During path building, mozilla::pkix filters out candidate certificates provided
by trust domains where the subject distinguished name does not match the issuer
distinguished name of the certificate it's trying to find an issuer for.
However, if there's a problem decoding the candidate issuer certificate,
mozilla::pkix will make a note of this error, regardless of if that certificate
was potentially a suitable issuer. If no trusted path is found, the error from
that unrelated certificate may ultimately be returned by mozilla::pkix,
resulting in confusion.
Before this patch, NSSCertDBTrustDomain could cause this behavior by blithely
passing every known 3rd party certificate to mozilla::pkix (other sources of
certificates already filter on subject distinguished name). This patch adds
filtering to 3rd party certificates as well.
Differential Revision: https://phabricator.services.mozilla.com/D48120
--HG--
extra : moz-landing-system : lando
Allow access to extra services needed to open file pickers from the Flash process on 10.15.
Differential Revision: https://phabricator.services.mozilla.com/D48145
--HG--
extra : moz-landing-system : lando
2019-10-03 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary.
r=jcj
ECB mode should not require an IV.
[dc86215aea17] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Check mechanism param and param length before casting
to mechanism-specific structs. r=jcj
This patch adds missing PKCS11 input parameter checks, which are
needed prior to casting to mechanism-specific structs.
[53d92a324080]
Differential Revision: https://phabricator.services.mozilla.com/D48109
--HG--
extra : moz-landing-system : lando
2019-10-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1577953 - Support longer (up to RFC maximum) HKDF outputs r=jcj
HKDF-Expand enforces a maximum output length much shorter than
stated in the RFC. This patch aligns the implementation with the RFC
by allocating more output space when necessary.
[c0913ad7a560] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/curve25519-vectors.h,
gtests/pk11_gtest/pk11_curve25519_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_vectors.h,
gtests/pk11_gtest/pk11_signature_test.h:
Bug 1558234 - Additional EC key tests, r=jcj
Adds additional EC key corner case testing.
[c20364849713]
Differential Revision: https://phabricator.services.mozilla.com/D47805
--HG--
extra : moz-landing-system : lando
This patch sets the preference order for `TLS_CHACHA20_POLY1305_SHA256` over `TLS_AES_128_GCM_SHA256` for ARM builds.
As noted in the bug, this is far from an ideal way to do this. The implementation is purposefully simplistic so as to minimize any performance hit. If we want to accept doing this configuration for every new TLS connection, `SSL_CipherSuiteOrderGet` **will** return the pref-filtered (i.e. only the enabled) ciphers, but in the default NSS order. We would have to build a new list by referencing this output with another ordered list defined in PSM. If we want to leave NSS as-is (instead of offering a global reconfiguration API), we should do this.
Differential Revision: https://phabricator.services.mozilla.com/D47485
--HG--
extra : rebase_source : 0252cf321225cd644a463fd94561fd6af38b3837
extra : source : 4836c05dd2eee11bf9d836fb0505e77450b0651b
This patch sets the preference order for `TLS_CHACHA20_POLY1305_SHA256` over `TLS_AES_128_GCM_SHA256` for ARM builds.
As noted in the bug, this is far from an ideal way to do this. The implementation is purposefully simplistic so as to minimize any performance hit. If we want to accept doing this configuration for every new TLS connection, `SSL_CipherSuiteOrderGet` **will** return the pref-filtered (i.e. only the enabled) ciphers, but in the default NSS order. We would have to build a new list by referencing this output with another ordered list defined in PSM. If we want to leave NSS as-is (instead of offering a global reconfiguration API), we should do this.
Differential Revision: https://phabricator.services.mozilla.com/D47485
--HG--
extra : moz-landing-system : lando
2019-09-27 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h,
lib/softoken/pkcs11u.c:
Bug 1508776 - Remove unneeded refcounting from SFTKSession
r=mt,kjacobs
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that,
NSC_CloseSession can just call `sftk_DestroySession` directly and
leave `sftk_FreeSession` as a no-op to be removed in the future.
[5619cbbca3db] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D47631
--HG--
extra : moz-landing-system : lando
The intent of adding this pref is to allow us to change defaults for
security.tls.version.min for a progressive rollout of a TLS 1.0 and 1.1
deprecation. During that process, we'd like to offer the option to enable these
old TLS versions, without adding a pref override that would cause those versions
to remain enabled once we finish the rollout.
Those people who have triggered the override will be able to access TLS 1.0 and
1.1 sites until we eventually remove the code that respects this pref. What is
likely to happen is that this pref will remain in code past the end of our
rollout for part of a release cycle, plus maybe the next cycle depending on
how timing works out.
This pref is a simple boolean that we'll remove in March 2020.
Differential Revision: https://phabricator.services.mozilla.com/D45798
--HG--
extra : moz-landing-system : lando
The intent of adding this pref is to allow us to change defaults for
security.tls.version.min for a progressive rollout of a TLS 1.0 and 1.1
deprecation. During that process, we'd like to offer the option to enable these
old TLS versions, without adding a pref override that would cause those versions
to remain enabled once we finish the rollout.
Those people who have triggered the override will be able to access TLS 1.0 and
1.1 sites until we eventually remove the code that respects this pref. What is
likely to happen is that this pref will remain in code past the end of our
rollout for part of a release cycle, plus maybe the next cycle depending on
how timing works out.
This pref is a simple boolean that we'll remove in March 2020.
Differential Revision: https://phabricator.services.mozilla.com/D45798
--HG--
extra : moz-landing-system : lando
This patch makes the certificate authentication work with TransportSecurityInfo, so that it can be used for nsNSSSocketInfo and a quic's version of the security info class.
Also it adds a new AuthCertificateHookWithInfo function that will be called by Http3Session to authenticate certificates.
Differential Revision: https://phabricator.services.mozilla.com/D44064
--HG--
extra : moz-landing-system : lando
2019-09-23 Daiki Ueno <dueno@redhat.com>
* gtests/ssl_gtest/ssl_recordsize_unittest.cc, lib/ssl/ssl3con.c,
tests/tlsfuzzer/config.json.in, tests/tlsfuzzer/tlsfuzzer.sh:
Bug 1580286, account for IV size when checking TLS 1.2 records, r=mt
Summary: This increases the limit of record expansion by 16 so that
it doesn't reject maximum block padding when HMAC-SHA384 is used.
To test this, tlsfuzzer is updated to the latest version (commit
80d7932ead1d8dae6e555cfd2b1c4c5beb2847df).
Reviewers: mt
Reviewed By: mt
Bug #: 1580286
[03039d4fad57] [tip]
2019-09-20 Kai Engert <kaie@kuix.de>
* tests/smime/smime.sh:
Bug 1577448 - Create additional nested S/MIME test messages for
Thunderbird. r=jcj
[57977ceea00e]
2019-09-19 Kai Engert <kaie@kuix.de>
* automation/taskcluster/docker-gcc-4.4/Dockerfile,
automation/taskcluster/graph/src/try_syntax.js,
automation/taskcluster/scripts/build.sh,
automation/taskcluster/scripts/build_gyp.sh,
automation/taskcluster/scripts/build_nspr.sh,
automation/taskcluster/scripts/check_abi.sh,
automation/taskcluster/scripts/gen_coverage_report.sh,
automation/taskcluster/scripts/run_coverity.sh,
automation/taskcluster/scripts/run_scan_build.sh,
automation/taskcluster/windows/build.sh,
automation/taskcluster/windows/build_gyp.sh:
Bug 1399095 - Allow nss-try to be used to test NSPR changes.
r=kjacobs
[6e1a8a7cb469]
2019-09-16 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_cipherorder_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, lib/ssl/ssl3con.c, lib/ssl/sslexp.h,
lib/ssl/sslsock.c:
Bug 1267894 - New functions for CipherSuites Ordering and gtests.
r=jcj,kjacobs,mt
Created two new experimental functions which permit the caller
change the default order of CipherSuites used during the handshake.
[2deb38fc1d68]
2019-09-18 Christian Weisgerber <naddy@mips.inka.de>
* tests/policy/policy.sh, tests/ssl/ssl.sh:
Bug 1581507 - Fix unportable grep expression in test scripts
r=marcusburghardt
[edc1e405afa4]
2019-09-18 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/jar/jarfile.c:
Bug 1234830 - [CID 1242894][CID 1242852] unused values.
r=kaie,r=kjacobs
[b6d3f5c95aad]
2019-09-18 Kai Engert <kaie@kuix.de>
* cmd/symkeyutil/symkeyutil.c:
Bug 1581759 - fix incorrect if condition in symkeyutil. r=kjacobs
[306550105228]
Differential Revision: https://phabricator.services.mozilla.com/D46967
--HG--
extra : moz-landing-system : lando
Most of these tests have been disabled for a long time; they run well
in the current test environment.
Differential Revision: https://phabricator.services.mozilla.com/D46642
--HG--
extra : moz-landing-system : lando
Using left shift on a uint8_t promotes it to a signed integer. If the shift is
large enough that the sign bit gets affected, we have undefined behavior. This
patch fixes this by first casting to uint32_t.
Differential Revision: https://phabricator.services.mozilla.com/D46820
--HG--
extra : moz-landing-system : lando