2020-05-29 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.53 final
[7e453a5afcb4] [NSS_3_53_RTM] <NSS_3_53_BRANCH>
2020-05-28 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_53_BETA2 for changeset 8fe22033a88e
[90c954f62c9d]
Differential Revision: https://phabricator.services.mozilla.com/D77555
To implement filtering client certificates by the acceptable CAs list sent by
servers when they request client certificates, we need the CAs that issued the
client certificates. To that end, this change modifies the macOS backend of
the osclientcerts module to also gather issuing CAs while looking for client
certificates. These certificates will not affect trust decisions in gecko.
Differential Revision: https://phabricator.services.mozilla.com/D74985
There's no use case for stateful comparators, so they can be just plain
function pointers.
This is used in some hot places like CSS selector matching.
Differential Revision: https://phabricator.services.mozilla.com/D77084
This is mostly changes to handle retrieving the security state asynchronously via the parent process, needing lots of async/await additions.
It also removes the docshell mixed content flag checks (which don't seem to be used in code, only tests), which are mostly still covered by checks of the security UI.
Differential Revision: https://phabricator.services.mozilla.com/D75448
This removes all docshell nsISecureBrowserUI and mixed content properties, and moves them into CanonicalBrowsingContext/WindowGlobalParent. It makes the mixed content blocker just compute the state for the current load, and then send the results to the parent process, where we update the security state accordingly.
I think we could in the future remove onSecurityChange entirely, and instead just fire an event to the <browser> element notifying it of changes to the queryable securityUI.
Unfortunately we have a lot of existing code that depends on specific ordering between onSecurityChange and onLocationChange, so I had to hook into the RemoteWebProgress implementation in BrowserParent to mimic the same timings.
Differential Revision: https://phabricator.services.mozilla.com/D75447
This is mostly changes to handle retrieving the security state asynchronously via the parent process, needing lots of async/await additions.
It also removes the docshell mixed content flag checks (which don't seem to be used in code, only tests), which are mostly still covered by checks of the security UI.
Differential Revision: https://phabricator.services.mozilla.com/D75448
This removes all docshell nsISecureBrowserUI and mixed content properties, and moves them into CanonicalBrowsingContext/WindowGlobalParent. It makes the mixed content blocker just compute the state for the current load, and then send the results to the parent process, where we update the security state accordingly.
I think we could in the future remove onSecurityChange entirely, and instead just fire an event to the <browser> element notifying it of changes to the queryable securityUI.
Unfortunately we have a lot of existing code that depends on specific ordering between onSecurityChange and onLocationChange, so I had to hook into the RemoteWebProgress implementation in BrowserParent to mimic the same timings.
Differential Revision: https://phabricator.services.mozilla.com/D75447
We have evidence that some sites have disabled ciphersuites with SHA-1-based
MACs due to attacks against SHA-1 (disregarding the fact that these attacks
don't necessarily apply to HMAC-SHA-1) while still relying on RSA key exchange.
Before this patch, PSM did not enable any ciphersuites with RSA key exchange
and non-SHA-1-based MACs. Consequently, Firefox would be unable to connect to
these sites while other browsers would.
This patch enables TLS_RSA_WITH_AES_128_GCM_SHA256 and
TLS_RSA_WITH_AES_256_GCM_SHA384, which are the only two ciphersuites (other
than grease) that Chrome enables that Firefox did not (before this patch).
Differential Revision: https://phabricator.services.mozilla.com/D76543
2020-05-22 J.C. Jones <jjones@mozilla.com>
* lib/freebl/altivec-types.h, lib/freebl/ppc-crypto.h:
Bug 1629414 - Guard USE_PPC_CRYPTO and VSX types with __VSX__ and
__ALTIVEC__ r=kjacobs
This avoids build errors on non-VSX architectures even when not
compiling the POWER accelerated code.
[c7a1c91cd9be] [tip]
2020-05-21 Jeff Walden <jwalden@mit.edu>
* lib/freebl/aes-x86.c:
Bug 1639033 - Use unsigned int for a loop counter to eliminate a
signed-unsigned comparison warning in aes-x86.c. r=kjacobs
Depends on D75847
[e23fe363fa05]
* lib/freebl/ec.c:
Bug 1639033 - Used unsigned int instead of int in a few places in
ec.c to eliminate signed-unsigned comparison warnings. r=kjacobs
Depends on D75846
[0d778b0e778f]
* lib/freebl/cmac.c:
Bug 1639033 - Use unsigned int rather than int for two variables to
eliminate a bunch of signed-unsigned comparison warnings. r=kjacobs
Depends on D75845
[df5c8f6430a0]
* lib/freebl/mpi/mplogic.c, lib/freebl/mpi/mplogic.h:
Bug 1639033 - Use unsigned int for various count variables in
mplogic.c to eliminate signed-unsigned comparison warnings.
r=kjacobs
Depends on D75844
[ce5b8b7e010c]
* lib/freebl/aeskeywrap.c:
Bug 1639033 - Use size_t for loops up to sizeof(T) in aeskeywrap.c
to eliminate some signed-comparison warnings. r=kjacobs
Depends on D75843
[563a7cd7484b]
* lib/softoken/pkcs11i.h, lib/softoken/sftkike.c:
Bug 1639033 - Change +sftk_xcbc_mac_pad's block-size argument to be
unsigned int to avoid sign-comparison warnings. r=kjacobs
Depends on D75842
[a5f80d0805ca]
2020-05-22 Jeff Walden <jwalden@mit.edu>
* lib/jar/jar.c:
Bug 1639033 - Use the jarType enum type, not int, for certain
variables and arguments in jar.c -- for greater precision, and to
avoid sign-comparison warnings. r=kjacobs
Depends on D75841
[e65dd5c2cf86]
2020-05-19 Jeff Walden <jwalden@mit.edu>
* lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h:
Bug 1639033 - Make all |moduleIndex| variables in pkcs11.c be
unsigned, to eliminate a -Wsign-compare warning. r=kjacobs
Depends on D75840
[6512178a58f5]
* cmd/lib/basicutil.c:
Bug 1639033 - Fix signed-unsigned comparison warning in basicutil.c.
r=kjacobs
[98390eef50a1]
2020-05-22 Martin Thomson <mt@lowentropy.net>
* lib/ssl/sslencode.c:
Bug 1640041 - Don't memcpy nothing, r=jcj
Depends on D76421
[8d7c96ab80a7]
* lib/ssl/sslsock.c:
Bug 1640042 - Don't memcpy nothing, r=jcj
[1a634da46b87]
* gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_recordsep_unittest.cc,
gtests/ssl_gtest/tls_connect.cc, lib/ssl/ssl.h, lib/ssl/ssl3gthr.c,
lib/ssl/sslimpl.h, lib/ssl/sslsock.c, lib/ssl/tls13con.c:
Bug 1639413 - Option to disable TLS 1.3 EndOfEarlyData message,
r=kjacobs
This adds the ability to disable EndOfEarlyData.
On the client this is relatively simple, you just turn the message
off.
The server is complicated because the server uses this to drive the
installation of the right keys. Without it, things get very messy.
Thus, I have decided that this is best left to the
SSL_RecordLayerData interface. That needs an ugly hack in order to
let the new data to pass, but the damage is otherwise relatively
minor, apart from one obvious thing.
We never really built the SSL_RecordLayerData API to take
application data. It only did that to support testing of the
functions. Now that we have to deal with this new wrinkle, adding
support for 0-RTT is necessary. This change does that. That requires
a barrage of new checks to see if application data is acceptable.
And then early data is captured in a completely different way, which
adds another layer of awfulness.
Note that this exposes us to the possibility that Certificate or
Finished are received in early data when using SSL_RecordLayerData
and this option. I don't think that fixing that is worthwhile as it
requires tracking the epoch of handshake messages separate to
ss->ssl3.crSpec and the epoch only really exists on that API so that
applications don't accidentally do bad things. In QUIC, we
specifically block handshake messages in early data, so we have
ample protection.
[10325739e149]
Differential Revision: https://phabricator.services.mozilla.com/D76572
This matches how the `Dispatch(already_AddRefed<nsIRunnable>)`
overloads work in C++: `Dispatch` takes ownership of the runnable, and
leaks it if dispatch fails—because the thread manager is shutting down,
for instance. This avoids a race where a runnable can be released on
either the owning or target thread.
Rust doesn't allow arbitrary `Self` types yet (see
rust-lang/rust#44874), so we need to change `dispatch` and
`dispatch_with_options` to be associated methods.
Differential Revision: https://phabricator.services.mozilla.com/D75858
This function ought to be declared by `winapi`, but is not, for whatever
reason. However, its definition is stable enough that we can just
declare it inline rather than invoking bindgen every single build (and
unnecessarily compiling a build script on non-windows platforms) to
discover its definition for us.
Differential Revision: https://phabricator.services.mozilla.com/D76015
2020-05-19 Robert Relyea <rrelyea@redhat.com>
* lib/freebl/dsa.c:
Bug 1631576 - Force a fixed length for DSA exponentiation
r=pereida,bbrumley
[daa823a4a29b] [tip]
2020-05-14 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/freebl/Makefile, lib/freebl/deprecated/seed.c,
lib/freebl/deprecated/seed.h, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/seed.c, lib/freebl/seed.h:
Bug 1636389 - Relocate deprecated seed algorithm. r=kjacobs
[d2cfb4ccdf16]
2020-05-14 Jan-Marek Glogowski <glogow@fbihome.de>
* automation/taskcluster/scripts/split.sh, lib/Makefile,
lib/manifest.mn:
Bug 1637083 fix the lib dependencies for the split build
r=jcj,rrelyea
This build can be tested by running NSS_BUILD_MODULAR=1
nss/automation/taskcluster/scripts/build.sh from a directory
containing the nss and nspr repositories.
To make this build's make conditionals easier to handle, it also
merges the manifest.mn into the Makefile, because parts of the
conditionals depends on $(OS_ARCH) setting.
In the end, the goal is just to set the correct build $(DIRS).
This also drops the freebl dependeny of ssl, which seems not to be
needed, even if it's declared in /lib/ssl/ssl.gyp.
[789d7241e1f0]
2020-05-13 Jan-Marek Glogowski <glogow@fbihome.de>
* coreconf/rules.mk, lib/ckfw/builtins/manifest.mn,
lib/ckfw/manifest.mn, manifest.mn:
Bug 1637083 Replace pre-dependency with shell hack r=rrelyea
Originally I tried multiple variants using make's conditionals to
limit DIRS and enforce building the parent directory before the sub-
directory. None of them worked for me, most resulting in an infinite
recursion, so I used the current pre-depends workaround to fulfill
the real dependency.
Now I remembered that automake can handle this case for SUBDIRS
specifying "." as a directory. The generated Makefile handles it via
shell scripting; not nice, but it works.
So this gets rid of the workaround, replacing it with a small shell
test.
[744881490c78]
Differential Revision: https://phabricator.services.mozilla.com/D76050