Closed Bug 1642687 Opened 8 months ago Closed 7 months ago

Upgrade Firefox 79 to use NSS 3.54

Categories

(Core :: Security: PSM, enhancement, P1)

79 Branch
enhancement

Tracking

()

RESOLVED FIXED
mozilla79
Tracking Status
firefox79 --- fixed

People

(Reporter: kjacobs, Assigned: kjacobs)

References

Details

(Whiteboard: [psm-assigned][nss])

Attachments

(7 files, 2 obsolete files)

Tracking NSS 3.54 for Firefox 79. Ultimate tag will be NSS_3_54_RTM.

Keywords: leave-open
Depends on: 1643087

[deleted]

Comment on attachment 9154681 [details]
Bug 1642687 - land NSS d211f3013abb UPGRADE_NSS_RELEASE, r=jcj

Revision D56687 was moved to bug 1603042. Setting attachment 9154681 [details] to obsolete.

Attachment #9154681 - Attachment is obsolete: true

^ Script misfire, resubmitting.

2020-06-01 Kevin Jacobs <kjacobs@mozilla.com>

* coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c,
lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c,
lib/freebl/sha256.h, lib/freebl/sha512.c, mach:
Bug 1528113 - Use ARM's crypto extension for SHA256
[ea54fd986036]

2020-06-01 Makoto Kato <m_kato@ga2.so-net.ne.jp>

* coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c,
lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c,
lib/freebl/sha256.h, lib/freebl/sha512.c:
Bug 1528113 - Use ARM's crypto extension for SHA256 r=kjacobs

ARMv8 CPU has accelerated hardware instruction for SHA256 that
supports GCC 4.9+. We should use it if available.

[61c83f79e90c]

2020-06-02 Kevin Jacobs <kjacobs@mozilla.com>

* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_0rtt_unittest.cc,
gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc,
gtests/ssl_gtest/tls_connect.h,
gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn,
lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c,
lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c,
lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c,
lib/ssl/tls13psk.h, lib/ssl/tls13replay.c:
Bug 1603042 - TLS 1.3 out-of-band PSK support r=mt

This patch adds support for External (out-of-band) PSKs in TLS 1.3.
An External PSK (EPSK) can be set by calling `SSL_AddExternalPsk`,
and removed with `SSL_RemoveExternalPsk`. `SSL_AddExternalPsk0Rtt`
can be used to add a PSK while also specifying a suite and
max_early_data_size for use with 0-RTT.

As part of handling PSKs more generically, the patch also changes
how resumption PSKs are handled internally, so as to rely on the
same mechanisms where possible.

A socket is currently limited to only one External PSK at a time. If
the server doesn't find the same identity for the configured EPSK,
it will fall back to certificate authentication.

[a2293e897889]

2020-06-03 Kevin Jacobs <kjacobs@mozilla.com>

* gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c,
lib/ssl/tls13con.c:
Bug 1643123 - Allow External PSKs to be used with Early Export
[46ef0c025cfc]

2020-06-02 Sylvestre Ledru <sledru@mozilla.com>

* lib/ssl/tls13con.c:
Bug 1642809 - Fix an assert (we need a comparison, not assignment)
r=kjacobs

[d0789cb32d8e]

2020-06-03 Mike Hommey <mh@glandium.org>

* cmd/shlibsign/Makefile:
Bug 1642153 - Avoid infinite recursion when CHECKLOC is not set.
r=jcj

[e955ece90b05]

2020-06-03 Martin Thomson <mt@lowentropy.net>

* gtests/ssl_gtest/ssl_auth_unittest.cc,
gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/tls13con.c:
Bug 1642871 - Allow tickets and PHA after resumption, r=kjacobs

The first part of this is fairly simple: we accidentally disabled
sending of session tickets after resumption.

The second part is much less obvious, because the spec is unclear.
This change takes the interpretation that it is OK to use post-
handshake authentication if the handshake is resumed, but not OK if
the handshake is based on a PSK. (This is based on a first-
principles understanding of resumption being a continuation of a
certificate-based connection rather than a reading of the spec, see
the bug for why the spec appears to be unhelpful on this point.)

This still prohibits the use of post-handshake authentication if an
external PSK was used, but that is more an abundance of caution than
anything principled.

[e9502f71b7fe]

2020-06-04 Kevin Jacobs <kjacobs@mozilla.com>

* gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c,
lib/ssl/tls13con.c:
Bug 1643123 - Allow External PSKs to be used with Early Export r=mt

This patch adjusts `tls13_exporter` to pull the hash algorithm from
the first PSK when a suite is not configured yet, which allows early
export with external PSKs.

[d211f3013abb]
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a6d6d50c239a
land NSS d211f3013abb UPGRADE_NSS_RELEASE, r=jcj

2020-06-11 Kevin Jacobs <kjacobs@mozilla.com>

* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/ssl_resumption_unittest.cc:
Bug 1644774 - Use ClearServerCache instead of
SSLInt_ClearSelfEncryptKey for ticket invalidation. r=mt

[7b2413d80ce3] [tip]

2020-06-10 Kevin Jacobs <kjacobs@mozilla.com>

* cmd/lib/basicutil.c, cmd/lib/secutil.c, cmd/lib/secutil.h,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, lib/ssl/tls13psk.c:
Bug 1603042 - Support external PSKs in tstclnt/selfserv. r=jcj

This patch adds support for TLS 1.3 external PSKs in tstclnt and
selfserv with the `-z` option.

Command examples:
- `selfserv -D -p 4443 -d . -n localhost.localdomain -w nss -V tls1.3:
-H 1 -z 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -m`
- `tstclnt -h 127.0.0.1 -p 4443 -z
0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -d . -w nss`

For OpenSSL interop:
- `openssl s_server -nocert -port 4433 -psk
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD [-psk_identity label]`

Note: If the optional label is omitted, both NSS tools and OpenSSL
default to "Client_identity".

[c1b1112af415]

2020-06-09 Kevin Jacobs <kjacobs@mozilla.com>

* lib/ssl/tls13con.c:
Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer
mode. r=mt

[238bd7912429]

2020-06-08 Kevin Jacobs <kjacobs@mozilla.com>

* lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi:
Bug 1642802 - Win64 GYP builds to use HACL* curve25519.
r=bbeurdouche

This patch causes Windows 64-bit GYP builds to use HACL* curve25519
rather than the 32-bit (fiat-crypto) implementation.

For non-clang/GCC Win64 builds, we define `KRML_VERIFIED_UINT128` to
workaround an upstream bug that breaks Win32 builds by selecting a
64-bit `__int128` implementation (in types.h).

For clang/GCC builds, using the compiler-provided type yields a ~5x
speedup on Win64.

[566fa62d6522]

2020-06-05 Jeff Walden <jwalden@mit.edu>

* lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11kea.c,
lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/secmodi.h:
Bug 1643557 - Make pk11_FindObjectByTemplate accept a size_t count
rather than a signed type to avoid internal signed-unsigned
comparison warnings. r=kjacobs

Depends on D78454

[5ee293d1a282]

* lib/pk11wrap/pk11skey.c:
Bug 1643557 - Make PK11_SetWrapKey explicitly handle being passed a
negative wrap argument, to avoid a signed-unsigned comparison.
r=kjacobs

Depends on D78453

[7bb3677a2ed0]

* lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/secmodi.h:
Bug 1643557 - Change the type of the size argument to
pk11_FindObjectsByTemplate to be size_t, consistent with the type of
some (small) numeric values passed to it after the previous
revision. r=kjacobs

Depends on D78452

[eaf223c2646a]

* lib/pk11wrap/pk11slot.c:
Bug 1643557 - Use size_t for various counts in pk11slot.c. r=kjacobs

Depends on D78451

[465a7954ce0a]

* lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11slot.c:
Bug 1643557 - Make pk11_MatchString accept a size_t length rather
than an int length (consistent with all callers), and reformulate
its internals to avoid a signed-unsigned comparison. r=kjacobs

Depends on D78450

[fff8c883ef7d]

* lib/pk11wrap/pk11skey.c, lib/ssl/sslsnce.c, lib/util/secport.h:
Bug 1643557 - Add PORT_AssertNotReached and use it instead of
PORT_Assert(!"str"), which may warn about vacuous string literal to
boolean conversions. r=kjacobs

Depends on D78449

[c0aa47eb2fdd]

* lib/util/secoid.c:
Bug 1643557 - Use SECOidTag as the type of a loop variable over all
values of that type to avoid a signed-unsigned comparison warning.
r=kjacobs

Depends on D78448

[d7f1e9975e67]

* lib/util/utilpars.c:
Bug 1643557 - Use size_t for a parameter-indexing variable to
eliminate a signed-unsigned comparison warning. r=kjacobs

Depends on D78447

[5d7206908ca7]

* lib/freebl/rsapkcs.c:
Bug 1643557 - Used unsigned int for two for-loops upper-bounded by
unsigned ints in rsa_FormatOneBlock. r=kjacobs

Depends on D78446

[ed9a1a41ca1e]

* lib/pk11wrap/debug_module.c:
Bug 1643557 - Use unsigned int for log level, consistent with
PRLogModuleLevel. r=kjacobs

[7f89fa701ce3]
Attachment #9156112 - Attachment is obsolete: true

2020-06-12 Kevin Jacobs <kjacobs@mozilla.com>

* cmd/lib/secutil.c:
Bug 1645479 - Use SECITEM_CopyItem instead of SECITEM_MakeItem in
secutil.c. r=jcj

This patch converts a call to `SECITEM_MakeItem` to use
`SECITEM_CopyItem` instead. Using the former works fine in NSS CI,
but causes build failures in mozilla-central due to differences in
how both symbols are exported (i.e. when folding nssutil into nss).

[cbf75aedf480] [tip]

2020-06-11 Kevin Jacobs <kjacobs@mozilla.com>

* gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/ssl_resumption_unittest.cc:
Bug 1644774 - Use ClearServerCache instead of
SSLInt_ClearSelfEncryptKey for ticket invalidation. r=mt

[7b2413d80ce3]

2020-06-10 Kevin Jacobs <kjacobs@mozilla.com>

* cmd/lib/basicutil.c, cmd/lib/secutil.c, cmd/lib/secutil.h,
cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, lib/ssl/tls13psk.c:
Bug 1603042 - Support external PSKs in tstclnt/selfserv. r=jcj

This patch adds support for TLS 1.3 external PSKs in tstclnt and
selfserv with the `-z` option.

Command examples:
- `selfserv -D -p 4443 -d . -n localhost.localdomain -w nss -V tls1.3:
-H 1 -z 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -m`
- `tstclnt -h 127.0.0.1 -p 4443 -z
0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -d . -w nss`

For OpenSSL interop:
- `openssl s_server -nocert -port 4433 -psk
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD [-psk_identity label]`

Note: If the optional label is omitted, both NSS tools and OpenSSL
default to "Client_identity".

[c1b1112af415]

2020-06-09 Kevin Jacobs <kjacobs@mozilla.com>

* lib/ssl/tls13con.c:
Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer
mode. r=mt

[238bd7912429]

2020-06-08 Kevin Jacobs <kjacobs@mozilla.com>

* lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi:
Bug 1642802 - Win64 GYP builds to use HACL* curve25519.
r=bbeurdouche

This patch causes Windows 64-bit GYP builds to use HACL* curve25519
rather than the 32-bit (fiat-crypto) implementation.

For non-clang/GCC Win64 builds, we define `KRML_VERIFIED_UINT128` to
workaround an upstream bug that breaks Win32 builds by selecting a
64-bit `__int128` implementation (in types.h).

For clang/GCC builds, using the compiler-provided type yields a ~5x
speedup on Win64.

[566fa62d6522]

2020-06-05 Jeff Walden <jwalden@mit.edu>

* lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11kea.c,
lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/secmodi.h:
Bug 1643557 - Make pk11_FindObjectByTemplate accept a size_t count
rather than a signed type to avoid internal signed-unsigned
comparison warnings. r=kjacobs

Depends on D78454

[5ee293d1a282]

* lib/pk11wrap/pk11skey.c:
Bug 1643557 - Make PK11_SetWrapKey explicitly handle being passed a
negative wrap argument, to avoid a signed-unsigned comparison.
r=kjacobs

Depends on D78453

[7bb3677a2ed0]

* lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11obj.c, lib/pk11wrap/secmodi.h:
Bug 1643557 - Change the type of the size argument to
pk11_FindObjectsByTemplate to be size_t, consistent with the type of
some (small) numeric values passed to it after the previous
revision. r=kjacobs

Depends on D78452

[eaf223c2646a]

* lib/pk11wrap/pk11slot.c:
Bug 1643557 - Use size_t for various counts in pk11slot.c. r=kjacobs

Depends on D78451

[465a7954ce0a]

* lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11slot.c:
Bug 1643557 - Make pk11_MatchString accept a size_t length rather
than an int length (consistent with all callers), and reformulate
its internals to avoid a signed-unsigned comparison. r=kjacobs

Depends on D78450

[fff8c883ef7d]

* lib/pk11wrap/pk11skey.c, lib/ssl/sslsnce.c, lib/util/secport.h:
Bug 1643557 - Add PORT_AssertNotReached and use it instead of
PORT_Assert(!"str"), which may warn about vacuous string literal to
boolean conversions. r=kjacobs

Depends on D78449

[c0aa47eb2fdd]

* lib/util/secoid.c:
Bug 1643557 - Use SECOidTag as the type of a loop variable over all
values of that type to avoid a signed-unsigned comparison warning.
r=kjacobs

Depends on D78448

[d7f1e9975e67]

* lib/util/utilpars.c:
Bug 1643557 - Use size_t for a parameter-indexing variable to
eliminate a signed-unsigned comparison warning. r=kjacobs

Depends on D78447

[5d7206908ca7]

* lib/freebl/rsapkcs.c:
Bug 1643557 - Used unsigned int for two for-loops upper-bounded by
unsigned ints in rsa_FormatOneBlock. r=kjacobs

Depends on D78446

[ed9a1a41ca1e]

* lib/pk11wrap/debug_module.c:
Bug 1643557 - Use unsigned int for log level, consistent with
PRLogModuleLevel. r=kjacobs

[7f89fa701ce3]
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/80b6f21783a3
land NSS cbf75aedf480 UPGRADE_NSS_RELEASE, r=jcj

2020-06-15 J.C. Jones <jjones@mozilla.com>

* lib/ckfw/builtins/nssckbi.h:
Bug 1618402 - June 2020 batch of root changes,
NSS_BUILTINS_LIBRARY_VERSION 2.42 r=bbeurdouche,KathleenWilson

All changes:

Bug 1618402 - Remove 3 Symantec roots and disable Email trust bit
for others Bug 1621151 - Disable Email trust bit for GRCA root Bug
1639987 - Remove expired Staat der Nederlanden Root CA - G2 root
cert Bug 1641718 - Remove "LuxTrust Global Root 2" root cert Bug
1641716 - Add Microsoft's non-EV roots Bug 1645174 - Add Microsec's
"e-Szigno Root CA 2017" root cert Bug 1645186 - Add "certSIGN Root
CA G2" root cert Bug 1645199 - Remove Expired AddTrust root certs

Depends on D79373

[6dcd00c13ffc] [tip]

2020-06-12 J.C. Jones <jjones@mozilla.com>

* lib/ckfw/builtins/certdata.txt:
Bug 1645186 - Add certSIGN Root CA G2 root cert r=KathleenWilson

Friendly Name: certSIGN Root CA G2 Cert Location:
http://crl.certsign.ro/certsign-rootg2.crt SHA-1 Fingerprint:
26F993B4ED3D2827B0B94BA7E9151DA38D92E532 SHA-256 Fingerprint:
657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305
Trust Flags: Websites Test URL: https://testssl-valid-
evcp.certsign.ro/

Depends on D79372

[d541eaaca2ef]

* lib/ckfw/builtins/certdata.txt:
Bug 1645174 - Add e-Szigno Root CA 2017 r=KathleenWilson,kjacobs

Depends on D79371

[6d397f2a5f01]

* lib/ckfw/builtins/certdata.txt:
Bug 1641716 - Add Microsoft non-EV roots r=KathleenWilson,kjacobs

Friendly Name: Microsoft ECC Root Certificate Authority 2017 Cert
Location: http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Ro
ot%20Certificate%20Authority%202017.crt SHA-1 Fingerprint:
999A64C37FF47D9FAB95F14769891460EEC4C3C5 SHA-256 Fingerprint:
358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02
Trust Flags: Websites Test URL:
https://acteccroot2017.pki.microsoft.com/

Friendly Name: Microsoft RSA Root Certificate Authority 2017 Cert
Location: http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Ro
ot%20Certificate%20Authority%202017.crt SHA-1 Fingerprint:
73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 SHA-256 Fingerprint:
C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0
Trust Flags: Websites Test URL:
https://actrsaroot2017.pki.microsoft.com/

Depends on D79370

[576f52ca3f02]

* lib/ckfw/builtins/certdata.txt:
Bug 1645199 - Remove Expired AddTrust root certs
r=KathleenWilson,kjacobs

Remove the following two expired AddTrust root certs from NSS.

Subject/Issuer: CN=AddTrust Class 1 CA Root; OU=AddTrust TTP
Network; O=AddTrust AB; C=SE Valid To (GMT): 5/30/2020 SHA-1
Fingerprint: CCAB0EA04C2301D6697BDD379FCD12EB24E3949D SHA-256
Fingerprint:
8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7

Subject/Issuer: CN=AddTrust External CA Root; OU=AddTrust External
TTP Network; O=AddTrust AB; C=SE Valid To (GMT): 5/30/2020 SHA-1
Fingerprint: 02FAF3E291435468607857694DF5E45B68851868 SHA-256
Fingerprint:
687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2

Mozilla EV Policy OID(s): 1.3.6.1.4.1.6449.1.2.1.5.1

Depends on D79369

[96d0279ef929]

* lib/ckfw/builtins/certdata.txt:
Bug 1641718 - Remove "LuxTrust Global Root 2" root cert
r=KathleenWilson,kjacobs

Subject: CN=LuxTrust Global Root 2; O=LuxTrust S.A.; C=LU Valid From
(GMT): 3/5/2015 Valid To (GMT): 3/5/2035 Certificate Serial Number:
0A7EA6DF4B449EDA6A24859EE6B815D3167FBBB1 SHA-1 Fingerprint:
1E0E56190AD18B2598B20444FF668A0417995F3F SHA-256 Fingerprint:
54455F7129C20B1447C418F997168F24C58FC5023BF5DA5BE2EB6E1DD8902ED5

Depends on D79368

[cc40386d3958]

* lib/ckfw/builtins/certdata.txt:
Bug 1639987 - Remove expired Staat der Nederlanden Root CA - G2 root
cert r=KathleenWilson,kjacobs

Subject: CN=Staat der Nederlanden Root CA - G2; O=Staat der
Nederlanden; C=NL Valid From (GMT): 3/26/2008 Valid To (GMT):
3/25/2020 Certificate Serial Number: 0098968C SHA-1 Fingerprint:
59AF82799186C7B47507CBCF035746EB04DDB716 SHA-256 Fingerprint:
668C83947DA63B724BECE1743C31A0E6AED0DB8EC5B31BE377BB784F91B6716F

Depends on D79367

[7236f86d8db7]

* lib/ckfw/builtins/certdata.txt:
Bug 1621151 - Disable email trust bit for TW Government Root
Certification Authority root r=kjacobs,KathleenWilson

Depends on D79366

[d56b95fc344f]

* lib/ckfw/builtins/certdata.txt:
Bug 1618402 - Disable email trust bit for several Symantec certs
r=KathleenWilson,kjacobs

Disable the Email trust bit for the following root certs"

 Subject: CN=GeoTrust Global CA; O=GeoTrust Inc.; C=US Certificate
Serial Number: 023456 SHA-1 Fingerprint:
DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 SHA-256 Fingerprint:
FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A

 Subject: CN=GeoTrust Primary Certification Authority - G2; OU=(c)
2007 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US
Certificate Serial Number: 3CB2F4480A00E2FEEB243B5E603EC36B SHA-1
Fingerprint: 8D1784D537F3037DEC70FE578B519A99E610D7B0 SHA-256
Fingerprint:
5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766

 Subject: CN=GeoTrust Primary Certification Authority - G3; OU=(c)
2008 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US
Certificate Serial Number: 15AC6E9419B2794B41F627A9C3180F1F SHA-1
Fingerprint: 039EEDB80BE7A03C6953893B20D2D9323A4C2AFD SHA-256
Fingerprint:
B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4

 Subject: CN=GeoTrust Universal CA; O=GeoTrust Inc.; C=US
Certificate Serial Number: 01 SHA-1 Fingerprint:
E621F3354379059A4B68309D8A2F74221587EC79 SHA-256 Fingerprint:
A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912

 Subject: CN=GeoTrust Universal CA 2; O=GeoTrust Inc.; C=US
Certificate Serial Number: 01 SHA-1 Fingerprint:
379A197B418545350CA60369F33C2EAF474F2079 SHA-256 Fingerprint:
A0234F3BC8527CA5628EEC81AD5D69895DA5680DC91D1CB8477F33F878B95B0B

 Subject: CN=VeriSign Class 3 Public Primary Certification Authority
- G4; OU=VeriSign Trust Network, (c) 2007 VeriSign, Inc. - For
authorized use only; O=VeriSign, Inc.; C=US Certificate Serial
Number: 2F80FE238C0E220F486712289187ACB3 SHA-1 Fingerprint:
22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A SHA-256 Fingerprint:
69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79

 Subject: CN=VeriSign Class 3 Public Primary Certification Authority
- G5; OU=VeriSign Trust Network, (c) 2006 VeriSign, Inc. - For
authorized use only; O=VeriSign, Inc.; C=US Certificate Serial
Number: 18DAD19E267DE8BB4A2158CDCC6B3B4A SHA-1 Fingerprint:
4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 SHA-256 Fingerprint:
9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF

Depends on D79365

[606157f404c2]

* lib/ckfw/builtins/certdata.txt:
Bug 1618402 - Remove VeriSign CA and associated EgyptTrust distrust
entries r=KathleenWilson,kjacobs

Remove the VeriSign Class 3 Public Primary Certification Authority -
G3 CA:

Subject: CN=VeriSign Class 3 Public Primary Certification Authority
- G3; OU=VeriSign Trust Network, (c) 1999 VeriSign, Inc. - For
authorized use only; O=VeriSign, Inc.; C=US Certificate Serial
Number: 009B7E0649A33E62B9D5EE90487129EF57 SHA-1 Fingerprint:
132D0D45534B6997CDB2D5C339E25576609B5CC6 SHA-256 Fingerprint:
EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244

Because of the removal of VeriSign Class 3 Public Primary
Certification Authority - G3, these knock-out entries, signed by
that CA, should be removed:

cert 1: Serial
Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34 Subject:
CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator
CA,OU=Terms of use at https://www.egypttrust.com/epository/rpa
(c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before:
Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018
Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D
Fingerprint (SHA1):
6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1

cert 2: Serial
Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51 Subject:
CN=Egypt Trust Class 3 Managed PKI Operational Administrator
CA,OU=Terms of use at https://www.egypttrust.com/epository/rpa
(c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before:
Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018
Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34
Fingerprint (SHA1):
9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E

cert 3: Issuer: CN=VeriSign Class 3 Public Primary Certification
Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use
nly",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US Serial
Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76 Subject:
CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of
use at https://www.egypttrust.com/repository/rpa c)08,OU=VeriSign
Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18
00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint
(MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E Fingerprint
(SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2

Depends on D79364

[8cd8fd97f0e7]

* lib/ckfw/builtins/certdata.txt:
Bug 1618402 - Remove Symantec and VeriSign roots
r=KathleenWilson,kjacobs

Remove the following root certs:

Subject: CN=Symantec Class 2 Public Primary Certification Authority
- G4; OU=Symantec Trust Network; O=Symantec Corporation; C=US
Certificate Serial Number: 34176512403BB756802D80CB7955A61E SHA-1
Fingerprint: 6724902E4801B02296401046B4B1672CA975FD2B SHA-256
Fingerprint:
FE863D0822FE7A2353FA484D5924E875656D3DC9FB58771F6F616F9D571BC592

Subject: CN=Symantec Class 1 Public Primary Certification Authority
- G4; OU=Symantec Trust Network; O=Symantec Corporation; C=US
Certificate Serial Number: 216E33A5CBD388A46F2907B4273CC4D8 SHA-1
Fingerprint: 84F2E3DD83133EA91D19527F02D729BFC15FE667 SHA-256
Fingerprint:
363F3C849EAB03B0A2A0F636D7B86D04D3AC7FCFE26A0A9121AB9795F6E176DF

[06e27f62d77b]

2020-06-15 Mike Hommey <mh@glandium.org>

* lib/freebl/Makefile, lib/freebl/manifest.mn:
Bug 1642146 - Move seed.o back into freeblpriv3. r=bbeurdouche

[f46fca8ced7f]
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/712412cb974c
land NSS 6dcd00c13ffc UPGRADE_NSS_RELEASE, r=jcj

2020-06-16 Sohaib ul Hassan <sohaibulhassan@tuni.fi>

* lib/freebl/mpi/mpi.c, lib/freebl/mpi/mpi.h,
lib/freebl/mpi/mplogic.c:
Bug 1631597 - Constant-time GCD and modular inversion
r=rrelyea,kjacobs

The implementation is based on the work by Bernstein and Yang
(https://eprint.iacr.org/2019/266) "Fast constant-time gcd
computation and modular inversion". It fixes the old mp_gcd and
s_mp_invmod_odd_m functions.

The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d
by having less control flow to reduce side-channel leaks.

Co Author : Billy Bob Brumley

[699541a7793b] [tip]
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/63a4089362fc
land NSS 699541a7793b UPGRADE_NSS_RELEASE, r=jcj

2020-06-22 Kevin Jacobs <kjacobs@mozilla.com>

* lib/util/quickder.c:
Bug 1646520 - Stricter leading-zero checks for ASN.1 INTEGER values.
r=jcj

This patch adjusts QuickDER to strictly enforce INTEGER encoding
with respect to leading zeros:
- If the MSB of the first (value) octet is set, a single zero byte MAY
be present to make the value positive. This singular pad byte is
removed.
- Otherwise, the first octet must not be zero.

[2bd2f3267dc5] [tip]
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/da52c5a88939
land NSS 2bd2f3267dc5 UPGRADE_NSS_RELEASE, r=jcj

2020-06-24 Kai Engert <kaie@kuix.de>

* automation/release/nspr-version.txt:
Bug 1640516 - NSS 3.54 should depend on NSPR 4.26. r=kjacobs

[87fa2f0598ad] [tip]

2020-06-23 Kevin Jacobs <kjacobs@mozilla.com>

* .hgtags:
Added tag NSS_3_54_BETA1 for changeset 2bd2f3267dc5
[fe2ed4384f6a]
Pushed by nerli@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/92686b940471
land NSS 87fa2f0598ad UPGRADE_NSS_RELEASE, r=jcj
Keywords: leave-open
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9df3267d7992
land NSS NSS_3_54_RTM UPGRADE_NSS_RELEASE, r=jcj
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla79
You need to log in before you can comment on or make changes to this bug.