9f216e9bd32ec708c8763e1517baba6ca241d226: Bug 1607984 - P11. Don't assume the page will be loaded synchronously. r=zombie
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:03:43 +0000 - rev 587609
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P11. Don't assume the page will be loaded synchronously. r=zombie We must wait for the iframe created by extension1 to be fully loaded before we can attempt to send a message to it. So we send a message when it is ready, and suspend the execution until this message is received. Differential Revision: https://phabricator.services.mozilla.com/D70008
0b71b61415d55c72325e89a6bc96a89b49021bfa: Bug 1607984 - P10. Wait until OnStopRequest has been called to clear mRequest. ?valentin r=valentin
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:03:41 +0000 - rev 587608
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P10. Wait until OnStopRequest has been called to clear mRequest. ?valentin r=valentin The code assumed that nsJARChannel::RetargetDeliveryTo would have been called synchronously from nsJARChannel::OnStartRequest, which would be true if we weren't using a DocumentChannel. The DocumentLoadListener queue the calls to OnStartRequest until the final redirect. nsJARChannel::RetargetDelivery mRequest member is be set to forward the call. So we need to only reset it once OnStopRequest has been received. Differential Revision: https://phabricator.services.mozilla.com/D70007
0fa85c9199a94a03a9b7aede1a3aa3b7690d975c: Bug 1607984 - P9. Implement nsIThreadRetargetableStreamListener in ParentChannelListerner. r=valentin
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:03:26 +0000 - rev 587607
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P9. Implement nsIThreadRetargetableStreamListener in ParentChannelListerner. r=valentin The DocumentLoadListener is setting up a ParentChannelListener to go in between the normal listener->channel chain. ParentChannelListener not implementing nsIThreadRetargetableStreamListener would prevent a nsHtml5StreamParser settings things up so that OnDataAvailable could be sent to a html parser thread off the main thread; improving performance. Differential Revision: https://phabricator.services.mozilla.com/D70006
4c661ed81cf246840df87556f390c58134ce435f: Bug 1607984 - P7. Fix compilation failure in non-unified mode. r=valentin
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:03:18 +0000 - rev 587606
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P7. Fix compilation failure in non-unified mode. r=valentin Differential Revision: https://phabricator.services.mozilla.com/D70004
47beda24613f1a4d374ce55f8416a65512964af1: Bug 1607984 - P6. Fix test. r=MattN
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:03:03 +0000 - rev 587605
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P6. Fix test. r=MattN Following the changes to DocumentChannel the test was failing. With DC, a load may take a few event loops to start. This current test was only waiting for the load to start to the URL about:preferences#privacy-logins and would immediately tear down the window. However, this URL redirects to about:preferences#privacy ; destroying the window midway could cause XML parsing error. So now we wait for the page to fully load, and make sure we've been through both addresses. Differential Revision: https://phabricator.services.mozilla.com/D70003
348da0a8dd009370e2e39337c4c88f11e2769816: Bug 1607984 - P5. Add missing nsIIdentChannel interface. r=mattwoodrow
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:02:56 +0000 - rev 587604
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P5. Add missing nsIIdentChannel interface. r=mattwoodrow Regressiong from bug 1607987. This prevented from QueryInterface(Ci.nsIIdentChannel) in JS on the channel. Differential Revision: https://phabricator.services.mozilla.com/D70002
3d6824e92c388dc9c5f777374c3275b6dcf23516: Bug 1607984 - P4. Expose SetClassificationFlagsHelper. r=valentin
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:02:53 +0000 - rev 587603
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P4. Expose SetClassificationFlagsHelper. r=valentin Differential Revision: https://phabricator.services.mozilla.com/D70001
1cfc8aad978c4c97bd83ae9c4a2bc7eec45e59c9: Bug 1607984 - P3. Fix leak in nsDSURIContentListener. r=smaug
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:02:46 +0000 - rev 587602
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P3. Fix leak in nsDSURIContentListener. r=smaug If we were to open the window to close it immediately; we would leak a nsHtml5Parser object. Differential Revision: https://phabricator.services.mozilla.com/D70000
e11f4d334dc7c6df8ef445a3a6c51bfa62389337: Bug 1607984 - P2. Add Redirects/LastVisitInfo getters. r=mattwoodrow
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:02:38 +0000 - rev 587601
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P2. Add Redirects/LastVisitInfo getters. r=mattwoodrow Differential Revision: https://phabricator.services.mozilla.com/D69999
c499fa55d0f22f932fae538ae23f7ef3e3c8037c: Bug 1607984 - P1. Make SerializeRedirectData const. r=mattwoodrow
Jean-Yves Avenard <jyavenard@mozilla.com> - Wed, 15 Apr 2020 06:02:25 +0000 - rev 587600
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1607984 - P1. Make SerializeRedirectData const. r=mattwoodrow This also removes the need to call SerializeRedirectData to set mRedirectChannelId to the proper value and register the channel. Differential Revision: https://phabricator.services.mozilla.com/D69998
626e68daaeb2959759abfe4b035dca256efb44a9: Bug 1629747 - Avoid a couple of startup warnings in IsAboutErrorPage. r=johannh
Cameron McCormack <cam@mcc.id.au> - Wed, 15 Apr 2020 06:58:50 +0000 - rev 587599
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1629747 - Avoid a couple of startup warnings in IsAboutErrorPage. r=johannh Differential Revision: https://phabricator.services.mozilla.com/D70791
bd5b28e704e6f823caadfe311f6c44d17b1b1618: Bug 1620984 - CrashReport.cpp refactor r=ckerschb
Sebastian Streich <sstreich@mozilla.com> - Tue, 14 Apr 2020 22:04:55 +0000 - rev 587598
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1620984 - CrashReport.cpp refactor r=ckerschb Depends on D65758 Differential Revision: https://phabricator.services.mozilla.com/D66007
463069687b3d5e13f5f34b867523ff33cb78ff8d: Bug 1624128 - Update CK_GCM_PARAMS uses for PKCS11 v3.0 definition r=keeler
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 14 Apr 2020 18:32:19 +0000 - rev 587597
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1624128 - Update CK_GCM_PARAMS uses for PKCS11 v3.0 definition r=keeler This patch initializes the ulIvBits member of CK_GCM_PARAMS, which is new in PKCS11 v3. For libprio, we instead define NSS_PKCS11_2_0_COMPAT, which yields the old struct definition. Differential Revision: https://phabricator.services.mozilla.com/D67740
0ae4e20c74b2550105ec472fc9e52e3aeac2509f: Bug 1629594 - land NSS 50dcc34d470d UPGRADE_NSS_RELEASE, r=jcj
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 14 Apr 2020 17:53:38 +0000 - rev 587596
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1629594 - land NSS 50dcc34d470d UPGRADE_NSS_RELEASE, r=jcj 2020-04-13 Kevin Jacobs <kjacobs@mozilla.com> * lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11load.c: Bug 1629105 - Update PKCS11 module debug logger for v3.0 r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70582 [50dcc34d470d] [tip] 2020-04-07 Robert Relyea <rrelyea@redhat.com> * lib/ckfw/builtins/testlib/Makefile: Bug 1465613 Fix gmake issue create by the patch which adds ability to distrust certificates issued after a certain date for a specified root cert r=jcj I've been trying to run down an issue I've been having, and I think this bug is the source. Whenever I build ('gmake' build), I get the following untracted files: ? lib/ckfw/builtins/testlib/anchor.o ? lib/ckfw/builtins/testlib/bfind.o ? lib/ckfw/builtins/testlib/binst.o ? lib/ckfw/builtins/testlib/bobject.o ? lib/ckfw/builtins/testlib/bsession.o ? lib/ckfw/builtins/testlib/bslot.o ? lib/ckfw/builtins/testlib/btoken.o ? lib/ckfw/builtins/testlib/ckbiver.o ? lib/ckfw/builtins/testlib/constants.o This is because of the way lib/ckfw/builtins/testlib works, it uses the sources from the directory below, and explicitly reference them with ../{source_name}.c. The object file then becomes lib/ckfw/builtins/testlib/{OBJDIR}/../{source_name}.o. The simple fix would be to paper over the issue and just add these to .hgignore, but that would break our ability to build multiple platforms on a single source directory. I'll include a patch that fixes this issue. bob Differential Revision: https://phabricator.services.mozilla.com/D70077 [92058f185316] 2020-04-06 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/ssl_gtest/tls_hkdf_unittest.cc, lib/nss/nss.def, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c, lib/ssl/sslprimitive.c, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13hkdf.c, lib/ssl/tls13replay.c, tests/ssl/ssl.sh: Bug 1561637 TLS 1.3 does not work in FIPS mode r=mt Part 2 of 2 Use the official PKCS #11 HKDF mechanism to implement tls 1.3. 1) The new mechanism is a single derive mechanism, so we no longer need to pick it based on the underlying hmac (Note, we still need to know the underlying hmac, which is passed in as a mechanism parameter). 2) Use the new keygen to generate CKK_HKDF keys rather than doing it by hand with the random number generator (never was really the best way of doing this). 3) modify tls13hkdf.c to use the new mechanisms: 1) Extract: use the new key handle in the mechanism parameters to pass the salt when the salt is a key handle. Extract: use the explicit NULL salt parameter if for the hash len salt of zeros. 2) Expand: Expand is mostly a helper function which takes a mechanism. For regular expand, the mechanism is the normal _Derive, for the Raw version its the _Data function. That creates a data object, which is extractable in FIPS mode. 4) update slot handling in tls13hkdf.c: 1) we need to make sure that the key and the salt key are in the same slot. Provide a PK11wrap function to make that guarrentee (and use that function in PK11_WrapKey, which already has to do the same function). 2) When importing a 'data' key for the zero key case, make sure we import into the salt key's slot. If there is no salt key, use PK11_GetBestSlot() rather than PK11_GetInternal slot. Differential Revision: https://phabricator.services.mozilla.com/D69899 [3d2b1738e064] 2020-04-06 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/curve25519-vectors.h, gtests/common/testvectors/p256ecdh-vectors.h, gtests/common/testvectors/p384ecdh-vectors.h, gtests/common/testvectors/p521ecdh-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha256-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha384-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha1-vectors.h, gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha512-vectors.h, gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h, gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h, gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h, gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h, gtests/common/testvectors/rsa_pss_misc-vectors.h, gtests/common/testvectors/rsa_signature-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha224-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha256-vectors.h, gtests/common/testvectors/rsa_signature_2048_sha512-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha256-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha384-vectors.h, gtests/common/testvectors/rsa_signature_3072_sha512-vectors.h, gtests/common/testvectors/rsa_signature_4096_sha384-vectors.h, gtests/common/testvectors/rsa_signature_4096_sha512-vectors.h, gtests/common/testvectors_base/rsa_signature-vectors_base.txt, gtests/common/testvectors_base/test-structs.h, gtests/common/wycheproof/genTestVectors.py, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc, gtests/pk11_gtest/pk11_rsaoaep_unittest.cc, gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, gtests/pk11_gtest/pk11_rsapss_unittest.cc: Bug 1612260 - Add Wycheproof vectors for RSA PKCS1 and PSS signing, PKCS1 and OEAP decryption. r=bbeurdouche This patch updates the Wycheproof script to build RSA test vectors (covering PKCS1 decryption/verification, as well as PSS and OAEP) and adds the appropriate test drivers. Differential Revision: https://phabricator.services.mozilla.com/D69847 [469fd8633757] 2020-04-01 Kevin Jacobs <kjacobs@mozilla.com> * automation/taskcluster/docker-fuzz32/Dockerfile: Bug 1626751 - Add apt-transport-https & apt-utils to fuzz32 docker image r=jcj We already install these packages on the image_builder image itself. It seems they're now required on the fuzz32 image as well. Differential Revision: https://phabricator.services.mozilla.com/D69274 [c7a8195e3072] 2020-04-01 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/Makefile: Bug 1624864 - Don't force ARMv7 for gcm-arm32-neon r=jcj [858209235972] * coreconf/config.gypi, coreconf/config.mk, lib/freebl/Makefile, lib/freebl/freebl.gyp, lib/freebl/gcm.c: Bug 1620799 - Introduce NSS_DISABLE_ARM32_NEON r=jcj Only some Arm32 supports neon, so let's introduce NSS_DISABLE_ARM32_NEON to allow disabling Neon acceleration when building for Arm32. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [b47b2c35aa64] 2020-04-01 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libsoftokn3.so.txt, automation/abi-check /expected-report-libssl3.so.txt: Fixup ABI checks after libabigail update and Delegated Credentials backport. r=me [7f50f6ca7658] 2020-03-31 hajma <tropikhajma@gmail.com> * coreconf/SunOS5.mk: Bug 1625133 - Fix implicit declaration of function 'getopt' on SunOS r=jcj [744788dd18dc] 2020-03-30 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/pk11_gtest/pk11_hkdf_unittest.cc, lib/nss/nss.def, lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11pub.h, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c: Bug 1561637 TLS 1.3 does not work in FIPS mode Patch 1 of 2. This patch updates softoken and helper functions with the new PKCS #11 v3 HKDF, which handles all the correct key management so that we can work in FIPS mode 1) Salts can be passed in as data, as and explicit NULL (which per spec means a zero filled buffer of length of the underlying HMAC), or through a key handle 2) A Data object can be used as a key (explicitly allowed for this mechanism by the spec). 3) A special mechansism produces a data object rather than a key, the latter which can be exported. Softoken does not do the optional validation on the pInfo to verify that the requested values are supposed to be data rather than keys. Some other tokens may. The old hkdf mechanism has been retained for compatibility (well namely until patch 2 is created, tls is still using it). The hkdf function has been broken off into it's own function rather than inline in the derive function. Note: because the base key and/or the export key could really be a data object, our explicit handling of sensitive and extractable are adjusted to take into account that those flags do not exist in data objects. Differential Revision: https://phabricator.services.mozilla.com/D68940 [e0922aac5267] 2020-03-26 Hans Petter Jansson <hpj@cl.no> * cmd/lowhashtest/lowhashtest.c: Bug 1622555 - Fix lowhashtest argument parsing. r=kjacobs [f3c5ab41c972] 2020-03-26 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/freebl/Makefile, lib/freebl/freebl.gyp: Bug 1624377 - Replace freebl flag -msse4 by -msse4.1 -msse4.2 which are supported by older compilers r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D68407 [16ee7cb36fff] 2020-03-26 Robert Relyea <rrelyea@redhat.com> * gtests/ssl_gtest/libssl_internals.c, lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c, lib/ssl/sslspec.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13esni.c, lib/ssl/tls13exthandle.c: Bug 1623374 Need to support the new PKCS #11 Message interface for AES GCM and ChaCha Poly r=mt Update ssl to use the new PK11_AEADOp() interface. 1. We restore the use of PK11Context_Create() for AEAD operations. 2. AES GCM and CHACHA/Poly specific functions are no longer needed as PK11_AEADOp() handles all the mechanism specific processing. 3. TLS semantic differences between the two algorithms is handled by their parameters: 1. Nonce length is the length of the nonce counter. If it's zero, then XOR_Counter is used (and the nonce length is the sizeof(sslSequenceNumber)). 2. IV length is the full IV length - nonce length. 3. TLS 1.3 always uses XOR_Counter. 4. The IV is returned from the token in the encrypt case. Only in the explict nonce case is it examined. (The code depends on the fact that the count in the token will match sslSequenceNumber). I did have assert code to verify this was happening for testing, but it's removed from this patch it can be added back. 5. All the decrypt instances of XOR_Counter IV creation have been colapsed into tls13_WriteNonce(). 6. Even tough PK11_AEADOp returns and accepts the tag separately (for encrypt and decrypt respectively). The SSL code still returns the values as buffer||tag. 7. tls13_AEAD() has been enhanced so all uses of AEAD outside of the TLS stream can use it instead of their own wrapped version. It can handle streams (CreateContext() tls13_AEAD() tls13_AEAD() DestroyContext()) or single shot tls13_AEAD(context=NULL). In the later case, the keys for the single shot operation should not be resued. 8. libssl_internals.c in the gtests directory has been updated to handle advancing the internal iv counter when we artifically advance the seqNum. Since we don't have access to any token iv counter (including softoken), The code switches to simulated message mode, and updates the simulated state as appropriate. (obviously this is for testing only code as it reaches into normally private data structures). Differential Revision: https://phabricator.services.mozilla.com/D68480 [e7c7f305078e] 2020-03-26 Robert Relyea <rrelyea@redhat.com> * gtests/ssl_gtest/libssl_internals.c, lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c, lib/ssl/sslspec.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13esni.c, lib/ssl/tls13exthandle.c: Bug 1623374 Need to support the new PKCS #11 Message interface for AES GCM and ChaCha Poly r=mt Update ssl to use the new PK11_AEADOp() interface. 1. We restore the use of PK11Context_Create() for AEAD operations. 2. AES GCM and CHACHA/Poly specific functions are no longer needed as PK11_AEADOp() handles all the mechanism specific processing. 3. TLS semantic differences between the two algorithms is handled by their parameters: 1. Nonce length is the length of the nonce counter. If it's zero, then XOR_Counter is used (and the nonce length is the sizeof(sslSequenceNumber)). 2. IV length is the full IV length - nonce length. 3. TLS 1.3 always uses XOR_Counter. 4. The IV is returned from the token in the encrypt case. Only in the explict nonce case is it examined. (The code depends on the fact that the count in the token will match sslSequenceNumber). I did have assert code to verify this was happening for testing, but it's removed from this patch it can be added back. 5. All the decrypt instances of XOR_Counter IV creation have been colapsed into tls13_WriteNonce(). 6. Even tough PK11_AEADOp returns and accepts the tag separately (for encrypt and decrypt respectively). The SSL code still returns the values as buffer||tag. 7. tls13_AEAD() has been enhanced so all uses of AEAD outside of the TLS stream can use it instead of their own wrapped version. It can handle streams (CreateContext() tls13_AEAD() tls13_AEAD() DestroyContext()) or single shot tls13_AEAD(context=NULL). In the later case, the keys for the single shot operation should not be resued. 8. libssl_internals.c in the gtests directory has been updated to handle advancing the internal iv counter when we artifically advance the seqNum. Since we don't have access to any token iv counter (including softoken), The code switches to simulated message mode, and updates the simulated state as appropriate. (obviously this is for testing only code as it reaches into normally private data structures). Differential Revision: https://phabricator.services.mozilla.com/D68480 [e7c7f305078e] 2020-03-23 Kevin Jacobs <kjacobs@mozilla.com> * lib/softoken/pkcs11.c: Bug 1624402 - Fix compilation error when NO_FORK_CHECK and CHECK_FORK_* are defined r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D67911 [0225889e5292] 2020-03-23 Kevin Jacobs <kjacobs@mozilla.com> * lib/util/pkcs11.h: Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D67741 [7ab62d3d0445] 2020-03-19 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/pk11_gtest/pk11_aes_gcm_unittest.cc, gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/blapi.h, lib/freebl/blapii.h, lib/freebl/blapit.h, lib/freebl/chacha20poly1305.c, lib/freebl/gcm.c, lib/freebl/gcm.h, lib/freebl/intel-gcm-wrap.c, lib/freebl/intel-gcm.h, lib/freebl/ldvector.c, lib/freebl/loader.c, lib/freebl/loader.h, lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/nss/nss.def, lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c, lib/pk11wrap/pk11slot.c, lib/pk11wrap/secmodti.h, lib/softoken/fipstokn.c, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c, lib/softoken/sftkmessage.c, lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secport.h: Bug 1623374 Need to support the new PKCS #11 Message interface for AES GCM and ChaCha Poly PKCS #11 defines a new interface for handling AEAD type ciphers that allow multiple AEAD operations without repeating the key schedule. It also allows tokens to keep track of the number of operations, and generate IVs (depending on the cipher). This patch: 1. implement those new functions in softoken. With the addition of CKF_MESSAGE_* flags to various mechanism, we need to strip them when using the version 2 API of softoken (since there are no C_Message* function in version 2). For that we need a separate C_GetMechanismInfo function. We use the same trick we used to have a separate version function for the V2 interface. Also now that the new message functions are in their own file, they still need access to the common Session state processing functions. those have gone from static to exported within softoken to accomidate that. Same with sftk_MapDecryptError() (sftk_MapVerifyError() was also made global, though nothing else is yet using it). Only C_MessageEncrptInit(), C_EncryptMessage(), C_MessageEncryptFinal, C_MessageDecryptInit(), C_DecryptMessage(), and C_MessageDecryptFinal are implemented. C_EncryptMessageBegin(), C_EncryptMessageNext(), C_DecryptMessageBegin(), and C_DecryptMessageNext() are all part of the multi-part withing a multi-part operation and are only necessary for things like S/MIME (potentially). If we wanted to implement them, we would need more functions exported from freebl (and initaead, updateaead, finalaead for each mechanism type). 2. make those interfaces call aes_gcm and chacha20_poly1503 (and make adjustments for those ciphers). For AES, I added a new function AES_AEAD, which handles both encrypt and decrypt. Internally, the gcm functions (both the generic gcm and the intel gcm wrapper) had their init functions split into key scheduling and counter mode/tag initialization. The latter is still called from init, but the former is now for each update call. IV generation is handled by a single function in gcm.c, and shared with intel_gcm_wrapper.c Since the AES functions already know about the underlying PKCS #11 mechanism parameters, the new AEAD functions also parse the PKCS #11 GCM parameters. For Chacha/Poly new aead update functions were created called ChaChaPoly1305_Encrypt and ChaChaChaPoly1305_Decrypt. There was no Message specific initialization in the existing chacha_init, so no changes were needed there. The primary difference between _Encrypt/_Decrypt and _Seal/_Open is the fact that the tag is put at the end of the encrypted data buffer in the latter, and in a generic buffer in the former. 3. create new pk11wrap interfaces that also squash the api differences between the various mechanisms for aead (similiar to the way we do it for CBC and ECB crypto today). To accomplish this I added PK11_AEADOp() and PK11_AEADRawOp(). Both functions handle the case where the token only supports the single shot interface, by using the single short interface to simulate the Message interface. The PK11_AEADOp() also smooths out the differences in the parameters and symantics of the various mechanism so the application does not need to worry about the PKCS #11 differences in the mechanism. Both use contexts from the standard PK11_CreateContext(), so key schedules are done once for each key rather than once for each message. MESSAGE/AEAD operations are selected by adding the psuedo attribute flag CKA_NSS_MESSAGE to the requested operation (CKA_ENCRYPT, CKA_DECRYPT, CKA_SIGN, CKA_VERIFY). 4. write tests for the new interfaces Tests were added to make sure the PK11_AEADRawOp interface works, The single shot interface is used to test output of the message interface we also use two test only functions to force the connection to use the simulation interface, which is also compared to the non-simulate inteface. The AES_GCM also tests various IV generators. Differential Revision: https://phabricator.services.mozilla.com/D67552 [293ac3688ced] 2020-03-18 Kevin Jacobs <kjacobs@mozilla.com> * lib/freebl/mpi/mpcpucache.c: Bug 1623184 - Clear ECX prior to cpuid, fixing query for Extended Features r=bbeurdouche While trying to benchmark the recent HACL* AVX2 code, I noticed that it was not being called on two machines (that both support AVX2), instead using only the AVX version. In order to query for Extended Features (cpuid with EAX=7), we also need to set ECX to 0: https://www.intel.com/content/www/us/en /architecture-and-technology/64-ia-32-architectures-software- developer-vol-2a-manual.html. The current code fails to do this, resulting in flags that show no support. Initially, I wrote a separate `freebl_cpuid_ex` function that accepted a value for ECX as a separate input argument. However, some definitions of `freebl_cpuid` already zero ECX, so making this consistent is the simplest way to get the desired behavior. With this patch, the two test machines (MacOS and Linux x64) correctly use the AVX2 ChaCha20Poly1305 code. Differential Revision: https://phabricator.services.mozilla.com/D67235 [06d41fe87c58] 2020-03-17 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libsoftokn3.so.txt, cmd/pk11mode/pk11mode.c, lib/pk11wrap/pk11load.c, lib/pk11wrap/secmodi.h, lib/pk11wrap/secmodt.h, lib/softoken/fipstokn.c, lib/softoken/manifest.mn, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h, lib/softoken/sftkmessage.c, lib/softoken/softoken.gyp, lib/softoken/softoken.h, lib/softoken/softokn.def, lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h, nss/automation/abi-check/new-report-libnss3.so.txt, nss/automation /abi-check/new-report-libsoftokn3.so.txt: Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=ueno r=mt Update to PKCS #11 v3.0 part 2. Create the functions and switch to the C_Interface() function to fetch the PKCS #11 function table. Also PKCS #11 v3.0 uses a new fork safe interface. NSS can already handle the case if the PKCS #11 module happens to be fork safe (when asked by the application to refresh the tokens in the child process, NSS can detect that such a refresh is not necessary and continue. Softoken could also be put in fork_safe mode with an environment variable. With this patch it's the default, and NSS asks for the fork safe API by default. Technically softoken should implement the old non-fork safe interface when PKCS #11 v2.0 is called, but NSS no longer needs it, and doing so would double the number of PKCS #11 interfaces are needed. You can still compile with fork unsafe semantics, and the PKCS #11 V3.0 module will do the right thing and not include the fork safe flag. Firefox does not fork(), so for firefox this is simply code that is no longer compilied. We now use C_GetInterface, which allows us to specify what kind of interface we want (PKCS #11 v3.0, PKCS #11 v2.0, fork safe, etc.). Vendor specific functions can now be accessed through the C_GetInterface. If the C_GetInterface function does not exists, we fall bak to the old C_GetFunctionList. There are 24 new functions in PKCS #11 v3.0: C_GetInterfaceList - return a table of all the supported interfaces C_GetInterface - return a specific interface. You can specify interface name, version and flags separately. You can leave off any of these and you will get what the token thinks is the best match of the interfaces that meet the criteria. We do this in softoken by the order of the interface list. C_SessionCancel - Cancel one or more multipart operation C_LoginUser - Supply a user name to C_Login(). This function has no meaning for softoken, so it just returns CKR_OPERATION_NOT_INITIALIZED under the theory that if we in the future want to support usernames, the NSS db would need special initialization to make that happen. C_Message* and C_*Message* (20 functions in all) are the new AEAD interface (they are written generally so that it can be used for things other than AEAD). In this patch they are unimplemented (see the next patch). This patch adds regular (NSC_) and FIPS (FC_) versions of these functions. Also when creating the PKCS #11 v2.0 interface, we had to create a 2.0 specific version of C_GetInfo so that it can return a 2.40 in the CK_VERSION field rather than 3.00. We do this with #defines since all the function tables are generated automagically with pkcs11f.h. Differential Revision: https://phabricator.services.mozilla.com/D67240 [2364598f8a36] 2020-03-09 Benjamin Beurdouche <bbeurdouche@mozilla.com> * automation/taskcluster/scripts/run_hacl.sh, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_256.c: Bug 1612493 - Fix Firefox build for Windows 2012 x64. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D65945 [7e09cdab32d0] 2020-03-02 Kurt Miller <kurt@intricatesoftware.com> * lib/freebl/blinit.c: Bug 1618400 - Fix unused variable 'getauxval' on OpenBSD/arm64 r=jcj https://bugzilla.mozilla.org/show_bug.cgi?id=1618400 [2c989888dee7] 2020-03-02 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/blinit.c: Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>). r=kjacobs Some build environment doesn't provide <sys/auxv.h> and this causes build failure, so let's check if that header exists by using __has_include() helper. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com> [bb7c46049f26] 2020-02-28 Benjamin Beurdouche <bbeurdouche@mozilla.com> * automation/taskcluster/scripts/run_hacl.sh, lib/freebl/verified/Hacl_Chacha20.c, lib/freebl/verified/Hacl_Chacha20Poly1305_128.c, lib/freebl/verified/Hacl_Chacha20Poly1305_32.c, lib/freebl/verified/Hacl_Chacha20_Vec128.c, lib/freebl/verified/Hacl_Curve25519_51.c, lib/freebl/verified/Hacl_Kremlib.h, lib/freebl/verified/Hacl_Poly1305_128.c, lib/freebl/verified/Hacl_Poly1305_32.c, lib/freebl/verified/kremlin/include/kremlin/internal/types.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1 6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_ Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar _uint128_gcc64.h, lib/freebl/verified/libintvector.h: Bug 1617533 - Update of HACL* after libintvector.h and coding style changes. r=kjacobs *** Bug 1617533 - Clang format *** Bug 1617533 - Update HACL* commit for job in Taskcluster *** Bug 1617533 - Update HACL* Kremlin code Differential Revision: https://phabricator.services.mozilla.com/D63829 [b6677ae9067e] * automation/taskcluster/graph/src/extend.js, coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c, lib/freebl/freebl.gyp, lib/freebl/verified/Hacl_Chacha20Poly1305_256.c, lib/freebl/verified/Hacl_Chacha20Poly1305_256.h, lib/freebl/verified/Hacl_Chacha20_Vec256.c, lib/freebl/verified/Hacl_Chacha20_Vec256.h, lib/freebl/verified/Hacl_Poly1305_256.c, lib/freebl/verified/Hacl_Poly1305_256.h, nss-tool/hw-support.c: Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and Chacha20Poly1305. r=kjacobs *** Bug 1612493 - Import AVX2 code from HACL* *** Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE *** Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp *** Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2 *** Bug 1612493 - Disable tests when the platform doesn't have support for AVX2 Differential Revision: https://phabricator.services.mozilla.com/D64718 [d5deac55f543] 2020-02-18 Robert Relyea <rrelyea@redhat.com> * cmd/bltest/blapitest.c, cmd/fipstest/fipstest.c, cmd/lib/pk11table.c, cmd/pk11gcmtest/pk11gcmtest.c, cmd/shlibsign/shlibsign.c, gtests/pk11_gtest/pk11_aes_gcm_unittest.cc, gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/certdb/crl.c, lib/ckfw/dbm/db.c, lib/dev/devslot.c, lib/dev/devtoken.c, lib/dev/devutil.c, lib/freebl/fipsfreebl.c, lib/freebl/gcm.c, lib/freebl/intel-gcm-wrap.c, lib/pk11wrap/debug_module.c, lib/pk11wrap/dev3hack.c, lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11err.c, lib/pk11wrap/pk11load.c, lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11pk12.c, lib/pk11wrap/pk11pqg.c, lib/pk11wrap/pk11skey.c, lib/pk11wrap/pk11slot.c, lib/pk11wrap/pk11util.c, lib/pkcs12/p12d.c, lib/pkcs12/p12e.c, lib/softoken/fipstokn.c, lib/softoken/legacydb/lgattr.c, lib/softoken/legacydb/lgcreate.c, lib/softoken/legacydb/lgfind.c, lib/softoken/legacydb/lginit.c, lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c, lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sftkdb.c, lib/softoken/sftkpwd.c, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c, lib/ssl/tls13con.c, lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secoid.c, nss- tool/enc/enctool.cc: Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye https://phabricator.services.mozilla.com/D63241 This patch implements the first phase: updating the headers. lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h Were updated using the released OASIS PKCS #11 v3.0 header files. lib/util/pkcs11n.h was updated to finally deprecate all uses of CK?_NETSCAPE_?. A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the small semantic changes (including the removal of deprecated defines) between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are reverted in favor of the PKCS #11 v2 definitions. This include the removal of CK?_NETSCAPE_? in favor of CK?_NSS_?. One notable change was caused by an inconsistancy between the spec and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an extra field in the header that was not in the spec. OASIS considers the header file to be normative, so PKCS #11 v3.0 resolved the issue in favor of the header file definition. NSS had the spec definition, so now there are 2 defines for this structure: CK_NSS_GCM_PARAMS - the old nss define. Still used internally in freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined. Softoken has been updated to accept either CK_NSS_GCM_PARAMS or CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS. One other semantic difference between the 3.0 version of pkcs11f.h and the version here: In the oasis version of the header, you must define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In our version you must define CK_PKCS11_3 to get the PCKS #11 v3 defines. Most of this patch is to handle changing the deprecated defines that have been removed in PCKS #11 v3 from NSS. Differential Revision: https://phabricator.services.mozilla.com/D63241 [b5d90a7fe217] Differential Revision: https://phabricator.services.mozilla.com/D70773
709d078ac8ce981e2ccc1710dc201de8550aad29: Bug 1625497 - Change tab name of certificate viewer to Certificate for <Common Name>. r=johannh,fluent-reviewers
alexuwa <uwaobayagbona@gmail.com> - Wed, 15 Apr 2020 06:52:08 +0000 - rev 587595
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1625497 - Change tab name of certificate viewer to Certificate for <Common Name>. r=johannh,fluent-reviewers Differential Revision: https://phabricator.services.mozilla.com/D69695
3d4ff35ef9a990bc63de39130a1bb4642e471c7c: Backed out changeset 16bfa5c1f2ca (bug 1594529) for mochitest permafailures in builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp CLOSED TREE
Stefan Hindli <shindli@mozilla.com> - Wed, 15 Apr 2020 09:28:56 +0300 - rev 587594
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Backed out changeset 16bfa5c1f2ca (bug 1594529) for mochitest permafailures in builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp CLOSED TREE
6b974e1bf99af92f590363cdfa028e6dbd4e1118: Bug 1628626 - Fix issue when clearing output with messages from destroyed targets. r=jdescottes.
Nicolas Chevobbe <nchevobbe@mozilla.com> - Tue, 14 Apr 2020 15:18:17 +0000 - rev 587593
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1628626 - Fix issue when clearing output with messages from destroyed targets. r=jdescottes. With the new architecture, it might happen that a message (and the ObjectFronts it holds), are still displayed in the Browser Console / Browser Toolbox Console, even if the target of those object fronts was destroyed. In such case, when the user would legimitely try to clear the console, we'd try to release the fronts that were already destroyed, which would throw an exception and leave the console in a bad state. This patch simply check that the fronts are still alive when we try to release them, and adds a test (that was failing without that patch, with fission ON) for the Browser Console. Differential Revision: https://phabricator.services.mozilla.com/D70398
c00da8e9e19a68cf250a3fd0b8ca5843f5e3ee0f: Bug 1628994 - Don't render input related elements in browser console when devtools.chrome.enabled is not true. r=jlast.
Nicolas Chevobbe <nchevobbe@mozilla.com> - Tue, 14 Apr 2020 17:16:43 +0000 - rev 587592
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Bug 1628994 - Don't render input related elements in browser console when devtools.chrome.enabled is not true. r=jlast. When the pref is not set to true, we should not display the input, but also the editor toolbar, the instant evaluation result and the editor resizer. The existing test is modified to ensure we cover all these elements. Differential Revision: https://phabricator.services.mozilla.com/D70843
3009224928c0c0a2f7b4829c94a7c335fddb7652: Backed out 2 changesets (bug 1594529) for causing perma wpt2 with ValueError: badly formed hexadecimal UUID string in /cookies/samesite/iframe-reload.https.html CLOSED TREE
Stefan Hindli <shindli@mozilla.com> - Wed, 15 Apr 2020 08:41:10 +0300 - rev 587591
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Backed out 2 changesets (bug 1594529) for causing perma wpt2 with ValueError: badly formed hexadecimal UUID string in /cookies/samesite/iframe-reload.https.html CLOSED TREE Backed out changeset fbf55a44d7fb (bug 1594529) Backed out changeset 4ba9a230586a (bug 1594529)
96ff6ce7acbf2be0902a06ab18ce5b87290a0edd: Backed out changeset 887f1769a2c6 (bug 1609446) for causing bc permafails in browser/base/content/test/webextensions/browser_permissions_installTrigger.js CLOSED TREE
Stefan Hindli <shindli@mozilla.com> - Wed, 15 Apr 2020 08:20:48 +0300 - rev 587590
Push 13072 by ffxbld-merge at Mon, 04 May 2020 14:22:08 +0000
Backed out changeset 887f1769a2c6 (bug 1609446) for causing bc permafails in browser/base/content/test/webextensions/browser_permissions_installTrigger.js CLOSED TREE
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 +30000 tip