| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D49978
|
|
|
|
|
|
|
| |
Fixed controls to avoid crashes caused by slots possibly without a token in pk11_fastCert.
Also, improved arguments controls in PK11_MakeCertFromHandle.
Differential Revision: https://phabricator.services.mozilla.com/D51406
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D52469
|
|
|
|
|
|
|
|
|
| |
* Update the Taskcluster client used in the decision task to one that
understands Taskcluster rootUrls.
* Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL
* the absence of this variale signals an "old" worker so we use an "old" URL
Differential Revision: https://phabricator.services.mozilla.com/D52287
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D51952
|
| |
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D49667
|
|
|
|
|
|
| |
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.
Differential Revision: https://phabricator.services.mozilla.com/D49658
|
|
|
|
|
|
| |
This patch adds test vectors for padded AES Key Wrap. AES-CBC and 3DES-CBC ports of the same vectors will be included in a separate revision.
Differential Revision: https://phabricator.services.mozilla.com/D49503
|
|
|
|
|
|
|
|
| |
end-entity certs with default scheme override r=mt
If an end-entity cert has an SPKI type of 'rsaEncryption', override the DC alg to be `ssl_sig_rsa_pss_rsae_sha256`.
Differential Revision: https://phabricator.services.mozilla.com/D49176
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
and updated support commands. r=jcj,kjacobs,mt
Added two new fields do scheduled distrust of CAs in nssckbi/builtins.
Also, created a testlib to validate these fields with gtests.
Differential Revision: https://phabricator.services.mozilla.com/D36597
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D49177
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mozilla::pkix::BackCert r=jcj
According to RFC 5280, the definitions of issuerUniqueID and subjectUniqueID in
TBSCertificate are as follows:
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
where UniqueIdentifier is a BIT STRING.
IMPLICIT tags replace the tag of the underlying type. For these fields, there is
no specified class (just a tag number within the class), and the underlying type
of BIT STRING is "primitive" (i.e. not constructed). Thus, the tags should be of
the form CONTEXT SPECIFIC | [number in class], which comes out to 0x81 and 0x82,
respectively.
When originally implemented, mozilla::pkix incorrectly required that the
CONSTRUCTED bit also be set for these fields. Consequently, the library would
reject any certificate that actually contained these fields. Evidently such
certificates are rare.
Differential Revision: https://phabricator.services.mozilla.com/D49013
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Adds an option to disable ARMv8 HW AES, if `-Ddisable_arm_hw_aes=1` is passed to build.sh.
Depends on D34473
Differential Revision: https://phabricator.services.mozilla.com/D44018
|
|
|
|
|
|
|
|
|
| |
r=kjacobs,mt
`AESContext->iv` doesn't align to 16 bytes on PGO build, so we should remove
__builtin_assume. Also, I guess that `expandedKey` has same problem.
Differential Revision: https://phabricator.services.mozilla.com/D40607
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D34473
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This patch started as an attempt to ensure that a DSA signature scheme would not
be advertised if we weren't willing to negotiate versions less than TLS 1.3.
Then I realized that we didn't do the same for PKCS#1 RSA.
Then I realized that we were still willing to try to establish connections when
we had a certificate that we couldn't use.
Then I realized that ssl3_config_match_init() wasn't being run consistently. On
resumption, we only ran it when we were PARANOID. That's silly because we
weren't checking policies.
Then I realized that we were allowing ECDSA certificates to be used when the
named group in the certificate was disabled. We weren't enforcing that
consistently either. However, I also discovered that the check we have wouldn't
work without a tweak because in TLS 1.3 the named group is part of the signature
scheme; the configured named groups are only used prior to TLS 1.3 when
selecting ECDSA/ECDH certificates.
So that sounds like a lot of changes but what it boils down to is more robust
checking of the configuration prior to starting a connection. As a result, we
should be offering fewer options that we're unwilling or unable to follow
through on. A good number of tests needed tweaking as a result because we were
relying on getting past the checks in those tests. No real problems were found
as a result; this just moves failures that might arise from misconfiguration a
little earlier in the process.
Differential Revision: https://phabricator.services.mozilla.com/D45966
|
|
|
|
|
|
| |
This patch stores the nickname (if specified) during EC key import. This was already done for all other key types.
Differential Revision: https://phabricator.services.mozilla.com/D48459
|
|
|
|
|
|
|
|
| |
r=jcj
Some conditionals that are always true were removed.
Differential Revision: https://phabricator.services.mozilla.com/D48255
|
|
|
|
|
|
| |
ECB mode should not require an IV.
Differential Revision: https://phabricator.services.mozilla.com/D47990
|
|
|
|
|
|
|
|
| |
mechanism-specific structs. r=jcj
This patch adds missing PKCS11 input parameter checks, which are needed prior to casting to mechanism-specific structs.
Differential Revision: https://phabricator.services.mozilla.com/D44075
|
|
|
|
|
|
| |
HKDF-Expand enforces a maximum output length much shorter than stated in the RFC. This patch aligns the implementation with the RFC by allocating more output space when necessary.
Differential Revision: https://phabricator.services.mozilla.com/D45249
|
|
|
|
|
|
| |
Adds additional EC key corner case testing.
Differential Revision: https://phabricator.services.mozilla.com/D34388
|
|
|
|
|
|
|
|
|
|
| |
SFTKSession objects are only ever actually destroyed at PK11 session closure,
as the session is always the final holder -- and asserting refCount == 1 shows
that to be true. Because of that, NSC_CloseSession can just call
`sftk_DestroySession` directly and leave `sftk_FreeSession` as a no-op to be
removed in the future.
Differential Revision: https://phabricator.services.mozilla.com/D47010
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: rrelyea, mt
Reviewed By: mt
Subscribers: HubertKario
Bug #: 1494063
Differential Revision: https://phabricator.services.mozilla.com/D29166
|
|
|
|
|
|
|
|
|
| |
Summary:
This prevents crashes on invalid, particularly NULL, keys for DH and ECDH.
I factored out test code already landed for this.
Differential Revision: https://phabricator.services.mozilla.com/D15062
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D15061
|
| |
|
|
|
|
|
|
| |
out. r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D47013
|
| |
|
|
|
|
|
|
| |
Validate tag size in AES_GCM.
Differential Revision: https://phabricator.services.mozilla.com/D44900
|
|
|
|
|
|
| |
Ensure the arguments passed to these functions are valid.
Differential Revision: https://phabricator.services.mozilla.com/D44721
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This increases the limit of record expansion by 16 so that it doesn't
reject maximum block padding when HMAC-SHA384 is used.
To test this, tlsfuzzer is updated to the latest version
(commit 80d7932ead1d8dae6e555cfd2b1c4c5beb2847df).
Reviewers: mt
Reviewed By: mt
Bug #: 1580286
Differential Revision: https://phabricator.services.mozilla.com/D46760
|
|
|
|
| |
r=jcj
|
| |
|
|
|
|
|
|
|
|
| |
r=jcj,kjacobs,mt
Created two new experimental functions which permit the caller change the default order of CipherSuites used during the handshake.
Differential Revision: https://phabricator.services.mozilla.com/D36588
|
| |
|
| |
|