KotJohansson
/
palemoon27
mirror of https://github.com/roytam1/palemoon27
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

import changes from `dev' branch of rmottola/Arctic-Fox:

Browse Source 
- Bug 1141906 - Adjust some assertions in Linux sandbox feature detection. r=kang (365e9a6a8e)
- bug 1169408 - Merge mozButtonAccessible and mozPopupButtonAccessible r=surkov (6996bb22e8)
- Bug 1162434 - Make windows emulation work on X64, r=marcoz (f0bb96de8a)
- Bug 1162434 part 2 - Fix ISimpleDOMNode Unique ID on 64 bit systems, r=surkov (1afbaa9fec)
- code style (3cabaf0882)
- Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler (59b7feea33)
- Bug 1164714 - Move netwerk/base/nsISiteSecurityService.idl into security/manager/ssl. r=keeler,mcmanus (154e93a29c)
- Bug 1164714 - Move netwerk/test/TestSTSParser.cpp into security/manager/ssl/tests/. r=keeler (7fc68a2b66)
- Bug 1124649 - Part 1 - Add specific error messages for various types of STS and PKP header failures. r=keeler,hurley (e967aef5fc)
- Bug 1046421 - Do not disclose the system hostname via NTLM handler. r=honzab (a4a85439ca)
- Bug 1084025 - Add telemetry to measure failures due to not falling back. r=keeler (5388e21c64)
- Bug 1106470 - Drop SSLv3 support entirely from PSM. r=keeler (5de896acc0)
- Bug 1195606 - Use channel->ascynOpen2 in security/manager/ssl/nsNSSCallbacks.cpp (r=sicking) (8b5e18f069)
-  Bug 1197644 - Remove the security.ssl.warn_missing_rfc5746 pref. r=keeler (f76ae9af3e)
- namespace (7817663683)
pull/8/head
roytam1 7 months ago
parent b91a6a24cc
commit f71f515508
31 changed files with 515 additions and 383 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      accessible/mac/AccessibleWrap.h
  2. 7
      accessible/mac/mozActionElements.h
  3. 129
      accessible/mac/mozActionElements.mm
  4. 5
      accessible/windows/msaa/nsWinUtils.cpp
  5. 7
      accessible/windows/sdn/sdnAccessible.cpp
  6. 30
      dom/locales/en-US/chrome/security/security.properties
  7. 10
      modules/libpref/init/all.js
  8. 1
      netwerk/base/moz.build
  9. 1
      netwerk/base/security-prefs.js
  10. 89
      netwerk/protocol/http/nsHttpChannel.cpp
  11. 1
      netwerk/test/moz.build
  12. 2
      security/manager/ssl/DataStorage.h
  13. 4
      security/manager/ssl/NSSErrorsService.h
  14. 4
      security/manager/ssl/PSMContentListener.h
  15. 2
      security/manager/ssl/md4.h
  16. 1
      security/manager/ssl/moz.build
  17. 31
      security/manager/ssl/nsISiteSecurityService.idl
  18. 17
      security/manager/ssl/nsNSSCallbacks.cpp
  19. 2
      security/manager/ssl/nsNSSCertificate.h
  20. 15
      security/manager/ssl/nsNSSComponent.cpp
  21. 92
      security/manager/ssl/nsNSSIOLayer.cpp
  22. 11
      security/manager/ssl/nsNSSIOLayer.h
  23. 58
      security/manager/ssl/nsNTLMAuthModule.cpp
  24. 1
      security/manager/ssl/nsNTLMAuthModule.h
  25. 126
      security/manager/ssl/nsSiteSecurityService.cpp
  26. 8
      security/manager/ssl/nsSiteSecurityService.h
  27. 4
      security/manager/ssl/tests/compiled/TestSTSParser.cpp
  28. 6
      security/manager/ssl/tests/compiled/moz.build
  29. 160
      security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
  30. 49
      security/sandbox/linux/common/SandboxInfo.cpp
  31. 20
      toolkit/components/telemetry/Histograms.json

5
accessible/mac/AccessibleWrap.h
Unescape View File

@ -59,10 +59,7 @@ public: // construction, destruction
* for it.
*/
bool IsIgnored();
inline bool HasPopup ()
{ return (NativeState() & mozilla::a11y::states::HASPOPUP); }
/**
* Returns this accessible's all children, adhering to "flat" accessibles by
* not returning their children.

7
accessible/mac/mozActionElements.h
Unescape View File

@ -9,6 +9,9 @@
/* Simple subclasses for things like checkboxes, buttons, etc. */
@interface mozButtonAccessible : mozAccessible
{
}
- (BOOL)hasPopup;
- (void)click;
- (BOOL)isTab;
@end
@ -18,10 +21,6 @@
- (int)isChecked;
@end
/* Used for buttons that may pop up a menu. */
@interface mozPopupButtonAccessible : mozButtonAccessible
@end
/* Class for tabs - not individual tabs */
@interface mozTabsAccessible : mozAccessible
{

129
accessible/mac/mozActionElements.mm
Unescape View File

@ -42,6 +42,7 @@ enum CheckboxValue {
NSAccessibilityEnabledAttribute, // required
NSAccessibilityFocusedAttribute, // required
NSAccessibilityTitleAttribute, // required
NSAccessibilityChildrenAttribute,
NSAccessibilityDescriptionAttribute,
#if DEBUG
@"AXMozDescription",
@ -57,15 +58,19 @@ enum CheckboxValue {
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([attribute isEqualToString:NSAccessibilityChildrenAttribute])
if ([attribute isEqualToString:NSAccessibilityChildrenAttribute]) {
if ([self hasPopup])
return [self children];
return nil;
}
if ([attribute isEqualToString:NSAccessibilityRoleDescriptionAttribute]) {
if ([self isTab])
return utils::LocalizedString(NS_LITERAL_STRING("tab"));
return NSAccessibilityRoleDescription([self role], nil);
}
return [super accessibilityAttributeValue:attribute];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
@ -80,36 +85,49 @@ enum CheckboxValue {
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([self isEnabled])
if ([self isEnabled]) {
if ([self hasPopup])
return [NSArray arrayWithObjects:NSAccessibilityPressAction,
NSAccessibilityShowMenuAction,
nil];
return [NSArray arrayWithObject:NSAccessibilityPressAction];
}
return nil;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (NSString*)accessibilityActionDescription:(NSString*)action
- (NSString*)accessibilityActionDescription:(NSString*)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([action isEqualToString:NSAccessibilityPressAction]) {
if ([self isTab])
return utils::LocalizedString(NS_LITERAL_STRING("switch"));
return @"press button"; // XXX: localize this later?
}
if ([self hasPopup]) {
if ([action isEqualToString:NSAccessibilityShowMenuAction])
return @"show menu";
}
return nil;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (void)accessibilityPerformAction:(NSString*)action
- (void)accessibilityPerformAction:(NSString*)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK;
if ([action isEqualToString:NSAccessibilityPressAction])
if ([self isEnabled] && [action isEqualToString:NSAccessibilityPressAction]) {
// TODO: this should bring up the menu, but currently doesn't.
// once msaa and atk have merged better, they will implement
// the action needed to show the menu.
[self click];
}
NS_OBJC_END_TRY_ABORT_BLOCK;
}
@ -127,6 +145,12 @@ enum CheckboxValue {
return (accWrap && (accWrap->Role() == roles::PAGETAB));
}
- (BOOL)hasPopup
{
AccessibleWrap* accWrap = [self getGeckoAccessible];
return accWrap && (accWrap->NativeState() & mozilla::a11y::states::HASPOPUP);
}
@end
@implementation mozCheckboxAccessible
@ -170,91 +194,6 @@ enum CheckboxValue {
@end
@implementation mozPopupButtonAccessible
- (NSArray *)accessibilityAttributeNames
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
static NSArray *attributes = nil;
if (!attributes) {
attributes = [[NSArray alloc] initWithObjects:NSAccessibilityParentAttribute, // required
NSAccessibilityPositionAttribute, // required
NSAccessibilityRoleAttribute, // required
NSAccessibilitySizeAttribute, // required
NSAccessibilityWindowAttribute, // required
NSAccessibilityTopLevelUIElementAttribute, // required
NSAccessibilityHelpAttribute,
NSAccessibilityEnabledAttribute, // required
NSAccessibilityFocusedAttribute, // required
NSAccessibilityTitleAttribute, // required for popupmenus, and for menubuttons with a title
NSAccessibilityChildrenAttribute, // required
NSAccessibilityDescriptionAttribute, // required if it has no title attr
#if DEBUG
@"AXMozDescription",
#endif
nil];
}
return attributes;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (id)accessibilityAttributeValue:(NSString *)attribute
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([attribute isEqualToString:NSAccessibilityChildrenAttribute]) {
return [super children];
}
return [super accessibilityAttributeValue:attribute];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (NSArray *)accessibilityActionNames
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([self isEnabled]) {
return [NSArray arrayWithObjects:NSAccessibilityPressAction,
NSAccessibilityShowMenuAction,
nil];
}
return nil;
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (NSString *)accessibilityActionDescription:(NSString *)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NIL;
if ([action isEqualToString:NSAccessibilityShowMenuAction])
return @"show menu";
return [super accessibilityActionDescription:action];
NS_OBJC_END_TRY_ABORT_BLOCK_NIL;
}
- (void)accessibilityPerformAction:(NSString *)action
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK;
// both the ShowMenu and Click action do the same thing.
if ([self isEnabled]) {
// TODO: this should bring up the menu, but currently doesn't.
// once msaa and atk have merged better, they will implement
// the action needed to show the menu.
[super click];
}
NS_OBJC_END_TRY_ABORT_BLOCK;
}
@end
@implementation mozTabsAccessible
- (void)dealloc

5
accessible/windows/msaa/nsWinUtils.cpp
Unescape View File

@ -149,7 +149,10 @@ WindowProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam)
switch (msg) {
case WM_GETOBJECT:
{
if (lParam == OBJID_CLIENT) {
// Do explicit casting to make it working on 64bit systems (see bug 649236
// for details).
int32_t objId = static_cast<DWORD>(lParam);
if (objId == OBJID_CLIENT) {
DocAccessible* document =
nsWinUtils::sHWNDCache->GetWeak(static_cast<void*>(hWnd));
if (document) {

7
accessible/windows/sdn/sdnAccessible.cpp
Unescape View File

@ -106,8 +106,11 @@ sdnAccessible::get_nodeInfo(BSTR __RPC_FAR* aNodeName,
// focus events, to correlate back to data nodes in their internal object
// model.
Accessible* accessible = GetAccessible();
*aUniqueID = - NS_PTR_TO_INT32(accessible ? accessible->UniqueID() :
static_cast<void*>(this));
if (accessible) {
*aUniqueID = AccessibleWrap::GetChildIDFor(accessible);
} else {
*aUniqueID = - NS_PTR_TO_INT32(static_cast<void*>(this));
}
*aNumChildren = mNode->GetChildCount();

30
dom/locales/en-US/chrome/security/security.properties
Unescape View File

@ -16,10 +16,32 @@ CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disa
CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token '%2$S' in CORS header 'Access-Control-Allow-Headers').
CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token '%2$S' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel).
# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security" or "HSTS"
InvalidSTSHeaders=The site specified an invalid Strict-Transport-Security header.
# LOCALIZATION NOTE: Do not translate "Public-Key-Pins or HPKP"
InvalidPKPHeaders=The site specified an invalid Public-Key-Pins header.
# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully.
STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a 'max-age' directive.
STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple 'max-age' directives.
STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid 'max-age' directive.
STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple 'includeSubDomains' directives.
STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid 'includeSubDomains' directive.
STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host.
# LOCALIZATION NOTE: Do not translate "Public-Key-Pins", "HPKP", "max-age" or "includeSubDomains"
PKPUnknownError=Public-Key-Pins: An unknown error occurred processing the header specified by the site.
PKPUntrustworthyConnection=Public-Key-Pins: The connection to the site is untrustworthy, so the specified header was ignored.
PKPCouldNotParseHeader=Public-Key-Pins: The site specified a header that could not be parsed successfully.
PKPNoMaxAge=Public-Key-Pins: The site specified a header that did not include a 'max-age' directive.
PKPMultipleMaxAges=Public-Key-Pins: The site specified a header that included multiple 'max-age' directives.
PKPInvalidMaxAge=Public-Key-Pins: The site specified a header that included an invalid 'max-age' directive.
PKPMultipleIncludeSubdomains=Public-Key-Pins: The site specified a header that included multiple 'includeSubDomains' directives.
PKPInvalidIncludeSubdomains=Public-Key-Pins: The site specified a header that included an invalid 'includeSubDomains' directive.
PKPInvalidPin=Public-Key-Pins: The site specified a header that included an invalid pin.
PKPMultipleReportURIs=Public-Key-Pins: The site specified a header that included multiple 'report-uri' directives.
PKPPinsetDoesNotMatch=Public-Key-Pins: The site specified a header that did not include a matching pin.
PKPNoBackupPin=Public-Key-Pins: The site specified a header that did not include a backup pin.
PKPCouldNotSaveState=Public-Key-Pins: An error occurred noting the site as a Public-Key-Pins host.
# LOCALIZATION NOTE: Do not translate "SHA-1"
SHA1Sig=This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.

10
modules/libpref/init/all.js
Unescape View File

@ -2035,6 +2035,16 @@ pref("network.automatic-ntlm-auth.allow-proxies", true);
pref("network.automatic-ntlm-auth.allow-non-fqdn", false);
pref("network.automatic-ntlm-auth.trusted-uris", "");
// The string to return to the server as the 'workstation' that the
// user is using. Bug 1046421 notes that the previous default, of the
// system hostname, could be used for user fingerprinting.
//
// However, in some network environments where allowedWorkstations is in use
// to provide a level of host-based access control, it must be set to a string
// that is listed in allowedWorkstations for the user's account in their
// AD Domain.
pref("network.generic-ntlm-auth.workstation", "WORKSTATION");
// Sub-resources HTTP-authentication:
// 0 - don't allow sub-resources to open HTTP authentication credentials
// dialogs

1
netwerk/base/moz.build
Unescape View File

@ -101,7 +101,6 @@ XPIDL_SOURCES += [
'nsISerializationHelper.idl',
'nsIServerSocket.idl',
'nsISimpleStreamListener.idl',
'nsISiteSecurityService.idl',
'nsISocketTransport.idl',
'nsISocketTransportService.idl',
'nsISpeculativeConnect.idl',

1
netwerk/base/security-prefs.js
Unescape View File

@ -18,7 +18,6 @@ pref("security.tls.enable_0rtt_data", false);
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
pref("security.ssl.require_safe_negotiation", false);
pref("security.ssl.warn_missing_rfc5746", 1);
pref("security.ssl.enable_ocsp_stapling", true);
pref("security.ssl.enable_false_start", false);
pref("security.ssl.false_start.require-npn", false);

89
netwerk/protocol/http/nsHttpChannel.cpp
Unescape View File

@ -1139,8 +1139,88 @@ nsHttpChannel::ProcessFailedProxyConnect(uint32_t httpStatus)
return rv;
}
static void
GetSTSConsoleErrorTag(uint32_t failureResult, nsAString& consoleErrorTag)
{
switch (failureResult) {
case nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION:
consoleErrorTag = NS_LITERAL_STRING("STSUntrustworthyConnection");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER:
consoleErrorTag = NS_LITERAL_STRING("STSCouldNotParseHeader");
break;
case nsISiteSecurityService::ERROR_NO_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("STSNoMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES:
consoleErrorTag = NS_LITERAL_STRING("STSMultipleMaxAges");
break;
case nsISiteSecurityService::ERROR_INVALID_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("STSInvalidMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("STSMultipleIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("STSInvalidIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE:
consoleErrorTag = NS_LITERAL_STRING("STSCouldNotSaveState");
break;
default:
consoleErrorTag = NS_LITERAL_STRING("STSUnknownError");
break;
}
}
static void
GetPKPConsoleErrorTag(uint32_t failureResult, nsAString& consoleErrorTag)
{
switch (failureResult) {
case nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION:
consoleErrorTag = NS_LITERAL_STRING("PKPUntrustworthyConnection");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER:
consoleErrorTag = NS_LITERAL_STRING("PKPCouldNotParseHeader");
break;
case nsISiteSecurityService::ERROR_NO_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("PKPNoMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES:
consoleErrorTag = NS_LITERAL_STRING("PKPMultipleMaxAges");
break;
case nsISiteSecurityService::ERROR_INVALID_MAX_AGE:
consoleErrorTag = NS_LITERAL_STRING("PKPInvalidMaxAge");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("PKPMultipleIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS:
consoleErrorTag = NS_LITERAL_STRING("PKPInvalidIncludeSubdomains");
break;
case nsISiteSecurityService::ERROR_INVALID_PIN:
consoleErrorTag = NS_LITERAL_STRING("PKPInvalidPin");
break;
case nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS:
consoleErrorTag = NS_LITERAL_STRING("PKPMultipleReportURIs");
break;
case nsISiteSecurityService::ERROR_PINSET_DOES_NOT_MATCH_CHAIN:
consoleErrorTag = NS_LITERAL_STRING("PKPPinsetDoesNotMatch");
break;
case nsISiteSecurityService::ERROR_NO_BACKUP_PIN:
consoleErrorTag = NS_LITERAL_STRING("PKPNoBackupPin");
break;
case nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE:
consoleErrorTag = NS_LITERAL_STRING("PKPCouldNotSaveState");
break;
default:
consoleErrorTag = NS_LITERAL_STRING("PKPUnknownError");
break;
}
}
/**
* Process a single security header. Only two types are suported HSTS and HPKP.
* Process a single security header. Only two types are supported: HSTS and HPKP.
*/
nsresult
nsHttpChannel::ProcessSingleSecurityHeader(uint32_t aType,
@ -1167,18 +1247,19 @@ nsHttpChannel::ProcessSingleSecurityHeader(uint32_t aType,
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
// Process header will now discard the headers itself if the channel
// wasn't secure (whereas before it had to be checked manually)
uint32_t failureResult;
rv = sss->ProcessHeader(aType, mURI, securityHeader.get(), aSSLStatus,
aFlags, nullptr, nullptr);
aFlags, nullptr, nullptr, &failureResult);
if (NS_FAILED(rv)) {
nsAutoString consoleErrorCategory;
nsAutoString consoleErrorTag;
switch (aType) {
case nsISiteSecurityService::HEADER_HSTS:
consoleErrorTag = NS_LITERAL_STRING("InvalidSTSHeaders");
GetSTSConsoleErrorTag(failureResult, consoleErrorTag);
consoleErrorCategory = NS_LITERAL_STRING("Invalid HSTS Headers");
break;
case nsISiteSecurityService::HEADER_HPKP:
consoleErrorTag = NS_LITERAL_STRING("InvalidPKPHeaders");
GetPKPConsoleErrorTag(failureResult, consoleErrorTag);
consoleErrorCategory = NS_LITERAL_STRING("Invalid HPKP Headers");
break;
default:

1
netwerk/test/moz.build
Unescape View File

@ -45,7 +45,6 @@ GeckoSimplePrograms([
CppUnitTests([
'TestBind',
'TestCookie',
'TestSTSParser',
'TestUDPSocket',
])

2
security/manager/ssl/DataStorage.h
Unescape View File

@ -180,6 +180,6 @@ private:
const nsString mFilename;
};
}; // namespace mozilla
} // namespace mozilla
#endif // mozilla_DataStorage_h

4
security/manager/ssl/NSSErrorsService.h
Unescape View File

@ -40,8 +40,8 @@ bool IsNSSErrorCode(PRErrorCode code);
nsresult GetXPCOMFromNSSError(PRErrorCode code);
bool ErrorIsOverridable(PRErrorCode code);
} // psm
} // mozilla
} // namespace psm
} // namespace mozilla
#define NS_NSSERRORSSERVICE_CID \
{ 0x9ef18451, 0xa157, 0x4d17, { 0x81, 0x32, 0x47, 0xaf, 0xef, 0x21, 0x36, 0x89 } }

4
security/manager/ssl/PSMContentListener.h
Unescape View File

@ -21,8 +21,8 @@ namespace net {
class PChannelDiverterParent;
}
}
} // namespace net
} // namespace mozilla
namespace mozilla { namespace psm {

2
security/manager/ssl/md4.h
Unescape View File

@ -14,7 +14,7 @@ extern "C" {
/**
* md4sum - computes the MD4 sum over the input buffer per RFC 1320
*
*
* @param input
* buffer containing input data
* @param inputLen

1
security/manager/ssl/moz.build
Unescape View File

@ -31,6 +31,7 @@ XPIDL_SOURCES += [
'nsIPKCS11Slot.idl',
'nsIProtectedAuthThread.idl',
'nsISecurityUITelemetry.idl',
'nsISiteSecurityService.idl',
'nsISSLStatus.idl',
'nsISSLStatusProvider.idl',
'nsITokenDialogs.idl',

31
netwerk/base/nsISiteSecurityService.idl → security/manager/ssl/nsISiteSecurityService.idl
Unescape View File

@ -23,13 +23,28 @@ namespace mozilla
[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
[ref] native mozillaPkixTime(mozilla::pkix::Time);
[scriptable, uuid(e219eace-0e04-42ba-b203-58a8b327867c)]
[scriptable, uuid(e6cac961-9f03-4cc3-ad00-a829ae7304dc)]
interface nsISiteSecurityService : nsISupports
{
const uint32_t HEADER_HSTS = 0;
const uint32_t HEADER_HPKP = 1;
const uint32_t HEADER_OMS = 2;
const uint32_t Success = 0;
const uint32_t ERROR_UNKNOWN = 1;
const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
const uint32_t ERROR_NO_MAX_AGE = 4;
const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
const uint32_t ERROR_INVALID_MAX_AGE = 6;
const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
const uint32_t ERROR_INVALID_PIN = 9;
const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10;
const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11;
const uint32_t ERROR_NO_BACKUP_PIN = 12;
const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
/**
* Parses a given HTTP header and records the results internally.
* Currently two header types are supported: HSTS (aka STS) and HPKP
@ -37,9 +52,9 @@ interface nsISiteSecurityService : nsISupports
* https://tools.ietf.org/html/rfc6797
* and allows a host to specify that future HTTP requests should be
* upgraded to HTTPS.
* The Format of the HPKP header is currently defined by:
* https://tools.ietf.org/html/draft-ietf-websec-key-pinning-20
* and allows a host to speficy a subset of trusted anchors to be used
* The format of the HPKP header is defined by the HPKP specification:
* https://tools.ietf.org/html/rfc7469
* and allows a host to specify a subset of trusted anchors to be used
* in future HTTPS connections.
*
* @param aType the type of security header in question.
@ -50,6 +65,8 @@ interface nsISiteSecurityService : nsISupports
* NO_PERMANENT_STORAGE
* @param aMaxAge the parsed max-age directive of the header.
* @param aIncludeSubdomains the parsed includeSubdomains directive.
* @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
was returned.
* @return NS_OK if it succeeds
* NS_ERROR_FAILURE if it can't be parsed
* NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
@ -61,7 +78,8 @@ interface nsISiteSecurityService : nsISupports
in nsISSLStatus aSSLStatus,
in uint32_t aFlags,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains);
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
/**
* Same as processHeader but without checking for the security properties
@ -72,7 +90,8 @@ interface nsISiteSecurityService : nsISupports
in string aHeader,
in uint32_t aFlags,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains);
[optional] out boolean aIncludeSubdomains,
[optional] out uint32_t aFailureResult);
/**
* Given a header type, removes state relating to that header of a host,

17
security/manager/ssl/nsNSSCallbacks.cpp
Unescape View File

@ -31,7 +31,7 @@ extern PRLogModuleInfo* gPIPNSSLog;
namespace {
}
} // namespace
class nsHTTPDownloadEvent : public nsRunnable {
public:
@ -78,7 +78,7 @@ nsHTTPDownloadEvent::Run()
nullptr, // aLoadingNode
nsContentUtils::GetSystemPrincipal(),
nullptr, // aTriggeringPrincipal
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER,
getter_AddRefs(chan));
NS_ENSURE_STATE(chan);
@ -145,7 +145,7 @@ nsHTTPDownloadEvent::Run()
if (NS_SUCCEEDED(rv)) {
mStartTime = TimeStamp::Now();
rv = hchan->AsyncOpen(mListener->mLoader, nullptr);
rv = hchan->AsyncOpen2(mListener->mLoader);
}
if (NS_FAILED(rv)) {
@ -1006,7 +1006,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
infoObject->GetPort(),
versions.max);
bool usesWeakProtocol = false;
bool usesWeakCipher = false;
SSLChannelInfo channelInfo;
rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
@ -1018,8 +1017,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
sizeof cipherInfo);
MOZ_ASSERT(rv == SECSuccess);
if (rv == SECSuccess) {
usesWeakProtocol =
channelInfo.protocolVersion <= SSL_LIBRARY_VERSION_3_0;
usesWeakCipher = cipherInfo.symCipher == ssl_calg_rc4;
DebugOnly<int16_t> KEAUsed;
@ -1044,11 +1041,8 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
ioLayerHelpers.treatUnsafeNegotiationAsBroken();
uint32_t state;
if (usesWeakProtocol || usesWeakCipher || renegotiationUnsafe) {
if (usesWeakCipher || renegotiationUnsafe) {
state = nsIWebProgressListener::STATE_IS_BROKEN;
if (usesWeakProtocol) {
state |= nsIWebProgressListener::STATE_USES_SSL_3;
}
if (usesWeakCipher) {
state |= nsIWebProgressListener::STATE_USES_WEAK_CRYPTO;
}
@ -1063,8 +1057,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
// to log the warning. In particular, these warnings should go to the web
// console instead of to the error console. Also, the warning is not
// localized.
if (!siteSupportsSafeRenego &&
ioLayerHelpers.getWarnLevelMissingRFC5746() > 0) {
if (!siteSupportsSafeRenego) {
nsXPIDLCString hostName;
infoObject->GetHostName(getter_Copies(hostName));

2
security/manager/ssl/nsNSSCertificate.h
Unescape View File

@ -81,7 +81,7 @@ SECStatus ConstructCERTCertListFromReversedDERArray(
const mozilla::pkix::DERArray& certArray,
/*out*/ mozilla::ScopedCERTCertList& certList);
} // namespcae mozilla
} // namespace mozilla
class nsNSSCertList: public nsIX509CertList,
public nsISerializable,

15
security/manager/ssl/nsNSSComponent.cpp
Unescape View File

@ -760,9 +760,9 @@ nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd)
}
}
// This function will convert from pref values like 0, 1, ...
// to the internal values of SSL_LIBRARY_VERSION_3_0,
// SSL_LIBRARY_VERSION_TLS_1_0, ...
// This function will convert from pref values like 1, 2, ...
// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0,
// SSL_LIBRARY_VERSION_TLS_1_1, ...
/*static*/ void
nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
uint32_t minFromPrefs,
@ -771,8 +771,8 @@ nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
{
rangeOut = defaults;
// determine what versions are supported
SSLVersionRange range;
if (SSL_VersionRangeGetSupported(ssl_variant_stream, &range)
SSLVersionRange supported;
if (SSL_VersionRangeGetSupported(ssl_variant_stream, &supported)
!= SECSuccess) {
return;
}
@ -782,7 +782,8 @@ nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
maxFromPrefs += SSL_LIBRARY_VERSION_3_0;
// if min/maxFromPrefs are invalid, use defaults
if (minFromPrefs > maxFromPrefs ||
minFromPrefs < range.min || maxFromPrefs > range.max) {
minFromPrefs < supported.min || maxFromPrefs > supported.max ||
minFromPrefs < SSL_LIBRARY_VERSION_TLS_1_0) {
return;
}
@ -946,7 +947,7 @@ nsresult
nsNSSComponent::setEnabledTLSVersions()
{
// keep these values in sync with security-prefs.js
// 0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, etc.
// 1 means TLS 1.0, 2 means TLS 1.1, etc.
static const uint32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
static const uint32_t PSM_DEFAULT_MAX_TLS_VERSION = 4;

92
security/manager/ssl/nsNSSIOLayer.cpp
Unescape View File

@ -681,7 +681,7 @@ getSocketInfoIfRunning(PRFileDesc* fd, Operation op,
return socketInfo;
}
} // unnnamed namespace
} // namespace
static PRStatus
nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
@ -736,7 +736,7 @@ nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
mTLSIntoleranceInfo.Put(key, entry);
}
void
uint16_t
nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
int16_t port)
{
@ -745,10 +745,12 @@ nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
MutexAutoLock lock(mutex);
uint16_t tolerant = 0;
IntoleranceEntry entry;
if (mTLSIntoleranceInfo.Get(key, &entry)) {
entry.AssertInvariant();
tolerant = entry.tolerant;
entry.intolerant = 0;
entry.intoleranceReason = 0;
if (entry.strongCipherStatus != StrongCiphersWorked) {
@ -758,6 +760,8 @@ nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
entry.AssertInvariant();
mTLSIntoleranceInfo.Put(key, entry);
}
return tolerant;
}
bool
@ -780,7 +784,47 @@ nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
{
if (intolerant <= minVersion || fallbackLimitReached(hostName, intolerant)) {
// We can't fall back any further. Assume that intolerance isn't the issue.
forgetIntolerance(hostName, port);
uint32_t tolerant = forgetIntolerance(hostName, port);
// If we know the server is tolerant at the version, we don't have to
// gather the telemetry.
if (intolerant <= tolerant) {
return false;
}
/*uint32_t fallbackLimitBucket = 0;
// added if the version has reached the min version.
if (intolerant <= minVersion) {
switch (minVersion) {
case SSL_LIBRARY_VERSION_TLS_1_0:
fallbackLimitBucket += 1;
break;
case SSL_LIBRARY_VERSION_TLS_1_1:
fallbackLimitBucket += 2;
break;
case SSL_LIBRARY_VERSION_TLS_1_2:
fallbackLimitBucket += 3;
break;
}
}
// added if the version has reached the fallback limit.
if (intolerant <= mVersionFallbackLimit) {
switch (mVersionFallbackLimit) {
case SSL_LIBRARY_VERSION_TLS_1_0:
fallbackLimitBucket += 4;
break;
case SSL_LIBRARY_VERSION_TLS_1_1:
fallbackLimitBucket += 8;
break;
case SSL_LIBRARY_VERSION_TLS_1_2:
fallbackLimitBucket += 12;
break;
}
}
if (fallbackLimitBucket) {
Telemetry::Accumulate(Telemetry::SSL_FALLBACK_LIMIT_REACHED,
fallbackLimitBucket);
}*/
return false;
}
@ -1080,20 +1124,9 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
// When not using a proxy we'll see a connection reset error.
// When using a proxy, we'll see an end of file error.
// In addition check for some error codes where it is reasonable
// to retry without TLS.
// Don't allow STARTTLS connections to fall back on connection resets or
// EOF. Also, don't fall back from TLS 1.0 to SSL 3.0 for connection
// resets, because connection resets have too many false positives,
// and we want to maximize how often we send TLS 1.0+ with extensions
// if at all reasonable. Unfortunately, it appears we have to allow
// fallback from TLS 1.2 and TLS 1.1 for connection resets due to bad
// servers and possibly bad intermediaries.
if (err == PR_CONNECT_RESET_ERROR &&
range.max <= SSL_LIBRARY_VERSION_TLS_1_0) {
return false;
}
// EOF.
if ((err == PR_CONNECT_RESET_ERROR || err == PR_END_OF_FILE_ERROR)
&& socketInfo->GetForSTARTTLS()) {
return false;
@ -1203,7 +1236,7 @@ checkHandshake(int32_t bytesTransfered, bool wasReading,
return bytesTransfered;
}
}
} // namespace
static int16_t
nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags)
@ -1255,7 +1288,6 @@ nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags)
nsSSLIOLayerHelpers::nsSSLIOLayerHelpers()
: mTreatUnsafeNegotiationAsBroken(false)
, mWarnLevelMissingRFC5746(1)
, mTLSIntoleranceInfo()
, mFalseStartRequireNPN(false)
, mUseStaticFallbackList(true)
@ -1469,10 +1501,6 @@ PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
bool enabled;
Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
mOwner->setTreatUnsafeNegotiationAsBroken(enabled);
} else if (prefName.EqualsLiteral("security.ssl.warn_missing_rfc5746")) {
int32_t warnLevel = 1;
Preferences::GetInt("security.ssl.warn_missing_rfc5746", &warnLevel);
mOwner->setWarnLevelMissingRFC5746(warnLevel);
} else if (prefName.EqualsLiteral("security.ssl.false_start.require-npn")) {
mOwner->mFalseStartRequireNPN =
Preferences::GetBool("security.ssl.false_start.require-npn",
@ -1519,8 +1547,6 @@ nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers()
if (mPrefObserver) {
Preferences::RemoveObserver(mPrefObserver,
"security.ssl.treat_unsafe_negotiation_as_broken");
Preferences::RemoveObserver(mPrefObserver,
"security.ssl.warn_missing_rfc5746");
Preferences::RemoveObserver(mPrefObserver,
"security.ssl.false_start.require-npn");
Preferences::RemoveObserver(mPrefObserver,
@ -1581,10 +1607,6 @@ nsSSLIOLayerHelpers::Init()
Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
setTreatUnsafeNegotiationAsBroken(enabled);
int32_t warnLevel = 1;
Preferences::GetInt("security.ssl.warn_missing_rfc5746", &warnLevel);
setWarnLevelMissingRFC5746(warnLevel);
mFalseStartRequireNPN =
Preferences::GetBool("security.ssl.false_start.require-npn",
FALSE_START_REQUIRE_NPN_DEFAULT);
@ -1600,8 +1622,6 @@ nsSSLIOLayerHelpers::Init()
mPrefObserver = new PrefObserver(this);
Preferences::AddStrongObserver(mPrefObserver,
"security.ssl.treat_unsafe_negotiation_as_broken");
Preferences::AddStrongObserver(mPrefObserver,
"security.ssl.warn_missing_rfc5746");
Preferences::AddStrongObserver(mPrefObserver,
"security.ssl.false_start.require-npn");
Preferences::AddStrongObserver(mPrefObserver,
@ -1716,20 +1736,6 @@ nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken()
return mTreatUnsafeNegotiationAsBroken;
}
void
nsSSLIOLayerHelpers::setWarnLevelMissingRFC5746(int32_t level)
{
MutexAutoLock lock(mutex);
mWarnLevelMissingRFC5746 = level;
}
int32_t
nsSSLIOLayerHelpers::getWarnLevelMissingRFC5746()
{
MutexAutoLock lock(mutex);
return mWarnLevelMissingRFC5746;
}
nsresult
nsSSLIOLayerNewSocket(int32_t family,
const char* host,

11
security/manager/ssl/nsNSSIOLayer.h
Unescape View File

@ -20,8 +20,8 @@
namespace mozilla {
namespace psm {
class SharedSSLState;
}
}
} // namespace psm
} // namespace mozilla
class nsIObserver;
@ -187,12 +187,9 @@ public:
static PRIOMethods nsSSLPlaintextLayerMethods;
bool mTreatUnsafeNegotiationAsBroken;
int32_t mWarnLevelMissingRFC5746;
void setTreatUnsafeNegotiationAsBroken(bool broken);
bool treatUnsafeNegotiationAsBroken();
void setWarnLevelMissingRFC5746(int32_t level);
int32_t getWarnLevelMissingRFC5746();
private:
struct IntoleranceEntry
@ -221,7 +218,9 @@ public:
PRErrorCode intoleranceReason);
bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
PRErrorCode intoleranceReason);
void forgetIntolerance(const nsACString& hostname, int16_t port);
// returns the known tolerant version
// or 0 if there is no known tolerant version
uint16_t forgetIntolerance(const nsACString& hostname, int16_t port);
void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
/*in/out*/ SSLVersionRange& range,
/*out*/ StrongCipherStatus& strongCipherStatus);

58
security/manager/ssl/nsNTLMAuthModule.cpp
Unescape View File

@ -538,7 +538,7 @@ GenerateType3Msg(const nsString &domain,
uint32_t *outLen)
{
// inBuf contains Type-2 msg (the challenge) from server
MOZ_ASSERT(NS_IsMainThread());
nsresult rv;
Type2Msg msg;
@ -556,6 +556,7 @@ GenerateType3Msg(const nsString &domain,
#ifdef IS_BIG_ENDIAN
nsAutoString ucsDomainBuf, ucsUserBuf;
#endif
nsAutoCString hostBuf;
nsAutoString ucsHostBuf;
// temporary buffers for oem strings
nsAutoCString oemDomainBuf, oemUserBuf, oemHostBuf;
@ -614,16 +615,18 @@ GenerateType3Msg(const nsString &domain,
}
//
// get workstation name (use local machine's hostname)
// get workstation name
// (do not use local machine's hostname after bug 1046421)
//
char hostBuf[SYS_INFO_BUFFER_LENGTH];
if (PR_GetSystemInfo(PR_SI_HOSTNAME, hostBuf, sizeof(hostBuf)) == PR_FAILURE)
return NS_ERROR_UNEXPECTED;
hostLen = strlen(hostBuf);
rv = mozilla::Preferences::GetCString("network.generic-ntlm-auth.workstation",
&hostBuf);
if (NS_FAILED(rv)) {
return rv;
}
if (unicode)
{
// hostname is ASCII, so we can do a simple zero-pad expansion:
CopyASCIItoUTF16(nsDependentCString(hostBuf, hostLen), ucsHostBuf);
ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf);
hostPtr = ucsHostBuf.get();
hostLen = ucsHostBuf.Length() * 2;
#ifdef IS_BIG_ENDIAN
@ -632,7 +635,10 @@ GenerateType3Msg(const nsString &domain,
#endif
}
else
hostPtr = hostBuf;
{
hostPtr = hostBuf.get();
hostLen = hostBuf.Length();
}
//
// now that we have generated all of the strings, we can allocate outBuf.
@ -988,6 +994,7 @@ nsNTLMAuthModule::Init(const char *serviceName,
mDomain = domain;
mUsername = username;
mPassword = password;
mNTLMNegotiateSent = false;
return NS_OK;
}
@ -1006,16 +1013,29 @@ nsNTLMAuthModule::GetNextToken(const void *inToken,
if (PK11_IsFIPS())
return NS_ERROR_NOT_AVAILABLE;
// if inToken is non-null, then assume it contains a type 2 message...
if (inToken)
{
LogToken("in-token", inToken, inTokenLen);
rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
inTokenLen, outToken, outTokenLen);
}
else
{
rv = GenerateType1Msg(outToken, outTokenLen);
if (mNTLMNegotiateSent) {
// if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
// then the NTLMSSP_CHALLENGE (type 2) is expected
if (inToken) {
LogToken("in-token", inToken, inTokenLen);
// Now generate the NTLMSSP_AUTH (type 3)
rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
inTokenLen, outToken, outTokenLen);
} else {
LOG(("NTLMSSP_NEGOTIATE already sent and presumably "
"rejected by the server, refusing to send another"));
rv = NS_ERROR_UNEXPECTED;
}
} else {
if (inToken) {
LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
rv = NS_ERROR_UNEXPECTED;
} else {
rv = GenerateType1Msg(outToken, outTokenLen);
if (NS_SUCCEEDED(rv)) {
mNTLMNegotiateSent = true;
}
}
}
if (NS_SUCCEEDED(rv))

1
security/manager/ssl/nsNTLMAuthModule.h
Unescape View File

@ -28,6 +28,7 @@ private:
nsString mDomain;
nsString mUsername;
nsString mPassword;
bool mNTLMNegotiateSent;
};
#define NS_NTLMAUTHMODULE_CONTRACTID \

126
security/manager/ssl/nsSiteSecurityService.cpp
Unescape View File

@ -404,15 +404,19 @@ nsSiteSecurityService::ProcessHeader(uint32_t aType,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
aType == nsISiteSecurityService::HEADER_HPKP,
NS_ERROR_NOT_IMPLEMENTED);
NS_ENSURE_ARG(aSSLStatus);
return ProcessHeaderInternal(aType, aSourceURI, aHeader, aSSLStatus, aFlags,
aMaxAge, aIncludeSubdomains);
aMaxAge, aIncludeSubdomains, aFailureResult);
}
NS_IMETHODIMP
@ -421,10 +425,11 @@ nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType,
const char* aHeader,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
return ProcessHeaderInternal(aType, aSourceURI, aHeader, nullptr, aFlags,
aMaxAge, aIncludeSubdomains);
aMaxAge, aIncludeSubdomains, aFailureResult);
}
nsresult
@ -434,8 +439,12 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
// Only HSTS and HPKP are supported at the moment.
NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
aType == nsISiteSecurityService::HEADER_HPKP,
@ -466,6 +475,9 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
tlsIsBroken = tlsIsBroken || trustcheck;
if (tlsIsBroken) {
SSSLOG(("SSS: discarding header from untrustworthy connection"));
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION;
}
return NS_ERROR_FAILURE;
}
}
@ -481,11 +493,11 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
switch (aType) {
case nsISiteSecurityService::HEADER_HSTS:
rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aMaxAge,
aIncludeSubdomains);
aIncludeSubdomains, aFailureResult);
break;
case nsISiteSecurityService::HEADER_HPKP:
rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags, aMaxAge,
aIncludeSubdomains);
aIncludeSubdomains, aFailureResult);
break;
default:
MOZ_CRASH("unexpected header type");
@ -493,7 +505,7 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
return rv;
}
static nsresult
static uint32_t
ParseSSSHeaders(uint32_t aType,
const char* aHeader,
bool& foundIncludeSubdomains,
@ -502,7 +514,7 @@ ParseSSSHeaders(uint32_t aType,
int64_t& maxAge,
nsTArray<nsCString>& sha256keys)
{
// Stric transport security and Public Key Pinning have very similar
// Strict transport security and Public Key Pinning have very similar
// Header formats.
// "Strict-Transport-Security" ":" OWS
@ -554,7 +566,7 @@ ParseSSSHeaders(uint32_t aType,
nsresult rv = parser.Parse();
if (NS_FAILED(rv)) {
SSSLOG(("SSS: could not parse header"));
return rv;
return nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER;
}
mozilla::LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
@ -566,7 +578,7 @@ ParseSSSHeaders(uint32_t aType,
max_age_var.Length())) {
if (foundMaxAge) {
SSSLOG(("SSS: found two max-age directives"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES;
}
SSSLOG(("SSS: found max-age directive"));
@ -577,13 +589,13 @@ ParseSSSHeaders(uint32_t aType,
char chr = directive->mValue.CharAt(i);
if (chr < '0' || chr > '9') {
SSSLOG(("SSS: invalid value for max-age directive"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
}
}
if (PR_sscanf(directive->mValue.get(), "%lld", &maxAge) != 1) {
SSSLOG(("SSS: could not parse delta-seconds"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
}
SSSLOG(("SSS: parsed delta-seconds: %lld", maxAge));
@ -592,7 +604,7 @@ ParseSSSHeaders(uint32_t aType,
include_subd_var.Length())) {
if (foundIncludeSubdomains) {
SSSLOG(("SSS: found two includeSubdomains directives"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS;
}
SSSLOG(("SSS: found includeSubdomains directive"));
@ -601,7 +613,7 @@ ParseSSSHeaders(uint32_t aType,
if (directive->mValue.Length() != 0) {
SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'",
directive->mValue.get()));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS;
}
} else if (aType == nsISiteSecurityService::HEADER_HPKP &&
directive->mName.Length() == pin_sha256_var.Length() &&
@ -610,18 +622,18 @@ ParseSSSHeaders(uint32_t aType,
SSSLOG(("SSS: found pinning entry '%s' length=%d",
directive->mValue.get(), directive->mValue.Length()));
if (!stringIsBase64EncodingOf256bitValue(directive->mValue)) {
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_INVALID_PIN;
}
sha256keys.AppendElement(directive->mValue);
} else if (aType == nsISiteSecurityService::HEADER_HPKP &&
directive->mName.Length() == report_uri_var.Length() &&
directive->mName.EqualsIgnoreCase(report_uri_var.get(),
report_uri_var.Length())) {
// We doni't support the report-uri yet, but to avoid unrecognized
// We don't support the report-uri yet, but to avoid unrecognized
// directive warnings, we still have to handle its presence
if (foundReportURI) {
SSSLOG(("SSS: found two report-uri directives"));
return NS_ERROR_FAILURE;
return nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS;
}
SSSLOG(("SSS: found report-uri directive"));
foundReportURI = true;
@ -631,7 +643,7 @@ ParseSSSHeaders(uint32_t aType,
foundUnrecognizedDirective = true;
}
}
return NS_OK;
return nsISiteSecurityService::Success;
}
nsresult
@ -640,8 +652,12 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
nsISSLStatus* aSSLStatus,
uint32_t aFlags,
uint64_t* aMaxAge,
bool* aIncludeSubdomains)
bool* aIncludeSubdomains,
uint32_t* aFailureResult)
{
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
SSSLOG(("SSS: processing HPKP header '%s'", aHeader));
NS_ENSURE_ARG(aSSLStatus);