searching for reviewer(keeler)
f3534b56753ed9d04b018bd6b0549923775e5661: Bug 1492305 - Fix LibSecret unlocking & NSS return values r=keeler,MattN
Kevin Jacobs <kjacobs@mozilla.com> - Wed, 22 May 2019 18:25:59 +0000 - rev 475240
Push 36058 by aciure@mozilla.com at Fri, 24 May 2019 03:53:25 +0000
Bug 1492305 - Fix LibSecret unlocking & NSS return values r=keeler,MattN This fixes issues with the NSS and LibSecret keystore not correctly rejecting unlocking of the key store. Updated for dynamic loading of LibSecret and a bug workaround added elsewhere (updated green try below) Depends on D9969. Differential Revision: https://phabricator.services.mozilla.com/D7713
1765feffe210b2348826f3e333eade8ce923dd6c: Bug 1552339 - On Android, direct attestations are anonymized r=keeler
J.C. Jones <jjones@mozilla.com> - Tue, 21 May 2019 21:44:05 +0000 - rev 474974
Push 36052 by btara@mozilla.com at Thu, 23 May 2019 04:37:46 +0000
Bug 1552339 - On Android, direct attestations are anonymized r=keeler Differential Revision: https://phabricator.services.mozilla.com/D32057
ee7e04b12dd34b89aff8a4e0ba5ae3dc5be7d9f9: Bug 1548542 - Remove notions of Kinto in blocklists unit tests r=keeler,Gijs
Mathieu Leplatre <mathieu@mozilla.com> - Wed, 22 May 2019 11:25:04 +0000 - rev 474900
Push 36050 by shindli@mozilla.com at Wed, 22 May 2019 15:25:01 +0000
Bug 1548542 - Remove notions of Kinto in blocklists unit tests r=keeler,Gijs Differential Revision: https://phabricator.services.mozilla.com/D31221
0b5457f890300631908ed9571c2ccc58fef9cf39: Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky
J.C. Jones <jjones@mozilla.com> - Mon, 20 May 2019 16:46:43 +0000 - rev 474740
Push 36046 by aiakab@mozilla.com at Tue, 21 May 2019 21:45:52 +0000
Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no mechanism available for FIDO U2F JS API operations on Android. The exposed API is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API operations on Android, and we should disable the u2f preference so that window.u2f is not set inappropriately. Updated to fix test_interfaces.js Differential Revision: https://phabricator.services.mozilla.com/D31695
aa75c6a5ee7bd9455bb6805d471c18ebc6630653: Bug 1536463 - remove expiring security.pkcs11_modules_loaded telemetry. r=keeler
Julien Cristau <jcristau@mozilla.com> - Mon, 15 Apr 2019 12:53:37 +0000 - rev 474477
Push 36040 by rgurzau@mozilla.com at Mon, 20 May 2019 13:43:21 +0000
Bug 1536463 - remove expiring security.pkcs11_modules_loaded telemetry. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D27273
8e8ea33ecb3da138dbd0af56c2e5550902e7b05a: Bug 1552602 - Disable FIDO U2F API for Android r=keeler
J.C. Jones <jjones@mozilla.com> - Fri, 17 May 2019 23:45:47 +0000 - rev 474407
Push 36032 by dluca@mozilla.com at Sat, 18 May 2019 10:23:48 +0000
Bug 1552602 - Disable FIDO U2F API for Android r=keeler Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no mechanism available for FIDO U2F JS API operations on Android. The exposed API is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API operations on Android, and we should disable the u2f preference so that window.u2f is not set inappropriately. Differential Revision: https://phabricator.services.mozilla.com/D31695
e3e9a5ca05997babb20fb7eee0e85dcb921844a3: Bug 1551229 - Make it easier to test Android WebAuthn in local builds r=keeler
J.C. Jones <jjones@mozilla.com> - Thu, 16 May 2019 17:37:35 +0000 - rev 474388
Push 36032 by dluca@mozilla.com at Sat, 18 May 2019 10:23:48 +0000
Bug 1551229 - Make it easier to test Android WebAuthn in local builds r=keeler Depends on D31360 Differential Revision: https://phabricator.services.mozilla.com/D31361
02f6bb0dec8a9c95ed4a01235ee684b24fd95251: Bug 1552539 - Refactor Android WebAuthn methods to use more GeckoBundles r=keeler
J.C. Jones <jjones@mozilla.com> - Fri, 17 May 2019 18:36:01 +0000 - rev 474380
Push 36032 by dluca@mozilla.com at Sat, 18 May 2019 10:23:48 +0000
Bug 1552539 - Refactor Android WebAuthn methods to use more GeckoBundles r=keeler Differential Revision: https://phabricator.services.mozilla.com/D31636
31953bf83dfd9710390419a006d41c51ff61b101: Bug 1551229 - Make it easier to test Android WebAuthn in local builds r=keeler
J.C. Jones <jjones@mozilla.com> - Thu, 16 May 2019 17:37:35 +0000 - rev 474373
Push 36032 by dluca@mozilla.com at Sat, 18 May 2019 10:23:48 +0000
Bug 1551229 - Make it easier to test Android WebAuthn in local builds r=keeler Depends on D31360 Differential Revision: https://phabricator.services.mozilla.com/D31361
b0887a64bb5fa71d8a2428579f581c7a8dadddf2: Bug 1551229 - Anonmyize all 'direct' attestation requests on Android r=keeler
J.C. Jones <jjones@mozilla.com> - Thu, 16 May 2019 17:37:35 +0000 - rev 474214
Push 36027 by shindli@mozilla.com at Fri, 17 May 2019 16:24:38 +0000
Bug 1551229 - Anonmyize all 'direct' attestation requests on Android r=keeler The code that blocks on a UX prompt for a Direct Attestation has to be disabled for Android, as Android has no UX at present. Until Bug 1550164 resolves, we'll have to let direct attestations be downgraded to anonymized ("None") attestations. Differential Revision: https://phabricator.services.mozilla.com/D31360
862aa43181c3bcb046b6159141c29a4c960680a6: Bug 1551342 - Fix conflicts w/ Android FIDO2 and Rust u2f-hid-rs r=keeler
J.C. Jones <jjones@mozilla.com> - Thu, 16 May 2019 07:54:44 +0000 - rev 474098
Push 36022 by ncsoregi@mozilla.com at Thu, 16 May 2019 21:55:16 +0000
Bug 1551342 - Fix conflicts w/ Android FIDO2 and Rust u2f-hid-rs r=keeler Differential Revision: https://phabricator.services.mozilla.com/D31366
0ab201cfaf67e1ef4a74c483586764405a79e306: Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Wed, 15 May 2019 23:34:52 +0000 - rev 474007
Push 36020 by dvarga@mozilla.com at Thu, 16 May 2019 04:15:07 +0000
Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D29576
d9a6ddf122884cf34e3fc650d2b21a4ab5076124: Bug 1551342 - Update U2F, WebAuthn, and CredMan tests for Android r=keeler
J.C. Jones <jjones@mozilla.com> - Wed, 15 May 2019 21:34:58 +0000 - rev 473990
Push 36020 by dvarga@mozilla.com at Thu, 16 May 2019 04:15:07 +0000
Bug 1551342 - Update U2F, WebAuthn, and CredMan tests for Android r=keeler The new Android functionality can conflict with the tests' expected behavior, so it should be generally disabled, like the Rust module. Differential Revision: https://phabricator.services.mozilla.com/D31266
edd79d65116b36e10075a90726bb657f93daf26c: Bug 1551230 - Enable WebAuthn for Nightly Fennec r=KevinJacobs,keeler
J.C. Jones <jjones@mozilla.com> - Mon, 13 May 2019 16:24:57 +0000 - rev 473619
Push 36007 by apavel@mozilla.com at Mon, 13 May 2019 21:45:52 +0000
Bug 1551230 - Enable WebAuthn for Nightly Fennec r=KevinJacobs,keeler Differential Revision: https://phabricator.services.mozilla.com/D30937
d8e0bfeb5fa39545f737a6979c94a210d947ab22: Bug 1391438 - Support FIDO2 for WebAuthn on Android r=snorp,keeler
J.C. Jones <jjones@mozilla.com> - Fri, 10 May 2019 16:40:17 +0000 - rev 473450
Push 35998 by rmaries@mozilla.com at Sat, 11 May 2019 09:44:50 +0000
Bug 1391438 - Support FIDO2 for WebAuthn on Android r=snorp,keeler Support using the Google Play-provided FIDO2 API for Web Authentication. FIDO U2F API support is being handled subsequently in Bug 1550625. This patch uses the privileged APIs and thus will only work on Fennec Nightly, Beta, and Release builds. Differential Revision: https://phabricator.services.mozilla.com/D1148
d7b02bc7cf44b2eba303a009a5b2e836d0345b69: Bug 1547877 - enable configuration of new cert storage implementation r=keeler
Myk Melez <myk@mykzilla.org> - Thu, 02 May 2019 23:02:13 +0000 - rev 472376
Push 35954 by rgurzau@mozilla.com at Fri, 03 May 2019 04:14:31 +0000
Bug 1547877 - enable configuration of new cert storage implementation r=keeler Differential Revision: https://phabricator.services.mozilla.com/D29306
47e5e0e6249438e34b11bb582f8a69accf82ae6a: Bug 1547013 - Enable automatically fixing MitM errors by default. r=keeler
Johann Hofmann <jhofmann@mozilla.com> - Thu, 02 May 2019 22:08:44 +0000 - rev 472373
Push 35954 by rgurzau@mozilla.com at Fri, 03 May 2019 04:14:31 +0000
Bug 1547013 - Enable automatically fixing MitM errors by default. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D29764
cf300fac03a9138303b69d90641041a994e51c7d: Bug 1538161 - Vendor rust_cascade r=keeler
Mark Goodwin <mgoodwin@mozilla.com> - Wed, 01 May 2019 19:25:27 +0000 - rev 472150
Push 35949 by nerli@mozilla.com at Thu, 02 May 2019 04:38:13 +0000
Bug 1538161 - Vendor rust_cascade r=keeler Differential Revision: https://phabricator.services.mozilla.com/D24557
54d6029f69a58769752692246ae768701580defb: Bug 1547860 - Update test_tls_server to use TLS 1.3 client cert alert logic r=keeler
J.C. Jones <jc@mozilla.com> - Tue, 30 Apr 2019 21:32:51 +0000 - rev 472032
Push 35945 by ccoroiu@mozilla.com at Wed, 01 May 2019 04:21:12 +0000
Bug 1547860 - Update test_tls_server to use TLS 1.3 client cert alert logic r=keeler Differential Revision: https://phabricator.services.mozilla.com/D29384
aa674b410265213ab67b295f854ef353613a83e3: Bug 1547701 - Use LOAD_BYPASS_URL_ClASSIFIER flag for OCSP request. r=keeler
dlee <dlee@mozilla.com> - Mon, 29 Apr 2019 18:07:23 +0000 - rev 471875
Push 35941 by archaeopteryx@coole-files.de at Tue, 30 Apr 2019 11:32:04 +0000
Bug 1547701 - Use LOAD_BYPASS_URL_ClASSIFIER flag for OCSP request. r=keeler If OCSP request is blocked, we can't get the certificate revocation informatoin. Add nsIChannel::LOAD_BYPASS_URL_ClASSIFIER to enfore URL classifier bypasses OCSP request. Differential Revision: https://phabricator.services.mozilla.com/D29230
ea8bdd612f43f22fa90fe1f87245e73fd1c5319d: Bug 1538161 - Vendor rust_cascade r=keeler
Mark Goodwin <mgoodwin@mozilla.com> - Mon, 29 Apr 2019 19:29:38 +0000 - rev 471801
Push 35935 by shindli@mozilla.com at Tue, 30 Apr 2019 03:46:04 +0000
Bug 1538161 - Vendor rust_cascade r=keeler Differential Revision: https://phabricator.services.mozilla.com/D24557
3fa81f747c9399c04c3c9b7bd76acedcfe3c21dd: Bug 1538161 - Vendor rust_cascade r=keeler
Mark Goodwin <mgoodwin@mozilla.com> - Mon, 29 Apr 2019 14:04:07 +0000 - rev 471743
Push 35934 by shindli@mozilla.com at Mon, 29 Apr 2019 21:53:38 +0000
Bug 1538161 - Vendor rust_cascade r=keeler Differential Revision: https://phabricator.services.mozilla.com/D24557
377dc8053f59bc5ccc3efde2210093cb8e44e5c5: Bug 1541927 - Don't readd CA via policy if it already exists. r=keeler
Michael Kaply <mozilla@kaply.com> - Fri, 26 Apr 2019 21:56:06 +0000 - rev 471597
Push 35921 by nbeleuzu@mozilla.com at Sat, 27 Apr 2019 09:45:52 +0000
Bug 1541927 - Don't readd CA via policy if it already exists. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D28523
0b745e9ecd500577d9da5049ea21980a5f0659d6: Bug 1539549 - update cert blocklist using single transaction r=keeler
Myk Melez <myk@mykzilla.org> - Fri, 26 Apr 2019 20:10:59 +0000 - rev 471586
Push 35921 by nbeleuzu@mozilla.com at Sat, 27 Apr 2019 09:45:52 +0000
Bug 1539549 - update cert blocklist using single transaction r=keeler Differential Revision: https://phabricator.services.mozilla.com/D28540
80374044414da9f5b3634c91345d07612754fcda: Bug 1515465 - Enable EV Treatment for eMudhra Technologies Limited root certificates r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Thu, 25 Apr 2019 17:46:16 +0000 - rev 471349
Push 35916 by rmaries@mozilla.com at Fri, 26 Apr 2019 09:46:15 +0000
Bug 1515465 - Enable EV Treatment for eMudhra Technologies Limited root certificates r=keeler Differential Revision: https://phabricator.services.mozilla.com/D28583
4ec3f8bab9f32fbcbe04dfda2aa32f8a59389d37: Bug 1532757 - Enable EV Treatment for Hongkong Post Root CA 3 root certificate r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Wed, 24 Apr 2019 17:08:18 +0000 - rev 470697
Push 35910 by cbrindusan@mozilla.com at Wed, 24 Apr 2019 21:51:39 +0000
Bug 1532757 - Enable EV Treatment for Hongkong Post Root CA 3 root certificate r=keeler This patch enables EV validation for //CN=Hongkong Post Root CA 3// root. Differential Revision: https://phabricator.services.mozilla.com/D28580
e2994266144ab6b2e4a8ee202e949c35cf91a12a: Bug 1545878 - correct certutil path on macOS r=keeler
Myk Melez <myk@mykzilla.org> - Wed, 24 Apr 2019 15:40:44 +0000 - rev 470685
Push 35910 by cbrindusan@mozilla.com at Wed, 24 Apr 2019 21:51:39 +0000
Bug 1545878 - correct certutil path on macOS r=keeler Differential Revision: https://phabricator.services.mozilla.com/D28261
1bb8ad86564867e495067346bef2fa53a6a66872: Bug 1511989, enable TLS 1.3 post-handshake authentication r=keeler
Daiki Ueno <dueno@redhat.com> - Tue, 16 Apr 2019 05:08:16 +0000 - rev 469739
Push 35880 by cbrindusan@mozilla.com at Wed, 17 Apr 2019 09:36:19 +0000
Bug 1511989, enable TLS 1.3 post-handshake authentication r=keeler This adds a config option to enable client authentication through the TLS 1.3 post-handshake auth mechanism. Differential Revision: https://phabricator.services.mozilla.com/D26540
aad1c782f75344b91db649f459dab7691d6a8942: Bug 1542835 - Expose SSLChannelInfo.resumed on nsISSLSocketControl, r=keeler,mayhemer
Michal Novotny <michal.novotny@gmail.com> - Sat, 13 Apr 2019 09:58:00 +0000 - rev 469399
Push 35865 by apavel@mozilla.com at Sat, 13 Apr 2019 21:44:49 +0000
Bug 1542835 - Expose SSLChannelInfo.resumed on nsISSLSocketControl, r=keeler,mayhemer This patch adds resumed attribute to nsISSLSocketControl, which is needed in tests that check SSL resumption (e.g. bug 1500533). Differential Revision: https://phabricator.services.mozilla.com/D26597
92392a7812125784fd9c7342bb0d1c5f6355d929: Bug 1541841 - Ship Remote Settings dump for security-state/intermediates r=keeler
Mathieu Leplatre <mathieu@mozilla.com> - Tue, 09 Apr 2019 08:28:59 +0000 - rev 468508
Push 35841 by csabou@mozilla.com at Tue, 09 Apr 2019 16:23:02 +0000
Bug 1541841 - Ship Remote Settings dump for security-state/intermediates r=keeler Ship Remote Settings dump for security-state/intermediates Differential Revision: https://phabricator.services.mozilla.com/D26301
eade880c4185727f7e2b301d6efd3c825b58949e: Bug 1542347 - eliminate needless string flattening in OSReauthenticator; r=keeler
Nathan Froyd <froydnj@mozilla.com> - Mon, 08 Apr 2019 16:26:10 +0000 - rev 468382
Push 35835 by aciure@mozilla.com at Mon, 08 Apr 2019 19:00:29 +0000
Bug 1542347 - eliminate needless string flattening in OSReauthenticator; r=keeler We already have a null-terminated `nsString` in this code; we don't need to turn it into another null-terminated `nsString`. Depends on D26355 Differential Revision: https://phabricator.services.mozilla.com/D26356
06b2ae4f86bc8a7ff5a814e01ab1f2c51870f16c: Bug 1542347 - eliminate needless string flattening in nsKeygenFormProcessor; r=keeler
Nathan Froyd <froydnj@mozilla.com> - Fri, 05 Apr 2019 20:19:13 +0000 - rev 468381
Push 35835 by aciure@mozilla.com at Mon, 08 Apr 2019 19:00:29 +0000
Bug 1542347 - eliminate needless string flattening in nsKeygenFormProcessor; r=keeler We flatten an nsAString before calling GetPublicKey, but GetPublicKey doesn't actually care about whether the string is null-terminated or not. Let's save a tiny amount of work by not doing the flattening. Differential Revision: https://phabricator.services.mozilla.com/D26355
fefc86a2f630b55ac6e2207da28353911cb8d5cc: Bug 1480925 - Removes anti-patterns related with Ci.nsIWhatever. r=keeler,yzen
Carolina Jimenez Gomez <carolina.jimenez.g@gmail.com> - Fri, 05 Apr 2019 16:51:16 +0000 - rev 468197
Push 35822 by shindli@mozilla.com at Fri, 05 Apr 2019 21:47:45 +0000
Bug 1480925 - Removes anti-patterns related with Ci.nsIWhatever. r=keeler,yzen Differential Revision: https://phabricator.services.mozilla.com/D25686
812b90269ab5eb9a2d775956df789864174d5fb2: Bug 1512505 - Log a message in web console when a site is only supporting TLS 1.0 or 1.1. r=keeler
Carolina Jimenez Gomez <carolina.jimenez.g@gmail.com> - Thu, 04 Apr 2019 23:37:20 +0000 - rev 468059
Push 35817 by btara@mozilla.com at Fri, 05 Apr 2019 09:48:43 +0000
Bug 1512505 - Log a message in web console when a site is only supporting TLS 1.0 or 1.1. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D25660
1c9062e713bf3256ec6c3d2f465c7850b7e40098: Bug 1539578 - Add telemetry for DH use in WebCrypto API r=keeler
J.C. Jones <jjones@mozilla.com> - Tue, 02 Apr 2019 22:25:04 +0000 - rev 467721
Push 35810 by aciure@mozilla.com at Thu, 04 Apr 2019 04:33:36 +0000
Bug 1539578 - Add telemetry for DH use in WebCrypto API r=keeler Our WebCrypto implementation supports using DH as an algorithm in generateKey, which is not one of the recognized algorithms in the published specification [0]. We should seek to remove it from Firefox, but before we do, it'd be good to gather some telemetry on whether it's used at all, even in its' non-standard form. [0] https://www.w3.org/TR/WebCryptoAPI/#algorithm-overview Differential Revision: https://phabricator.services.mozilla.com/D25291
f7b70caea4a5361ab87459abacc65f34206a01f8: Bug 1540123 - Use is/isnot/ok instead of Assert.equal/Assert.notEqual/Assert.ok in browser_clientAuth_ui.js r=keeler
Brian Grinstead <bgrinstead@mozilla.com> - Tue, 02 Apr 2019 21:09:05 +0000 - rev 467703
Push 35810 by aciure@mozilla.com at Thu, 04 Apr 2019 04:33:36 +0000
Bug 1540123 - Use is/isnot/ok instead of Assert.equal/Assert.notEqual/Assert.ok in browser_clientAuth_ui.js r=keeler Differential Revision: https://phabricator.services.mozilla.com/D25828
29246127b8eb06db184329cf092d985435bdf21e: Bug 1540123 - Append menuitems into the menupopup for the certificate nickname menulist in certificate selection dialog UI r=keeler
Brian Grinstead <bgrinstead@mozilla.com> - Tue, 02 Apr 2019 21:09:03 +0000 - rev 467702
Push 35810 by aciure@mozilla.com at Thu, 04 Apr 2019 04:33:36 +0000
Bug 1540123 - Append menuitems into the menupopup for the certificate nickname menulist in certificate selection dialog UI r=keeler Differential Revision: https://phabricator.services.mozilla.com/D25825
1e35279977a4b2638e9c2c5f080e99f3afaf3aac: Bug 1541085 - Web Authentication - Only reset mTransaction on cycle collection r=keeler
J.C. Jones <jjones@mozilla.com> - Tue, 02 Apr 2019 17:56:47 +0000 - rev 467647
Push 35806 by rgurzau@mozilla.com at Wed, 03 Apr 2019 04:07:39 +0000
Bug 1541085 - Web Authentication - Only reset mTransaction on cycle collection r=keeler This stack is pretty clear that calling StopListeningForVisibilityEvents (via ClearTransaction) is a no-go from the cycle collector. We need to instead just do the minimum version of bug 1540378, just reset mTransaction and move on. Differential Revision: https://phabricator.services.mozilla.com/D25804
10f14d91c8249c211f301b35cfff85907f8580dc: Bug 1540658 - Web Authentication - U2FTokenManager must obey the IPC state machine r=keeler
J.C. Jones <jjones@mozilla.com> - Tue, 02 Apr 2019 18:26:38 +0000 - rev 467643
Push 35806 by rgurzau@mozilla.com at Wed, 03 Apr 2019 04:07:39 +0000
Bug 1540658 - Web Authentication - U2FTokenManager must obey the IPC state machine r=keeler In Bug 1448408 ("Don't listen to visibility events"), I changed `U2FTokenManager:: ClearTransaction` to send aborts, to handle the new visibility states. However, `WebAuthnTransactionParent::ActorDestroy` is called at the conclusion of IPC shutdown, which calls `MaybeClearTransaction` in `U2FTokenManager`, which calls ClearTransaction, which then tries to send an Abort, which is a state machine failure since we just shut the IPC down. This patch creates a new `AbortOngoingTransaction` method which is used to send the aborts instead of shoehorning that into `ClearTransaction`, reverting `ClearTransaction` back to the prior form, and instead changes `Register` and `Sign` to call the new method. Differential Revision: https://phabricator.services.mozilla.com/D25687
37530e362d329083cb3d1a57e2c735252a1b3b83: Bug 1539578 - Add telemetry for DH use in WebCrypto API r=keeler
J.C. Jones <jjones@mozilla.com> - Tue, 02 Apr 2019 17:31:25 +0000 - rev 467633
Push 35806 by rgurzau@mozilla.com at Wed, 03 Apr 2019 04:07:39 +0000
Bug 1539578 - Add telemetry for DH use in WebCrypto API r=keeler Our WebCrypto implementation supports using DH as an algorithm in generateKey, which is not one of the recognized algorithms in the published specification [0]. We should seek to remove it from Firefox, but before we do, it'd be good to gather some telemetry on whether it's used at all, even in its' non-standard form. [0] https://www.w3.org/TR/WebCryptoAPI/#algorithm-overview Differential Revision: https://phabricator.services.mozilla.com/D25291
d28545793e92c94cf8355690574ea578e3e8b1c9: Bug 1540378 - Web Authentication: Fix teardown during cycle collection r=keeler,mccr8
J.C. Jones <jjones@mozilla.com> - Mon, 01 Apr 2019 23:13:26 +0000 - rev 467498
Push 35799 by cbrindusan@mozilla.com at Tue, 02 Apr 2019 08:35:12 +0000
Bug 1540378 - Web Authentication: Fix teardown during cycle collection r=keeler,mccr8 In Bug 1448408 ("Don't listen to visibility events"), it became possible to close a tab without a visibility event to cause transactions to cancel. This is a longstanding bug that was covered up by the visibility events. This patch updates the cycle collection code to ensure that transactions get cleared out safely, and we don't proceed to RejectTransaction (and subsequent code) on already-cycle-collected objects. Differential Revision: https://phabricator.services.mozilla.com/D25641
f7937d3264db00771b46cb1fcba71640d8df05cb: Bug 1448408 - Web Authentication - Don't immediately abort on visibility events r=keeler
J.C. Jones <jjones@mozilla.com> - Fri, 29 Mar 2019 17:59:08 +0000 - rev 466870
Push 35784 by nerli@mozilla.com at Sat, 30 Mar 2019 09:32:04 +0000
Bug 1448408 - Web Authentication - Don't immediately abort on visibility events r=keeler The published recommendation of L1 for WebAuthn changed the visibility/focus listening behaviors to a SHOULD [1], and Chromium, for reasons like our SoftU2F bug [0], opted to not interrupt on tabswitch/visibility change. Let's do the same thing. This changes the visibility mechanism to set a flag on an ongoing transaction, and then, upon multiple calls to the FIDO/U2F functions, only aborts if visibility had changed. Otherwise, subsequent callers return early. This is harder to explain than it is really to use as a user. I think. At least, my testing feels natural when I'm working within two windows, both potentially prompting WebAuthn. Note: This also affects FIDO U2F API. [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1448408#c0 [1] https://www.w3.org/TR/webauthn-1/#abortoperation Differential Revision: https://phabricator.services.mozilla.com/D25160
3561cdc13806a6ce06b42417acaef8c73c847681: Bug 1538093 - reopen security_state env as read-only when not writing r=keeler
Myk Melez <myk@mykzilla.org> - Fri, 29 Mar 2019 19:48:00 +0000 - rev 466838
Push 35784 by nerli@mozilla.com at Sat, 30 Mar 2019 09:32:04 +0000
Bug 1538093 - reopen security_state env as read-only when not writing r=keeler The new rkv-based cert_storage database caused a Heap Unclassified regression because of memory that LMDB reserves when opening a database in read-write mode. Since cert_storage usage is read-heavy, this change claws back that regression by opening it in read-only mode except when changes are being made. Differential Revision: https://phabricator.services.mozilla.com/D25098
e27fc0c01a979c6b8a423846e0461bdebe70eef4: Bug 1539541 - Enable FIDO U2F API, and permit registrations for Google Accounts r=keeler,qdot
J.C. Jones <jjones@mozilla.com> - Fri, 29 Mar 2019 17:16:13 +0000 - rev 466797
Push 35780 by opoprus@mozilla.com at Fri, 29 Mar 2019 21:53:01 +0000
Bug 1539541 - Enable FIDO U2F API, and permit registrations for Google Accounts r=keeler,qdot Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts" on dev-platform [0], this bug is to: 1. Enable the security.webauth.u2f by default, to ride the trains 2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in WebAuthnUtil.cpp, permitting the Google override to work for Register as well as Sign. This would enable Firefox users to use FIDO U2F API on most all sites, subject to the algorithm limitations discussed in the section "Thorny issues in enabling our FIDO U2F API implementation" of that post. [0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ Differential Revision: https://phabricator.services.mozilla.com/D25241
e356ebea641d36d5285b058b53b4ecc4e6eb3eff: Bug 1539578 - Add telemetry for DH use in WebCrypto API r=keeler
J.C. Jones <jjones@mozilla.com> - Fri, 29 Mar 2019 15:55:54 +0000 - rev 466794
Push 35780 by opoprus@mozilla.com at Fri, 29 Mar 2019 21:53:01 +0000
Bug 1539578 - Add telemetry for DH use in WebCrypto API r=keeler Our WebCrypto implementation supports using DH as an algorithm in generateKey, which is not one of the recognized algorithms in the published specification [0]. We should seek to remove it from Firefox, but before we do, it'd be good to gather some telemetry on whether it's used at all, even in its' non-standard form. [0] https://www.w3.org/TR/WebCryptoAPI/#algorithm-overview Differential Revision: https://phabricator.services.mozilla.com/D25291
e959f59120b66320138e1c01329ffda458d55855: Bug 1537552 - Web Authentication - isUserVerifyingPlatformAuthenticatorAvailable should return false r=keeler
J.C. Jones <jjones@mozilla.com> - Tue, 26 Mar 2019 23:42:28 +0000 - rev 466249
Push 35762 by csabou@mozilla.com at Wed, 27 Mar 2019 04:44:00 +0000
Bug 1537552 - Web Authentication - isUserVerifyingPlatformAuthenticatorAvailable should return false r=keeler The WebAuthn spec changed from the days of https://bugzilla.mozilla.org/show_bug.cgi?id=1406468#c1. Now the spec says, if there are no user-verifying platform authenticators available [0]: > Otherwise, the promise is resolved with the value of `false` ...so we should resolve false instead of never resolving. [0] https://w3c.github.io/webauthn/#abortoperation Differential Revision: https://phabricator.services.mozilla.com/D24266
f0935a5cd291518c32c0eab8688e6cec645899a0: Bug 1538621. r=keeler
Jeff Walden <jwalden@mit.edu> - Mon, 25 Mar 2019 11:17:11 -0700 - rev 466080
Push 35760 by ncsoregi@mozilla.com at Tue, 26 Mar 2019 17:43:58 +0000
Bug 1538621. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D24760
197fa5d521f10986c481b178a9a13328d1dafbd4: Bug 1538621. r=keeler
Jeff Walden <jwalden@mit.edu> - Mon, 25 Mar 2019 22:01:10 +0000 - rev 466002
Push 35758 by rgurzau@mozilla.com at Tue, 26 Mar 2019 09:51:47 +0000
Bug 1538621. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D24760
ca22160618275d1db3d12539a89609a8d7695909: Bug 1538372 - migrate revocations in single transaction r=keeler
Myk Melez <myk@mykzilla.org> - Fri, 22 Mar 2019 23:16:43 +0000 - rev 465785
Push 35746 by shindli@mozilla.com at Sat, 23 Mar 2019 09:46:24 +0000
Bug 1538372 - migrate revocations in single transaction r=keeler cert_storage migrates revocations.txt via one transaction per entry, which can be expensive. This change uses a single transaction to migrate all entries. Differential Revision: https://phabricator.services.mozilla.com/D24579
0a8395d1c49a7f21d093f76525fd2ae62b3a0adf: Bug 1533485 - nsNSSCertificateDB::handleCACertDownload shouldn't assert that it got a non-zero number of certificates r=keeler
monikamaheshwari <monikamaheshwari1996@gmail.com> - Fri, 22 Mar 2019 17:29:48 +0000 - rev 465780
Push 35746 by shindli@mozilla.com at Sat, 23 Mar 2019 09:46:24 +0000
Bug 1533485 - nsNSSCertificateDB::handleCACertDownload shouldn't assert that it got a non-zero number of certificates r=keeler Differential Revision: https://phabricator.services.mozilla.com/D23921