Crash annotations in content processes are currently sent over IPC via
shared memory buffers. To pave the way for the Rust rewrite of the exception
handler we are removing this code and gathering all the crash annotations
within the content processes themselves. This patch causes annotations to be
stored in the global table of each content process. They are then streamed
out to the parent process by the exception handler together with the
exception-time annotations.
This has a number of benefits:
* we have one less channel to exchange data between content processes and
the parent process
* we save memory because we don't need to allocate the shared memory buffers
* annotations are faster because we don't stream them all out every time one
changes
* we won't truncate annotations anymore if we run out of space in the shared
segment.
* we don't need delayed annotations anymore, so we can get rid of the
associated machinery
As I refactored the code I tried to adjust all the obsolete comments,
consolidate shared code and remove the redundant steps that were sometimes
present. In many places we had two entire crash annotation tables we merged to
change just a couple; that comes from the fact that historically we loaded
them from disk. Now it doesn't matter anymore and we can just go ahead and
change the ones we care about.
Differential Revision: https://phabricator.services.mozilla.com/D62586
--HG--
extra : moz-landing-system : lando
When a server requests a client certificate, it can include a list of
distinguished names that it considers valid issuers for client certificates
(either as direct issuers or as transitive issuers). Before this patch, the
platform would call CERT_FilterCertListByCANames to filter potential client
certificates by this list of names. This function uses the "classic" NSS
certificate path-building algorithm and thus can't make use of other
certificates that gecko may know about, such as third-party intermediates and
preloaded intermediates.
This patch implements client certificate filtering by re-using the path building
implementation provided by mozilla::pkix to determine if each certificate has an
issuer with a name included in the acceptable list. These issuers include
third-party intermediates, preloaded intermediates, and all certificates known
to NSS. Note that this implementation does not actually verify the client
certificates - no signatures are checked and no particular key usages are
enforced. However, some properties are enforced, such as validity periods.
Differential Revision: https://phabricator.services.mozilla.com/D68101
--HG--
rename : security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem.certspec => security/manager/ssl/tests/mochitest/browser/intermediate.pem.certspec
extra : moz-landing-system : lando
When the GPU sandbox is enabled, access to most of the filesystem is blocked.
The GPU process uses a directory, "%profiledir%/shader-cache", to cache
compiled shared for performance reasons. Not allowing access to that directory
results in a HUGE performance backslide when the sandbox is turned on.
Differential Revision: https://phabricator.services.mozilla.com/D67893
--HG--
extra : moz-landing-system : lando
This was generated with
```
cp .gitignore .rgignore
rg -l -g '*.{html,xhtml}' 'href="chrome://global/skin/"' | xargs sed -i "" 's/href\="chrome:\/\/global\/skin\/"/href\="chrome:\/\/global\/skin\/global.css"/g'
```
Differential Revision: https://phabricator.services.mozilla.com/D67687
--HG--
extra : moz-landing-system : lando
2020-04-03 Kevin Jacobs <kjacobs@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.51.1 final
[81a16f9b6562] [NSS_3_51_1_RTM] <NSS_3_51_BRANCH>
2020-04-01 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_51_1_BETA1 for changeset 581ed41d0a8d
[99b5a3b50511] <NSS_3_51_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D69651
--HG--
extra : moz-landing-system : lando
Revert setting CK_GCM_PARAMS ulIvBits, as this field won't exist until NSS 3.52.
Depends on D68665
Differential Revision: https://phabricator.services.mozilla.com/D68602
--HG--
extra : moz-landing-system : lando
Add rule to allow content processes to duplicate named pipes to other child
processes. This is why SetLockdownDefaultDacl wasn't working before because it
broke the local handle duplication.
This also reverts the change that was using USER_LIMITED from the start of the
process because that breaks DLL loading when installed somewhere that relies on
the user's own SID for access.
Differential Revision: https://phabricator.services.mozilla.com/D68850
--HG--
extra : moz-landing-system : lando
We've had some bugs where the sandboxed child process and/or the chroot
helper process deadlocks during launch, often reported by end users,
and it's confusing to have the mysterious hanging task inherit the name
of the launching thread; this patch fixes that by giving them more
informative names.
`prctl(PR_SET_NAME, ...)` is used directly, instead of via one of our
wrappers for it, to avoid the possibility of async signal unsafe
operations.
This doesn't name the pre-exec child process in the cases where regular
`fork()` is used, but as far as I know we haven't had any bugs (yet?)
where that would matter.
Differential Revision: https://phabricator.services.mozilla.com/D68134
--HG--
extra : moz-landing-system : lando
When a server requests a client certificate, it can include a list of
distinguished names that it considers valid issuers for client certificates
(either as direct issuers or as transitive issuers). Before this patch, the
platform would call CERT_FilterCertListByCANames to filter potential client
certificates by this list of names. This function uses the "classic" NSS
certificate path-building algorithm and thus can't make use of other
certificates that gecko may know about, such as third-party intermediates and
preloaded intermediates.
This patch implements client certificate filtering by re-using the path building
implementation provided by mozilla::pkix to determine if each certificate has an
issuer with a name included in the acceptable list. These issuers include
third-party intermediates, preloaded intermediates, and all certificates known
to NSS. Note that this implementation does not actually verify the client
certificates - no signatures are checked and no particular key usages are
enforced. However, some properties are enforced, such as validity periods.
Differential Revision: https://phabricator.services.mozilla.com/D68101
--HG--
rename : security/manager/ssl/tests/mochitest/browser/pgo-ca-regular-usages.pem.certspec => security/manager/ssl/tests/mochitest/browser/intermediate.pem.certspec
extra : moz-landing-system : lando
This patch initializes the ulIvBits member of CK_GCM_PARAMS, which is new in PKCS11 v3.
For libprio, we instead define NSS_PKCS11_2_0_COMPAT, which yields the old struct definition.
Differential Revision: https://phabricator.services.mozilla.com/D67740
--HG--
extra : moz-landing-system : lando
This patch removes `test_delegated_credentials_weak` (which only applies to RSA DCs currently), as RSA DCs are effectively unsupported by Firefox.
Differential Revision: https://phabricator.services.mozilla.com/D67406
--HG--
extra : moz-landing-system : lando
2020-03-23 Kevin Jacobs <kjacobs@mozilla.com>
* lib/softoken/pkcs11.c:
Bug 1624402 - Fix compilation error when NO_FORK_CHECK and
CHECK_FORK_* are defined r=rrelyea
[0225889e5292] [tip]
* lib/util/pkcs11.h:
Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed.
r=rrelyea
[7ab62d3d0445]
2020-03-17 Robert Relyea <rrelyea@redhat.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsoftokn3.so.txt, cmd/pk11mode/pk11mode.c,
lib/pk11wrap/pk11load.c, lib/pk11wrap/secmodi.h,
lib/pk11wrap/secmodt.h, lib/softoken/fipstokn.c,
lib/softoken/manifest.mn, lib/softoken/pkcs11.c,
lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h,
lib/softoken/sftkmessage.c, lib/softoken/softoken.gyp,
lib/softoken/softoken.h, lib/softoken/softokn.def,
lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h,
nss/automation/abi-check/new-report-libnss3.so.txt, nss/automation
/abi-check/new-report-libsoftokn3.so.txt:
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=ueno r=mt
Update to PKCS #11 v3.0 part 2.
Create the functions and switch to the C_Interface() function to
fetch the PKCS #11 function table. Also PKCS #11 v3.0 uses a new
fork safe interface. NSS can already handle the case if the PKCS #11
module happens to be fork safe (when asked by the application to
refresh the tokens in the child process, NSS can detect that such a
refresh is not necessary and continue. Softoken could also be put in
fork_safe mode with an environment variable. With this patch it's
the default, and NSS asks for the fork safe API by default.
Technically softoken should implement the old non-fork safe
interface when PKCS #11 v2.0 is called, but NSS no longer needs it,
and doing so would double the number of PKCS #11 interfaces are
needed. You can still compile with fork unsafe semantics, and the
PKCS #11 V3.0 module will do the right thing and not include the
fork safe flag. Firefox does not fork(), so for firefox this is
simply code that is no longer compilied.
We now use C_GetInterface, which allows us to specify what kind of
interface we want (PKCS #11 v3.0, PKCS #11 v2.0, fork safe, etc.).
Vendor specific functions can now be accessed through the
C_GetInterface. If the C_GetInterface function does not exists, we
fall bak to the old C_GetFunctionList.
There are 24 new functions in PKCS #11 v3.0: C_GetInterfaceList -
return a table of all the supported interfaces C_GetInterface -
return a specific interface. You can specify interface name, version
and flags separately. You can leave off any of these and you will
get what the token thinks is the best match of the interfaces that
meet the criteria. We do this in softoken by the order of the
interface list. C_SessionCancel - Cancel one or more multipart
operation C_LoginUser - Supply a user name to C_Login(). This
function has no meaning for softoken, so it just returns
CKR_OPERATION_NOT_INITIALIZED under the theory that if we in the
future want to support usernames, the NSS db would need special
initialization to make that happen. C_Message* and C_*Message* (20
functions in all) are the new AEAD interface (they are written
generally so that it can be used for things other than AEAD). In
this patch they are unimplemented (see the next patch).
This patch adds regular (NSC_) and FIPS (FC_) versions of these
functions. Also when creating the PKCS #11 v2.0 interface, we had to
create a 2.0 specific version of C_GetInfo so that it can return a
2.40 in the CK_VERSION field rather than 3.00. We do this with
#defines since all the function tables are generated automagically
with pkcs11f.h.
[2364598f8a36]
2020-03-18 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/mpi/mpcpucache.c:
Bug 1623184 - Clear ECX prior to cpuid, fixing query for Extended
Features r=bbeurdouche
While trying to benchmark the recent HACL* AVX2 code, I noticed that
it was not being called on two machines (that both support AVX2),
instead using only the AVX version.
In order to query for Extended Features (cpuid with EAX=7), we also
need to set ECX to 0: https://www.intel.com/content/www/us/en
/architecture-and-technology/64-ia-32-architectures-software-
developer-vol-2a-manual.html. The current code fails to do this,
resulting in flags that show no support.
Initially, I wrote a separate `freebl_cpuid_ex` function that
accepted a value for ECX as a separate input argument. However, some
definitions of `freebl_cpuid` already zero ECX, so making this
consistent is the simplest way to get the desired behavior.
With this patch, the two test machines (MacOS and Linux x64)
correctly use the AVX2 ChaCha20Poly1305 code.
[06d41fe87c58]
2020-02-18 Robert Relyea <rrelyea@redhat.com>
* cmd/bltest/blapitest.c, cmd/fipstest/fipstest.c,
cmd/lib/pk11table.c, cmd/pk11gcmtest/pk11gcmtest.c,
cmd/shlibsign/shlibsign.c,
gtests/pk11_gtest/pk11_aes_gcm_unittest.cc,
gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/certdb/crl.c,
lib/ckfw/dbm/db.c, lib/dev/devslot.c, lib/dev/devtoken.c,
lib/dev/devutil.c, lib/freebl/fipsfreebl.c, lib/freebl/gcm.c,
lib/freebl/intel-gcm-wrap.c, lib/pk11wrap/debug_module.c,
lib/pk11wrap/dev3hack.c, lib/pk11wrap/pk11akey.c,
lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11err.c, lib/pk11wrap/pk11load.c,
lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11merge.c,
lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11pk12.c,
lib/pk11wrap/pk11pqg.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/pk11slot.c, lib/pk11wrap/pk11util.c, lib/pkcs12/p12d.c,
lib/pkcs12/p12e.c, lib/softoken/fipstokn.c,
lib/softoken/legacydb/lgattr.c, lib/softoken/legacydb/lgcreate.c,
lib/softoken/legacydb/lgfind.c, lib/softoken/legacydb/lginit.c,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sftkdb.c,
lib/softoken/sftkpwd.c, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c,
lib/ssl/tls13con.c, lib/util/pkcs11.h, lib/util/pkcs11f.h,
lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secoid.c, nss-
tool/enc/enctool.cc:
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye
This patch implements the first phase: updating the headers.
lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h
Were updated using the released OASIS PKCS #11 v3.0 header files.
lib/util/pkcs11n.h was updated to finally deprecate all uses of
CK?_NETSCAPE_?.
A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the
small semantic changes (including the removal of deprecated defines)
between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are
reverted in favor of the PKCS #11 v2 definitions. This include the
removal of CK?_NETSCAPE_? in favor of CK?_NSS_?.
One notable change was caused by an inconsistancy between the spec
and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an
extra field in the header that was not in the spec. OASIS considers
the header file to be normative, so PKCS #11 v3.0 resolved the issue
in favor of the header file definition. NSS had the spec definition,
so now there are 2 defines for this structure:
CK_NSS_GCM_PARAMS - the old nss define. Still used internally in
freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer
referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if
NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.
Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.
One other semantic difference between the 3.0 version of pkcs11f.h
and the version here: In the oasis version of the header, you must
define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In
our version you must define CK_PKCS11_3 to get the PCKS #11 v3
defines.
Most of this patch is to handle changing the deprecated defines that
have been removed in PCKS #11 v3 from NSS.
[b5d90a7fe217]
2020-03-16 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/SSLerrs.h,
lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslimpl.h,
lib/ssl/sslt.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13subcerts.c,
tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh:
Bug 1617968 - Update Delegated Credentials implementation to
draft-07 r=mt
Remove support for RSAE in delegated credentials (both in DC
signatures and SPKIs), add SignatureScheme list functionality to
initial DC extension.
[44eb9e27d946]
2020-03-13 Robert Relyea <rrelyea@redhat.com>
* cmd/fipstest/fipstest.c:
Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea
p=cipherboy
When testing Bug 1608245, I realized that I had inadvertently broken
fipstest.c's handling of KI and KI_len. This lead to it passing
bogus keys (with unusually large lengths exceeding the bounds of
sizeof KI) to kbkdf_Dispatch(...).
This uses Bob Relyea's suggestion on how to handle this: detect the
size of KI when processing the mech selection, storing KI_len there.
This simplifies reading of the KI value in later code.
[d7b12847a650]
* lib/softoken/kbkdf.c:
Bug 1608245 KBKDF - Consistently handle NULL slot/session r=kjacobs
Patch by cipherboy, review by kjacobs.
Per Bug 1607955, the KBKDF code introduced in Bug 1599603 confused
Coverity with a elided NULL check on
sftk_SlotFromSessionHandle(...). While Coverity is incorrect (and
the behavior is fine as-is), it isn't consistent with the KBKDF
code's handling of sftk_SessionFromHandle(...) (which is NULL
checked).
This brings these two call sites into internal consistency.
[4c43bc0998f3]
Differential Revision: https://phabricator.services.mozilla.com/D67966
--HG--
extra : moz-landing-system : lando
Crash annotations in content processes are currently sent over IPC via
shared memory buffers. To pave the way for the Rust rewrite of the exception
handler we are removing this code and gathering all the crash annotations
within the content processes themselves. This patch causes annotations to be
stored in the global table of each content process. They are then streamed
out to the parent process by the exception handler together with the
exception-time annotations.
This has a number of benefits:
* we have one less channel to exchange data between content processes and
the parent process
* we save memory because we don't need to allocate the shared memory buffers
* annotations are faster because we don't stream them all out every time one
changes
* we won't truncate annotations anymore if we run out of space in the shared
segment.
* we don't need delayed annotations anymore, so we can get rid of the
associated machinery
As I refactored the code I tried to adjust all the obsolete comments,
consolidate shared code and remove the redundant steps that were sometimes
present. In many places we had two entire crash annotation tables we merged to
change just a couple; that comes from the fact that historically we loaded
them from disk. Now it doesn't matter anymore and we can just go ahead and
change the ones we care about.
Differential Revision: https://phabricator.services.mozilla.com/D62586
--HG--
extra : moz-landing-system : lando
When the launcher process is enabled, we run `RestoreImportDirectory` twice as
below. This patch removes the 1st one.
1st call:
xul!mozilla::SandboxBroker::LaunchApp
--> xul!mozilla::RestoreImportDirectory
2nd call:
xul!mozilla::SandboxBroker::LaunchApp
--> firefox!mozilla::InitializeDllBlocklistOOP
--> firefox!mozilla::InitializeDllBlocklistOOPInternal
--> firefox!mozilla::RestoreImportDirectory
To handle the case where the launcher process is disabled, we need to call
`RestoreImportDirectory` from `InitializeDllBlocklistOOP` if the browser
process is not bootstrapped.
Differential Revision: https://phabricator.services.mozilla.com/D62853
--HG--
extra : moz-landing-system : lando
OSKeyStore doesn't need its own thread and can use the background thread pool instead.
Differential Revision: https://phabricator.services.mozilla.com/D66692
--HG--
extra : moz-landing-system : lando
PKCS#11 requires that serial numbers be DER-encoded (essentially, the bytes of
the serialNumber component of TBSCertificate). On macOS,
SecCertificateCopySerialNumberData gives the contents of this component (so it
lacks the tag and length fields, and may or may not have leading 00 or FF bytes
to indicate sign). On Windows, CERT_INFO.SerialNumber is the value of the
integer with the least significant byte first, which is the opposite of DER
(which has the most significant byte first). It also lacks any leading 00 or FF
sign bytes. Since the OS APIs can't be used here, this patch introduces a
utility function to grab the value of the serialNumber component of a
DER-encoded certificate.
Differential Revision: https://phabricator.services.mozilla.com/D66327
--HG--
extra : moz-landing-system : lando
Before this patch, PSM would register content type handlers to handle certain
certificate types. This was an easy way to install a client certificate after
generating a key with <keygen>, but keygen has been removed. This was also an
easy way to install root certificates, but that's actually a considerable
security risk. We kept this functionality for so long because it was the only
way to add a 3rd-party root certificate to Fennec's certificate store. Now that
Fennec is EOL, we can remove it. (Fenix will need a way to trust 3rd party root
certificates, but the path forward there is to implement the enterprise roots
feature for Android.)
Differential Revision: https://phabricator.services.mozilla.com/D66118
--HG--
extra : moz-landing-system : lando
Bug 1512471 added VerifySSLServerCertParent.cpp, which uses
SSLServerCertVerificationJob::Dispatch, which isn't exposed in a header. It
works in unified builds where the chunking happens to put that file with
SSLServerCertVerification.cpp, but when that changes the build breaks.
Similarly, VerifySSLServerCertChild.cpp uses gPIPNSSLog without declaring it.
Differential Revision: https://phabricator.services.mozilla.com/D66618
--HG--
extra : moz-landing-system : lando
The special handling of PR_SET_NO_NEW_PRIVS can't be overridden with
Allow(); otherwise every thread in the process will repeatedly apply
copies of the policy to itself until it reaches whatever limits the
kernel imposes, and then we crash so we don't continue execution
seemingly unsandboxed. (See also bug 1257361.)
The prctl policy for the socket process is still allow-all after this
patch; it just prevents crashing the socket process on startup on
kernels before 3.17 (which don't support applying the policy atomically
to all threads).
This patch also adds a comment to try to document this failure mode.
Differential Revision: https://phabricator.services.mozilla.com/D66523
--HG--
extra : moz-landing-system : lando
This adds AddRestrictingRandomSid feature, which fixes our issues with
SetLockdownDefaultDacl, apart from when we are running from a network drive.
Differential Revision: https://phabricator.services.mozilla.com/D66610
--HG--
extra : moz-landing-system : lando
This adds AddRestrictingRandomSid feature, which fixes our issues with
SetLockdownDefaultDacl, apart from when we are running from a network drive.
Differential Revision: https://phabricator.services.mozilla.com/D66610
--HG--
extra : moz-landing-system : lando
Add, but don't enable, a sandbox policy to be used with the socket process.
A follow-up fix (bug 1611288) will change the socket process code to use the
sandbox. The macOS socket sandbox is similar to the utility sandbox (only
used for the RDD process), with additions to allow networking I/O, access to
files for DNS resolution, access to certificate stores, and notifications about
network configuration changes.
Differential Revision: https://phabricator.services.mozilla.com/D64682
--HG--
extra : moz-landing-system : lando
Crash annotations in content processes are currently sent over IPC via
shared memory buffers. To pave the way for the Rust rewrite of the exception
handler we are removing this code and gathering all the crash annotations
within the content processes themselves. This patch causes annotations to be
stored in the global table of each content process. They are then streamed
out to the parent process by the exception handler together with the
exception-time annotations.
This has a number of benefits:
* we have one less channel to exchange data between content processes and
the parent process
* we save memory because we don't need to allocate the shared memory buffers
* annotations are faster because we don't stream them all out every time one
changes
* we won't truncate annotations anymore if we run out of space in the shared
segment.
* we don't need delayed annotations anymore, so we can get rid of the
associated machinery
As I refactored the code I tried to adjust all the obsolete comments,
consolidate shared code and remove the redundant steps that were sometimes
present. In many places we had two entire crash annotation tables we merged to
change just a couple; that comes from the fact that historically we loaded
them from disk. Now it doesn't matter anymore and we can just go ahead and
change the ones we care about.
Differential Revision: https://phabricator.services.mozilla.com/D62586
--HG--
extra : moz-landing-system : lando
Cherry-picking the following commits from Chromium to keep file_version_info_win.cpp
up-to-date.
1. Use StringPiece rather than std::string for Version parsing.
15a9d1733f
2. [Cleanup] Un-const the result of base::Version::GetString()
fde745d058
3. Export Windows file version as base::Version
e93de3a37d
4. Tidy FileVersionInfoWin.
4bb23ded3a
Differential Revision: https://phabricator.services.mozilla.com/D65802
Depends on D65744
This patch partially implements `FileVersionInfoWin` and `base::FilePath` class of
Chromium sandbox so that a coming patch can use `base::win::OSInfo::Kernel32BaseVersion()`.
Differential Revision: https://phabricator.services.mozilla.com/D65744
2020-03-06 Kevin Jacobs <kjacobs@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.51 final
[d3e6d637eaec] [NSS_3_51_RTM] <NSS_3_51_BRANCH>
2020-03-03 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_51_BETA2 for changeset 6e610ed9b196
[bea0b3a5d451] <NSS_3_51_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D65817
--HG--
extra : moz-landing-system : lando
When socket process is enabled, parent process needs some information in `CommonSocketControl`, but `CommonSocketControl` is only accessible in socket process.
This patch moves some data members from `CommonSocketControl` to `nsTransportSecurityInfo` and make it possible for parent process to get the needed data.
Differential Revision: https://phabricator.services.mozilla.com/D64084
--HG--
extra : moz-landing-system : lando
2020-02-27 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp,
gtests/ssl_gtest/ssl_masking_unittest.cc,
gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h,
gtests/ssl_gtest/tls_hkdf_unittest.cc,
gtests/ssl_gtest/tls_protect.cc, lib/ssl/dtls13con.c,
lib/ssl/ssl3con.c, lib/ssl/ssl3prot.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslprimitive.c,
lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13esni.c,
lib/ssl/tls13hkdf.c, lib/ssl/tls13hkdf.h, lib/ssl/tls13replay.c:
Bug 1608892 - Update DTLS 1.3 to draft-34 r=mt
This patch updates the DTLS 1.3 implementation to draft-34. Notable
changes:
1) Key separation via `ssl_protocol_variant`. 2) No longer apply
sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed
removal of workarounds for unpadded (<16B) ciphertexts being used as
input to `SSL_CreateMask`. 3) Compile ssl_gtests in
`UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all
gtests are compiled this way if `--fuzz`, but lib/ssl only if
`--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode,
but not lib/ssl, since the masking mismatch will break filters). 4)
Parameterize masking tests, as appropriate. 5) Reject non-empty
legacy_cookie, and test. 6) Reject ciphertexts <16B in length in
`dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`).
[52a75c5373ef] [tip]
2020-02-24 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr>
* lib/cryptohi/secsign.c:
Bug 1617387 fix compiler warning r=jcj
[ab0e7e272e36]
2020-02-24 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/p384ecdh-vectors.h,
gtests/common/testvectors/p521ecdh-vectors.h,
gtests/common/wycheproof/genTestVectors.py,
gtests/common/wycheproof/source_vectors/ecdh_secp384r1_test.json,
gtests/common/wycheproof/source_vectors/ecdh_secp521r1_test.json,
gtests/pk11_gtest/pk11_ecdh_unittest.cc:
Bug 1612259 - Add Wycheproof vectors for P384 and P521 ECDH.
r=bbeurdouche
[badb4da1ec85]
2020-02-19 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mplogic.h:
Bug 1609751 - Additional tests for mp_comba r=mt
Verify that when clamping, the upper 4 bytes of an `mp_digit` is
checked.
[a5e8c14016cd]
2020-02-19 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr>
* lib/freebl/ecl/ecp_25519.c:
Bug 1561337: fix compiler warning r=jcj
[4c771e6a79db]
Differential Revision: https://phabricator.services.mozilla.com/D64683
--HG--
extra : moz-landing-system : lando
WebAuthn needs to write a test to confirm it's prohibited when accessed via
an IP address. This adds the capability to get a SecureContext for an IP host.
It uses 127.0.0.2 so as to bypass restrictions on 127.0.0.1, and the use of .1
as a special-market in ssltunnel.
Differential Revision: https://phabricator.services.mozilla.com/D63570
--HG--
extra : moz-landing-system : lando
Introduced in:
8aeca4fa64
Shipping in glib 2.63.5 (available in Debian experimental)
Thanks to @padenot for the suggestion!
Differential Revision: https://phabricator.services.mozilla.com/D63451
--HG--
extra : moz-landing-system : lando
This removes `nsAutoPtr` usage from ipc/. security/ failed to build due to missing includes so I fixed that as well. IDB was using `ThreadLocal` from ipc which had a member changed to a `UniquePtr` so needed to be updated as well. localstorage was missing some includes.
Differential Revision: https://phabricator.services.mozilla.com/D63745
--HG--
extra : moz-landing-system : lando
On macOS, dynamic libraries with thread-local-storage don't get unloaded. So,
if the osclientcerts library gets "unloaded", it doesn't actually go away. We
stop its background thread, so this isn't a problem, but if the osclientcerts
library gets re-enabled, all of its state comes back the same as before. So,
when NSS calls C_Initialize again, things like the manager proxy will already
be initialized. Before this patch, this situation would be an error. This patch
handles this case by dropping the old manager proxy and creating a new one.
Differential Revision: https://phabricator.services.mozilla.com/D63264
--HG--
extra : moz-landing-system : lando
Before this, every time NSS wanted to open a new session (C_OpenSession),
osclientcerts would look for new client certificates/keys in the OS store. It
turns out, NSS wants to open new sessions often, so this was slow. This patch
adds a timestamp to the manager and ensures that it searches for new objects no
more than once every 3 seconds.
Additionally, this patch adds the optimization that if NSS tries to search for
PKCS#11 objects with attributes that osclientcerts doesn't support,
osclientcerts returns an empty search early, rather than enumerating every
object and finding no matches.
In the future we may need to be smarter about how we match objects during
searches. Rather than iterating through every object, we could build lookup
tables that would be much more time efficient.
Differential Revision: https://phabricator.services.mozilla.com/D62982
--HG--
extra : moz-landing-system : lando
2020-02-18 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/dtlscon.c,
lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c:
Bug 1615208 - Send DTLS version numbers in DTLS 1.3
supported_versions extension r=mt
This patch modifies `supported_versions` encodings to reflect DTLS
versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include
`[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd,
0xfeff]`, causing compatibility issues.
[9e0d34a6cf91] [tip]
2020-02-12 Mikael Urankar <mikael.urankar@gmail.com>
* lib/freebl/Makefile, lib/freebl/freebl.gyp:
Bug 1612177 - Set -march=armv7 when compiling gcm-arm32-neon, in
order to enable NEON code generation.
[4413841bd26d]
2020-02-14 Dmitry Baryshkov <dbaryshkov@gmail.com>
* gtests/freebl_gtest/blake2b_unittest.cc, lib/freebl/blake2b.c:
Bug 1431940 - remove dereference before NULL check in BLAKE2B code.
r=kjacobs
[5e661906698f]
2020-02-12 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/sslnonce.c:
Bug 1614870 - Free sid->peerID before reallocating in
ssl_DecodeResumptionToken. r=mt
This patch adds a missing `PORT_Free()` when reallocating
`sid->PeerID`, and adds a test for a non-empty PeerID.
[1eb4e00b016e]
Differential Revision: https://phabricator.services.mozilla.com/D63220
--HG--
extra : moz-landing-system : lando
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.
Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D60919
--HG--
extra : moz-landing-system : lando
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.
Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D60919
--HG--
extra : moz-landing-system : lando
See bug 1613275 and bug 1607845. In bug 1607845, the aim was to regenerate all
test certificates that would be expiring. Unfortunately, a few were missed:
* build/pgo/certs/ certificate DBs and mochitest.client are regenerated in a
different way than the rest of the certificates in bug 1607845. These would
probably best be addressed by formally documenting the process of
re-generating all of the certificates.
* security/manager/ssl/tests/unit/test_certDB_import/ certificates were
missed by mistake. It's unclear how this happened.
* security/manager/ssl/tests/unit/test_intermediate_preloads/ were missed
because there was no test_intermediate_preloads entry in the TEST_DIRS
section of security/manager/ssl/tests/unit/moz.build, which means that the
build system never knew to re-generate those certificates, even after
un-commenting-out the contents of
security/manager/ssl/tests/unit/test_intermediate_preloads/moz.build
* security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.der
was DER, not PEM, and we don't have a way to automatically re-generate DER
certificates in the same way. However, it didn't even need to be DER.
Differential Revision: https://phabricator.services.mozilla.com/D61712
--HG--
extra : moz-landing-system : lando
GENERATED_FILES now defaults to python3 unless py2=True is specified as
an argument. All existing GENERATED_FILES scripts and GeneratedFile
templates have the py2=True attribute added, so this patch should
effectively be a no-op.
Going forward, individual scripts can be converted to python3 and their
corresponding py2=True attribute can be deleted. In effect, this patch
will be backed out in pieces until all scripts run in python3, at which
point the py2 attribute itself can be removed.
Differential Revision: https://phabricator.services.mozilla.com/D60919
--HG--
extra : moz-landing-system : lando
2020-02-10 Robert Relyea <rrelyea@redhat.com>
* lib/freebl/cmac.c:
Bug 1610687 - Crash on unaligned CMACContext.aes.keySchedule when
using AES-NI intrinsics r=kjacobs
[046a6f5bfb27]
* lib/util/pkcs11t.h:
Bug 1611209 - Value of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL are
swapped r=rrelyea
[df142975f4f6]
2020-02-11 Victor Tapia <victor.tapia@canonical.com>
* lib/pk11wrap/pk11util.c, lib/sysinit/nsssysinit.c:
Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS
is not enabled on build r=jcj,rrelyea
[55ba54adfcae]
2020-02-11 J.C. Jones <jjones@mozilla.com>
* lib/sysinit/nsssysinit.c:
Bug 1614786 - Fixup for ‘getFIPSEnv’ being unused r=kjacobs
Fixes a regression from Bug 1582169
../../lib/sysinit/nsssysinit.c:153:1: error: ‘getFIPSEnv’ defined
but not used [-Werror=unused-function]
[06925efe306b]
2020-02-11 Dana Keeler <dkeeler@mozilla.com>
* cmd/lib/secutil.c,
lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c:
bug 1538980 - null-terminate ascii input in SECU_ReadDERFromFile so
strstr is safe to call r=jcj,kjacobs
[735ed2e47040] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D62451
--HG--
extra : moz-landing-system : lando
This patch implements osclientcerts for macOS.
Because the SDK we build with isn't recent enough, some of the functions we
need aren't guaranteed to be available. To handle this, we load the Security
framework at runtime and attempt to locate the symbols we need. If this
succeeds, then operation proceeds as normal. Otherwise, the module will report
that there are no certificates/keys available.
Differential Revision: https://phabricator.services.mozilla.com/D59957
--HG--
extra : moz-landing-system : lando
This patch implements osclientcerts for macOS.
Because the SDK we build with isn't recent enough, some of the functions we
need aren't guaranteed to be available. To handle this, we load the Security
framework at runtime and attempt to locate the symbols we need. If this
succeeds, then operation proceeds as normal. Otherwise, the module will report
that there are no certificates/keys available.
Differential Revision: https://phabricator.services.mozilla.com/D59957
--HG--
extra : moz-landing-system : lando
2020-02-07 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.50 final
[5bb3927fa234] [NSS_3_50_RTM] <NSS_3_50_BRANCH>
2020-02-05 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA2 for changeset b91bbf7a88c9
[a8656c823c1f] <NSS_3_50_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D62106
--HG--
extra : moz-landing-system : lando
See bug 1613275 and bug 1607845. In bug 1607845, the aim was to regenerate all
test certificates that would be expiring. Unfortunately, a few were missed:
* build/pgo/certs/ certificate DBs and mochitest.client are regenerated in a
different way than the rest of the certificates in bug 1607845. These would
probably best be addressed by formally documenting the process of
re-generating all of the certificates.
* security/manager/ssl/tests/unit/test_certDB_import/ certificates were
missed by mistake. It's unclear how this happened.
* security/manager/ssl/tests/unit/test_intermediate_preloads/ were missed
because there was no test_intermediate_preloads entry in the TEST_DIRS
section of security/manager/ssl/tests/unit/moz.build, which means that the
build system never knew to re-generate those certificates, even after
un-commenting-out the contents of
security/manager/ssl/tests/unit/test_intermediate_preloads/moz.build
* security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.der
was DER, not PEM, and we don't have a way to automatically re-generate DER
certificates in the same way. However, it didn't even need to be DER.
Differential Revision: https://phabricator.services.mozilla.com/D61712
--HG--
extra : moz-landing-system : lando
Upstream patch:
6bd491daaf%5E%21/#F0
_sifields is a glibc-internal field, and is not available on musl
libc. Instead, use the public-facing fields si_call_addr, si_syscall,
and si_arch, if they are available.
Differential Revision: https://phabricator.services.mozilla.com/D61051
--HG--
extra : moz-landing-system : lando
2020-02-05 J.C. Jones <jjones@mozilla.com>
* lib/softoken/exports.gyp, lib/softoken/manifest.mn,
lib/softoken/pkcs11.c, lib/softoken/sftkdb.c,
lib/softoken/softoken.gyp:
Bug 1609673 - Conditionally compile out all libnssdbm glue if
NSS_DISABLE_DBM is set r=mt
Remove `lgglue` from compilation entirely if DBM is disabled
[b91bbf7a88c9] [NSS_3_50_BETA2] <NSS_3_50_BRANCH>
2020-02-04 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA1 for changeset de6ba04bb1f4
[1201d0d89b72] <NSS_3_50_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D61770
--HG--
extra : moz-landing-system : lando
In order to reuse SSLServerCertVerificationJob, this patch exposes SSLServerCertVerificationJob and adds ServerCertVerificationResultCallback for delivering the verification result.
Differential Revision: https://phabricator.services.mozilla.com/D58604
--HG--
extra : moz-landing-system : lando
2020-02-03 Kai Engert <kaie@kuix.de>
* automation/release/nspr-version.txt:
Bug 1612623 - NSS 3.50 should depend on NSPR 4.25. r=kjacobs
[de6ba04bb1f4] [NSS_3_50_BETA1]
2020-01-27 Giulio Benetti <giulio.benetti@benettiengineering.com>
* coreconf/config.gypi, coreconf/config.mk, lib/freebl/Makefile,
lib/freebl/freebl.gyp, lib/freebl/gcm.h:
Bug 1608151 - Introduce NSS_DISABLE_ALTIVEC and disable_altivec
r=jcj
At the moment NSS assumes that every PowerPC64 architecture supports
Altivec but it's not true and this leads to build failure. So add
NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for
gyp) to disable Altivec extension on PowerPC build that don't
support Altivec.
[f2d947817850]
Differential Revision: https://phabricator.services.mozilla.com/D61574
--HG--
extra : moz-landing-system : lando
2020-01-27 J.C. Jones <jjones@mozilla.com>
* lib/freebl/blinit.c:
Bug 1602386 - clang-format r=bustage
[4bf79c4d2954] [tip]
2020-01-27 Piotr Kubaj <pkubaj@FreeBSD.org>
* lib/freebl/Makefile, lib/freebl/blinit.c:
Bug 1602386 - Fix build on FreeBSD/powerpc platforms. r=jcj
FreeBSD has elf_aux_info instead of getauxval, but only since
FreeBSD 12. Previous versions (11 is still supported) don't have any
equivalent and users need to query sysctl manually.
[f2ac5e318886]
2020-01-27 Jan Beich <jbeich@FreeBSD.org>
* lib/freebl/blinit.c:
Bug 1609181 - Detect ARM CPU features on FreeBSD. r=jcj
Implement `getauxval` via `elf_aux_info` to avoid code duplication.
`AT_HWCAP*` can be used on powerpc* and riscv64 as well.
[edb60bae9219]
2020-01-22 Martin Thomson <mt@lowentropy.net>
* lib/zlib/README, lib/zlib/README.nss, lib/zlib/adler32.c,
lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h,
lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzguts.h,
lib/zlib/gzlib.c, lib/zlib/gzread.c, lib/zlib/gzwrite.c,
lib/zlib/infback.c, lib/zlib/inffast.c, lib/zlib/inffixed.h,
lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c,
lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c,
lib/zlib/zconf.h, lib/zlib/zlib.h, lib/zlib/zutil.c,
lib/zlib/zutil.h:
Bug 1547639 - Update zlib to 1.2.11, r=jcj
[91f3f0749d0b]
* lib/zlib/README.nss, lib/zlib/config.mk, lib/zlib/example.c,
lib/zlib/manifest.mn, lib/zlib/minigzip.c, lib/zlib/vendor.sh,
lib/zlib/zlib.gyp:
Bug 1547639 - Automatic vendoring of zlib, r=jcj
[fc128963a9aa]
Differential Revision: https://phabricator.services.mozilla.com/D61126
--HG--
extra : moz-landing-system : lando
At this point, there is no consumer that uses ContentBlockingLog stored
in the child. This patch removes the following code:
1. Removing nsGlobalWindowOuter::NotifyContentBlockingEvent
2. Removing nsDocLoader::OnContentBlockingEvent
3. Removing contentBlockingEvent in nsISecureBrowserUI.idl
4. Removing mContentBlockingLog from Document.cpp and APIs related to it.
Differential Revision: https://phabricator.services.mozilla.com/D56874
--HG--
extra : moz-landing-system : lando
At this point, there is no consumer that uses ContentBlockingLog stored
in the child. This patch removes the following code:
1. Removing nsGlobalWindowOuter::NotifyContentBlockingEvent
2. Removing nsDocLoader::OnContentBlockingEvent
3. Removing contentBlockingEvent in nsISecureBrowserUI.idl
4. Removing mContentBlockingLog from Document.cpp and APIs related to it.
Differential Revision: https://phabricator.services.mozilla.com/D56874
--HG--
extra : moz-landing-system : lando
MozTrees persist column ordering using the XUL persist="ordinal" attribute. This patch synchronizes MozTree with that old mechanism to restore the ability to save and restore column ordering. Because the persist data will be stored in the same place as before, this should prevent people from losing their column ordering data without requiring data migration.
Differential Revision: https://phabricator.services.mozilla.com/D59763
--HG--
extra : rebase_source : 0474619cb817263d7a56b970c44cf8987d719355
extra : histedit_source : d8ed787170f5dd3ac6e19bf318e1a69c9ad0eac5
2020-01-22 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c:
Bug 1606992 - Follow-up to also cache most recent PBKDF1 hash (in
addition to PBKDF2 hash). r=kjacobs
[cd55a3a90502] [tip]
2020-01-22 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/aes-x86.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h:
Bug 1608493 - Use AES-NI intrinsics for CBC and ECB decrypt when no
assembly implementation is available. r=mt
AES-NI is currently not used for //CBC// or //ECB decrypt// when an
assembly implementation (`intel-aes.s` or `intel-
aes-x86/64-masm.asm`) is not available. Concretely, this is the case
on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch
adds the plumbing to use AES-NI intrinsics when available.
Before: ``` mode in symmkey opreps cxreps context op time(sec)
thrgput aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb aes_cbc_e
78Mb 256 10T 0 0.000 392.000 0.393 198Mb aes_cbc_d 78Mb 256 10T 0
0.000 425.000 0.425 183Mb
```
After: ``` mode in symmkey opreps cxreps context op time(sec)
thrgput aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb aes_cbc_e
78Mb 256 10T 0 0.000 94.000 0.094 831Mb aes_cbc_d 78Mb 256 10T 0
0.000 74.000 0.075 1Gb
```
[9804c76e76f3]
Differential Revision: https://phabricator.services.mozilla.com/D60763
--HG--
extra : moz-landing-system : lando
This was done by:
This was done by applying:
```
diff --git a/python/mozbuild/mozbuild/code-analysis/mach_commands.py b/python/mozbuild/mozbuild/code-analysis/mach_commands.py
index 789affde7bbf..fe33c4c7d4d1 100644
--- a/python/mozbuild/mozbuild/code-analysis/mach_commands.py
+++ b/python/mozbuild/mozbuild/code-analysis/mach_commands.py
@@ -2007,7 +2007,7 @@ class StaticAnalysis(MachCommandBase):
from subprocess import Popen, PIPE, check_output, CalledProcessError
diff_process = Popen(self._get_clang_format_diff_command(commit), stdout=PIPE)
- args = [sys.executable, clang_format_diff, "-p1", "-binary=%s" % clang_format]
+ args = [sys.executable, clang_format_diff, "-p1", "-binary=%s" % clang_format, '-sort-includes']
if not output_file:
args.append("-i")
```
Then running `./mach clang-format -c <commit-hash>`
Then undoing that patch.
Then running check_spidermonkey_style.py --fixup
Then running `./mach clang-format`
I had to fix four things:
* I needed to move <utility> back down in GuardObjects.h because I was hitting
obscure problems with our system include wrappers like this:
0:03.94 /usr/include/stdlib.h:550:14: error: exception specification in declaration does not match previous declaration
0:03.94 extern void *realloc (void *__ptr, size_t __size)
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/malloc_decls.h:53:1: note: previous declaration is here
0:03.94 MALLOC_DECL(realloc, void*, void*, size_t)
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/mozilla/mozalloc.h:22:32: note: expanded from macro 'MALLOC_DECL'
0:03.94 MOZ_MEMORY_API return_type name##_impl(__VA_ARGS__);
0:03.94 ^
0:03.94 <scratch space>:178:1: note: expanded from here
0:03.94 realloc_impl
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/mozmemory_wrap.h:142:41: note: expanded from macro 'realloc_impl'
0:03.94 #define realloc_impl mozmem_malloc_impl(realloc)
Which I really didn't feel like digging into.
* I had to restore the order of TrustOverrideUtils.h and related files in nss
because the .inc files depend on TrustOverrideUtils.h being included earlier.
* I had to add a missing include to RollingNumber.h
* Also had to partially restore include order in JsepSessionImpl.cpp to avoid
some -WError issues due to some static inline functions being defined in a
header but not used in the rest of the compilation unit.
Differential Revision: https://phabricator.services.mozilla.com/D60327
--HG--
extra : moz-landing-system : lando
rg -l 'mozilla/Move.h' | xargs sed -i 's/#include "mozilla\/Move.h"/#include <utility>/g'
Further manual fixups and cleanups to the include order incoming.
Differential Revision: https://phabricator.services.mozilla.com/D60323
--HG--
extra : moz-landing-system : lando
We need to stop relying on the global `this` in order to support ES Modules.
In this case we have `this.DER` (which is exported) and `class DER` in the
same module.
Because of this, changing `this.DER` to `const DER` would lead to an error.
So this change renames the class to avoid the conflict.
Differential Revision: https://phabricator.services.mozilla.com/D60078
--HG--
extra : moz-landing-system : lando
2020-01-15 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/chacha20poly1305.c:
Bug 1574643 - Check for AVX support before using vectorized ChaCha20
decrypt r=jcj
The addition of an AVX support check in `ChaCha20Poly1305_Seal`
seems to have stopped the Encrypt crashes on old Intel CPUs, however
we're seeing new reports from
`Hacl_Chacha20Poly1305_128_aead_decrypt` (which is called from
`ChaCha20Poly1305_Open`). This needs an AVX check as well...
[5f9f410d0b60] [tip]
2020-01-14 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc:
Bug 1573911 - Add RSA Encryption test r=jcj
Add a test for various sizes of RSA encryption input.
[4abc6ff828ab]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hkdf-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hkdf_unittest.cc:
Bug 1585429 - Add HKDF test vectors r=jcj
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC
test vectors, as well as upper-bound length checks for the output
key material.
[239797efc34b]
2020-01-14 J.C. Jones <jjones@mozilla.com>
* coreconf/config.gypi:
Bug 1608327 - Fixup for dc57fe5d65d4, add a default for
softfp_cflags r=bustage
[05b923624b73]
2020-01-14 Sylvestre Ledru <sledru@mozilla.com>
* automation/buildbot-slave/bbenv-example.sh, automation/buildbot-
slave/build.sh, automation/buildbot-slave/reboot.bat, automation
/buildbot-slave/startbuild.bat:
Bug 1607099 - Remove the buildbot configuration r=jcj
[7a87cef808f3]
2020-01-14 Greg V <greg@unrelenting.technology>
* lib/freebl/blinit.c:
Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one
platform but not the other.
[fbde548e8114]
2020-01-14 Mike Hommey <mh@glandium.org>
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c,
lib/freebl/rijndael.c:
Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj
Despite the code having runtime detection of NEON and crypto
extensions, the optimized code using those instructions is disabled
at build time on platforms where the compiler doesn't enable NEON by
default of with the flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every
case, letting the caller code choose whether to use that code based
on the existing runtime checks.
But this can't be simply done either, because those optimized parts
of the code need to be built with NEON enabled, unconditionally, but
that is not compatible with platforms using the softfloat ABI. For
those, we need to use the softfp ABI, which is compatible. However,
the softfp ABI is not compatible with the hardfp ABI, so we also
can't unconditionally use the softfp ABI, so we do so only when the
compiler targets the softfloat ABI, which confusingly enough is
advertized via the `__SOFTFP__` define.
[dc57fe5d65d4]
2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/saw/chacha20.saw, automation/taskcluster/docker-
builds/Dockerfile, automation/taskcluster/docker-
hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc,
automation/taskcluster/docker-hacl/Dockerfile,
automation/taskcluster/docker-hacl/bin/checkout.sh,
automation/taskcluster/docker-hacl/license.txt,
automation/taskcluster/docker-hacl/setup-user.sh,
automation/taskcluster/docker-hacl/setup.sh,
automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/run_hacl.sh,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c,
lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c,
lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, nss-tool/hw-support.c:
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
This patch contains the changes in NSS, necessary to pick up HACL*v2
in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled
pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
[a8df94132dd3]
2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h,
lib/freebl/verified/Hacl_Chacha20.c,
lib/freebl/verified/Hacl_Chacha20.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.h,
lib/freebl/verified/Hacl_Chacha20_Vec128.c,
lib/freebl/verified/Hacl_Chacha20_Vec128.h,
lib/freebl/verified/Hacl_Curve25519.c,
lib/freebl/verified/Hacl_Curve25519.h,
lib/freebl/verified/Hacl_Curve25519_51.c,
lib/freebl/verified/Hacl_Curve25519_51.h,
lib/freebl/verified/Hacl_Kremlib.h,
lib/freebl/verified/Hacl_Poly1305_128.c,
lib/freebl/verified/Hacl_Poly1305_128.h,
lib/freebl/verified/Hacl_Poly1305_32.c,
lib/freebl/verified/Hacl_Poly1305_32.h,
lib/freebl/verified/Hacl_Poly1305_64.c,
lib/freebl/verified/Hacl_Poly1305_64.h,
lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h,
lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h,
lib/freebl/verified/kremlin/include/kremlin/internal/compat.h,
lib/freebl/verified/kremlin/include/kremlin/internal/target.h,
lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h,
lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
_uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f
star_uint128_msvc.h, lib/freebl/verified/libintvector.h,
lib/freebl/verified/specs/Spec.CTR.fst,
lib/freebl/verified/specs/Spec.Chacha20.fst,
lib/freebl/verified/specs/Spec.Curve25519.fst,
lib/freebl/verified/specs/Spec.Poly1305.fst,
lib/freebl/verified/vec128.h:
Bug 1574643 - haclv2 code r=kjacobs
This updates the in-tree version of our existing HACL* code to v2,
replacing what we have already. Once this landed NSS can pick up
more (faster) code from HACL*.
[5bf2547d671f]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/windows/build_gyp.sh:
Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded
to python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0
| Setuptools 45.0.0 ]] drops support for Python2, which our Windows
workers are running.
This patch installs the prior version during build, in order to
unblock CI until the workers can be upgraded.
[64c5410f98e0]
Differential Revision: https://phabricator.services.mozilla.com/D60086
--HG--
extra : moz-landing-system : lando
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hkdf-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hkdf_unittest.cc:
Bug 1585429 - Add HKDF test vectors r=jcj
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC
test vectors, as well as upper-bound length checks for the output
key material.
[239797efc34b] [tip]
2020-01-14 J.C. Jones <jjones@mozilla.com>
* coreconf/config.gypi:
Bug 1608327 - Fixup for dc57fe5d65d4, add a default for
softfp_cflags r=bustage
[05b923624b73]
2020-01-14 Sylvestre Ledru <sledru@mozilla.com>
* automation/buildbot-slave/bbenv-example.sh, automation/buildbot-
slave/build.sh, automation/buildbot-slave/reboot.bat, automation
/buildbot-slave/startbuild.bat:
Bug 1607099 - Remove the buildbot configuration r=jcj
[7a87cef808f3]
2020-01-14 Greg V <greg@unrelenting.technology>
* lib/freebl/blinit.c:
Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one
platform but not the other.
[fbde548e8114]
2020-01-14 Mike Hommey <mh@glandium.org>
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c,
lib/freebl/rijndael.c:
Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj
Despite the code having runtime detection of NEON and crypto
extensions, the optimized code using those instructions is disabled
at build time on platforms where the compiler doesn't enable NEON by
default of with the flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every
case, letting the caller code choose whether to use that code based
on the existing runtime checks.
But this can't be simply done either, because those optimized parts
of the code need to be built with NEON enabled, unconditionally, but
that is not compatible with platforms using the softfloat ABI. For
those, we need to use the softfp ABI, which is compatible. However,
the softfp ABI is not compatible with the hardfp ABI, so we also
can't unconditionally use the softfp ABI, so we do so only when the
compiler targets the softfloat ABI, which confusingly enough is
advertized via the `__SOFTFP__` define.
[dc57fe5d65d4]
2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/saw/chacha20.saw, automation/taskcluster/docker-
builds/Dockerfile, automation/taskcluster/docker-
hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc,
automation/taskcluster/docker-hacl/Dockerfile,
automation/taskcluster/docker-hacl/bin/checkout.sh,
automation/taskcluster/docker-hacl/license.txt,
automation/taskcluster/docker-hacl/setup-user.sh,
automation/taskcluster/docker-hacl/setup.sh,
automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/run_hacl.sh,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c,
lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c,
lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, nss-tool/hw-support.c:
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
This patch contains the changes in NSS, necessary to pick up HACL*v2
in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled
pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
[a8df94132dd3]
2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h,
lib/freebl/verified/Hacl_Chacha20.c,
lib/freebl/verified/Hacl_Chacha20.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.h,
lib/freebl/verified/Hacl_Chacha20_Vec128.c,
lib/freebl/verified/Hacl_Chacha20_Vec128.h,
lib/freebl/verified/Hacl_Curve25519.c,
lib/freebl/verified/Hacl_Curve25519.h,
lib/freebl/verified/Hacl_Curve25519_51.c,
lib/freebl/verified/Hacl_Curve25519_51.h,
lib/freebl/verified/Hacl_Kremlib.h,
lib/freebl/verified/Hacl_Poly1305_128.c,
lib/freebl/verified/Hacl_Poly1305_128.h,
lib/freebl/verified/Hacl_Poly1305_32.c,
lib/freebl/verified/Hacl_Poly1305_32.h,
lib/freebl/verified/Hacl_Poly1305_64.c,
lib/freebl/verified/Hacl_Poly1305_64.h,
lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h,
lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h,
lib/freebl/verified/kremlin/include/kremlin/internal/compat.h,
lib/freebl/verified/kremlin/include/kremlin/internal/target.h,
lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h,
lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
_uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f
star_uint128_msvc.h, lib/freebl/verified/libintvector.h,
lib/freebl/verified/specs/Spec.CTR.fst,
lib/freebl/verified/specs/Spec.Chacha20.fst,
lib/freebl/verified/specs/Spec.Curve25519.fst,
lib/freebl/verified/specs/Spec.Poly1305.fst,
lib/freebl/verified/vec128.h:
Bug 1574643 - haclv2 code r=kjacobs
This updates the in-tree version of our existing HACL* code to v2,
replacing what we have already. Once this landed NSS can pick up
more (faster) code from HACL*.
[5bf2547d671f]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/windows/build_gyp.sh:
Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded
to python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0
| Setuptools 45.0.0 ]] drops support for Python2, which our Windows
workers are running.
This patch installs the prior version during build, in order to
unblock CI until the workers can be upgraded.
[64c5410f98e0]
Differential Revision: https://phabricator.services.mozilla.com/D59928
--HG--
extra : moz-landing-system : lando
2020-01-11 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c, lib/softoken/pkcs11.c:
Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed
up repeated SDR operations. r=jcj
[a06bd0f6bbe8] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D59741
--HG--
extra : moz-landing-system : lando