| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
| |
r= kai
Bug 1444148
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Coverity found an unintended assignment in dtls_GatherData in a PORT_Assert,
which is only evaluated in debug builds.
Reviewers: mt
Reviewed By: mt
Bug #: 1447816
Differential Revision: https://phabricator.services.mozilla.com/D787
|
|
|
|
|
|
| |
Coverity caught that one use of sslBuffer_Append doesn't check the return,
which is abnormal. Since cleanup is the same either way, it's a matter for
OOM propagation. This adds the check in a minimal way.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update version number
- Forbid negotiating < TLS 1.3 with supported_versions
- Change to version number 0303 after HRR. Plus test
- Update AAD.
https://phabricator.services.mozilla.com/D753
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
The code changes here are relatively straightforward, though there are a few changes of note:
* To make read and write more consistent, I changed `seqNum` on ssl3CipherSpec `nextSeqNum`. The write side didn't change, but the read side previously saved the last sequence number in that slot. This makes the sequence number recovery simpler and makes the code easier to reason able as a whole.
* SSL3Ciphertext now it holds the raw header and no longer has a type field. Passing the raw header through allows ssl3_HandleRecord and the functions that it calls to recover the sequence number. I considered doing the recovery in the gather functions, which used to recover the sequence number, but they don't have access to the cipher spec.
* Record construction now works in order: the header is written out first, with the length filled in after encryption. This uses sslBuffer in a way more consistent with other functions.
* The hack where a cText of NULL was passed to ssl3_HandleRecord in order to have it handle the outstanding handshake message from the receive buffer was removed.
In addition to teaching TlsRecordFilter about the agent that it is operating with (in a separate CL), there are several changes to tests:
* We previously relied on the epoch and sequence number being properly encoded for DTLS records, so the sequence number reconstruction (used when we decrypt and re-encrypt) was invalid. I restored the epoch to this field when doing DTLS.
* TlsRecordHeader no longer stores the wire format of the version, it includes a variant and non-wire version.
* TlsRecordHeader needs to know whether it is parsing DTLS 1.3, so TlsRecordFilter passes that info to it after asking the agent.
* TlsRecordHeader writes out DTLS 1.3 records in the 7 octet form always. It can read the 2 octet header, using logic similar to that used by the main code, but it won't ever write that form.
* TlsAgentTestBase::MakeRecord also writes the 7 octet header.
* I parameterized the record drop tests so that I could test out of order delivery and various patterns with the short header. This revealed some issues, including one good one. I had a neat underflow bug that can happen near zero, which leads to ridiculously large sequence numbers being incorrectly assumed by a receiver.
This includes fuzzing-specific changes to account for the fact that fuzzing operates at the record layer, which is inconvenient for this change. Ideally, we should change the fuzzing code so that only the core cipher parts are changed (that is, ssl3CipherSpec->cipher and ssl3CipherSpec->aead). That will have to wait for another day.
Reviewers: ekr
Reviewed By: ekr
Bug #: 1427675
Differential Revision: https://phabricator.services.mozilla.com/D554
|
| |
|
|
|
|
| |
warning. r=kaie
|
|
|
|
|
|
| |
platforms, r=ttaubert
Differential Revision: https://phabricator.services.mozilla.com/D735
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Previously, NSS dropped PKCS #8 PrivateKeyInfo when importing a
private key from a PKCS #12 file. This patch attaches the
corresponding CKA_PUBLIC_KEY_INFO attribute to a private key when
unwrapping it (see PKCS #11 v2.40 4.9). When wrapping it again, the
attribute is restored in the encrypted PrivateKeyInfo.
Reviewers: rrelyea
Reviewed By: rrelyea
Bug #: 1413596
Differential Revision: https://phabricator.services.mozilla.com/D198
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1443799
Differential Revision: https://phabricator.services.mozilla.com/D696
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1443759
Differential Revision: https://phabricator.services.mozilla.com/D692
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=franziskus,ekr
Reviewers: franziskus, ekr
Reviewed By: franziskus
Bug #: 1443136
Differential Revision: https://phabricator.services.mozilla.com/D676
|
|
|
|
|
|
| |
Unbreak VS2015 32-bit, see bug 1442554.
Differential Revision: https://phabricator.services.mozilla.com/D678
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D649
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D662
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1441793
Differential Revision: https://phabricator.services.mozilla.com/D656
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=franziskus
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1441573
Differential Revision: https://phabricator.services.mozilla.com/D655
|
| |
|
|
|
|
| |
and which introduced a bad ABI change.
|
|
|
|
| |
doesn't associate it to the existing private key, r=kaie
|
|
|
|
|
|
|
|
|
|
|
|
| |
bustage r=franziskus
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1438266
Differential Revision: https://phabricator.services.mozilla.com/D650
|
|
|
|
| |
DONTBUILD
|
|
|
|
| |
DONTBUILD
|
|
|
|
| |
DONTBUILD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nssCryptokiObject_Create r=ttaubert
Summary: add a null check in nssCryptokiObject_Create that seems to be necessary
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1438277
Differential Revision: https://phabricator.services.mozilla.com/D640
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code.
Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox.
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1424663
Differential Revision: https://phabricator.services.mozilla.com/D467
|
|
|
|
| |
PK11_ListCerts(PK11CertListAll) with p11-kit-trust.so, r=rrelyea
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fairly disruptive change, but mostly just mechanical. There are a few extra changes:
- I have renamed the TlsInspector* filters for consistency. This was purely mechanical.
- I renamed the SetPacketFilter function to just SetFilter. Also mechanical.
- TlsRecordFilter maintains a weak pointer reference to the TlsAgent now rather than using a bare pointer. This meant that I had to change TlsAgentTestBase to use shared_ptr rather than unique_ptr to support of use of filters with those tests.
- I removed the helper function that enables decryption. Enabling decryption is now more explicit.
- I ran a newer clang-format version and it fixed a few extra things, like the comments on the end of namespace {} blocks, some of which were wrong.
- I discovered a bug in some of the drop tests: in the 0-RTT tests, the filters were being installed on the client and server right at the start, which meant that they were capturing the first handshake and not the second one. This was clearly against intent, but the tests were mostly right still, it was only the expected ACKs that were wrong. We were expecting just one record to be ACKed by a server (Finished), but the record with EndOfEarlyData should have been acknowledged as well.
- In TlsSkipTest and Tls13SkipTest, I had to override SetUp() so that client_ and server_ are initialized prior to constructing filters. In doing so, I noticed that we weren't being consistent about overriding SetUp properly, so I fixed the small number of instances of that by adding an override label to each and marking the base method virtual.
- The stateless HRR test for TLS 1.3 compat mode was replacing the server, but expecting to retain the same filters. That wasn't a problem in that case, but I didn't want to have any places where the filter was set on a different agent from the one that was passed to it.
|
| |
|
|
|
|
|
|
| |
Crash in PK11_DoesMechanism due to race condition
fix additional race with reset.
r=mt
|
| |
|
|
|
|
| |
r=fkiefer
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Bug #: 1437810
Differential Revision: https://phabricator.services.mozilla.com/D591
|
|
|
|
| |
not just the key, r=rrelyea
|
|
|
|
|
| |
patch=jjelen
r=rrelyea
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
SIDs usage is pretty messy. In this patch I move all *sid to point to ss->sec.ci.sid (unless the SID is purely local to the function).
This allows us to free sids when uncaching them.
Reviewers: mt
Reviewed By: mt
Bug #: 1432144
Differential Revision: https://phabricator.services.mozilla.com/D517
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1434596
Differential Revision: https://phabricator.services.mozilla.com/D516
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D470
|