mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 17:25:36 +00:00
af0eae3289
4682 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
J.C. Jones
|
92f783423e |
Bug 1629594 - land NSS NSS_3_52_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-01 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.52 final [befc258c4336] [NSS_3_52_RTM] <NSS_3_52_BRANCH> 2020-04-30 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_52_BETA2 for changeset bb4462a16de8 [c5d002af1d61] Differential Revision: https://phabricator.services.mozilla.com/D73512 |
||
|
Ciure Andrei
|
1a902cc7ab | Backed out changeset ebe0bd6a038c (bug 1614053) for landing with the wrong bug# UPGRADE_NSS_RELEASE CLOSED TREE | ||
|
J.C. Jones
|
ed1c0b9f61 |
Bug 1614053 - land NSS NSS_3_52_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-05-01 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.52 final [befc258c4336] [NSS_3_52_RTM] <NSS_3_52_BRANCH> 2020-04-30 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_52_BETA2 for changeset bb4462a16de8 [c5d002af1d61] Differential Revision: https://phabricator.services.mozilla.com/D73512 |
||
|
Kevin Jacobs
|
a1a7ac61e5 |
Bug 1629594 - land NSS NSS_3_52_BETA2 UPGRADE_NSS_RELEASE, r=jcj
2020-04-30 zhujianwei7 <zhujianwei7@huawei.com> * lib/smime/cmssigdata.c: Bug 1630925 - Guard all instances of NSSCMSSignedData.signerInfos r=kjacobs [bb4462a16de8] [NSS_3_52_BETA2] 2020-04-30 Kevin Jacobs <kjacobs@mozilla.com> * gtests/pk11_gtest/pk11_seed_cbc_unittest.cc, lib/freebl/seed.c, lib/freebl/seed.h: Bug 1619959 - Properly handle multi-block SEED ECB inputs. r=bbeurdouche,jcj [d67517e92371] 2020-04-28 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_52_BETA1 for changeset 0b30eb1c3650 [11415c3334ab] 2020-04-24 Robert Relyea <rrelyea@redhat.com> * lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c: Bug 1571677 Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name r=mt This patch makes libpkix treat name contraints the same the NSS cert verifier. This proposal available for review for 9 months without objection. Time to make this official [0b30eb1c3650] [NSS_3_52_BETA1] 2020-04-27 Edouard Oger <eoger@fastmail.com> * lib/freebl/blinit.c: Bug 1633498 - Do not define getauxval on iOS targets. r=jcj [7b5e3b9fbc7d] 2020-04-27 Robert Relyea <rrelyea@redhat.com> * lib/softoken/sftkike.c: Bug |
||
|
Kevin Jacobs
|
e4e3559e1b |
Bug 1629594 - land NSS aae226c20dfd UPGRADE_NSS_RELEASE, r=jcj
2020-04-24 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/softoken_gtest/softoken_gtest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11pub.h, lib/softoken/sdb.c:
Bug 1612881 - Maintain PKCS11 C_GetAttributeValue semantics on
attributes that lack NSS database columns r=keeler,rrelyea
`sdb_GetAttributeValueNoLock` builds a query string from a list of
attributes in the input template. Unfortunately,
`sqlite3_prepare_v2` will fail the entire query if one of the
attributes is missing from the underlying table. The PKCS #11 spec
[[ https://www.cryptsoft.com/pkcs11doc/v220/pkcs11__all_8h.html#aC_G
etAttributeValue | requires ]] setting the output `ulValueLen` field
to -1 for such invalid attributes.
This patch reads and stores the columns of nssPublic/nssPrivate when
opened, then filters an input template in
`sdb_GetAttributeValueNoLock` for unbacked/invalid attributes,
removing them from the query and setting their template output
lengths to -1.
[aae226c20dfd] [tip]
2020-04-23 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/sslnonce.c:
Bug 1531906 - Relax ssl3_SetSIDSessionTicket assertions to permit
valid, evicted or externally-cached sids. r=mt
This patch relaxes an overzealous assertion for the case where: 1)
Two sockets start connections with a shared SID. 2) One receives an
empty session ticket in the SH, and evicts the SID from cache. 3)
The second socket receives a new session ticket, and attempts to set
it in the SID.
We currently assert that the sid is `in_client_cache` at 3), but
clearly it cannot be. The outstanding reference remains valid
despite the eviction.
This also solves a related assertion failure after
https://hg.mozilla.org/mozilla-central/rev/c5a8b641d905 where the
same scenario occurs, but instead of being `in_client_cache` or
evicted, the SID is `in_external_cache`.
[a68de0859582]
2020-04-16 Robert Relyea <rrelyea@redhat.com>
* gtests/common/testvectors/kwp-vectors.h,
gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_aeskeywrapkwp_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/freebl/aeskeywrap.c,
lib/freebl/blapi.h, lib/freebl/blapit.h, lib/freebl/hmacct.c,
lib/freebl/ldvector.c, lib/freebl/loader.c, lib/freebl/loader.h,
lib/pk11wrap/pk11mech.c, lib/softoken/lowpbe.c,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c, lib/ssl/ssl3con.c,
lib/util/secport.h:
Bug 1630721 Softoken Functions for FIPS missing r=mt
For FIPS we need the following:
1. NIST official Key padding for AES Key Wrap. 2. Combined
Hash/Sign mechanisms for DSA and ECDSA.
In the first case our AES_KEY_WRAP_PAD function addes pkcs8 padding
to the normal AES_KEY_WRAP, which is a different algorithm then the
padded key wrap specified by NIST. PKCS #11 recognized this and
created a special mechanism to handle NIST padding. That is why we
don't have industry test vectors for CKM_NSS_AES_KEY_WRAP_PAD. This
patch implements that NIST version (while maintaining our own). Also
PKCS #11 v3.0 specified PKCS #11 mechanism for AES_KEY_WRAP which
are compatible (semantically) with the NSS vendor specific versions,
but with non-vendor specific numbers. Softoken now accepts both
numbers.
This patch also updates softoken to handle DSA and ECDSA combined
hash algorithms other than just SHA1 (which is no longer validated).
Finally this patch uses the NIST KWP test vectors in new gtests for
the AES_KEY_WRAP_KWP wrapping algorithm.
As part of the AES_KEY_WRAP_KWP code, the Constant time macros have
been generalized and moved to secport. Old macros scattered
throughout the code have been deleted and existing contant time code
has been updated to use the new macros.
[3682d5ef3db5]
2020-04-21 Lauri Kasanen <cand@gmx.com>
* lib/freebl/Makefile, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/gcm.h, lib/freebl/ppc-
crypto.h, lib/freebl/scripts/LICENSE, lib/freebl/scripts/gen.sh,
lib/freebl/scripts/ppc-xlate.pl, lib/freebl/scripts/sha512p8-ppc.pl,
lib/freebl/sha512-p8.s, lib/freebl/sha512.c:
Bug 1613238 - POWER SHA-2 digest vector acceleration. r=jcj,kjacobs
[2d66bd9dcad4]
2020-04-18 Robert Relyea <rrelyea@redhat.com>
* coreconf/Linux.mk, coreconf/config.gypi, lib/softoken/sdb.c:
Bug
|
||
|
Kevin Jacobs
|
7d42f279f2 |
Bug 1629594 - land NSS 50dcc34d470d UPGRADE_NSS_RELEASE, r=jcj
2020-04-13 Kevin Jacobs <kjacobs@mozilla.com> * lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11load.c: Bug 1629105 - Update PKCS11 module debug logger for v3.0 r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70582 [50dcc34d470d] [tip] 2020-04-07 Robert Relyea <rrelyea@redhat.com> * lib/ckfw/builtins/testlib/Makefile: Bug 1465613 Fix gmake issue create by the patch which adds ability to distrust certificates issued after a certain date for a specified root cert r=jcj I've been trying to run down an issue I've been having, and I think this bug is the source. Whenever I build ('gmake' build), I get the following untracted files: ? lib/ckfw/builtins/testlib/anchor.o ? lib/ckfw/builtins/testlib/bfind.o ? lib/ckfw/builtins/testlib/binst.o ? lib/ckfw/builtins/testlib/bobject.o ? lib/ckfw/builtins/testlib/bsession.o ? lib/ckfw/builtins/testlib/bslot.o ? lib/ckfw/builtins/testlib/btoken.o ? lib/ckfw/builtins/testlib/ckbiver.o ? lib/ckfw/builtins/testlib/constants.o This is because of the way lib/ckfw/builtins/testlib works, it uses the sources from the directory below, and explicitly reference them with ../{source_name}.c. The object file then becomes lib/ckfw/builtins/testlib/{OBJDIR}/../{source_name}.o. The simple fix would be to paper over the issue and just add these to .hgignore, but that would break our ability to build multiple platforms on a single source directory. I'll include a patch that fixes this issue. bob Differential Revision: https://phabricator.services.mozilla.com/D70077 [92058f185316] 2020-04-06 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/ssl_gtest/tls_hkdf_unittest.cc, lib/nss/nss.def, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c, lib/ssl/sslprimitive.c, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13hkdf.c, lib/ssl/tls13replay.c, tests/ssl/ssl.sh: Bug 1561637 TLS 1.3 does not work in FIPS mode r=mt Part 2 of 2 Use the official PKCS #11 HKDF mechanism to implement tls 1.3. 1) The new mechanism is a single derive mechanism, so we no longer need to pick it based on the underlying hmac (Note, we still need to know the underlying hmac, which is passed in as a mechanism parameter). 2) Use the new keygen to generate CKK_HKDF keys rather than doing it by hand with the random number generator (never was really the best way of doing this). 3) modify tls13hkdf.c to use the new mechanisms: 1) Extract: use the new key handle in the mechanism parameters to pass the salt when the salt is a key handle. Extract: use the explicit NULL salt parameter if for the hash len salt of zeros. 2) Expand: Expand is mostly a helper function which takes a mechanism. For regular expand, the mechanism is the normal _Derive, for the Raw version its the _Data function. That creates a data object, which is extractable in FIPS mode. 4) update slot handling in tls13hkdf.c: 1) we need to make sure that the key and the salt key are in the same slot. Provide a PK11wrap function to make that guarrentee (and use that function in PK11_WrapKey, which already has to do the same function). 2) When importing a 'data' key for the zero key case, make sure we import into the salt key's slot. If there is no salt key, use PK11_GetBestSlot() rather than PK11_GetInternal slot. Differential Revision: https://phabricator.services.mozilla.com/D69899 [3d2b1738e064] 2020-04-06 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/curve25519-vectors.h, gtests/common/testvectors/p256ecdh-vectors.h, gtests/common/testvectors/p384ecdh-vectors.h, gtests/common/testvectors/p521ecdh-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha256-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha384-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha512-vectors.h, gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h, gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h, gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_misc-vectors.h, gtests/common/testvectors/rsa_signature-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha224-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha256-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha512-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha256-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha384-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha512-vectors.h, gtests/common/testvectors/rsa_signature_4096_sha384-vectors.h, gtests/common/testvectors/rsa_signature_4096_sha512-vectors.h, gtests/common/testvectors_base/rsa_signature-vectors_base.txt, gtests/common/testvectors_base/test-structs.h, gtests/common/wycheproof/genTestVectors.py, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc, gtests/pk11_gtest/pk11_rsaoaep_unittest.cc, gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, gtests/pk11_gtest/pk11_rsapss_unittest.cc: Bug 1612260 - Add Wycheproof vectors for RSA PKCS1 and PSS signing, PKCS1 and OEAP decryption. r=bbeurdouche This patch updates the Wycheproof script to build RSA test vectors (covering PKCS1 decryption/verification, as well as PSS and OAEP) and adds the appropriate test drivers. Differential Revision: https://phabricator.services.mozilla.com/D69847 [469fd8633757] 2020-04-01 Kevin Jacobs <kjacobs@mozilla.com> * automation/taskcluster/docker-fuzz32/Dockerfile: Bug 1626751 - Add apt-transport-https & apt-utils to fuzz32 docker image r=jcj We already install these packages on the image_builder image itself. It seems they're now required on the fuzz32 image as well. Differential Revision: https://phabricator.services.mozilla.com/D69274 [c7a8195e3072] 2020-04-01 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/Makefile: Bug |
||
|
Kevin Jacobs
|
d3ee51ff83 |
Bug 1621350 - land NSS NSS_3_51_1_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-04-03 Kevin Jacobs <kjacobs@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.51.1 final [81a16f9b6562] [NSS_3_51_1_RTM] <NSS_3_51_BRANCH> 2020-04-01 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_51_1_BETA1 for changeset 581ed41d0a8d [99b5a3b50511] <NSS_3_51_BRANCH> Differential Revision: https://phabricator.services.mozilla.com/D69651 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
86b088f103 |
Bug 1621350 - land NSS NSS_3_51_1_BETA1 UPGRADE_NSS_RELEASE, r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D69284 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
fe5361807e |
Bug 1621350 - land NSS 581ed41d0a8d UPGRADE_NSS_RELEASE, r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D68665 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
c36703e663 |
Bug 1621350 - land NSS 0225889e5292 UPGRADE_NSS_RELEASE, r=jcj
2020-03-23 Kevin Jacobs <kjacobs@mozilla.com> * lib/softoken/pkcs11.c: Bug 1624402 - Fix compilation error when NO_FORK_CHECK and CHECK_FORK_* are defined r=rrelyea [0225889e5292] [tip] * lib/util/pkcs11.h: Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed. r=rrelyea [7ab62d3d0445] 2020-03-17 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libsoftokn3.so.txt, cmd/pk11mode/pk11mode.c, lib/pk11wrap/pk11load.c, lib/pk11wrap/secmodi.h, lib/pk11wrap/secmodt.h, lib/softoken/fipstokn.c, lib/softoken/manifest.mn, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/sftkmessage.c, lib/softoken/softoken.gyp, lib/softoken/softoken.h, lib/softoken/softokn.def, lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h, nss/automation/abi-check/new-report-libnss3.so.txt, nss/automation /abi-check/new-report-libsoftokn3.so.txt: Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=ueno r=mt Update to PKCS #11 v3.0 part 2. Create the functions and switch to the C_Interface() function to fetch the PKCS #11 function table. Also PKCS #11 v3.0 uses a new fork safe interface. NSS can already handle the case if the PKCS #11 module happens to be fork safe (when asked by the application to refresh the tokens in the child process, NSS can detect that such a refresh is not necessary and continue. Softoken could also be put in fork_safe mode with an environment variable. With this patch it's the default, and NSS asks for the fork safe API by default. Technically softoken should implement the old non-fork safe interface when PKCS #11 v2.0 is called, but NSS no longer needs it, and doing so would double the number of PKCS #11 interfaces are needed. You can still compile with fork unsafe semantics, and the PKCS #11 V3.0 module will do the right thing and not include the fork safe flag. Firefox does not fork(), so for firefox this is simply code that is no longer compilied. We now use C_GetInterface, which allows us to specify what kind of interface we want (PKCS #11 v3.0, PKCS #11 v2.0, fork safe, etc.). Vendor specific functions can now be accessed through the C_GetInterface. If the C_GetInterface function does not exists, we fall bak to the old C_GetFunctionList. There are 24 new functions in PKCS #11 v3.0: C_GetInterfaceList - return a table of all the supported interfaces C_GetInterface - return a specific interface. You can specify interface name, version and flags separately. You can leave off any of these and you will get what the token thinks is the best match of the interfaces that meet the criteria. We do this in softoken by the order of the interface list. C_SessionCancel - Cancel one or more multipart operation C_LoginUser - Supply a user name to C_Login(). This function has no meaning for softoken, so it just returns CKR_OPERATION_NOT_INITIALIZED under the theory that if we in the future want to support usernames, the NSS db would need special initialization to make that happen. C_Message* and C_*Message* (20 functions in all) are the new AEAD interface (they are written generally so that it can be used for things other than AEAD). In this patch they are unimplemented (see the next patch). This patch adds regular (NSC_) and FIPS (FC_) versions of these functions. Also when creating the PKCS #11 v2.0 interface, we had to create a 2.0 specific version of C_GetInfo so that it can return a 2.40 in the CK_VERSION field rather than 3.00. We do this with #defines since all the function tables are generated automagically with pkcs11f.h. [2364598f8a36] 2020-03-18 Kevin Jacobs <kjacobs@mozilla.com> * lib/freebl/mpi/mpcpucache.c: Bug 1623184 - Clear ECX prior to cpuid, fixing query for Extended Features r=bbeurdouche While trying to benchmark the recent HACL* AVX2 code, I noticed that it was not being called on two machines (that both support AVX2), instead using only the AVX version. In order to query for Extended Features (cpuid with EAX=7), we also need to set ECX to 0: https://www.intel.com/content/www/us/en /architecture-and-technology/64-ia-32-architectures-software- developer-vol-2a-manual.html. The current code fails to do this, resulting in flags that show no support. Initially, I wrote a separate `freebl_cpuid_ex` function that accepted a value for ECX as a separate input argument. However, some definitions of `freebl_cpuid` already zero ECX, so making this consistent is the simplest way to get the desired behavior. With this patch, the two test machines (MacOS and Linux x64) correctly use the AVX2 ChaCha20Poly1305 code. [06d41fe87c58] 2020-02-18 Robert Relyea <rrelyea@redhat.com> * cmd/bltest/blapitest.c, cmd/fipstest/fipstest.c, cmd/lib/pk11table.c, cmd/pk11gcmtest/pk11gcmtest.c, cmd/shlibsign/shlibsign.c, gtests/pk11_gtest/pk11_aes_gcm_unittest.cc, gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/certdb/crl.c, lib/ckfw/dbm/db.c, lib/dev/devslot.c, lib/dev/devtoken.c, lib/dev/devutil.c, lib/freebl/fipsfreebl.c, lib/freebl/gcm.c, lib/freebl/intel-gcm-wrap.c, lib/pk11wrap/debug_module.c, lib/pk11wrap/dev3hack.c, lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11err.c, lib/pk11wrap/pk11load.c, lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11pk12.c, lib/pk11wrap/pk11pqg.c, lib/pk11wrap/pk11skey.c, lib/pk11wrap/pk11slot.c, lib/pk11wrap/pk11util.c, lib/pkcs12/p12d.c, lib/pkcs12/p12e.c, lib/softoken/fipstokn.c, lib/softoken/legacydb/lgattr.c, lib/softoken/legacydb/lgcreate.c, lib/softoken/legacydb/lgfind.c, lib/softoken/legacydb/lginit.c, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c, lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sftkdb.c, lib/softoken/sftkpwd.c, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c, lib/ssl/tls13con.c, lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secoid.c, nss- tool/enc/enctool.cc: Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye This patch implements the first phase: updating the headers. lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h Were updated using the released OASIS PKCS #11 v3.0 header files. lib/util/pkcs11n.h was updated to finally deprecate all uses of CK?_NETSCAPE_?. A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the small semantic changes (including the removal of deprecated defines) between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are reverted in favor of the PKCS #11 v2 definitions. This include the removal of CK?_NETSCAPE_? in favor of CK?_NSS_?. One notable change was caused by an inconsistancy between the spec and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an extra field in the header that was not in the spec. OASIS considers the header file to be normative, so PKCS #11 v3.0 resolved the issue in favor of the header file definition. NSS had the spec definition, so now there are 2 defines for this structure: CK_NSS_GCM_PARAMS - the old nss define. Still used internally in freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined. Softoken has been updated to accept either CK_NSS_GCM_PARAMS or CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS. One other semantic difference between the 3.0 version of pkcs11f.h and the version here: In the oasis version of the header, you must define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In our version you must define CK_PKCS11_3 to get the PCKS #11 v3 defines. Most of this patch is to handle changing the deprecated defines that have been removed in PCKS #11 v3 from NSS. [b5d90a7fe217] 2020-03-16 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/SSLerrs.h, lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslimpl.h, lib/ssl/sslt.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13subcerts.c, tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh: Bug 1617968 - Update Delegated Credentials implementation to draft-07 r=mt Remove support for RSAE in delegated credentials (both in DC signatures and SPKIs), add SignatureScheme list functionality to initial DC extension. [44eb9e27d946] 2020-03-13 Robert Relyea <rrelyea@redhat.com> * cmd/fipstest/fipstest.c: Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy When testing Bug 1608245, I realized that I had inadvertently broken fipstest.c's handling of KI and KI_len. This lead to it passing bogus keys (with unusually large lengths exceeding the bounds of sizeof KI) to kbkdf_Dispatch(...). This uses Bob Relyea's suggestion on how to handle this: detect the size of KI when processing the mech selection, storing KI_len there. This simplifies reading of the KI value in later code. [d7b12847a650] * lib/softoken/kbkdf.c: Bug 1608245 KBKDF - Consistently handle NULL slot/session r=kjacobs Patch by cipherboy, review by kjacobs. Per Bug 1607955, the KBKDF code introduced in Bug 1599603 confused Coverity with a elided NULL check on sftk_SlotFromSessionHandle(...). While Coverity is incorrect (and the behavior is fine as-is), it isn't consistent with the KBKDF code's handling of sftk_SessionFromHandle(...) (which is NULL checked). This brings these two call sites into internal consistency. [4c43bc0998f3] Differential Revision: https://phabricator.services.mozilla.com/D67966 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
24e1ed50fa |
Bug 1621350 - land NSS 710d10a72934 UPGRADE_NSS_RELEASE, r=jcj
2020-03-10 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/ssl3exthandle.c:
Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket
r=jcj,bbeurdouche
[710d10a72934] [tip]
2020-03-09 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/ssl3exthandle.c:
Bug
|
||
|
Kevin Jacobs
|
6182246ebe |
Bug 1614053 - land NSS NSS_3_51_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-03-06 Kevin Jacobs <kjacobs@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.51 final [d3e6d637eaec] [NSS_3_51_RTM] <NSS_3_51_BRANCH> 2020-03-03 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_51_BETA2 for changeset 6e610ed9b196 [bea0b3a5d451] <NSS_3_51_BRANCH> Differential Revision: https://phabricator.services.mozilla.com/D65817 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
d782507dc9 |
Bug 1614053 - land NSS NSS_3_51_BETA2 UPGRADE_NSS_RELEASE, r=jcj
2020-03-03 Kevin Jacobs <kjacobs@mozilla.com> * automation/taskcluster/scripts/run_hacl.sh, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/libintvector.h: Backed out changeset b6677ae9067e (Bug 1612493) for Windows build failures. [6e610ed9b196] [NSS_3_51_BETA2] <NSS_3_51_BRANCH> * automation/taskcluster/graph/src/extend.js, coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/freebl.gyp, lib/freebl/verified/Hacl_Chacha20Poly1305_256.c, lib/freebl/verified/Hacl_Chacha20Poly1305_256.h, lib/freebl/verified/Hacl_Chacha20_Vec256.c, lib/freebl/verified/Hacl_Chacha20_Vec256.h, lib/freebl/verified/Hacl_Poly1305_256.c, lib/freebl/verified/Hacl_Poly1305_256.h, nss-tool/hw-support.c: Backed out changeset d5deac55f543 [4215a0b45a22] <NSS_3_51_BRANCH> 2020-03-02 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_51_BETA1 for changeset b17a367b83de [9564790a9cf6] <NSS_3_51_BRANCH> * lib/freebl/blinit.c: Bug 1614183 - Fixup, clang-format. r=me [b17a367b83de] [NSS_3_51_BETA1] 2020-03-02 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/blinit.c: Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>). r=kjacobs Some build environment doesn't provide <sys/auxv.h> and this causes build failure, so let's check if that header exists by using __has_include() helper. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [bb7c46049f26] 2020-03-02 Kurt Miller <kurt@intricatesoftware.com> * lib/freebl/blinit.c: Bug 1618400 - Fix unused variable 'getauxval' on OpenBSD/arm64 r=jcj https://bugzilla.mozilla.org/show_bug.cgi?id=1618400 [2c989888dee7] 2020-02-28 Benjamin Beurdouche <bbeurdouche@mozilla.com> * automation/taskcluster/graph/src/extend.js, coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/freebl.gyp, lib/freebl/verified/Hacl_Chacha20Poly1305_256.c, lib/freebl/verified/Hacl_Chacha20Poly1305_256.h, lib/freebl/verified/Hacl_Chacha20_Vec256.c, lib/freebl/verified/Hacl_Chacha20_Vec256.h, lib/freebl/verified/Hacl_Poly1305_256.c, lib/freebl/verified/Hacl_Poly1305_256.h, nss-tool/hw-support.c: Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and Chacha20Poly1305. r=kjacobs *** Bug 1612493 - Import AVX2 code from HACL* *** Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE *** Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp *** Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2 *** Bug 1612493 - Disable tests when the platform doesn't have support for AVX2 [d5deac55f543] * automation/taskcluster/scripts/run_hacl.sh, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/libintvector.h: Bug 1617533 - Update of HACL* after libintvector.h and coding style changes. r=kjacobs *** Bug 1617533 - Clang format *** Bug 1617533 - Update HACL* commit for job in Taskcluster *** Bug 1617533 - Update HACL* Kremlin code [b6677ae9067e] Differential Revision: https://phabricator.services.mozilla.com/D65270 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
4d7b3b72ef |
Bug 1614053 - land NSS 52a75c5373ef UPGRADE_NSS_RELEASE, r=jcj
2020-02-27 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/ssl_masking_unittest.cc, gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h, gtests/ssl_gtest/tls_hkdf_unittest.cc, gtests/ssl_gtest/tls_protect.cc, lib/ssl/dtls13con.c, lib/ssl/ssl3con.c, lib/ssl/ssl3prot.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslprimitive.c, lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13esni.c, lib/ssl/tls13hkdf.c, lib/ssl/tls13hkdf.h, lib/ssl/tls13replay.c: Bug 1608892 - Update DTLS 1.3 to draft-34 r=mt This patch updates the DTLS 1.3 implementation to draft-34. Notable changes: 1) Key separation via `ssl_protocol_variant`. 2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`. 3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters). 4) Parameterize masking tests, as appropriate. 5) Reject non-empty legacy_cookie, and test. 6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`). [52a75c5373ef] [tip] 2020-02-24 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> * lib/cryptohi/secsign.c: Bug 1617387 fix compiler warning r=jcj [ab0e7e272e36] 2020-02-24 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/p384ecdh-vectors.h, gtests/common/testvectors/p521ecdh-vectors.h, gtests/common/wycheproof/genTestVectors.py, gtests/common/wycheproof/source_vectors/ecdh_secp384r1_test.json, gtests/common/wycheproof/source_vectors/ecdh_secp521r1_test.json, gtests/pk11_gtest/pk11_ecdh_unittest.cc: Bug 1612259 - Add Wycheproof vectors for P384 and P521 ECDH. r=bbeurdouche [badb4da1ec85] 2020-02-19 Kevin Jacobs <kjacobs@mozilla.com> * gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mplogic.h: Bug 1609751 - Additional tests for mp_comba r=mt Verify that when clamping, the upper 4 bytes of an `mp_digit` is checked. [a5e8c14016cd] 2020-02-19 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> * lib/freebl/ecl/ecp_25519.c: Bug 1561337: fix compiler warning r=jcj [4c771e6a79db] Differential Revision: https://phabricator.services.mozilla.com/D64683 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
3ffa3a1cbd |
Bug 1606927 - land NSS 9e0d34a6cf91 UPGRADE_NSS_RELEASE, r=jcj
2020-02-18 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/dtlscon.c, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c: Bug 1615208 - Send DTLS version numbers in DTLS 1.3 supported_versions extension r=mt This patch modifies `supported_versions` encodings to reflect DTLS versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include `[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd, 0xfeff]`, causing compatibility issues. [9e0d34a6cf91] [tip] 2020-02-12 Mikael Urankar <mikael.urankar@gmail.com> * lib/freebl/Makefile, lib/freebl/freebl.gyp: Bug 1612177 - Set -march=armv7 when compiling gcm-arm32-neon, in order to enable NEON code generation. [4413841bd26d] 2020-02-14 Dmitry Baryshkov <dbaryshkov@gmail.com> * gtests/freebl_gtest/blake2b_unittest.cc, lib/freebl/blake2b.c: Bug 1431940 - remove dereference before NULL check in BLAKE2B code. r=kjacobs [5e661906698f] 2020-02-12 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/sslnonce.c: Bug 1614870 - Free sid->peerID before reallocating in ssl_DecodeResumptionToken. r=mt This patch adds a missing `PORT_Free()` when reallocating `sid->PeerID`, and adds a test for a non-empty PeerID. [1eb4e00b016e] Differential Revision: https://phabricator.services.mozilla.com/D63220 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
982674831d |
Bug 1614053 - land NSS 735ed2e47040 UPGRADE_NSS_RELEASE, r=kjacobs
2020-02-10 Robert Relyea <rrelyea@redhat.com> * lib/freebl/cmac.c: Bug 1610687 - Crash on unaligned CMACContext.aes.keySchedule when using AES-NI intrinsics r=kjacobs [046a6f5bfb27] * lib/util/pkcs11t.h: Bug 1611209 - Value of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL are swapped r=rrelyea [df142975f4f6] 2020-02-11 Victor Tapia <victor.tapia@canonical.com> * lib/pk11wrap/pk11util.c, lib/sysinit/nsssysinit.c: Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not enabled on build r=jcj,rrelyea [55ba54adfcae] 2020-02-11 J.C. Jones <jjones@mozilla.com> * lib/sysinit/nsssysinit.c: Bug 1614786 - Fixup for ‘getFIPSEnv’ being unused r=kjacobs Fixes a regression from Bug 1582169 ../../lib/sysinit/nsssysinit.c:153:1: error: ‘getFIPSEnv’ defined but not used [-Werror=unused-function] [06925efe306b] 2020-02-11 Dana Keeler <dkeeler@mozilla.com> * cmd/lib/secutil.c, lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c: bug 1538980 - null-terminate ascii input in SECU_ReadDERFromFile so strstr is safe to call r=jcj,kjacobs [735ed2e47040] [tip] Differential Revision: https://phabricator.services.mozilla.com/D62451 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
f76c0593e0 |
Bug 1606927 - land NSS NSS_3_50_RTM UPGRADE_NSS_RELEASE,
2020-02-07 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.50 final [5bb3927fa234] [NSS_3_50_RTM] <NSS_3_50_BRANCH> 2020-02-05 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_50_BETA2 for changeset b91bbf7a88c9 [a8656c823c1f] <NSS_3_50_BRANCH> Differential Revision: https://phabricator.services.mozilla.com/D62106 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
ac8a04f4fc |
Bug 1606927 - land NSS NSS_3_50_BETA2 UPGRADE_NSS_RELEASE, r=kjacobs
2020-02-05 J.C. Jones <jjones@mozilla.com> * lib/softoken/exports.gyp, lib/softoken/manifest.mn, lib/softoken/pkcs11.c, lib/softoken/sftkdb.c, lib/softoken/softoken.gyp: Bug 1609673 - Conditionally compile out all libnssdbm glue if NSS_DISABLE_DBM is set r=mt Remove `lgglue` from compilation entirely if DBM is disabled [b91bbf7a88c9] [NSS_3_50_BETA2] <NSS_3_50_BRANCH> 2020-02-04 Kevin Jacobs <kjacobs@mozilla.com> * .hgtags: Added tag NSS_3_50_BETA1 for changeset de6ba04bb1f4 [1201d0d89b72] <NSS_3_50_BRANCH> Differential Revision: https://phabricator.services.mozilla.com/D61770 --HG-- extra : moz-landing-system : lando |
||
|
Kevin Jacobs
|
d659acd37c |
Bug 1606927 - land NSS de6ba04bb1f4 UPGRADE_NSS_RELEASE, r=jcj
2020-02-03 Kai Engert <kaie@kuix.de> * automation/release/nspr-version.txt: Bug 1612623 - NSS 3.50 should depend on NSPR 4.25. r=kjacobs [de6ba04bb1f4] [NSS_3_50_BETA1] 2020-01-27 Giulio Benetti <giulio.benetti@benettiengineering.com> * coreconf/config.gypi, coreconf/config.mk, lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm.h: Bug 1608151 - Introduce NSS_DISABLE_ALTIVEC and disable_altivec r=jcj At the moment NSS assumes that every PowerPC64 architecture supports Altivec but it's not true and this leads to build failure. So add NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for gyp) to disable Altivec extension on PowerPC build that don't support Altivec. [f2d947817850] Differential Revision: https://phabricator.services.mozilla.com/D61574 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
799f0cd87c |
Bug 1606927 - land NSS 4bf79c4d2954 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-27 J.C. Jones <jjones@mozilla.com> * lib/freebl/blinit.c: Bug 1602386 - clang-format r=bustage [4bf79c4d2954] [tip] 2020-01-27 Piotr Kubaj <pkubaj@FreeBSD.org> * lib/freebl/Makefile, lib/freebl/blinit.c: Bug 1602386 - Fix build on FreeBSD/powerpc platforms. r=jcj FreeBSD has elf_aux_info instead of getauxval, but only since FreeBSD 12. Previous versions (11 is still supported) don't have any equivalent and users need to query sysctl manually. [f2ac5e318886] 2020-01-27 Jan Beich <jbeich@FreeBSD.org> * lib/freebl/blinit.c: Bug 1609181 - Detect ARM CPU features on FreeBSD. r=jcj Implement `getauxval` via `elf_aux_info` to avoid code duplication. `AT_HWCAP*` can be used on powerpc* and riscv64 as well. [edb60bae9219] 2020-01-22 Martin Thomson <mt@lowentropy.net> * lib/zlib/README, lib/zlib/README.nss, lib/zlib/adler32.c, lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h, lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, lib/zlib/inffixed.h, lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c, lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c, lib/zlib/zconf.h, lib/zlib/zlib.h, lib/zlib/zutil.c, lib/zlib/zutil.h: Bug 1547639 - Update zlib to 1.2.11, r=jcj [91f3f0749d0b] * lib/zlib/README.nss, lib/zlib/config.mk, lib/zlib/example.c, lib/zlib/manifest.mn, lib/zlib/minigzip.c, lib/zlib/vendor.sh, lib/zlib/zlib.gyp: Bug 1547639 - Automatic vendoring of zlib, r=jcj [fc128963a9aa] Differential Revision: https://phabricator.services.mozilla.com/D61126 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
c70fa24ea8 |
Bug 1606927 - land NSS cd55a3a90502 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-22 Kai Engert <kaie@kuix.de> * lib/softoken/lowpbe.c: Bug 1606992 - Follow-up to also cache most recent PBKDF1 hash (in addition to PBKDF2 hash). r=kjacobs [cd55a3a90502] [tip] 2020-01-22 Kevin Jacobs <kjacobs@mozilla.com> * lib/freebl/aes-x86.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h: Bug 1608493 - Use AES-NI intrinsics for CBC and ECB decrypt when no assembly implementation is available. r=mt AES-NI is currently not used for //CBC// or //ECB decrypt// when an assembly implementation (`intel-aes.s` or `intel- aes-x86/64-masm.asm`) is not available. Concretely, this is the case on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch adds the plumbing to use AES-NI intrinsics when available. Before: ``` mode in symmkey opreps cxreps context op time(sec) thrgput aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb aes_cbc_e 78Mb 256 10T 0 0.000 392.000 0.393 198Mb aes_cbc_d 78Mb 256 10T 0 0.000 425.000 0.425 183Mb ``` After: ``` mode in symmkey opreps cxreps context op time(sec) thrgput aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb aes_cbc_e 78Mb 256 10T 0 0.000 94.000 0.094 831Mb aes_cbc_d 78Mb 256 10T 0 0.000 74.000 0.075 1Gb ``` [9804c76e76f3] Differential Revision: https://phabricator.services.mozilla.com/D60763 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
4cb75803d7 |
Bug 1606927 - land NSS 124c43a9f768 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-16 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/cbc-vectors.h, gtests/common/testvectors /chachapoly-vectors.h, gtests/common/testvectors/cmac-vectors.h, gtests/common/testvectors/curve25519-vectors.h, gtests/common/testvectors/gcm-vectors.h, gtests/common/testvectors /p256ecdh-vectors.h, gtests/common/testvectors_base/chachapoly- vectors_base.h, gtests/common/testvectors_base/curve25519-vectors_base.h, gtests/common/testvectors_base/gcm-vectors_base.h, gtests/common/testvectors_base/test-structs.h, gtests/common/wycheproof/genTestVectors.py, gtests/common/wycheproof/source_vectors/aes_cbc_pkcs5_test.json, gtests/common/wycheproof/source_vectors/aes_cmac_test.json, gtests/common/wycheproof/source_vectors/aes_gcm_test.json, gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json, gtests/common/wycheproof/source_vectors/ecdh_secp256r1_test.json, gtests/common/wycheproof/source_vectors/x25519_test.json, gtests/freebl_gtest/ghash_unittest.cc, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_aes_cmac_unittest.cc, gtests/pk11_gtest/pk11_aes_gcm_unittest.cc, gtests/pk11_gtest/pk11_cbc_unittest.cc, gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, gtests/pk11_gtest/pk11_curve25519_unittest.cc, gtests/pk11_gtest/pk11_ecdh_unittest.cc, gtests/pk11_gtest/pk11_gtest.gyp, mach: Bug 1604596 - Update Wycheproof vectors and add support for CBC, P256-ECDH, and CMAC tests r=franziskus This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH: ChaCha20: +141 tests Curve25519: +431 tests GCM: +39 tests CBC (new): +183 tests CMAC (new): +308 tests P256 ECDH (new): +460 tests [124c43a9f768] [tip] 2020-01-17 Kai Engert <kaie@kuix.de> * lib/softoken/lowpbe.c: Bug 1606992 - Permit sftk_PBELockInit being called multiple times. r=kjacobs [9d1ced9ae01e] * lib/softoken/lowpbe.c: Bug 1606992 - follow up to fix clang-format, whitespace only. rs=me DONTBUILD [7c9dcf601c83] 2020-01-15 Kai Engert <kaie@kuix.de> * lib/softoken/lowpbe.c: Bug 1606992 - Follow-up to cleanup PBE cache code. r=kjacobs [1d782fb6eede] 2020-01-03 Kevin Jacobs <kjacobs@mozilla.com> * lib/freebl/mpi/mp_comba_amd64_masm.asm, lib/freebl/mpi/mpi-priv.h: Bug 1605314 - Compare all 8 bytes of an mp_digit when clamping in Windows assembly/mp_comba. r=mt Compare all 8 bytes of an `mp_digit` when clamping in Windows x64 assembly (mp_sqr/mp_mul). Also adds an assertion to ensure that the size of `mp_digit` matches implementation assumptions. [09673f933c6d] Differential Revision: https://phabricator.services.mozilla.com/D60538 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
5e7e635bc0 |
Bug 1606927 - land NSS 5f9f410d0b60 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-15 Kevin Jacobs <kjacobs@mozilla.com> * lib/freebl/chacha20poly1305.c: Bug 1574643 - Check for AVX support before using vectorized ChaCha20 decrypt r=jcj The addition of an AVX support check in `ChaCha20Poly1305_Seal` seems to have stopped the Encrypt crashes on old Intel CPUs, however we're seeing new reports from `Hacl_Chacha20Poly1305_128_aead_decrypt` (which is called from `ChaCha20Poly1305_Open`). This needs an AVX check as well... [5f9f410d0b60] [tip] 2020-01-14 Kevin Jacobs <kjacobs@mozilla.com> * gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc: Bug 1573911 - Add RSA Encryption test r=jcj Add a test for various sizes of RSA encryption input. [4abc6ff828ab] 2020-01-13 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/hkdf-vectors.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hkdf_unittest.cc: Bug 1585429 - Add HKDF test vectors r=jcj Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC test vectors, as well as upper-bound length checks for the output key material. [239797efc34b] 2020-01-14 J.C. Jones <jjones@mozilla.com> * coreconf/config.gypi: Bug 1608327 - Fixup for dc57fe5d65d4, add a default for softfp_cflags r=bustage [05b923624b73] 2020-01-14 Sylvestre Ledru <sledru@mozilla.com> * automation/buildbot-slave/bbenv-example.sh, automation/buildbot- slave/build.sh, automation/buildbot-slave/reboot.bat, automation /buildbot-slave/startbuild.bat: Bug 1607099 - Remove the buildbot configuration r=jcj [7a87cef808f3] 2020-01-14 Greg V <greg@unrelenting.technology> * lib/freebl/blinit.c: Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj Environment checks are reogranized to be separate from platform code to make it impossible to forget to check disable_FEATURE on one platform but not the other. [fbde548e8114] 2020-01-14 Mike Hommey <mh@glandium.org> * lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp, lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c, lib/freebl/rijndael.c: Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj Despite the code having runtime detection of NEON and crypto extensions, the optimized code using those instructions is disabled at build time on platforms where the compiler doesn't enable NEON by default of with the flags it's given for the caller code. In the case of gcm, this goes as far as causing a build error. What is needed is for the optimized code to be enabled in every case, letting the caller code choose whether to use that code based on the existing runtime checks. But this can't be simply done either, because those optimized parts of the code need to be built with NEON enabled, unconditionally, but that is not compatible with platforms using the softfloat ABI. For those, we need to use the softfp ABI, which is compatible. However, the softfp ABI is not compatible with the hardfp ABI, so we also can't unconditionally use the softfp ABI, so we do so only when the compiler targets the softfloat ABI, which confusingly enough is advertized via the `__SOFTFP__` define. [dc57fe5d65d4] 2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com> * automation/saw/chacha20.saw, automation/taskcluster/docker- builds/Dockerfile, automation/taskcluster/docker- hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc, automation/taskcluster/docker-hacl/Dockerfile, automation/taskcluster/docker-hacl/bin/checkout.sh, automation/taskcluster/docker-hacl/license.txt, automation/taskcluster/docker-hacl/setup-user.sh, automation/taskcluster/docker-hacl/setup.sh, automation/taskcluster/graph/src/extend.js, automation/taskcluster/scripts/run_hacl.sh, gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c, lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi, nss-tool/hw-support.c: Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. [a8df94132dd3] 2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com> * lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20.h, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.h, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.h, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Chacha20_Vec128.h, lib/freebl/verified/Hacl_Curve25519.c, lib/freebl/verified/Hacl_Curve25519.h, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Curve25519_51.h, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_128.h, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/Hacl_Poly1305_32.h, lib/freebl/verified/Hacl_Poly1305_64.c, lib/freebl/verified/Hacl_Poly1305_64.h, lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h, lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h, lib/freebl/verified/kremlin/include/kremlin/internal/compat.h, lib/freebl/verified/kremlin/include/kremlin/internal/target.h, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f star_uint128_msvc.h, lib/freebl/verified/libintvector.h, lib/freebl/verified/specs/Spec.CTR.fst, lib/freebl/verified/specs/Spec.Chacha20.fst, lib/freebl/verified/specs/Spec.Curve25519.fst, lib/freebl/verified/specs/Spec.Poly1305.fst, lib/freebl/verified/vec128.h: Bug 1574643 - haclv2 code r=kjacobs This updates the in-tree version of our existing HACL* code to v2, replacing what we have already. Once this landed NSS can pick up more (faster) code from HACL*. [5bf2547d671f] 2020-01-13 Kevin Jacobs <kjacobs@mozilla.com> * automation/taskcluster/windows/build_gyp.sh: Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded to python3 r=jcj [[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0 | Setuptools 45.0.0 ]] drops support for Python2, which our Windows workers are running. This patch installs the prior version during build, in order to unblock CI until the workers can be upgraded. [64c5410f98e0] Differential Revision: https://phabricator.services.mozilla.com/D60086 --HG-- extra : moz-landing-system : lando |
||
|
Cosmin Sabou
|
877a36559e |
Backed out changeset 3006febc4c38 (bug 1606927) for causing startup crashes in latest nightly version. UPGRADE_NSS_RELEASE a=backout
--HG-- extra : amend_source : 11f3873c8a2163cdc5ae51f5f54175e07666b8a6 |
||
|
J.C. Jones
|
3dd40eb5a5 |
Bug 1606927 - land NSS 239797efc34b UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/hkdf-vectors.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hkdf_unittest.cc: Bug 1585429 - Add HKDF test vectors r=jcj Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC test vectors, as well as upper-bound length checks for the output key material. [239797efc34b] [tip] 2020-01-14 J.C. Jones <jjones@mozilla.com> * coreconf/config.gypi: Bug 1608327 - Fixup for dc57fe5d65d4, add a default for softfp_cflags r=bustage [05b923624b73] 2020-01-14 Sylvestre Ledru <sledru@mozilla.com> * automation/buildbot-slave/bbenv-example.sh, automation/buildbot- slave/build.sh, automation/buildbot-slave/reboot.bat, automation /buildbot-slave/startbuild.bat: Bug 1607099 - Remove the buildbot configuration r=jcj [7a87cef808f3] 2020-01-14 Greg V <greg@unrelenting.technology> * lib/freebl/blinit.c: Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj Environment checks are reogranized to be separate from platform code to make it impossible to forget to check disable_FEATURE on one platform but not the other. [fbde548e8114] 2020-01-14 Mike Hommey <mh@glandium.org> * lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp, lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c, lib/freebl/rijndael.c: Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj Despite the code having runtime detection of NEON and crypto extensions, the optimized code using those instructions is disabled at build time on platforms where the compiler doesn't enable NEON by default of with the flags it's given for the caller code. In the case of gcm, this goes as far as causing a build error. What is needed is for the optimized code to be enabled in every case, letting the caller code choose whether to use that code based on the existing runtime checks. But this can't be simply done either, because those optimized parts of the code need to be built with NEON enabled, unconditionally, but that is not compatible with platforms using the softfloat ABI. For those, we need to use the softfp ABI, which is compatible. However, the softfp ABI is not compatible with the hardfp ABI, so we also can't unconditionally use the softfp ABI, so we do so only when the compiler targets the softfloat ABI, which confusingly enough is advertized via the `__SOFTFP__` define. [dc57fe5d65d4] 2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com> * automation/saw/chacha20.saw, automation/taskcluster/docker- builds/Dockerfile, automation/taskcluster/docker- hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc, automation/taskcluster/docker-hacl/Dockerfile, automation/taskcluster/docker-hacl/bin/checkout.sh, automation/taskcluster/docker-hacl/license.txt, automation/taskcluster/docker-hacl/setup-user.sh, automation/taskcluster/docker-hacl/setup.sh, automation/taskcluster/graph/src/extend.js, automation/taskcluster/scripts/run_hacl.sh, gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c, lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi, nss-tool/hw-support.c: Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. [a8df94132dd3] 2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com> * lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20.h, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.h, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.h, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Chacha20_Vec128.h, lib/freebl/verified/Hacl_Curve25519.c, lib/freebl/verified/Hacl_Curve25519.h, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Curve25519_51.h, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_128.h, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/Hacl_Poly1305_32.h, lib/freebl/verified/Hacl_Poly1305_64.c, lib/freebl/verified/Hacl_Poly1305_64.h, lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h, lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h, lib/freebl/verified/kremlin/include/kremlin/internal/compat.h, lib/freebl/verified/kremlin/include/kremlin/internal/target.h, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f star_uint128_msvc.h, lib/freebl/verified/libintvector.h, lib/freebl/verified/specs/Spec.CTR.fst, lib/freebl/verified/specs/Spec.Chacha20.fst, lib/freebl/verified/specs/Spec.Curve25519.fst, lib/freebl/verified/specs/Spec.Poly1305.fst, lib/freebl/verified/vec128.h: Bug 1574643 - haclv2 code r=kjacobs This updates the in-tree version of our existing HACL* code to v2, replacing what we have already. Once this landed NSS can pick up more (faster) code from HACL*. [5bf2547d671f] 2020-01-13 Kevin Jacobs <kjacobs@mozilla.com> * automation/taskcluster/windows/build_gyp.sh: Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded to python3 r=jcj [[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0 | Setuptools 45.0.0 ]] drops support for Python2, which our Windows workers are running. This patch installs the prior version during build, in order to unblock CI until the workers can be upgraded. [64c5410f98e0] Differential Revision: https://phabricator.services.mozilla.com/D59928 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
1cbe67b6fb |
Bug 1606927 - land NSS a06bd0f6bbe8 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-11 Kai Engert <kaie@kuix.de> * lib/softoken/lowpbe.c, lib/softoken/pkcs11.c: Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed up repeated SDR operations. r=jcj [a06bd0f6bbe8] [tip] Differential Revision: https://phabricator.services.mozilla.com/D59741 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
390a1a8923 |
Bug 1606927 - Bug 1602020 - land NSS 4921046404f1 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-07 J.C. Jones <jjones@mozilla.com> * tests/fips/cavs_samples/KBKDF/fax/KBKDFCounter.fax.orig, tests/fips/cavs_samples/KBKDF/req/KBKDFCounter.req.orig: Bug 1599603 - Remove .orig files accidentally committed in 4349f611f7b96de63934837d6940095ac1a5db33 r=bustage [4921046404f1] [tip] 2020-01-07 Giulio Benetti <giulio.benetti@benettiengineering.com> * cmd/signtool/manifest.mn, lib/ssl/manifest.mn: Bug 1603438 - Fix native tools build failure due to lack of zlib include dir if external r=jcj Add ZLIB_INCLUDE_DIR variable On Linux platform[1], the build system forces to use zlib from the system instead of compiling the one located intree. The following error is raised when the zlib header is installed somewhere else than in the default system include path: ssl3con.c:39:18: fatal error: zlib.h: No such file or directory #include "zlib.h" The same trick setup for sqlite include directory is reproduced for zlib. The build system disallows in any manner to give arguments to the compiler explicity. The variable ZLIB_INCLUDE_DIR point to the directory where the zlib header is located. [1]: https://hg.mozilla.org/projects/nss/file/NSS_3_33_BRANCH/coreco nf/Linux.mk#l180 [2]: https://hg.mozilla.org/projects/nss/file/NSS_3 _33_BRANCH/lib/softoken/manifest.mn#l17 [477d370d1bab] 2020-01-06 Kevin Jacobs <kjacobs@mozilla.com> * cpputil/databuffer.h, cpputil/scoped_ptrs_ssl.h, cpputil/tls_parser.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_aead_unittest.cc, gtests/ssl_gtest/ssl_ciphersuite_unittest.cc, gtests/ssl_gtest/ssl_drop_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/ssl_masking_unittest.cc, gtests/ssl_gtest/ssl_primitive_unittest.cc, gtests/ssl_gtest/ssl_record_unittest.cc, gtests/ssl_gtest/ssl_recordsize_unittest.cc, gtests/ssl_gtest/ssl_tls13compat_unittest.cc, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h, gtests/ssl_gtest/tls_protect.cc, gtests/ssl_gtest/tls_protect.h, lib/ssl/dtls13con.c, lib/ssl/dtls13con.h, lib/ssl/dtlscon.c, lib/ssl/dtlscon.h, lib/ssl/ssl3con.c, lib/ssl/ssl3gthr.c, lib/ssl/ssl3prot.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslprimitive.c, lib/ssl/sslsock.c, lib/ssl/sslspec.c, lib/ssl/sslspec.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h: Bug 1599514 - Update DTLS 1.3 support to draft-30 r=mt This patch updates the DTLS 1.3 implementation to draft version 30, including unified header format and sequence number encryption. Also added are new `SSL_CreateMask` experimental functions. [8b7f0180c5b0] 2020-01-06 Robert Relyea <rrelyea@redhat.com> * cmd/fipstest/fipstest.c, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_kbkdf.cc, lib/softoken/kbkdf.c, lib/softoken/manifest.mn, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c, lib/softoken/sftkhmac.c, lib/softoken/softoken.gyp, lib/util/pkcs11n.h, lib/util/pkcs11t.h, tests/fips/cavs_samples/KBKDF/fax/KBKDFCounter.fax, tests/fips/cavs_samples/KBKDF/fax/KBKDFCounter.fax.orig, tests/fips/cavs_samples/KBKDF/fax/README, tests/fips/cavs_samples/KBKDF/req/KBKDFCounter.req, tests/fips/cavs_samples/KBKDF/req/KBKDFCounter.req.orig, tests/fips/cavs_samples/KBKDF/req/README, tests/fips/cavs_scripts/README, tests/fips/cavs_scripts/kbkdf.sh, tests/fips/cavs_scripts/runtest.sh: This implements NIST SP800-108 Counter, Feedback, and Double Pipeline mode KDFs suitable for use in SCP03 and other protocols. These KDFs were introduced in PKCS#11 v3.0. Resolves: BZ#1599603 [4349f611f7b9] 2020-01-03 J.C. Jones <jjones@mozilla.com> * automation/abi-check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.50 Beta [569ca5b163e7] Differential Revision: https://phabricator.services.mozilla.com/D59210 --HG-- rename : security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc => security/nss/gtests/ssl_gtest/ssl_aead_unittest.cc extra : moz-landing-system : lando |
||
|
J.C. Jones
|
b560bdb144 |
Bug 1602020 - land NSS NSS_3_49_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-03 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.49 final [d41f5350554e] [NSS_3_49_RTM] <NSS_3_49_BRANCH> 2020-01-02 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/ssl3con.c: Bug 1513586 - Set downgrade sentinel for client TLS versions lower than 1.2. r=mt Per-[[ https://tools.ietf.org/html/rfc8446#section-4.1.3 | RFC 8446 ]], the downgrade sentinel must be set by a TLS 1.3 server (and should be set by a TLS 1.2 server) that negotiates TLS 1.0 or 1.1. This patch corrects the behavior and adds a test. [993717228da0] 2020-01-02 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_49_BETA1 for changeset 9ecd41cd2fa3 [62d36f2ee1cc] Differential Revision: https://phabricator.services.mozilla.com/D58655 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
956d95c76c |
Bug 1602020 - land NSS NSS_3_49_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs
2020-01-02 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/ssl/sslsnce.c: Bug 1606025 - Remove -Wmaybe-uninitialized warning in sslsnce.c r=jcj (Amended by jcj to also set privKeyCopy to NULL) [9ecd41cd2fa3] [NSS_3_49_BETA1] * lib/freebl/gcm.h: Bug 1606119 - Fix PPC HW Crypto build failure r=jcj All Altivec *_be() functions are supported from gcc version 8.x not 5.x so modify gcc version check that at the moment cause build failure due to missing Altivec *_be() functions. [7ab634a7d772] 2020-01-01 Alex Henrie <alexhenrie24@gmail.com> * cmd/modutil/install-ds.c: Bug 1605545 - Fix memory leak in Pk11Install_Platform_Generate. r=mt [748b308170a4] Differential Revision: https://phabricator.services.mozilla.com/D58541 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
75b1a5ab89 |
Bug 1602020 - land NSS b6eb18f04260 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-20 J.C. Jones <jjones@mozilla.com> * lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20.h, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.h, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.h, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Chacha20_Vec128.h, lib/freebl/verified/Hacl_Curve25519.c, lib/freebl/verified/Hacl_Curve25519.h, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Curve25519_51.h, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_128.h, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/Hacl_Poly1305_32.h, lib/freebl/verified/Hacl_Poly1305_64.c, lib/freebl/verified/Hacl_Poly1305_64.h, lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h, lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h, lib/freebl/verified/kremlin/include/kremlin/internal/compat.h, lib/freebl/verified/kremlin/include/kremlin/internal/target.h, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f star_uint128_msvc.h, lib/freebl/verified/libintvector.h, lib/freebl/verified/specs/Spec.CTR.fst, lib/freebl/verified/specs/Spec.Chacha20.fst, lib/freebl/verified/specs/Spec.Curve25519.fst, lib/freebl/verified/specs/Spec.Poly1305.fst, lib/freebl/verified/vec128.h: Backed out changeset c351b2f60b40 (Bug 1574643) for crashes on early SSE4 CPUs [b6eb18f04260] [tip] * automation/saw/chacha20.saw, automation/taskcluster/docker- builds/Dockerfile, automation/taskcluster/docker- hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc, automation/taskcluster/docker-hacl/Dockerfile, automation/taskcluster/docker-hacl/bin/checkout.sh, automation/taskcluster/docker-hacl/license.txt, automation/taskcluster/docker-hacl/setup-user.sh, automation/taskcluster/docker-hacl/setup.sh, automation/taskcluster/graph/src/extend.js, automation/taskcluster/scripts/run_hacl.sh, gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c, lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi, nss-tool/hw-support.c: Backed out changeset ac51d2490f9c (Bug 1574643) for crashes on early SSE4 CPUs [f6d8c73584e0] 2019-12-19 Giulio Benetti <giulio.benetti@benettiengineering.com> * coreconf/Linux.mk, coreconf/config.gypi: Bug 1602288 - Fix build failure due to missing posix signal.h r=kjacobs [82bae6299c8e] 2019-12-12 Makoto Kato <m_kato@ga2.so-net.ne.jp> * lib/freebl/blinit.c, lib/freebl/ctr.c, lib/freebl/freebl.gyp, lib/freebl/rijndael.c: Bug 1588714 - Implement CheckARMSupport for Win64/aarch64. r=kjacobs aarch64 doesn't have `cpuid` like instruction set. Actually, we use getauxval system call on Linux/aarch64 to check CPU features. Windows has `IsProcessorFeaturePresent` API to get CPU features, so we should use it to check whether current CPU supports ARM Crypto extension. [3ba8a584ddea] Differential Revision: https://phabricator.services.mozilla.com/D58060 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
0f42784b56 |
Bug 1602020 - land NSS ac51d2490f9c UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-18 Franziskus Kiefer <franziskuskiefer@gmail.com> * automation/saw/chacha20.saw, automation/taskcluster/docker- builds/Dockerfile, automation/taskcluster/docker- hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc, automation/taskcluster/docker-hacl/Dockerfile, automation/taskcluster/docker-hacl/bin/checkout.sh, automation/taskcluster/docker-hacl/license.txt, automation/taskcluster/docker-hacl/setup-user.sh, automation/taskcluster/docker-hacl/setup.sh, automation/taskcluster/graph/src/extend.js, automation/taskcluster/scripts/run_hacl.sh, gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c, lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi, nss-tool/hw-support.c: Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. [ac51d2490f9c] [tip] * lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20.h, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.h, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.h, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Chacha20_Vec128.h, lib/freebl/verified/Hacl_Curve25519.c, lib/freebl/verified/Hacl_Curve25519.h, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Curve25519_51.h, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_128.h, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/Hacl_Poly1305_32.h, lib/freebl/verified/Hacl_Poly1305_64.c, lib/freebl/verified/Hacl_Poly1305_64.h, lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h, lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h, lib/freebl/verified/kremlin/include/kremlin/internal/compat.h, lib/freebl/verified/kremlin/include/kremlin/internal/target.h, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f star_uint128_msvc.h, lib/freebl/verified/libintvector.h, lib/freebl/verified/specs/Spec.CTR.fst, lib/freebl/verified/specs/Spec.Chacha20.fst, lib/freebl/verified/specs/Spec.Curve25519.fst, lib/freebl/verified/specs/Spec.Poly1305.fst, lib/freebl/verified/vec128.h: Bug 1574643 - haclv2 code r=kjacobs This updates the in-tree version of our existing HACL* code to v2, replacing what we have already. Once this landed NSS can pick up more (faster) code from HACL*. [c351b2f60b40] Differential Revision: https://phabricator.services.mozilla.com/D57821 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
50132af158 |
Bug 1602020 - land NSS fc636973ad06 UPGRADE_NSS_RELEASE, r=kjacobs
2019-11-25 Robert Relyea <rrelyea@redhat.com> * lib/softoken/legacydb/keydb.c, lib/softoken/legacydb/lgcreate.c, lib/softoken/legacydb/lgdb.h, lib/softoken/legacydb/lginit.c, lib/softoken/lgglue.c, lib/softoken/lowpbe.c, lib/softoken/lowpbe.h, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sdb.h, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c, lib/util/pkcs11n.h: Bug 1585189 - Changed the algorithm used to encrypt NSS database entries, from 3DES to AES256. Our NSS DB uses 3DES internally to encrypt their entries. This patch changes the default algorithm for AES256 to increase the security. This patch also adds code to use AES Wrap in the future. It also adds an integrity check to the AES256 CBC. The change only affects sqlite databases. bob [fc636973ad06] [tip] 2019-12-12 Kevin Jacobs <kjacobs@mozilla.com> * gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/softoken/pkcs11c.c: Bug 1603257 - Fix UBSAN issue in softoken CKM_NSS_CHACHA20_CTR initialization r=mt This patch adds an explicit cast to fix a UBSAN issue that was flagged in https://treeherder.mozilla.org/#/jobs?repo=nss- try&selectedJob=280720441. It also updates the test to use a random IV. [9ca79efd6d29] 2019-12-10 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_hrr_unittest.cc: Bug 1590001 - Additional HRR Tests. r=mt This patch adds new tests for version limitations after a HRR. [8a2bd40e7f89] 2019-12-11 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/ssl_hrr_unittest.cc: Bug 1600144 - clang-format, a=bustage [014f37ecee3e] 2019-11-29 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/ssl_hrr_unittest.cc, lib/ssl/dtlscon.c: Bug 1600144 - Treat ClientHello with message_seq of 1 as a second ClientHello, r=kjacobs Summary: The logic that deals with stateless HelloRetryRequest in DTLS allows this one-off increment to the message_seq field in case the server was operating statelessly. However, when it does, it should insist on the ClientHello carrying a cookie; concretely, it should set the flag that says that a HelloRetryRequest was sent, even if it doesn't currently remember that it sent one. That is the only way that this condition could be met. [f55fe2a2dab9] 2019-12-11 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_esni_unittest.cc: Bug 1603027 - clang-format, a=bustage [ca9adb8eb899] 2019-12-11 EKR <ekr@rtfm.com> * gtests/ssl_gtest/tls_esni_unittest.cc: Bug 1603027 - Check that ESNI gets regenerated with HRR r=mt [6655d8a1f4bd] 2019-12-09 Andi-Bogdan Postelnicu <bpostelnicu@mozilla.com> * mach: Bug 1598485 - Exclude files that are not part of the nss repository from the analysis artifact. r=jcj [38a1c27aadf3] Differential Revision: https://phabricator.services.mozilla.com/D57470 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
5615541267 |
Bug 1602020 - land NSS c46bc59ce7d4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-06 Daiki Ueno <dueno@redhat.com> * lib/pki/pki3hack.c: Bug 1593167, certdb: propagate trust information if trust module is loaded afterwards, r=rrelyea,keeler Summary: When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs. This change makes it properly roll up the trust information, if a temp cert doesn't have trust information. Reviewers: rrelyea, keeler Reviewed By: rrelyea, keeler Subscribers: reviewbot, heftig Bug #: 1593167 [c46bc59ce7d4] [tip] 2019-11-08 Martin Thomson <mt@lowentropy.net> * lib/ssl/tls13subcerts.c: Bug 1594965 - Include saltLength in DC SPKI, r=kjacobs Summary: I discovered this when validating new additions to our root store policy. The encodings there didn't line up with what we were producing with DC. [661058254ade] 2019-12-04 J.C. Jones <jjones@mozilla.com> * automation/release/nss-release-helper.py: Bug 1535787 - Further improvements to the release-helper API r=mt [7baba392bf8b] * automation/release/nss-release-helper.py: Bug 1535787 - flake8 style updates to nss-release-helper.py r=kjacobs Depends on D23757 [b31e68a789fa] * automation/release/nss-release-helper.py: Bug 1535787 - Use Python for the regexes in nss-release-helper r=keeler,kjacobs automation/release/nss-release-helper.py doesn't actually edit the files correctly on MacOS due to differences between GNU and BSD sed. It's python, so let's just use python regexes. [92271739e848] 2019-12-04 Franziskus Kiefer <franziskuskiefer@gmail.com> * automation/taskcluster/graph/src/extend.js, automation/taskcluster/graph/src/queue.js, automation/taskcluster/scripts/check_abi.sh, build.sh, coreconf/config.gypi, help.txt, lib/freebl/freebl_base.gypi, mach, tests/all.sh, tests/common/init.sh, tests/remote/Makefile: Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj Disale libnssdbm by default and add flag to enable it in builds. On CI a build and certs test with enabled legacy DB are added. Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas. [c1fad130dce2] 2019-12-03 Makoto Kato <m_kato@ga2.so-net.ne.jp> * lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm- arm32-neon.c, lib/freebl/gcm.c: Bug 1562548 - Improve GCM perfomance on aarch32 using NEON. r=kjacobs Optimize GCM perfomance using https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's NEON. [a9ba652046e6] 2019-12-03 J.C. Jones <jjones@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, automation/abi- check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.49 beta [3051793c68fc] 2019-12-02 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_48_BETA1 for changeset 77976f3fefca [06d5b4f91a9c] Differential Revision: https://phabricator.services.mozilla.com/D56378 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
641a6bf8c1 |
Bug 1592007 - land NSS NSS_3_48_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-03 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.48 final [65d3150a258e] [NSS_3_48_RTM] <NSS_3_48_BRANCH> 2019-12-02 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_48_BETA1 for changeset 77976f3fefca [06d5b4f91a9c] Differential Revision: https://phabricator.services.mozilla.com/D55994 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
62db00e902 |
Bug 1592007 - land NSS NSS_3_48_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs
2019-12-02 Kevin Jacobs <kjacobs@mozilla.com> * lib/ssl/sslsnce.c: Bug 1593401 - Fix race condition in self-encrypt functions r=mt,jcj [77976f3fefca] [NSS_3_48_BETA1] 2019-12-02 J.C. Jones <jjones@mozilla.com> * automation/release/nspr-version.txt: Bug 1600775 - Require NSPR 4.24 for NSS 3.48 r=kaie,kjacobs [b6141fb86799] * gtests/ssl_gtest/tls_filter.h: Bug 1599545 - fixup, clang-format r=me [8ffef87ef51b] 2019-12-02 Kevin Jacobs <kjacobs@mozilla.com> * cpputil/tls_parser.h, gtests/ssl_gtest/ssl_keyupdate_unittest.cc, gtests/ssl_gtest/tls_filter.h, lib/ssl/tls13con.c: Bug 1599545 - Fix assertion and add test for early Key Update message r=mt Remove an overzealous assertion when a Key Update message is received too early, and add a test for the expected alert condition. Also adds `TlsEncryptedHandshakeMessageReplacer` for replacing TLS 1.3 encrypted handshake messages. This is a simple implementation where only the first byte of the message is changed to the new type (so as to trigger the desired handler). [a5dbf68d182d] 2019-11-27 J.C. Jones <jjones@mozilla.com> * lib/ckfw/object.c: Bug 1597799 - Guard against null ptrs in NSSCKFWObject r=kjacobs There's a bunch of similar code that could use guards in here, but I wanted to be minimal for this patch. [eab4d3c8c76d] Differential Revision: https://phabricator.services.mozilla.com/D55581 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
fb11dfa746 |
Bug 1592007 - land NSS 10722c590949 UPGRADE_NSS_RELEASE, r=kjacobs
2019-11-26 J.C. Jones <jjones@mozilla.com> * lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/nssckbi.h: Bug 1591178 - Add Entrust Root Certification Authority - G4 r=kjacobs Friendly Name: Entrust Root Certification Authority - G4 Cert Location: https://bug1480510.bmoattachments.org/attachment.cgi?id=8997105 SHA-256 Fingerprint: DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88 Trust Flags: Email; Websites Test URL: https://validg4.entrust.net/ [10722c590949] [tip] Differential Revision: https://phabricator.services.mozilla.com/D54785 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
7d99d834e8 |
Bug 1592007 - land NSS d64102b76a43 UPGRADE_NSS_RELEASE, r=kjacobs
2019-11-20 Kevin Jacobs <kjacobs@mozilla.com> * lib/ssl/ssl3con.c, lib/ssl/tls13con.c: Bug 1590001 - Prevent negotiation of versions lower than 1.3 after HelloRetryRequest. r=mt This patch prevents negotiation of TLS versions lower than 1.3 after an HRR has been sent. [d64102b76a43] [tip] 2019-11-22 J.C. Jones <jjones@mozilla.com> * lib/softoken/pkcs11u.c: Bug 1596450 - Fixup, coverity CID 1455952 r=kjacobs [46b1355d8765] * lib/pk11wrap/pk11slot.c: Bug 1522203 - Remove Pentium Pro workaround for PK11_GetAllTokens r=kjacobs The comment indicated the wasted effort was to work around a cache issue on the Pentium Pro. I think it has served its purpose. [27d9fb4ac69b] 2019-11-21 Franziskus Kiefer <franziskuskiefer@gmail.com> * tests/gtests/gtests.sh: Bug 1592557 - fix prng kat tests, r=jcj fix for prng kat tests [474334bb790b] 2019-11-20 Robert Relyea <rrelyea@redhat.com> * lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/sftkhmac.c: Bug 1596450 - softoken: unified MAC implementation patch by Alex Scheel review by rrelyea [3147585149f0] Differential Revision: https://phabricator.services.mozilla.com/D54637 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
58feb56c3d |
Bug 1592007 - land NSS 1e22a0c93afe UPGRADE_NSS_RELEASE, r=kjacobs
2019-11-19 Craig Disselkoen <cdisselk@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus [1e22a0c93afe] Differential Revision: https://phabricator.services.mozilla.com/D53868 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
2452039365 |
Bug 1592007 - land NSS e8f2720c8254 UPGRADE_NSS_RELEASE, r=kjacobs CLOSED TREE
2019-11-09 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixbuild_tests.cpp, gtests/mozpkix_gtest/pkixcert_extension_tests.cpp, gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp, gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp: bug 1593141 - add validity period beginning argument to mozilla::pkix::TrustDomain::CheckRevocation r=jcj This allows TrustDomain implementations to make decisions based on when the validity period of a certificate began. For instance, if an implementation has revocation information that is valid and complete as of a particular time, but a certificate's validity period begins after that time, the implementation may decide to disregard this revocation information on the basis that the information it has available cannot possibly apply to that certificate. [e8f2720c8254] [tip] Differential Revision: https://phabricator.services.mozilla.com/D53228 --HG-- extra : histedit_source : 8561f7624eabd6cf2113f5585035e84ff82d26b3 |
||
|
J.C. Jones
|
696043affe |
Bug 1592007 - land NSS 87f35ba4c82f UPGRADE_NSS_RELEASE, r=keeler
2019-11-13 J.C. Jones <jjones@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1591363 - Fixup double-free of params in nsc_SetupPBEKeyGen r=keeler Caused in commit 7ef8d2604494. [87f35ba4c82f] [tip] 2019-11-07 Makoto Kato <m_kato@ga2.so-net.ne.jp> * lib/freebl/ctr.c: Bug 1592869 - Use NEON for ctr_xor. r=kjacobs Using NEON for ctr_xor, aes_ctr can improve 30%-40%i decode/encode time on Cortex-A72. [d244c7287908] 2019-11-12 Marcus Burghardt <mburghardt@mozilla.com> * gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11skey.c, lib/softoken/pkcs11c.c: Bug 1591363 - PBKDF2 memory leaks in NSC_GenerateKey. r=jcj A memory leak was reported and confirmed in this bug. However, during the "manual" analysis of the flow, another possible leak was found. I created a patch for both leaks, added gtests for unexpected keySizes and adjusted the general syntax of the gtest file. [7ef8d2604494] 2019-11-11 Tom Prince <mozilla@hocat.ca> * automation/taskcluster/graph/src/extend.js, automation/taskcluster/windows/setup.sh: Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcj [c33b214b2ec8] 2019-11-08 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_dhe_unittest.cc, gtests/ssl_gtest/ssl_ecdh_unittest.cc, gtests/ssl_gtest/tls_connect.h, lib/ssl/ssl3con.c: Bug 1566131, check policy against hash algorithms used for ServerKeyExchange, r=mt Summary: This adds necessary policy checks in `ssl3_ComputeCommonKeyHash()`, right before calculating hashes. Note that it currently doesn't check MD5 as it still needs to be allowed in TLS 1.1 or earlier and many tests fail if we change that. Reviewers: mt Reviewed By: mt Bug #: 1566131 [c08947c6af57] 2019-11-08 Kai Engert <kaie@kuix.de> * coreconf/coreconf.dep: Dummy change, trigger a build to test latest NSPR commits. [e766899c72a5] * automation/taskcluster/graph/src/extend.js: Bug 1579836 - Execute NSPR tests as part of NSS continuous integration. r=jcj [46bfbabf7e75] 2019-11-08 Dustin J. Mitchell <dustin@mozilla.com> * automation/taskcluster/graph/npm-shrinkwrap.json, automation/taskcluster/graph/package.json, automation/taskcluster/graph/src/image_builder.js, automation/taskcluster/graph/src/queue.js, automation/taskcluster/scripts/tools.sh, automation/taskcluster/windows/gen_certs.sh, automation/taskcluster/windows/run_tests.sh: Bug 1594891 - Updates to run correctly on the new TC deployment r=jcj * Update the Taskcluster client used in the decision task to one that understands Taskcluster rootUrls. * Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL * the absence of this variale signals an "old" worker so we use an "old" URL [67d630e7cb7c] 2019-11-07 Tom Prince <mozilla@hocat.ca> * .taskcluster.yml, automation/taskcluster/graph/src/extend.js, automation/taskcluster/graph/src/queue.js: Bug 1591275: Switch workers to use AWS Provder; r=kjacobs [a2bebaad41dd] 2019-11-06 Daiki Ueno <dueno@redhat.com> * gtests/pk11_gtest/pk11_module_unittest.cc: Bug 1577803, clang-format, a=bustage [c9014b2892d5] * gtests/pk11_gtest/pk11_module_unittest.cc, gtests/pkcs11testmodule/pkcs11testmodule.cpp, lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11slot.c, lib/pk11wrap/secmodti.h, lib/util/pkcs11t.h: Bug 1577803, pk11wrap: set friendly flag if token implements CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea Summary: This makes NSS look for CKO_PROFILE object at token initialization time to check if it implements the [[ https://docs .oasis-open.org/pkcs11/pkcs11-profiles/v3.0/pkcs11-profiles-v3.0.pdf | Public Certificates Token profile ]] as defined in PKCS #11 v3.0. If it is found, the token is automatically marked as friendly so no authentication attempts will be made when accessing certificates. Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 [b39c8eeabe6a] 2019-11-06 Martin Thomson <mt@lowentropy.net> * lib/freebl/blinit.c, lib/freebl/gcm-ppc.c: Bug 1566126 - clang-format, a=bustage [6125200fbc88] 2019-11-06 Lauri Kasanen <cand@gmx.com> * lib/freebl/Makefile, lib/freebl/altivec-types.h, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/gcm-ppc.c, lib/freebl/gcm.c, lib/freebl/gcm.h: Bug 1566126 - freebl: POWER GHASH Vector Acceleration, r=mt Implementation for POWER8 adapted from the ARM paper: https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf Benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 \ -v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on POWER8 3.3GHz. NSS_DISABLE_HW_CRYPTO=1 mode in symmkey opreps cxreps context op time(sec) thrgput aes_gcm_e 309Mb 192 5M 0 0.000 10000.000 10.001 30Mb mode in symmkey opreps cxreps context op time(sec) thrgput aes_gcm_e 829Mb 192 14M 0 0.000 10000.000 10.001 82Mb Notable operf results, sw: samples % image name symbol name 226033 59.3991 libfreeblpriv3.so bmul 80606 21.1824 libfreeblpriv3.so rijndael_encryptBlock128 28851 7.5817 libfreeblpriv3.so gcm_HashMult_sftw hw: 213899 56.2037 libfreeblpriv3.so rijndael_encryptBlock128 45233 11.8853 libfreeblpriv3.so gcm_HashMult_hw So the ghash part is ~5.6x faster. Signed-off-by: Lauri Kasanen <cand@gmx.com> [3d7e509d6d20] 2019-11-05 Marcus Burghardt <mburghardt@mozilla.com> * lib/certdb/certdb.c, lib/util/secport.h: Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c. r=mt Bug 1588015 introduced in NSPR a new way to ASSERT values where the arguments are always used avoiding "unused variable" errors. This was implemented in NSS, at certdb.c. [73c28cad3dbb] 2019-11-05 Daiki Ueno <dueno@redhat.com> * cpputil/nss_scoped_ptrs.h, gtests/manifest.mn, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_module_unittest.cc, gtests/pkcs11testmodule/Makefile, gtests/pkcs11testmodule/config.mk, gtests/pkcs11testmodule/manifest.mn, gtests/pkcs11testmodule/pkcs11testmodule.cpp, gtests/pkcs11testmodule/pkcs11testmodule.def, gtests/pkcs11testmodule/pkcs11testmodule.gyp, gtests/pkcs11testmodule/pkcs11testmodule.rc, nss.gyp: Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea Summary: This adds a mock PKCS #11 module from Firefox and add basic tests around it. This is needed for proper testing of PKCS #11 v3.0 profile objects (D45669). Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 [0a86945adf74] Differential Revision: https://phabricator.services.mozilla.com/D52779 --HG-- extra : moz-landing-system : lando |
||
|
Csoregi Natalia
|
acb0f164ca | Backed out changeset cbd4aa02eba9 (bug 1592007) for failures on browser_startup_mainthreadio.js UPGRADE_NSS_RELEASE . CLOSED TREE | ||
|
J.C. Jones
|
121d80b553 |
Bug 1592007 - land NSS 87f35ba4c82f UPGRADE_NSS_RELEASE, r=keeler
2019-11-13 J.C. Jones <jjones@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1591363 - Fixup double-free of params in nsc_SetupPBEKeyGen r=keeler Caused in commit 7ef8d2604494. [87f35ba4c82f] [tip] 2019-11-07 Makoto Kato <m_kato@ga2.so-net.ne.jp> * lib/freebl/ctr.c: Bug 1592869 - Use NEON for ctr_xor. r=kjacobs Using NEON for ctr_xor, aes_ctr can improve 30%-40%i decode/encode time on Cortex-A72. [d244c7287908] 2019-11-12 Marcus Burghardt <mburghardt@mozilla.com> * gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11skey.c, lib/softoken/pkcs11c.c: Bug 1591363 - PBKDF2 memory leaks in NSC_GenerateKey. r=jcj A memory leak was reported and confirmed in this bug. However, during the "manual" analysis of the flow, another possible leak was found. I created a patch for both leaks, added gtests for unexpected keySizes and adjusted the general syntax of the gtest file. [7ef8d2604494] 2019-11-11 Tom Prince <mozilla@hocat.ca> * automation/taskcluster/graph/src/extend.js, automation/taskcluster/windows/setup.sh: Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcj [c33b214b2ec8] 2019-11-08 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_dhe_unittest.cc, gtests/ssl_gtest/ssl_ecdh_unittest.cc, gtests/ssl_gtest/tls_connect.h, lib/ssl/ssl3con.c: Bug 1566131, check policy against hash algorithms used for ServerKeyExchange, r=mt Summary: This adds necessary policy checks in `ssl3_ComputeCommonKeyHash()`, right before calculating hashes. Note that it currently doesn't check MD5 as it still needs to be allowed in TLS 1.1 or earlier and many tests fail if we change that. Reviewers: mt Reviewed By: mt Bug #: 1566131 [c08947c6af57] 2019-11-08 Kai Engert <kaie@kuix.de> * coreconf/coreconf.dep: Dummy change, trigger a build to test latest NSPR commits. [e766899c72a5] * automation/taskcluster/graph/src/extend.js: Bug 1579836 - Execute NSPR tests as part of NSS continuous integration. r=jcj [46bfbabf7e75] 2019-11-08 Dustin J. Mitchell <dustin@mozilla.com> * automation/taskcluster/graph/npm-shrinkwrap.json, automation/taskcluster/graph/package.json, automation/taskcluster/graph/src/image_builder.js, automation/taskcluster/graph/src/queue.js, automation/taskcluster/scripts/tools.sh, automation/taskcluster/windows/gen_certs.sh, automation/taskcluster/windows/run_tests.sh: Bug 1594891 - Updates to run correctly on the new TC deployment r=jcj * Update the Taskcluster client used in the decision task to one that understands Taskcluster rootUrls. * Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL * the absence of this variale signals an "old" worker so we use an "old" URL [67d630e7cb7c] 2019-11-07 Tom Prince <mozilla@hocat.ca> * .taskcluster.yml, automation/taskcluster/graph/src/extend.js, automation/taskcluster/graph/src/queue.js: Bug 1591275: Switch workers to use AWS Provder; r=kjacobs [a2bebaad41dd] 2019-11-06 Daiki Ueno <dueno@redhat.com> * gtests/pk11_gtest/pk11_module_unittest.cc: Bug 1577803, clang-format, a=bustage [c9014b2892d5] * gtests/pk11_gtest/pk11_module_unittest.cc, gtests/pkcs11testmodule/pkcs11testmodule.cpp, lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11slot.c, lib/pk11wrap/secmodti.h, lib/util/pkcs11t.h: Bug 1577803, pk11wrap: set friendly flag if token implements CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea Summary: This makes NSS look for CKO_PROFILE object at token initialization time to check if it implements the [[ https://docs .oasis-open.org/pkcs11/pkcs11-profiles/v3.0/pkcs11-profiles-v3.0.pdf | Public Certificates Token profile ]] as defined in PKCS #11 v3.0. If it is found, the token is automatically marked as friendly so no authentication attempts will be made when accessing certificates. Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 [b39c8eeabe6a] 2019-11-06 Martin Thomson <mt@lowentropy.net> * lib/freebl/blinit.c, lib/freebl/gcm-ppc.c: Bug 1566126 - clang-format, a=bustage [6125200fbc88] 2019-11-06 Lauri Kasanen <cand@gmx.com> * lib/freebl/Makefile, lib/freebl/altivec-types.h, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/gcm-ppc.c, lib/freebl/gcm.c, lib/freebl/gcm.h: Bug 1566126 - freebl: POWER GHASH Vector Acceleration, r=mt Implementation for POWER8 adapted from the ARM paper: https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf Benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 \ -v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on POWER8 3.3GHz. NSS_DISABLE_HW_CRYPTO=1 mode in symmkey opreps cxreps context op time(sec) thrgput aes_gcm_e 309Mb 192 5M 0 0.000 10000.000 10.001 30Mb mode in symmkey opreps cxreps context op time(sec) thrgput aes_gcm_e 829Mb 192 14M 0 0.000 10000.000 10.001 82Mb Notable operf results, sw: samples % image name symbol name 226033 59.3991 libfreeblpriv3.so bmul 80606 21.1824 libfreeblpriv3.so rijndael_encryptBlock128 28851 7.5817 libfreeblpriv3.so gcm_HashMult_sftw hw: 213899 56.2037 libfreeblpriv3.so rijndael_encryptBlock128 45233 11.8853 libfreeblpriv3.so gcm_HashMult_hw So the ghash part is ~5.6x faster. Signed-off-by: Lauri Kasanen <cand@gmx.com> [3d7e509d6d20] 2019-11-05 Marcus Burghardt <mburghardt@mozilla.com> * lib/certdb/certdb.c, lib/util/secport.h: Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c. r=mt Bug 1588015 introduced in NSPR a new way to ASSERT values where the arguments are always used avoiding "unused variable" errors. This was implemented in NSS, at certdb.c. [73c28cad3dbb] 2019-11-05 Daiki Ueno <dueno@redhat.com> * cpputil/nss_scoped_ptrs.h, gtests/manifest.mn, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_module_unittest.cc, gtests/pkcs11testmodule/Makefile, gtests/pkcs11testmodule/config.mk, gtests/pkcs11testmodule/manifest.mn, gtests/pkcs11testmodule/pkcs11testmodule.cpp, gtests/pkcs11testmodule/pkcs11testmodule.def, gtests/pkcs11testmodule/pkcs11testmodule.gyp, gtests/pkcs11testmodule/pkcs11testmodule.rc, nss.gyp: Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea Summary: This adds a mock PKCS #11 module from Firefox and add basic tests around it. This is needed for proper testing of PKCS #11 v3.0 profile objects (D45669). Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 [0a86945adf74] Differential Revision: https://phabricator.services.mozilla.com/D52779 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
3167ebf65d |
Bug 1592007 - land NSS dc9552c2aa77 UPGRADE_NSS_RELEASE, r=kjacobs
2019-11-04 Marcus Burghardt <mburghardt@mozilla.com> * lib/pk11wrap/pk11cert.c: Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj Fixed controls to avoid crashes caused by slots possibly without a token in pk11_fastCert. Also, improved arguments controls in PK11_MakeCertFromHandle. [dc9552c2aa77] [tip] 2019-11-01 Franziskus Kiefer <franziskuskiefer@gmail.com> * gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_des_unittest.cc, gtests/pk11_gtest/pk11_gtest.gyp, lib/softoken/pkcs11c.c: Bug 1591742 - check des iv length and add test for it, r=jcj,kjacobs Summary: Let's make sure the DES IV has the length we expect it to have. Bug #: 1591742 [35857ae98190] 2019-11-01 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp, lib/mozpkix /test-lib/pkixtestnss.cpp, tests/gtests/gtests.sh: Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj [27a29997f598] 2019-11-01 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs Update NSC_Decrypt length in constant time [7f578a829b29] 2019-11-01 Kai Engert <kaie@kuix.de> * automation/taskcluster/graph/src/queue.js: Bug 1562671 - Limit Master Password KDF iterations for NSS continuous integration tests. r=mt [c8b490583b86] * lib/softoken/lgglue.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c: Bug 1562671 - Add environment variables to control Master Password KDF iteration count. Disable iteration count for legacy DBM storage by default. r=rrelyea [ced91a705aa3] 2019-11-01 Bob Relyea <rrelyea@redhat.com> * lib/softoken/legacydb/keydb.c, lib/softoken/lgglue.c, lib/softoken/pkcs11.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c: Bug 1562671 - Support higher iteration count for Master Password KDF. Bob Relyea's base patch. Requires the follow-up patch. r=kaie [6619bb43d746] 2019-10-28 Martin Thomson <mt@lowentropy.net> * coreconf/Linux.mk, coreconf/WIN32.mk, coreconf/command.mk, coreconf/config.gypi, coreconf/rules.mk, lib/freebl/aes-armv8.c, lib/freebl/aes-x86.c, lib/freebl/config.mk, lib/freebl/freebl.gyp, lib/freebl/intel-aes.h, lib/freebl/intel-gcm-wrap.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/ssl/config.mk, lib/ssl/ssl.gyp: Bug 1590972 - Use -std=c99 for all C code, r=jcj This switches to using -std=c99 for compiling all C code. Previously, we only enabled this option for lib/freebl and lib/ssl. For Linux, this means we need to define _DEFAULT_SOURCE to access some of the functions we use. On glibc 2.12 (our oldest supported version), we also need to define _BSD_SOURCE to access these functions. The only tricky part is dealing with partial C99 implementation in gcc 4.4. From what I've seen, the only problem is that - in that mode - it doesn't support nesting of unnamed fields: https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Unnamed-Fields.html This also switches from -std=c++0x to -std=c++11 as the 0x variant, though identical in meaning, is deprecated. [dbba7db4b79d] 2019-10-30 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/aes-armv8.c, lib/freebl/rijndael.c: Bug 1590676 - Fix build if arm doesn't support NEON r=kjacobs At the moment NSS assumes that ARM supports NEON extension but this is not true and leads to build failure on ARM without NEON extension. Add check to assure USE_HW_AES is not defined if ARM without NEON extension is used. [58f2471ace3b] 2019-10-30 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_agent.cc: Bug 1575411 - Disable EMS for tests, a=bustage [6e5f69781137] 2019-10-29 J.C. Jones <jjones@mozilla.com> * gtests/ssl_gtest/tls_esni_unittest.cc: Bug 1590970 - Fix clang-format from e7956ee3ba1b6d05e3175bbcd795583fde867720 r=me [d1e43cb9f227] 2019-10-29 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/ssl/tls13esni.c: Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c r=jcj [df5e9021809a] 2019-10-29 Martin Thomson <martin.thomson@gmail.com> * lib/ssl/ssl.h, lib/ssl/sslsock.c: Bug 1575411 - Enable extended master secret by default, r=jcj,kjacobs See the bug for discussion about the implications of this. [d1c68498610d] 2019-10-29 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/sslexp.h: Bug 1590970 - Stop using time() for ESNI tests, r=kjacobs Summary: The ESNI tests were using time() rather than PR_Now(), so they slipped the net when I went looking for bad time functions. Now they do the right thing again. What we were probably seeing in the intermittents was the case where we set the time for most of the SSL functions to PR_Now(), and that was just before a second rollover. Then, when time() was called, it returned t+1 so the ESNI keys that were being generated in the ESNI tests were given a notBefore time that was in the future relative to the time being given to the TLS stack. Had the ESNI keys generation been given time() - 1 for notBefore, as I have done here, this would never have turned up. Reviewers: kjacobs Tags: #secure-revision Bug #: 1590970 [e7956ee3ba1b] Differential Revision: https://phabricator.services.mozilla.com/D51858 --HG-- extra : moz-landing-system : lando |
||
|
Narcis Beleuzu
|
88ff18d148 |
Backed out changeset 1adbdd45d961 (bug 1592007) for bc failures on browser_masterPassword.js UPGRADE_NSS_RELEASE. CLOSED TREE
--HG-- extra : histedit_source : 034b2747d1bffdb2c43a30d563ef4ecbf3f96e39 |
||
|
J.C. Jones
|
07491e58b7 |
Bug 1592007 - land NSS dc9552c2aa77 UPGRADE_NSS_RELEASE, r=kjacobs
2019-11-04 Marcus Burghardt <mburghardt@mozilla.com> * lib/pk11wrap/pk11cert.c: Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj Fixed controls to avoid crashes caused by slots possibly without a token in pk11_fastCert. Also, improved arguments controls in PK11_MakeCertFromHandle. [dc9552c2aa77] [tip] 2019-11-01 Franziskus Kiefer <franziskuskiefer@gmail.com> * gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_des_unittest.cc, gtests/pk11_gtest/pk11_gtest.gyp, lib/softoken/pkcs11c.c: Bug 1591742 - check des iv length and add test for it, r=jcj,kjacobs Summary: Let's make sure the DES IV has the length we expect it to have. Bug #: 1591742 [35857ae98190] 2019-11-01 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp, lib/mozpkix /test-lib/pkixtestnss.cpp, tests/gtests/gtests.sh: Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj [27a29997f598] 2019-11-01 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs Update NSC_Decrypt length in constant time [7f578a829b29] 2019-11-01 Kai Engert <kaie@kuix.de> * automation/taskcluster/graph/src/queue.js: Bug 1562671 - Limit Master Password KDF iterations for NSS continuous integration tests. r=mt [c8b490583b86] * lib/softoken/lgglue.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c: Bug 1562671 - Add environment variables to control Master Password KDF iteration count. Disable iteration count for legacy DBM storage by default. r=rrelyea [ced91a705aa3] 2019-11-01 Bob Relyea <rrelyea@redhat.com> * lib/softoken/legacydb/keydb.c, lib/softoken/lgglue.c, lib/softoken/pkcs11.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c: Bug 1562671 - Support higher iteration count for Master Password KDF. Bob Relyea's base patch. Requires the follow-up patch. r=kaie [6619bb43d746] 2019-10-28 Martin Thomson <mt@lowentropy.net> * coreconf/Linux.mk, coreconf/WIN32.mk, coreconf/command.mk, coreconf/config.gypi, coreconf/rules.mk, lib/freebl/aes-armv8.c, lib/freebl/aes-x86.c, lib/freebl/config.mk, lib/freebl/freebl.gyp, lib/freebl/intel-aes.h, lib/freebl/intel-gcm-wrap.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/ssl/config.mk, lib/ssl/ssl.gyp: Bug 1590972 - Use -std=c99 for all C code, r=jcj This switches to using -std=c99 for compiling all C code. Previously, we only enabled this option for lib/freebl and lib/ssl. For Linux, this means we need to define _DEFAULT_SOURCE to access some of the functions we use. On glibc 2.12 (our oldest supported version), we also need to define _BSD_SOURCE to access these functions. The only tricky part is dealing with partial C99 implementation in gcc 4.4. From what I've seen, the only problem is that - in that mode - it doesn't support nesting of unnamed fields: https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Unnamed-Fields.html This also switches from -std=c++0x to -std=c++11 as the 0x variant, though identical in meaning, is deprecated. [dbba7db4b79d] 2019-10-30 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/aes-armv8.c, lib/freebl/rijndael.c: Bug 1590676 - Fix build if arm doesn't support NEON r=kjacobs At the moment NSS assumes that ARM supports NEON extension but this is not true and leads to build failure on ARM without NEON extension. Add check to assure USE_HW_AES is not defined if ARM without NEON extension is used. [58f2471ace3b] 2019-10-30 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_agent.cc: Bug 1575411 - Disable EMS for tests, a=bustage [6e5f69781137] 2019-10-29 J.C. Jones <jjones@mozilla.com> * gtests/ssl_gtest/tls_esni_unittest.cc: Bug 1590970 - Fix clang-format from e7956ee3ba1b6d05e3175bbcd795583fde867720 r=me [d1e43cb9f227] 2019-10-29 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/ssl/tls13esni.c: Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c r=jcj [df5e9021809a] 2019-10-29 Martin Thomson <martin.thomson@gmail.com> * lib/ssl/ssl.h, lib/ssl/sslsock.c: Bug 1575411 - Enable extended master secret by default, r=jcj,kjacobs See the bug for discussion about the implications of this. [d1c68498610d] 2019-10-29 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/sslexp.h: Bug 1590970 - Stop using time() for ESNI tests, r=kjacobs Summary: The ESNI tests were using time() rather than PR_Now(), so they slipped the net when I went looking for bad time functions. Now they do the right thing again. What we were probably seeing in the intermittents was the case where we set the time for most of the SSL functions to PR_Now(), and that was just before a second rollover. Then, when time() was called, it returned t+1 so the ESNI keys that were being generated in the ESNI tests were given a notBefore time that was in the future relative to the time being given to the TLS stack. Had the ESNI keys generation been given time() - 1 for notBefore, as I have done here, this would never have turned up. Reviewers: kjacobs Tags: #secure-revision Bug #: 1590970 [e7956ee3ba1b] Differential Revision: https://phabricator.services.mozilla.com/D51858 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
dd40266492 |
Bug 1592007 - land NSS fcdda17cdc36 UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-28 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_filter.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslt.h,
lib/ssl/tls13con.c:
Bug 1588244 - Store TLS 1.3 peerDelegCred, authKeyBits, and scheme
in SSLPreliminaryChannelInfo. r=mt
This patch adjusts where we set `authKeyBits` (Et al.) for TLS 1.3,
such that `CertVerifier` can check the strength of a delegated
credential keypair.
The corresponding PSM changeset is in D47181.
[fcdda17cdc36] [tip]
2019-10-28 Kai Engert <kaie@kuix.de>
* coreconf/coreconf.dep:
Dummy change, trigger a build after bustage to test latest NSPR
commit
[ec2adf31fb8c]
2019-10-26 Martin Thomson <mt@lowentropy.net>
* lib/ssl/sslauth.c, lib/ssl/sslcon.c, lib/ssl/tls13esni.c:
Bug 1590970 - Use ssl_Time consistently, r=kjacobs
I missed a few places that used PR_Now() before.
[c6021063e64a]
2019-10-22 Deian Stefan <deian@cs.ucsd.edu>
* gtests/pk11_gtest/pk11_cbc_unittest.cc:
Bug 1459141 - A few more CBC padding tests. r=jcj
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.
[38f1c92a5e11]
2019-10-22 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/btoa/btoa.c:
Bug 1590339 - Fix MemoryLeak in btoa.c. r=kjacobs
[5feab64d2d20]
2019-10-21 Marcus Burghardt <mburghardt@mozilla.com>
* lib/ckfw/builtins/testlib/certdata-testlib.txt:
Bug 1589810 - Uninitialized variable warnings from certdata.perl.
r=mt
[3f40060ca7b3]
2019-10-19 Martin Thomson <martin.thomson@gmail.com>
* gtests/ssl_gtest/ssl_version_unittest.cc:
Bug 1573118 - Fix busted unit tests, r=jcj
These unit tests were broken by the change to TLS version defaults.
In retrospect, this shouldn't have been surprising, but now that it
I'm seeing bustage, I'm somewhat surprised that there are so few
failures.
[7e0b8364687b]
* lib/ssl/sslsock.c:
Bug 1573118 - Enable TLS 1.3 by default, r=jcj
As planned for 3.47, but now for 3.48.
[bc77cf318f38]
2019-10-18 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, automation/abi-check/previous-nss-
release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.48 beta
[0e7dd2050d09]
* .hgtags:
Added tag NSS_3_47_RTM for changeset 7ccb4ade5577
[dcadb95b9d77] <NSS_3_47_BRANCH>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 final
[7ccb4ade5577] [NSS_3_47_RTM] <NSS_3_47_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D50840
--HG--
extra : moz-landing-system : lando
|
||
|
J.C. Jones
|
71a6cf2bcd |
Bug 1577822 - land NSS NSS_3_47_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-18 J.C. Jones <jjones@mozilla.com> * lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.47 final [7ccb4ade5577] [NSS_3_47_RTM] <NSS_3_47_BRANCH> * .hgtags: Added tag NSS_3_47_BETA4 for changeset d3c8638f85cd [d5bd7be1bf2a] Differential Revision: https://phabricator.services.mozilla.com/D49813 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
00dafac3ef |
Bug 1577822 - land NSS NSS_3_47_BETA4 UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-18 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1459141 - Rewrite softoken CBC pad check to be constant r=jcj,kjacobs [d3c8638f85cd] [NSS_3_47_BETA4] 2019-10-17 Kevin Jacobs <kjacobs@mozilla.com> * gtests/pk11_gtest/pk11_cbc_unittest.cc: Bug 1589120 - Additional test vectors for CBC padding. r=jcj This patch adds more test vectors for AES-CBC and 3DES-CBC padding. [7f17b911ac99] * gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc, gtests/pk11_gtest/pk11_gtest.gyp: Bug 1589120 - Tests for padded AES key wrap r=jcj This patch adds test vectors for padded AES Key Wrap. AES-CBC and 3DES-CBC ports of the same vectors will be included in a separate revision. [fb4d9b6ea2c4] 2019-10-16 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h, lib/ssl/tls13subcerts.c, tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh: Bug 1588244 - SSLExp_DelegateCredential to support 'rsaEncryption' end-entity certs with default scheme override r=mt If an end-entity cert has an SPKI type of 'rsaEncryption', override the DC alg to be `ssl_sig_rsa_pss_rsae_sha256`. [93383e0fb833] 2019-10-16 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_47_BETA3 for changeset f10c3e0757b7 [fa8a67bee2dc] Differential Revision: https://phabricator.services.mozilla.com/D49774 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
ab56e5f10e |
Bug 1577822 - land NSS NSS_3_47_BETA3 UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-16 J.C. Jones <jjones@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1459141 - Backed out changeset 474d62c9d0db for PK11_Wrap/Unwrap issues r=me [f10c3e0757b7] [NSS_3_47_BETA3] 2019-10-15 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_47_BETA2 for changeset f657d65428c6 [3ca8b20b24ee] * cmd/addbuiltin/addbuiltin.c: Bug 1465613 - Fixup clang format a=bustage [f657d65428c6] [NSS_3_47_BETA2] 2019-10-11 Marcus Burghardt <mburghardt@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libsmime3.so.txt, automation/abi-check /expected-report-libssl3.so.txt, cmd/addbuiltin/addbuiltin.c, cmd/lib/secutil.c, gtests/softoken_gtest/manifest.mn, gtests/softoken_gtest/softoken_gtest.gyp, gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc, lib/certdb/certdb.c, lib/certdb/certt.h, lib/ckfw/builtins/README, lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/manifest.mn, lib/ckfw/builtins/nssckbi.h, lib/ckfw/builtins/testlib/Makefile, lib/ckfw/builtins/testlib/builtins-testlib.gyp, lib/ckfw/builtins/testlib/certdata-testlib.txt, lib/ckfw/builtins/testlib/config.mk, lib/ckfw/builtins/testlib/manifest.mn, lib/ckfw/builtins/testlib /nssckbi-testlib.rc, lib/ckfw/builtins/testlib/testcert_err_distrust.txt, lib/ckfw/builtins/testlib/testcert_no_distrust.txt, lib/ckfw/builtins/testlib/testcert_ok_distrust.txt, lib/ckfw/manifest.mn, lib/nss/nss.def, lib/pki/pki3hack.c, lib/softoken/sdb.c, lib/util/pkcs11n.h, nss.gyp, tests/cert/cert.sh: Bug 1465613 - Created two new fields for scheduled distrust from builtins and updated support commands. r=jcj,kjacobs,mt Added two new fields do scheduled distrust of CAs in nssckbi/builtins. Also, created a testlib to validate these fields with gtests. [52024949df95] 2019-10-14 Martin Thomson <martin.thomson@gmail.com> * lib/ssl/tls13con.c: Bug 1588557 - Fix debug statement, r=jcj [0f563a2571c3] 2019-10-15 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp, lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/lib/pkixcert.cpp: bug 1579060 - fix handling of issuerUniqueID and subjectUniqueID in mozilla::pkix::BackCert r=jcj According to RFC 5280, the definitions of issuerUniqueID and subjectUniqueID in TBSCertificate are as follows: issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, where UniqueIdentifier is a BIT STRING. IMPLICIT tags replace the tag of the underlying type. For these fields, there is no specified class (just a tag number within the class), and the underlying type of BIT STRING is "primitive" (i.e. not constructed). Thus, the tags should be of the form CONTEXT SPECIFIC | [number in class], which comes out to 0x81 and 0x82, respectively. When originally implemented, mozilla::pkix incorrectly required that the CONSTRUCTED bit also be set for these fields. Consequently, the library would reject any certificate that actually contained these fields. Evidently such certificates are rare. [c50f933d37a5] 2019-10-14 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1459141 - Rewrite softoken CBC pad check to be constant time. r=kjacobs,jcj [474d62c9d0db] 2019-10-11 J.C. Jones <jjones@mozilla.com> * .hgtags: Added tag NSS_3_47_BETA1 for changeset 93245f5733b3 [f60dbafbc182] Differential Revision: https://phabricator.services.mozilla.com/D49470 --HG-- extra : moz-landing-system : lando |
||
|
J.C. Jones
|
962e9e53a9 |
Backed out changeset 3eb63c112f5a (Bug 1577822) for breaking WebAuthn mochitests UPGRADE_NSS_RELEASE
Differential Revision: https://phabricator.services.mozilla.com/D49374 --HG-- extra : moz-landing-system : lando |