2019-10-03 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary.
r=jcj
ECB mode should not require an IV.
[dc86215aea17] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
Bug 1576307 - Check mechanism param and param length before casting
to mechanism-specific structs. r=jcj
This patch adds missing PKCS11 input parameter checks, which are
needed prior to casting to mechanism-specific structs.
[53d92a324080]
Differential Revision: https://phabricator.services.mozilla.com/D48109
--HG--
extra : moz-landing-system : lando
2019-10-01 Kevin Jacobs <kjacobs@mozilla.com>
* lib/softoken/pkcs11c.c:
Bug 1577953 - Support longer (up to RFC maximum) HKDF outputs r=jcj
HKDF-Expand enforces a maximum output length much shorter than
stated in the RFC. This patch aligns the implementation with the RFC
by allocating more output space when necessary.
[c0913ad7a560] [tip]
2019-09-30 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/curve25519-vectors.h,
gtests/pk11_gtest/pk11_curve25519_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_unittest.cc,
gtests/pk11_gtest/pk11_ecdsa_vectors.h,
gtests/pk11_gtest/pk11_signature_test.h:
Bug 1558234 - Additional EC key tests, r=jcj
Adds additional EC key corner case testing.
[c20364849713]
Differential Revision: https://phabricator.services.mozilla.com/D47805
--HG--
extra : moz-landing-system : lando
This patch sets the preference order for `TLS_CHACHA20_POLY1305_SHA256` over `TLS_AES_128_GCM_SHA256` for ARM builds.
As noted in the bug, this is far from an ideal way to do this. The implementation is purposefully simplistic so as to minimize any performance hit. If we want to accept doing this configuration for every new TLS connection, `SSL_CipherSuiteOrderGet` **will** return the pref-filtered (i.e. only the enabled) ciphers, but in the default NSS order. We would have to build a new list by referencing this output with another ordered list defined in PSM. If we want to leave NSS as-is (instead of offering a global reconfiguration API), we should do this.
Differential Revision: https://phabricator.services.mozilla.com/D47485
--HG--
extra : rebase_source : 0252cf321225cd644a463fd94561fd6af38b3837
extra : source : 4836c05dd2eee11bf9d836fb0505e77450b0651b
This patch sets the preference order for `TLS_CHACHA20_POLY1305_SHA256` over `TLS_AES_128_GCM_SHA256` for ARM builds.
As noted in the bug, this is far from an ideal way to do this. The implementation is purposefully simplistic so as to minimize any performance hit. If we want to accept doing this configuration for every new TLS connection, `SSL_CipherSuiteOrderGet` **will** return the pref-filtered (i.e. only the enabled) ciphers, but in the default NSS order. We would have to build a new list by referencing this output with another ordered list defined in PSM. If we want to leave NSS as-is (instead of offering a global reconfiguration API), we should do this.
Differential Revision: https://phabricator.services.mozilla.com/D47485
--HG--
extra : moz-landing-system : lando
2019-09-27 J.C. Jones <jjones@mozilla.com>
* lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h,
lib/softoken/pkcs11u.c:
Bug 1508776 - Remove unneeded refcounting from SFTKSession
r=mt,kjacobs
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that,
NSC_CloseSession can just call `sftk_DestroySession` directly and
leave `sftk_FreeSession` as a no-op to be removed in the future.
[5619cbbca3db] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D47631
--HG--
extra : moz-landing-system : lando
The intent of adding this pref is to allow us to change defaults for
security.tls.version.min for a progressive rollout of a TLS 1.0 and 1.1
deprecation. During that process, we'd like to offer the option to enable these
old TLS versions, without adding a pref override that would cause those versions
to remain enabled once we finish the rollout.
Those people who have triggered the override will be able to access TLS 1.0 and
1.1 sites until we eventually remove the code that respects this pref. What is
likely to happen is that this pref will remain in code past the end of our
rollout for part of a release cycle, plus maybe the next cycle depending on
how timing works out.
This pref is a simple boolean that we'll remove in March 2020.
Differential Revision: https://phabricator.services.mozilla.com/D45798
--HG--
extra : moz-landing-system : lando
The intent of adding this pref is to allow us to change defaults for
security.tls.version.min for a progressive rollout of a TLS 1.0 and 1.1
deprecation. During that process, we'd like to offer the option to enable these
old TLS versions, without adding a pref override that would cause those versions
to remain enabled once we finish the rollout.
Those people who have triggered the override will be able to access TLS 1.0 and
1.1 sites until we eventually remove the code that respects this pref. What is
likely to happen is that this pref will remain in code past the end of our
rollout for part of a release cycle, plus maybe the next cycle depending on
how timing works out.
This pref is a simple boolean that we'll remove in March 2020.
Differential Revision: https://phabricator.services.mozilla.com/D45798
--HG--
extra : moz-landing-system : lando
This patch makes the certificate authentication work with TransportSecurityInfo, so that it can be used for nsNSSSocketInfo and a quic's version of the security info class.
Also it adds a new AuthCertificateHookWithInfo function that will be called by Http3Session to authenticate certificates.
Differential Revision: https://phabricator.services.mozilla.com/D44064
--HG--
extra : moz-landing-system : lando
2019-09-23 Daiki Ueno <dueno@redhat.com>
* gtests/ssl_gtest/ssl_recordsize_unittest.cc, lib/ssl/ssl3con.c,
tests/tlsfuzzer/config.json.in, tests/tlsfuzzer/tlsfuzzer.sh:
Bug 1580286, account for IV size when checking TLS 1.2 records, r=mt
Summary: This increases the limit of record expansion by 16 so that
it doesn't reject maximum block padding when HMAC-SHA384 is used.
To test this, tlsfuzzer is updated to the latest version (commit
80d7932ead1d8dae6e555cfd2b1c4c5beb2847df).
Reviewers: mt
Reviewed By: mt
Bug #: 1580286
[03039d4fad57] [tip]
2019-09-20 Kai Engert <kaie@kuix.de>
* tests/smime/smime.sh:
Bug 1577448 - Create additional nested S/MIME test messages for
Thunderbird. r=jcj
[57977ceea00e]
2019-09-19 Kai Engert <kaie@kuix.de>
* automation/taskcluster/docker-gcc-4.4/Dockerfile,
automation/taskcluster/graph/src/try_syntax.js,
automation/taskcluster/scripts/build.sh,
automation/taskcluster/scripts/build_gyp.sh,
automation/taskcluster/scripts/build_nspr.sh,
automation/taskcluster/scripts/check_abi.sh,
automation/taskcluster/scripts/gen_coverage_report.sh,
automation/taskcluster/scripts/run_coverity.sh,
automation/taskcluster/scripts/run_scan_build.sh,
automation/taskcluster/windows/build.sh,
automation/taskcluster/windows/build_gyp.sh:
Bug 1399095 - Allow nss-try to be used to test NSPR changes.
r=kjacobs
[6e1a8a7cb469]
2019-09-16 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_cipherorder_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, lib/ssl/ssl3con.c, lib/ssl/sslexp.h,
lib/ssl/sslsock.c:
Bug 1267894 - New functions for CipherSuites Ordering and gtests.
r=jcj,kjacobs,mt
Created two new experimental functions which permit the caller
change the default order of CipherSuites used during the handshake.
[2deb38fc1d68]
2019-09-18 Christian Weisgerber <naddy@mips.inka.de>
* tests/policy/policy.sh, tests/ssl/ssl.sh:
Bug 1581507 - Fix unportable grep expression in test scripts
r=marcusburghardt
[edc1e405afa4]
2019-09-18 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/jar/jarfile.c:
Bug 1234830 - [CID 1242894][CID 1242852] unused values.
r=kaie,r=kjacobs
[b6d3f5c95aad]
2019-09-18 Kai Engert <kaie@kuix.de>
* cmd/symkeyutil/symkeyutil.c:
Bug 1581759 - fix incorrect if condition in symkeyutil. r=kjacobs
[306550105228]
Differential Revision: https://phabricator.services.mozilla.com/D46967
--HG--
extra : moz-landing-system : lando
Most of these tests have been disabled for a long time; they run well
in the current test environment.
Differential Revision: https://phabricator.services.mozilla.com/D46642
--HG--
extra : moz-landing-system : lando
Using left shift on a uint8_t promotes it to a signed integer. If the shift is
large enough that the sign bit gets affected, we have undefined behavior. This
patch fixes this by first casting to uint32_t.
Differential Revision: https://phabricator.services.mozilla.com/D46820
--HG--
extra : moz-landing-system : lando
CERT_FindUserCertsByUsage is inefficient when the corpus of known certificates
consists mostly of certificates that don't have corresponding private keys,
which is expected to be the case for most Firefox users. This change updates
the "does the user have any client certificates" functionality to use the more
efficient "FindNonCACertificatesWithPrivateKeys" function added in bug 1573542.
Differential Revision: https://phabricator.services.mozilla.com/D46499
--HG--
extra : moz-landing-system : lando
Before this patch, Firefox would call CERT_FindUserCertsByUsage to gather all
known client certificates. This function enumerates all known certificates and
filters some of them out. When there are many certificates that are not client
certificates (e.g. roots and intermediates), this is inefficient. Since this is
likely to be the case for most users, this patch optimizes this task by instead
first searching for private keys and then gathering all certificates that have
corresponding public keys.
Differential Revision: https://phabricator.services.mozilla.com/D46187
--HG--
extra : moz-landing-system : lando
2019-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/derprint.c:
Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj
Check for pointer wrap on output-length check in the derdump
utility.
[a3ee4f26b4c1] [tip]
2019-09-18 Giulio Benetti <giulio.benetti@micronovasrl.com>
* lib/freebl/gcm-aarch64.c:
Bug 1580126 - Fix build failure on aarch64_be while building
freebl/gcm r=kjacobs
Build failure is caused by different #ifdef conditions in gcm.c and
gcm-aarch64.c that leads to double declaration of the same gcm_*
functions.
Fix #ifdef condition in gcm-aarch64.c making it the same as the one
in gcm.c.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[fa0d958de0c3]
2019-09-17 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/extend.js:
Bug 1385039 - Build NSPR tests as part of NSS continuous
integration. r=kjacobs
[cc97f1a93038]
2019-09-17 Landry Breuil <landry@openbsd.org>
* lib/freebl/Makefile:
Bug 1581391 - include gcm-aarch64 on all unices, not only linux
r=kjacobs
[e7b4f293fa4e]
2019-09-17 Martin Thomson <mt@lowentropy.net>
* mach:
Bug 1581041 - Rename mach-commands to mach-completion, r=jcj
This means that we can point our completion at the gecko one.
[bc91272fcbdc]
2019-09-16 Jenine <jenine_c@outlook.com>
* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
r=marcusburghardt
[4569b745f74e]
2019-09-13 Daiki Ueno <dueno@redhat.com>
* lib/certhigh/certvfy.c:
Bug 1542207, fix policy check on signature algorithms, r=rrelyea
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1542207
[ed8a41d16c1c]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[c66dd879d16a]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* automation/taskcluster/graph/src/queue.js:
Bug 1579290 - Disable LSAN during builds, r=ueno
Summary: See the bug description for details.
[f28f3d7b7cf0]
2019-09-13 Kai Engert <kaie@kuix.de>
* Makefile, build.sh, coreconf/nspr.sh, help.txt:
Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
build/run NSPR tests. r=jcj
[8b4a226f7d23]
2019-09-11 Kai Engert <kaie@kuix.de>
* nss.gyp:
Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
[1fe61aadaf57]
2019-09-10 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/pk12util/pk12util.c:
Bug 1579036 - Define error when trying to export non-existent cert
with pk12util. r=jcj
[65ab97f03c89]
2019-09-04 Martin Thomson <mt@lowentropy.net>
* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
Bug 1578626 - Remove undefined nullptr decrement, r=keeler
Summary: This uses uintptr_t to avoid the worst. It still looks
terrible and might trip static analysis warnings, but the
reinterpret_cast should hide that.
This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
an assertion so that we'll at least fail the test on those systems.
(We could use GTEST_SKIP instead, but we don't have that in the
version of gtest that we use.)
Reviewers: keeler
Tags: #secure-revision
Bug #: 1578626
[d2485b1c997e]
2019-09-05 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1578751 - Ensure a consistent style for
pk11_find_certs_unittest.cc. r=jcj
Adjusted the style and clang-format after the changes in some var
names.
[e95fee7f59e5]
Differential Revision: https://phabricator.services.mozilla.com/D46246
--HG--
extra : moz-landing-system : lando