зеркало из https://github.com/mozilla/gecko-dev.git
4726 Коммитов
| Автор | SHA1 | Сообщение | Дата |
|---|---|---|---|
Kevin Jacobs
|
54a13dccf2 |
Bug 1677548 - land NSS 3eacb92e9adf UPGRADE_NSS_RELEASE, r=jcj
2020-11-18 Kevin Jacobs <kjacobs@mozilla.com> * lib/ssl/ssl3con.c, lib/ssl/tls13con.c, lib/ssl/tls13ech.c: Bug 1654332 - Fixup a10493dcfcc9: copy ECHConfig.config_id with socket r=jcj A late review change for ECH was for the server to compute each ECHConfig `config_id` when set to the socket, rather than on each connection. This works, but now we also need to copy that config_id when copying a socket, else the server won't find a matching ECHConfig to use for decryption. [3eacb92e9adf] [tip] 2020-11-17 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, cmd/tstclnt/tstclnt.c, cpputil/tls_parser.h, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_auth_unittest.cc, gtests/ssl_gtest/ssl_custext_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/ssl_tls13compat_unittest.cc, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, gtests/ssl_gtest/tls_connect.h, gtests/ssl_gtest/tls_ech_unittest.cc, gtests/ssl_gtest/tls_esni_unittest.cc, gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h, lib/ssl/SSLerrs.h, lib/ssl/manifest.mn, lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/ssl3exthandle.c, lib/ssl/ssl3exthandle.h, lib/ssl/ssl3prot.h, lib/ssl/sslencode.c, lib/ssl/sslencode.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c, lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13ech.c, lib/ssl/tls13ech.h, lib/ssl/tls13esni.c, lib/ssl/tls13esni.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13exthandle.h, lib/ssl/tls13hashstate.c, lib/ssl/tls13hashstate.h: Bug 1654332 - Update ESNI to draft-08 (ECH). r=mt This patch adds support for Encrypted Client Hello (draft-ietf-tls- esni-08), replacing the existing ESNI (draft -02) support. There are five new experimental functions to enable this: - SSL_EncodeEchConfig: Generates an encoded (not BASE64) ECHConfig given a set of parameters. - SSL_SetClientEchConfigs: Configures the provided ECHConfig to the given socket. When configured, an ephemeral HPKE keypair will be generated for the CH encryption. - SSL_SetServerEchConfigs: Configures the provided ECHConfig and keypair to the socket. The keypair specified will be used for HPKE operations in order to decrypt encrypted Client Hellos as they are received. - SSL_GetEchRetryConfigs: If ECH is rejected by the server and compatible retry_configs are provided, this API allows the application to extract those retry_configs for use in a new connection. - SSL_EnableTls13GreaseEch: When enabled, non-ECH Client Hellos will have a "GREASE ECH" (i.e. fake) extension appended. GREASE ECH is disabled by default, as there are known compatibility issues that will be addressed in a subsequent draft. The following ESNI experimental functions are deprecated by this update: - SSL_EncodeESNIKeys - SSL_EnableESNI - SSL_SetESNIKeyPair In order to be used, NSS must be compiled with `NSS_ENABLE_DRAFT_HPKE` defined. [a10493dcfcc9] * lib/ssl/ssl3con.c, lib/ssl/sslencode.c, lib/ssl/sslencode.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h: Bug 1654332 - Buffered ClientHello construction. r=mt This patch refactors construction of Client Hello messages. Instead of each component of the message being written separately into `ss->sec.ci.sendBuf`, we now construct the message in its own sslBuffer. Once complete, the entire message is added to the sendBuf via `ssl3_AppendHandshake`. `ssl3_SendServerHello` already uses this approach and it becomes necessary for ECH, where we use the constructed ClientHello to create an inner ClientHello. [d40121ba59ba] 2020-11-13 J.C. Jones <jjones@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libnssutil3.so.txt, automation/abi-check /previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.60 Beta [5e7b37609f22] Differential Revision: https://phabricator.services.mozilla.com/D97492 |
|
J.C. Jones
|
b74458d647 |
Bug 1671713 - land NSS NSS_3_59_RTM UPGRADE_NSS_RELEASE, r=kjacobs DONTBUILD
2020-11-13 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.59 final [c5d760cbe8d0] [NSS_3_59_RTM] <NSS_3_59_BRANCH> 2020-11-10 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_59_BETA1 for changeset c3cb09a7d087 [06e965656f08] Differential Revision: https://phabricator.services.mozilla.com/D97041 |
|
|
J.C. Jones
|
0644349b9b |
Bug 1671713 - land NSS NSS_3_59_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs
2020-11-10 Kevin Jacobs <kjacobs@mozilla.com> * lib/certdb/certdb.c, lib/certdb/stanpcertdb.c, lib/pk11wrap/pk11cert.c, lib/pki/pki3hack.c: Bug 1607449 - Lock cert->nssCertificate to prevent data race. r=jcj,keeler [c3cb09a7d087] [NSS_3_59_BETA1] Differential Revision: https://phabricator.services.mozilla.com/D96652 |
|
|
Kevin Jacobs
|
92af1fd6cc |
Bug 1671713 - land NSS 97751cd6d553 UPGRADE_NSS_RELEASE, r=jcj
2020-11-03 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/hmac-sha256-vectors.h, gtests/common/testvectors/hmac-sha384-vectors.h, gtests/common/testvectors/hmac-sha512-vectors.h, gtests/common/testvectors_base/test-structs.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hmac_unittest.cc: Bug |
|
|
Kevin Jacobs
|
b838f38de2 |
Bug 1671713 - land NSS 035110dfa0b9 UPGRADE_NSS_RELEASE, r=bbeurdouche
2020-10-26 Robert Relyea <rrelyea@redhat.com> * lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c, tests/ssl/ssl.sh: Bug 1672291 libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. r=mt When libpkix is checking an OCSP cert, it can't use the passed in set of trust anchors as a base because only the single root that signed the leaf can sign the OCSP request. As a result it actually checks the signature of the self-signed root when processing an OCSP request. This fails of the root cert signature is invalid for any reason (including it's a sha1 self-signed root cert and we've disabled sha1 signatures (say, by policy)). Further investigation indicates the difference between our classic code and the current code is the classic code only checks OCSP responses on leaf certs. In the real world, those responses are signed by intermediate certificates (who won't have sha1 signed certificates anymore), so our signature processing works just fine. pkix checks OCSP on the intermediate certificates as well, which are signed by the root cert. In this case the root cert is a chain of 1, and is effectively a leaf. This patch updates the OCSP response code to not check the signatures on the single cert if that cert is a selfsigned root cert. This requires bug 391476 so we still do the other validation checking on the certs (making sure it's trusted as a CA). [035110dfa0b9] [tip] 2020-10-23 Robert Relyea <rrelyea@redhat.com> * lib/certhigh/certvfypkix.c, lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c, lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h, lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c, lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c, tests/ssl/ssl.sh: Bug 1672291 libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. When libpkix is checking an OCSP cert, it can't use the passed in set of trust anchors as a base because only the single root that signed the leaf can sign the OCSP request. As a result it actually checks the signature of the self-signed root when processing an OCSP request. This fails of the root cert signature is invalid for any reason (including it's a sha1 self-signed root cert and we've disabled sha1 signatures (say, by policy)). Further investigation indicates the difference between our classic code and the current code is the classic code only checks OCSP responses on leaf certs. In the real world, those responses are signed by intermediate certificates (who won't have sha1 signed certificates anymore), so our signature processing works just fine. pkix checks OCSP on the intermediate certificates as well, which are signed by the root cert. In this case the root cert is a chain of 1, and is effectively a leaf. This patch updates the OCSP response code to not check the signatures on the single cert if that cert is a selfsigned root cert. This requires bug 391476 so we still do the other validation checking on the certs (making sure it's trusted as a CA). [97f69f7a89a1] 2020-10-26 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/tls_filter.cc: Bug 1644209 - Fix broken SelectedCipherSuiteReplacer filter. r=mt This patch corrects the `SelectedCipherSuiteReplacer`filter to always parse the `session_id` variable (`legacy_session_id` for TLS 1.3+). The previous code attempted to skip it in 1.3+ but did not account for DTLS wire versions, resulting in intermittent failures. [a79d14b06b4a] 2020-10-26 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_tls13compat_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h: Bug |
|
|
J.C. Jones
|
f3f86339c2 |
Bug 1671713 - land NSS 58dc3216d518 UPGRADE_NSS_RELEASE, r=kjacobs
2020-10-13 Mike Hommey <mh@glandium.org> * lib/freebl/freebl.gyp: Bug 1670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on mac. r=kjacobs AFAICT, the Makefile equivalent already does. [58dc3216d518] [tip] * lib/freebl/sha1-armv8.c: Bug 1670839 - Only build sha1-armv8.c code when USE_HW_SHA1 is defined. r=kjacobs This matches what is done in sha256-armv8.c, and avoids inconsistency with sha1-fast.c, which will define the same functions in the case USE_HW_SHA1 is not defined. [54be084e3ba8] 2020-10-16 J.C. Jones <jjones@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.59 Beta [d4b21706e432] Differential Revision: https://phabricator.services.mozilla.com/D94070 |
|
|
J.C. Jones
|
cc8fbdccf6 |
Bug 1666567 - land NSS NSS_3_58_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-10-16 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.58 final [1f3db03bba02] [NSS_3_58_RTM] <NSS_3_58_BRANCH> 2020-10-12 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_58_BETA1 for changeset 57bbefa79323 [a8deadf7adbe] Differential Revision: https://phabricator.services.mozilla.com/D93813 |
|
|
J.C. Jones
|
8e222a79cb |
Bug 1666567 - land NSS NSS_3_58_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs
2020-10-12 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_tls13compat_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h: Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt This makes the server reject CCS when the client doesn't indicate the use of the middlebox compatibility mode with a non-empty ClientHello.legacy_session_id, or it sends multiple CCS in a row. [57bbefa79323] [NSS_3_58_BETA1] 2020-10-12 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/taskcluster/scripts/build_gyp.sh, automation/taskcluster/windows/build_gyp.sh, coreconf/config.gypi, coreconf/config.mk, cpputil/nss_scoped_ptrs.h, gtests/common/testvectors/hpke-vectors.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def, lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn, lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11wrap.gyp, lib/util/SECerrs.h, lib/util/secerr.h: Bug 1631890 - Add support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). r=mt This patch adds support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions. Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH. [6e3bc17f0508] 2020-10-12 Makoto Kato <m_kato@ga2.so-net.ne.jp> * automation/taskcluster/graph/src/extend.js, tests/common/cleanup.sh: Bug 1657255 - Update CI for aarch64. r=kjacobs Actually, we have the implementation of ARM Crypto extension, so CI is always run with this extension. It means that we don't run CI without ARM Crypto extension. So I would like to add NoAES and NoSHA for aarch64 CI. Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this on aarch64 hardware. [e8c370a8db13] Differential Revision: https://phabricator.services.mozilla.com/D93268 |
|
|
J.C. Jones
|
0a5ff268ea |
Bug 1666567 - land NSS c7d3b214dd41 UPGRADE_NSS_RELEASE, r=kjacobs
2020-10-05 Ricky Stewart <rstewart@mozilla.com> * coreconf/config.gypi: Bug 1668328 - Enclose Python paths in `coreconf/config.gypi` in quotes r=kjacobs,mt This fixes a breakage if the Python path happens to have a space in it. [c7d3b214dd41] [tip] Differential Revision: https://phabricator.services.mozilla.com/D92516 |
|
|
J.C. Jones
|
3ad29aac6b |
Bug 1666567 - land NSS 8fdbec414ce2 UPGRADE_NSS_RELEASE, r=kjacobs
2020-09-24 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/pk11_gtest/pk11_hkdf_unittest.cc, lib/nss/nss.def, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c, lib/ssl/tls13hkdf.c: Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea This patch adds and exports `PK11_ImportDataKey`, and refactors the null PSK TLS 1.3 code to use it. [8fdbec414ce2] [tip] Differential Revision: https://phabricator.services.mozilla.com/D91627 |
|
|
J.C. Jones
|
55cfe61a1d |
Bug 1666567 - land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs
2020-09-23 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (2/2) pass encoded signed certificate timestamp extension (if present) in CheckRevocation r=jcj This will allow Firefox to make decisions based on the earliest known time that a certificate exists (with respect to certificate transparency) that a CA is unlikely to back-date. In particular, this is essential for CRLite. Note that if the SCT signature isn't validated, a CA could still make a certificate appear to have existed for longer than it really has. However, this change is not an attempt to catch malicious CAs. The aim is to avoid false positives in CRLite resulting from CAs backdating the notBefore field on certificates they issue. Depends on D90595 [8ebee3cec9cf] [tip] 2020-09-18 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's no longer necessary r=jcj Bug 1593141 added the certificate's notBefore field as an argument to TrustDomain::CheckRevocation so that Firefox could use it with CRLite. However, since CAs can backdate that field, we need to use the earliest embedded SCT timestamp instead. [c1f4d565ceda] Differential Revision: https://phabricator.services.mozilla.com/D91211 |
|
Bogdan Tara
|
db9c89dbca |
Backed out 2 changesets (bug 1666567, bug 1605273) for test_crlite_filters.js failures CLOSED TREE
UPGRADE_NSS_RELEASE Backed out changeset 9bc4c7e79cd6 (bug 1666567) Backed out changeset 22753d184de6 (bug 1605273) |
|
|
J.C. Jones
|
e8346094ad |
Bug 1666567 - land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs
CLOSED TREE 2020-09-23 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (2/2) pass encoded signed certificate timestamp extension (if present) in CheckRevocation r=jcj This will allow Firefox to make decisions based on the earliest known time that a certificate exists (with respect to certificate transparency) that a CA is unlikely to back-date. In particular, this is essential for CRLite. Note that if the SCT signature isn't validated, a CA could still make a certificate appear to have existed for longer than it really has. However, this change is not an attempt to catch malicious CAs. The aim is to avoid false positives in CRLite resulting from CAs backdating the notBefore field on certificates they issue. Depends on D90595 [8ebee3cec9cf] [tip] 2020-09-18 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's no longer necessary r=jcj Bug 1593141 added the certificate's notBefore field as an argument to TrustDomain::CheckRevocation so that Firefox could use it with CRLite. However, since CAs can backdate that field, we need to use the earliest embedded SCT timestamp instead. [c1f4d565ceda] Differential Revision: https://phabricator.services.mozilla.com/D91211 |
|
|
Bogdan Tara
|
24d9b1dbae |
Backed out changeset 7e50f86ea20b (bug 1666567) for security related bustage CLOSED TREE
UPGRADE_NSS_RELEASE |
|
|
J.C. Jones
|
413b79889f |
Bug 1666567 - land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs
2020-09-23 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (2/2) pass encoded signed certificate timestamp extension (if present) in CheckRevocation r=jcj This will allow Firefox to make decisions based on the earliest known time that a certificate exists (with respect to certificate transparency) that a CA is unlikely to back-date. In particular, this is essential for CRLite. Note that if the SCT signature isn't validated, a CA could still make a certificate appear to have existed for longer than it really has. However, this change is not an attempt to catch malicious CAs. The aim is to avoid false positives in CRLite resulting from CAs backdating the notBefore field on certificates they issue. Depends on D90595 [8ebee3cec9cf] [tip] 2020-09-18 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's no longer necessary r=jcj Bug 1593141 added the certificate's notBefore field as an argument to TrustDomain::CheckRevocation so that Firefox could use it with CRLite. However, since CAs can backdate that field, we need to use the earliest embedded SCT timestamp instead. [c1f4d565ceda] Differential Revision: https://phabricator.services.mozilla.com/D91211 |
|
|
J.C. Jones
|
f2b2199636 |
Bug 1666567 - land NSS c28e20f61e5d UPGRADE_NSS_RELEASE, r=kjacobs
2020-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.58 Beta
[c28e20f61e5d] [tip]
* .hgtags:
Added tag NSS_3_57_RTM for changeset cf7e3e8abd77
[a963849538ca] <NSS_3_57_BRANCH>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.57 final
[cf7e3e8abd77] [NSS_3_57_RTM] <NSS_3_57_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D91070
|
|
|
Kevin Jacobs
|
14f9e3ce78 |
Bug 1660509 - land NSS NSS_3_57_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-09-18 Kevin Jacobs <kjacobs@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.57 final [cf7e3e8abd77] [NSS_3_57_RTM] <NSS_3_57_BRANCH> 2020-09-15 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_57_BETA1 for changeset 56224882ccc3 [f46f20c58c4f] Differential Revision: https://phabricator.services.mozilla.com/D90726 |
|
|
Kevin Jacobs
|
ed0deeb271 |
Bug 1660509 - land NSS NSS_3_57_BETA1 UPGRADE_NSS_RELEASE, r=jcj
2020-09-15 Kevin Jacobs <kjacobs@mozilla.com> * automation/release/nspr-version.txt: Bug 1660372 - NSS 3.57 should depend on NSPR 4.29. r=kaie [56224882ccc3] [NSS_3_57_BETA1] Differential Revision: https://phabricator.services.mozilla.com/D90324 |
|
|
Kevin Jacobs
|
25560bb43a |
Bug 1660509 - land NSS 2a17c8655a74 UPGRADE_NSS_RELEASE, r=jcj
2020-09-14 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* coreconf/arch.mk:
Bug 1660735 - Fix typo in coreconfig/arch.mk. r=kjacobs
[2a17c8655a74] [tip]
* coreconf/config.mk:
Bug 1660734 - Fix typo in coreconf/config.mk. r=kjacobs
[4ae56ec2411b]
2020-09-11 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ckfw/builtins/nssckbi.h:
Bug 1663049 - September 2020 batch of root changes,
NSS_BUILTINS_LIBRARY_VERSION 2.44. r=jcj
[141ef83ac10b]
* lib/ckfw/builtins/certdata.txt:
Bug 1663049 - Add SecureTrust's Trustwave Global root certificates
to NSS. r=KathleenWilson,jcj
[7dfc054a983e]
* lib/ckfw/builtins/certdata.txt:
Bug 1656077 - Remove Taiwan Government Root Certification Authority
root cert. r=KathleenWilson,jcj
Depends on D89841
[32a0d8f751ef]
* lib/ckfw/builtins/certdata.txt:
Bug 1653092 - Disable server trust bit for OISTE WISeKey Global Root
GA CA root cert. r=KathleenWilson,jcj
Depends on D89840
[1cdfb26b3220]
* lib/ckfw/builtins/certdata.txt:
Bug 1651211 - Remove EE Certification Centre Root CA root cert.
r=KathleenWilson,jcj
[089aeca370df]
2020-09-11 Danh <congdanhqx@gmail.com>
* coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile:
Bug 1659727 - Move makefile avx2 detection to config.mk. r=kjacobs
Summary: Current code base use CPU_ARCH to detect if avx2 is
supported in arch.mk However, when arch.mk included, CPU_ARCH
haven't been initialised, CPU_ARCH will be initialised by the OS
specific code later on.
Move the AVX2 detection to config.mk, after all other initialisation
done.
Reviewers: kjacobs
Reviewed By: kjacobs
Subscribers: kjacobs
Bug #: 1659727
[c6dcb99e6121]
2020-09-08 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mpi.c:
Bug 1605922 - Account for negative sign in mp_radix_size
r=bbeurdouche
[b64436ecbd79]
2020-09-09 Daiki Ueno <dueno@redhat.com>
* lib/freebl/Makefile:
Bug 1659256, add gcc version check on AArch64 optimization,
r=rrelyea
Summary: As described in https://access.redhat.com/solutions/19458,
gcc version in RHEL-7 is still 4.8.x and cannot compile the newly
added aes-armv8.c. There is a version check already for 32-bit arm,
but not for AArch64. This also removes NS_USE_GCC check added in bug
|
|
|
Kevin Jacobs
|
ddc8978d1f |
Bug 1660509 - land NSS c100e11991f6 UPGRADE_NSS_RELEASE, r=jcj
2020-08-21 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.57 Beta [783f49ae6126] 2020-08-24 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_auth_unittest.cc, lib/ssl/dtls13con.c, lib/ssl/dtlscon.c, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h, lib/ssl/sslnonce.c: Bug 1653641 - Cleanup inaccurate DTLS comments, code review fixes. r=mt [0e1b5c711cb9] 2020-08-24 Robert Relyea <rrelyea@redhat.com> * lib/freebl/fipsfreebl.c, lib/softoken/fipstest.c, lib/softoken/kbkdf.c, lib/softoken/lowpbe.c, lib/softoken/lowpbe.h, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/sftkhmac.c, lib/softoken/sftkike.c: Bug 1660304 New FIPS IG requires self-tests for approved kdfs. r=ueno comments=kjacobs FIPS guidance now requires self-tests for our kdfs. It also requires self-tests for cmac which we didn't have in the cmac patch. Currently only one test per kdf is necessary. Specifially for SP-800-108, only one of the three flavors are needed (counter, feedback, or pipeline). This patch includes more complete testing but it has been turned off the currently extraneous tests under the assumption that NIST guidance may require them in the future. HKDF is currently not included in FIPS, but is on track to be included, so hkdf have been included in this patch. Because the test vectors are const strings, the patch pushes some const definitions that were missing in existing private interfaces. There are three flavors of self-tests: Function implemented in freebl are added to the freebl/fipsfreebl.c Functions implemented in pkcs11c.c have selftests completely implemented in softoken/fipstest.c Functions implemented in their own .c file have their selftest function implemented in that .c file and called by fipstests.c These are consistant with the previous choices for selftests. Some private interfaces that took in keys from pkcs #11 structures or outputted keys to pkcs #11 structures were modified to optionally take keys in by bytes and output keys as bytes so the self-tests can work in just bytes. [5dca54fe61c2] 2020-08-25 Daiki Ueno <dueno@redhat.com> * lib/softoken/manifest.mn: Bug 1659252, disable building libnssdbm3.so if NSS_DISABLE_DBM=1, r=rrelyea Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1659252 [4d55d36ca6ef] 2020-08-24 Kevin Jacobs <kjacobs@mozilla.com> * lib/pk11wrap/pk11cxt.c, lib/softoken/pkcs11c.c, lib/softoken/sdb.c, lib/softoken/sftkpwd.c: Bug 1651834 - Fix various static analyzer warnings. r=rrelyea [ab04fd73fd6d] 2020-08-28 Mike Hommey <mh@glandium.org> * lib/freebl/blapii.h: Bug 1661810 - Define pre_align/post_align based on the compiler. r=jcj Things worked fine before we upgraded to clang 11 presumably because the stack was always 16-bytes aligned in the first place, or something akin to that, and the lack of pre_align/post_align doing anything didn't matter. The runtime misalignment of the stack may well be a clang > 9 bug, but keeping pre_align/post_align tied to the x86/x64 is a footgun anyways. [c100e11991f6] [tip] Differential Revision: https://phabricator.services.mozilla.com/D88876 |
|
|
Kevin Jacobs
|
d1d6b661e3 |
Bug 1655105 - land NSS NSS_3_56_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-08-21 Kevin Jacobs <kjacobs@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.56 final [809ff9ff0140] [NSS_3_56_RTM] <NSS_3_56_BRANCH> 2020-08-19 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_56_BETA1 for changeset 52c965eaffa1 [0d8ff40479d5] Differential Revision: https://phabricator.services.mozilla.com/D87882 |
|
|
Kevin Jacobs
|
d343e2c8e6 |
Bug 1655105 - land NSS NSS_3_56_BETA1 UPGRADE_NSS_RELEASE, r=jcj
2020-08-19 Kevin Jacobs <kjacobs@mozilla.com> * tests/libpkix/certs/PayPalEE.cert: Bug 1659792 - Update libpkix tests with unexpired PayPal cert. r=jcj The in-tree `PayPalEE.cert `expired today. This patch replaces it with a current copy that expires on 12 Jan 2022. CI breakage before patch: https://treeherder.mozilla.org/#/jobs?repo =nss&revision=2890f342de631bf6774ac747515a8b5736e20d3f CI with the fix applied: https://treeherder.mozilla.org/#/jobs?repo=nss- try&revision=bd28f21d8acbcb15502bd4fc606fc9c0ed09c810 [52c965eaffa1] [NSS_3_56_BETA1] 2020-08-18 Kevin Jacobs <kjacobs@mozilla.com> * tests/interop/interop.sh: Bug 1659814 - Pull updated tls-interop for dependency fix. r=jcj [70376af425ae] * automation/release/nspr-version.txt: Bug 1656519 - NSS 3.56 should depend on NSPR 4.28. r=kaie [2890f342de63] Differential Revision: https://phabricator.services.mozilla.com/D87648 |
|
|
Kevin Jacobs
|
5637d1775c |
Bug 1655105 - land NSS c06f22733446 UPGRADE_NSS_RELEASE, r=jcj
2020-08-07 Kevin Jacobs <kjacobs@mozilla.com> * lib/pki/tdcache.c: Bug 1625791 - Call STAN_GetCERTCertificate to load CERTCertificate trust before caching. r=jcj,keeler When caching certificates, `td->cache->lock` must not be held when taking `slot->isPresentLock`. `add_cert_to_cache` holds then former when calling the sort function in `add_subject_entry`, which will [[ https://searchfox.org/mozilla-central/rev/a3b25e347e2c22207c4b369b99 246e4aebf861a7/security/nss/lib/pki/certificate.c#266 | call ]] `STAN_GetCERTCertificate` -> `fill_CERTCertificateFields` when `cc->nssCertificate` [[ https://searchfox.org/mozilla-central/rev/a3 b25e347e2c22207c4b369b99246e4aebf861a7/security/nss/lib/pki/pki3hack .c#923 | is NULL ]]. There are two problems with this: # `fill_CERTCertificateFields` may end up locking `slot->isPresentLock` (bad ordering, bug 1651564) # The above may happen followed by another attempt to lock `td->cache->lock`(deadlock, this bug). By calling `STAN_GetCERTCertificate` prior to the first lock of `td->cache->lock`, we can prevent the problematic call to `fill_CERTCertificateFields` later on, because `cc->nssCertificate` will already be filled. [c06f22733446] [tip] * gtests/ssl_gtest/ssl_auth_unittest.cc, lib/ssl/ssl3con.c: Bug 1588941 - Send empty client cert msg when signature scheme selection fails. r=mt `ssl3_CompleteHandleCertificateRequest` does essentially two things: 1) Calls the `getClientAuthData` hook for certificate selection, and 2) calls `ssl_PickClientSignatureScheme` to select an appropriate signature scheme when a cert is selected. If the first function returns SECFailure, we default to sending an empty certificate message. If the latter fails, however, this bubbles up as a [[ https://searchfox.org/mozilla-central/rev/56bb74e a8e04bdac57c33cbe9b54d889b9262ade/security/nss/lib/ssl/tls13con.c#26 70 | fatal error ]] (and an assertion failure) on the connection. Importantly, the signature scheme selection can fail for reasons that should not be considered fatal - notably when an RSA-PSS cert is selected, but the token on which the key resides does not actually support PSS. This patch treats the failure to find a usable signature scheme as a "no certificate" response, rather than killing the connection entirely. [41ecb7fe5546] * lib/freebl/Makefile, lib/freebl/freebl_base.gypi, lib/freebl/mpi/mpi_amd64_common.S, lib/freebl/mpi/mpi_amd64_gas.s: Bug 1656981 - Use 64x64->128 multiply and MP_COMBA on x86_64 Mac. r=mt This patch makes two MPI changes for MacOS: 1. Rename `mpi_amd64_gas.s` to `mpi_amd64_common.S` and add defines for macho64, allowing Intel Macs to take advantage of the 64x64->128 multiply code. 2. Define and use `NSS_USE_COMBA` on Intel Macs. Performance results with `rsaperf -n none -p 10 -e -x 65537` (default 2048-bit key): Before: `12629.12 operations/s. one operation every 79 microseconds` With 64x64->128 assembly: `29431.65 operations/s. one operation every 33 microseconds` With MP_COMBA and 64x64->128 assembly: `30332.99 operations/s. one operation every 32 microseconds` [330bdab498a3] * lib/ssl/sslimpl.h: Bug 1656429 - Clang-format fixup, r=bustage [07083076fc92] 2020-08-05 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl3exthandle.c, lib/ssl/sslimpl.h, lib/ssl/tls13con.c, lib/ssl/tls13replay.c: Bug 1656429 - Correct RTT estimate used in anti-replay, r=kjacobs This was never a security problem, but the more time that passes between the handshake and sending a ticket, the more likely we are to reject 0-RTT. Eventually, 0-RTT only works if it is delayed in the network by a surprising amount. [b4a1c57eb569] Differential Revision: https://phabricator.services.mozilla.com/D86454 |
|
|
Kevin Jacobs
|
cb86341c99 |
Bug 1655105 - land NSS afa38fb2f0b5 UPGRADE_NSS_RELEASE, r=jcj
2020-07-27 Jan-Marek Glogowski <glogow@fbihome.de> * lib/freebl/Makefile: Bug |
|
J.C. Jones
|
ee419dca67 |
Bug 1649545 - land NSS NSS_3_55_RTM UPGRADE_NSS_RELEASE, r=keeler
2020-07-24 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.55 final [6705eec655c8] [NSS_3_55_RTM] <NSS_3_55_BRANCH> 2020-07-22 Kai Engert <kaie@kuix.de> * lib/nss/nssinit.c: Bug 1653310 - Backed out changeset ca207655b4b7, because with updated NSPR this workaround is no longer required. r=kjacobe [a448fe36e58b] 2020-07-21 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_55_BETA1 for changeset 0768baa431e7 [2572e14f17d6] Differential Revision: https://phabricator.services.mozilla.com/D84845 |
|
|
Kevin Jacobs
|
99b3679870 |
Bug 1649545 - land NSS NSS_3_55_BETA1 UPGRADE_NSS_RELEASE, r=jcj
2020-07-21 Benjamin Beurdouche <bbeurdouche@mozilla.com> * cmd/bltest/blapitest.c: Bug 1653202 - Fix issue disabling other mechanisms when SEED is deprecated in cmd/bltest/blapitest.c. r=kjacobs [0768baa431e7] [NSS_3_55_BETA1] 2020-07-21 Kevin Jacobs <kjacobs@mozilla.com> * automation/release/nspr-version.txt: Bug 1652331 - NSS 3.55 should depend on NSPR 4.27. r=kaie [3deefc218cd9] 2020-07-20 Billy Brumley <bbrumley@gmail.com> * lib/freebl/ec.c: Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding. Timing attack countermeasures are now applied more generally deeper in the call stack. [aeb2e583ee95] 2020-07-20 Kai Engert <kaie@kuix.de> * lib/nss/nssinit.c: Bug 1653310 - On macOS check if nssckbi exists prior to loading it. r=kjacobs [ca207655b4b7] Differential Revision: https://phabricator.services.mozilla.com/D84420 |
|
|
Kevin Jacobs
|
e3e0baf90e |
Bug 1649545 - land NSS 615362dff5ad UPGRADE_NSS_RELEASE, r=jcj
2020-07-18 Benjamin Beurdouche <bbeurdouche@mozilla.com> * gtests/pk11_gtest/pk11_cipherop_unittest.cc, lib/softoken/pkcs11c.c: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 [615362dff5ad] [tip] * gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/chacha20poly1305.c: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea [a5e82e40f03e] 2020-07-16 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj [0c70232cb6d3] Differential Revision: https://phabricator.services.mozilla.com/D84043 |
|
|
Kevin Jacobs
|
4e97e34c45 |
Bug 1649545 - land NSS ca068f5b5c17 UPGRADE_NSS_RELEASE, r=jcj
2020-07-16 Billy Brumley <bbrumley@gmail.com> * lib/freebl/ecl/ecl-priv.h, lib/freebl/ecl/ecl.c, lib/freebl/ecl/ecp_secp521r1.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> [ca068f5b5c17] [tip] * lib/freebl/ecl/ecl-priv.h, lib/freebl/ecl/ecl.c, lib/freebl/ecl/ecp_secp384r1.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn, tests/ec/ectest.sh: Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> [d19a3cd451bb] 2020-07-13 Robert Relyea <rrelyea@redhat.com> * lib/pk11wrap/pk11pub.h: Bug 1643528 Cannot compile code with nss headers and -Werror=strict- prototypes r=kjacobs [01ffd8fef7fa] 2020-07-10 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_auth_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/ssl3exthandle.c, lib/ssl/sslimpl.h, lib/ssl/tls13exthandle.c: Bug 1646324, advertise rsa_pkcs1_* schemes in CH and CR for certs, r=mt Summary: In TLS 1.3, unless "signature_algorithms_cert" is advertised, the "signature_algorithms" extension is used as an indication of supported algorithms for signatures on certificates. While rsa_pkcs1_* signatures schemes cannot be used for signing handshake messages, they should be advertised if the peer wants to to support certificates signed with RSA PKCS#1. This adds a flag to ssl3_EncodeSigAlgs() and ssl3_FilterSigAlgs() to preserve rsa_pkcs1_* schemes in the output. Reviewers: mt Reviewed By: mt Bug #: 1646324 [df1d2695e115] 2020-07-09 Benjamin Beurdouche <bbeurdouche@mozilla.com> * gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c: Bug 1649648 - Fix null pointers passed as argument in pk11wrap/pk11pbe.c:886 r=kjacobs [de661583d467] Differential Revision: https://phabricator.services.mozilla.com/D83824 |
|
|
Kevin Jacobs
|
6a6ed41ab7 |
Bug 1649545 - land NSS 58c2abd7404e UPGRADE_NSS_RELEASE, r=jcj
2020-06-26 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
lib/util/nssutil.h:
Set version numbers to 3.55 beta
[332ab7db68ba]
2020-06-25 Kevin Jacobs <kjacobs@mozilla.com>
* tests/all.sh:
Bug 1649190 - Run cipher, sdr, and ocsp tests under standard test
cycle.
[f373809abfc0]
2020-06-15 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/p256ecdsa-sha256-vectors.h,
gtests/common/testvectors/p384ecdsa-sha384-vectors.h,
gtests/common/testvectors/p521ecdsa-sha512-vectors.h,
gtests/common/testvectors_base/test-structs.h,
gtests/common/wycheproof/genTestVectors.py,
gtests/pk11_gtest/pk11_ecdsa_unittest.cc:
Bug 1649226 - Add Wycheproof ECDSA tests.
[41292ff7f545]
2020-06-30 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/pkcs12/p12d.c:
Bug 1649322 - Fix null pointer passed as argument in
pk11wrap/pk11pbe.c:1246 r=kjacobs
[cc43ebf5bf88]
2020-06-30 Danh <congdanhqx@gmail.com>
* coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile:
Bug 1646594 - Enable AVX2 if applicable on x86_64 with make 4.3
r=bbeurdouche
[b579895aceb0]
2020-07-02 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/ssl/ssl3con.c:
Bug 1649316 - Prevent memcmp to be called with a zero length in
ssl/ssl3con.c:6621 r=kjacobs
[8fe9213d0551]
2020-07-02 Alexander Scheel <ascheel@redhat.com>
* lib/cryptohi/secvfy.c:
Bug 1649487 - Fix bad assert in VFY_EndWithSignature. r=jcj
[c9438b528103]
2020-07-06 Dana Keeler <dkeeler@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj
PK11_FindEncodedCertInSlot can be used to determine the PKCS#11
object handle of an encoded certificate in a given slot. If the
given certificate does not exist in that slot, CK_INVALID_HANDLE is
returned.
[32fe710a942f]
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1649633 - follow-up to make test comparisons in
pk11_find_certs_unittest.cc yoda comparisons r=kjacobs
[424dae31a1c1]
2020-07-07 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, lib/freebl/rsapkcs.c:
Bug 1067214 - Check minimum padding in RSA_CheckSignRecover.
r=rrelyea
This patch adds a check to `RSA_CheckSignRecover` enforcing a
minimum padding length of 8 bytes for PKCS #1 v1.5-formatted
signatures. In practice, RSA key size requirements already ensure
this requirement is met, but smaller (read: broken) key sizes can be
used via configuration overrides, and NSS should just follow the
spec.
[e5324bd5a885]
2020-07-08 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h,
gtests/ssl_gtest/ssl_record_unittest.cc,
gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
lib/ssl/dtls13con.c, lib/ssl/dtls13con.h, lib/ssl/ssl3con.c,
lib/ssl/ssl3prot.h, lib/ssl/sslspec.h, lib/ssl/sslt.h,
lib/ssl/tls13con.c, lib/ssl/tls13exthandle.c:
Bug 1647752 - Update DTLS 1.3 implementation to draft-38. r=mt
This patch updates DTLS 1.3 to draft-38. Specifically:
# `ssl_ct_ack` value changes from 25 to 26. # AEAD limits in
`tls13_UnprotectRecord` enforce a maximum of 2^36-1 (as we only
support GCM/ChaCha20 AEADs) decryption failures before the
connection is closed. # Post-handshake authentication will no longer
be negotiated in DTLS 1.3. This allows us to side-step the more
convoluted state machine requirements.
[132a87fc8689]
2020-07-09 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/pk11wrap/pk11pbe.c, lib/pkcs12/p12d.c:
Bug 1649322 - Fix null pointer passed as argument in
pk11wrap/pk11pbe.c:1246 r=kjacobs
This is a fixup patch that reverts https://hg.mozilla.org/projects/n
ss/rev/cc43ebf5bf88355837c5fafa2f3c46e37626707a and adds a null
check around the memcpy in question.
[80bea0e22b20]
2020-07-09 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11.c:
Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before
accessing slot after obtaining it, even though slotLock is defined
as its lock. [0]
[0] https://searchfox.org/nss/rev/a412e70e55218aaf670f1f10322fa734d8
a9fbde/lib/softoken/pkcs11i.h#320-321
[58c2abd7404e] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D82466
|
|
|
Kevin Jacobs
|
5871df542a |
Bug 1642687 - land NSS NSS_3_54_RTM UPGRADE_NSS_RELEASE, r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D81357 |
|
|
Kevin Jacobs
|
669967478e |
Bug 1642687 - land NSS 87fa2f0598ad UPGRADE_NSS_RELEASE, r=jcj
2020-06-24 Kai Engert <kaie@kuix.de> * automation/release/nspr-version.txt: Bug 1640516 - NSS 3.54 should depend on NSPR 4.26. r=kjacobs [87fa2f0598ad] [tip] 2020-06-23 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_54_BETA1 for changeset 2bd2f3267dc5 [fe2ed4384f6a] Differential Revision: https://phabricator.services.mozilla.com/D80989 |
|
|
Kevin Jacobs
|
34be3870be |
Bug 1642687 - land NSS 2bd2f3267dc5 UPGRADE_NSS_RELEASE, r=jcj
2020-06-22 Kevin Jacobs <kjacobs@mozilla.com> * lib/util/quickder.c: Bug 1646520 - Stricter leading-zero checks for ASN.1 INTEGER values. r=jcj This patch adjusts QuickDER to strictly enforce INTEGER encoding with respect to leading zeros: - If the MSB of the first (value) octet is set, a single zero byte MAY be present to make the value positive. This singular pad byte is removed. - Otherwise, the first octet must not be zero. [2bd2f3267dc5] [tip] Differential Revision: https://phabricator.services.mozilla.com/D80543 |
|
|
Kevin Jacobs
|
bc02cf3e36 |
Bug 1642687 - land NSS 699541a7793b UPGRADE_NSS_RELEASE, r=jcj
2020-06-16 Sohaib ul Hassan <sohaibulhassan@tuni.fi> * lib/freebl/mpi/mpi.c, lib/freebl/mpi/mpi.h, lib/freebl/mpi/mplogic.c: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley [699541a7793b] [tip] Differential Revision: https://phabricator.services.mozilla.com/D80120 |
|
|
Kevin Jacobs
|
0c2287c77b |
Bug 1642687 - land NSS 6dcd00c13ffc UPGRADE_NSS_RELEASE, r=jcj
2020-06-15 J.C. Jones <jjones@mozilla.com> * lib/ckfw/builtins/nssckbi.h: Bug 1618402 - June 2020 batch of root changes, NSS_BUILTINS_LIBRARY_VERSION 2.42 r=bbeurdouche,KathleenWilson All changes: Bug 1618402 - Remove 3 Symantec roots and disable Email trust bit for others Bug 1621151 - Disable Email trust bit for GRCA root Bug 1639987 - Remove expired Staat der Nederlanden Root CA - G2 root cert Bug 1641718 - Remove "LuxTrust Global Root 2" root cert Bug 1641716 - Add Microsoft's non-EV roots Bug 1645174 - Add Microsec's "e-Szigno Root CA 2017" root cert Bug 1645186 - Add "certSIGN Root CA G2" root cert Bug 1645199 - Remove Expired AddTrust root certs Depends on D79373 [6dcd00c13ffc] [tip] 2020-06-12 J.C. Jones <jjones@mozilla.com> * lib/ckfw/builtins/certdata.txt: Bug 1645186 - Add certSIGN Root CA G2 root cert r=KathleenWilson Friendly Name: certSIGN Root CA G2 Cert Location: http://crl.certsign.ro/certsign-rootg2.crt SHA-1 Fingerprint: 26F993B4ED3D2827B0B94BA7E9151DA38D92E532 SHA-256 Fingerprint: 657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305 Trust Flags: Websites Test URL: https://testssl-valid- evcp.certsign.ro/ Depends on D79372 [d541eaaca2ef] * lib/ckfw/builtins/certdata.txt: Bug 1645174 - Add e-Szigno Root CA 2017 r=KathleenWilson,kjacobs Depends on D79371 [6d397f2a5f01] * lib/ckfw/builtins/certdata.txt: Bug 1641716 - Add Microsoft non-EV roots r=KathleenWilson,kjacobs Friendly Name: Microsoft ECC Root Certificate Authority 2017 Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Ro ot%20Certificate%20Authority%202017.crt SHA-1 Fingerprint: 999A64C37FF47D9FAB95F14769891460EEC4C3C5 SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02 Trust Flags: Websites Test URL: https://acteccroot2017.pki.microsoft.com/ Friendly Name: Microsoft RSA Root Certificate Authority 2017 Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Ro ot%20Certificate%20Authority%202017.crt SHA-1 Fingerprint: 73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0 Trust Flags: Websites Test URL: https://actrsaroot2017.pki.microsoft.com/ Depends on D79370 [576f52ca3f02] * lib/ckfw/builtins/certdata.txt: Bug 1645199 - Remove Expired AddTrust root certs r=KathleenWilson,kjacobs Remove the following two expired AddTrust root certs from NSS. Subject/Issuer: CN=AddTrust Class 1 CA Root; OU=AddTrust TTP Network; O=AddTrust AB; C=SE Valid To (GMT): 5/30/2020 SHA-1 Fingerprint: CCAB0EA04C2301D6697BDD379FCD12EB24E3949D SHA-256 Fingerprint: 8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7 Subject/Issuer: CN=AddTrust External CA Root; OU=AddTrust External TTP Network; O=AddTrust AB; C=SE Valid To (GMT): 5/30/2020 SHA-1 Fingerprint: 02FAF3E291435468607857694DF5E45B68851868 SHA-256 Fingerprint: 687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2 Mozilla EV Policy OID(s): 1.3.6.1.4.1.6449.1.2.1.5.1 Depends on D79369 [96d0279ef929] * lib/ckfw/builtins/certdata.txt: Bug 1641718 - Remove "LuxTrust Global Root 2" root cert r=KathleenWilson,kjacobs Subject: CN=LuxTrust Global Root 2; O=LuxTrust S.A.; C=LU Valid From (GMT): 3/5/2015 Valid To (GMT): 3/5/2035 Certificate Serial Number: 0A7EA6DF4B449EDA6A24859EE6B815D3167FBBB1 SHA-1 Fingerprint: 1E0E56190AD18B2598B20444FF668A0417995F3F SHA-256 Fingerprint: 54455F7129C20B1447C418F997168F24C58FC5023BF5DA5BE2EB6E1DD8902ED5 Depends on D79368 [cc40386d3958] * lib/ckfw/builtins/certdata.txt: Bug 1639987 - Remove expired Staat der Nederlanden Root CA - G2 root cert r=KathleenWilson,kjacobs Subject: CN=Staat der Nederlanden Root CA - G2; O=Staat der Nederlanden; C=NL Valid From (GMT): 3/26/2008 Valid To (GMT): 3/25/2020 Certificate Serial Number: 0098968C SHA-1 Fingerprint: 59AF82799186C7B47507CBCF035746EB04DDB716 SHA-256 Fingerprint: 668C83947DA63B724BECE1743C31A0E6AED0DB8EC5B31BE377BB784F91B6716F Depends on D79367 [7236f86d8db7] * lib/ckfw/builtins/certdata.txt: Bug 1621151 - Disable email trust bit for TW Government Root Certification Authority root r=kjacobs,KathleenWilson Depends on D79366 [d56b95fc344f] * lib/ckfw/builtins/certdata.txt: Bug 1618402 - Disable email trust bit for several Symantec certs r=KathleenWilson,kjacobs Disable the Email trust bit for the following root certs" Subject: CN=GeoTrust Global CA; O=GeoTrust Inc.; C=US Certificate Serial Number: 023456 SHA-1 Fingerprint: DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 SHA-256 Fingerprint: FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A Subject: CN=GeoTrust Primary Certification Authority - G2; OU=(c) 2007 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US Certificate Serial Number: 3CB2F4480A00E2FEEB243B5E603EC36B SHA-1 Fingerprint: 8D1784D537F3037DEC70FE578B519A99E610D7B0 SHA-256 Fingerprint: 5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766 Subject: CN=GeoTrust Primary Certification Authority - G3; OU=(c) 2008 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US Certificate Serial Number: 15AC6E9419B2794B41F627A9C3180F1F SHA-1 Fingerprint: 039EEDB80BE7A03C6953893B20D2D9323A4C2AFD SHA-256 Fingerprint: B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4 Subject: CN=GeoTrust Universal CA; O=GeoTrust Inc.; C=US Certificate Serial Number: 01 SHA-1 Fingerprint: E621F3354379059A4B68309D8A2F74221587EC79 SHA-256 Fingerprint: A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912 Subject: CN=GeoTrust Universal CA 2; O=GeoTrust Inc.; C=US Certificate Serial Number: 01 SHA-1 Fingerprint: 379A197B418545350CA60369F33C2EAF474F2079 SHA-256 Fingerprint: A0234F3BC8527CA5628EEC81AD5D69895DA5680DC91D1CB8477F33F878B95B0B Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4; OU=VeriSign Trust Network, (c) 2007 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US Certificate Serial Number: 2F80FE238C0E220F486712289187ACB3 SHA-1 Fingerprint: 22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A SHA-256 Fingerprint: 69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79 Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5; OU=VeriSign Trust Network, (c) 2006 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US Certificate Serial Number: 18DAD19E267DE8BB4A2158CDCC6B3B4A SHA-1 Fingerprint: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 SHA-256 Fingerprint: 9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF Depends on D79365 [606157f404c2] * lib/ckfw/builtins/certdata.txt: Bug 1618402 - Remove VeriSign CA and associated EgyptTrust distrust entries r=KathleenWilson,kjacobs Remove the VeriSign Class 3 Public Primary Certification Authority - G3 CA: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3; OU=VeriSign Trust Network, (c) 1999 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US Certificate Serial Number: 009B7E0649A33E62B9D5EE90487129EF57 SHA-1 Fingerprint: 132D0D45534B6997CDB2D5C339E25576609B5CC6 SHA-256 Fingerprint: EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244 Because of the removal of VeriSign Class 3 Public Primary Certification Authority - G3, these knock-out entries, signed by that CA, should be removed: cert 1: Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34 Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/epository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1 cert 2: Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51 Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/epository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34 Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E cert 3: Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use nly",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76 Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2 Depends on D79364 [8cd8fd97f0e7] * lib/ckfw/builtins/certdata.txt: Bug 1618402 - Remove Symantec and VeriSign roots r=KathleenWilson,kjacobs Remove the following root certs: Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4; OU=Symantec Trust Network; O=Symantec Corporation; C=US Certificate Serial Number: 34176512403BB756802D80CB7955A61E SHA-1 Fingerprint: 6724902E4801B02296401046B4B1672CA975FD2B SHA-256 Fingerprint: FE863D0822FE7A2353FA484D5924E875656D3DC9FB58771F6F616F9D571BC592 Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4; OU=Symantec Trust Network; O=Symantec Corporation; C=US Certificate Serial Number: 216E33A5CBD388A46F2907B4273CC4D8 SHA-1 Fingerprint: 84F2E3DD83133EA91D19527F02D729BFC15FE667 SHA-256 Fingerprint: 363F3C849EAB03B0A2A0F636D7B86D04D3AC7FCFE26A0A9121AB9795F6E176DF [06e27f62d77b] 2020-06-15 Mike Hommey <mh@glandium.org> * lib/freebl/Makefile, lib/freebl/manifest.mn: Bug 1642146 - Move seed.o back into freeblpriv3. r=bbeurdouche [f46fca8ced7f] Differential Revision: https://phabricator.services.mozilla.com/D79905 |
|
|
Kevin Jacobs
|
e9ae922ddc |
Bug 1642687 - land NSS cbf75aedf480 UPGRADE_NSS_RELEASE, r=jcj
2020-06-12 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/secutil.c:
Bug 1645479 - Use SECITEM_CopyItem instead of SECITEM_MakeItem in
secutil.c. r=jcj
This patch converts a call to `SECITEM_MakeItem` to use
`SECITEM_CopyItem` instead. Using the former works fine in NSS CI,
but causes build failures in mozilla-central due to differences in
how both symbols are exported (i.e. when folding nssutil into nss).
[cbf75aedf480] [tip]
2020-06-11 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/ssl_resumption_unittest.cc:
Bug 1644774 - Use ClearServerCache instead of
SSLInt_ClearSelfEncryptKey for ticket invalidation. r=mt
[7b2413d80ce3]
2020-06-10 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/basicutil.c, cmd/lib/secutil.c, cmd/lib/secutil.h,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, lib/ssl/tls13psk.c:
Bug 1603042 - Support external PSKs in tstclnt/selfserv. r=jcj
This patch adds support for TLS 1.3 external PSKs in tstclnt and
selfserv with the `-z` option.
Command examples:
- `selfserv -D -p 4443 -d . -n localhost.localdomain -w nss -V tls1.3:
-H 1 -z 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -m`
- `tstclnt -h 127.0.0.1 -p 4443 -z
0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -d . -w nss`
For OpenSSL interop:
- `openssl s_server -nocert -port 4433 -psk
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD [-psk_identity label]`
Note: If the optional label is omitted, both NSS tools and OpenSSL
default to "Client_identity".
[c1b1112af415]
2020-06-09 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/tls13con.c:
Bug
|
|
|
Kevin Jacobs
|
7c45f2a0f0 |
Bug 1642687 - land NSS d211f3013abb UPGRADE_NSS_RELEASE, r=jcj
2020-06-01 Kevin Jacobs <kjacobs@mozilla.com> * coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c, lib/freebl/sha256.h, lib/freebl/sha512.c, mach: Bug 1528113 - Use ARM's crypto extension for SHA256 [ea54fd986036] 2020-04-08 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, gtests/ssl_gtest/tls_connect.h, gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn, lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c, lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c, lib/ssl/tls13psk.h, lib/ssl/tls13replay.c: Bug 1603042 - TLS 1.3 out-of-band PSK support [a448d7919077] 2020-06-01 Makoto Kato <m_kato@ga2.so-net.ne.jp> * coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c, lib/freebl/sha256.h, lib/freebl/sha512.c: Bug 1528113 - Use ARM's crypto extension for SHA256 r=kjacobs ARMv8 CPU has accelerated hardware instruction for SHA256 that supports GCC 4.9+. We should use it if available. [61c83f79e90c] 2020-06-02 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, gtests/ssl_gtest/tls_connect.h, gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn, lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c, lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c, lib/ssl/tls13psk.h, lib/ssl/tls13replay.c: Bug 1603042 - TLS 1.3 out-of-band PSK support r=mt This patch adds support for External (out-of-band) PSKs in TLS 1.3. An External PSK (EPSK) can be set by calling `SSL_AddExternalPsk`, and removed with `SSL_RemoveExternalPsk`. `SSL_AddExternalPsk0Rtt` can be used to add a PSK while also specifying a suite and max_early_data_size for use with 0-RTT. As part of handling PSKs more generically, the patch also changes how resumption PSKs are handled internally, so as to rely on the same mechanisms where possible. A socket is currently limited to only one External PSK at a time. If the server doesn't find the same identity for the configured EPSK, it will fall back to certificate authentication. [a2293e897889] * lib/freebl/mpi/mplogic.c: cast in LZCNTLOOP [96e65b2e9531] * lib/freebl/freebl.gyp: Use KRML_VERIFIED_UINT128 on MSVC builds [abd50c862bdb] 2020-06-03 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c, lib/ssl/tls13con.c: Bug |
|
|
J.C. Jones
|
98c9615522 |
Bug 1636656 - land NSS NSS_3_53_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-29 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.53 final [7e453a5afcb4] [NSS_3_53_RTM] <NSS_3_53_BRANCH> 2020-05-28 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_53_BETA2 for changeset 8fe22033a88e [90c954f62c9d] Differential Revision: https://phabricator.services.mozilla.com/D77555 |
|
|
Kevin Jacobs
|
2bfb4bdcea |
Bug 1636656 - land NSS NSS_3_53_BETA2 UPGRADE_NSS_RELEASE, r=jcj
2020-05-28 Kevin Jacobs <kjacobs@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1640260 - Initialize PBE params r=jcj [8fe22033a88e] [NSS_3_53_BETA2] 2020-05-27 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/ckfw/builtins/certdata.txt: Bug 1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs. r=jcj [8bfb386f459f] * lib/ckfw/builtins/certdata.txt: Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and SK ID root certs. r=jcj [4d1b7bbeebfe] 2020-05-26 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_53_BETA1 for changeset c7a1c91cd9be [661e3e3f6ba5] Differential Revision: https://phabricator.services.mozilla.com/D77388 |
|
|
Kevin Jacobs
|
1ed51331e9 |
Bug 1636656 - land NSS NSS_3_53_BETA1 UPGRADE_NSS_RELEASE, r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D76940 |
|
|
Kevin Jacobs
|
24b7b9ddd6 |
Bug 1636656 - land NSS c7a1c91cd9be UPGRADE_NSS_RELEASE, r=jcj
2020-05-22 J.C. Jones <jjones@mozilla.com> * lib/freebl/altivec-types.h, lib/freebl/ppc-crypto.h: Bug 1629414 - Guard USE_PPC_CRYPTO and VSX types with __VSX__ and __ALTIVEC__ r=kjacobs This avoids build errors on non-VSX architectures even when not compiling the POWER accelerated code. [c7a1c91cd9be] [tip] 2020-05-21 Jeff Walden <jwalden@mit.edu> * lib/freebl/aes-x86.c: Bug 1639033 - Use unsigned int for a loop counter to eliminate a signed-unsigned comparison warning in aes-x86.c. r=kjacobs Depends on D75847 [e23fe363fa05] * lib/freebl/ec.c: Bug 1639033 - Used unsigned int instead of int in a few places in ec.c to eliminate signed-unsigned comparison warnings. r=kjacobs Depends on D75846 [0d778b0e778f] * lib/freebl/cmac.c: Bug 1639033 - Use unsigned int rather than int for two variables to eliminate a bunch of signed-unsigned comparison warnings. r=kjacobs Depends on D75845 [df5c8f6430a0] * lib/freebl/mpi/mplogic.c, lib/freebl/mpi/mplogic.h: Bug 1639033 - Use unsigned int for various count variables in mplogic.c to eliminate signed-unsigned comparison warnings. r=kjacobs Depends on D75844 [ce5b8b7e010c] * lib/freebl/aeskeywrap.c: Bug 1639033 - Use size_t for loops up to sizeof(T) in aeskeywrap.c to eliminate some signed-comparison warnings. r=kjacobs Depends on D75843 [563a7cd7484b] * lib/softoken/pkcs11i.h, lib/softoken/sftkike.c: Bug 1639033 - Change +sftk_xcbc_mac_pad's block-size argument to be unsigned int to avoid sign-comparison warnings. r=kjacobs Depends on D75842 [a5f80d0805ca] 2020-05-22 Jeff Walden <jwalden@mit.edu> * lib/jar/jar.c: Bug 1639033 - Use the jarType enum type, not int, for certain variables and arguments in jar.c -- for greater precision, and to avoid sign-comparison warnings. r=kjacobs Depends on D75841 [e65dd5c2cf86] 2020-05-19 Jeff Walden <jwalden@mit.edu> * lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h: Bug 1639033 - Make all |moduleIndex| variables in pkcs11.c be unsigned, to eliminate a -Wsign-compare warning. r=kjacobs Depends on D75840 [6512178a58f5] * cmd/lib/basicutil.c: Bug 1639033 - Fix signed-unsigned comparison warning in basicutil.c. r=kjacobs [98390eef50a1] 2020-05-22 Martin Thomson <mt@lowentropy.net> * lib/ssl/sslencode.c: Bug 1640041 - Don't memcpy nothing, r=jcj Depends on D76421 [8d7c96ab80a7] * lib/ssl/sslsock.c: Bug 1640042 - Don't memcpy nothing, r=jcj [1a634da46b87] * gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/ssl_recordsep_unittest.cc, gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl.h, lib/ssl/ssl3gthr.c, lib/ssl/sslimpl.h, lib/ssl/sslsock.c, lib/ssl/tls13con.c: Bug 1639413 - Option to disable TLS 1.3 EndOfEarlyData message, r=kjacobs This adds the ability to disable EndOfEarlyData. On the client this is relatively simple, you just turn the message off. The server is complicated because the server uses this to drive the installation of the right keys. Without it, things get very messy. Thus, I have decided that this is best left to the SSL_RecordLayerData interface. That needs an ugly hack in order to let the new data to pass, but the damage is otherwise relatively minor, apart from one obvious thing. We never really built the SSL_RecordLayerData API to take application data. It only did that to support testing of the functions. Now that we have to deal with this new wrinkle, adding support for 0-RTT is necessary. This change does that. That requires a barrage of new checks to see if application data is acceptable. And then early data is captured in a completely different way, which adds another layer of awfulness. Note that this exposes us to the possibility that Certificate or Finished are received in early data when using SSL_RecordLayerData and this option. I don't think that fixing that is worthwhile as it requires tracking the epoch of handshake messages separate to ss->ssl3.crSpec and the epoch only really exists on that API so that applications don't accidentally do bad things. In QUIC, we specifically block handshake messages in early data, so we have ample protection. [10325739e149] Differential Revision: https://phabricator.services.mozilla.com/D76572 |
|
|
J.C. Jones
|
18fcf86435 |
Bug 1636656 - land NSS 527a1792be4e UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-20 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/freebl/freebl_base.gypi: Bug 1638289 - Fix multiple definitions of SHA2 on ppc64le. r=kjacobs [527a1792be4e] [tip] Differential Revision: https://phabricator.services.mozilla.com/D76415 |
|
|
J.C. Jones
|
02cb9eb00d |
Bug 1636656 - land NSS daa823a4a29b UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-19 Robert Relyea <rrelyea@redhat.com>
* lib/freebl/dsa.c:
Bug 1631576 - Force a fixed length for DSA exponentiation
r=pereida,bbrumley
[daa823a4a29b] [tip]
2020-05-14 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/freebl/Makefile, lib/freebl/deprecated/seed.c,
lib/freebl/deprecated/seed.h, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/seed.c, lib/freebl/seed.h:
Bug
|
|
|
J.C. Jones
|
74a8ec946b |
Bug 1636656 - land NSS e2061fe522f5 UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-12 Kevin Jacobs <kjacobs@mozilla.com> * gtests/freebl_gtest/mpi_unittest.cc: Bug 1561331 - Additional modular inverse test r=jcj [e2061fe522f5] [tip] 2020-05-08 Jan-Marek Glogowski <glogow@fbihome.de> * coreconf/rules.mk, lib/ckfw/builtins/Makefile, lib/ckfw/builtins/testlib/Makefile, lib/ckfw/capi/Makefile, lib/dev/Makefile, lib/freebl/Makefile, lib/pk11wrap/Makefile, lib/softoken/Makefile: Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyea Introduces a simple "%/d" rule to create directories using $(MAKE_OBJDIR) and replace all explicit $(MAKE_OBJDIR) calls with an order-only-prerequisites. To expand the $(@D) prerequisite, this needs .SECONDEXPANSION. [c3f11da5acfc] 2020-05-05 Jan-Marek Glogowski <glogow@fbihome.de> * coreconf/IRIX.mk, coreconf/OS2.mk, coreconf/README, coreconf/SunOS4.1.3_U1.mk, coreconf/SunOS5.mk, coreconf/UNIX.mk, coreconf/WIN32.mk, coreconf/config.mk, coreconf/location.mk, coreconf/mkdepend/Makefile, coreconf/mkdepend/cppsetup.c, coreconf/mkdepend/def.h, coreconf/mkdepend/ifparser.c, coreconf/mkdepend/ifparser.h, coreconf/mkdepend/imakemdep.h, coreconf/mkdepend/include.c, coreconf/mkdepend/main.c, coreconf/mkdepend/mkdepend.man, coreconf/mkdepend/parse.c, coreconf/mkdepend/pr.c, coreconf/rules.mk: Bug 1438431 Remove mkdepend tool and targets r=rrelyea [6c5f91e098a1] * coreconf/README, coreconf/rules.mk: Bug 1629553 Drop duplicate header DIR variables r=rrelyea [d1f954627260] * coreconf/OpenUNIX.mk, coreconf/README, coreconf/SCO_SV3.2.mk, coreconf/config.mk, coreconf/cpdist.pl, coreconf/import.pl, coreconf/jdk.mk, coreconf/jniregen.pl, coreconf/module.mk, coreconf/outofdate.pl, coreconf/release.pl, coreconf/rules.mk, coreconf/ruleset.mk, coreconf/source.mk, coreconf/version.mk: Bug 1629553 Drop coreconf java support r=rrelyea There aren't an Java sources in NSS, so just drop all the stuff referencing java, jars, jni, etc. I didn't try to remove it from tests. [7d285fe69c8c] * cmd/crmf-cgi/Makefile, cmd/crmf-cgi/config.mk, cmd/crmftest/Makefile, cmd/crmftest/config.mk, cmd/lib/Makefile, cmd/lib/config.mk, cmd/lib/manifest.mn, cmd/libpkix/config.mk, cmd/libpkix/perf/Makefile, cmd/libpkix/perf/manifest.mn, cmd/libpkix/pkix/Makefile, cmd/libpkix/pkix/certsel/Makefile, cmd/libpkix/pkix/certsel/manifest.mn, cmd/libpkix/pkix/checker/Makefile, cmd/libpkix/pkix/checker/manifest.mn, cmd/libpkix/pkix/crlsel/Makefile, cmd/libpkix/pkix/crlsel/manifest.mn, cmd/libpkix/pkix/params/Makefile, cmd/libpkix/pkix/params/manifest.mn, cmd/libpkix/pkix/results/Makefile, cmd/libpkix/pkix/results/manifest.mn, cmd/libpkix/pkix/store/Makefile, cmd/libpkix/pkix/store/manifest.mn, cmd/libpkix/pkix/top/Makefile, cmd/libpkix/pkix/top/manifest.mn, cmd/libpkix/pkix/util/Makefile, cmd/libpkix/pkix/util/manifest.mn, cmd/libpkix/pkix_pl/Makefile, cmd/libpkix/pkix_pl/module/Makefile, cmd/libpkix/pkix_pl/module/manifest.mn, cmd/libpkix/pkix_pl/pki/Makefile, cmd/libpkix/pkix_pl/pki/manifest.mn, cmd/libpkix/pkix_pl/system/Makefile, cmd/libpkix/pkix_pl/system/manifest.mn, cmd/libpkix/testutil/manifest.mn, cpputil/Makefile, cpputil/config.mk, cpputil/manifest.mn, lib/base/Makefile, lib/base/config.mk, lib/base/manifest.mn, lib/certdb/Makefile, lib/certdb/config.mk, lib/certdb/manifest.mn, lib/certhigh/Makefile, lib/certhigh/config.mk, lib/certhigh/manifest.mn, lib/ckfw/Makefile, lib/ckfw/builtins/Makefile, lib/ckfw/builtins/config.mk, lib/ckfw/builtins/manifest.mn, lib/ckfw/builtins/testlib/Makefile, lib/ckfw/builtins/testlib/config.mk, lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/capi/Makefile, lib/ckfw/capi/config.mk, lib/ckfw/capi/manifest.mn, lib/ckfw/config.mk, lib/ckfw/dbm/Makefile, lib/ckfw/dbm/config.mk, lib/ckfw/dbm/manifest.mn, lib/ckfw/manifest.mn, lib/crmf/Makefile, lib/crmf/config.mk, lib/crmf/manifest.mn, lib/cryptohi/Makefile, lib/cryptohi/config.mk, lib/cryptohi/manifest.mn, lib/dbm/src/config.mk, lib/dbm/src/manifest.mn, lib/dev/Makefile, lib/dev/config.mk, lib/dev/manifest.mn, lib/jar/Makefile, lib/jar/config.mk, lib/jar/manifest.mn, lib/libpkix/Makefile, lib/libpkix/config.mk, lib/libpkix/include/Makefile, lib/libpkix/include/config.mk, lib/libpkix/pkix/Makefile, lib/libpkix/pkix/certsel/Makefile, lib/libpkix/pkix/certsel/config.mk, lib/libpkix/pkix/certsel/manifest.mn, lib/libpkix/pkix/checker/Makefile, lib/libpkix/pkix/checker/config.mk, lib/libpkix/pkix/checker/manifest.mn, lib/libpkix/pkix/config.mk, lib/libpkix/pkix/crlsel/Makefile, lib/libpkix/pkix/crlsel/config.mk, lib/libpkix/pkix/crlsel/manifest.mn, lib/libpkix/pkix/params/Makefile, lib/libpkix/pkix/params/config.mk, lib/libpkix/pkix/params/manifest.mn, lib/libpkix/pkix/results/Makefile, lib/libpkix/pkix/results/config.mk, lib/libpkix/pkix/results/manifest.mn, lib/libpkix/pkix/store/Makefile, lib/libpkix/pkix/store/config.mk, lib/libpkix/pkix/store/manifest.mn, lib/libpkix/pkix/top/Makefile, lib/libpkix/pkix/top/config.mk, lib/libpkix/pkix/top/manifest.mn, lib/libpkix/pkix/util/Makefile, lib/libpkix/pkix/util/config.mk, lib/libpkix/pkix/util/manifest.mn, lib/libpkix/pkix_pl_nss/Makefile, lib/libpkix/pkix_pl_nss/config.mk, lib/libpkix/pkix_pl_nss/module/Makefile, lib/libpkix/pkix_pl_nss/module/config.mk, lib/libpkix/pkix_pl_nss/module/manifest.mn, lib/libpkix/pkix_pl_nss/pki/Makefile, lib/libpkix/pkix_pl_nss/pki/config.mk, lib/libpkix/pkix_pl_nss/pki/manifest.mn, lib/libpkix/pkix_pl_nss/system/Makefile, lib/libpkix/pkix_pl_nss/system/config.mk, lib/libpkix/pkix_pl_nss/system/manifest.mn, lib/pk11wrap/Makefile, lib/pk11wrap/config.mk, lib/pk11wrap/manifest.mn, lib/pkcs12/Makefile, lib/pkcs12/config.mk, lib/pkcs12/manifest.mn, lib/pkcs7/Makefile, lib/pkcs7/config.mk, lib/pkcs7/manifest.mn, lib/pki/Makefile, lib/pki/config.mk, lib/pki/manifest.mn, lib/sqlite/Makefile, lib/sysinit/Makefile, lib/util/Makefile, lib/zlib/Makefile, lib/zlib/config.mk, lib/zlib/manifest.mn: Bug 1629553 Merge simple config.mk files r=rrelyea There is really no good reason to explicitly change the TARGET variable. And the empty SHARED_LIBRARY variable should also be in the manifest.mn to begin with. All the other empty variables start empty or undefined, so there is also no need to explicitly set them empty. [dc1ef0faf4a6] * cmd/libpkix/testutil/config.mk, coreconf/OS2.mk, coreconf/WIN32.mk, coreconf/ruleset.mk, coreconf/suffix.mk, gtests/common/Makefile, gtests/common/manifest.mn, gtests/google_test/Makefile, gtests/google_test/manifest.mn, gtests/pkcs11testmodule/Makefile, gtests/pkcs11testmodule/config.mk, gtests/pkcs11testmodule/manifest.mn, lib/ckfw/builtins/config.mk, lib/ckfw/builtins/manifest.mn, lib/ckfw/builtins/testlib/config.mk, lib/ckfw/capi/config.mk, lib/ckfw/capi/manifest.mn, lib/freebl/config.mk, lib/nss/config.mk, lib/nss/manifest.mn, lib/smime/config.mk, lib/smime/manifest.mn, lib/softoken/config.mk, lib/softoken/legacydb/config.mk, lib/softoken/legacydb/manifest.mn, lib/softoken/manifest.mn, lib/sqlite/config.mk, lib/sqlite/manifest.mn, lib/ssl/config.mk, lib/ssl/manifest.mn, lib/sysinit/config.mk, lib/sysinit/manifest.mn, lib/util/config.mk, lib/util/manifest.mn: Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyea * Drop the WIN% "32" default DLL suffix * Add default resource file handling => drop default RES * Generate IMPORT_LIBRARY based on IMPORT_LIB_SUFFIX and SHARED_LIBRARY, so we can drop all the explicit empty IMPORT_LIBRARY lines Originally this patch also tried to add a default MAPFILE rule, but this fails, because the ARCH makefiles set linker flags based on an existing MAPFILE variable. [877d721d93cd] * coreconf/rules.mk: Bug 1629553 Use an eval template for C++ compile rules r=rrelyea These pattern rules already had a comment to keep both in sync, so just use an eval template to enforce this. [9b628d9c57e5] * lib/freebl/Makefile: Bug 1629553 Use an eval template for freebl libs r=rrelyea [71dd05b782e4] * coreconf/rules.mk: Bug 1629553 Use an eval template for export targets r=rrelyea [45db681898be] * lib/pk11wrap/manifest.mn, lib/pk11wrap/pk11load.c, lib/pk11wrap/pk11wrap.gyp: Bug 1629553 Prefix pk11wrap (SHLIB|LIBRARY)_VERSION with NSS_ r=rrelyea In the manifest.mn the LIBRARY_VERSION is normally used to define the major version of the build shared library. This ust works for the pk11wrap case, because pk11wrap is a static library. But it's still very confusing when reading the manifest.mn. Also the referenced define in the code is just named SHLIB_VERSION. So this prefixes the defines and the variables with NSS_, because it tries to load the NSS library, just as the SOFTOKEN_.*_VERSION is used to load the versioned softokn library. [cbb737bc6c0c] * Makefile, cmd/Makefile, cmd/shlibsign/Makefile, cmd/smimetools/rules.mk, coreconf/rules.mk, gtests/manifest.mn, lib/freebl/Makefile, lib/manifest.mn, manifest.mn: Bug 290526 Drop double-colon usage and add directory depends r=rrelyea Double-colon rule behaviour isn't really compatible with parallel build. This gets rid of all of them, so we can codify the directory dependencies. This leaves just three problems, which aren't really fixable with the current build system without completely replacing it: * everything depends on nsinstall * everything depends on installed headers * ckfw child directories depend on the build parent libs This is handled by the prepare_build target. Overall this allows most if the build to run in parallel. P.S. the release_md:: has to stay :-( P.P.S. no clue, why freebl must use libs: instead of using the TARGETS and .PHONY variables [f3a0ef69c056] * coreconf/WIN32.mk, gtests/certdb_gtest/manifest.mn, gtests/common/Makefile, gtests/google_test/Makefile, gtests/google_test/manifest.mn, gtests/pkcs11testmodule/Makefile: Bug 290526 Fix gtests build for WIN% targets r=rrelyea The google_test gtest build doesn't provide any exports for the shared library on Windows and the gyp build also builds just a static library. So build gtest and gtestutil libraries as static. For whatever reason, the Windows linker doesn't find the main function inside the gtestutil library, if we don't tell it to build a console executable. But linking works fine, if the object file is used directly. But since we can have different main() objects based on build flags, we enforce building console applications binaries. [a82a55886c1d] * cmd/bltest/manifest.mn, cmd/chktest/manifest.mn, cmd/crmf- cgi/manifest.mn, cmd/crmftest/manifest.mn, cmd/fipstest/manifest.mn, cmd/lib/Makefile, cmd/libpkix/testutil/Makefile, cmd/lowhashtest/manifest.mn, cmd/modutil/manifest.mn, cmd/pk11gcmtest/manifest.mn, cmd/pk11mode/manifest.mn, cmd/rsapoptst/manifest.mn, cmd/signtool/manifest.mn, cmd/ssltap/manifest.mn, coreconf/README, coreconf/rules.mk, cpputil/manifest.mn, gtests/google_test/manifest.mn, gtests/pkcs11testmodule/Makefile, lib/base/Makefile, lib/certdb/Makefile, lib/certhigh/Makefile, lib/ckfw/Makefile, lib/crmf/Makefile, lib/cryptohi/Makefile, lib/dbm/include/Makefile, lib/dev/Makefile, lib/dev/manifest.mn, lib/freebl/Makefile, lib/libpkix/Makefile, lib/libpkix/include/Makefile, lib/libpkix/include/manifest.mn, lib/libpkix/pkix/Makefile, lib/libpkix/pkix/certsel/Makefile, lib/libpkix/pkix/certsel/manifest.mn, lib/libpkix/pkix/checker/Makefile, lib/libpkix/pkix/checker/manifest.mn, lib/libpkix/pkix/crlsel/Makefile, lib/libpkix/pkix/crlsel/manifest.mn, lib/libpkix/pkix/params/Makefile, lib/libpkix/pkix/params/manifest.mn, lib/libpkix/pkix/results/Makefile, lib/libpkix/pkix/results/manifest.mn, lib/libpkix/pkix/store/Makefile, lib/libpkix/pkix/store/manifest.mn, lib/libpkix/pkix/top/Makefile, lib/libpkix/pkix/top/manifest.mn, lib/libpkix/pkix/util/Makefile, lib/libpkix/pkix/util/manifest.mn, lib/libpkix/pkix_pl_nss/Makefile, lib/libpkix/pkix_pl_nss/module/Makefile, lib/libpkix/pkix_pl_nss/module/manifest.mn, lib/libpkix/pkix_pl_nss/pki/Makefile, lib/libpkix/pkix_pl_nss/pki/manifest.mn, lib/libpkix/pkix_pl_nss/system/Makefile, lib/libpkix/pkix_pl_nss/system/manifest.mn, lib/nss/Makefile, lib/pk11wrap/Makefile, lib/pki/Makefile, lib/pki/manifest.mn, lib/softoken/Makefile, lib/softoken/legacydb/Makefile, lib/sqlite/Makefile, lib/sqlite/manifest.mn, lib/ssl/Makefile, lib/util/Makefile, lib/zlib/Makefile: Bug 290526 Drop recursive private_exports r=rrelyea Copying private headers is now simply included in the exports target, as these headers use an extra directory anyway. [989ecbd870f3] * Makefile, cmd/shlibsign/Makefile, coreconf/Makefile, coreconf/README, coreconf/nsinstall/Makefile, coreconf/rules.mk, coreconf/ruleset.mk, lib/Makefile, lib/ckfw/Makefile: Bug 290526 Parallelize part of the NSS build r=rrelyea This still serializes many targets, but at least these targets themself run their build in parallel. The main serialization happens in nss/Makefile and nss/coreconf/rules.mk's all target. We can't add these as real dependencies, as all Makefile snippets use the same variable names. I tried to always run sub-makes to hack in the depndencies, but these don't know of each other, so targets very often run twice, and this breaks the build. Having a tests:: target and a tests directory leads to misery (and doesn't work), so it's renamed to check. This just works with NSS_DISABLE_GTESTS=1 specified and is fixed by a follow up patch, which removes the double-colon usage and adds the directory dependencies! [5d0bfa092e0f] * coreconf/UNIX.mk, coreconf/WIN32.mk, coreconf/mkdepend/Makefile, coreconf/nsinstall/Makefile, coreconf/ruleset.mk: Bug 290526 Don't delete directories r=rrelyea If these files exist and aren't directories, there might be other problems. Trying to "fix" them by removing will break the build. [fb377d36262d] * coreconf/rules.mk: Bug 290526 Handle empty install variables r=rrelyea Originally I added the install commands to the individual build targets. But this breaks the incremental build, because there is actually no dependency for the install. But it turns out, that in the end it's enough to ignore empty defined variables, so just do this. [585942b1d556] * coreconf/rules.mk: Bug 290526 Handle parallel PROGRAM and PROGRAMS r=rrelyea I have no real clue, why PROGRAMS is actually working in the sequence build. There is no special make code really handling it, except for the install target. This patches code is inspired by the $(eval ...) example in the GNU make documentation. It generates a program specific make target and maps the programs objects based on the defined variables. [d30a6953b897] Differential Revision: https://phabricator.services.mozilla.com/D75385 |
|
J.C. Jones
|
638a597baa |
Bug 1636656 - land NSS e3444f4cc638 UPGRADE_NSS_RELEASE,
Differential Revision: https://phabricator.services.mozilla.com/D74716 |
|
|
J.C. Jones
|
92f783423e |
Bug 1629594 - land NSS NSS_3_52_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-01 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.52 final [befc258c4336] [NSS_3_52_RTM] <NSS_3_52_BRANCH> 2020-04-30 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_52_BETA2 for changeset bb4462a16de8 [c5d002af1d61] Differential Revision: https://phabricator.services.mozilla.com/D73512 |
|
Ciure Andrei
|
1a902cc7ab | Backed out changeset ebe0bd6a038c (bug 1614053) for landing with the wrong bug# UPGRADE_NSS_RELEASE CLOSED TREE | |
|
J.C. Jones
|
ed1c0b9f61 |
Bug 1614053 - land NSS NSS_3_52_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-01 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.52 final [befc258c4336] [NSS_3_52_RTM] <NSS_3_52_BRANCH> 2020-04-30 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_52_BETA2 for changeset bb4462a16de8 [c5d002af1d61] Differential Revision: https://phabricator.services.mozilla.com/D73512 |
|
|
Kevin Jacobs
|
a1a7ac61e5 |
Bug 1629594 - land NSS NSS_3_52_BETA2 UPGRADE_NSS_RELEASE, r=jcj
2020-04-30 zhujianwei7 <zhujianwei7@huawei.com> * lib/smime/cmssigdata.c: Bug 1630925 - Guard all instances of NSSCMSSignedData.signerInfos r=kjacobs [bb4462a16de8] [NSS_3_52_BETA2] 2020-04-30 Kevin Jacobs <kjacobs@mozilla.com> * gtests/pk11_gtest/pk11_seed_cbc_unittest.cc, lib/freebl/seed.c, lib/freebl/seed.h: Bug 1619959 - Properly handle multi-block SEED ECB inputs. r=bbeurdouche,jcj [d67517e92371] 2020-04-28 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_52_BETA1 for changeset 0b30eb1c3650 [11415c3334ab] 2020-04-24 Robert Relyea <rrelyea@redhat.com> * lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c: Bug 1571677 Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name r=mt This patch makes libpkix treat name contraints the same the NSS cert verifier. This proposal available for review for 9 months without objection. Time to make this official [0b30eb1c3650] [NSS_3_52_BETA1] 2020-04-27 Edouard Oger <eoger@fastmail.com> * lib/freebl/blinit.c: Bug 1633498 - Do not define getauxval on iOS targets. r=jcj [7b5e3b9fbc7d] 2020-04-27 Robert Relyea <rrelyea@redhat.com> * lib/softoken/sftkike.c: Bug |
|
|
Kevin Jacobs
|
e4e3559e1b |
Bug 1629594 - land NSS aae226c20dfd UPGRADE_NSS_RELEASE, r=jcj
2020-04-24 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/softoken_gtest/softoken_gtest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11pub.h, lib/softoken/sdb.c:
Bug 1612881 - Maintain PKCS11 C_GetAttributeValue semantics on
attributes that lack NSS database columns r=keeler,rrelyea
`sdb_GetAttributeValueNoLock` builds a query string from a list of
attributes in the input template. Unfortunately,
`sqlite3_prepare_v2` will fail the entire query if one of the
attributes is missing from the underlying table. The PKCS #11 spec
[[ https://www.cryptsoft.com/pkcs11doc/v220/pkcs11__all_8h.html#aC_G
etAttributeValue | requires ]] setting the output `ulValueLen` field
to -1 for such invalid attributes.
This patch reads and stores the columns of nssPublic/nssPrivate when
opened, then filters an input template in
`sdb_GetAttributeValueNoLock` for unbacked/invalid attributes,
removing them from the query and setting their template output
lengths to -1.
[aae226c20dfd] [tip]
2020-04-23 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/sslnonce.c:
Bug 1531906 - Relax ssl3_SetSIDSessionTicket assertions to permit
valid, evicted or externally-cached sids. r=mt
This patch relaxes an overzealous assertion for the case where: 1)
Two sockets start connections with a shared SID. 2) One receives an
empty session ticket in the SH, and evicts the SID from cache. 3)
The second socket receives a new session ticket, and attempts to set
it in the SID.
We currently assert that the sid is `in_client_cache` at 3), but
clearly it cannot be. The outstanding reference remains valid
despite the eviction.
This also solves a related assertion failure after
https://hg.mozilla.org/mozilla-central/rev/c5a8b641d905 where the
same scenario occurs, but instead of being `in_client_cache` or
evicted, the SID is `in_external_cache`.
[a68de0859582]
2020-04-16 Robert Relyea <rrelyea@redhat.com>
* gtests/common/testvectors/kwp-vectors.h,
gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_aeskeywrapkwp_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/freebl/aeskeywrap.c,
lib/freebl/blapi.h, lib/freebl/blapit.h, lib/freebl/hmacct.c,
lib/freebl/ldvector.c, lib/freebl/loader.c, lib/freebl/loader.h,
lib/pk11wrap/pk11mech.c, lib/softoken/lowpbe.c,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c, lib/ssl/ssl3con.c,
lib/util/secport.h:
Bug 1630721 Softoken Functions for FIPS missing r=mt
For FIPS we need the following:
1. NIST official Key padding for AES Key Wrap. 2. Combined
Hash/Sign mechanisms for DSA and ECDSA.
In the first case our AES_KEY_WRAP_PAD function addes pkcs8 padding
to the normal AES_KEY_WRAP, which is a different algorithm then the
padded key wrap specified by NIST. PKCS #11 recognized this and
created a special mechanism to handle NIST padding. That is why we
don't have industry test vectors for CKM_NSS_AES_KEY_WRAP_PAD. This
patch implements that NIST version (while maintaining our own). Also
PKCS #11 v3.0 specified PKCS #11 mechanism for AES_KEY_WRAP which
are compatible (semantically) with the NSS vendor specific versions,
but with non-vendor specific numbers. Softoken now accepts both
numbers.
This patch also updates softoken to handle DSA and ECDSA combined
hash algorithms other than just SHA1 (which is no longer validated).
Finally this patch uses the NIST KWP test vectors in new gtests for
the AES_KEY_WRAP_KWP wrapping algorithm.
As part of the AES_KEY_WRAP_KWP code, the Constant time macros have
been generalized and moved to secport. Old macros scattered
throughout the code have been deleted and existing contant time code
has been updated to use the new macros.
[3682d5ef3db5]
2020-04-21 Lauri Kasanen <cand@gmx.com>
* lib/freebl/Makefile, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/gcm.h, lib/freebl/ppc-
crypto.h, lib/freebl/scripts/LICENSE, lib/freebl/scripts/gen.sh,
lib/freebl/scripts/ppc-xlate.pl, lib/freebl/scripts/sha512p8-ppc.pl,
lib/freebl/sha512-p8.s, lib/freebl/sha512.c:
Bug 1613238 - POWER SHA-2 digest vector acceleration. r=jcj,kjacobs
[2d66bd9dcad4]
2020-04-18 Robert Relyea <rrelyea@redhat.com>
* coreconf/Linux.mk, coreconf/config.gypi, lib/softoken/sdb.c:
Bug
|
|
|
Kevin Jacobs
|
7d42f279f2 |
Bug 1629594 - land NSS 50dcc34d470d UPGRADE_NSS_RELEASE, r=jcj
2020-04-13 Kevin Jacobs <kjacobs@mozilla.com> * lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11load.c: Bug 1629105 - Update PKCS11 module debug logger for v3.0 r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70582 [50dcc34d470d] [tip] 2020-04-07 Robert Relyea <rrelyea@redhat.com> * lib/ckfw/builtins/testlib/Makefile: Bug 1465613 Fix gmake issue create by the patch which adds ability to distrust certificates issued after a certain date for a specified root cert r=jcj I've been trying to run down an issue I've been having, and I think this bug is the source. Whenever I build ('gmake' build), I get the following untracted files: ? lib/ckfw/builtins/testlib/anchor.o ? lib/ckfw/builtins/testlib/bfind.o ? lib/ckfw/builtins/testlib/binst.o ? lib/ckfw/builtins/testlib/bobject.o ? lib/ckfw/builtins/testlib/bsession.o ? lib/ckfw/builtins/testlib/bslot.o ? lib/ckfw/builtins/testlib/btoken.o ? lib/ckfw/builtins/testlib/ckbiver.o ? lib/ckfw/builtins/testlib/constants.o This is because of the way lib/ckfw/builtins/testlib works, it uses the sources from the directory below, and explicitly reference them with ../{source_name}.c. The object file then becomes lib/ckfw/builtins/testlib/{OBJDIR}/../{source_name}.o. The simple fix would be to paper over the issue and just add these to .hgignore, but that would break our ability to build multiple platforms on a single source directory. I'll include a patch that fixes this issue. bob Differential Revision: https://phabricator.services.mozilla.com/D70077 [92058f185316] 2020-04-06 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/ssl_gtest/tls_hkdf_unittest.cc, lib/nss/nss.def, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c, lib/ssl/sslprimitive.c, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13hkdf.c, lib/ssl/tls13replay.c, tests/ssl/ssl.sh: Bug 1561637 TLS 1.3 does not work in FIPS mode r=mt Part 2 of 2 Use the official PKCS #11 HKDF mechanism to implement tls 1.3. 1) The new mechanism is a single derive mechanism, so we no longer need to pick it based on the underlying hmac (Note, we still need to know the underlying hmac, which is passed in as a mechanism parameter). 2) Use the new keygen to generate CKK_HKDF keys rather than doing it by hand with the random number generator (never was really the best way of doing this). 3) modify tls13hkdf.c to use the new mechanisms: 1) Extract: use the new key handle in the mechanism parameters to pass the salt when the salt is a key handle. Extract: use the explicit NULL salt parameter if for the hash len salt of zeros. 2) Expand: Expand is mostly a helper function which takes a mechanism. For regular expand, the mechanism is the normal _Derive, for the Raw version its the _Data function. That creates a data object, which is extractable in FIPS mode. 4) update slot handling in tls13hkdf.c: 1) we need to make sure that the key and the salt key are in the same slot. Provide a PK11wrap function to make that guarrentee (and use that function in PK11_WrapKey, which already has to do the same function). 2) When importing a 'data' key for the zero key case, make sure we import into the salt key's slot. If there is no salt key, use PK11_GetBestSlot() rather than PK11_GetInternal slot. Differential Revision: https://phabricator.services.mozilla.com/D69899 [3d2b1738e064] 2020-04-06 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/curve25519-vectors.h, gtests/common/testvectors/p256ecdh-vectors.h, gtests/common/testvectors/p384ecdh-vectors.h, gtests/common/testvectors/p521ecdh-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha256-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha384-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha512-vectors.h, gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h, gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h, gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_misc-vectors.h, gtests/common/testvectors/rsa_signature-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha224-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha256-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha512-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha256-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha384-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha512-vectors.h, gtests/common/testvectors/rsa_signature_4096_sha384-vectors.h, gtests/common/testvectors/rsa_signature_4096_sha512-vectors.h, gtests/common/testvectors_base/rsa_signature-vectors_base.txt, gtests/common/testvectors_base/test-structs.h, gtests/common/wycheproof/genTestVectors.py, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc, gtests/pk11_gtest/pk11_rsaoaep_unittest.cc, gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, gtests/pk11_gtest/pk11_rsapss_unittest.cc: Bug 1612260 - Add Wycheproof vectors for RSA PKCS1 and PSS signing, PKCS1 and OEAP decryption. r=bbeurdouche This patch updates the Wycheproof script to build RSA test vectors (covering PKCS1 decryption/verification, as well as PSS and OAEP) and adds the appropriate test drivers. Differential Revision: https://phabricator.services.mozilla.com/D69847 [469fd8633757] 2020-04-01 Kevin Jacobs <kjacobs@mozilla.com> * automation/taskcluster/docker-fuzz32/Dockerfile: Bug 1626751 - Add apt-transport-https & apt-utils to fuzz32 docker image r=jcj We already install these packages on the image_builder image itself. It seems they're now required on the fuzz32 image as well. Differential Revision: https://phabricator.services.mozilla.com/D69274 [c7a8195e3072] 2020-04-01 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/Makefile: Bug |