diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 519bc2c84140..df8cdd60eb28 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -8f41147c2192 \ No newline at end of file +e9236397be13 \ No newline at end of file diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 590d1bfaeee3..5182f75552c8 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,4 +10,3 @@ */ #error "Do not include this header file." - diff --git a/security/nss/doc/rst/build_artifacts.rst b/security/nss/doc/rst/build_artifacts.rst new file mode 100644 index 000000000000..ba7a48bb57ad --- /dev/null +++ b/security/nss/doc/rst/build_artifacts.rst @@ -0,0 +1,177 @@ +.. _mozilla_projects_nss_build_artifacts: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. + +Build artifacts +=============== + +.. container:: + + **Network Security Services (NSS)** is a set of libraries designed to support cross-platform + development of communications applications that support TLS, S/MIME, and other Internet security + standards. For a general overview of NSS and the standards it supports, see + :ref:`mozilla_projects_nss_overview`. + +.. _shared_libraries: + +`Shared libraries <#shared_libraries>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Network Security Services provides both static libraries and shared libraries. Applications that + use the shared libraries must use only the APIs that they export. Three shared libraries export + public functions: + + - The SSL/TLS library supports core TLS operations. + - The S/MIME library supports core S/MIME operations. + - The freebl library supports core crypto operations. + +.. note:: + + We guarantee that applications using the exported APIs will remain compatible with future + versions of those libraries until deprecated. + +.. container:: + + .. + For a complete list of public functions exported by these shared + libraries in NSS 3.2, see :ref:`mozilla_projects_nss_reference_nss_functions`. + + .. + For information on which static libraries in NSS 3.1.1 are replaced by each of the above shared + libraries in NSS 3.2 , see `Migration from NSS + 3.1.1 `__. + + .. + Figure 1, below, shows a simplified view of the relationships among the three shared libraries + listed above and NSPR, which provides low-level cross platform support for operations such as + threading and I/O. (Note that NSPR is a separate Mozilla project; see `Netscape Portable + Runtime `__ for details.) + + .. image:: /en-US/docs/Mozilla/Projects/NSS/Introduction_to_Network_Security_Services/nss.gif + :alt: Diagram showing the relationships among core NSS libraries and NSPR. + :width: 429px + :height: 196px + +.. _naming_conventions_and_special_libraries: + +`Naming conventions <#naming_conventions_and_special_libraries>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Windows and Unix use different naming conventions for static and dynamic libraries: + + ======= ======== =============================== +   Windows Unix + static ``.lib`` ``.a`` + dynamic ``.dll`` ``.so`` or ``.dylib`` or ``.sl`` + ======= ======== =============================== + + In addition, Windows has "import" libraries that bind to dynamic libraries. So the NSS library + has the following forms: + + - ``libnss3.so`` - Linux shared library + - ``libnss3.dylib`` - MacOS shared library + - ``libnss3.sl`` - HP-UX shared library + - ``libnss.a`` - Unix static library + - ``nss3.dll`` - Windows shared library + - ``nss3.lib`` - Windows import library binding to ``nss3.dll`` + - ``nss.lib`` - Windows static library + + NSS, SSL, and S/MIME have all of the above forms. + + The following static libraries aren't included in any shared libraries + + - ``libcrmf.a``/``crmf.lib`` provides an API for CRMF operations. + - ``libjar.a``/``jar.lib`` provides an API for creating JAR files. + + The following static libraries are included only in external loadable PKCS #11 modules: + + - ``libnssckfw.a``/``nssckfw.lib`` provides an API for writing PKCS #11 modules. + - ``libswfci.a``/``swfci.lib`` provides support for software FORTEZZA. + + The following shared libraries are standalone loadable modules, not meant to be linked with + directly: + + - ``libfort.so``/``libfort.sl``/``fort32.dll`` provides support for hardware FORTEZZA. + - ``libswft.so``/``libswft.sl``/``swft32.dll`` provides support for software FORTEZZA. + - ``libnssckbi.so``/``libnssckbi.sl``/``nssckbi.dll`` defines the default set of trusted root + certificates. + +.. + .. _support_for_ilp32: + + `Support for ILP32 <#support_for_ilp32>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + In NSS 3.2 and later versions, there are two new shared libraries for the platforms HP-UX for + PARisc CPUs and Solaris for (Ultra)Sparc (not x86) CPUs. These HP and Solaris platforms allow + programs that use the ILP32 program model to run on both 32-bit CPUs and 64-bit CPUs. The two + libraries exist to provide optimal performance on each of the two types of CPUs. + + These two extra shared libraries are not supplied on any other platforms. The names of these + libraries are platform-dependent, as shown in the following table. + + ================================== ============================ ============================ + Platform for 32-bit CPUs for 64-bit CPUs + Solaris/Sparc ``libfreebl_pure32_3.so`` ``libfreebl_hybrid_3.so`` + HPUX/PARisc ``libfreebl_pure32_3.sl`` ``libfreebl_hybrid_3.sl`` + AIX (planned for a future release) ``libfreebl_pure32_3_shr.a`` ``libfreebl_hybrid_3_shr.a`` + ================================== ============================ ============================ + + An application should not link against these libraries, because they are dynamically loaded by + NSS at run time. Linking the application against one or the other of these libraries may produce + an application program that can only run on one type of CPU (e.g. only on 64-bit CPUs, not on + 32-bit CPUs) or that doesn't use the more efficient 64-bit code on 64-bit CPUs, which defeats the + purpose of having these shared libraries. + + On platforms for which these shared libraries exist, NSS 3.2 will fail if these shared libs are + not present. So, an application must include these files in its distribution of NSS shared + libraries. These shared libraries should be installed in the same directory where the other NSS + shared libraries (such as ``libnss3.so``) are installed. Both shared libs should always be + installed whether the target system has a 32-bit CPU or a 64-bit CPU. NSS will pick the right one + for the local system at run time. + + Note that NSS 3.x is also available in the LP64 model for these platforms, but the LP64 model of + NSS 3.x does not have these two extra shared libraries. + +.. + .. _what_you_should_already_know: + + `What you should already know <#what_you_should_already_know>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + Before using NSS, you should be familiar with the following topics: + + - Concepts and techniques of public-key cryptography + - The Secure Sockets Layer (SSL) protocol + - The PKCS #11 standard for cryptographic token interfaces + - Cross-platform development issues and techniques + + .. _where_to_find_more_information: + + `Where to find more information <#where_to_find_more_information>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + For information about PKI and SSL that you should understand before using NSS, see the following: + + - `Introduction to Public-Key + Cryptography `__ + - `Introduction to + SSL `__ + + For links to API documentation, build instructions, and other useful information, see the + :ref:`mozilla_projects_nss`. + + As mentioned above, NSS is built on top of NSPR. The API documentation for NSPR is available at + `NSPR API + Reference `__. diff --git a/security/nss/doc/rst/community.rst b/security/nss/doc/rst/community.rst new file mode 100644 index 000000000000..dce308741d3f --- /dev/null +++ b/security/nss/doc/rst/community.rst @@ -0,0 +1,70 @@ +.. _Community: + +Community +--------- + +Network Security Services (NSS) is maintained by a group of engineers and researchers, +mainly RedHat and Mozilla. + +.. warning:: + + While the NSS team focuses mainly on supporting platforms and features needded by + Firefox and RHEL, we are happy to take contributions. + +Contributors can reach out the the core team and follow NSS related news through the +following mailing list, Google group and Element/Matrix channel: + +.. note:: + + Mailing list: `https://groups.google.com/a/mozilla.org/g/dev-tech-crypto `__ + + Matrix/Element: `https://app.element.io/#/room/#nss:mozilla.org `__ + +.. + - View Mozilla Security forums... + + - `Mailing list `__ + - `Newsgroup `__ + - `RSS feed `__ + +.. _how_to_contribute: + +`How to Contribute <#how_to_contribute>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Start by opening a **Bugzilla** account at `bugzilla.mozilla.org `__ if you don't have one. + + ``NSS :: Libraries`` is the component for issues you'd like to work on. + We maintain a list of `NSS bugs marked with a keyword "good-first-bug" `__. + +.. _creating_your_patch: + +`Creating your Patch <#creating_your_patch>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + See our section on :ref:`mozilla_projects_nss_nss_sources_building_testing` to get started + making your patch. When you're satisfied with it, you'll need code review. + +.. _code_review: + +`Code Review <#code_review>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + `http://phabricator.services.mozilla.com/ `__ is our + code review tool, which uses your Bugzilla account. + + Use our `Phabricator user instructions `__ to upload patches for review. + Some items that will be evaluated during code review are `listed in checklist form on + Github. `__ + + After passing review, your patch can be landed by a member of the NSS team. Note that we don't land code that isn't both reviewed and tested. + +.. warning:: + + Please reach out to the team before engaging in a lot of work to make ensure we are willing to accept your contributions. diff --git a/security/nss/doc/rst/getting_started.rst b/security/nss/doc/rst/getting_started.rst new file mode 100644 index 000000000000..a3e54f881ec5 --- /dev/null +++ b/security/nss/doc/rst/getting_started.rst @@ -0,0 +1,62 @@ +.. _mozilla_projects_nss_getting_started: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. + +Getting Started +=============== + +.. _how_to_get_involved_with_nss: + +`How to get involved with NSS <#how_to_get_involved_with_nss>`__ +---------------------------------------------------------------- + +.. container:: + + | Network Security Services (NSS) is a base library for cryptographic algorithms and secure + network protocols used by Mozilla software. + | Would you like to get involved and help us to improve the core security of Mozilla Firefox and + other applications that make use of NSS? We are looking forward to your contributions! + + .. + | We have a large list of tasks waiting for attention, and we are happy to assist you in + identifying areas that match your interest or skills. You can find us on `Mozilla + IRC `__ in + channel `#nss `__ or you could ask your questions on the + `mozilla.dev.tech.crypto `__ newsgroup. + + + The NSS library and its supporting command line tools are written in the C programming language. + Its build system and the automated tests are based on makefiles and bash scripts. + + Over time, many documents have been produced that describe various aspects of NSS. You can start + with: + + .. + - the current `primary NSS documentation page `__ + from which we link to other documentation. + - a `General Overview `__ of the + applications that use NSS and the features it provides. + - a high level :ref:`mozilla_projects_nss_an_overview_of_nss_internals`. + - learn about getting the :ref:`mozilla_projects_nss_nss_sources_building_testing` + - `Old documentation `__ that is on + the archived mozilla.org website. + +.. + .. _nss_sample_code: + + `NSS Sample Code <#nss_sample_code>`__ + -------------------------------------- + + .. container:: + + A good place to start learning how to write NSS applications are the command line tools that are + maintained by the NSS developers. You can find them in subdirectory mozilla/security/nss/cmd + + Or have a look at some basic :ref:`mozilla_projects_nss_nss_sample_code`. + + A new set of samples is currently under development and review, see `Create new NSS + samples `__. + + You are welcome to download the samples via: hg clone https://hg.mozilla.org/projects/nss; cd + nss; hg update SAMPLES_BRANCH diff --git a/security/nss/doc/rst/index.rst b/security/nss/doc/rst/index.rst index a4eba24ddfa4..a9e79947a7f2 100644 --- a/security/nss/doc/rst/index.rst +++ b/security/nss/doc/rst/index.rst @@ -1,182 +1,21 @@ .. _mozilla_projects_nss: -Network Security Services -========================= +Network Security Services (NSS) +=============================== .. toctree:: :maxdepth: 2 :glob: :hidden: - getting_started_with_nss/index.rst - introduction_to_network_security_services/index.rst + getting_started.rst + build_artifacts.rst + releases/index.rst + community.rst + more.rst More documentation .. warning:: This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. -`Documentation <#documentation>`__ ----------------------------------- - -.. container:: - - **Network Security Services** (**NSS**) is a set of libraries designed to support cross-platform - development of security-enabled client and server applications. Applications built with NSS can - support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and - other security standards. - - For detailed information on standards supported, see :ref:`mozilla_projects_nss_overview`. For a - list of frequently asked questions, see the :ref:`mozilla_projects_nss_faq`. - - NSS is available under the Mozilla Public License. For information on downloading NSS releases as - tar files, see :ref:`mozilla_projects_nss_nss_sources_building_testing`. - - If you're a developer and would like to contribute to NSS, you might want to read the documents - :ref:`mozilla_projects_nss_an_overview_of_nss_internals` and - :ref:`mozilla_projects_nss_getting_started_with_nss`. - - .. rubric:: Background Information - :name: Background_Information - - :ref:`mozilla_projects_nss_overview` - Provides a brief summary of NSS and its capabilities. - :ref:`mozilla_projects_nss_faq` - Answers basic questions about NSS. - `Introduction to Public-Key Cryptography `__ - Explains the basic concepts of public-key cryptography that underlie NSS. - `Introduction to SSL `__ - Introduces the SSL protocol, including information about cryptographic ciphers supported by - SSL and the steps involved in the SSL handshake. - - .. rubric:: Getting Started - :name: Getting_Started - - :ref:`mozilla_projects_nss_nss_releases` - This page contains information about the current and past releases of NSS. - :ref:`mozilla_projects_nss_nss_sources_building_testing` - Instructions on how to build NSS on the different supported platforms. - `Get Mozilla Source Code Using Mercurial `__ - Information about with working with Mercurial. - `Get Mozilla Source Code Using CVS (deprecated) `__ - Old deprecated CVS documentation. - - .. rubric:: NSS APIs - :name: NSS_APIs - - :ref:`mozilla_projects_nss_introduction_to_network_security_services` - Provides an overview of the NSS libraries and what you need to know to use them. - :ref:`mozilla_projects_nss_ssl_functions` - Summarizes the SSL APIs exported by the NSS shared libraries. - :ref:`mozilla_projects_nss_reference` - API used to invoke SSL operations. - :ref:`mozilla_projects_nss_nss_api_guidelines` - Explains how the libraries and code are organized, and guidelines for developing code (naming - conventions, error handling, thread safety, etc.) - :ref:`mozilla_projects_nss_nss_tech_notes` - Links to NSS technical notes, which provide latest information about new NSS features and - supplementary documentation for advanced topics in programming with NSS. - - .. rubric:: Tools, testing, and other technical details - :name: Tools_testing_and_other_technical_details - - :ref:`mozilla_projects_nss_building` - Describe how to check out and build NSS releases. - - :ref:`mozilla_projects_nss_nss_developer_tutorial` - How to make changes in NSS. Coding style, maintaining ABI compatibility. - - :ref:`mozilla_projects_nss_tools` - Tools for developing, debugging, and managing applications that use NSS. - :ref:`mozilla_projects_nss_nss_sample_code` - Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. - :ref:`mozilla_projects_nss_nss_third-party_code` - A list of third-party code included in the NSS library. - `NSS 3.2 Test Suite `__ - **Archived version.** Describes how to run the standard NSS tests. - `NSS Performance Reports `__ - **Archived version.** Links to performance reports for NSS 3.2 and later releases. - `Encryption Technologies Available in NSS 3.11 `__ - **Archived version.** Lists the cryptographic algorithms used by NSS 3.11. - `NSS 3.1 Loadable Root Certificates `__ - **Archived version.** Describes the scheme for loading root CA certificates. - `cert7.db `__ - **Archived version.** General format of the cert7.db database. - - .. rubric:: PKCS #11 information - :name: PKCS_11_information - - - :ref:`mozilla_projects_nss_pkcs11` - - :ref:`mozilla_projects_nss_pkcs11_implement` - - :ref:`mozilla_projects_nss_pkcs11_module_specs` - - :ref:`mozilla_projects_nss_pkcs11_faq` - - `Using the JAR Installation Manager to Install a PKCS #11 Cryptographic - Module `__ - - `PKCS #11 Conformance Testing - Archived - version `__ - - .. rubric:: CA certificates pre-loaded into NSS - :name: CA_certificates_pre-loaded_into_NSS - - - `Mozilla CA certificate policy `__ - - `List of pre-loaded CA certificates `__ - - - Consumers of this list must consider the trust bit setting for each included root - certificate. `More - Information `__, `Extracting - roots and their trust bits `__ - - .. rubric:: NSS is built on top of Netscape Portable Runtime (NSPR) - :name: NSS_is_built_on_top_of_Netscape_Portable_Runtime_NSPR - - `Netscape Portable Runtime `__ - NSPR project page. - `NSPR Reference `__ - NSPR API documentation. - - .. rubric:: Additional Information - :name: Additional_Information - - - `Using the window.crypto object from - JavaScript `__ - - :ref:`mozilla_projects_nss_http_delegation` - - :ref:`mozilla_projects_nss_tls_cipher_suite_discovery` - - :ref:`mozilla_projects_nss_certificate_download_specification` - - :ref:`mozilla_projects_nss_fips_mode_-_an_explanation` - - :ref:`mozilla_projects_nss_key_log_format` - - .. rubric:: Planning - :name: Planning - - Information on NSS planning can be found at `wiki.mozilla.org `__, - including: - - - `FIPS Validation `__ - - `NSS Roadmap page `__ - - `NSS Improvement - Project `__ - -.. _Community: - -Community -~~~~~~~~~ - -- View Mozilla Security forums... - -- `Mailing list `__ -- `Newsgroup `__ -- `RSS feed `__ - -- View Mozilla Cryptography forums... - -- `Mailing list `__ -- `Newsgroup `__ -- `RSS feed `__ - -.. _Related_Topics: - -Related Topics -~~~~~~~~~~~~~~ - -- `Security `__ - diff --git a/security/nss/doc/rst/more.rst b/security/nss/doc/rst/more.rst new file mode 100644 index 000000000000..1585a23977c8 --- /dev/null +++ b/security/nss/doc/rst/more.rst @@ -0,0 +1,153 @@ +.. _more_documentation: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. + It currently is very deprecated and likely incorrect or broken in many places. + +More Documentation +------------------ + +.. container:: + + **Network Security Services** (**NSS**) is a set of libraries designed to support cross-platform + development of security-enabled client and server applications. Applications built with NSS can + support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and + other security standards. + + For detailed information on standards supported, see :ref:`mozilla_projects_nss_overview`. For a + list of frequently asked questions, see the :ref:`mozilla_projects_nss_faq`. + + NSS is available under the Mozilla Public License. For information on downloading NSS releases as + tar files, see :ref:`mozilla_projects_nss_nss_sources_building_testing`. + + If you're a developer and would like to contribute to NSS, you might want to read the documents + :ref:`mozilla_projects_nss_an_overview_of_nss_internals` and + :ref:`mozilla_projects_nss_getting_started_with_nss`. + + .. rubric:: Background Information + :name: Background_Information + + :ref:`mozilla_projects_nss_overview` + Provides a brief summary of NSS and its capabilities. + :ref:`mozilla_projects_nss_faq` + Answers basic questions about NSS. + `Introduction to Public-Key Cryptography `__ + Explains the basic concepts of public-key cryptography that underlie NSS. + `Introduction to SSL `__ + Introduces the SSL protocol, including information about cryptographic ciphers supported by + SSL and the steps involved in the SSL handshake. + + .. rubric:: Getting Started + :name: Getting_Started + + :ref:`mozilla_projects_nss_nss_releases` + This page contains information about the current and past releases of NSS. + :ref:`mozilla_projects_nss_nss_sources_building_testing` + Instructions on how to build NSS on the different supported platforms. + `Get Mozilla Source Code Using Mercurial `__ + Information about with working with Mercurial. + `Get Mozilla Source Code Using CVS (deprecated) `__ + Old deprecated CVS documentation. + + .. rubric:: NSS APIs + :name: NSS_APIs + + :ref:`mozilla_projects_nss_introduction_to_network_security_services` + Provides an overview of the NSS libraries and what you need to know to use them. + :ref:`mozilla_projects_nss_ssl_functions` + Summarizes the SSL APIs exported by the NSS shared libraries. + :ref:`mozilla_projects_nss_reference` + API used to invoke SSL operations. + :ref:`mozilla_projects_nss_nss_api_guidelines` + Explains how the libraries and code are organized, and guidelines for developing code (naming + conventions, error handling, thread safety, etc.) + :ref:`mozilla_projects_nss_nss_tech_notes` + Links to NSS technical notes, which provide latest information about new NSS features and + supplementary documentation for advanced topics in programming with NSS. + + .. rubric:: Tools, testing, and other technical details + :name: Tools_testing_and_other_technical_details + + :ref:`mozilla_projects_nss_building` + Describe how to check out and build NSS releases. + + :ref:`mozilla_projects_nss_nss_developer_tutorial` + How to make changes in NSS. Coding style, maintaining ABI compatibility. + + :ref:`mozilla_projects_nss_tools` + Tools for developing, debugging, and managing applications that use NSS. + :ref:`mozilla_projects_nss_nss_sample_code` + Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. + :ref:`mozilla_projects_nss_nss_third-party_code` + A list of third-party code included in the NSS library. + `NSS 3.2 Test Suite `__ + **Archived version.** Describes how to run the standard NSS tests. + `NSS Performance Reports `__ + **Archived version.** Links to performance reports for NSS 3.2 and later releases. + `Encryption Technologies Available in NSS 3.11 `__ + **Archived version.** Lists the cryptographic algorithms used by NSS 3.11. + `NSS 3.1 Loadable Root Certificates `__ + **Archived version.** Describes the scheme for loading root CA certificates. + `cert7.db `__ + **Archived version.** General format of the cert7.db database. + + .. rubric:: PKCS #11 information + :name: PKCS_11_information + + - :ref:`mozilla_projects_nss_pkcs11` + - :ref:`mozilla_projects_nss_pkcs11_implement` + - :ref:`mozilla_projects_nss_pkcs11_module_specs` + - :ref:`mozilla_projects_nss_pkcs11_faq` + - `Using the JAR Installation Manager to Install a PKCS #11 Cryptographic + Module `__ + - `PKCS #11 Conformance Testing - Archived + version `__ + + .. rubric:: CA certificates pre-loaded into NSS + :name: CA_certificates_pre-loaded_into_NSS + + - `Mozilla CA certificate policy `__ + - `List of pre-loaded CA certificates `__ + + - Consumers of this list must consider the trust bit setting for each included root + certificate. `More + Information `__, `Extracting + roots and their trust bits `__ + + .. rubric:: NSS is built on top of Netscape Portable Runtime (NSPR) + :name: NSS_is_built_on_top_of_Netscape_Portable_Runtime_NSPR + + `Netscape Portable Runtime `__ + NSPR project page. + `NSPR Reference `__ + NSPR API documentation. + + .. rubric:: Additional Information + :name: Additional_Information + + - `Using the window.crypto object from + JavaScript `__ + - :ref:`mozilla_projects_nss_http_delegation` + - :ref:`mozilla_projects_nss_tls_cipher_suite_discovery` + - :ref:`mozilla_projects_nss_certificate_download_specification` + - :ref:`mozilla_projects_nss_fips_mode_-_an_explanation` + - :ref:`mozilla_projects_nss_key_log_format` + + .. rubric:: Planning + :name: Planning + + Information on NSS planning can be found at `wiki.mozilla.org `__, + including: + + - `FIPS Validation `__ + - `NSS Roadmap page `__ + - `NSS Improvement + Project `__ + +.. _Related_Topics: + +Related Topics +~~~~~~~~~~~~~~ + +- `Security `__ + diff --git a/security/nss/doc/rst/releases/index.rst b/security/nss/doc/rst/releases/index.rst new file mode 100644 index 000000000000..03b849ed4557 --- /dev/null +++ b/security/nss/doc/rst/releases/index.rst @@ -0,0 +1,37 @@ +.. _mozilla_projects_nss_releases: + +Releases +======== + +.. toctree:: + :maxdepth: 0 + :glob: + :hidden: + + nss_3_68.rst + nss_3_67.rst + nss_3_66.rst + nss_3_65.rst + nss_3_64.rst + +.. note:: + + **NSS 3.68** is the latest version of NSS. + + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_release_notes` + +.. container:: + + Changes included in this release: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. diff --git a/security/nss/doc/rst/releases/nss_3_64.rst b/security/nss/doc/rst/releases/nss_3_64.rst new file mode 100644 index 000000000000..a3c605e4ccce --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_64.rst @@ -0,0 +1,69 @@ +.. _mozilla_projects_nss_nss_3_64_release_notes: + +NSS 3.64 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.64 was released on **15 April 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_64_RTM. NSS 3.64 requires NSPR 4.30 or newer. + + NSS 3.64 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_64_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_nss_releases`. + +.. _bugs_fixed_in_nss_3.64: + +`Bugs fixed in NSS 3.64 <#bugs_fixed_in_nss_3.64>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1705286 - Properly detect mips64. + - Bug 1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. + - Bug 1698320 - replace \__builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. + - Bug 1613235 - Add POWER ChaCha20 stream cipher vector acceleration. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.64 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.64 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) \ No newline at end of file diff --git a/security/nss/doc/rst/releases/nss_3_65.rst b/security/nss/doc/rst/releases/nss_3_65.rst new file mode 100644 index 000000000000..93754b87b032 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_65.rst @@ -0,0 +1,77 @@ +.. _mozilla_projects_nss_nss_3_65_release_notes: + +NSS 3.65 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.65 was released on **13 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_65_RTM. NSS 3.65 requires NSPR 4.30 or newer. + + NSS 3.65 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_65_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.65: + +`Bugs fixed in NSS 3.65 <#bugs_fixed_in_nss_3.65>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.65 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.65 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + Due to some changes in the Firefox release cycle, NSS 3.67 has yet to be added + to the NSS release schedule (3.66 is not affected). I will announce the date to + this list once defined. + + Best, + Benjamin diff --git a/security/nss/doc/rst/releases/nss_3_66.rst b/security/nss/doc/rst/releases/nss_3_66.rst new file mode 100644 index 000000000000..f4a93a7f301c --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_66.rst @@ -0,0 +1,79 @@ +.. _mozilla_projects_nss_nss_3_66_release_notes: + +NSS 3.66 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.66 was released on **27 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_66_RTM. NSS 3.66 requires NSPR 4.30 or newer. + + NSS 3.66 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_66_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.66: + +`Bugs fixed in NSS 3.66 <#bugs_fixed_in_nss_3.66>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1710716 - Remove Expired Sonera Class2 CA from NSS. + - Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. + - Bug 1708307 - Remove Trustis FPS Root CA from NSS. + - Bug 1707097 - Add Certum Trusted Root CA to NSS. + - Bug 1707097 - Add Certum EC-384 CA to NSS. + - Bug 1703942 - Add ANF Secure Server Root CA to NSS. + - Bug 1697071 - Add GLOBALTRUST 2020 root cert to NSS. + - Bug 1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. + - Bug 1712230 - Don't build ppc-gcm.s with clang integrated assembler. + - Bug 1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. + - Bug 1710773 - NSS needs FIPS 180-3 FIPS indicators. + - Bug 1709291 - Add VerifyCodeSigningCertificateChain. + - Use GNU tar for the release helper script. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.66 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.66 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + To realign the NSS and Firefox release schedules, the next cycle for + NSS 3.67 will be very short and the release happen on June 10th. + https://wiki.mozilla.org/NSS:Release_Versions + + Bug 1712230 introduced a correctness issue for GCM on ppcle64, the fix will + be part of NSS 3.67. diff --git a/security/nss/doc/rst/releases/nss_3_67.rst b/security/nss/doc/rst/releases/nss_3_67.rst new file mode 100644 index 000000000000..65c63bb257a8 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_67.rst @@ -0,0 +1,70 @@ +.. _mozilla_projects_nss_nss_3_67_release_notes: + +NSS 3.67 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.67 was released on **10 June 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_67_RTM. NSS 3.67 requires NSPR 4.30 or newer. + + NSS 3.67 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_67_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.67: + +`Bugs fixed in NSS 3.67 <#bugs_fixed_in_nss_3.67>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1683710 - Add a means to disable ALPN. + - Bug 1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). + - Bug 1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. + - Bug 1566124 - Fix counter increase in ppc-gcm-wrap.c + - Bug 1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.67 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.67 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) diff --git a/security/nss/doc/rst/releases/nss_3_68.rst b/security/nss/doc/rst/releases/nss_3_68.rst new file mode 100644 index 000000000000..b98786b55e98 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68.rst @@ -0,0 +1,61 @@ +.. _mozilla_projects_nss_nss_3_68_release_notes: + +NSS 3.68 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68 was released on **8 July 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer. + + NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.68: + +`Bugs fixed in NSS 3.68 <#bugs_fixed_in_nss_3.68>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1713562 - Fix test leak. + - Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. + - Bug 1693206 - Implement PKCS8 export of ECDSA keys. + - Bug 1712883 - DTLS 1.3 draft-43. + - Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension. + - Bug 1713562 - Validate ECH public names. + - Bug 1717610 - Add function to get seconds from epoch from pkix::Time. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.68 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). diff --git a/security/nss/gtests/ssl_gtest/nss_policy.h b/security/nss/gtests/ssl_gtest/nss_policy.h new file mode 100644 index 000000000000..65c93f0d10b8 --- /dev/null +++ b/security/nss/gtests/ssl_gtest/nss_policy.h @@ -0,0 +1,78 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nss_policy_h_ +#define nss_policy_h_ + +#include "prtypes.h" +#include "secoid.h" + +namespace nss_test { + +// container class to hold all a temp policy +class NssPolicy { + public: + NssPolicy() : oid_(SEC_OID_UNKNOWN), set_(0), clear_(0) {} + NssPolicy(SECOidTag _oid, PRUint32 _set, PRUint32 _clear) + : oid_(_oid), set_(_set), clear_(_clear) {} + NssPolicy(const NssPolicy &p) + : oid_(p.oid_), set_(p.set_), clear_(p.clear_) {} + // clone the current policy for this oid + NssPolicy(SECOidTag _oid) : oid_(_oid), set_(0), clear_(0) { + NSS_GetAlgorithmPolicy(_oid, &set_); + clear_ = ~set_; + } + SECOidTag oid(void) const { return oid_; } + PRUint32 set(void) const { return set_; } + PRUint32 clear(void) const { return clear_; } + operator bool() const { return oid_ != SEC_OID_UNKNOWN; } + + private: + SECOidTag oid_; + PRUint32 set_; + PRUint32 clear_; +}; + +// set the policy indicated in NssPolicy and restor the old policy +// when we go out of scope +class NssManagePolicy { + public: + NssManagePolicy(const NssPolicy &p) : policy_(p), current_(~(PRUint32)0) { + if (p) { + (void)NSS_GetAlgorithmPolicy(p.oid(), ¤t_); + (void)NSS_SetAlgorithmPolicy(p.oid(), p.set(), p.clear()); + } + } + ~NssManagePolicy() { + if (policy_) { + (void)NSS_SetAlgorithmPolicy(policy_.oid(), current_, ~current_); + } + } + + private: + NssPolicy policy_; + PRUint32 current_; +}; + +// wrapping PRFileDesc this way ensures that tests that attempt to access +// PRFileDesc always correctly apply +// the policy that was bound to that socket with TlsAgent::SetPolicy(). +class NssManagedFileDesc { + public: + NssManagedFileDesc(PRFileDesc *fd, const NssPolicy &policy) + : fd_(fd), managed_policy_(policy) {} + PRFileDesc *get(void) const { return fd_; } + operator PRFileDesc *() const { return fd_; } + bool operator==(PRFileDesc *fd) const { return fd_ == fd; } + + private: + PRFileDesc *fd_; + NssManagePolicy managed_policy_; +}; + +} // namespace nss_test + +#endif diff --git a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc index 8bbb1e38f6b2..adb4424c1b77 100644 --- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc @@ -1798,6 +1798,165 @@ TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) { CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_, signature_scheme_); } +class Tls12CertificateRequestReplacer : public TlsHandshakeFilter { + public: + Tls12CertificateRequestReplacer(const std::shared_ptr& a, + SSLSignatureScheme scheme) + : TlsHandshakeFilter(a, {kTlsHandshakeCertificateRequest}), + scheme_(scheme) {} + + virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) { + uint32_t offset = 0; + + if (header.handshake_type() != ssl_hs_certificate_request) { + return KEEP; + } + + *output = input; + + uint32_t types_len = 0; + if (!output->Read(offset, 1, &types_len)) { + ADD_FAILURE(); + return KEEP; + } + offset += 1 + types_len; + uint32_t scheme_len = 0; + if (!output->Read(offset, 2, &scheme_len)) { + ADD_FAILURE(); + return KEEP; + } + DataBuffer schemes; + schemes.Write(0, 2, 2); + schemes.Write(2, scheme_, 2); + output->Write(offset, 2, schemes.len()); + output->Splice(schemes, offset + 2, scheme_len); + + return CHANGE; + } + + private: + SSLSignatureScheme scheme_; +}; + +// +// Test how policy interacts with client auth connections +// + +// TLS/DTLS version algorithm policy +typedef std::tuple + PolicySignatureSchemeProfile; + +// Only TLS 1.2 handles client auth schemes inside +// the certificate request packet, so our failure tests for +// those kinds of connections only occur here. +class TlsConnectAuthWithPolicyTls12 + : public TlsConnectTestBase, + public ::testing::WithParamInterface { + public: + TlsConnectAuthWithPolicyTls12() + : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) { + alg_ = std::get<2>(GetParam()); + policy_ = std::get<3>(GetParam()); + // use the algorithm to select which single scheme to deploy + // We use these schemes to force servers sending schemes the client + // didn't advertise to make sure the client will still filter these + // by policy and detect that no valid schemes were presented, rather + // than sending an empty client auth message. + switch (alg_) { + case SEC_OID_SHA256: + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + scheme_ = ssl_sig_rsa_pss_pss_sha256; + break; + case SEC_OID_PKCS1_RSA_ENCRYPTION: + scheme_ = ssl_sig_rsa_pkcs1_sha256; + break; + case SEC_OID_ANSIX962_EC_PUBLIC_KEY: + scheme_ = ssl_sig_ecdsa_secp256r1_sha256; + break; + default: + ADD_FAILURE() << "need to update algorithm table in " + "TlsConnectAuthWithPolicyTls12"; + scheme_ = ssl_sig_none; + break; + } + } + + protected: + SECOidTag alg_; + PRUint32 policy_; + SSLSignatureScheme scheme_; +}; + +// Only TLS 1.2 and greater looks at schemes extensions on client auth +class TlsConnectAuthWithPolicyTls12Plus + : public TlsConnectTestBase, + public ::testing::WithParamInterface { + public: + TlsConnectAuthWithPolicyTls12Plus() + : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) { + alg_ = std::get<2>(GetParam()); + policy_ = std::get<3>(GetParam()); + } + + protected: + SECOidTag alg_; + PRUint32 policy_; +}; + +// make sure we can turn single algorithms off by policy an still connect +// this is basically testing that we are properly filtering our schemes +// by policy before communicating them to the server, and that the +// server is respecting our choices +TEST_P(TlsConnectAuthWithPolicyTls12Plus, PolicySuccessTest) { + // in TLS 1.3, RSA PKCS1 is restricted. If we are also + // restricting RSA PSS by policy, we can't use the default + // RSA certificate as the server cert, switch to ECDSA + if ((version_ >= SSL_LIBRARY_VERSION_TLS_1_3) && + (alg_ == SEC_OID_PKCS1_RSA_PSS_SIGNATURE)) { + Reset(TlsAgent::kServerEcdsa256); + } + client_->SetPolicy(alg_, 0, policy_); // Disable policy for client + client_->SetupClientAuth(); + server_->RequestClientAuth(false); + Connect(); +} + +// make sure we fail if the server ignores our policy preference and +// requests client auth with a scheme we don't support +TEST_P(TlsConnectAuthWithPolicyTls12, PolicyFailureTest) { + client_->SetPolicy(alg_, 0, policy_); + client_->SetupClientAuth(); + server_->RequestClientAuth(false); + MakeTlsFilter(server_, scheme_); + ConnectExpectAlert(client_, kTlsAlertHandshakeFailure); + client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT); +} + +INSTANTIATE_TEST_SUITE_P( + SignaturesWithPolicyFail, TlsConnectAuthWithPolicyTls12, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, + TlsConnectTestBase::kTlsV12, + ::testing::Values(SEC_OID_SHA256, + SEC_OID_PKCS1_RSA_PSS_SIGNATURE, + SEC_OID_PKCS1_RSA_ENCRYPTION, + SEC_OID_ANSIX962_EC_PUBLIC_KEY), + ::testing::Values(NSS_USE_ALG_IN_SSL_KX, + NSS_USE_ALG_IN_ANY_SIGNATURE))); + +INSTANTIATE_TEST_SUITE_P( + SignaturesWithPolicySuccess, TlsConnectAuthWithPolicyTls12Plus, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, + TlsConnectTestBase::kTlsV12Plus, + ::testing::Values(SEC_OID_SHA256, + SEC_OID_PKCS1_RSA_PSS_SIGNATURE, + SEC_OID_PKCS1_RSA_ENCRYPTION, + SEC_OID_ANSIX962_EC_PUBLIC_KEY), + ::testing::Values(NSS_USE_ALG_IN_SSL_KX, + NSS_USE_ALG_IN_ANY_SIGNATURE))); + INSTANTIATE_TEST_SUITE_P( SignatureSchemeRsa, TlsSignatureSchemeConfiguration, ::testing::Combine( diff --git a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc index 418ef6134a6c..c95554d17e4a 100644 --- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc @@ -430,7 +430,10 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsBadLength) { } TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) { - const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00}; // sha-256, rsa + // make sure the test uses an algorithm that is legal for + // tls 1.3 (or tls 1.3 will throw a handshake failure alert + // instead of a decode error alert) + const uint8_t val[] = {0x00, 0x02, 0x08, 0x09, 0x00}; // sha-256, rsa-pss-pss DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(std::make_shared( client_, ssl_signature_algorithms_xtn, extension)); @@ -1131,6 +1134,15 @@ TEST_P(TlsExtensionTest13, OddVersionList) { ConnectWithBogusVersionList(kExt, sizeof(kExt)); } +TEST_P(TlsExtensionTest13, SignatureAlgorithmsInvalidTls13) { + // testing the case where we ask for a invalid parameter for tls13 + const uint8_t val[] = {0x00, 0x02, 0x04, 0x01}; // sha-256, rsa-pkcs1 + DataBuffer extension(val, sizeof(val)); + ClientHelloErrorTest(std::make_shared( + client_, ssl_signature_algorithms_xtn, extension), + kTlsAlertHandshakeFailure); +} + // Use the stream version number for TLS 1.3 (0x0304) in DTLS. TEST_F(TlsConnectDatagram13, TlsVersionInDtls) { static const uint8_t kExt[] = {0x02, 0x03, 0x04}; diff --git a/security/nss/gtests/ssl_gtest/tls_agent.cc b/security/nss/gtests/ssl_gtest/tls_agent.cc index 43a953bec421..86990f372a2d 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.cc +++ b/security/nss/gtests/ssl_gtest/tls_agent.cc @@ -93,7 +93,8 @@ TlsAgent::TlsAgent(const std::string& nm, Role rl, SSLProtocolVariant var) auth_certificate_callback_(), sni_callback_(), skip_version_checks_(false), - resumption_token_() { + resumption_token_(), + policy_() { memset(&info_, 0, sizeof(info_)); memset(&csinfo_, 0, sizeof(csinfo_)); SECStatus rv = SSL_VersionRangeGetDefault(variant_, &vrange_); @@ -227,6 +228,7 @@ bool TlsAgent::ConfigServerCert(const std::string& id, bool updateKeyBits, bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) { // Don't set up twice if (ssl_fd_) return true; + NssManagePolicy policyManage(policy_); ScopedPRFileDesc dummy_fd(adapter_->CreateFD()); EXPECT_NE(nullptr, dummy_fd); @@ -319,7 +321,7 @@ bool TlsAgent::MaybeSetResumptionToken() { } void TlsAgent::SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx) { - EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(ssl_fd_.get(), ctx.get())); + EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(ssl_fd(), ctx.get())); } void TlsAgent::SetupClientAuth() { @@ -869,8 +871,8 @@ void TlsAgent::ResetPreliminaryInfo() { } void TlsAgent::UpdatePreliminaryChannelInfo() { - SECStatus rv = SSL_GetPreliminaryChannelInfo(ssl_fd_.get(), &pre_info_, - sizeof(pre_info_)); + SECStatus rv = + SSL_GetPreliminaryChannelInfo(ssl_fd(), &pre_info_, sizeof(pre_info_)); EXPECT_EQ(SECSuccess, rv); EXPECT_EQ(sizeof(pre_info_), pre_info_.length); } diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h index 05470ba3d888..e9eeb4dd3f33 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.h +++ b/security/nss/gtests/ssl_gtest/tls_agent.h @@ -14,6 +14,7 @@ #include #include +#include "nss_policy.h" #include "test_io.h" #define GTEST_HAS_RTTI 0 @@ -231,7 +232,9 @@ class TlsAgent : public PollTarget { static const char* state_str(State state) { return states[state]; } - PRFileDesc* ssl_fd() const { return ssl_fd_.get(); } + NssManagedFileDesc ssl_fd() const { + return NssManagedFileDesc(ssl_fd_.get(), policy_); + } std::shared_ptr& adapter() { return adapter_; } const SSLChannelInfo& info() const { @@ -307,6 +310,10 @@ class TlsAgent : public PollTarget { void ExpectSendAlert(uint8_t alert, uint8_t level = 0); std::string alpn_value_to_use_ = ""; + // set the given policy before this agent runs + void SetPolicy(SECOidTag oid, PRUint32 set, PRUint32 clear) { + policy_ = NssPolicy(oid, set, clear); + } private: const static char* states[]; @@ -453,6 +460,7 @@ class TlsAgent : public PollTarget { SniCallbackFunction sni_callback_; bool skip_version_checks_; std::vector resumption_token_; + NssPolicy policy_; }; inline std::ostream& operator<<(std::ostream& stream, diff --git a/security/nss/gtests/ssl_gtest/tls_connect.cc b/security/nss/gtests/ssl_gtest/tls_connect.cc index 4dd0a003484e..b2fd31f8e579 100644 --- a/security/nss/gtests/ssl_gtest/tls_connect.cc +++ b/security/nss/gtests/ssl_gtest/tls_connect.cc @@ -379,10 +379,10 @@ void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected, } void TlsConnectTestBase::EnsureTlsSetup() { - EXPECT_TRUE(server_->EnsureTlsSetup(server_model_ ? server_model_->ssl_fd() - : nullptr)); - EXPECT_TRUE(client_->EnsureTlsSetup(client_model_ ? client_model_->ssl_fd() - : nullptr)); + EXPECT_TRUE(server_->EnsureTlsSetup( + server_model_ ? server_model_->ssl_fd().get() : nullptr)); + EXPECT_TRUE(client_->EnsureTlsSetup( + client_model_ ? client_model_->ssl_fd().get() : nullptr)); server_->SetAntiReplayContext(anti_replay_); EXPECT_EQ(SECSuccess, SSL_SetTimeFunc(client_->ssl_fd(), TlsConnectTestBase::TimeFunc, &now_)); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index a3f0a776e8c3..f2c3a218b6de 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -73,6 +73,8 @@ PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme); static SECStatus ssl3_UpdateDefaultHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l); +const PRUint32 kSSLSigSchemePolicy = + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_ANY_SIGNATURE; const PRUint8 ssl_hello_retry_random[] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, @@ -784,6 +786,41 @@ ssl_HasCert(const sslSocket *ss, PRUint16 maxVersion, SSLAuthType authType) return PR_FALSE; } +/* return true if the scheme is allowed by policy, This prevents + * failures later when our actual signatures are rejected by + * policy by either ssl code, or lower level NSS code */ +static PRBool +ssl_SchemePolicyOK(SSLSignatureScheme scheme, PRUint32 require) +{ + /* Hash policy. */ + PRUint32 policy; + SECOidTag hashOID = ssl3_HashTypeToOID(ssl_SignatureSchemeToHashType(scheme)); + SECOidTag sigOID; + + /* policy bits needed to enable a SignatureScheme */ + SECStatus rv = NSS_GetAlgorithmPolicy(hashOID, &policy); + if (rv == SECSuccess && + (policy & require) != require) { + return PR_FALSE; + } + + /* ssl_SignatureSchemeToAuthType reports rsa for rsa_pss_rsae, but we + * actually implement pss signatures when we sign, so just use RSA_PSS + * for all RSA PSS Siganture schemes */ + if (ssl_IsRsaPssSignatureScheme(scheme)) { + sigOID = SEC_OID_PKCS1_RSA_PSS_SIGNATURE; + } else { + sigOID = ssl3_AuthTypeToOID(ssl_SignatureSchemeToAuthType(scheme)); + } + /* Signature Policy. */ + rv = NSS_GetAlgorithmPolicy(sigOID, &policy); + if (rv == SECSuccess && + (policy & require) != require) { + return PR_FALSE; + } + return PR_TRUE; +} + /* Check that a signature scheme is accepted. * Both by policy and by having a token that supports it. */ static PRBool @@ -809,23 +846,9 @@ ssl_SignatureSchemeAccepted(PRUint16 minVersion, if (minVersion >= SSL_LIBRARY_VERSION_TLS_1_3) { return PR_FALSE; } - PRUint32 dsaPolicy; - SECStatus rv = NSS_GetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, - &dsaPolicy); - if (rv == SECSuccess && (dsaPolicy & NSS_USE_ALG_IN_SSL_KX) == 0) { - return PR_FALSE; - } } - /* Hash policy. */ - PRUint32 hashPolicy; - SSLHashType hashType = ssl_SignatureSchemeToHashType(scheme); - SECOidTag hashOID = ssl3_HashTypeToOID(hashType); - SECStatus rv = NSS_GetAlgorithmPolicy(hashOID, &hashPolicy); - if (rv == SECSuccess && (hashPolicy & NSS_USE_ALG_IN_SSL_KX) == 0) { - return PR_FALSE; - } - return PR_TRUE; + return ssl_SchemePolicyOK(scheme, kSSLSigSchemePolicy); } static SECStatus @@ -4237,6 +4260,26 @@ ssl3_HashTypeToOID(SSLHashType hashType) return SEC_OID_UNKNOWN; } +SECOidTag +ssl3_AuthTypeToOID(SSLAuthType authType) +{ + switch (authType) { + case ssl_auth_rsa_sign: + return SEC_OID_PKCS1_RSA_ENCRYPTION; + case ssl_auth_rsa_pss: + return SEC_OID_PKCS1_RSA_PSS_SIGNATURE; + case ssl_auth_ecdsa: + return SEC_OID_ANSIX962_EC_PUBLIC_KEY; + case ssl_auth_dsa: + return SEC_OID_ANSIX9_DSA_SIGNATURE; + default: + break; + } + /* shouldn't ever get there */ + PORT_Assert(0); + return SEC_OID_UNKNOWN; +} + SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme) { @@ -4277,37 +4320,15 @@ ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme) static PRBool ssl_SignatureSchemeMatchesSpkiOid(SSLSignatureScheme scheme, SECOidTag spkiOid) { - switch (scheme) { - case ssl_sig_rsa_pkcs1_sha256: - case ssl_sig_rsa_pkcs1_sha384: - case ssl_sig_rsa_pkcs1_sha512: - case ssl_sig_rsa_pkcs1_sha1: - case ssl_sig_rsa_pss_rsae_sha256: - case ssl_sig_rsa_pss_rsae_sha384: - case ssl_sig_rsa_pss_rsae_sha512: - case ssl_sig_rsa_pkcs1_sha1md5: - return (spkiOid == SEC_OID_X500_RSA_ENCRYPTION) || - (spkiOid == SEC_OID_PKCS1_RSA_ENCRYPTION); - case ssl_sig_rsa_pss_pss_sha256: - case ssl_sig_rsa_pss_pss_sha384: - case ssl_sig_rsa_pss_pss_sha512: - return spkiOid == SEC_OID_PKCS1_RSA_PSS_SIGNATURE; - case ssl_sig_ecdsa_secp256r1_sha256: - case ssl_sig_ecdsa_secp384r1_sha384: - case ssl_sig_ecdsa_secp521r1_sha512: - case ssl_sig_ecdsa_sha1: - return spkiOid == SEC_OID_ANSIX962_EC_PUBLIC_KEY; - case ssl_sig_dsa_sha256: - case ssl_sig_dsa_sha384: - case ssl_sig_dsa_sha512: - case ssl_sig_dsa_sha1: - return spkiOid == SEC_OID_ANSIX9_DSA_SIGNATURE; - case ssl_sig_none: - case ssl_sig_ed25519: - case ssl_sig_ed448: - break; + SECOidTag authOid = ssl3_AuthTypeToOID(ssl_SignatureSchemeToAuthType(scheme)); + + if (spkiOid == authOid) { + return PR_TRUE; + } + if ((authOid == SEC_OID_PKCS1_RSA_ENCRYPTION) && + (spkiOid == SEC_OID_X500_RSA_ENCRYPTION)) { + return PR_TRUE; } - PORT_Assert(0); return PR_FALSE; } @@ -4319,7 +4340,11 @@ ssl_SignatureSchemeValid(SSLSignatureScheme scheme, SECOidTag spkiOid, if (!ssl_IsSupportedSignatureScheme(scheme)) { return PR_FALSE; } - if (!ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { + /* if we are purposefully passed SEC_OID_UNKNOWN, it means + * we not checking the scheme against a potential key, so skip + * the call */ + if ((spkiOid != SEC_OID_UNKNOWN) && + !ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { return PR_FALSE; } if (isTls13) { @@ -4517,7 +4542,8 @@ ssl_CheckSignatureSchemeConsistency(sslSocket *ss, SSLSignatureScheme scheme, } /* Verify that the signature scheme matches the signing key. */ - if (!ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { + if ((spkiOid == SEC_OID_UNKNOWN) || + !ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); return SECFailure; } @@ -4552,7 +4578,8 @@ ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme) case ssl_sig_dsa_sha384: case ssl_sig_dsa_sha512: case ssl_sig_ecdsa_sha1: - return PR_TRUE; + return ssl_SchemePolicyOK(scheme, kSSLSigSchemePolicy); + break; case ssl_sig_rsa_pkcs1_sha1md5: case ssl_sig_none: @@ -4677,9 +4704,10 @@ ssl_ConsumeSignatureScheme(sslSocket *ss, PRUint8 **b, rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, b, length); if (rv != SECSuccess) { - return SECFailure; /* Error code set already. */ + return SECFailure; /* Alert sent, Error code set already. */ } if (!ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { + SSL3_SendAlert(ss, alert_fatal, illegal_parameter); PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); return SECFailure; } @@ -6436,8 +6464,6 @@ ssl_CanUseSignatureScheme(SSLSignatureScheme scheme, PRBool slotDoesPss) { SSLHashType hashType; - SECOidTag hashOID; - PRUint32 policy; unsigned int i; /* Skip RSA-PSS schemes when the certificate's private key slot does @@ -6446,20 +6472,12 @@ ssl_CanUseSignatureScheme(SSLSignatureScheme scheme, return PR_FALSE; } - if (ssl_IsDsaSignatureScheme(scheme) && - (NSS_GetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, &policy) == - SECSuccess) && - !(policy & NSS_USE_ALG_IN_SSL_KX)) { - return PR_FALSE; - } - hashType = ssl_SignatureSchemeToHashType(scheme); if (requireSha1 && (hashType != ssl_hash_sha1)) { return PR_FALSE; } - hashOID = ssl3_HashTypeToOID(hashType); - if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) && - !(policy & NSS_USE_ALG_IN_SSL_KX)) { + + if (!ssl_SchemePolicyOK(scheme, kSSLSigSchemePolicy)) { return PR_FALSE; } @@ -6533,6 +6551,9 @@ ssl_PickSignatureScheme(sslSocket *ss, } spkiOid = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm); + if (spkiOid == SEC_OID_UNKNOWN) { + return SECFailure; + } /* Now we have to search based on the key type. Go through our preferred * schemes in order and find the first that can be used. */ @@ -7430,7 +7451,7 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); if (rv != SECSuccess) { - goto alert_loser; /* malformed or unsupported. */ + goto loser; /* alert already sent */ } rv = ssl_CheckSignatureSchemeConsistency( ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); @@ -7700,7 +7721,9 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena, PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } - if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { + if (ssl_SignatureSchemeValid((SSLSignatureScheme)tmp, SEC_OID_UNKNOWN, + (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3)) { + ; schemes[numSupported++] = (SSLSignatureScheme)tmp; } } @@ -10286,7 +10309,10 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length) PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_record); rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); if (rv != SECSuccess) { - goto loser; /* malformed or unsupported. */ + if (PORT_GetError() == SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM) { + errCode = SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM; + } + goto loser; /* alert already sent */ } rv = ssl_CheckSignatureSchemeConsistency( ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index f4264b8348e0..5fffebc860e5 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1783,6 +1783,7 @@ SECStatus ssl_PickSignatureScheme(sslSocket *ss, unsigned int peerSchemeCount, PRBool requireSha1); SECOidTag ssl3_HashTypeToOID(SSLHashType hashType); +SECOidTag ssl3_AuthTypeToOID(SSLAuthType hashType); SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme); SSLAuthType ssl_SignatureSchemeToAuthType(SSLSignatureScheme scheme);