import changes from `dev' branch of rmottola/Arctic-Fox:

- Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang (365e9a6a8e)
- bug 1169408 - Merge mozButtonAccessible and mozPopupButtonAccessible r=surkov (6996bb22e8)
- Bug 1162434 - Make windows emulation work on X64, r=marcoz (f0bb96de8a)
- Bug 1162434 part 2 - Fix ISimpleDOMNode Unique ID on 64 bit systems, r=surkov (1afbaa9fec)
- code style (3cabaf0882)
- Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler (59b7feea33)
- Bug 1164714 - Move netwerk/base/nsISiteSecurityService.idl into security/manager/ssl. r=keeler,mcmanus (154e93a29c)
- Bug 1164714 - Move netwerk/test/TestSTSParser.cpp into security/manager/ssl/tests/. r=keeler (7fc68a2b66)
- Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley (e967aef5fc)
- Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab (a4a85439ca)
- Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler (5388e21c64)
- Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler (5de896acc0)
- Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) (8b5e18f069)
-  Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler (f76ae9af3e)
- namespace (7817663683)
pull/8/head
roytam1 7 months ago
parent b91a6a24cc
commit f71f515508
  1. 5
      accessible/mac/AccessibleWrap.h
  2. 7
      accessible/mac/mozActionElements.h
  3. 129
      accessible/mac/mozActionElements.mm
  4. 5
      accessible/windows/msaa/nsWinUtils.cpp
  5. 7
      accessible/windows/sdn/sdnAccessible.cpp
  6. 30
      dom/locales/en-US/chrome/security/security.properties
  7. 10
      modules/libpref/init/all.js
  8. 1
      netwerk/base/moz.build
  9. 1
      netwerk/base/security-prefs.js
  10. 89
      netwerk/protocol/http/nsHttpChannel.cpp
  11. 1
      netwerk/test/moz.build
  12. 2
      security/manager/ssl/DataStorage.h
  13. 4
      security/manager/ssl/NSSErrorsService.h
  14. 4
      security/manager/ssl/PSMContentListener.h
  15. 2
      security/manager/ssl/md4.h
  16. 1
      security/manager/ssl/moz.build
  17. 31
      security/manager/ssl/nsISiteSecurityService.idl
  18. 17
      security/manager/ssl/nsNSSCallbacks.cpp
  19. 2
      security/manager/ssl/nsNSSCertificate.h
  20. 15
      security/manager/ssl/nsNSSComponent.cpp
  21. 92
      security/manager/ssl/nsNSSIOLayer.cpp
  22. 11
      security/manager/ssl/nsNSSIOLayer.h
  23. 58
      security/manager/ssl/nsNTLMAuthModule.cpp
  24. 1
      security/manager/ssl/nsNTLMAuthModule.h
  25. 126
      security/manager/ssl/nsSiteSecurityService.cpp
  26. 8
      security/manager/ssl/nsSiteSecurityService.h
  27. 4
      security/manager/ssl/tests/compiled/TestSTSParser.cpp
  28. 6
      security/manager/ssl/tests/compiled/moz.build
  29. 160
      security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
  30. 49
      security/sandbox/linux/common/SandboxInfo.cpp
  31. 20
      toolkit/components/telemetry/Histograms.json

@ -59,10 +59,7 @@ public: // construction, destruction
* for it.
*/
bool IsIgnored();
inline bool HasPopup ()
{ return (NativeState() & mozilla::a11y::states::HASPOPUP); }
/**
* Returns this accessible's all children, adhering to "flat" accessibles by
* not returning their children.

@ -9,6 +9,9 @@
/* Simple subclasses for things like checkboxes, buttons, etc. */
@interface mozButtonAccessible : mozAccessible
{
}
- (BOOL)hasPopup;
- (void)click;
- (BOOL)isTab;
@end
@ -18,10 +21,6 @@
- (int)isChecked;
@end
/* Used for buttons that may pop up a menu. */
@interface mozPopupButtonAccessible : mozButtonAccessible
@end
/* Class for tabs - not individual tabs */
@interface mozTabsAccessible : mozAccessible
{

@ -42,6 +42,7 @@ enum CheckboxValue {
NSAccessibilityEnabledAttribute, // required
NSAccessibilityFocusedAttribute, // required
NSAccessibilityTitleAttribute, // required
NSAccessibilityChildrenAttribute,
NSAccessibilityDescriptionAttribute,
#if DEBUG
@"AXMozDescription",
@ -57,15 +58,19 @@ enum CheckboxValue {
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([attribute isEqualToString:NSAccessibilityChildrenAttribute])
if ([attribute isEqualToString:NSAccessibilityChildrenAttribute]) {
if ([self hasPopup])
return [self children];
return nil;
}
if ([attribute isEqualToString:NSAccessibilityRoleDescriptionAttribute]) {
if ([self isTab])
return utils::LocalizedString(NS_LITERAL_STRING("tab"));
return NSAccessibilityRoleDescription([self role], nil);
}
return [super accessibilityAttributeValue:attribute];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
@ -80,36 +85,49 @@ enum CheckboxValue {
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([self isEnabled])
if ([self isEnabled]) {
if ([self hasPopup])
return [NSArray arrayWithObjects:NSAccessibilityPressAction,
NSAccessibilityShowMenuAction,
nil];
return [NSArray arrayWithObject:NSAccessibilityPressAction];
}
return nil;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (NSString*)accessibilityActionDescription:(NSString*)action
- (NSString*)accessibilityActionDescription:(NSString*)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([action isEqualToString:NSAccessibilityPressAction]) {
if ([self isTab])
return utils::LocalizedString(NS_LITERAL_STRING("switch"));
return @"press button"; // XXX: localize this later?
}
if ([self hasPopup]) {
if ([action isEqualToString:NSAccessibilityShowMenuAction])
return @"show menu";
}
return nil;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (void)accessibilityPerformAction:(NSString*)action
- (void)accessibilityPerformAction:(NSString*)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK;
if ([action isEqualToString:NSAccessibilityPressAction])
if ([self isEnabled] && [action isEqualToString:NSAccessibilityPressAction]) {
// TODO: this should bring up the menu, but currently doesn't.
// once msaa and atk have merged better, they will implement
// the action needed to show the menu.
[self click];
}
NS_OBJC_END_TRY_ABORT_BLOCK;
}
@ -127,6 +145,12 @@ enum CheckboxValue {
return (accWrap && (accWrap->Role() == roles::PAGETAB));
}
- (BOOL)hasPopup
{
AccessibleWrap* accWrap = [self getGeckoAccessible];
return accWrap && (accWrap->NativeState() & mozilla::a11y::states::HASPOPUP);
}
@end
@implementation mozCheckboxAccessible
@ -170,91 +194,6 @@ enum CheckboxValue {
@end
@implementation mozPopupButtonAccessible
- (NSArray *)accessibilityAttributeNames
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
static NSArray *attributes = nil;
if (!attributes) {
attributes = [[NSArray alloc] initWithObjects:NSAccessibilityParentAttribute, // required
NSAccessibilityPositionAttribute, // required
NSAccessibilityRoleAttribute, // required
NSAccessibilitySizeAttribute, // required
NSAccessibilityWindowAttribute, // required
NSAccessibilityTopLevelUIElementAttribute, // required
NSAccessibilityHelpAttribute,
NSAccessibilityEnabledAttribute, // required
NSAccessibilityFocusedAttribute, // required
NSAccessibilityTitleAttribute, // required for popupmenus, and for menubuttons with a title
NSAccessibilityChildrenAttribute, // required
NSAccessibilityDescriptionAttribute, // required if it has no title attr
#if DEBUG
@"AXMozDescription",
#endif
nil];
}
return attributes;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (id)accessibilityAttributeValue:(NSString *)attribute
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([attribute isEqualToString:NSAccessibilityChildrenAttribute]) {
return [super children];
}
return [super accessibilityAttributeValue:attribute];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (NSArray *)accessibilityActionNames
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([self isEnabled]) {
return [NSArray arrayWithObjects:NSAccessibilityPressAction,
NSAccessibilityShowMenuAction,
nil];
}
return nil;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (NSString *)accessibilityActionDescription:(NSString *)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([action isEqualToString:NSAccessibilityShowMenuAction])
return @"show menu";
return [super accessibilityActionDescription:action];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (void)accessibilityPerformAction:(NSString *)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK;
// both the ShowMenu and Click action do the same thing.
if ([self isEnabled]) {
// TODO: this should bring up the menu, but currently doesn't.
// once msaa and atk have merged better, they will implement
// the action needed to show the menu.
[super click];
}
NS_OBJC_END_TRY_ABORT_BLOCK;
}
@end
@implementation mozTabsAccessible
- (void)dealloc

@ -149,7 +149,10 @@ WindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
switch (msg) {
case WM_GETOBJECT:
{
if (lParam == OBJID_CLIENT) {
// Do explicit casting to make it working on 64bit systems (see bug 649236
// for details).
int32_t objId = static_cast<DWORD>(lParam);
if (objId == OBJID_CLIENT) {
DocAccessible* document =
nsWinUtils::sHWNDCache->GetWeak(static_cast<void*>(hWnd));
if (document) {

@ -106,8 +106,11 @@ sdnAccessible::get_nodeInfo(BSTR __RPC_FAR* aNodeName,
// focus events, to correlate back to data nodes in their internal object
// model.
Accessible* accessible = GetAccessible();
*aUniqueID = - NS_PTR_TO_INT32(accessible ? accessible->UniqueID() :
static_cast<void*>(this));
if (accessible) {
*aUniqueID = AccessibleWrap::GetChildIDFor(accessible);
} else {
*aUniqueID = - NS_PTR_TO_INT32(static_cast<void*>(this));
}
*aNumChildren = mNode->GetChildCount();

@ -16,10 +16,32 @@ CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disa
CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token '%2$S' in CORS header 'Access-Control-Allow-Headers').
CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token '%2$S' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel).
# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security" or "HSTS"
InvalidSTSHeaders=The site specified an invalid Strict-Transport-Security header.
# LOCALIZATION NOTE: Do not translate "Public-Key-Pins or HPKP"
InvalidPKPHeaders=The site specified an invalid Public-Key-Pins header.
# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully.
STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a 'max-age' directive.
STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple 'max-age' directives.
STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid 'max-age' directive.
STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple 'includeSubDomains' directives.
STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid 'includeSubDomains' directive.
STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host.
# LOCALIZATION NOTE: Do not translate "Public-Key-Pins", "HPKP", "max-age" or "includeSubDomains"
PKPUnknownError=Public-Key-Pins: An unknown error occurred processing the header specified by the site.
PKPUntrustworthyConnection=Public-Key-Pins: The connection to the site is untrustworthy, so the specified header was ignored.
PKPCouldNotParseHeader=Public-Key-Pins: The site specified a header that could not be parsed successfully.
PKPNoMaxAge=Public-Key-Pins: The site specified a header that did not include a 'max-age' directive.
PKPMultipleMaxAges=Public-Key-Pins: The site specified a header that included multiple 'max-age' directives.
PKPInvalidMaxAge=Public-Key-Pins: The site specified a header that included an invalid 'max-age' directive.
PKPMultipleIncludeSubdomains=Public-Key-Pins: The site specified a header that included multiple 'includeSubDomains' directives.
PKPInvalidIncludeSubdomains=Public-Key-Pins: The site specified a header that included an invalid 'includeSubDomains' directive.
PKPInvalidPin=Public-Key-Pins: The site specified a header that included an invalid pin.
PKPMultipleReportURIs=Public-Key-Pins: The site specified a header that included multiple 'report-uri' directives.
PKPPinsetDoesNotMatch=Public-Key-Pins: The site specified a header that did not include a matching pin.
PKPNoBackupPin=Public-Key-Pins: The site specified a header that did not include a backup pin.
PKPCouldNotSaveState=Public-Key-Pins: An error occurred noting the site as a Public-Key-Pins host.
# LOCALIZATION NOTE: Do not translate "SHA-1"
SHA1Sig=This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.

@ -2035,6 +2035,16 @@ pref("network.automatic-ntlm-auth.allow-proxies", true);
pref("network.automatic-ntlm-auth.allow-non-fqdn", false);
pref("network.automatic-ntlm-auth.trusted-uris", "");
// The string to return to the server as the 'workstation' that the
// user is using. Bug 1046421 notes that the previous default, of the
// system hostname, could be used for user fingerprinting.
//
// However, in some network environments where allowedWorkstations is in use
// to provide a level of host-based access control, it must be set to a string
// that is listed in allowedWorkstations for the user's account in their
// AD Domain.
pref("network.generic-ntlm-auth.workstation", "WORKSTATION");
// Sub-resources HTTP-authentication:
// 0 - don't allow sub-resources to open HTTP authentication credentials
// dialogs

@ -101,7 +101,6 @@ XPIDL_SOURCES += [
'nsISerializationHelper.idl',
'nsIServerSocket.idl',
'nsISimpleStreamListener.idl',
'nsISiteSecurityService.idl',
'nsISocketTransport.idl',
'nsISocketTransportService.idl',
'nsISpeculativeConnect.idl',

@ -18,7 +18,6 @@ pref("security.tls.enable_0rtt_data", false);
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
pref("security.ssl.require_safe_negotiation", false);
pref("security.ssl.warn_missing_rfc5746", 1);
pref("security.ssl.enable_ocsp_stapling", true);
pref("security.ssl.enable_false_start", false);
pref("security.ssl.false_start.require-npn", false);

@ -1139,8 +1139,88 @@ nsHttpChannel::ProcessFailedProxyConnect(uint32_t httpStatus)
return rv;
}
static void
GetSTSConsoleErrorTag(uint32_t failureResult, nsAString& consoleErrorTag)
{
switch (failureResult) {
case nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION:
consoleErrorTag = NS_LITERAL_STRING("STSUntrustworthyConnection");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER:
consoleErrorTag = NS_LITERAL_STRING("STSCouldNotParseHeader");
break;
case nsISiteSecurityService::ERROR_NO_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("STSNoMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES:
consoleErrorTag = NS_LITERAL_STRING("STSMultipleMaxAges");
break;
case nsISiteSecurityService::ERROR_INVALID_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("STSInvalidMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("STSMultipleIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("STSInvalidIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE:
consoleErrorTag = NS_LITERAL_STRING("STSCouldNotSaveState");
break;
default:
consoleErrorTag = NS_LITERAL_STRING("STSUnknownError");
break;
}
}
static void
GetPKPConsoleErrorTag(uint32_t failureResult, nsAString& consoleErrorTag)
{
switch (failureResult) {
case nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION:
consoleErrorTag = NS_LITERAL_STRING("PKPUntrustworthyConnection");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER:
consoleErrorTag = NS_LITERAL_STRING("PKPCouldNotParseHeader");
break;
case nsISiteSecurityService::ERROR_NO_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("PKPNoMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES:
consoleErrorTag = NS_LITERAL_STRING("PKPMultipleMaxAges");
break;
case nsISiteSecurityService::ERROR_INVALID_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("PKPInvalidMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("PKPMultipleIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("PKPInvalidIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_INVALID_PIN:
consoleErrorTag = NS_LITERAL_STRING("PKPInvalidPin");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS:
consoleErrorTag = NS_LITERAL_STRING("PKPMultipleReportURIs");
break;
case nsISiteSecurityService::ERROR_PINSET_DOES_NOT_MATCH_CHAIN:
consoleErrorTag = NS_LITERAL_STRING("PKPPinsetDoesNotMatch");
break;
case nsISiteSecurityService::ERROR_NO_BACKUP_PIN:
consoleErrorTag = NS_LITERAL_STRING("PKPNoBackupPin");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE:
consoleErrorTag = NS_LITERAL_STRING("PKPCouldNotSaveState");
break;
default:
consoleErrorTag = NS_LITERAL_STRING("PKPUnknownError");
break;
}
}
/**
* Process a single security header. Only two types are suported HSTS and HPKP.
* Process a single security header. Only two types are supported: HSTS and HPKP.
*/
nsresult
nsHttpChannel::ProcessSingleSecurityHeader(uint32_t aType,
@ -1167,18 +1247,19 @@ nsHttpChannel::ProcessSingleSecurityHeader(uint32_t aType,
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
// Process header will now discard the headers itself if the channel
// wasn't secure (whereas before it had to be checked manually)
uint32_t failureResult;
rv = sss->ProcessHeader(aType, mURI, securityHeader.get(), aSSLStatus,
aFlags, nullptr, nullptr);
aFlags, nullptr, nullptr, &failureResult);
if (NS_FAILED(rv)) {
nsAutoString consoleErrorCategory;
nsAutoString consoleErrorTag;
switch (aType) {
case nsISiteSecurityService::HEADER_HSTS:
consoleErrorTag = NS_LITERAL_STRING("InvalidSTSHeaders");
GetSTSConsoleErrorTag(failureResult, consoleErrorTag);
consoleErrorCategory = NS_LITERAL_STRING("Invalid HSTS Headers");
break;
case nsISiteSecurityService::HEADER_HPKP:
consoleErrorTag = NS_LITERAL_STRING("InvalidPKPHeaders");
GetPKPConsoleErrorTag(failureResult, consoleErrorTag);
consoleErrorCategory = NS_LITERAL_STRING("Invalid HPKP Headers");
break;
default:

@ -45,7 +45,6 @@ GeckoSimplePrograms([
CppUnitTests([
'TestBind',
'TestCookie',
'TestSTSParser',
'TestUDPSocket',
])

@ -180,6 +180,6 @@ private:
const nsString mFilename;
};
}; // namespace mozilla
} // namespace mozilla
#endif // mozilla_DataStorage_h

@ -40,8 +40,8 @@ bool IsNSSErrorCode(PRErrorCode code);
nsresult GetXPCOMFromNSSError(PRErrorCode code);
bool ErrorIsOverridable(PRErrorCode code);
} // psm
} // mozilla
} // namespace psm
} // namespace mozilla
#define NS_NSSERRORSSERVICE_CID \
{ 0x9ef18451, 0xa157, 0x4d17, { 0x81, 0x32, 0x47, 0xaf, 0xef, 0x21, 0x36, 0x89 } }

@ -21,8 +21,8 @@ namespace net {
class PChannelDiverterParent;
}
}
} // namespace net
} // namespace mozilla
namespace mozilla { namespace psm {

@ -14,7 +14,7 @@ extern "C" {
/**
* md4sum - computes the MD4 sum over the input buffer per RFC 1320
*
*
* @param input
* buffer containing input data
* @param inputLen

@ -31,6 +31,7 @@ XPIDL_SOURCES += [
'nsIPKCS11Slot.idl',
'nsIProtectedAuthThread.idl',
'nsISecurityUITelemetry.idl',
'nsISiteSecurityService.idl',
'nsISSLStatus.idl',
'nsISSLStatusProvider.idl',
'nsITokenDialogs.idl',

@ -23,13 +23,28 @@ namespace mozilla
[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
[ref] native mozillaPkixTime(mozilla::pkix::Time);
[scriptable, uuid(e219eace-0e04-42ba-b203-58a8b327867c)]
[scriptable, uuid(e6cac961-9f03-4cc3-ad00-a829ae7304dc)]
interface nsISiteSecurityService : nsISupports
{
const uint32_t HEADER_HSTS = 0;
const uint32_t HEADER_HPKP = 1;
const uint32_t HEADER_OMS = 2;
const uint32_t Success = 0;
const uint32_t ERROR_UNKNOWN = 1;
const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
const uint32_t ERROR_NO_MAX_AGE = 4;
const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
const uint32_t ERROR_INVALID_MAX_AGE = 6;
const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
const uint32_t ERROR_INVALID_PIN = 9;
const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10;
const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11;
const uint32_t ERROR_NO_BACKUP_PIN = 12;
const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
/**
* Parses a given HTTP header and records the results internally.
* Currently two header types are supported: HSTS (aka STS) and HPKP
@ -37,9 +52,9 @@ interface nsISiteSecurityService : nsISupports
* https://tools.ietf.org/html/rfc6797
* and allows a host to specify that future HTTP requests should be
* upgraded to HTTPS.
* The Format of the HPKP header is currently defined by:
* https://tools.ietf.org/html/draft-ietf-websec-key-pinning-20
* and allows a host to speficy a subset of trusted anchors to be used
* The format of the HPKP header is defined by the HPKP specification:
* https://tools.ietf.org/html/rfc7469
* and allows a host to specify a subset of trusted anchors to be used
* in future HTTPS connections.
*
* @param aType the type of security header in question.
@ -50,6 +65,8 @@ interface nsISiteSecurityService : nsISupports
* NO_PERMANENT_STORAGE
* @param aMaxAge the parsed max-age directive of the header.
* @param aIncludeSubdomains the parsed includeSubdomains directive.
* @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
was returned.
* @return NS_OK if it succeeds
* NS_ERROR_FAILURE if it can't be parsed
* NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
@ -61,7 +78,8 @@ interface nsISiteSecurityService : nsISupports
in nsISSLStatus aSSLStatus,
in uint32_t aFlags,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains);
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
/**
* Same as processHeader but without checking for the security properties
@ -72,7 +90,8 @@ interface nsISiteSecurityService : nsISupports
in string aHeader,
in uint32_t aFlags,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains);
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
/**
* Given a header type, removes state relating to that header of a host,

@ -31,7 +31,7 @@ extern PRLogModuleInfo* gPIPNSSLog;
namespace {
}
} // namespace
class nsHTTPDownloadEvent : public nsRunnable {
public:
@ -78,7 +78,7 @@ nsHTTPDownloadEvent::Run()
nullptr, // aLoadingNode
nsContentUtils::GetSystemPrincipal(),
nullptr, // aTriggeringPrincipal
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER,
getter_AddRefs(chan));
NS_ENSURE_STATE(chan);
@ -145,7 +145,7 @@ nsHTTPDownloadEvent::Run()
if (NS_SUCCEEDED(rv)) {
mStartTime = TimeStamp::Now();
rv = hchan->AsyncOpen(mListener->mLoader, nullptr);
rv = hchan->AsyncOpen2(mListener->mLoader);
}
if (NS_FAILED(rv)) {
@ -1006,7 +1006,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
infoObject->GetPort(),
versions.max);
bool usesWeakProtocol = false;
bool usesWeakCipher = false;
SSLChannelInfo channelInfo;
rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
@ -1018,8 +1017,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
sizeof cipherInfo);
MOZ_ASSERT(rv == SECSuccess);
if (rv == SECSuccess) {
usesWeakProtocol =
channelInfo.protocolVersion <= SSL_LIBRARY_VERSION_3_0;
usesWeakCipher = cipherInfo.symCipher == ssl_calg_rc4;
DebugOnly<int16_t> KEAUsed;
@ -1044,11 +1041,8 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
ioLayerHelpers.treatUnsafeNegotiationAsBroken();
uint32_t state;
if (usesWeakProtocol || usesWeakCipher || renegotiationUnsafe) {
if (usesWeakCipher || renegotiationUnsafe) {
state = nsIWebProgressListener::STATE_IS_BROKEN;
if (usesWeakProtocol) {
state |= nsIWebProgressListener::STATE_USES_SSL_3;
}
if (usesWeakCipher) {
state |= nsIWebProgressListener::STATE_USES_WEAK_CRYPTO;
}
@ -1063,8 +1057,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
// to log the warning. In particular, these warnings should go to the web
// console instead of to the error console. Also, the warning is not
// localized.
if (!siteSupportsSafeRenego &&
ioLayerHelpers.getWarnLevelMissingRFC5746() > 0) {
if (!siteSupportsSafeRenego) {
nsXPIDLCString hostName;
infoObject->GetHostName(getter_Copies(hostName));

@ -81,7 +81,7 @@ SECStatus ConstructCERTCertListFromReversedDERArray(
const mozilla::pkix::DERArray& certArray,
/*out*/ mozilla::ScopedCERTCertList& certList);
} // namespcae mozilla
} // namespace mozilla
class nsNSSCertList: public nsIX509CertList,
public nsISerializable,

@ -760,9 +760,9 @@ nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd)
}
}
// This function will convert from pref values like 0, 1, ...
// to the internal values of SSL_LIBRARY_VERSION_3_0,
// SSL_LIBRARY_VERSION_TLS_1_0, ...
// This function will convert from pref values like 1, 2, ...
// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0,
// SSL_LIBRARY_VERSION_TLS_1_1, ...
/*static*/ void
nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
uint32_t minFromPrefs,
@ -771,8 +771,8 @@ nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
{
rangeOut = defaults;
// determine what versions are supported
SSLVersionRange range;
if (SSL_VersionRangeGetSupported(ssl_variant_stream, &range)
SSLVersionRange supported;
if (SSL_VersionRangeGetSupported(ssl_variant_stream, &supported)
!= SECSuccess) {
return;
}
@ -782,7 +782,8 @@ nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
maxFromPrefs += SSL_LIBRARY_VERSION_3_0;
// if min/maxFromPrefs are invalid, use defaults
if (minFromPrefs > maxFromPrefs ||
minFromPrefs < range.min || maxFromPrefs > range.max) {
minFromPrefs < supported.min || maxFromPrefs > supported.max ||
minFromPrefs < SSL_LIBRARY_VERSION_TLS_1_0) {
return;
}
@ -946,7 +947,7 @@ nsresult
nsNSSComponent::setEnabledTLSVersions()
{
// keep these values in sync with security-prefs.js
// 0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, etc.
// 1 means TLS 1.0, 2 means TLS 1.1, etc.
static const uint32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
static const uint32_t PSM_DEFAULT_MAX_TLS_VERSION = 4;

@ -681,7 +681,7 @@ getSocketInfoIfRunning(PRFileDesc* fd, Operation op,
return socketInfo;
}
} // unnnamed namespace
} // namespace
static PRStatus
nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
@ -736,7 +736,7 @@ nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
mTLSIntoleranceInfo.Put(key, entry);
}
void
uint16_t
nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
int16_t port)
{
@ -745,10 +745,12 @@ nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
MutexAutoLock lock(mutex);
uint16_t tolerant = 0;
IntoleranceEntry entry;
if (mTLSIntoleranceInfo.Get(key, &entry)) {
entry.AssertInvariant();
tolerant = entry.tolerant;
entry.intolerant = 0;
entry.intoleranceReason = 0;
if (entry.strongCipherStatus != StrongCiphersWorked) {
@ -758,6 +760,8 @@ nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
entry.AssertInvariant();
mTLSIntoleranceInfo.Put(key, entry);
}
return tolerant;
}
bool
@ -780,7 +784,47 @@ nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
{
if (intolerant <= minVersion || fallbackLimitReached(hostName, intolerant)) {
// We can't fall back any further. Assume that intolerance isn't the issue.
forgetIntolerance(hostName, port);
uint32_t tolerant = forgetIntolerance(hostName, port);
// If we know the server is tolerant at the version, we don't have to
// gather the telemetry.
if (intolerant <= tolerant) {
return false;
}
/*uint32_t fallbackLimitBucket = 0;
// added if the version has reached the min version.
if (intolerant <= minVersion) {
switch (minVersion) {
case SSL_LIBRARY_VERSION_TLS_1_0:
fallbackLimitBucket += 1;
break;
case SSL_LIBRARY_VERSION_TLS_1_1:
fallbackLimitBucket += 2;
break;
case SSL_LIBRARY_VERSION_TLS_1_2:
fallbackLimitBucket += 3;
break;
}
}
// added if the version has reached the fallback limit.
if (intolerant <= mVersionFallbackLimit) {
switch (mVersionFallbackLimit) {
case SSL_LIBRARY_VERSION_TLS_1_0:
fallbackLimitBucket += 4;
break;
case SSL_LIBRARY_VERSION_TLS_1_1:
fallbackLimitBucket += 8;
break;
case SSL_LIBRARY_VERSION_TLS_1_2:
fallbackLimitBucket += 12;
break;
}
}
if (fallbackLimitBucket) {
Telemetry::Accumulate(Telemetry::SSL_FALLBACK_LIMIT_REACHED,
fallbackLimitBucket);
}*/
return false;
}
@ -1080,20 +1124,9 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
// When not using a proxy we'll see a connection reset error.
// When using a proxy, we'll see an end of file error.
// In addition check for some error codes where it is reasonable
// to retry without TLS.
// Don't allow STARTTLS connections to fall back on connection resets or
// EOF. Also, don't fall back from TLS 1.0 to SSL 3.0 for connection
// resets, because connection resets have too many false positives,
// and we want to maximize how often we send TLS 1.0+ with extensions
// if at all reasonable. Unfortunately, it appears we have to allow
// fallback from TLS 1.2 and TLS 1.1 for connection resets due to bad
// servers and possibly bad intermediaries.
if (err == PR_CONNECT_RESET_ERROR &&
range.max <= SSL_LIBRARY_VERSION_TLS_1_0) {
return false;
}
// EOF.
if ((err == PR_CONNECT_RESET_ERROR || err == PR_END_OF_FILE_ERROR)
&& socketInfo->GetForSTARTTLS()) {
return false;
@ -1203,7 +1236,7 @@ checkHandshake(int32_t bytesTransfered, bool wasReading,
return bytesTransfered;
}
}
} // namespace
static int16_t
nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags)
@ -1255,7 +1288,6 @@ nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags)
nsSSLIOLayerHelpers::nsSSLIOLayerHelpers()
: mTreatUnsafeNegotiationAsBroken(false)
, mWarnLevelMissingRFC5746(1)
, mTLSIntoleranceInfo()
, mFalseStartRequireNPN(false)
, mUseStaticFallbackList(true)
@ -1469,10 +1501,6 @@ PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
bool enabled;
Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
mOwner->setTreatUnsafeNegotiationAsBroken(enabled);
} else if (prefName.EqualsLiteral("security.ssl.warn_missing_rfc5746")) {
int32_t warnLevel = 1;
Preferences::GetInt("security.ssl.warn_missing_rfc5746", &warnLevel);
mOwner->setWarnLevelMissingRFC5746(warnLevel);
} else if (prefName.EqualsLiteral("security.ssl.false_start.require-npn")) {
mOwner->mFalseStartRequireNPN =
Preferences::GetBool("security.ssl.false_start.require-npn",
@ -1519,8 +1547,6 @@ nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers()
if (mPrefObserver) {
Preferences::RemoveObserver(mPrefObserver,
"security.ssl.treat_unsafe_negotiation_as_broken");
Preferences::RemoveObserver(mPrefObserver,
"security.ssl.warn_missing_rfc5746");
Preferences::RemoveObserver(mPrefObserver,
"security.ssl.false_start.require-npn");
Preferences::RemoveObserver(mPrefObserver,
@ -1581,10 +1607,6 @@ nsSSLIOLayerHelpers::Init()
Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
setTreatUnsafeNegotiationAsBroken(enabled);
int32_t warnLevel = 1;
Preferences::GetInt("security.ssl.warn_missing_rfc5746", &warnLevel);
setWarnLevelMissingRFC5746(warnLevel);
mFalseStartRequireNPN =
Preferences::GetBool("security.ssl.false_start.require-npn",
FALSE_START_REQUIRE_NPN_DEFAULT);
@ -1600,8 +1622,6 @@ nsSSLIOLayerHelpers::Init()
mPrefObserver = new PrefObserver(this);
Preferences::AddStrongObserver(mPrefObserver,
"security.ssl.treat_unsafe_negotiation_as_broken");
Preferences::AddStrongObserver(mPrefObserver,
"security.ssl.warn_missing_rfc5746");
Preferences::AddStrongObserver(mPrefObserver,
"security.ssl.false_start.require-npn");
Preferences::AddStrongObserver(mPrefObserver,
@ -1716,20 +1736,6 @@ nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken()
return mTreatUnsafeNegotiationAsBroken;
}
void
nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(int32_t level)
{
MutexAutoLock lock(mutex);
mWarnLevelMissingRFC5746 = level;
}
int32_t
nsSSLIOLayerHelpers::getWarnLevelMissingRFC5746()
{
MutexAutoLock lock(mutex);
return mWarnLevelMissingRFC5746;
}
nsresult
nsSSLIOLayerNewSocket(int32_t family,
const char* host,

@ -20,8 +20,8 @@
namespace mozilla {
namespace psm {
class SharedSSLState;
}
}
} // namespace psm
} // namespace mozilla
class nsIObserver;
@ -187,12 +187,9 @@ public:
static PRIOMethods nsSSLPlaintextLayerMethods;
bool mTreatUnsafeNegotiationAsBroken;
int32_t mWarnLevelMissingRFC5746;
void setTreatUnsafeNegotiationAsBroken(bool broken);
bool treatUnsafeNegotiationAsBroken();
void setWarnLevelMissingRFC5746(int32_t level);
int32_t getWarnLevelMissingRFC5746();
private:
struct IntoleranceEntry
@ -221,7 +218,9 @@ public:
PRErrorCode intoleranceReason);
bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
PRErrorCode intoleranceReason);
void forgetIntolerance(const nsACString& hostname, int16_t port);
// returns the known tolerant version
// or 0 if there is no known tolerant version
uint16_t forgetIntolerance(const nsACString& hostname, int16_t port);
void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
/*in/out*/ SSLVersionRange& range,
/*out*/ StrongCipherStatus& strongCipherStatus);

@ -538,7 +538,7 @@ GenerateType3Msg(const nsString &domain,
uint32_t *outLen)
{
// inBuf contains Type-2 msg (the challenge) from server
MOZ_ASSERT(NS_IsMainThread());
nsresult rv;
Type2Msg msg;
@ -556,6 +556,7 @@ GenerateType3Msg(const nsString &domain,
#ifdef IS_BIG_ENDIAN
nsAutoString ucsDomainBuf, ucsUserBuf;
#endif
nsAutoCString hostBuf;
nsAutoString ucsHostBuf;
// temporary buffers for oem strings
nsAutoCString oemDomainBuf, oemUserBuf, oemHostBuf;
@ -614,16 +615,18 @@ GenerateType3Msg(const nsString &domain,
}
//
// get workstation name (use local machine's hostname)
// get workstation name
// (do not use local machine's hostname after bug 1046421)
//
char hostBuf[SYS_INFO_BUFFER_LENGTH];
if (PR_GetSystemInfo(PR_SI_HOSTNAME, hostBuf, sizeof(hostBuf)) == PR_FAILURE)
return NS_ERROR_UNEXPECTED;
hostLen = strlen(hostBuf);
rv = mozilla::Preferences::GetCString("network.generic-ntlm-auth.workstation",
&hostBuf);
if (NS_FAILED(rv)) {
return rv;
}
if (unicode)
{
// hostname is ASCII, so we can do a simple zero-pad expansion:
CopyASCIItoUTF16(nsDependentCString(hostBuf, hostLen), ucsHostBuf);
ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf);
hostPtr = ucsHostBuf.get();
hostLen = ucsHostBuf.Length() * 2;
#ifdef IS_BIG_ENDIAN
@ -632,7 +635,10 @@ GenerateType3Msg(const nsString &domain,
#endif
}
else
hostPtr = hostBuf;
{
hostPtr = hostBuf.get();
hostLen = hostBuf.Length();
}
//
// now that we have generated all of the strings, we can allocate outBuf.
@ -988,6 +994,7 @@ nsNTLMAuthModule::Init(const char *serviceName,
mDomain = domain;
mUsername = username;
mPassword = password;
mNTLMNegotiateSent = false;
return NS_OK;
}
@ -1006,16 +1013,29 @@ nsNTLMAuthModule::GetNextToken(const void *inToken,
if (PK11_IsFIPS())
return NS_ERROR_NOT_AVAILABLE;
// if inToken is non-null, then assume it contains a type 2 message...
if (inToken)
{
LogToken("in-token", inToken, inTokenLen);
rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
inTokenLen, outToken, outTokenLen);
}
else
{
rv = GenerateType1Msg(outToken, outTokenLen);
if (mNTLMNegotiateSent) {
// if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
// then the NTLMSSP_CHALLENGE (type 2) is expected
if (inToken) {
LogToken("in-token", inToken, inTokenLen);
// Now generate the NTLMSSP_AUTH (type 3)
rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
inTokenLen, outToken, outTokenLen);
} else {
LOG(("NTLMSSP_NEGOTIATE already sent and presumably "
"rejected by the server, refusing to send another"));
rv = NS_ERROR_UNEXPECTED;
}
} else {
if (inToken) {
LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
rv = NS_ERROR_UNEXPECTED;
} else {
rv = GenerateType1Msg(outToken, outTokenLen);
if (NS_SUCCEEDED(rv)) {
mNTLMNegotiateSent = true;
}
}
}
if (NS_SUCCEEDED(rv))

@ -28,6 +28,7 @@ private:
nsString mDomain;
nsString mUsername;
nsString mPassword;
bool mNTLMNegotiateSent;
};
#define NS_NTLMAUTHMODULE_CONTRACTID \

@ -404,15 +404,19 @@ nsSiteSecurityService::ProcessHeader(uint32_t aType,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
aType == nsISiteSecurityService::HEADER_HPKP,
NS_ERROR_NOT_IMPLEMENTED);
NS_ENSURE_ARG(aSSLStatus);
return ProcessHeaderInternal(aType, aSourceURI, aHeader, aSSLStatus, aFlags,
aMaxAge, aIncludeSubdomains);
aMaxAge, aIncludeSubdomains, aFailureResult);
}
NS_IMETHODIMP
@ -421,10 +425,11 @@ nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType,
const char* aHeader,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
return ProcessHeaderInternal(aType, aSourceURI, aHeader, nullptr, aFlags,
aMaxAge, aIncludeSubdomains);
aMaxAge, aIncludeSubdomains, aFailureResult);
}
nsresult
@ -434,8 +439,12 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
// Only HSTS and HPKP are supported at the moment.
NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
aType == nsISiteSecurityService::HEADER_HPKP,
@ -466,6 +475,9 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
tlsIsBroken = tlsIsBroken || trustcheck;
if (tlsIsBroken) {
SSSLOG(("SSS: discarding header from untrustworthy connection"));
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION;
}
return NS_ERROR_FAILURE;
}
}
@ -481,11 +493,11 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
switch (aType) {
case nsISiteSecurityService::HEADER_HSTS:
rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aMaxAge,
aIncludeSubdomains);
aIncludeSubdomains, aFailureResult);
break;
case nsISiteSecurityService::HEADER_HPKP:
rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags, aMaxAge,
aIncludeSubdomains);
aIncludeSubdomains, aFailureResult);
break;
default:
MOZ_CRASH("unexpected header type");
@ -493,7 +505,7 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
return rv;
}
static nsresult
static uint32_t
ParseSSSHeaders(uint32_t aType,
const char* aHeader,
bool& foundIncludeSubdomains,
@ -502,7 +514,7 @@ ParseSSSHeaders(uint32_t aType,
int64_t& maxAge,
nsTArray<nsCString>& sha256keys)
{
// Stric transport security and Public Key Pinning have very similar
// Strict transport security and Public Key Pinning have very similar
// Header formats.
// "Strict-Transport-Security" ":" OWS
@ -554,7 +566,7 @@ ParseSSSHeaders(uint32_t aType,
nsresult rv = parser.Parse();
if (NS_FAILED(rv)) {
SSSLOG(("SSS: could not parse header"));
return rv;
return nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER;
}
mozilla::LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
@ -566,7 +578,7 @@ ParseSSSHeaders(uint32_t aType,
max_age_var.Length())) {
if (foundMaxAge) {
SSSLOG(("SSS: found two max-age directives"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES;
}
SSSLOG(("SSS: found max-age directive"));
@ -577,13 +589,13 @@ ParseSSSHeaders(uint32_t aType,
char chr = directive->mValue.CharAt(i);
if (chr < '0' || chr > '9') {
SSSLOG(("SSS: invalid value for max-age directive"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
}
}
if (PR_sscanf(directive->mValue.get(), "%lld", &maxAge) != 1) {
SSSLOG(("SSS: could not parse delta-seconds"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
}
SSSLOG(("SSS: parsed delta-seconds: %lld", maxAge));
@ -592,7 +604,7 @@ ParseSSSHeaders(uint32_t aType,
include_subd_var.Length())) {
if (foundIncludeSubdomains) {
SSSLOG(("SSS: found two includeSubdomains directives"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS;
}
SSSLOG(("SSS: found includeSubdomains directive"));
@ -601,7 +613,7 @@ ParseSSSHeaders(uint32_t aType,
if (directive->mValue.Length() != 0) {
SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'",
directive->mValue.get()));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS;
}
} else if (aType == nsISiteSecurityService::HEADER_HPKP &&
directive->mName.Length() == pin_sha256_var.Length() &&
@ -610,18 +622,18 @@ ParseSSSHeaders(uint32_t aType,
SSSLOG(("SSS: found pinning entry '%s' length=%d",
directive->mValue.get(), directive->mValue.Length()));
if (!stringIsBase64EncodingOf256bitValue(directive->mValue)) {
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_PIN;
}
sha256keys.AppendElement(directive->mValue);
} else if (aType == nsISiteSecurityService::HEADER_HPKP &&
directive->mName.Length() == report_uri_var.Length() &&
directive->mName.EqualsIgnoreCase(report_uri_var.get(),
report_uri_var.Length())) {
// We doni't support the report-uri yet, but to avoid unrecognized
// We don't support the report-uri yet, but to avoid unrecognized
// directive warnings, we still have to handle its presence
if (foundReportURI) {
SSSLOG(("SSS: found two report-uri directives"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS;
}
SSSLOG(("SSS: found report-uri directive"));
foundReportURI = true;
@ -631,7 +643,7 @@ ParseSSSHeaders(uint32_t aType,
foundUnrecognizedDirective = true;
}
}
return NS_OK;
return nsISiteSecurityService::Success;
}
nsresult
@ -640,8 +652,12 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
SSSLOG(("SSS: processing HPKP header '%s'", aHeader));
NS_ENSURE_ARG(aSSLStatus);