| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D112143
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=bbeurdouche
Currently, NSS assumes that every PowerPC target supports the crypto
and VSX extensions of the PowerPC ABI. However, VSX was only introduced
with ISA version 2.06 and the crypto extensions with ISA version 2.07
and enabling them on older PowerPC targets will result in a SIGILL. Thus,
make their use configurable and enable them by default on ppc64le only.
Differential Revision: https://phabricator.services.mozilla.com/D105354
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D108638
|
|
|
|
|
|
| |
ppc_crypto_support() for clang. r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D108354
|
|
|
|
|
|
|
|
| |
acceleration r=beurdouche
Depends on D107221
Differential Revision: https://phabricator.services.mozilla.com/D107788
|
|
|
|
|
|
|
|
| |
r=bbeurdouche
Depends on D107220
Differential Revision: https://phabricator.services.mozilla.com/D107221
|
|
|
|
|
|
| |
r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D107220
|
|
|
|
|
|
|
|
| |
r=beurdouche
Depends on D106881
Differential Revision: https://phabricator.services.mozilla.com/D107787
|
|
|
|
|
|
|
|
| |
to prevent build isses with GCC 4.8. r=bbrumley
Depends on D102389
Differential Revision: https://phabricator.services.mozilla.com/D106881
|
|
|
|
|
|
| |
multiplication r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D102389
|
|
|
|
|
|
|
|
| |
to prevent build isses with GCC 4.8. r=bbrumley
Depends on D102406
Differential Revision: https://phabricator.services.mozilla.com/D106882
|
|
|
|
|
|
| |
multiplication r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D102406
|
|
|
|
|
|
| |
c95ab70fcb2bc21025d8845281bc4bc8987ca683 r=beurdouche
Differential Revision: https://phabricator.services.mozilla.com/D107387
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D106617
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=ueno,bbeurdouche
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Steps to reproduce:
Using NSS with PKCS #11 library that returns CKR_ATTRIBUTE_VALUE_INVALID when searching for CKA_CLASS = CKO_PROFILE.
Actual results:
PK11_InitToken calls pk11_ReadProfileList and passes on failures. Thus, if the profiles cannot be read the token cannot be initialized.
pk11_ReadProfileList in turn uses pk11_FindObjectsByTemplate to search for CKO_PROFILE objects. This function fails if C_FindObjectsInit fails.
However, it should be perfectly ok that C_FindObjectsInit fails if CKO_PROFILE is not known. In fact, CKR_ATTRIBUTE_VALUE_INVALID is a valid return code here since the library does not know (yet) the value CKO_PROFILE for CKA_CLASS and since the CKA_CLASS is a fixed list it the standard allows to return this error code.
Expected results:
PK11_InitToken should complete successfully.
Differential Revision: https://phabricator.services.mozilla.com/D106167
|
|
|
|
|
|
| |
Depends on D104418
Differential Revision: https://phabricator.services.mozilla.com/D106144
|
|
|
|
|
|
| |
build. r=rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D104418
|
|
|
|
|
|
| |
CA changes, CA list version 2.48. r=KathleenWilson
Differential Revision: https://phabricator.services.mozilla.com/D105451
|
|
|
|
|
|
| |
'Chambers of Commerce' and 'Global Chambersign' roots. r=KathleenWilson
Differential Revision: https://phabricator.services.mozilla.com/D105435
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D85334
|
|
|
|
|
|
|
|
| |
r=KathleenWilson
Depends on D105448
Differential Revision: https://phabricator.services.mozilla.com/D105457
|
|
|
|
|
|
| |
r=KathleenWilson
Differential Revision: https://phabricator.services.mozilla.com/D105448
|
|
|
|
|
|
| |
NSS. r=KathleenWilson
Differential Revision: https://phabricator.services.mozilla.com/D105444
|
|
|
|
|
|
| |
Root CA - G3” root cert in NSS. r=KathleenWilson
Differential Revision: https://phabricator.services.mozilla.com/D105436
|
|
|
|
|
|
| |
2008' and 'Global Chambersign Root - 2008'. r=KathleenWilson
Differential Revision: https://phabricator.services.mozilla.com/D105433
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D104259
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"cachedCertTable"
Patch by Andrew Cagney
Preliminary Review by Ryan Sleevie
Tested against all.sh rrelyea.
r=kjacobs
(this bug is old)
pkix_Build_GatherCerts() has two code paths for creating the list "certsFound":
pkix_CacheCert_Lookup()
this sets "certsFound" to a new list
"certsFound" and "cachedCertTable" share items but not the list
pkix_CacheCert_Add(pkix_pl_Pk11CertStore_CertQuery())
this sets "certsFound" to a new list; and then adds the list to "cachedCertTable"
"certsFound" and "cachedCertTable" share a linked list
Because the latter doesn't create a separate list, deleting list elements from "certsFound" can also delete list elements from within "cacheCertTable". And if this happens while pkix_CacheCert_Lookup() is trying to update the same element's reference, a core dump can result.
In detail (note that reference counts may occasionally seem off by 1, its because data is being captured before function local variables release their reference):
pkix_Build_GatherCerts() calls pkix_pl_Pk11CertStore_CertQuery() (via a pointer) to sets "certsFound":
PKIX_CHECK(getCerts
(certStore,
state->certSel,
state->verifyNode,
&nbioContext,
&certsFound,
plContext),
PKIX_GETCERTSFAILED);
it then calls:
PKIX_CHECK(pkix_CacheCert_Add
(certStore,
certSelParams,
certsFound,
plContext),
PKIX_CACHECERTADDFAILED);
|
|
|
|
|
|
|
|
| |
Bug 1654332 changed the way that NSS constructs Client Hello messages. `ssl_CalculatePaddingExtLen` now receives a `clientHelloLength` value that includes the 4B handshake header. This looks okay per the inline comment (which states that only the record header is omitted from the length), but the function actually assumes that the handshake header is also omitted.
This patch removes the addition of the handshake header length. Those bytes are already included in the buffered CH.
Differential Revision: https://phabricator.services.mozilla.com/D103934
|
|
|
|
|
|
| |
r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D104067
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D103849
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few minor ECH -09 fixes for interop testing and fuzzing:
- selfserv now takes a PKCS8 keypair for ECH. This is more maintainable and significantly
less terrible than parsing the ECHConfigs and cobbling one together within selfserv
(e.g. we can support other KEMs without modifying the server).
- Get rid of the newline character in tstclnt retry_configs output.
- Fuzzer fixes in tls13_HandleHrrCookie:
- We shouldn't use internal_error when PK11_HPKE_ImportContext fails. Cookies are
unprotected in fuzzer mode, so this can be expected to occur.
- Only restore the application token when recovering hash state, otherwise the
copy could happen twice, leaking one of the allocations.
Differential Revision: https://phabricator.services.mozilla.com/D103247
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D102964
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usage example:
mkdir dbdir && cd dbdir
certutil -N -d .
certutil -S -s "CN=ech-public.com" -n ech-public.com -x -t "C,C,C" -m 1234 -d .
certutil -S -s "CN=ech-private-backend.com" -n ech-private-backend.com -x -t "C,C,C" -m 2345 -d .
../dist/Debug/bin/selfserv -a ech-public.com -a ech-private-backend.com -n ech-public.com -n ech-private-backend.com -p 8443 -d dbdir/ -X publicname:ech-public.com
(Copy echconfig from selfserv output and paste into the below command)
../dist/Debug/bin/tstclnt -D -p 8443 -v -A tests/ssl/sslreq.dat -h ech-private-backend.com -o -N <echconfig> -v
Differential Revision: https://phabricator.services.mozilla.com/D101050
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates ECH implementation to draft-09. Changes of note are:
- Acceptance signal derivation is now based on the handshake secret.
- `config_id` hint changes from 32B to 8B, trial decryption added on the server.
- Duplicate code in HRR cookie handling has been consolidated into `tls13_HandleHrrCookie`.
- `ech_is_inner` extension is added, which causes a server to indicate ECH acceptance.
- Per the above, support signaling ECH acceptance when acting as a backend server in split-mode
(i.e. when there is no other local Encrypted Client Hello state).
Differential Revision: https://phabricator.services.mozilla.com/D101049
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds and exports two new HPKE functions: `PK11_HPKE_ExportContext` and
`PK11_HPKE_ImportContext`, which are used to export a serialized HPKE context,
then later reimport that context and resume Open and Export operations. Only receiver
contexts are currently supported for export (see the rationale in pk11pub.h).
One other change introduced here is that `PK11_HPKE_GetEncapPubKey` now works as
expected on the receiver side.
If the `wrapKey` argument is provided to the Export/Import functions, then the
symmetric keys are wrapped with AES Key Wrap with Padding (SP800-38F, 6.3)
prior to serialization.
Differential Revision: https://phabricator.services.mozilla.com/D99277
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates HPKE to draft-07. A few other minor changes are included:
- Refactor HPKE gtests for increased parameterized testing.
- Replace memcpy calls with PORT_Memcpy
- Serialization tweaks to make way for context Export/Import (D99277).
This should not be landed without an ECH update, as fixed ECH test vectors
will otherwise fail to decrypt.
Differential Revision: https://phabricator.services.mozilla.com/D99276
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D102670
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D101648
|
|
|
|
|
|
| |
r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D101668
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D101218
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with slow PKCS11 devices. r=bbeurdouche
This patch reverts the `nssSlot_IsTokenPresent` changes made in bug 1663661
and bug 1679290, restoring the version used in NSS 3.58 and earlier. It's not an
actual `hg backout` because the comment in lib/dev/devt.h is worth keeping.
While removing the nested locking did resolve the hang for some (most?) third-party
modules, problems remain with some slower tokens after an even further relaxation
of the locking, which defeats the purpose of addressing the races in the first place.
The crash addressed by these patches was caused by the Intermediate Preloading
Healer in Firefox, which has been disabled. We clearly have insufficient test
coverage for third-party modules, and now that osclientcerts is enabled in Fx
Nightly, any problems caused by these and similar changes is unlikely to be
reported until Fx Beta, well after NSS RTM. I think the best option at this
point is to simply revert NSS.
Differential Revision: https://phabricator.services.mozilla.com/D100344
|