CERT_FindUserCertsByUsage is inefficient when the corpus of known certificates
consists mostly of certificates that don't have corresponding private keys,
which is expected to be the case for most Firefox users. This change updates
the "does the user have any client certificates" functionality to use the more
efficient "FindNonCACertificatesWithPrivateKeys" function added in bug 1573542.
Differential Revision: https://phabricator.services.mozilla.com/D46499
--HG--
extra : moz-landing-system : lando
Before this patch, Firefox would call CERT_FindUserCertsByUsage to gather all
known client certificates. This function enumerates all known certificates and
filters some of them out. When there are many certificates that are not client
certificates (e.g. roots and intermediates), this is inefficient. Since this is
likely to be the case for most users, this patch optimizes this task by instead
first searching for private keys and then gathering all certificates that have
corresponding public keys.
Differential Revision: https://phabricator.services.mozilla.com/D46187
--HG--
extra : moz-landing-system : lando
2019-09-18 Kevin Jacobs <kjacobs@mozilla.com>
* cmd/lib/derprint.c:
Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj
Check for pointer wrap on output-length check in the derdump
utility.
[a3ee4f26b4c1] [tip]
2019-09-18 Giulio Benetti <giulio.benetti@micronovasrl.com>
* lib/freebl/gcm-aarch64.c:
Bug 1580126 - Fix build failure on aarch64_be while building
freebl/gcm r=kjacobs
Build failure is caused by different #ifdef conditions in gcm.c and
gcm-aarch64.c that leads to double declaration of the same gcm_*
functions.
Fix #ifdef condition in gcm-aarch64.c making it the same as the one
in gcm.c.
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
[fa0d958de0c3]
2019-09-17 Kai Engert <kaie@kuix.de>
* automation/taskcluster/graph/src/extend.js:
Bug 1385039 - Build NSPR tests as part of NSS continuous
integration. r=kjacobs
[cc97f1a93038]
2019-09-17 Landry Breuil <landry@openbsd.org>
* lib/freebl/Makefile:
Bug 1581391 - include gcm-aarch64 on all unices, not only linux
r=kjacobs
[e7b4f293fa4e]
2019-09-17 Martin Thomson <mt@lowentropy.net>
* mach:
Bug 1581041 - Rename mach-commands to mach-completion, r=jcj
This means that we can point our completion at the gecko one.
[bc91272fcbdc]
2019-09-16 Jenine <jenine_c@outlook.com>
* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
r=marcusburghardt
[4569b745f74e]
2019-09-13 Daiki Ueno <dueno@redhat.com>
* lib/certhigh/certvfy.c:
Bug 1542207, fix policy check on signature algorithms, r=rrelyea
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1542207
[ed8a41d16c1c]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[c66dd879d16a]
2019-09-06 Martin Thomson <mt@lowentropy.net>
* automation/taskcluster/graph/src/queue.js:
Bug 1579290 - Disable LSAN during builds, r=ueno
Summary: See the bug description for details.
[f28f3d7b7cf0]
2019-09-13 Kai Engert <kaie@kuix.de>
* Makefile, build.sh, coreconf/nspr.sh, help.txt:
Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
build/run NSPR tests. r=jcj
[8b4a226f7d23]
2019-09-11 Kai Engert <kaie@kuix.de>
* nss.gyp:
Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
[1fe61aadaf57]
2019-09-10 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/pk12util/pk12util.c:
Bug 1579036 - Define error when trying to export non-existent cert
with pk12util. r=jcj
[65ab97f03c89]
2019-09-04 Martin Thomson <mt@lowentropy.net>
* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
Bug 1578626 - Remove undefined nullptr decrement, r=keeler
Summary: This uses uintptr_t to avoid the worst. It still looks
terrible and might trip static analysis warnings, but the
reinterpret_cast should hide that.
This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
an assertion so that we'll at least fail the test on those systems.
(We could use GTEST_SKIP instead, but we don't have that in the
version of gtest that we use.)
Reviewers: keeler
Tags: #secure-revision
Bug #: 1578626
[d2485b1c997e]
2019-09-05 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
Bug 1578751 - Ensure a consistent style for
pk11_find_certs_unittest.cc. r=jcj
Adjusted the style and clang-format after the changes in some var
names.
[e95fee7f59e5]
Differential Revision: https://phabricator.services.mozilla.com/D46246
--HG--
extra : moz-landing-system : lando
If code acquires a handle on the certificate verifier before the loadable roots
background task completes, that instance of the verifier may not know about any
enterprise certificates loaded, and so early certificate verifications relying
on those certificates may fail. To prevent this, this patch ensures that the
background task has completed before returning the handle. Note that there
should be no effect on performance since CertVerifier already ensures that the
background task has completed internally before looking for potential issuer
certificates.
Differential Revision: https://phabricator.services.mozilla.com/D46224
--HG--
extra : moz-landing-system : lando
Calling CERT_NewTempCertificate on an enterprise certificate is inefficient
because NSS tries (and fails) to find a copy of that certificate in its internal
data structures (which includes querying softoken, which involves hitting the
disk). We can avoid doing so for these certificates in
NSSCertDBTrustDomain::GetCertTrust because we already know what trust values
they should have (after checking the relevant blocklists).
Differential Revision: https://phabricator.services.mozilla.com/D45588
--HG--
extra : moz-landing-system : lando
about:certificate is always trusted and we don't have to use the content principal in browser.js
Differential Revision: https://phabricator.services.mozilla.com/D45939
--HG--
extra : moz-landing-system : lando
This patch adds a new `mIsDelegatedCredential` parameter to nsITransportSecurityInfo, indicating whether or not a delegated credential keypair was used in the TLS handshake (see: https://tools.ietf.org/html/draft-ietf-tls-subcerts-03) .
This functionality is only available if _security.tls.enable_delegated_credentials_ is set to true.
Differential Revision: https://phabricator.services.mozilla.com/D39807
--HG--
extra : moz-landing-system : lando
This patch adds a new `mIsDelegatedCredential` parameter to nsITransportSecurityInfo, indicating whether or not a delegated credential keypair was used in the TLS handshake (see: https://tools.ietf.org/html/draft-ietf-tls-subcerts-03) .
This functionality is only available if _security.tls.enable_delegated_credentials_ is set to true.
Differential Revision: https://phabricator.services.mozilla.com/D39807
--HG--
extra : moz-landing-system : lando
Clearkey previously relied on OpenAES to do its encryption. In order to
facilitate future changes and the need for CBC support, switch to NSS, which
should be more flexible and actively maintained.
Differential Revision: https://phabricator.services.mozilla.com/D41993
--HG--
extra : moz-landing-system : lando
To determine whether speculative connections can be established, mozilla::net::CanEnableSpeculativeConnect checks:
1. if there is any removable slot, and
2. if there is any user cert and a private key that can be used for client authentication
However, in practice some HSM's are not removable and (1) is not sufficient, which results in a random PIN prompt appearing at (2).
This patch tighten (1) so that it also checks there is no "unfriendly" token which requires authentication anyway.
Differential Revision: https://phabricator.services.mozilla.com/D44809
--HG--
extra : moz-landing-system : lando
2019-08-30 Alexander Scheel <ascheel@redhat.com>
* automation/taskcluster/scripts/build_softoken.sh,
cmd/lib/pk11table.c, gtests/pk11_gtest/pk11_aes_cmac_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, lib/pk11wrap/debug_module.c,
lib/pk11wrap/pk11mech.c, lib/softoken/pkcs11.c,
lib/softoken/pkcs11c.c, lib/util/pkcs11t.h:
Bug 1570501 - Expose AES-CMAC in PKCS #11 API, r=mt
[cf0df88aa807] [tip]
* cpputil/freebl_scoped_ptrs.h, gtests/freebl_gtest/cmac_unittests.cc,
gtests/freebl_gtest/freebl_gtest.gyp, lib/freebl/blapi.h,
lib/freebl/cmac.c, lib/freebl/cmac.h, lib/freebl/exports.gyp,
lib/freebl/freebl_base.gypi, lib/freebl/ldvector.c,
lib/freebl/loader.c, lib/freebl/loader.h, lib/freebl/manifest.mn:
Bug 1570501 - Add AES-CMAC implementation to freebl, r=mt
[a42c6882ba1b]
2019-09-05 David Cooper <dcooper16@gmail.com>
* lib/smime/cmssiginfo.c:
Bug 657379 - NSS uses the wrong OID for signatureAlgorithm field of
signerInfo in CMS for DSA and ECDSA. r=rrelyea
[7a83b248de30]
2019-09-05 Daiki Ueno <dueno@redhat.com>
* lib/freebl/drbg.c:
Backed out changeset 934c8d0e7aba
It turned out to cause some new errors in LSan; backing out for now.
[34a254dd1357]
* lib/freebl/drbg.c:
Bug 1560329, drbg: perform continuous test on entropy source,
r=rrelyea
Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
to check that consecutive entropy blocks from the system are
different. As neither getentropy() nor /dev/urandom provides that
check on the output, this adds the self test at caller side.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1560329
[934c8d0e7aba]
2019-08-30 Kevin Jacobs <kjacobs@mozilla.com>
* coreconf/WIN32.mk:
Bug 1576664 - Remove -mms-bitfields from win32 makefile r=jcj
[bf4de7985f3d]
2019-08-29 Dana Keeler <dkeeler@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
bug 1577038 - add PK11_GetCertsFromPrivateKey r=jcj,kjacobs
PK11_GetCertFromPrivateKey only returns one certificate with a
public key that matches the given private key. This change
introduces PK11_GetCertsFromPrivateKey, which returns a list of all
certificates with public keys that match the given private key.
[9befa8d296c0]
2019-08-30 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 beta
[685cea0a7b48]
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.46 final
[decbf7bd40fd] [NSS_3_46_RTM]
Differential Revision: https://phabricator.services.mozilla.com/D44927
--HG--
extra : moz-landing-system : lando
The "unknown" bucket is inconsistent and often much higher than we expect. This
patch splits that bucket by adding the categories "from softoken (cert9.db)",
"from an external PKCS#11 token", and "imported from the OS via the 'Enterprise
Roots' feature". Hopefully this will give us more insight into this data.
Differential Revision: https://phabricator.services.mozilla.com/D44065
--HG--
extra : moz-landing-system : lando
2019-08-30 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.46 final
[decbf7bd40fd] [NSS_3_46_RTM]
2019-08-27 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_46_BETA2 for changeset 24b0fc700203
[29cd579e74e4]
Differential Revision: https://phabricator.services.mozilla.com/D44206
--HG--
extra : moz-landing-system : lando
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.
This (de)serialization will address the performance issues present in the
current implementation.
As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.
Differential Revision: https://phabricator.services.mozilla.com/D35090
--HG--
extra : moz-landing-system : lando
As part of the ongoing effort to port the nsIWebProgress events from
RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need
to (de)serialize the nsITransportSecurityInfo instance across the IPC layer.
The existing code was calling `NS_SerializeToString` which has the overhead of
(a) allocating a buffer and also performing base64 encoding/decoding. This
patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`,
`nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params
directly onto and off of the IPC message so that we don't go through the
overhead of allocating and encoding/decoding an additional buffer.
This (de)serialization will address the performance issues present in the
current implementation.
As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM
interface, since the existing serialization code was assuming it was, there is
only one implementation, and it is in C++.
Differential Revision: https://phabricator.services.mozilla.com/D35090
--HG--
extra : moz-landing-system : lando
2019-08-27 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/build_gyp.sh,
automation/taskcluster/windows/build_gyp.sh, fuzz/fuzz.gyp,
gtests/pk11_gtest/pk11_gtest.gyp,
gtests/softoken_gtest/softoken_gtest.gyp, tests/all.sh,
tests/ssl/ssl.sh:
Bug 1485533 - Close gaps in taskcluster SSL testing. r=mt
This patch increases SSL testing on taskcluster, specifically,
running an additional 395 tests on each SSL cycle (more for FIPS
targets), and adding a new 'stress' cycle.
Notable changes:
1) This patch removes SSL stress tests from the default
`NSS_SSL_RUN` list in all.sh and ssl.sh. If stress tests are needed,
this variable must be set to include.
2) The "normal_normal" case is added to `NSS_SSL_TESTS` for all
targets. FIPS targets also run "normal_fips", "fips_normal", and
"fips_fips".
3) `--enable-libpkix` is now set for all taskcluster "build.sh"
builds in order to support a number of OCSP tests that were
previously not run.
[24b0fc700203] [NSS_3_46_BETA2]
2019-08-23 Edouard Oger <eoger@fastmail.com>
* lib/sqlite/Makefile, lib/sqlite/sqlite.gyp:
Bug 1549847 - Ignore sqlite compilation warnings. r=mt
[7f146eb7adac]
2019-08-23 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_46_BETA1 for changeset 44aa330de2aa
[d3035cc9dc73]
Differential Revision: https://phabricator.services.mozilla.com/D43724
--HG--
extra : moz-landing-system : lando
performAction, performActionOnRow and performActionOnCell are methods of the
nsITreeView interface that are never called. This is to remove these methods.
A comm-central patch will be along shortly.
Differential Revision: https://phabricator.services.mozilla.com/D39273
2019-08-23 Kevin Jacobs <kjacobs@mozilla.com>
* tests/common/cleanup.sh:
Bug 1560593 - Check that BUILD_OPT is defined before testing its
value. r=jcj
[44aa330de2aa] [NSS_3_46_BETA1]
* cmd/strsclnt/strsclnt.c:
Bug 1575968 - Add strsclnt option to enforce the use of either IPv4
or IPv6 r=jcj
[da284d8993ea]
2019-08-23 Marcus Burghardt <mburghardt@mozilla.com>
* gtests/softoken_gtest/softoken_gtest.cc:
Bug 1573942 - Gtest for pkcs11.txt with different breaking line
formats. r=kjacobs
[d07a07eb0e40]
2019-08-21 Kevin Jacobs <kjacobs@mozilla.com>
* lib/util/utilmod.c:
Bug 1564284: Added check for CR + LF, r=marcusburghardt,kjacobs
Looks good and it was already tested locally with this gtest patch:
[d1d2e1e320cd]
2019-08-22 Martin Thomson <mt@lowentropy.net>
* lib/ssl/ssl3con.c:
Bug 1528666 - Formatting, a=bustage
[60eeac76c8ec]
2019-08-20 Martin Thomson <martin.thomson@gmail.com>
* gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/ssl3con.c:
Bug 1528666 - Correct resumption validation checks, r=jcj
We allowed cross-suite resumption before, but it didn't work. This
enables that for clients.
As a secondary minor tweak, clients will no longer validate the
availability of a cipher suite based on their configured version
range when attempting resumption. Instead, they will check whether
the suite works for the version in the session that they are
attempting to resume. In theory, this doesn't change anything
because the previous session should not have selected an
incompatible combination of version and cipher suite, but it's worth
being extra precise.
[cab2c8905214]
2019-08-22 Martin Thomson <mt@lowentropy.net>
* gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/ssl3con.c:
Bug 1568803 - More tests for client certificate authentication,
r=kjacobs
These were previously disabled because of difficulties (at the time)
in writing these tests for TLS 1.3. The framework, and my
understanding of it, has since improved, so these tests can be
restored and expanded. This exposed a minor correctness issue that
is also corrected.
[95f97d31c313]
Differential Revision: https://phabricator.services.mozilla.com/D43308
--HG--
extra : moz-landing-system : lando