| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D177803
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in a database that is slow to access.
This patch solves the problems in 3 ways:
1) The initial underlying issue is solved by not generating a trust record for user certs if they have default trust values (lib/softoken/legacydb/pcertdb.c).
This will cause new databases created from old dbm databases to function normally.
2) Skip the integrity check if the record we are reading is already the default trust value (lib/softoken/sftkdb.c). This will increase the performance of reading sqlite databases created from the old dbm databases before patch 1 to perform reasonably.
3) Increase the cashe count. (lib/softoken/lowpbe.c). This affects applications which do multiple private key operations on the same private keys. Usually high speed operations would copy the keys to a session key for better performance, but sometimes that's not possible. This allows up to 20 RSA keys to be references by the application without a performance hit from the PBE checking integrity and/or decrypting the key entry.
Differential Revision: https://phabricator.services.mozilla.com/D165221
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D176951
|
| |
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,jschanck
Depends on D177241
Differential Revision: https://phabricator.services.mozilla.com/D177242
|
|
|
|
|
|
| |
r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D177241
|
|
|
|
|
|
| |
The two exceptions will require a bit of work to remediate.
Differential Revision: https://phabricator.services.mozilla.com/D167650
|
|
|
|
|
|
|
|
|
| |
This is based on the patch developed by Leander in D157183, but is a
little more explicit.
Co-Authored-By: Leander Schwarz
Differential Revision: https://phabricator.services.mozilla.com/D176157
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D176156
|
|
|
|
|
|
|
| |
This ensures we properly test the different DTLS / TLS versions and makes the
expected behaviour explicit.
Differential Revision: https://phabricator.services.mozilla.com/D176155
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D176056
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,bbeurdouche
NSS tasks using LSAN seem to run into frequent failures due to ptrace(2)
failing with EACCES (Permission Denied), apparently coming from the
apparmor profile for docker on the VM.
Until now Linux tests tasks were using the nss-{1,3}/linux-gcp pools,
which use the same base image as gecko builders. This switches them to
a new pool using the same base image as used by gecko's test tasks,
where ptrace appears to work reliably.
Differential Revision: https://phabricator.services.mozilla.com/D177037
|
|
|
|
|
|
|
|
|
|
|
| |
than the output size of the hash function used, or provide an indicator
This patch adds a new mechanism specific check for PSS in fip_algorithms.h.
The new check uses the hash mechanism provided in the pss mechanism list to look up the hash length. A static utility function in pkcs11c.c is moved to pkcs11u.c and made global so it can be reused in this code.
We know that mechanism supplied in the parameters matches the hash because that check is enforces in pkcs11c.c for the combined hash and signed functions.
Differential Revision: https://phabricator.services.mozilla.com/D165176
|
|
|
|
|
|
| |
set sign after adding digits
Differential Revision: https://phabricator.services.mozilla.com/D154315
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D175684
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D153944
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D161464
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D135359
|
|
|
|
|
|
| |
r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D158327
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=rrelyea@redhat.com
Trust is stored in the softokn. When adding a certificate
or modifying the trust of a certificate in an external
token the operation may fail because the internal token
is not authenticated. Instead the provided token name
is authenticated multiple times (particularly in the case of
AddCert).
Catch a failed authentication to the provided token name
where the error is SEC_ERROR_TOKEN_NOT_LOGGED_IN and
attempt to authenticate to the softokn before calling
CERT_ChangeCertTrust.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIPS -140-3 requires that we give applications a way to restart the Power On Self-Tests programmatically. Unloading the shared library is insufficient. Shutting down softoken and restarting it with a special flag is.
This path accomplishes this task by:
1) adding a new startup flag init argument flag called forcePost which is
parsed at FC_Initialize time.
2) Code which checks if the post ran properly takes a new Bool which tells the function whether or not to rerun the post operations. If post operations are to be rerun, all test flags are set to unknown or fail and the tests are rerun. The results are returned.
3) Public facing functions to verify integrity looks for a special non-valid character flag as the first character of the filename and uses that to decide if we should rerun post or not. Callers add the flag if post should be rerun.
4) pk11mode, the general FIPS test program makes sure we can turn on the forcePost flag.
Differential Revision: https://phabricator.services.mozilla.com/D165050
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D174822
|
|
|
|
|
|
| |
changes r=nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D170903
|
|
|
|
|
|
| |
whitespace in ECCKiila files r=nss-reviewers,nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D169262
|
|
|
|
|
|
| |
r=djackson
Differential Revision: https://phabricator.services.mozilla.com/D171859
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D172428
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D172398
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D172103
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D171882
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D171754
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=nss-reviewers
There are three changes in the patch which are related to key length processing:
Change RSA_MIN_MODULUS_BITS in blalpit.h from 128 to 1023. This necessitated changes to the following tests: testcrmf.c: up the generated key for the test from 512 to 1024. pk11_rsapkcs1_unittest.cc (in pk11_gtest): skip the min padding test if the MIN_RSA_MODULUS_BITS is more than 736 (The largest hash we support is 512, which fits in an RSA key less then 736. If we can't generate a key less than 736, we can't test minimum padding, but we can never get into that situation anyway now). tls_subcerts_unittest.cc: set our key size to at least RSA_MIN_MODULUS_BITS, and then make sure the policy had a higher minimum key length so we still trigger the 'weakKey' event. pk11kea.c: use 1024 bits for the transfer key now that smaller keysizes aren't supported by softoken.
Expand the add a new flag to meaning of NSS_XXX_MIN_KEY_SIZE beyond it's use in SSL (add the ability to limit signing and verification to this as well). This allows us to set strict FIPS 140-3 policies, where we can only sign with 2048, but can still verify 1024. This part includes: New utility functions in seckey.c: SECKEY_PrivateKeyStrengthInBits(): The private key equivalent to SECKEY_PublicKeyStrengthInBits(). This function could be exported globally, but isn't in this patch. seckey_EnforceKeySize(). Takes a key type and a length and makes sure that length falls into the range set by policy. secsign.c and secvfy.c: add policy length check where we check the other policy flags. nss.h, nssoptions.c: add NSS_KEY_SIZE_POLICY_FLAGS and define flags for SSL, VERIFY, and SIGN. SSL is set by default (to maintain the current behavior). pk11parse.c: add keywords for the new NSS_KEY_SIZE_POLICY_FLAGS. ssl3con.c: use the flags to decide if the policy lengths are active for SSL. policy.txt: Test that the new policy flags are parsed correctly sslpolicy.txt: Add tests to make sure the policy flags are functioning.
Update fips_algorithms.h to make sure the FIPS indicators are exactly compliant with FIPS 140-3 current guidance (RSA 2028 and above, any key size, Legacy verification allowed for 1024, 1280, 1536, and 1792 [1024-1792, step 256]).
The previous attempt to push failed because the pk11_rsapkcs1_unittest.cc
change was eaten in the merge.
Differential Revision: https://phabricator.services.mozilla.com/D146341
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D171603
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D171581
|
|
|
|
|
|
|
|
| |
This patch enables various compiler warnings in NSS, sourced from
`warnings.configure` in mozilla-central. Several checks were too noisy
to adopt and were already silenced in mozilla-central builds of NSS.
Differential Revision: https://phabricator.services.mozilla.com/D171580
|
| |
|
|
|
|
|
|
| |
r=nss-reviewers,nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D171495
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are three changes in the patch which are related to key length processing:
Change RSA_MIN_MODULUS_BITS in blalpit.h from 128 to 1023. This necessitated changes to the following tests: testcrmf.c: up the generated key for the test from 512 to 1024. pk11_rsapkcs1_unittest.cc (in pk11_gtest): skip the min padding test if the MIN_RSA_MODULUS_BITS is more than 736 (The largest hash we support is 512, which fits in an RSA key less then 736. If we can't generate a key less than 736, we can't test minimum padding, but we can never get into that situation anyway now). tls_subcerts_unittest.cc: set our key size to at least RSA_MIN_MODULUS_BITS, and then make sure the policy had a higher minimum key length so we still trigger the 'weakKey' event. pk11kea.c: use 1024 bits for the transfer key now that smaller keysizes aren't supported by softoken.
Expand the add a new flag to meaning of NSS_XXX_MIN_KEY_SIZE beyond it's use in SSL (add the ability to limit signing and verification to this as well). This allows us to set strict FIPS 140-3 policies, where we can only sign with 2048, but can still verify 1024. This part includes: New utility functions in seckey.c: SECKEY_PrivateKeyStrengthInBits(): The private key equivalent to SECKEY_PublicKeyStrengthInBits(). This function could be exported globally, but isn't in this patch. seckey_EnforceKeySize(). Takes a key type and a length and makes sure that length falls into the range set by policy. secsign.c and secvfy.c: add policy length check where we check the other policy flags. nss.h, nssoptions.c: add NSS_KEY_SIZE_POLICY_FLAGS and define flags for SSL, VERIFY, and SIGN. SSL is set by default (to maintain the current behavior). pk11parse.c: add keywords for the new NSS_KEY_SIZE_POLICY_FLAGS. ssl3con.c: use the flags to decide if the policy lengths are active for SSL. policy.txt: Test that the new policy flags are parsed correctly sslpolicy.txt: Add tests to make sure the policy flags are functioning.
Update fips_algorithms.h to make sure the FIPS indicators are exactly compliant with FIPS 140-3 current guidance (RSA 2028 and above, any key size, Legacy verification allowed for 1024, 1280, 1536, and 1792 [1024-1792, step 256]).
Differential Revision: https://phabricator.services.mozilla.com/D146341
|
| |
|
| |
|
| |
|
|
|
|
| |
but something went out of wack. Back this change out of the tip
|
| |
|
|
|
|
|
|
| |
r=nss-reviewers,nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D170672
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,djackson
If a template has an OPTIONAL field, and we find that the input does not match
that field's tag number, we mark the field as missing. If the next field is an
ASN.1 ANY, we need to write the previously-parsed tag number out. Since high
tag number forms are rare, we never implemented the necessary re-encoding of
multi-byte tags, and we noted this with an assertion. That assertion is
remotely triggerable in debug builds. This patch removes the assertion and
returns a SEC_ERROR_LIBRARY_FAILURE instead.
Differential Revision: https://phabricator.services.mozilla.com/D170678
|
|
|
|
|
|
| |
284 to 384 r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D170481
|
| |
|
|
|
|
|
|
| |
r=mt,nss-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D169918
|