1e86f5cfc1cde2b364889c14f0d6393f460bf0d2: Bug 1720226 integrity checks in key4.db not happening on private components with AES_CBC default tip
Robert Relyea <rrelyea@redhat.com> - Thu, 15 Jul 2021 12:21:58 -0700 - rev 15968
Push 4002 by rrelyea@redhat.com at Mon, 26 Jul 2021 21:34:48 +0000
Bug 1720226 integrity checks in key4.db not happening on private components with AES_CBC When we added support for AES, we also added support for integrity checks on the encrypted components. It turns out the code that verifies the integrity checks was broken in 2 ways: 1. it wasn't accurately operating when AES was being used (the if statement wasn't actually triggering for AES_CBC because we were looking for AES in the wrong field). 2. password update did not update the integrity checks in the correct location, meaning any database which AES encrypted keys, and which had their password updated will not be able to validate their keys. While we found this in a previous rebase, the patch had not been pushed upstream. The attached patch needs sqlite3 to run the tests. Differential Revision: https://phabricator.services.mozilla.com/D120011
e9236397be133d5e3bcb4f162f0cdbc31f1e4153: Documentation: update and release notes for NSS 3.64 to 3.68
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 24 Jul 2021 19:17:58 +0200 - rev 15967
Push 4001 by bbeurdouche@mozilla.com at Sat, 24 Jul 2021 17:18:19 +0000
Documentation: update and release notes for NSS 3.64 to 3.68
c71bb1bedf7d9d45b34cd483097d30c8a3f01602: Bug 1720235 SSL handling of signature algorithms ignores environmental invalid algorithms.
Robert Relyea <rrelyea@redhat.com> - Tue, 20 Jul 2021 13:02:54 -0700 - rev 15966
Push 4000 by rrelyea@redhat.com at Fri, 23 Jul 2021 17:00:04 +0000
Bug 1720235 SSL handling of signature algorithms ignores environmental invalid algorithms. Our QA is quite extensive on handling of alert corner cases. Our code that checks if a signature algorithm is supported ignores the role of policy. If SHA1 is turned off by policy, for instance, we only detect that late in the game. This shows up in our test cases as decrypt_alerts rather than illegal_parameter or handshake_error alerts. It also shows up in us apparently accepting a client auth request which only has invalid alerts. We also don't handle filtering out signature algorithms that are illegal in tls 13 mode. This patch not only fixes these issues, but also issues where we proposing signature algorithms in server mode that we don't support by policy. This patch includes: In gtests: 1) adding support for policy in ssl_gtests. Currently both the server an client will run with the same policy. The patch allows us to set policy on one and keeping the old policy on the other. 2) Update extension tests which failed in tls 1.3 because the patch now correctly rejects illegal tls 1.3 auth values. The test was updated to use a legal auth value in tls 1.3 (so we are correctly testing the format issue. 3) Update extension tests to handle the case where we try to use an illegal value for tls 1.3. 4) add tests to ssl_auth_unittests.cc to make sure we can properly connect even when several auth methods are turned off by policy (make sure we don't advertize them on the client side, and that the server doesn't select them when the client doesn't advertize them). 5) add tests to ssl_auth_unittests.cc to make sure we don't send empty client auth requests when the requester only sends invalid auth requests. patch itself: 1) The handling of policy checks for ssl schemes were scattered in various locations. I've consolidated them into a single function. That function now checks for NSS_ALG_USE_IN_ANY_SIGNATURE as if this is off by policy, we will fail if we try to use the algorithm in a signature in any case. NSS now supports policy on all signature algorithms, not just DSA, so we need to check the policy of all the algorithms. 2) to support the policy check on the signature algorithms, I added a new ssl_AuthTypeToOID, which also replaces our switch in checking if the SPKI matches our auth type. 3) ssl_SignatureSchemeValid now accepts an spkiOid of SEC_OID_UNKNOWN. To allow us to filter signature schemes based on version and policy restrictions before we try to select a certificate. This prevents us from sending empty client auth messages when we are presented with only invalid signature schemes. 4) We filter supported algorithms against policy early, preventing us from sending, or even setting invalid algorithms if they are turned off by policy. 5) ssl ConsumeSignatureScheme was handling alerts inconsistently. The Consume could send an allert in it's failure case, but the check of scheme validity wouldn't sent an alert. The collers were inconstent as well. Now ssl_ConsumeSignatureScheme always sends and alert on failure, and the callers do not. Differential Revision: https://phabricator.services.mozilla.com/D120392
8f41147c21926a70a1163f9b91b01b735ed621f1: Display warning on the new NSS documentation
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 22 Jul 2021 15:26:01 +0200 - rev 15965
Push 3999 by bbeurdouche@mozilla.com at Thu, 22 Jul 2021 13:26:39 +0000
Display warning on the new NSS documentation
f2d34a957599067e31bc035ed5df357c620fc035: Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss failures.
Robert Relyea <rrelyea@redhat.com> - Tue, 20 Jul 2021 14:17:47 -0700 - rev 15964
Push 3998 by rrelyea@redhat.com at Wed, 21 Jul 2021 18:46:50 +0000
Bug 1721476 sqlite 3.34 changed it's open semantics, causing nss failures. https://sqlite.org/forum/info/42cf8e985bb051a2 sqlite is now permissive on opening a readonly file even if you ask for the file to be opened R/W. normally sqlite is very conservative in changing it's underlying semantics, but evidently they chose convience over compatibility. NSS now needs to check the file permissions itself to preserve nss semantics. Differential Revision: https://phabricator.services.mozilla.com/D120406
f12856d5d2c2fefd9be075e280cd55efdb4dfed2: Bug 1720230 Gtest update changed the gtest reports, losing gtest details in all.sh reports.
Robert Relyea <rrelyea@redhat.com> - Thu, 15 Jul 2021 15:59:36 -0700 - rev 15963
Push 3997 by rrelyea@redhat.com at Wed, 21 Jul 2021 18:41:09 +0000
Bug 1720230 Gtest update changed the gtest reports, losing gtest details in all.sh reports. This patch includes the updated .sed script, and an experiment using bash instead to see how hard it would be to make a more robust parser. The robust parser generates identical output as sed, but takes about 30x longer, so instead of subsecond operations, it takes almost half a minute. With that result, I think we can stay with sed and continue to update when we get new versions of gtests. (sigh). time cat report.xml.0 | sed -f parsegtestreport.sed > r1 real 0m0.710s user 0m0.705s sys 0m0.008s time cat report.xml.0 | sh parsegtestreport.sh > r2 real 0m25.066s user 0m17.759s sys 0m9.506s [rrelyea@localhost common]$ diff r1 r2 updated: with review comments from Martin and move the report parsing to the common code so it can be shared with both ssl_gtests and gtests shell scripts. Differential Revision: https://phabricator.services.mozilla.com/D120028
d2ec946e601afb2d2406c7b5ab9cb713dccb8ae7: Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS mode
Robert Relyea <rrelyea@redhat.com> - Tue, 13 Jul 2021 16:34:20 -0700 - rev 15962
Push 3996 by rrelyea@redhat.com at Tue, 20 Jul 2021 18:59:00 +0000
Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS mode When NSS is in FIPS mode, it should reject all primes smaller than 2048. The ike 1536 prime is in the accepted primes table. In FIPS mode it should be rejected. Differential Revision: https://phabricator.services.mozilla.com/D119895
b54b0d41e51bc302c58721c08525f85fd5e8d0f9: Bug 1720232 SQLite calls could timeout in starvation situations.
Robert Relyea <rrelyea@redhat.com> - Thu, 15 Jul 2021 14:23:55 -0700 - rev 15961
Push 3995 by rrelyea@redhat.com at Tue, 20 Jul 2021 18:54:26 +0000
Bug 1720232 SQLite calls could timeout in starvation situations. Some of our servers could cause random failures when trying to generate many key pairs from multiple threads. This is caused because some threads would starve long enough for them to give up on getting a begin transaction on sqlite. sqlite only allows one transaction at a time. Also, there were some bugs in error handling of the broken transaction case where NSS would try to cancel a transation after the begin failed (most cases were correct, but one case in particular was problematic). Differential Revision: https://phabricator.services.mozilla.com/D120032
d1b9709d8861b0946e2d117602fc293ecc53c010: Bug 1720225 Coverity/cpp scanner errors found in nss 3.67
Robert Relyea <rrelyea@redhat.com> - Tue, 13 Jul 2021 10:25:24 -0700 - rev 15960
Push 3994 by rrelyea@redhat.com at Tue, 20 Jul 2021 18:51:04 +0000
Bug 1720225 Coverity/cpp scanner errors found in nss 3.67 A number of coverity/scanner issues were found in the kdf code which was added in nss 3.44 and the fixes never upstreamed, as well as coverity/scanner errors in nss 3.66. Not all errors were fixed, those errors which were determined to be false positives were just recorded. No attempt has been made to fix coverity/scanner errors in gtests. Differential Revision: https://phabricator.services.mozilla.com/D119829
b1eac8c86e99fbd6d5dd19971f0f81992008d135: Bug 1709817 - Import the NSS documentation from MDN in nss/doc. r=beurdouche
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Wed, 14 Jul 2021 19:34:14 +0000 - rev 15959
Push 3993 by bbeurdouche@mozilla.com at Wed, 14 Jul 2021 19:36:19 +0000
Bug 1709817 - Import the NSS documentation from MDN in nss/doc. r=beurdouche Differential Revision: https://phabricator.services.mozilla.com/D119912
fc4056907596283ddfc487196f50f7189a398721: Bug 1720227 NSS using a tempdir to measure sql performance not active r=mt
Robert Relyea <rrelyea@redhat.com> - Tue, 13 Jul 2021 10:40:52 -0700 - rev 15958
Push 3992 by rrelyea@redhat.com at Tue, 13 Jul 2021 21:54:18 +0000
Bug 1720227 NSS using a tempdir to measure sql performance not active r=mt Last rebase we submitted a patch that used a subdirectory to measure the performance for the SQLite patch. This code wasn't active by default on linux, however, because of a typo in the build system. This is a low priority issue since NSS does not default to measure, so the patch only affects older versions of RHEL or users that have explicitly asked for 'measure' semantics.
de5067764e551097f809b293ca9756d4bd729626: Backed out changeset f6d43442dbe4 "Use GNU tar for the release helper script"
Julien Cristau <jcristau@mozilla.com> - Mon, 12 Jul 2021 10:45:31 +0200 - rev 15957
Push 3991 by jcristau@mozilla.com at Mon, 12 Jul 2021 08:46:36 +0000
Backed out changeset f6d43442dbe4 "Use GNU tar for the release helper script" The "gtar" command doesn't usually exist on Linux.
911bb1c1243b97bd10934e16b90a5816e613b865: Set version numbers to 3.69 Beta
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 08 Jul 2021 20:03:48 +0200 - rev 15956
Push 3990 by bbeurdouche@mozilla.com at Thu, 08 Jul 2021 18:04:09 +0000
Set version numbers to 3.69 Beta
da3d22d708c9cc0a32cff339658aeb627575e371: Added tag NSS_3_68_RTM for changeset 3680dc580194 NSS_3_68_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 08 Jul 2021 20:01:56 +0200 - rev 15955
Push 3989 by bbeurdouche@mozilla.com at Thu, 08 Jul 2021 18:02:19 +0000
Added tag NSS_3_68_RTM for changeset 3680dc580194
3680dc580194cbe3bb1004d2f7741eebc3066d2c: Set version numbers to 3.68 final NSS_3_68_BRANCH NSS_3_68_RTM
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 08 Jul 2021 20:01:32 +0200 - rev 15954
Push 3989 by bbeurdouche@mozilla.com at Thu, 08 Jul 2021 18:02:19 +0000
Set version numbers to 3.68 final
aff77f1bc68f291daff27708c947a6c83bd254f2: Bug 1713562 - Fix test leak, r=bbeurdouche NSS_3_68_BRANCH
Martin Thomson <mt@lowentropy.net> - Thu, 08 Jul 2021 17:56:31 +0000 - rev 15953
Push 3988 by bbeurdouche@mozilla.com at Thu, 08 Jul 2021 17:59:56 +0000
Bug 1713562 - Fix test leak, r=bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D119045
55a32be00e112f0b966c4d7a3b508e5075cc7e92: Bug 1713562 - Fix test leak, r=bbeurdouche
Martin Thomson <mt@lowentropy.net> - Thu, 08 Jul 2021 17:56:31 +0000 - rev 15952
Push 3987 by bbeurdouche@mozilla.com at Thu, 08 Jul 2021 17:58:40 +0000
Bug 1713562 - Fix test leak, r=bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D119045
341c2fed9ec980a470f92936f5f5ea433db57de7: Added tag NSS_3_68_BETA1 for changeset 352fca8a348e NSS_3_68_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Fri, 02 Jul 2021 14:47:43 +0200 - rev 15951
Push 3986 by bbeurdouche@mozilla.com at Fri, 02 Jul 2021 12:48:06 +0000
Added tag NSS_3_68_BETA1 for changeset 352fca8a348e
352fca8a348e8dc7cbd4a81a602b923942176bfd: Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. r=kaie NSS_3_68_BETA1
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 01 Jul 2021 11:36:31 +0000 - rev 15950
Push 3985 by bbeurdouche@mozilla.com at Thu, 01 Jul 2021 11:38:41 +0000
Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. r=kaie Differential Revision: https://phabricator.services.mozilla.com/D118368
9343c18b4df78281015ddc6b451cd3465c4c7a52: Bug 1693206 - Implement PKCS8 export of ECDSA keys
Robert Relyea <rrelyea@redhat.com> - Wed, 30 Jun 2021 15:49:25 -0700 - rev 15949
Push 3984 by rrelyea@redhat.com at Wed, 30 Jun 2021 23:12:03 +0000
Bug 1693206 - Implement PKCS8 export of ECDSA keys patch by Christoph Walcher r=rrelyea, bbeurdouche
(0) -10000 -3000 -1000 -300 -100 -50 -20 tip