From a1a5fc3aa9e795e95710060b44b2efd243213ffa Mon Sep 17 00:00:00 2001 From: Benjamin Beurdouche Date: Sat, 24 Jul 2021 17:26:14 +0000 Subject: [PATCH] Bug 1720464 - land NSS e9236397be13 UPGRADE_NSS_RELEASE, r=beurdouche ``` 2021-07-24 Benjamin Beurdouche * doc/rst/build_artifacts.rst, doc/rst/community.rst, doc/rst/getting_started.rst, doc/rst/index.rst, doc/rst/more.rst, doc/rst/releases/index.rst, doc/rst/releases/nss_3_64.rst, doc/rst/releases/nss_3_65.rst, doc/rst/releases/nss_3_66.rst, doc/rst/releases/nss_3_67.rst, doc/rst/releases/nss_3_68.rst: Documentation: update and release notes for NSS 3.64 to 3.68 [e9236397be13] [tip] 2021-07-20 Robert Relyea * gtests/ssl_gtest/nss_policy.h, gtests/ssl_gtest/ssl_auth_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h: Bug 1720235 SSL handling of signature algorithms ignores environmental invalid algorithms. Our QA is quite extensive on handling of alert corner cases. Our code that checks if a signature algorithm is supported ignores the role of policy. If SHA1 is turned off by policy, for instance, we only detect that late in the game. This shows up in our test cases as decrypt_alerts rather than illegal_parameter or handshake_error alerts. It also shows up in us apparently accepting a client auth request which only has invalid alerts. We also don't handle filtering out signature algorithms that are illegal in tls 13 mode. This patch not only fixes these issues, but also issues where we proposing signature algorithms in server mode that we don't support by policy. This patch includes: In gtests: 1) adding support for policy in ssl_gtests. Currently both the server an client will run with the same policy. The patch allows us to set policy on one and keeping the old policy on the other. 2) Update extension tests which failed in tls 1.3 because the patch now correctly rejects illegal tls 1.3 auth values. The test was updated to use a legal auth value in tls 1.3 (so we are correctly testing the format issue. 3) Update extension tests to handle the case where we try to use an illegal value for tls 1.3. 4) add tests to ssl_auth_unittests.cc to make sure we can properly connect even when several auth methods are turned off by policy (make sure we don't advertize them on the client side, and that the server doesn't select them when the client doesn't advertize them). 5) add tests to ssl_auth_unittests.cc to make sure we don't send empty client auth requests when the requester only sends invalid auth requests. patch itself: 1) The handling of policy checks for ssl schemes were scattered in various locations. I've consolidated them into a single function. That function now checks for NSS_ALG_USE_IN_ANY_SIGNATURE as if this is off by policy, we will fail if we try to use the algorithm in a signature in any case. NSS now supports policy on all signature algorithms, not just DSA, so we need to check the policy of all the algorithms. 2) to support the policy check on the signature algorithms, I added a new ssl_AuthTypeToOID, which also replaces our switch in checking if the SPKI matches our auth type. 3) ssl_SignatureSchemeValid now accepts an spkiOid of SEC_OID_UNKNOWN. To allow us to filter signature schemes based on version and policy restrictions before we try to select a certificate. This prevents us from sending empty client auth messages when we are presented with only invalid signature schemes. 4) We filter supported algorithms against policy early, preventing us from sending, or even setting invalid algorithms if they are turned off by policy. 5) ssl ConsumeSignatureScheme was handling alerts inconsistently. The Consume could send an allert in it's failure case, but the check of scheme validity wouldn't sent an alert. The collers were inconstent as well. Now ssl_ConsumeSignatureScheme always sends and alert on failure, and the callers do not. [c71bb1bedf7d] ``` Differential Revision: https://phabricator.services.mozilla.com/D120787 --- security/nss/TAG-INFO | 2 +- security/nss/coreconf/coreconf.dep | 1 - security/nss/doc/rst/build_artifacts.rst | 177 ++++++++++++++++++ security/nss/doc/rst/community.rst | 70 +++++++ security/nss/doc/rst/getting_started.rst | 62 ++++++ security/nss/doc/rst/index.rst | 175 +---------------- security/nss/doc/rst/more.rst | 153 +++++++++++++++ security/nss/doc/rst/releases/index.rst | 37 ++++ security/nss/doc/rst/releases/nss_3_64.rst | 69 +++++++ security/nss/doc/rst/releases/nss_3_65.rst | 77 ++++++++ security/nss/doc/rst/releases/nss_3_66.rst | 79 ++++++++ security/nss/doc/rst/releases/nss_3_67.rst | 70 +++++++ security/nss/doc/rst/releases/nss_3_68.rst | 61 ++++++ security/nss/gtests/ssl_gtest/nss_policy.h | 78 ++++++++ .../nss/gtests/ssl_gtest/ssl_auth_unittest.cc | 159 ++++++++++++++++ .../ssl_gtest/ssl_extension_unittest.cc | 14 +- security/nss/gtests/ssl_gtest/tls_agent.cc | 10 +- security/nss/gtests/ssl_gtest/tls_agent.h | 10 +- security/nss/gtests/ssl_gtest/tls_connect.cc | 8 +- security/nss/lib/ssl/ssl3con.c | 154 ++++++++------- security/nss/lib/ssl/sslimpl.h | 1 + 21 files changed, 1223 insertions(+), 244 deletions(-) create mode 100644 security/nss/doc/rst/build_artifacts.rst create mode 100644 security/nss/doc/rst/community.rst create mode 100644 security/nss/doc/rst/getting_started.rst create mode 100644 security/nss/doc/rst/more.rst create mode 100644 security/nss/doc/rst/releases/index.rst create mode 100644 security/nss/doc/rst/releases/nss_3_64.rst create mode 100644 security/nss/doc/rst/releases/nss_3_65.rst create mode 100644 security/nss/doc/rst/releases/nss_3_66.rst create mode 100644 security/nss/doc/rst/releases/nss_3_67.rst create mode 100644 security/nss/doc/rst/releases/nss_3_68.rst create mode 100644 security/nss/gtests/ssl_gtest/nss_policy.h diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 519bc2c84140..df8cdd60eb28 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -8f41147c2192 \ No newline at end of file +e9236397be13 \ No newline at end of file diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 590d1bfaeee3..5182f75552c8 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,4 +10,3 @@ */ #error "Do not include this header file." - diff --git a/security/nss/doc/rst/build_artifacts.rst b/security/nss/doc/rst/build_artifacts.rst new file mode 100644 index 000000000000..ba7a48bb57ad --- /dev/null +++ b/security/nss/doc/rst/build_artifacts.rst @@ -0,0 +1,177 @@ +.. _mozilla_projects_nss_build_artifacts: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. + +Build artifacts +=============== + +.. container:: + + **Network Security Services (NSS)** is a set of libraries designed to support cross-platform + development of communications applications that support TLS, S/MIME, and other Internet security + standards. For a general overview of NSS and the standards it supports, see + :ref:`mozilla_projects_nss_overview`. + +.. _shared_libraries: + +`Shared libraries <#shared_libraries>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Network Security Services provides both static libraries and shared libraries. Applications that + use the shared libraries must use only the APIs that they export. Three shared libraries export + public functions: + + - The SSL/TLS library supports core TLS operations. + - The S/MIME library supports core S/MIME operations. + - The freebl library supports core crypto operations. + +.. note:: + + We guarantee that applications using the exported APIs will remain compatible with future + versions of those libraries until deprecated. + +.. container:: + + .. + For a complete list of public functions exported by these shared + libraries in NSS 3.2, see :ref:`mozilla_projects_nss_reference_nss_functions`. + + .. + For information on which static libraries in NSS 3.1.1 are replaced by each of the above shared + libraries in NSS 3.2 , see `Migration from NSS + 3.1.1 `__. + + .. + Figure 1, below, shows a simplified view of the relationships among the three shared libraries + listed above and NSPR, which provides low-level cross platform support for operations such as + threading and I/O. (Note that NSPR is a separate Mozilla project; see `Netscape Portable + Runtime `__ for details.) + + .. image:: /en-US/docs/Mozilla/Projects/NSS/Introduction_to_Network_Security_Services/nss.gif + :alt: Diagram showing the relationships among core NSS libraries and NSPR. + :width: 429px + :height: 196px + +.. _naming_conventions_and_special_libraries: + +`Naming conventions <#naming_conventions_and_special_libraries>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Windows and Unix use different naming conventions for static and dynamic libraries: + + ======= ======== =============================== +   Windows Unix + static ``.lib`` ``.a`` + dynamic ``.dll`` ``.so`` or ``.dylib`` or ``.sl`` + ======= ======== =============================== + + In addition, Windows has "import" libraries that bind to dynamic libraries. So the NSS library + has the following forms: + + - ``libnss3.so`` - Linux shared library + - ``libnss3.dylib`` - MacOS shared library + - ``libnss3.sl`` - HP-UX shared library + - ``libnss.a`` - Unix static library + - ``nss3.dll`` - Windows shared library + - ``nss3.lib`` - Windows import library binding to ``nss3.dll`` + - ``nss.lib`` - Windows static library + + NSS, SSL, and S/MIME have all of the above forms. + + The following static libraries aren't included in any shared libraries + + - ``libcrmf.a``/``crmf.lib`` provides an API for CRMF operations. + - ``libjar.a``/``jar.lib`` provides an API for creating JAR files. + + The following static libraries are included only in external loadable PKCS #11 modules: + + - ``libnssckfw.a``/``nssckfw.lib`` provides an API for writing PKCS #11 modules. + - ``libswfci.a``/``swfci.lib`` provides support for software FORTEZZA. + + The following shared libraries are standalone loadable modules, not meant to be linked with + directly: + + - ``libfort.so``/``libfort.sl``/``fort32.dll`` provides support for hardware FORTEZZA. + - ``libswft.so``/``libswft.sl``/``swft32.dll`` provides support for software FORTEZZA. + - ``libnssckbi.so``/``libnssckbi.sl``/``nssckbi.dll`` defines the default set of trusted root + certificates. + +.. + .. _support_for_ilp32: + + `Support for ILP32 <#support_for_ilp32>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + In NSS 3.2 and later versions, there are two new shared libraries for the platforms HP-UX for + PARisc CPUs and Solaris for (Ultra)Sparc (not x86) CPUs. These HP and Solaris platforms allow + programs that use the ILP32 program model to run on both 32-bit CPUs and 64-bit CPUs. The two + libraries exist to provide optimal performance on each of the two types of CPUs. + + These two extra shared libraries are not supplied on any other platforms. The names of these + libraries are platform-dependent, as shown in the following table. + + ================================== ============================ ============================ + Platform for 32-bit CPUs for 64-bit CPUs + Solaris/Sparc ``libfreebl_pure32_3.so`` ``libfreebl_hybrid_3.so`` + HPUX/PARisc ``libfreebl_pure32_3.sl`` ``libfreebl_hybrid_3.sl`` + AIX (planned for a future release) ``libfreebl_pure32_3_shr.a`` ``libfreebl_hybrid_3_shr.a`` + ================================== ============================ ============================ + + An application should not link against these libraries, because they are dynamically loaded by + NSS at run time. Linking the application against one or the other of these libraries may produce + an application program that can only run on one type of CPU (e.g. only on 64-bit CPUs, not on + 32-bit CPUs) or that doesn't use the more efficient 64-bit code on 64-bit CPUs, which defeats the + purpose of having these shared libraries. + + On platforms for which these shared libraries exist, NSS 3.2 will fail if these shared libs are + not present. So, an application must include these files in its distribution of NSS shared + libraries. These shared libraries should be installed in the same directory where the other NSS + shared libraries (such as ``libnss3.so``) are installed. Both shared libs should always be + installed whether the target system has a 32-bit CPU or a 64-bit CPU. NSS will pick the right one + for the local system at run time. + + Note that NSS 3.x is also available in the LP64 model for these platforms, but the LP64 model of + NSS 3.x does not have these two extra shared libraries. + +.. + .. _what_you_should_already_know: + + `What you should already know <#what_you_should_already_know>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + Before using NSS, you should be familiar with the following topics: + + - Concepts and techniques of public-key cryptography + - The Secure Sockets Layer (SSL) protocol + - The PKCS #11 standard for cryptographic token interfaces + - Cross-platform development issues and techniques + + .. _where_to_find_more_information: + + `Where to find more information <#where_to_find_more_information>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + For information about PKI and SSL that you should understand before using NSS, see the following: + + - `Introduction to Public-Key + Cryptography `__ + - `Introduction to + SSL `__ + + For links to API documentation, build instructions, and other useful information, see the + :ref:`mozilla_projects_nss`. + + As mentioned above, NSS is built on top of NSPR. The API documentation for NSPR is available at + `NSPR API + Reference `__. diff --git a/security/nss/doc/rst/community.rst b/security/nss/doc/rst/community.rst new file mode 100644 index 000000000000..dce308741d3f --- /dev/null +++ b/security/nss/doc/rst/community.rst @@ -0,0 +1,70 @@ +.. _Community: + +Community +--------- + +Network Security Services (NSS) is maintained by a group of engineers and researchers, +mainly RedHat and Mozilla. + +.. warning:: + + While the NSS team focuses mainly on supporting platforms and features needded by + Firefox and RHEL, we are happy to take contributions. + +Contributors can reach out the the core team and follow NSS related news through the +following mailing list, Google group and Element/Matrix channel: + +.. note:: + + Mailing list: `https://groups.google.com/a/mozilla.org/g/dev-tech-crypto `__ + + Matrix/Element: `https://app.element.io/#/room/#nss:mozilla.org `__ + +.. + - View Mozilla Security forums... + + - `Mailing list `__ + - `Newsgroup `__ + - `RSS feed `__ + +.. _how_to_contribute: + +`How to Contribute <#how_to_contribute>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Start by opening a **Bugzilla** account at `bugzilla.mozilla.org `__ if you don't have one. + + ``NSS :: Libraries`` is the component for issues you'd like to work on. + We maintain a list of `NSS bugs marked with a keyword "good-first-bug" `__. + +.. _creating_your_patch: + +`Creating your Patch <#creating_your_patch>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + See our section on :ref:`mozilla_projects_nss_nss_sources_building_testing` to get started + making your patch. When you're satisfied with it, you'll need code review. + +.. _code_review: + +`Code Review <#code_review>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + `http://phabricator.services.mozilla.com/ `__ is our + code review tool, which uses your Bugzilla account. + + Use our `Phabricator user instructions `__ to upload patches for review. + Some items that will be evaluated during code review are `listed in checklist form on + Github. `__ + + After passing review, your patch can be landed by a member of the NSS team. Note that we don't land code that isn't both reviewed and tested. + +.. warning:: + + Please reach out to the team before engaging in a lot of work to make ensure we are willing to accept your contributions. diff --git a/security/nss/doc/rst/getting_started.rst b/security/nss/doc/rst/getting_started.rst new file mode 100644 index 000000000000..a3e54f881ec5 --- /dev/null +++ b/security/nss/doc/rst/getting_started.rst @@ -0,0 +1,62 @@ +.. _mozilla_projects_nss_getting_started: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. + +Getting Started +=============== + +.. _how_to_get_involved_with_nss: + +`How to get involved with NSS <#how_to_get_involved_with_nss>`__ +---------------------------------------------------------------- + +.. container:: + + | Network Security Services (NSS) is a base library for cryptographic algorithms and secure + network protocols used by Mozilla software. + | Would you like to get involved and help us to improve the core security of Mozilla Firefox and + other applications that make use of NSS? We are looking forward to your contributions! + + .. + | We have a large list of tasks waiting for attention, and we are happy to assist you in + identifying areas that match your interest or skills. You can find us on `Mozilla + IRC `__ in + channel `#nss `__ or you could ask your questions on the + `mozilla.dev.tech.crypto `__ newsgroup. + + + The NSS library and its supporting command line tools are written in the C programming language. + Its build system and the automated tests are based on makefiles and bash scripts. + + Over time, many documents have been produced that describe various aspects of NSS. You can start + with: + + .. + - the current `primary NSS documentation page `__ + from which we link to other documentation. + - a `General Overview `__ of the + applications that use NSS and the features it provides. + - a high level :ref:`mozilla_projects_nss_an_overview_of_nss_internals`. + - learn about getting the :ref:`mozilla_projects_nss_nss_sources_building_testing` + - `Old documentation `__ that is on + the archived mozilla.org website. + +.. + .. _nss_sample_code: + + `NSS Sample Code <#nss_sample_code>`__ + -------------------------------------- + + .. container:: + + A good place to start learning how to write NSS applications are the command line tools that are + maintained by the NSS developers. You can find them in subdirectory mozilla/security/nss/cmd + + Or have a look at some basic :ref:`mozilla_projects_nss_nss_sample_code`. + + A new set of samples is currently under development and review, see `Create new NSS + samples `__. + + You are welcome to download the samples via: hg clone https://hg.mozilla.org/projects/nss; cd + nss; hg update SAMPLES_BRANCH diff --git a/security/nss/doc/rst/index.rst b/security/nss/doc/rst/index.rst index a4eba24ddfa4..a9e79947a7f2 100644 --- a/security/nss/doc/rst/index.rst +++ b/security/nss/doc/rst/index.rst @@ -1,182 +1,21 @@ .. _mozilla_projects_nss: -Network Security Services -========================= +Network Security Services (NSS) +=============================== .. toctree:: :maxdepth: 2 :glob: :hidden: - getting_started_with_nss/index.rst - introduction_to_network_security_services/index.rst + getting_started.rst + build_artifacts.rst + releases/index.rst + community.rst + more.rst More documentation .. warning:: This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. -`Documentation <#documentation>`__ ----------------------------------- - -.. container:: - - **Network Security Services** (**NSS**) is a set of libraries designed to support cross-platform - development of security-enabled client and server applications. Applications built with NSS can - support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and - other security standards. - - For detailed information on standards supported, see :ref:`mozilla_projects_nss_overview`. For a - list of frequently asked questions, see the :ref:`mozilla_projects_nss_faq`. - - NSS is available under the Mozilla Public License. For information on downloading NSS releases as - tar files, see :ref:`mozilla_projects_nss_nss_sources_building_testing`. - - If you're a developer and would like to contribute to NSS, you might want to read the documents - :ref:`mozilla_projects_nss_an_overview_of_nss_internals` and - :ref:`mozilla_projects_nss_getting_started_with_nss`. - - .. rubric:: Background Information - :name: Background_Information - - :ref:`mozilla_projects_nss_overview` - Provides a brief summary of NSS and its capabilities. - :ref:`mozilla_projects_nss_faq` - Answers basic questions about NSS. - `Introduction to Public-Key Cryptography `__ - Explains the basic concepts of public-key cryptography that underlie NSS. - `Introduction to SSL `__ - Introduces the SSL protocol, including information about cryptographic ciphers supported by - SSL and the steps involved in the SSL handshake. - - .. rubric:: Getting Started - :name: Getting_Started - - :ref:`mozilla_projects_nss_nss_releases` - This page contains information about the current and past releases of NSS. - :ref:`mozilla_projects_nss_nss_sources_building_testing` - Instructions on how to build NSS on the different supported platforms. - `Get Mozilla Source Code Using Mercurial `__ - Information about with working with Mercurial. - `Get Mozilla Source Code Using CVS (deprecated) `__ - Old deprecated CVS documentation. - - .. rubric:: NSS APIs - :name: NSS_APIs - - :ref:`mozilla_projects_nss_introduction_to_network_security_services` - Provides an overview of the NSS libraries and what you need to know to use them. - :ref:`mozilla_projects_nss_ssl_functions` - Summarizes the SSL APIs exported by the NSS shared libraries. - :ref:`mozilla_projects_nss_reference` - API used to invoke SSL operations. - :ref:`mozilla_projects_nss_nss_api_guidelines` - Explains how the libraries and code are organized, and guidelines for developing code (naming - conventions, error handling, thread safety, etc.) - :ref:`mozilla_projects_nss_nss_tech_notes` - Links to NSS technical notes, which provide latest information about new NSS features and - supplementary documentation for advanced topics in programming with NSS. - - .. rubric:: Tools, testing, and other technical details - :name: Tools_testing_and_other_technical_details - - :ref:`mozilla_projects_nss_building` - Describe how to check out and build NSS releases. - - :ref:`mozilla_projects_nss_nss_developer_tutorial` - How to make changes in NSS. Coding style, maintaining ABI compatibility. - - :ref:`mozilla_projects_nss_tools` - Tools for developing, debugging, and managing applications that use NSS. - :ref:`mozilla_projects_nss_nss_sample_code` - Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. - :ref:`mozilla_projects_nss_nss_third-party_code` - A list of third-party code included in the NSS library. - `NSS 3.2 Test Suite `__ - **Archived version.** Describes how to run the standard NSS tests. - `NSS Performance Reports `__ - **Archived version.** Links to performance reports for NSS 3.2 and later releases. - `Encryption Technologies Available in NSS 3.11 `__ - **Archived version.** Lists the cryptographic algorithms used by NSS 3.11. - `NSS 3.1 Loadable Root Certificates `__ - **Archived version.** Describes the scheme for loading root CA certificates. - `cert7.db `__ - **Archived version.** General format of the cert7.db database. - - .. rubric:: PKCS #11 information - :name: PKCS_11_information - - - :ref:`mozilla_projects_nss_pkcs11` - - :ref:`mozilla_projects_nss_pkcs11_implement` - - :ref:`mozilla_projects_nss_pkcs11_module_specs` - - :ref:`mozilla_projects_nss_pkcs11_faq` - - `Using the JAR Installation Manager to Install a PKCS #11 Cryptographic - Module `__ - - `PKCS #11 Conformance Testing - Archived - version `__ - - .. rubric:: CA certificates pre-loaded into NSS - :name: CA_certificates_pre-loaded_into_NSS - - - `Mozilla CA certificate policy `__ - - `List of pre-loaded CA certificates `__ - - - Consumers of this list must consider the trust bit setting for each included root - certificate. `More - Information `__, `Extracting - roots and their trust bits `__ - - .. rubric:: NSS is built on top of Netscape Portable Runtime (NSPR) - :name: NSS_is_built_on_top_of_Netscape_Portable_Runtime_NSPR - - `Netscape Portable Runtime `__ - NSPR project page. - `NSPR Reference `__ - NSPR API documentation. - - .. rubric:: Additional Information - :name: Additional_Information - - - `Using the window.crypto object from - JavaScript `__ - - :ref:`mozilla_projects_nss_http_delegation` - - :ref:`mozilla_projects_nss_tls_cipher_suite_discovery` - - :ref:`mozilla_projects_nss_certificate_download_specification` - - :ref:`mozilla_projects_nss_fips_mode_-_an_explanation` - - :ref:`mozilla_projects_nss_key_log_format` - - .. rubric:: Planning - :name: Planning - - Information on NSS planning can be found at `wiki.mozilla.org `__, - including: - - - `FIPS Validation `__ - - `NSS Roadmap page `__ - - `NSS Improvement - Project `__ - -.. _Community: - -Community -~~~~~~~~~ - -- View Mozilla Security forums... - -- `Mailing list `__ -- `Newsgroup `__ -- `RSS feed `__ - -- View Mozilla Cryptography forums... - -- `Mailing list `__ -- `Newsgroup `__ -- `RSS feed `__ - -.. _Related_Topics: - -Related Topics -~~~~~~~~~~~~~~ - -- `Security `__ - diff --git a/security/nss/doc/rst/more.rst b/security/nss/doc/rst/more.rst new file mode 100644 index 000000000000..1585a23977c8 --- /dev/null +++ b/security/nss/doc/rst/more.rst @@ -0,0 +1,153 @@ +.. _more_documentation: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. + It currently is very deprecated and likely incorrect or broken in many places. + +More Documentation +------------------ + +.. container:: + + **Network Security Services** (**NSS**) is a set of libraries designed to support cross-platform + development of security-enabled client and server applications. Applications built with NSS can + support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and + other security standards. + + For detailed information on standards supported, see :ref:`mozilla_projects_nss_overview`. For a + list of frequently asked questions, see the :ref:`mozilla_projects_nss_faq`. + + NSS is available under the Mozilla Public License. For information on downloading NSS releases as + tar files, see :ref:`mozilla_projects_nss_nss_sources_building_testing`. + + If you're a developer and would like to contribute to NSS, you might want to read the documents + :ref:`mozilla_projects_nss_an_overview_of_nss_internals` and + :ref:`mozilla_projects_nss_getting_started_with_nss`. + + .. rubric:: Background Information + :name: Background_Information + + :ref:`mozilla_projects_nss_overview` + Provides a brief summary of NSS and its capabilities. + :ref:`mozilla_projects_nss_faq` + Answers basic questions about NSS. + `Introduction to Public-Key Cryptography `__ + Explains the basic concepts of public-key cryptography that underlie NSS. + `Introduction to SSL `__ + Introduces the SSL protocol, including information about cryptographic ciphers supported by + SSL and the steps involved in the SSL handshake. + + .. rubric:: Getting Started + :name: Getting_Started + + :ref:`mozilla_projects_nss_nss_releases` + This page contains information about the current and past releases of NSS. + :ref:`mozilla_projects_nss_nss_sources_building_testing` + Instructions on how to build NSS on the different supported platforms. + `Get Mozilla Source Code Using Mercurial `__ + Information about with working with Mercurial. + `Get Mozilla Source Code Using CVS (deprecated) `__ + Old deprecated CVS documentation. + + .. rubric:: NSS APIs + :name: NSS_APIs + + :ref:`mozilla_projects_nss_introduction_to_network_security_services` + Provides an overview of the NSS libraries and what you need to know to use them. + :ref:`mozilla_projects_nss_ssl_functions` + Summarizes the SSL APIs exported by the NSS shared libraries. + :ref:`mozilla_projects_nss_reference` + API used to invoke SSL operations. + :ref:`mozilla_projects_nss_nss_api_guidelines` + Explains how the libraries and code are organized, and guidelines for developing code (naming + conventions, error handling, thread safety, etc.) + :ref:`mozilla_projects_nss_nss_tech_notes` + Links to NSS technical notes, which provide latest information about new NSS features and + supplementary documentation for advanced topics in programming with NSS. + + .. rubric:: Tools, testing, and other technical details + :name: Tools_testing_and_other_technical_details + + :ref:`mozilla_projects_nss_building` + Describe how to check out and build NSS releases. + + :ref:`mozilla_projects_nss_nss_developer_tutorial` + How to make changes in NSS. Coding style, maintaining ABI compatibility. + + :ref:`mozilla_projects_nss_tools` + Tools for developing, debugging, and managing applications that use NSS. + :ref:`mozilla_projects_nss_nss_sample_code` + Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. + :ref:`mozilla_projects_nss_nss_third-party_code` + A list of third-party code included in the NSS library. + `NSS 3.2 Test Suite `__ + **Archived version.** Describes how to run the standard NSS tests. + `NSS Performance Reports `__ + **Archived version.** Links to performance reports for NSS 3.2 and later releases. + `Encryption Technologies Available in NSS 3.11 `__ + **Archived version.** Lists the cryptographic algorithms used by NSS 3.11. + `NSS 3.1 Loadable Root Certificates `__ + **Archived version.** Describes the scheme for loading root CA certificates. + `cert7.db `__ + **Archived version.** General format of the cert7.db database. + + .. rubric:: PKCS #11 information + :name: PKCS_11_information + + - :ref:`mozilla_projects_nss_pkcs11` + - :ref:`mozilla_projects_nss_pkcs11_implement` + - :ref:`mozilla_projects_nss_pkcs11_module_specs` + - :ref:`mozilla_projects_nss_pkcs11_faq` + - `Using the JAR Installation Manager to Install a PKCS #11 Cryptographic + Module `__ + - `PKCS #11 Conformance Testing - Archived + version `__ + + .. rubric:: CA certificates pre-loaded into NSS + :name: CA_certificates_pre-loaded_into_NSS + + - `Mozilla CA certificate policy `__ + - `List of pre-loaded CA certificates `__ + + - Consumers of this list must consider the trust bit setting for each included root + certificate. `More + Information `__, `Extracting + roots and their trust bits `__ + + .. rubric:: NSS is built on top of Netscape Portable Runtime (NSPR) + :name: NSS_is_built_on_top_of_Netscape_Portable_Runtime_NSPR + + `Netscape Portable Runtime `__ + NSPR project page. + `NSPR Reference `__ + NSPR API documentation. + + .. rubric:: Additional Information + :name: Additional_Information + + - `Using the window.crypto object from + JavaScript `__ + - :ref:`mozilla_projects_nss_http_delegation` + - :ref:`mozilla_projects_nss_tls_cipher_suite_discovery` + - :ref:`mozilla_projects_nss_certificate_download_specification` + - :ref:`mozilla_projects_nss_fips_mode_-_an_explanation` + - :ref:`mozilla_projects_nss_key_log_format` + + .. rubric:: Planning + :name: Planning + + Information on NSS planning can be found at `wiki.mozilla.org `__, + including: + + - `FIPS Validation `__ + - `NSS Roadmap page `__ + - `NSS Improvement + Project `__ + +.. _Related_Topics: + +Related Topics +~~~~~~~~~~~~~~ + +- `Security `__ + diff --git a/security/nss/doc/rst/releases/index.rst b/security/nss/doc/rst/releases/index.rst new file mode 100644 index 000000000000..03b849ed4557 --- /dev/null +++ b/security/nss/doc/rst/releases/index.rst @@ -0,0 +1,37 @@ +.. _mozilla_projects_nss_releases: + +Releases +======== + +.. toctree:: + :maxdepth: 0 + :glob: + :hidden: + + nss_3_68.rst + nss_3_67.rst + nss_3_66.rst + nss_3_65.rst + nss_3_64.rst + +.. note:: + + **NSS 3.68** is the latest version of NSS. + + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_release_notes` + +.. container:: + + Changes included in this release: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. diff --git a/security/nss/doc/rst/releases/nss_3_64.rst b/security/nss/doc/rst/releases/nss_3_64.rst new file mode 100644 index 000000000000..a3c605e4ccce --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_64.rst @@ -0,0 +1,69 @@ +.. _mozilla_projects_nss_nss_3_64_release_notes: + +NSS 3.64 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.64 was released on **15 April 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_64_RTM. NSS 3.64 requires NSPR 4.30 or newer. + + NSS 3.64 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_64_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_nss_releases`. + +.. _bugs_fixed_in_nss_3.64: + +`Bugs fixed in NSS 3.64 <#bugs_fixed_in_nss_3.64>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1705286 - Properly detect mips64. + - Bug 1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. + - Bug 1698320 - replace \__builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. + - Bug 1613235 - Add POWER ChaCha20 stream cipher vector acceleration. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.64 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.64 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) \ No newline at end of file diff --git a/security/nss/doc/rst/releases/nss_3_65.rst b/security/nss/doc/rst/releases/nss_3_65.rst new file mode 100644 index 000000000000..93754b87b032 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_65.rst @@ -0,0 +1,77 @@ +.. _mozilla_projects_nss_nss_3_65_release_notes: + +NSS 3.65 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.65 was released on **13 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_65_RTM. NSS 3.65 requires NSPR 4.30 or newer. + + NSS 3.65 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_65_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.65: + +`Bugs fixed in NSS 3.65 <#bugs_fixed_in_nss_3.65>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.65 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.65 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + Due to some changes in the Firefox release cycle, NSS 3.67 has yet to be added + to the NSS release schedule (3.66 is not affected). I will announce the date to + this list once defined. + + Best, + Benjamin diff --git a/security/nss/doc/rst/releases/nss_3_66.rst b/security/nss/doc/rst/releases/nss_3_66.rst new file mode 100644 index 000000000000..f4a93a7f301c --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_66.rst @@ -0,0 +1,79 @@ +.. _mozilla_projects_nss_nss_3_66_release_notes: + +NSS 3.66 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.66 was released on **27 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_66_RTM. NSS 3.66 requires NSPR 4.30 or newer. + + NSS 3.66 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_66_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.66: + +`Bugs fixed in NSS 3.66 <#bugs_fixed_in_nss_3.66>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1710716 - Remove Expired Sonera Class2 CA from NSS. + - Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. + - Bug 1708307 - Remove Trustis FPS Root CA from NSS. + - Bug 1707097 - Add Certum Trusted Root CA to NSS. + - Bug 1707097 - Add Certum EC-384 CA to NSS. + - Bug 1703942 - Add ANF Secure Server Root CA to NSS. + - Bug 1697071 - Add GLOBALTRUST 2020 root cert to NSS. + - Bug 1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. + - Bug 1712230 - Don't build ppc-gcm.s with clang integrated assembler. + - Bug 1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. + - Bug 1710773 - NSS needs FIPS 180-3 FIPS indicators. + - Bug 1709291 - Add VerifyCodeSigningCertificateChain. + - Use GNU tar for the release helper script. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.66 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.66 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + To realign the NSS and Firefox release schedules, the next cycle for + NSS 3.67 will be very short and the release happen on June 10th. + https://wiki.mozilla.org/NSS:Release_Versions + + Bug 1712230 introduced a correctness issue for GCM on ppcle64, the fix will + be part of NSS 3.67. diff --git a/security/nss/doc/rst/releases/nss_3_67.rst b/security/nss/doc/rst/releases/nss_3_67.rst new file mode 100644 index 000000000000..65c63bb257a8 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_67.rst @@ -0,0 +1,70 @@ +.. _mozilla_projects_nss_nss_3_67_release_notes: + +NSS 3.67 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.67 was released on **10 June 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_67_RTM. NSS 3.67 requires NSPR 4.30 or newer. + + NSS 3.67 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_67_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.67: + +`Bugs fixed in NSS 3.67 <#bugs_fixed_in_nss_3.67>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1683710 - Add a means to disable ALPN. + - Bug 1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). + - Bug 1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. + - Bug 1566124 - Fix counter increase in ppc-gcm-wrap.c + - Bug 1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.67 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.67 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) diff --git a/security/nss/doc/rst/releases/nss_3_68.rst b/security/nss/doc/rst/releases/nss_3_68.rst new file mode 100644 index 000000000000..b98786b55e98 --- /dev/null +++ b/security/nss/doc/rst/releases/nss_3_68.rst @@ -0,0 +1,61 @@ +.. _mozilla_projects_nss_nss_3_68_release_notes: + +NSS 3.68 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68 was released on **8 July 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer. + + NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.68: + +`Bugs fixed in NSS 3.68 <#bugs_fixed_in_nss_3.68>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1713562 - Fix test leak. + - Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. + - Bug 1693206 - Implement PKCS8 export of ECDSA keys. + - Bug 1712883 - DTLS 1.3 draft-43. + - Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension. + - Bug 1713562 - Validate ECH public names. + - Bug 1717610 - Add function to get seconds from epoch from pkix::Time. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.68 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). diff --git a/security/nss/gtests/ssl_gtest/nss_policy.h b/security/nss/gtests/ssl_gtest/nss_policy.h new file mode 100644 index 000000000000..65c93f0d10b8 --- /dev/null +++ b/security/nss/gtests/ssl_gtest/nss_policy.h @@ -0,0 +1,78 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nss_policy_h_ +#define nss_policy_h_ + +#include "prtypes.h" +#include "secoid.h" + +namespace nss_test { + +// container class to hold all a temp policy +class NssPolicy { + public: + NssPolicy() : oid_(SEC_OID_UNKNOWN), set_(0), clear_(0) {} + NssPolicy(SECOidTag _oid, PRUint32 _set, PRUint32 _clear) + : oid_(_oid), set_(_set), clear_(_clear) {} + NssPolicy(const NssPolicy &p) + : oid_(p.oid_), set_(p.set_), clear_(p.clear_) {} + // clone the current policy for this oid + NssPolicy(SECOidTag _oid) : oid_(_oid), set_(0), clear_(0) { + NSS_GetAlgorithmPolicy(_oid, &set_); + clear_ = ~set_; + } + SECOidTag oid(void) const { return oid_; } + PRUint32 set(void) const { return set_; } + PRUint32 clear(void) const { return clear_; } + operator bool() const { return oid_ != SEC_OID_UNKNOWN; } + + private: + SECOidTag oid_; + PRUint32 set_; + PRUint32 clear_; +}; + +// set the policy indicated in NssPolicy and restor the old policy +// when we go out of scope +class NssManagePolicy { + public: + NssManagePolicy(const NssPolicy &p) : policy_(p), current_(~(PRUint32)0) { + if (p) { + (void)NSS_GetAlgorithmPolicy(p.oid(), ¤t_); + (void)NSS_SetAlgorithmPolicy(p.oid(), p.set(), p.clear()); + } + } + ~NssManagePolicy() { + if (policy_) { + (void)NSS_SetAlgorithmPolicy(policy_.oid(), current_, ~current_); + } + } + + private: + NssPolicy policy_; + PRUint32 current_; +}; + +// wrapping PRFileDesc this way ensures that tests that attempt to access +// PRFileDesc always correctly apply +// the policy that was bound to that socket with TlsAgent::SetPolicy(). +class NssManagedFileDesc { + public: + NssManagedFileDesc(PRFileDesc *fd, const NssPolicy &policy) + : fd_(fd), managed_policy_(policy) {} + PRFileDesc *get(void) const { return fd_; } + operator PRFileDesc *() const { return fd_; } + bool operator==(PRFileDesc *fd) const { return fd_ == fd; } + + private: + PRFileDesc *fd_; + NssManagePolicy managed_policy_; +}; + +} // namespace nss_test + +#endif diff --git a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc index 8bbb1e38f6b2..adb4424c1b77 100644 --- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc @@ -1798,6 +1798,165 @@ TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) { CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_, signature_scheme_); } +class Tls12CertificateRequestReplacer : public TlsHandshakeFilter { + public: + Tls12CertificateRequestReplacer(const std::shared_ptr& a, + SSLSignatureScheme scheme) + : TlsHandshakeFilter(a, {kTlsHandshakeCertificateRequest}), + scheme_(scheme) {} + + virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) { + uint32_t offset = 0; + + if (header.handshake_type() != ssl_hs_certificate_request) { + return KEEP; + } + + *output = input; + + uint32_t types_len = 0; + if (!output->Read(offset, 1, &types_len)) { + ADD_FAILURE(); + return KEEP; + } + offset += 1 + types_len; + uint32_t scheme_len = 0; + if (!output->Read(offset, 2, &scheme_len)) { + ADD_FAILURE(); + return KEEP; + } + DataBuffer schemes; + schemes.Write(0, 2, 2); + schemes.Write(2, scheme_, 2); + output->Write(offset, 2, schemes.len()); + output->Splice(schemes, offset + 2, scheme_len); + + return CHANGE; + } + + private: + SSLSignatureScheme scheme_; +}; + +// +// Test how policy interacts with client auth connections +// + +// TLS/DTLS version algorithm policy +typedef std::tuple + PolicySignatureSchemeProfile; + +// Only TLS 1.2 handles client auth schemes inside +// the certificate request packet, so our failure tests for +// those kinds of connections only occur here. +class TlsConnectAuthWithPolicyTls12 + : public TlsConnectTestBase, + public ::testing::WithParamInterface { + public: + TlsConnectAuthWithPolicyTls12() + : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) { + alg_ = std::get<2>(GetParam()); + policy_ = std::get<3>(GetParam()); + // use the algorithm to select which single scheme to deploy + // We use these schemes to force servers sending schemes the client + // didn't advertise to make sure the client will still filter these + // by policy and detect that no valid schemes were presented, rather + // than sending an empty client auth message. + switch (alg_) { + case SEC_OID_SHA256: + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + scheme_ = ssl_sig_rsa_pss_pss_sha256; + break; + case SEC_OID_PKCS1_RSA_ENCRYPTION: + scheme_ = ssl_sig_rsa_pkcs1_sha256; + break; + case SEC_OID_ANSIX962_EC_PUBLIC_KEY: + scheme_ = ssl_sig_ecdsa_secp256r1_sha256; + break; + default: + ADD_FAILURE() << "need to update algorithm table in " + "TlsConnectAuthWithPolicyTls12"; + scheme_ = ssl_sig_none; + break; + } + } + + protected: + SECOidTag alg_; + PRUint32 policy_; + SSLSignatureScheme scheme_; +}; + +// Only TLS 1.2 and greater looks at schemes extensions on client auth +class TlsConnectAuthWithPolicyTls12Plus + : public TlsConnectTestBase, + public ::testing::WithParamInterface { + public: + TlsConnectAuthWithPolicyTls12Plus() + : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) { + alg_ = std::get<2>(GetParam()); + policy_ = std::get<3>(GetParam()); + } + + protected: + SECOidTag alg_; + PRUint32 policy_; +}; + +// make sure we can turn single algorithms off by policy an still connect +// this is basically testing that we are properly filtering our schemes +// by policy before communicating them to the server, and that the +// server is respecting our choices +TEST_P(TlsConnectAuthWithPolicyTls12Plus, PolicySuccessTest) { + // in TLS 1.3, RSA PKCS1 is restricted. If we are also + // restricting RSA PSS by policy, we can't use the default + // RSA certificate as the server cert, switch to ECDSA + if ((version_ >= SSL_LIBRARY_VERSION_TLS_1_3) && + (alg_ == SEC_OID_PKCS1_RSA_PSS_SIGNATURE)) { + Reset(TlsAgent::kServerEcdsa256); + } + client_->SetPolicy(alg_, 0, policy_); // Disable policy for client + client_->SetupClientAuth(); + server_->RequestClientAuth(false); + Connect(); +} + +// make sure we fail if the server ignores our policy preference and +// requests client auth with a scheme we don't support +TEST_P(TlsConnectAuthWithPolicyTls12, PolicyFailureTest) { + client_->SetPolicy(alg_, 0, policy_); + client_->SetupClientAuth(); + server_->RequestClientAuth(false); + MakeTlsFilter(server_, scheme_); + ConnectExpectAlert(client_, kTlsAlertHandshakeFailure); + client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT); +} + +INSTANTIATE_TEST_SUITE_P( + SignaturesWithPolicyFail, TlsConnectAuthWithPolicyTls12, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, + TlsConnectTestBase::kTlsV12, + ::testing::Values(SEC_OID_SHA256, + SEC_OID_PKCS1_RSA_PSS_SIGNATURE, + SEC_OID_PKCS1_RSA_ENCRYPTION, + SEC_OID_ANSIX962_EC_PUBLIC_KEY), + ::testing::Values(NSS_USE_ALG_IN_SSL_KX, + NSS_USE_ALG_IN_ANY_SIGNATURE))); + +INSTANTIATE_TEST_SUITE_P( + SignaturesWithPolicySuccess, TlsConnectAuthWithPolicyTls12Plus, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, + TlsConnectTestBase::kTlsV12Plus, + ::testing::Values(SEC_OID_SHA256, + SEC_OID_PKCS1_RSA_PSS_SIGNATURE, + SEC_OID_PKCS1_RSA_ENCRYPTION, + SEC_OID_ANSIX962_EC_PUBLIC_KEY), + ::testing::Values(NSS_USE_ALG_IN_SSL_KX, + NSS_USE_ALG_IN_ANY_SIGNATURE))); + INSTANTIATE_TEST_SUITE_P( SignatureSchemeRsa, TlsSignatureSchemeConfiguration, ::testing::Combine( diff --git a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc index 418ef6134a6c..c95554d17e4a 100644 --- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc @@ -430,7 +430,10 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsBadLength) { } TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) { - const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00}; // sha-256, rsa + // make sure the test uses an algorithm that is legal for + // tls 1.3 (or tls 1.3 will throw a handshake failure alert + // instead of a decode error alert) + const uint8_t val[] = {0x00, 0x02, 0x08, 0x09, 0x00}; // sha-256, rsa-pss-pss DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(std::make_shared( client_, ssl_signature_algorithms_xtn, extension)); @@ -1131,6 +1134,15 @@ TEST_P(TlsExtensionTest13, OddVersionList) { ConnectWithBogusVersionList(kExt, sizeof(kExt)); } +TEST_P(TlsExtensionTest13, SignatureAlgorithmsInvalidTls13) { + // testing the case where we ask for a invalid parameter for tls13 + const uint8_t val[] = {0x00, 0x02, 0x04, 0x01}; // sha-256, rsa-pkcs1 + DataBuffer extension(val, sizeof(val)); + ClientHelloErrorTest(std::make_shared( + client_, ssl_signature_algorithms_xtn, extension), + kTlsAlertHandshakeFailure); +} + // Use the stream version number for TLS 1.3 (0x0304) in DTLS. TEST_F(TlsConnectDatagram13, TlsVersionInDtls) { static const uint8_t kExt[] = {0x02, 0x03, 0x04}; diff --git a/security/nss/gtests/ssl_gtest/tls_agent.cc b/security/nss/gtests/ssl_gtest/tls_agent.cc index 43a953bec421..86990f372a2d 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.cc +++ b/security/nss/gtests/ssl_gtest/tls_agent.cc @@ -93,7 +93,8 @@ TlsAgent::TlsAgent(const std::string& nm, Role rl, SSLProtocolVariant var) auth_certificate_callback_(), sni_callback_(), skip_version_checks_(false), - resumption_token_() { + resumption_token_(), + policy_() { memset(&info_, 0, sizeof(info_)); memset(&csinfo_, 0, sizeof(csinfo_)); SECStatus rv = SSL_VersionRangeGetDefault(variant_, &vrange_); @@ -227,6 +228,7 @@ bool TlsAgent::ConfigServerCert(const std::string& id, bool updateKeyBits, bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) { // Don't set up twice if (ssl_fd_) return true; + NssManagePolicy policyManage(policy_); ScopedPRFileDesc dummy_fd(adapter_->CreateFD()); EXPECT_NE(nullptr, dummy_fd); @@ -319,7 +321,7 @@ bool TlsAgent::MaybeSetResumptionToken() { } void TlsAgent::SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx) { - EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(ssl_fd_.get(), ctx.get())); + EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(ssl_fd(), ctx.get())); } void TlsAgent::SetupClientAuth() { @@ -869,8 +871,8 @@ void TlsAgent::ResetPreliminaryInfo() { } void TlsAgent::UpdatePreliminaryChannelInfo() { - SECStatus rv = SSL_GetPreliminaryChannelInfo(ssl_fd_.get(), &pre_info_, - sizeof(pre_info_)); + SECStatus rv = + SSL_GetPreliminaryChannelInfo(ssl_fd(), &pre_info_, sizeof(pre_info_)); EXPECT_EQ(SECSuccess, rv); EXPECT_EQ(sizeof(pre_info_), pre_info_.length); } diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h index 05470ba3d888..e9eeb4dd3f33 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.h +++ b/security/nss/gtests/ssl_gtest/tls_agent.h @@ -14,6 +14,7 @@ #include #include +#include "nss_policy.h" #include "test_io.h" #define GTEST_HAS_RTTI 0 @@ -231,7 +232,9 @@ class TlsAgent : public PollTarget { static const char* state_str(State state) { return states[state]; } - PRFileDesc* ssl_fd() const { return ssl_fd_.get(); } + NssManagedFileDesc ssl_fd() const { + return NssManagedFileDesc(ssl_fd_.get(), policy_); + } std::shared_ptr& adapter() { return adapter_; } const SSLChannelInfo& info() const { @@ -307,6 +310,10 @@ class TlsAgent : public PollTarget { void ExpectSendAlert(uint8_t alert, uint8_t level = 0); std::string alpn_value_to_use_ = ""; + // set the given policy before this agent runs + void SetPolicy(SECOidTag oid, PRUint32 set, PRUint32 clear) { + policy_ = NssPolicy(oid, set, clear); + } private: const static char* states[]; @@ -453,6 +460,7 @@ class TlsAgent : public PollTarget { SniCallbackFunction sni_callback_; bool skip_version_checks_; std::vector resumption_token_; + NssPolicy policy_; }; inline std::ostream& operator<<(std::ostream& stream, diff --git a/security/nss/gtests/ssl_gtest/tls_connect.cc b/security/nss/gtests/ssl_gtest/tls_connect.cc index 4dd0a003484e..b2fd31f8e579 100644 --- a/security/nss/gtests/ssl_gtest/tls_connect.cc +++ b/security/nss/gtests/ssl_gtest/tls_connect.cc @@ -379,10 +379,10 @@ void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected, } void TlsConnectTestBase::EnsureTlsSetup() { - EXPECT_TRUE(server_->EnsureTlsSetup(server_model_ ? server_model_->ssl_fd() - : nullptr)); - EXPECT_TRUE(client_->EnsureTlsSetup(client_model_ ? client_model_->ssl_fd() - : nullptr)); + EXPECT_TRUE(server_->EnsureTlsSetup( + server_model_ ? server_model_->ssl_fd().get() : nullptr)); + EXPECT_TRUE(client_->EnsureTlsSetup( + client_model_ ? client_model_->ssl_fd().get() : nullptr)); server_->SetAntiReplayContext(anti_replay_); EXPECT_EQ(SECSuccess, SSL_SetTimeFunc(client_->ssl_fd(), TlsConnectTestBase::TimeFunc, &now_)); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index a3f0a776e8c3..f2c3a218b6de 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -73,6 +73,8 @@ PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme); static SECStatus ssl3_UpdateDefaultHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l); +const PRUint32 kSSLSigSchemePolicy = + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_ANY_SIGNATURE; const PRUint8 ssl_hello_retry_random[] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, @@ -784,6 +786,41 @@ ssl_HasCert(const sslSocket *ss, PRUint16 maxVersion, SSLAuthType authType) return PR_FALSE; } +/* return true if the scheme is allowed by policy, This prevents + * failures later when our actual signatures are rejected by + * policy by either ssl code, or lower level NSS code */ +static PRBool +ssl_SchemePolicyOK(SSLSignatureScheme scheme, PRUint32 require) +{ + /* Hash policy. */ + PRUint32 policy; + SECOidTag hashOID = ssl3_HashTypeToOID(ssl_SignatureSchemeToHashType(scheme)); + SECOidTag sigOID; + + /* policy bits needed to enable a SignatureScheme */ + SECStatus rv = NSS_GetAlgorithmPolicy(hashOID, &policy); + if (rv == SECSuccess && + (policy & require) != require) { + return PR_FALSE; + } + + /* ssl_SignatureSchemeToAuthType reports rsa for rsa_pss_rsae, but we + * actually implement pss signatures when we sign, so just use RSA_PSS + * for all RSA PSS Siganture schemes */ + if (ssl_IsRsaPssSignatureScheme(scheme)) { + sigOID = SEC_OID_PKCS1_RSA_PSS_SIGNATURE; + } else { + sigOID = ssl3_AuthTypeToOID(ssl_SignatureSchemeToAuthType(scheme)); + } + /* Signature Policy. */ + rv = NSS_GetAlgorithmPolicy(sigOID, &policy); + if (rv == SECSuccess && + (policy & require) != require) { + return PR_FALSE; + } + return PR_TRUE; +} + /* Check that a signature scheme is accepted. * Both by policy and by having a token that supports it. */ static PRBool @@ -809,23 +846,9 @@ ssl_SignatureSchemeAccepted(PRUint16 minVersion, if (minVersion >= SSL_LIBRARY_VERSION_TLS_1_3) { return PR_FALSE; } - PRUint32 dsaPolicy; - SECStatus rv = NSS_GetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, - &dsaPolicy); - if (rv == SECSuccess && (dsaPolicy & NSS_USE_ALG_IN_SSL_KX) == 0) { - return PR_FALSE; - } } - /* Hash policy. */ - PRUint32 hashPolicy; - SSLHashType hashType = ssl_SignatureSchemeToHashType(scheme); - SECOidTag hashOID = ssl3_HashTypeToOID(hashType); - SECStatus rv = NSS_GetAlgorithmPolicy(hashOID, &hashPolicy); - if (rv == SECSuccess && (hashPolicy & NSS_USE_ALG_IN_SSL_KX) == 0) { - return PR_FALSE; - } - return PR_TRUE; + return ssl_SchemePolicyOK(scheme, kSSLSigSchemePolicy); } static SECStatus @@ -4237,6 +4260,26 @@ ssl3_HashTypeToOID(SSLHashType hashType) return SEC_OID_UNKNOWN; } +SECOidTag +ssl3_AuthTypeToOID(SSLAuthType authType) +{ + switch (authType) { + case ssl_auth_rsa_sign: + return SEC_OID_PKCS1_RSA_ENCRYPTION; + case ssl_auth_rsa_pss: + return SEC_OID_PKCS1_RSA_PSS_SIGNATURE; + case ssl_auth_ecdsa: + return SEC_OID_ANSIX962_EC_PUBLIC_KEY; + case ssl_auth_dsa: + return SEC_OID_ANSIX9_DSA_SIGNATURE; + default: + break; + } + /* shouldn't ever get there */ + PORT_Assert(0); + return SEC_OID_UNKNOWN; +} + SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme) { @@ -4277,37 +4320,15 @@ ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme) static PRBool ssl_SignatureSchemeMatchesSpkiOid(SSLSignatureScheme scheme, SECOidTag spkiOid) { - switch (scheme) { - case ssl_sig_rsa_pkcs1_sha256: - case ssl_sig_rsa_pkcs1_sha384: - case ssl_sig_rsa_pkcs1_sha512: - case ssl_sig_rsa_pkcs1_sha1: - case ssl_sig_rsa_pss_rsae_sha256: - case ssl_sig_rsa_pss_rsae_sha384: - case ssl_sig_rsa_pss_rsae_sha512: - case ssl_sig_rsa_pkcs1_sha1md5: - return (spkiOid == SEC_OID_X500_RSA_ENCRYPTION) || - (spkiOid == SEC_OID_PKCS1_RSA_ENCRYPTION); - case ssl_sig_rsa_pss_pss_sha256: - case ssl_sig_rsa_pss_pss_sha384: - case ssl_sig_rsa_pss_pss_sha512: - return spkiOid == SEC_OID_PKCS1_RSA_PSS_SIGNATURE; - case ssl_sig_ecdsa_secp256r1_sha256: - case ssl_sig_ecdsa_secp384r1_sha384: - case ssl_sig_ecdsa_secp521r1_sha512: - case ssl_sig_ecdsa_sha1: - return spkiOid == SEC_OID_ANSIX962_EC_PUBLIC_KEY; - case ssl_sig_dsa_sha256: - case ssl_sig_dsa_sha384: - case ssl_sig_dsa_sha512: - case ssl_sig_dsa_sha1: - return spkiOid == SEC_OID_ANSIX9_DSA_SIGNATURE; - case ssl_sig_none: - case ssl_sig_ed25519: - case ssl_sig_ed448: - break; + SECOidTag authOid = ssl3_AuthTypeToOID(ssl_SignatureSchemeToAuthType(scheme)); + + if (spkiOid == authOid) { + return PR_TRUE; + } + if ((authOid == SEC_OID_PKCS1_RSA_ENCRYPTION) && + (spkiOid == SEC_OID_X500_RSA_ENCRYPTION)) { + return PR_TRUE; } - PORT_Assert(0); return PR_FALSE; } @@ -4319,7 +4340,11 @@ ssl_SignatureSchemeValid(SSLSignatureScheme scheme, SECOidTag spkiOid, if (!ssl_IsSupportedSignatureScheme(scheme)) { return PR_FALSE; } - if (!ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { + /* if we are purposefully passed SEC_OID_UNKNOWN, it means + * we not checking the scheme against a potential key, so skip + * the call */ + if ((spkiOid != SEC_OID_UNKNOWN) && + !ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { return PR_FALSE; } if (isTls13) { @@ -4517,7 +4542,8 @@ ssl_CheckSignatureSchemeConsistency(sslSocket *ss, SSLSignatureScheme scheme, } /* Verify that the signature scheme matches the signing key. */ - if (!ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { + if ((spkiOid == SEC_OID_UNKNOWN) || + !ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); return SECFailure; } @@ -4552,7 +4578,8 @@ ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme) case ssl_sig_dsa_sha384: case ssl_sig_dsa_sha512: case ssl_sig_ecdsa_sha1: - return PR_TRUE; + return ssl_SchemePolicyOK(scheme, kSSLSigSchemePolicy); + break; case ssl_sig_rsa_pkcs1_sha1md5: case ssl_sig_none: @@ -4677,9 +4704,10 @@ ssl_ConsumeSignatureScheme(sslSocket *ss, PRUint8 **b, rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, b, length); if (rv != SECSuccess) { - return SECFailure; /* Error code set already. */ + return SECFailure; /* Alert sent, Error code set already. */ } if (!ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { + SSL3_SendAlert(ss, alert_fatal, illegal_parameter); PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); return SECFailure; } @@ -6436,8 +6464,6 @@ ssl_CanUseSignatureScheme(SSLSignatureScheme scheme, PRBool slotDoesPss) { SSLHashType hashType; - SECOidTag hashOID; - PRUint32 policy; unsigned int i; /* Skip RSA-PSS schemes when the certificate's private key slot does @@ -6446,20 +6472,12 @@ ssl_CanUseSignatureScheme(SSLSignatureScheme scheme, return PR_FALSE; } - if (ssl_IsDsaSignatureScheme(scheme) && - (NSS_GetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, &policy) == - SECSuccess) && - !(policy & NSS_USE_ALG_IN_SSL_KX)) { - return PR_FALSE; - } - hashType = ssl_SignatureSchemeToHashType(scheme); if (requireSha1 && (hashType != ssl_hash_sha1)) { return PR_FALSE; } - hashOID = ssl3_HashTypeToOID(hashType); - if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) && - !(policy & NSS_USE_ALG_IN_SSL_KX)) { + + if (!ssl_SchemePolicyOK(scheme, kSSLSigSchemePolicy)) { return PR_FALSE; } @@ -6533,6 +6551,9 @@ ssl_PickSignatureScheme(sslSocket *ss, } spkiOid = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm); + if (spkiOid == SEC_OID_UNKNOWN) { + return SECFailure; + } /* Now we have to search based on the key type. Go through our preferred * schemes in order and find the first that can be used. */ @@ -7430,7 +7451,7 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); if (rv != SECSuccess) { - goto alert_loser; /* malformed or unsupported. */ + goto loser; /* alert already sent */ } rv = ssl_CheckSignatureSchemeConsistency( ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); @@ -7700,7 +7721,9 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena, PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } - if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { + if (ssl_SignatureSchemeValid((SSLSignatureScheme)tmp, SEC_OID_UNKNOWN, + (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3)) { + ; schemes[numSupported++] = (SSLSignatureScheme)tmp; } } @@ -10286,7 +10309,10 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length) PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_record); rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); if (rv != SECSuccess) { - goto loser; /* malformed or unsupported. */ + if (PORT_GetError() == SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM) { + errCode = SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM; + } + goto loser; /* alert already sent */ } rv = ssl_CheckSignatureSchemeConsistency( ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index f4264b8348e0..5fffebc860e5 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1783,6 +1783,7 @@ SECStatus ssl_PickSignatureScheme(sslSocket *ss, unsigned int peerSchemeCount, PRBool requireSha1); SECOidTag ssl3_HashTypeToOID(SSLHashType hashType); +SECOidTag ssl3_AuthTypeToOID(SSLAuthType hashType); SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme); SSLAuthType ssl_SignatureSchemeToAuthType(SSLSignatureScheme scheme);