
Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to
be used to migrate their customers off dependence on that root.

This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also
removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless
the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the
chain.

MozReview-Commit-ID: Ej9L9zTwoPN

--HG--
extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad
2017-04-03 17:17:38 -07:00
Cykesiopka 7995951109 Bug 1338897 - Avoid using NSS Base64 functions in PSM. r=keeler
The NSS Base64 functions are less safe and convenient to use than the XPCOM ones.
They're also an unnecessary dependency on NSS.

The NSS Base64 functions behave slightly differently than the XPCOM ones:
1. ATOB_ConvertAsciiToItem() / NSSBase64_DecodeBuffer() silently ignore invalid
   characters like CRLF, space and so on. Base64Decode() will return an error
   if these characters are encountered.
2. BTOA_DataToAscii() will produce output that has CRLF inserted every 64
   characters. Base64Encode() doesn't do this.

For the reasons listed below, no unexpected compatibility issues should arise:
1. AppSignatureVerification.cpp already filters out CRLF and spaces for Manifest
   and Signature values before decoding.
2. ExtendedValidation.cpp is only given what should be valid hard-coded input to
   decode.
3. ContentSignatureVerifier.cpp already splits on CRLF for when it needs to
   decode PEM certs. Spaces shouldn't be likely.
   For Content-Signature header verification, examination of real input to a
   running instance of Firefox suggests CRLF and spaces will not be present in
   the header to decode.
4. nsCryptoHash.cpp encode is affected, but we actually don't want the CRLF
   behaviour.
5. nsDataSignatureVerifier.cpp decode is affected, but we add whitespace
   stripping to maintain backwards compatibility.
6. nsKeygenHandler.cpp encode is affected, but the previous CRLF behaviour was
   arguably a bug, since neither WHATWG or W3C specs specified this.

MozReview-Commit-ID: IWMFxqVZMeX

--HG--
extra : rebase_source : 4863b2e5eabef0555e8e1ebe39216d0d9393f3e9
2017-03-17 23:31:40 +08:00
David Major ed12ea611f Bug 1346078: Remove nsAString_internal and just use the nsAString name directly. r=bsmedberg
MozReview-Commit-ID: DWDEDMIVKm7

--HG--
extra : rebase_source : 7fe8dc07c816dca234c67761e61cdee372a87e97
2017-03-10 15:17:23 +13:00
Joel Maher 41e6060a92 Bug 1344829 - add BUG_COMPONENT to security/* files. r=keeler
MozReview-Commit-ID: AS6e14FOqsb
2017-03-09 05:33:30 -05:00
Cykesiopka 0aa3a82f68 Bug 1310127 - Part 10: Handle netwerk/protocol/http MOZ_MUST_USE functions in PSM. r=wcpan
The only unhandled call updates nsHTTPListener::mHttpResponseContentType, but
nothing actually uses the value of mHttpResponseContentType.

MozReview-Commit-ID: FQXESvoO2ZN

--HG--
extra : rebase_source : 547158311de136054acff2539ea6a8bdbfb8227b
2016-12-28 16:25:22 +08:00
David Keeler 8fa9a9c682 bug 1294580 - prevent end-entity certificates from being their own trust anchors r=Cykesiopka
MozReview-Commit-ID: KaZaFG8AWwl

--HG--
extra : rebase_source : 8cba6d29febc73e65ff54bc754ab9d016e140d6f
2017-02-24 12:32:41 -08:00
Cykesiopka 90e8bc1b28 Bug 1026589 - Enable more GCC/Clang compiler warnings (-Wextra) for security/certverifier. r=keeler
Original patch by Camilo Viecco.

MozReview-Commit-ID: 4LWpueoyQHL

--HG--
extra : rebase_source : 85563711287ad851019c4031d97c1d309f066139
2017-02-23 23:19:55 +08:00
David Keeler fca1830f46 bug 1341905 - double-check that uses of CERT_LIST_* are safe in PSM r=jcj
MozReview-Commit-ID: BhGHd9xUUbP

--HG--
extra : amend_source : b7f8260719a3d918867a8ed7cf092e2909193bb5
2017-02-22 15:07:05 -08:00
Jeff Walden d5deea2a4f Bug 1338374 - Make Vector not use AlignedStorage for its inline element storage. r=froydnj, r=keeler
--HG--
extra : rebase_source : 81eb5278404b4843ed5a59819f6000f74200aa41
2017-01-30 15:56:05 -08:00
Kai Engert fb7e5cbb5d Bug 1324096, PSM should check the roots module for a flag, that allows to distinguish between Mozilla-CA-Policy CAs and other CAs, r=dkeeler 2017-02-22 18:02:48 +01:00
Jonathan Hao 4489e44dc2 Bug 1323644 - Isolate the HSTS and HPKP storage by first party domain (PSM) r=Cykesiopka,keeler
MozReview-Commit-ID: HhFFqtpBNjO

--HG--
extra : rebase_source : 980dfd035efc4886a7ca393923c2c2783cc76a7d
2017-02-14 10:29:10 +08:00