There are a few places in PSM where the result of an NSS function returning
char* is adopted by e.g. an nsXPIDLCString, which will use the wrong deallocator
when the string eventually gets destroyed.
This is basically Bug 1281564, but the free() call is buried within the Mozilla
string code instead.
MozReview-Commit-ID: HVSMyRpLnjS
--HG--
extra : transplant_source : Msmc%DB%16%23%87%00%A1%05%ABB%0BD%97%3B%A1%E7x
For 32-bit Linux 4.3+, always add socketcall dispatcher even if relevant
syscalls are known, because both entry points will exist.
See Linux kernel commit:
commit 9dea5dc921b5f4045a18c63eb92e84dc274d17eb
Author: Andy Lutomirski <luto@kernel.org>
Date: Tue Jul 14 15:24:24 2015 -0700
x86/entry/syscalls: Wire up 32-bit direct socket calls
MozReview-Commit-ID: I3GEvolGfsR
--HG--
extra : rebase_source : c358a6d39d9bf5701150e58f1002f6c6dc91cd6f
Nothing in the file requires functionality provided by the CPP unit test harness,
so making the file a GTest makes it more accessible.
MozReview-Commit-ID: FaAtF0blCwV
--HG--
rename : security/manager/ssl/tests/compiled/TestMD4.cpp => security/manager/ssl/tests/gtest/MD4Test.cpp
extra : transplant_source : edV%1F%0B97%1B%25%FA%0ABH%14%F5%A2Ms/%7E
Currently, running all the PSM GTests involves providing a filter that catches
all the various tests. This is annoying and error prone.
The changes here make running all PSM GTests as easy as:
mach gtest "psm*"
MozReview-Commit-ID: EqaysNvwJaQ
--HG--
extra : transplant_source : %0CCM%99%12%18%8D%B9%DD%84%0C%A06%0Ba%AD%A7%EB%B3%FB
Previously this implementation would use the expected names of the built-in
module and slot to get a handle on them. This doesn't work on distributions that
use other names. The new implementation searches through the slots from the
default module list for one where PK11_HasRootCerts returns true (which
indicates that NSS considers that slot to contain the default built-in root
list).
MozReview-Commit-ID: LmX27hQfFJU
--HG--
extra : rebase_source : 50383dcc77257fe08ce2c7d908e95cda7c4bbe9d
This makes the certificate viewer able to shrink itself down a bit on small
screen sizes. Without this patch, the "Close" button would be off the screen on
small resolutions like 1024x768. On larger screen sizes, this patch should have
no effect on the initial size of the certificate viewer window (although it now
can be made smaller manually).
MozReview-Commit-ID: IET9dxx23Xc
--HG--
extra : rebase_source : 487c88d626df7184502226b9ce02410adc504f12
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.
A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.
MozReview-Commit-ID: CE7Uc2ntwmZ
--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
concatenation of the CN of the server cert and the port of the server, and
|issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
benefit of letting implementations skip null checks due to the use of
references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
more logical, and paves the way for future changes.
This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.
This also fixes the following:
1. Lack of localisation notes.
MozReview-Commit-ID: FTc6XecJd6h
--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
This allows nsNSSCertificate::FormatUIStrings() to be reimplemented in JS, which
is a necessary step for making nsIClientAuthDialogs::ChooseCertificate() pass an
nsIArray of nsIX509Certs.
Also removes some deprecated and unused constants.
MozReview-Commit-ID: CJITKVlUEtP
--HG--
extra : transplant_source : %1C%09%B2%B5%F4%C4%28%1A%B2%E5%CFsu%8B%B6W%8El%9Cn
There are a few places in PSM where free() is used to free memory allocated by
NSS instead of PORT_Free() (or higher level deallocation functions that end up
calling PORT_Free()).
In practice, PORT_Free() is just a wrapper around PR_Free(), which is just a
wrapper around free() if we don't ask NSPR to use a zone allocator.
Gecko explicitly tells NSPR not to use a zone allocator, so the changes here are
mainly for making the code more obviously correct.
This patch also includes some misc cleanup.
MozReview-Commit-ID: 9Ccg5OwlhWR
--HG--
extra : rebase_source : 768979a4bedb1cbdab2398d2a416429d9a241dd6
4361f2ad66
renamed transport_security_state_static.certs to
transport_security_state_static.pins, so the URL needs to be updated to avoid
a 404.
MozReview-Commit-ID: 1FmYdi0mMcI
--HG--
extra : rebase_source : 25ebf2290cab6ee12f98bc65972b696c45d506d0
This is safe because TLS Feature checks have already been done when connecting
to the site in the first place.
MozReview-Commit-ID: HfbcrAv4bCJ
--HG--
extra : rebase_source : d1f22c1a4e2c8535e10bd071c937a1aac7b8e2fd
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.
MozReview-Commit-ID: oKwdjzDjij
The preprocessor token HAVE_ANDROID_OS configures 'android_filesystem_config.h'
to include the correct header files from the environment.
MozReview-Commit-ID: oKwdjzDjij
Prior to these changes, GetSymKeyByNickname() could theoretically leak. This
should not happen in practice, so the changes here just ensure that the code
doesn't cause leaks.
MozReview-Commit-ID: LWtqLmsBPV2
--HG--
extra : transplant_source : rWE%CD%D8%A7%87%3C%95%03%B5%03E%3E%06E%C7O%0D%F6
Create a base "nsIU2FToken" interface that all tokens must implement. This
patch does not change U2F.cpp from initializing tokens monolithically, but
if/when future tokens are added, the implementer may want to do that.
MozReview-Commit-ID: GQuu6NolF4D
--HG--
extra : transplant_source : %3Fi%8E%C4n%BF%C1%DB%DB%03HjG%B5%9Ct%9EMWH
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.
MozReview-Commit-ID: IXsg2nGOqoa
--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
Scoped.h is deprecated in favour of the standardised UniquePtr.
This patch removes use of Scoped.h everywhere in PSM except ScopedNSSTypes.h,
which is exported. Other consumers of ScopedNSSTypes.h can move off Scoped.h
at their own pace.
This patch also changes parameters and return types of various functions to make
ownership more explicit.
MozReview-Commit-ID: BFbtCDjENzy
--HG--
extra : transplant_source : %0B%C7%9F%40%FA9%A4%F2%5E%0D%92%1C%A6%A49%94%C3%7E%1Cz
This patch removes an infallible duplication of the base64-encoded string,
which can be large.
--HG--
extra : rebase_source : c8e709d7afcb53e23fdea919fade857a7fd3fea4
mOnStateLocationChangeReentranceDetection and nsAutoAtomic form an unnecessarily
threadsafe reentrance prevention mechanism that can be replaced by
mozilla::ReentrancyGuard.
MozReview-Commit-ID: KWDdFD5TpCk
--HG--
extra : rebase_source : c3e0a9ad32ff169c6afb00dd10099835b6196682
The function basically duplicates existing Mozilla string class functionality.
MozReview-Commit-ID: 9IFEXuT9cW1
--HG--
extra : rebase_source : 0d0c4492a63f7a168b6092fdb2e1bf8ec09d5308
Prior to the changes here, nsNSSCertValidity had the following issues:
- Did not check for NSS shut down.
- Provided an irrelevant zero argument constructor.
- Did not explicitly delete the unwanted copy constructor and assignment
operators.
- Misc style issues.
- Did not have a dedicated test.
MozReview-Commit-ID: JUPtk1OjsNg
--HG--
extra : rebase_source : 2f6475c842b8c1c2570a7a5e4e9f87f0bb12deae
Firefox no longer supports DSA cipher suites, so this telemetry is dead code.
MozReview-Commit-ID: G3ipd0TADM
--HG--
extra : rebase_source : 6cd2b10727107c048010d39b24e328f5539a7220
mozilla::BitwiseCast does the same thing, but provides static asserts that
mitigate some of the risk of using reinterpret_cast.
MozReview-Commit-ID: ENQ8QC6Nl9o
--HG--
extra : rebase_source : c1725c8363c0f7f9877601de5ab5f152ef4d0439
These reinterpret_casts can be static_casts or const_casts instead.
MozReview-Commit-ID: 1KQDWHO9CGS
--HG--
extra : rebase_source : a629d91577bdcb6d7fd94416e61ad46ca43f945d
These uses of reinterpret_cast are either pointless, or can be removed via
refactoring.
MozReview-Commit-ID: Aw2rlJfrT6J
--HG--
extra : rebase_source : 243d6c38eedc086c59d47c93d4a57cb6a922910a
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.
https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ
Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.
Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.
MozReview-Commit-ID: JzTRGPn9vzI
CLOSED TREE
Backed out changeset d0ab0d508a24 (bug 1271829)
Backed out changeset 9f4983dfd881 (bug 1271829)
Backed out changeset 28b45df659b7 (bug 1271794)
ScopedPK11Context is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
MozReview-Commit-ID: HE8UY1hOuph
--HG--
extra : transplant_source : 4%BF%81M%09Q-%2A%E6%04%86i%18%1B%3CL%90%88%04%C7
We've decided supporting the small number of x86 machines
without SSE2 instructions is no longer worth the cost in
developer time nor the performance impact for other users.
https://groups.google.com/d/msg/mozilla.dev.platform/dZC39mj5V-s/Xt_UqZXkAAAJ
Set -arch:SSE2 by default on x86 if an arch hasn't already
been supplied. This ensures we'll continue to build with
the right instruction set if the compiler changes its default
in the future, while still allowing custom builds to set
a lower minimum.
Also updates the filter to strip all arch switches on win64
when building the sandbox. The 64-bit compiler doesn't
support -arch:SSE2 either.
MozReview-Commit-ID: JzTRGPn9vzI
HSTS priming changes the order of mixed-content blocking and HSTS
upgrades, and adds a priming request to check if a mixed-content load is
accesible over HTTPS and the server supports upgrading via the
Strict-Transport-Security header.
Every call site that uses AsyncOpen2 passes through the mixed-content
blocker, and has a LoadInfo. If the mixed-content blocker marks the load as
needing HSTS priming, nsHttpChannel will build and send an HSTS priming
request on the same URI with the scheme upgraded to HTTPS. If the server
allows the upgrade, then channel performs an internal redirect to the HTTPS URI,
otherwise use the result of mixed-content blocker to allow or block the
load.
nsISiteSecurityService adds an optional boolean out parameter to
determine if the HSTS state is already cached for negative assertions.
If the host has been probed within the previous 24 hours, no HSTS
priming check will be sent.
The original changeset that is being backed out had comment:
Bug 1023941 - Part 2: Static-link the CRT into plugin-container.exe.
MozReview-Commit-ID: 1iPJghgd0t2
--HG--
extra : rebase_source : cbed4e43f51af8ea0c3adbfc150ed029fe0d0f57
In bug 317630, in the call to PK11_ConfigurePKCS11, the order of the strings
provided was switched such that the FIPS token description appeared before the
FIPS slot description, when in fact the reverse should happen.
|let| is generally preferred over |var| in PSM JS.
MozReview-Commit-ID: 7SJWQSKFxI4
--HG--
extra : rebase_source : 387c6259ffa2cb0585ff366edc568ccc39bfd902
The rationale behind nsIEntropyCollector was to supplement NSS' source of
entropy with randomness from mouse move events. This obviously doesn't work on
platforms without a mouse (e.g. mobile platforms). Furthermore, as NSS seeds its
random number generator with robust randomness from the operating system, this
is unnecessary anyway. The primary concern is that initialization of the random
number generator must happen after forking, which is exactly what we do with the
child process in e10s mode.
MozReview-Commit-ID: GYQDElSCZy0
--HG--
extra : rebase_source : 6273a78203121c4d4ddf3ed97451f393ceef4b88
The (more) modern Mozilla string classes can be used instead, which at the very
least provide built in automatic memory management and performance improvements.
MozReview-Commit-ID: 4l2Er5rkeI0
--HG--
extra : transplant_source : %A1%16%AB%02m%CA%25HfW%40%96Mq%0D%F0%91%9C%99%29
ScopedPK11SlotInfo is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes PK11SlotInfo parameters of various functions to make ownership more
explicit, and replaces some manual management of PK11SlotInfo pointers.
MozReview-Commit-ID: JtNH2lJsjwx
--HG--
extra : rebase_source : 9d764e0dd3a1f2df14c16f8f14a3c5392770c9a1
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the
standardised UniquePtr.
Also changes CERTCertList parameters of various functions to make ownership more
explicit.
MozReview-Commit-ID: EXqxTK6inqy
--HG--
extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
It's an annotation that is used a lot, and should be used even more, so a
shorter name is better.
MozReview-Commit-ID: 1VS4Dney4WX
--HG--
extra : rebase_source : b26919c1b0fcb32e5339adeef5be5becae6032cf