| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
which wasn't the reviewed patch. r=jcj
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: This should help with our coverity analysis.
Reviewers: rrelyea
Tags: #secure-revision
Bug #: 1531074
Differential Revision: https://phabricator.services.mozilla.com/D21423
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Additions:
eMudhra: Bug 1515457
Hongkong Post: Bug 1532753
Tags: #secure-revision
Bug #: 1533087
Differential Revision: https://phabricator.services.mozilla.com/D22357
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D17014
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: mt
Reviewed By: mt
Bug #: 1528262
Differential Revision: https://phabricator.services.mozilla.com/D21516
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
I forgot about packet number encryption. This will help with that.
I decided to replace DeriveSecret with this. No point in having that when you have this.
Reviewers: ekr
Bug #: 1529813
Differential Revision: https://phabricator.services.mozilla.com/D20937
|
|
|
|
|
|
|
|
|
|
| |
This patch forces NSS into FIPS mode if system fips mode bit is set.
- If that bit is set, applications trying to switch out of FIPS mode will get and error code.
- Applications that check to see if they can change modes (Like Firefox and Thunderbird) will be told it can't, so the firefox <Disable FIPS> button should be grayed out if the sytem fips mode bit is set.
If the bit is not set, NSS get's it's FIPS indication it's traditional way, so the Firefox 'Enable FIPS' button will be on as normal.
This but does not change NSS behavior WRT non-FIPS algorithms.
|
|
|
|
| |
build cmsutil. r=jcj
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running clang-format with a bad version is better than not running it at all.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1530134
Differential Revision: https://phabricator.services.mozilla.com/D20938
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: jcj
Reviewed By: jcj
Bug #: 1528669
Differential Revision: https://phabricator.services.mozilla.com/D20120
|
|
|
|
| |
Bustage in m-c due to unexported symbols for cmsutil.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds a new policy keyword "DSA" to explicitly disable DSA in TLS 1.2 or earlier.
We could make this a bit more generic, e.g., by adding "ECDSA", "RSA-PSS" etc. However, considering the current use of policy in [fedora-crypto-policies](https://gitlab.com/redhat-crypto/fedora-crypto-policies), I realized that adding new keywords may cause compatibility problems; because the Fedora configuration has `disallow=ALL`, all new keywords would be disabled by default. I think it's okay for DSA, though.
Reviewers: kaie
Reviewed By: kaie
Bug #: 1493936
Differential Revision: https://phabricator.services.mozilla.com/D6777
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This just does the two functions that QUIC needs.
I reused the tests for HKDF for testing that the exposed function works identically, at least for those cases where DeriveSecret can be used.
Reviewers: ekr
Tags: #secure-revision
Bug #: 1529813
Differential Revision: https://phabricator.services.mozilla.com/D20762
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
We should really include version with the ciphersuite in case we decide to reuse the ciphersuite definitions for TLS 1.4, but also change the way they operate.
I also included a fixup for the clang4 build error from the last set.
Reviewers: ekr
Tags: #secure-revision
Bug #: 1528175
Differential Revision: https://phabricator.services.mozilla.com/D20761
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_RecordLayerData, r=ekr
Summary:
Turns out that there were two errors that made my life using SSL_RecordLayerData hard:
* SSL_ForceHandshake was returning SECFailure/PR_WOULD_BLOCK_ERROR when the record layer was replaced, even when the handshake was complete. This was being obscured in the tests by the fact that we mark sockets as complete through both the callback and SSL_ForceHandshake. I didn't change that aspect of the tests because different tests rely on that being the case. I don't have a good strategy for dealing with that, but I will continue to think on it.
* SSL_RecordLayerData was returning SECFailure/PR_WOULD_BLOCK_ERROR when it succeeded, but the AuthCertificate callback blocked. The contract for SSL_RecordLayerData is that it returns SECSuccess always. I had explicitly ignored this error in tests, which was just a mistake.
Reviewers: ekr
Tags: #secure-revision
Bug #: 1471126
Differential Revision: https://phabricator.services.mozilla.com/D20528
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: This adds handling of the post_handshake_auth extension in CH and exposes tls13_SendCertificateRequest as an experimental API. For practical use, it might need another function that checks if the post_handshake_auth extension is received.
Reviewers: mt
Reviewed By: mt
Bug #: 1471970
Differential Revision: https://phabricator.services.mozilla.com/D14154
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
separation, r=ekr
This started as an attempt to remove the cipher spec update callback we use for
testing. Using the new, public secrets interface should be better for that.
In doing so, it became apparent that we needed more interfaces to NSS to support
the use of these secrets. In particular:
1. We need to know what the KDF hash function is for a given cipher suite. This
allows users of the secret to use the right hash function.
2. We need to know what cipher spec was picked when sending 0-RTT. NSS
currently doesn't expose that information. (When receiving 0-RTT you can
safely assume that the negotiated cipher suite is good to use.)
3. We need to know what epoch NSS is currently using. Otherwise, we can't be
sure which epoch to feed it. Data from a good epoch is saved, whereas data
from a bad epoch is lost, so applications need to know.
So this patch adds these functions to the appropriate info functions and uses
that information in tests to remove and re-add protection.
The test changes are considerable. The main effect of the changes is to rely on
the new functions for managing secrets, rather than the old interface. But with
the changes in the other CLs for this bug, secrets appear before they are used,
which complicates things considerably. For that, I've moved more logic into the
TlsCipherSpec class, which now tracks per-epoch state, like sequence numbers and
record drops.
Trial decryption (yep) is used to identify the right cipher spec every time when
decrypting, so tests are no longer tolerant of failures to decrypt. It's no
longer possible to have a test enable decryption and pass when decryption fails;
this is particularly true for some parameterized tests that assumed it was OK to
enable decryption even for TLS 1.2 and earlier.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Add functions for QUIC that provide the raw content of records to callback functions.
Reviewers: ekr
Reviewed By: ekr
Bug #: 1471126
Differential Revision: https://phabricator.services.mozilla.com/D1874
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Provide updated secrets to a callback function as soon as those secrets are available.
Reviewers: ekr
Reviewed By: ekr
Bug #: 1471126
Differential Revision: https://phabricator.services.mozilla.com/D1824
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: jcj
Reviewed By: jcj
Bug #: 1528033
Differential Revision: https://phabricator.services.mozilla.com/D19839
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Bug 1525946 - update .taskcluster.yml to modern standards
Reviewers: tomprince
Reviewed By: tomprince
Bug #: 1525946
Differential Revision: https://phabricator.services.mozilla.com/D19042
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Bug 1525946 - update .taskcluster.yml to modern standards
Reviewers: mt
Reviewed By: mt
Bug #: 1525946
Differential Revision: https://phabricator.services.mozilla.com/D19041
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: This is all I plan to do for this bug.
Reviewers: jcj
Tags: #secure-revision
Bug #: 1520459
Differential Revision: https://phabricator.services.mozilla.com/D19576
|
| |
|
| |
|
| |
|
|
|
|
| |
DONTBUILD
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exponents that are too small r=jcj
Reviewers: jcj
Reviewed By: jcj
Bug #: 1517574
Differential Revision: https://phabricator.services.mozilla.com/D19019
Try: https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=9b518a646aacc092b81e94421c09aa9b87f2cab1
|
|
|
|
|
|
| |
r=jcj
Differential Revision: https://phabricator.services.mozilla.com//D18655
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpkix, when validating a leaf certificate against the CAs' name
constraints, treats the Subject DN CN attribute as a DNS name. This
may be reasonable behaviour for server certificates, but does not
make sense for other kinds of certificates (e.g. user certificates,
OCSP signing certificates, etc.)
Update the libpkix name constraints checker to only treat the CN as
a DNS name for server certificates (i.e. when id-kp-serverAuth is
asserted in the Extended Key Usage extension). For compatibility,
the behaviour is unchanged (i.e. CN is still treated as a DNS name)
when the certificate does not have an Extended Key Usage extension.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: util_gtests shouldn't need to link so much of NSS.
Reviewers: jcj
Tags: #secure-revision
Bug #: 1524902
Differential Revision: https://phabricator.services.mozilla.com/D18519
|
| |
|
| |
|
| |
|