| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,mt
Without the change build fails on this week's gcc-13 snapshot as:
../../cpputil/databuffer.h:20:20: error: 'uint8_t' does not name a type
20 | DataBuffer(const uint8_t* d, size_t l) : data_(nullptr), len_(0) {
| ^~~~~~~
../../cpputil/databuffer.h:14:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
13 | #include <iostream>
+++ |+#include <cstdint>
14 |
Differential Revision: https://phabricator.services.mozilla.com/D147404
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D141650
|
|
|
|
|
|
|
|
|
|
| |
This change makes a few tiny changes to the code to re-enable the use of
Chacha20 ciphers and align their key type.
There are a lot more changes in tests, mostly just to factor existing tests and
determine that the legacy and final PKCS#11 mechanisms work as expected.
Differential Revision: https://phabricator.services.mozilla.com/D135007
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D134818
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D134556
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for Encrypted Client Hello (draft-ietf-tls-esni-08), replacing the existing ESNI (draft -02) support.
There are five new experimental functions to enable this:
- SSL_EncodeEchConfig: Generates an encoded (not BASE64) ECHConfig given a set of parameters.
- SSL_SetClientEchConfigs: Configures the provided ECHConfig to the given socket. When configured, an ephemeral HPKE keypair will be generated for the CH encryption.
- SSL_SetServerEchConfigs: Configures the provided ECHConfig and keypair to the socket. The keypair specified will be used for HPKE operations in order to decrypt encrypted Client Hellos as they are received.
- SSL_GetEchRetryConfigs: If ECH is rejected by the server and compatible retry_configs are provided, this API allows the application to extract those retry_configs for use in a new connection.
- SSL_EnableTls13GreaseEch: When enabled, non-ECH Client Hellos will have a "GREASE ECH" (i.e. fake) extension appended. GREASE ECH is disabled by default, as there are known compatibility issues that will be addressed in a subsequent draft.
The following ESNI experimental functions are deprecated by this update:
- SSL_EncodeESNIKeys
- SSL_EnableESNI
- SSL_SetESNIKeyPair
In order to be used, NSS must be compiled with `NSS_ENABLE_DRAFT_HPKE` defined.
Differential Revision: https://phabricator.services.mozilla.com/D86106
|
|
|
|
|
|
|
|
|
|
|
|
| |
(draft-irtf-cfrg-hpke-05). r=mt
This patch adds support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05).
Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions.
Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH.
Differential Revision: https://phabricator.services.mozilla.com/D73947
|
|
|
|
|
|
|
|
|
|
|
| |
There is really no good reason to explicitly change the TARGET
variable. And the empty SHARED_LIBRARY variable should also be
in the manifest.mn to begin with.
All the other empty variables start empty or undefined, so there
is also no need to explicitly set them empty.
Differential Revision: https://phabricator.services.mozilla.com/D70691
|
|
|
|
|
|
|
| |
Copying private headers is now simply included in the exports
target, as these headers use an extra directory anyway.
Differential Revision: https://phabricator.services.mozilla.com/D69021
|
|
|
|
|
|
|
|
| |
This patch updates the DTLS 1.3 implementation to draft version 30, including unified header format and sequence number encryption.
Also added are new `SSL_CreateMask` experimental functions.
Differential Revision: https://phabricator.services.mozilla.com/D51014
|
|
|
|
|
|
|
|
| |
Remove an overzealous assertion when a Key Update message is received too early, and add a test for the expected alert condition.
Also adds `TlsEncryptedHandshakeMessageReplacer` for replacing TLS 1.3 encrypted handshake messages. This is a simple implementation where only the first byte of the message is changed to the new type (so as to trigger the desired handler).
Differential Revision: https://phabricator.services.mozilla.com/D54998
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds a mock PKCS #11 module from Firefox and add basic tests around it.
This is needed for proper testing of PKCS #11 v3.0 profile objects (D45669).
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
Differential Revision: https://phabricator.services.mozilla.com/D47060
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D15061
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D40120
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D37521
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The delegated credentials patch left the channel info unmodified, which meant
that it reported the key strength of the end entity certificate and not the
delegated credential. For a using application, this is problematic because it
can't access information about delegated credentials. In this case, the only
omission was the strength of the key.
Firefox checks key strength for the entire certificate chain according to its
policies, but it also wants to apply the same sort of policy to the delegated
credential. In particular, it wants to ensure that an RSA credential (which
shouldn't be used, but whatever...) has a long enough modulus, because the NSS
policy is less strict than the Firefox one.
To address this use case, SSLChannelInfo.authKeyBits is set to the length of the
delegated credential key when delegated credentials are in use. This is
consistent with the definition of the parameter, but implies a different
understanding of its meaning when delegated credentials are enabled.
Differential Revision: https://phabricator.services.mozilla.com/D36699
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using a global anti-replay context and enable creating a context directly.
This increases the overhead of managing anti-replay for applications marginally,
but allows much greater flexibility in use of anti-replay mechanisms. In
particular, it enables the testing of 0-RTT in a threaded environment.
The comments in sslexp should be clear enough in explaining how this works.
Basically, this is a new reference-counted object that can be created and
tracked by applications.
The only thing that I can see might be a problem with the API is that I haven't
exposed a function to add a reference for use by applications. My thinking is
that reference counting is an internal thing; it seems like applications won't
need to worry about that.
selfserv is updated to create a context and attach it to sockets. This shows
that the management overhead is minor.
The gtests have been tweaked to create a context during setup. The context is
owned by the overall test framework and is passed to server instances after the
sockets are initialized.
Bonus changes:
* ESNI keys are copied from the model socket when calling SSL_ReConfigFD().
* Some better tracing in the anti-replay functions.
Neither of these seemed worth the overhead of a bug to fix.
Differential Revision: https://phabricator.services.mozilla.com/D34660
|
|
|
|
|
|
| |
certificates with a given subject r=jcj,RyanSleevi.sleevi
Differential Revision: https://phabricator.services.mozilla.com/D32067
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Some servers send a certificate_required alert when the client returns no certificate while it is required. For server, it is not mandatory to send this alert, but it could make it easier for the client to distinguish bad_certificate and the declined cases.
Reviewers: mt
Reviewed By: mt
Bug #: 1532312
Differential Revision: https://phabricator.services.mozilla.com/D22083
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D17014
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Add functions for QUIC that provide the raw content of records to callback functions.
Reviewers: ekr
Reviewed By: ekr
Bug #: 1471126
Differential Revision: https://phabricator.services.mozilla.com/D1874
|
| |
|
| |
|
|
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D2719
Differential Revision: https://phabricator.services.mozilla.com/D2720
Differential Revision: https://phabricator.services.mozilla.com/D2861
|
| |
|
|
|
|
|
|
| |
The renaming here is less widespread than I expected. I removed the
content_alt_handshake while I was at this; no point in putting that in a public
API.
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: mt
Tags: #secure-revision
Bug #: 1457716
Differential Revision: https://phabricator.services.mozilla.com/D1062
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D1295
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update version number
- Forbid negotiating < TLS 1.3 with supported_versions
- Change to version number 0303 after HRR. Plus test
- Update AAD.
https://phabricator.services.mozilla.com/D753
|
| |
|
|
|
|
|
|
|
|
| |
Reviewers: mt, ekr
Bug #: 1399439
Differential Revision: https://phabricator.services.mozilla.com/D284
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failures persistent. r=mt, wtc
Summary:
- Make any call to ssl3_GatherCompleteHandshake (which transitively
means any read from the wire) return PR_IO_ERROR if an alert has
been sent.
- Patch up a few of the tests to handle this new behavior properly.
These tests actually were a bit harder to follow so they should
also be a bit clearer.
- Add a new set of tests for certificate authentication failure.
Reviewers: mt
Differential Revision: https://phabricator.services.mozilla.com/D365
|
|\ |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| | |
Differential Revision: https://nss-review.dev.mozaws.net/D391
|
|\ \
| |/ |
|
| |
| |
| |
| | |
NSS_BUILD_UTIL_ONLY, r=franziskus
|
| |
| |
| |
| |
| |
| | |
Differential Revision: https://nss-review.dev.mozaws.net/D379
Differential Revision: https://nss-review.dev.mozaws.net/D385
|
| | |
|
|\ \
| |/
| |
| | |
Hg: changed gtests/nss_bogo_shim/nss_bogo_shim.gyp
|
| |
| |
| |
| | |
Differential Revision: https://nss-review.dev.mozaws.net/D354
|
| | |
|
| |
| |
| |
| | |
Differential Revision: https://nss-review.dev.mozaws.net/D349
|
|\ \
| |/ |
|