```
2021-07-24 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* doc/rst/build_artifacts.rst, doc/rst/community.rst,
doc/rst/getting_started.rst, doc/rst/index.rst, doc/rst/more.rst,
doc/rst/releases/index.rst, doc/rst/releases/nss_3_64.rst,
doc/rst/releases/nss_3_65.rst, doc/rst/releases/nss_3_66.rst,
doc/rst/releases/nss_3_67.rst, doc/rst/releases/nss_3_68.rst:
Documentation: update and release notes for NSS 3.64 to 3.68
[e9236397be13] [tip]
2021-07-20 Robert Relyea <rrelyea@redhat.com>
* gtests/ssl_gtest/nss_policy.h,
gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h:
Bug 1720235 SSL handling of signature algorithms ignores
environmental invalid algorithms.
Our QA is quite extensive on handling of alert corner cases. Our
code that checks if a signature algorithm is supported ignores the
role of policy. If SHA1 is turned off by policy, for instance, we
only detect that late in the game. This shows up in our test cases
as decrypt_alerts rather than illegal_parameter or handshake_error
alerts. It also shows up in us apparently accepting a client auth
request which only has invalid alerts.
We also don't handle filtering out signature algorithms that are
illegal in tls 13 mode.
This patch not only fixes these issues, but also issues where we
proposing signature algorithms in server mode that we don't support
by policy.
This patch includes:
In gtests: 1) adding support for policy in ssl_gtests. Currently
both the server an client will run with the same policy. The patch
allows us to set policy on one and keeping the old policy on the
other.
2) Update extension tests which failed in tls 1.3 because the patch
now correctly rejects illegal tls 1.3 auth values. The test was
updated to use a legal auth value in tls 1.3 (so we are correctly
testing the format issue.
3) Update extension tests to handle the case where we try to use an
illegal value for tls 1.3.
4) add tests to ssl_auth_unittests.cc to make sure we can properly
connect even when several auth methods are turned off by policy
(make sure we don't advertize them on the client side, and that the
server doesn't select them when the client doesn't advertize them).
5) add tests to ssl_auth_unittests.cc to make sure we don't send
empty client auth requests when the requester only sends invalid
auth requests.
patch itself: 1) The handling of policy checks for ssl schemes were
scattered in various locations. I've consolidated them into a single
function. That function now checks for NSS_ALG_USE_IN_ANY_SIGNATURE
as if this is off by policy, we will fail if we try to use the
algorithm in a signature in any case. NSS now supports policy on all
signature algorithms, not just DSA, so we need to check the policy
of all the algorithms.
2) to support the policy check on the signature algorithms, I added
a new ssl_AuthTypeToOID, which also replaces our switch in checking
if the SPKI matches our auth type.
3) ssl_SignatureSchemeValid now accepts an spkiOid of
SEC_OID_UNKNOWN. To allow us to filter signature schemes based on
version and policy restrictions before we try to select a
certificate. This prevents us from sending empty client auth
messages when we are presented with only invalid signature schemes.
4) We filter supported algorithms against policy early, preventing
us from sending, or even setting invalid algorithms if they are
turned off by policy.
5) ssl ConsumeSignatureScheme was handling alerts inconsistently.
The Consume could send an allert in it's failure case, but the check
of scheme validity wouldn't sent an alert. The collers were
inconstent as well. Now ssl_ConsumeSignatureScheme always sends and
alert on failure, and the callers do not.
[c71bb1bedf7d]
```
Differential Revision: https://phabricator.services.mozilla.com/D120787
```
2021-07-22 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* doc/rst/index.rst:
Display warning on the new NSS documentation
[8f41147c2192] [tip]
2021-07-20 Robert Relyea <rrelyea@redhat.com>
* lib/softoken/sdb.c:
Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss
failures.
https://sqlite.org/forum/info/42cf8e985bb051a2
sqlite is now permissive on opening a readonly file even if you ask
for the file to be opened R/W.
normally sqlite is very conservative in changing it's underlying
semantics, but evidently they chose convience over compatibility.
NSS now needs to check the file permissions itself to preserve nss
semantics.
[f2d34a957599]
2021-07-15 Robert Relyea <rrelyea@redhat.com>
* tests/common/init.sh, tests/common/parsegtestreport.sed,
tests/common/parsegtestreport.sh, tests/gtests/gtests.sh,
tests/ssl_gtests/ssl_gtests.sh:
Bug 1720230 Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
This patch includes the updated .sed script, and an experiment using
bash instead to see how hard it would be to make a more robust
parser.
The robust parser generates identical output as sed, but takes about
30x longer, so instead of subsecond operations, it takes almost half
a minute. With that result, I think we can stay with sed and
continue to update when we get new versions of gtests. (sigh).
time cat report.xml.0 | sed -f parsegtestreport.sed > r1
real 0m0.710s user 0m0.705s sys 0m0.008s
time cat report.xml.0 | sh parsegtestreport.sh > r2
real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost
common]$ diff r1 r2
updated: with review comments from Martin and move the report
parsing to the common code so it can be shared with both ssl_gtests
and gtests shell scripts.
[f12856d5d2c2]
2021-07-13 Robert Relyea <rrelyea@redhat.com>
* gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
lib/softoken/sftkdhverify.c:
Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS
mode
When NSS is in FIPS mode, it should reject all primes smaller than
2048. The ike 1536 prime is in the accepted primes table. In FIPS
mode it should be rejected.
[d2ec946e601a]
2021-07-15 Robert Relyea <rrelyea@redhat.com>
* cmd/manifest.mn, cmd/sdbthreadtst/Makefile,
cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c,
cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c,
lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh:
Bug 1720232 SQLite calls could timeout in starvation situations.
Some of our servers could cause random failures when trying to
generate many key pairs from multiple threads. This is caused
because some threads would starve long enough for them to give up on
getting a begin transaction on sqlite. sqlite only allows one
transaction at a time.
Also, there were some bugs in error handling of the broken
transaction case where NSS would try to cancel a transation after
the begin failed (most cases were correct, but one case in
particular was problematic).
[b54b0d41e51b]
2021-07-13 Robert Relyea <rrelyea@redhat.com>
* lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c,
lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c,
lib/softoken/sftkike.c:
Bug 1720225 Coverity/cpp scanner errors found in nss 3.67
A number of coverity/scanner issues were found in the kdf code which
was added in nss 3.44 and the fixes never upstreamed, as well as
coverity/scanner errors in nss 3.66. Not all errors were fixed,
those errors which were determined to be false positives were just
recorded. No attempt has been made to fix coverity/scanner errors in
gtests.
[d1b9709d8861]
```
Differential Revision: https://phabricator.services.mozilla.com/D120624
```
2021-07-22 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* doc/rst/index.rst:
Display warning on the new NSS documentation
[8f41147c2192] [tip]
2021-07-20 Robert Relyea <rrelyea@redhat.com>
* lib/softoken/sdb.c:
Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss
failures.
https://sqlite.org/forum/info/42cf8e985bb051a2
sqlite is now permissive on opening a readonly file even if you ask
for the file to be opened R/W.
normally sqlite is very conservative in changing it's underlying
semantics, but evidently they chose convience over compatibility.
NSS now needs to check the file permissions itself to preserve nss
semantics.
[f2d34a957599]
2021-07-15 Robert Relyea <rrelyea@redhat.com>
* tests/common/init.sh, tests/common/parsegtestreport.sed,
tests/common/parsegtestreport.sh, tests/gtests/gtests.sh,
tests/ssl_gtests/ssl_gtests.sh:
Bug 1720230 Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
This patch includes the updated .sed script, and an experiment using
bash instead to see how hard it would be to make a more robust
parser.
The robust parser generates identical output as sed, but takes about
30x longer, so instead of subsecond operations, it takes almost half
a minute. With that result, I think we can stay with sed and
continue to update when we get new versions of gtests. (sigh).
time cat report.xml.0 | sed -f parsegtestreport.sed > r1
real 0m0.710s user 0m0.705s sys 0m0.008s
time cat report.xml.0 | sh parsegtestreport.sh > r2
real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost
common]$ diff r1 r2
updated: with review comments from Martin and move the report
parsing to the common code so it can be shared with both ssl_gtests
and gtests shell scripts.
[f12856d5d2c2]
2021-07-13 Robert Relyea <rrelyea@redhat.com>
* gtests/softoken_gtest/softoken_dh_vectors.h, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
lib/softoken/sftkdhverify.c:
Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS
mode
When NSS is in FIPS mode, it should reject all primes smaller than
2048. The ike 1536 prime is in the accepted primes table. In FIPS
mode it should be rejected.
[d2ec946e601a]
2021-07-15 Robert Relyea <rrelyea@redhat.com>
* cmd/manifest.mn, cmd/sdbthreadtst/Makefile,
cmd/sdbthreadtst/manifest.mn, cmd/sdbthreadtst/sdbthreadtst.c,
cmd/sdbthreadtst/sdbthreadtst.gyp, lib/softoken/sdb.c,
lib/softoken/sftkdb.c, nss.gyp, tests/dbtests/dbtests.sh:
Bug 1720232 SQLite calls could timeout in starvation situations.
Some of our servers could cause random failures when trying to
generate many key pairs from multiple threads. This is caused
because some threads would starve long enough for them to give up on
getting a begin transaction on sqlite. sqlite only allows one
transaction at a time.
Also, there were some bugs in error handling of the broken
transaction case where NSS would try to cancel a transation after
the begin failed (most cases were correct, but one case in
particular was problematic).
[b54b0d41e51b]
2021-07-13 Robert Relyea <rrelyea@redhat.com>
* lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11hpke.c,
lib/softoken/kbkdf.c, lib/softoken/sftkhmac.c,
lib/softoken/sftkike.c:
Bug 1720225 Coverity/cpp scanner errors found in nss 3.67
A number of coverity/scanner issues were found in the kdf code which
was added in nss 3.44 and the fixes never upstreamed, as well as
coverity/scanner errors in nss 3.66. Not all errors were fixed,
those errors which were determined to be false positives were just
recorded. No attempt has been made to fix coverity/scanner errors in
gtests.
[d1b9709d8861]
```
Differential Revision: https://phabricator.services.mozilla.com/D120624
This step removes all the dependencies of mach commands to
having a MachCommandBase as the `self` by using the `command_context`
argument instead. This also removes any remaining statefulness from those
classes that implement mach commands, ultimately making it easier to move
existing commands out of classes in a follow-up.
Differential Revision: https://phabricator.services.mozilla.com/D118058
This step removes all the dependencies of mach commands to
having a MachCommandBase as the `self` by using the `command_context`
argument instead. This also removes any remaining statefulness from those
classes that implement mach commands, ultimately making it easier to move
existing commands out of classes in a follow-up.
Differential Revision: https://phabricator.services.mozilla.com/D118058
This patch updates the remembered client authentication decision tab of the
certificate manager to gracefully handle cases where a certificate
corresponding to a remembered decision has been deleted from the user's
certificate store or if it lives on a token that has been removed.
Differential Revision: https://phabricator.services.mozilla.com/D119794
This patch also includes unit tests for this + previous untested cases
(bug 1713628, bug 1267318 and bug 1548973).
The tool to generate the test cases (zip files) has also been updated
because it has been broken by changes from bug 1699294.
Differential Revision: https://phabricator.services.mozilla.com/D119802
mozilla-central has some imported files of build_config.h from Chromium.
Actually although they doesn't have riscv64 defines yet, I would like to
add it to build Firefox for riscv64.
Differential Revision: https://phabricator.services.mozilla.com/D119051
Currently we return an error when creating a WebGL context in headless
mode, but our WebGL implementation renders to an offscreen context, so
in theory it could work normally in a headless browser, and in practice
it already does work on some OSes. This patch removes that check; the
attempt to use GL may fail, in which case we'll return an error to
content.
The main purpose of this patch is to run content processes with headless
mode set in an otherwise non-headless browser, but it should also be
useful for fully headless mode. Comments in bug NNNNNNN indicate that
this change should be sufficient for headless WebGL on Windows and MacOS,
although it may not have been extensively tested.
Linux is more complicated. The EGL/X11 backend manages its own
connection to the X server (indirectly via the EGL library); a later
patch in this series allows doing that in GLX mode as well. Our Wayland
support can't do this yet, but it should be possible.
This patch also modifies the Linux sandbox policy so that content
processes can connect to a local X server (via the file broker) even when
the parent process is in headless mode.
Differential Revision: https://phabricator.services.mozilla.com/D118721