2021-02-19 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.62 final
[a8e045a9fff6] [NSS_3_62_RTM] <NSS_3_62_BRANCH>
2021-02-15 Benjamin Beurdouche <bbeurdouche@mozilla.com>
* .hgtags:
Added tag NSS_3_62_BETA1 for changeset a5c857139b37
[145c269c82d6] <NSS_3_62_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D105739
This is only used for CORS preflight requests. It is controlled by a pref.
Connections that server such request will be isolated from other anonymous connections.
Differential Revision: https://phabricator.services.mozilla.com/D96775
```
2021-02-05 Danh <congdanhqx@gmail.com>
* gtests/manifest.mn:
Bug 1688374 - Fix parallel build NSS-3.61 with make. r=kjacobs
[a5c857139b37] [NSS_3_62_BETA1]
2021-02-05 Robert Relyea <rrelyea@redhat.com>
* lib/libpkix/pkix/util/pkix_tools.c:
Bug 1682044 pkix_Build_GatherCerts() + pkix_CacheCert_Add() can
corrupt "cachedCertTable"
Patch by Andrew Cagney Preliminary Review by Ryan Sleevie Tested
against all.sh rrelyea. r=kjacobs
(this bug is old)
pkix_Build_GatherCerts() has two code paths for creating the list
"certsFound":
pkix_CacheCert_Lookup() this sets "certsFound" to a new list
"certsFound" and "cachedCertTable" share items but not the list
pkix_CacheCert_Add(pkix_pl_Pk11CertStore_CertQuery()) this sets
"certsFound" to a new list; and then adds the list to
"cachedCertTable" "certsFound" and "cachedCertTable" share a linked
list
Because the latter doesn't create a separate list, deleting list
elements from "certsFound" can also delete list elements from within
"cacheCertTable". And if this happens while pkix_CacheCert_Lookup()
is trying to update the same element's reference, a core dump can
result.
In detail (note that reference counts may occasionally seem off by
1, its because data is being captured before function local
variables release their reference):
pkix_Build_GatherCerts() calls pkix_pl_Pk11CertStore_CertQuery()
(via a pointer) to sets "certsFound":
PKIX_CHECK(getCerts (certStore, state->certSel, state->verifyNode,
&nbioContext, &certsFound, plContext), PKIX_GETCERTSFAILED);
it then calls:
PKIX_CHECK(pkix_CacheCert_Add (certStore, certSelParams,
certsFound, plContext), PKIX_CACHECERTADDFAILED);
[dafda4eee75c]
```
Differential Revision: https://phabricator.services.mozilla.com/D105209
There are no code changes, only #include changes.
It was a fairly mechanical process: Search for all "AUTO_PROFILER_LABEL", and in each file, if only labels are used, convert "GeckoProfiler.h" into "ProfilerLabels.h" (or just add that last one where needed).
In some files, there were also some marker calls but no other profiler-related calls, in these cases "GeckoProfiler.h" was replaced with both "ProfilerLabels.h" and "ProfilerMarkers.h", which still helps in reducing the use of the all-encompassing "GeckoProfiler.h".
Differential Revision: https://phabricator.services.mozilla.com/D104588
Bug 1583610 modified the cipher suite ordering on ARM devices to prefer
ChaCha20/Poly1305 with the assumption that hardware support for AES wouldn't be
available. However, because there are ARM devices with hardware support for
AES, this patch makes this only happen when that support isn't available.
Differential Revision: https://phabricator.services.mozilla.com/D104897
Loading an accumulated set of crlite stashes can take some time. To address
this, this patch dispatches an asynchronous background task to read the
accumulated set of crlite stashes in a way that doesn't block certificate
verification. Of course, this means that the stash information won't
necessarily be available for the first few verifications. This shouldn't be a
security concern as long as the crlite filter is no more than 10 days out of
date (the maximum lifespan of an OCSP response, which is what Firefox relies on
currently in release). Note that currently crlite filters as published by
remote settings regularly end up being more than 10 days old, which will be
addressed in https://github.com/mozilla/crlite/issues/153. Note further that
crlite is currently not being enforced by default on any channel, so making
this change now is not a security concern.
Differential Revision: https://phabricator.services.mozilla.com/D104447
InitializeCipherSuite() in nsNSSComponent.cpp controls which encryption schemes
are allowed when decrypting PKCS12 files. Before this patch, the AES ciphers
were not enabled, which prevented importing PKCS12 files that used AES.
This patch fixes this and adds a test.
Differential Revision: https://phabricator.services.mozilla.com/D104567
2021-02-04 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_recordsize_unittest.cc, lib/ssl/ssl3ext.c:
Bug 1690583 - Fix CH padding extension size calculation. r=mt
Bug 1654332 changed the way that NSS constructs Client Hello
messages. `ssl_CalculatePaddingExtLen` now receives a
`clientHelloLength` value that includes the 4B handshake header.
This looks okay per the inline comment (which states that only the
record header is omitted from the length), but the function actually
assumes that the handshake header is also omitted.
This patch removes the addition of the handshake header length.
Those bytes are already included in the buffered CH.
[fc3a4c142c16] [tip]
* automation/abi-check/expected-report-libnss3.so.txt:
Bug 1690421 - Adjust 3.62 ABI report formatting for new libabigail.
r=bbeurdouche
[a1ed44dba32e]
2021-02-03 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/docker-builds/Dockerfile:
Bug 1690421 - Install packaged libabigail in docker-builds image
r=bbeurdouche
[3c719b620136]
2021-01-31 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c,
lib/ssl/tls13hashstate.c, lib/ssl/tls13hashstate.h:
Bug 1689228 - Minor ECH -09 fixes for interop testing, fuzzing. r=mt
A few minor ECH -09 fixes for interop testing and fuzzing:
- selfserv now takes a PKCS8 keypair for ECH. This is more
maintainable and significantly less terrible than parsing the
ECHConfigs and cobbling one together within selfserv (e.g. we can
support other KEMs without modifying the server).
- Get rid of the newline character in tstclnt retry_configs output.
- Fuzzer fixes in tls13_HandleHrrCookie:
- We shouldn't use internal_error when PK11_HPKE_ImportContext fails.
Cookies are unprotected in fuzzer mode, so this can be expected to
occur.
- Only restore the application token when recovering hash state,
otherwise the copy could happen twice, leaking one of the
allocations.
[8bbea1902024]
2021-01-25 Kevin Jacobs <kjacobs@mozilla.com>
* lib/ssl/ssl3exthandle.c:
Bug 1674819 - Fixup a51fae403328, enum type may be signed.
r=bbeurdouche
[2004338a2080]
Differential Revision: https://phabricator.services.mozilla.com/D104258
See bug 1689728. To avoid contention on NSS resources and thread-safety issues,
this patch dispatches synchronous events to the socket thread in
NSSCertDBTrustDomain::GetCertTrust and FindIssuer to gather information from
NSS rather than using NSS directly on the cert verification threads.
Differential Revision: https://phabricator.services.mozilla.com/D103514
This patch improves the performance of DER.jsm by changing readBytes to use
slice rather than repeatedly calling readByte.
Additionally, this patch removes the validation that the input to DERDecoder
consists of an array of integers in the range [0, 255]. This check is
unnecessary for all current consumers of DER.jsm because the input comes from
atob, which only outputs values in that range. If other consumers use DER.jsm
in the future, they will have to determine whether or not they need to validate
the input themselves first.
Differential Revision: https://phabricator.services.mozilla.com/D103838
The patch for the chromium changes doesn't include the updates to
windows_version, because these are already in the release version of chromium
and so will be picked up when we next update.
Differential Revision: https://phabricator.services.mozilla.com/D103473
When we moved to python3, sign_app.py had some issues that weren't addressed.
This patch addresses those issues and regenerates the input files for
test_signed_apps.js because the issuing certificates will expire soon.
Differential Revision: https://phabricator.services.mozilla.com/D103063
2021-01-22 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.62 Beta
[680ec01577b9]
2021-01-23 Kevin Jacobs <kjacobs@mozilla.com>
* tests/chains/scenarios/nameconstraints.cfg,
tests/libpkix/certs/NameConstraints.ipaca.cert,
tests/libpkix/certs/NameConstraints.ocsp1.cert:
Bug 1686134 - Renew two chains libpkix test certificates. r=rrelyea
[3ddcd845704c]
2021-01-25 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hpke-vectors.h,
gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/pk11wrap/pk11hpke.c,
lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h:
Bug 1678398 - Update HPKE to draft-07. r=mt
This patch updates HPKE to draft-07. A few other minor changes are
included:
- Refactor HPKE gtests for increased parameterized testing.
- Replace memcpy calls with PORT_Memcpy
- Serialization tweaks to make way for context Export/Import (D99277).
This should not be landed without an ECH update, as fixed ECH test
vectors will otherwise fail to decrypt.
[e0bf8cadadc7]
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11pub.h:
Bug 1678398 - Add Export/Import functions for HPKE context. r=mt
This patch adds and exports two new HPKE functions:
`PK11_HPKE_ExportContext` and `PK11_HPKE_ImportContext`, which are
used to export a serialized HPKE context, then later reimport that
context and resume Open and Export operations. Only receiver
contexts are currently supported for export (see the rationale in
pk11pub.h).
One other change introduced here is that `PK11_HPKE_GetEncapPubKey`
now works as expected on the receiver side.
If the `wrapKey` argument is provided to the Export/Import
functions, then the symmetric keys are wrapped with AES Key Wrap
with Padding (SP800-38F, 6.3) prior to serialization.
[8bcd12ab3b34]
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslsecur.c, lib/ssl/sslsock.c,
lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h,
lib/ssl/tls13ech.c, lib/ssl/tls13ech.h, lib/ssl/tls13exthandle.c,
lib/ssl/tls13exthandle.h, lib/ssl/tls13hashstate.c,
lib/ssl/tls13hashstate.h:
Bug 1681585 - Update ECH to Draft-09. r=mt
This patch updates ECH implementation to draft-09. Changes of note
are:
- Acceptance signal derivation is now based on the handshake secret.
- `config_id` hint changes from 32B to 8B, trial decryption added on
the server.
- Duplicate code in HRR cookie handling has been consolidated into
`tls13_HandleHrrCookie`.
- `ech_is_inner` extension is added, which causes a server to indicate
ECH acceptance.
- Per the above, support signaling ECH acceptance when acting as a
backend server in split-mode (i.e. when there is no other local
Encrypted Client Hello state).
[ed07a2e2a124]
2021-01-24 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/selfserv/selfserv.c:
Bug 1681585 - Add ECH support to selfserv. r=mt
Usage example: mkdir dbdir && cd dbdir certutil -N -d . certutil -S
-s "CN=ech-public.com" -n ech-public.com -x -t "C,C,C" -m 1234 -d .
certutil -S -s "CN=ech-private-backend.com" -n ech-private-
backend.com -x -t "C,C,C" -m 2345 -d . ../dist/Debug/bin/selfserv -a
ech-public.com -a ech-private-backend.com -n ech-public.com -n ech-
private-backend.com -p 8443 -d dbdir/ -X publicname:ech-public.com
(Copy echconfig from selfserv output and paste into the below
command) ../dist/Debug/bin/tstclnt -D -p 8443 -v -A
tests/ssl/sslreq.dat -h ech-private-backend.com -o -N <echconfig> -v
[92dcda94c1d4]
Differential Revision: https://phabricator.services.mozilla.com/D102982
