This patch converts the certList attribute of nsITransportSecurityInfo
from nsIX509CertList to Array<nsIx509Cert>
Differential Revision: https://phabricator.services.mozilla.com/D48745
--HG--
extra : moz-landing-system : lando
OS.File.writeAtomic expects either a utf-8 string or a typed array. This patch
fixes instances in pippki.js in certificate export where this was not
guaranteed to be the case. It also extends the test for this functionality to
cover more cases.
Differential Revision: https://phabricator.services.mozilla.com/D50117
--HG--
extra : moz-landing-system : lando
Bug 1267643 removed filtering of client certificates based on the
"certificate_authorities" list sent in the client certificate request from the
server in TLS handshakes because it is impossible to implement as specified
without false negatives (i.e. excluding certificates that could be usable but
don't seem to be according to the certificates the client is aware of). In
practice, however, it seems enough users rely on this behavior[0] that we
should add it back until the platform can save client certificate selections
across restarts and the "select one automatically" option is removed (see also
bug 634697).
[0] See e.g. bug 1588703, bug 1590297, bug 1590596, bug 1074195 comment 27,
and any other duplicates of this bug.
Differential Revision: https://phabricator.services.mozilla.com/D50355
--HG--
extra : moz-landing-system : lando
This change enables the version downgrade sentinel across all channels. We
don't have good telemetry on this, but Chrome reports 0.02%, which is low enough
to just make the change without additional validation on our end.
This only really affects intercepting middleboxes that forward the real server's
ServerHello.random. That's a terrible idea, and, as above, the evidence
suggests that this is now rare enough to have those boxes break connections.
The pref will remain for those cases where problems persist.
Differential Revision: https://phabricator.services.mozilla.com/D50387
--HG--
extra : moz-landing-system : lando
Update sandbox rules to allow services and files needed for global UI system preferences.
Update tests now that stat() calls on the filesystem are permitted.
Differential Revision: https://phabricator.services.mozilla.com/D50298
--HG--
extra : moz-landing-system : lando
Most of these tests have been disabled for a long time; they run well
in the current test environment.
This completes my review of skipped Android tests.
Differential Revision: https://phabricator.services.mozilla.com/D49954
--HG--
extra : moz-landing-system : lando
This patch converts the certList attribute of nsITransportSecurityInfo
from nsIX509CertList to Array<nsIx509Cert>
Differential Revision: https://phabricator.services.mozilla.com/D48745
--HG--
extra : moz-landing-system : lando
2019-10-18 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 final
[7ccb4ade5577] [NSS_3_47_RTM] <NSS_3_47_BRANCH>
* .hgtags:
Added tag NSS_3_47_BETA4 for changeset d3c8638f85cd
[d5bd7be1bf2a]
Differential Revision: https://phabricator.services.mozilla.com/D49813
--HG--
extra : moz-landing-system : lando
2019-10-18 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Rewrite softoken CBC pad check to be constant
r=jcj,kjacobs
[d3c8638f85cd] [NSS_3_47_BETA4]
2019-10-17 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc:
Bug 1589120 - Additional test vectors for CBC padding. r=jcj
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.
[7f17b911ac99]
* gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp:
Bug 1589120 - Tests for padded AES key wrap r=jcj
This patch adds test vectors for padded AES Key Wrap. AES-CBC and
3DES-CBC ports of the same vectors will be included in a separate
revision.
[fb4d9b6ea2c4]
2019-10-16 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h, lib/ssl/tls13subcerts.c,
tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh:
Bug 1588244 - SSLExp_DelegateCredential to support 'rsaEncryption'
end-entity certs with default scheme override r=mt
If an end-entity cert has an SPKI type of 'rsaEncryption', override
the DC alg to be `ssl_sig_rsa_pss_rsae_sha256`.
[93383e0fb833]
2019-10-16 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA3 for changeset f10c3e0757b7
[fa8a67bee2dc]
Differential Revision: https://phabricator.services.mozilla.com/D49774
--HG--
extra : moz-landing-system : lando
The internal representation of certList has been converted to
cert array, and this patch does it for the serialization.
Differential Revision: https://phabricator.services.mozilla.com/D49347
--HG--
extra : moz-landing-system : lando
Adds support for creating and using a PSandboxTesting actor in the GPU process.
Differential Revision: https://phabricator.services.mozilla.com/D42386
--HG--
extra : moz-landing-system : lando
This patch includes a new browser chrome mochitest that uses a new XPCOM service (moxISandboxTest) to create a new top-level actor (PSandboxTesting) between the chrome process and any supported child processes (in later parts of this patch set). The framework is makes it easy to add new C/C++ instructions to be tested for permission under real sandbox conditions. Test results can be conditioned on the type of OS, process, sandbox level, etc.
Differential Revision: https://phabricator.services.mozilla.com/D37706
--HG--
extra : moz-landing-system : lando
2019-10-16 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Backed out changeset 474d62c9d0db for PK11_Wrap/Unwrap
issues r=me
[f10c3e0757b7] [NSS_3_47_BETA3]
2019-10-15 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA2 for changeset f657d65428c6
[3ca8b20b24ee]
* cmd/addbuiltin/addbuiltin.c:
Bug 1465613 - Fixup clang format a=bustage
[f657d65428c6] [NSS_3_47_BETA2]
2019-10-11 Marcus Burghardt <mburghardt@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, cmd/addbuiltin/addbuiltin.c,
cmd/lib/secutil.c, gtests/softoken_gtest/manifest.mn,
gtests/softoken_gtest/softoken_gtest.gyp,
gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc,
lib/certdb/certdb.c, lib/certdb/certt.h, lib/ckfw/builtins/README,
lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/manifest.mn,
lib/ckfw/builtins/nssckbi.h, lib/ckfw/builtins/testlib/Makefile,
lib/ckfw/builtins/testlib/builtins-testlib.gyp,
lib/ckfw/builtins/testlib/certdata-testlib.txt,
lib/ckfw/builtins/testlib/config.mk,
lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/builtins/testlib
/nssckbi-testlib.rc,
lib/ckfw/builtins/testlib/testcert_err_distrust.txt,
lib/ckfw/builtins/testlib/testcert_no_distrust.txt,
lib/ckfw/builtins/testlib/testcert_ok_distrust.txt,
lib/ckfw/manifest.mn, lib/nss/nss.def, lib/pki/pki3hack.c,
lib/softoken/sdb.c, lib/util/pkcs11n.h, nss.gyp, tests/cert/cert.sh:
Bug 1465613 - Created two new fields for scheduled distrust from
builtins and updated support commands. r=jcj,kjacobs,mt
Added two new fields do scheduled distrust of CAs in
nssckbi/builtins. Also, created a testlib to validate these fields
with gtests.
[52024949df95]
2019-10-14 Martin Thomson <martin.thomson@gmail.com>
* lib/ssl/tls13con.c:
Bug 1588557 - Fix debug statement, r=jcj
[0f563a2571c3]
2019-10-15 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/lib/pkixcert.cpp:
bug 1579060 - fix handling of issuerUniqueID and subjectUniqueID in
mozilla::pkix::BackCert r=jcj
According to RFC 5280, the definitions of issuerUniqueID and
subjectUniqueID in TBSCertificate are as follows:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
where UniqueIdentifier is a BIT STRING.
IMPLICIT tags replace the tag of the underlying type. For these
fields, there is no specified class (just a tag number within the
class), and the underlying type of BIT STRING is "primitive" (i.e.
not constructed). Thus, the tags should be of the form CONTEXT
SPECIFIC | [number in class], which comes out to 0x81 and 0x82,
respectively.
When originally implemented, mozilla::pkix incorrectly required that
the CONSTRUCTED bit also be set for these fields. Consequently, the
library would reject any certificate that actually contained these
fields. Evidently such certificates are rare.
[c50f933d37a5]
2019-10-14 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Rewrite softoken CBC pad check to be constant time.
r=kjacobs,jcj
[474d62c9d0db]
2019-10-11 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA1 for changeset 93245f5733b3
[f60dbafbc182]
Differential Revision: https://phabricator.services.mozilla.com/D49470
--HG--
extra : moz-landing-system : lando
2019-10-15 J.C. Jones <jjones@mozilla.com>
* cmd/addbuiltin/addbuiltin.c:
Bug 1465613 - Fixup clang format a=bustage
[f657d65428c6] [NSS_3_47_BETA2]
2019-10-11 Marcus Burghardt <mburghardt@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, cmd/addbuiltin/addbuiltin.c,
cmd/lib/secutil.c, gtests/softoken_gtest/manifest.mn,
gtests/softoken_gtest/softoken_gtest.gyp,
gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc,
lib/certdb/certdb.c, lib/certdb/certt.h, lib/ckfw/builtins/README,
lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/manifest.mn,
lib/ckfw/builtins/nssckbi.h, lib/ckfw/builtins/testlib/Makefile,
lib/ckfw/builtins/testlib/builtins-testlib.gyp,
lib/ckfw/builtins/testlib/certdata-testlib.txt,
lib/ckfw/builtins/testlib/config.mk,
lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/builtins/testlib
/nssckbi-testlib.rc,
lib/ckfw/builtins/testlib/testcert_err_distrust.txt,
lib/ckfw/builtins/testlib/testcert_no_distrust.txt,
lib/ckfw/builtins/testlib/testcert_ok_distrust.txt,
lib/ckfw/manifest.mn, lib/nss/nss.def, lib/pki/pki3hack.c,
lib/softoken/sdb.c, lib/util/pkcs11n.h, nss.gyp, tests/cert/cert.sh:
Bug 1465613 - Created two new fields for scheduled distrust from
builtins and updated support commands. r=jcj,kjacobs,mt
Added two new fields do scheduled distrust of CAs in
nssckbi/builtins. Also, created a testlib to validate these fields
with gtests.
[52024949df95]
2019-10-14 Martin Thomson <martin.thomson@gmail.com>
* lib/ssl/tls13con.c:
Bug 1588557 - Fix debug statement, r=jcj
[0f563a2571c3]
2019-10-15 Dana Keeler <dkeeler@mozilla.com>
* gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp,
lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/lib/pkixcert.cpp:
bug 1579060 - fix handling of issuerUniqueID and subjectUniqueID in
mozilla::pkix::BackCert r=jcj
According to RFC 5280, the definitions of issuerUniqueID and
subjectUniqueID in TBSCertificate are as follows:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
where UniqueIdentifier is a BIT STRING.
IMPLICIT tags replace the tag of the underlying type. For these
fields, there is no specified class (just a tag number within the
class), and the underlying type of BIT STRING is "primitive" (i.e.
not constructed). Thus, the tags should be of the form CONTEXT
SPECIFIC | [number in class], which comes out to 0x81 and 0x82,
respectively.
When originally implemented, mozilla::pkix incorrectly required that
the CONSTRUCTED bit also be set for these fields. Consequently, the
library would reject any certificate that actually contained these
fields. Evidently such certificates are rare.
[c50f933d37a5]
2019-10-14 Deian Stefan <deian@cs.ucsd.edu>
* lib/softoken/pkcs11c.c:
Bug 1459141 - Rewrite softoken CBC pad check to be constant time.
r=kjacobs,jcj
[474d62c9d0db]
2019-10-11 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_47_BETA1 for changeset 93245f5733b3
[f60dbafbc182]
Differential Revision: https://phabricator.services.mozilla.com/D49365
--HG--
extra : moz-landing-system : lando
This patch intends to change the internal reprensentation of certList
from nsIX509CertList to Array for TransportSecurityInfo.
Differential Revision: https://phabricator.services.mozilla.com/D48744
--HG--
extra : moz-landing-system : lando
2019-10-11 Kai Engert <kaie@kuix.de>
* automation/release/nspr-version.txt:
Bug 1583068 - Require NSPR version 4.23 r=jcj
[93245f5733b3] [NSS_3_47_BETA1]
2019-10-11 Kevin Jacobs <kjacobs@mozilla.com>
* coreconf/config.gypi, lib/freebl/freebl.gyp:
Bug 1152625 - Add gyp flag for disabling ARM HW AES r=jcj
Adds an option to disable ARMv8 HW AES, if `-Ddisable_arm_hw_aes=1`
is passed to build.sh.
Depends on D34473
[9abcea09fdd4]
2019-10-11 Makoto Kato <m_kato@ga2.so-net.ne.jp>
* lib/freebl/aes-armv8.c:
Bug 1152625 - Part 2. Remove __builtin_assume to avoid crash on PGO.
r=kjacobs,mt
`AESContext->iv` doesn't align to 16 bytes on PGO build, so we
should remove __builtin_assume. Also, I guess that `expandedKey` has
same problem.
[1b0f5c5335ee]
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/aes-armv8.h,
lib/freebl/freebl.gyp, lib/freebl/intel-aes.h,
lib/freebl/rijndael.c:
Bug 1152625 - Support AES HW acceleration on ARMv8. r=kjacobs,jcj
[efb895a43899]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_ciphersuite_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_fuzz_unittest.cc,
gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/ssl3exthandle.c, lib/ssl/sslimpl.h, lib/ssl/tls13con.c:
Bug 1549225 - Up front Signature Scheme validation, r=ueno
Summary: This patch started as an attempt to ensure that a DSA
signature scheme would not be advertised if we weren't willing to
negotiate versions less than TLS 1.3. Then I realized that we didn't
do the same for PKCS#1 RSA.
Then I realized that we were still willing to try to establish
connections when we had a certificate that we couldn't use.
Then I realized that ssl3_config_match_init() wasn't being run
consistently. On resumption, we only ran it when we were PARANOID.
That's silly because we weren't checking policies.
Then I realized that we were allowing ECDSA certificates to be used
when the named group in the certificate was disabled. We weren't
enforcing that consistently either. However, I also discovered that
the check we have wouldn't work without a tweak because in TLS 1.3
the named group is part of the signature scheme; the configured
named groups are only used prior to TLS 1.3 when selecting
ECDSA/ECDH certificates.
So that sounds like a lot of changes but what it boils down to is
more robust checking of the configuration prior to starting a
connection. As a result, we should be offering fewer options that
we're unwilling or unable to follow through on. A good number of
tests needed tweaking as a result because we were relying on getting
past the checks in those tests. No real problems were found as a
result; this just moves failures that might arise from
misconfiguration a little earlier in the process.
[9b418f0a4912]
2019-10-08 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc,
lib/pk11wrap/pk11pk12.c:
Bug 1586947 - Store nickname during EC key import. r=jcj
This patch stores the nickname (if specified) during EC key import.
This was already done for all other key types.
[c319019aee75]
2019-10-08 Marcus Burghardt <mburghardt@mozilla.com>
* lib/certdb/stanpcertdb.c, lib/pk11wrap/pk11load.c,
lib/pki/pki3hack.c:
Bug 1586456 - Unnecessary conditional in pki3hack, pk11load and
stanpcertdb. r=jcj
Some conditionals that are always true were removed.
[b34061c3a377]
Differential Revision: https://phabricator.services.mozilla.com/D49030
--HG--
extra : moz-landing-system : lando
During path building, mozilla::pkix filters out candidate certificates provided
by trust domains where the subject distinguished name does not match the issuer
distinguished name of the certificate it's trying to find an issuer for.
However, if there's a problem decoding the candidate issuer certificate,
mozilla::pkix will make a note of this error, regardless of if that certificate
was potentially a suitable issuer. If no trusted path is found, the error from
that unrelated certificate may ultimately be returned by mozilla::pkix,
resulting in confusion.
Before this patch, NSSCertDBTrustDomain could cause this behavior by blithely
passing every known 3rd party certificate to mozilla::pkix (other sources of
certificates already filter on subject distinguished name). This patch adds
filtering to 3rd party certificates as well.
Differential Revision: https://phabricator.services.mozilla.com/D48120
--HG--
extra : moz-landing-system : lando
Allow access to extra services needed to open file pickers from the Flash process on 10.15.
Differential Revision: https://phabricator.services.mozilla.com/D48145
--HG--
extra : moz-landing-system : lando
2019-10-03 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary.
r=jcj
ECB mode should not require an IV.
[dc86215aea17] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Check mechanism param and param length before casting
to mechanism-specific structs. r=jcj
This patch adds missing PKCS11 input parameter checks, which are
needed prior to casting to mechanism-specific structs.
[53d92a324080]
Differential Revision: https://phabricator.services.mozilla.com/D48109
--HG--
extra : moz-landing-system : lando
Gijs Kruitbosch
Sean Feng
Haik Aftandilian
ffxbld
Dana Keeler
Martin Thomson
Marcus Burghardt
Geoff Brown
Tim Nguyen
Daniel Varga
Gian-Carlo Pascutto
Mihai Alexandru Michis
J.C. Jones
Srujana Peddinti
Johann Hofmann
Kevin Jacobs
Ricky Stewart
Kris Maglione
Junior Hsu
Sylvestre Ledru