[Pkg-freeipa-devel] [Git][freeipa-team/jss][upstream] 191 commits: Mark JSS Provider and PKCS#11 classes as public

Timo Aaltonen gitlab at salsa.debian.org
Tue Jul 28 09:34:00 BST 2020 


Timo Aaltonen pushed to branch upstream at FreeIPA packaging / jss


Commits:
a9978ff7 by Alexander Scheel at 2020-02-13T13:08:19-06:00
Mark JSS Provider and PKCS#11 classes as public

This enables javadoc generation for these classes. While the JSSProvider
clases lack useful javadocs, their existence helps developers check the
supported interfaces. Additionally, the PKCS#11 PrivateKey interfaces
should be made public to mirror their PublicKey counterparts, in the
rare instances where they're used instead of the generic Java
interfaces.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ae4a9a49 by Alexander Scheel at 2020-02-13T14:39:56-05:00
Mark three additional PKCS#11 classes public

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
18efce23 by Alexander Scheel at 2020-02-26T10:28:17-05:00
Fix base64-encoding of CSRs

In 8de4440c5652f6f1af5b4b923a15730ba84f29e1, the base64 encoder was
changed from apache-commons-codec to the Java standard library to drop
a dependency. However, the behavior changed as a result: the Java
standard library doesn't include a final line separator, whereas
apache-commons-codec did. This results in malformed CSRs:

> YWRPxyBKvFAOB29fwPwBJLZksrwQ0xAs7sooc+qF-----END NEW CERTIFICATE REQUEST-----

Resolves: https://pagure.io/freeipa/issue/8199

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0c97eda3 by Alexander Scheel at 2020-02-26T16:00:31-05:00
Merge IVParameterSpec into IvParameterSpec

IVParameterSpec likely predates IvParameterSpec. As a result, we've had
to introduce various hacks over the years to support both, even though
their implementations and interfaces are nearly identical.

Make IVParameterSpec extend IvParameterSpec, so we can start dropping
some of these hacks.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
83eaba17 by Alexander Scheel at 2020-02-26T16:00:31-05:00
Simplify IvParameterSpec logic

This merges the usages of org.mozilla.jss.crypto.IVParameterSpec into
simplified code paths only caring about the preferred class,
javax.crypto.spec.IvParameterSpec.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f580a535 by Alexander Scheel at 2020-02-26T17:34:46-05:00
Revert "Simplify IvParameterSpec logic"

This reverts commit 83eaba176abe07ef5f869e95d0830ae646023a56.

This breaks PKI CI: https://travis-ci.org/dogtagpki/pki/jobs/655554204

Until this can be implemented in a backwards-compatible manner, revert
this commit.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9f294306 by Alexander Scheel at 2020-03-02T10:09:56-05:00
Fix swapped parameter names with PBE

Commit 13998a9e77e60d6509ac814ed711dd21e1248ecd introduced a regression
related to extracting the parameter classes during PBE operations:
previously, the classes of the underlying encryption algorithm were
iterated over, instead of the classes of the PBE class itself. However,
this commit iterated over the PBE parameter classes; no PBE algorithm
accepts a IvParameterSpec, resulting in a null parameter passed to the
later encryption or key wrap operation. This resulted in stack traces
like the following:

Caused by: java.security.InvalidAlgorithmParameterException: DES3/CBC/Pad cannot use a null parameter
	at org.mozilla.jss.pkcs11.PK11KeyWrapper.checkParams(PK11KeyWrapper.java:225)
	at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:89)
	at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:57)
	at org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.createPBE(EncryptedPrivateKeyInfo.java:342)

Resolves: rh-bz#1807371

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
55482c8b by Alexander Scheel at 2020-03-02T10:09:56-05:00
Use specified algorithm for KeyWrap

When the token-specified from of EncryptedPrivateKeyInfo.createPBE is
called, it would always request DES3_CBC_PAD as the key wrapping
algorithm, regardless of the input PBE key type. However, the other form
(with an implicit token) was correctly handling this case.

Introduces a new KeyWrapAlgorithm method to take an OBJECT_IDENTIFIER
instead of having to convert to/from a String form.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d7fb9fee by Alexander Scheel at 2020-03-05T14:32:30-05:00
Add CipherPrefSetDefault, CipherPrefGetDefault

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
56560f00 by Alexander Scheel at 2020-03-05T14:32:30-05:00
Add VersionRangeGetDefault, VersionRangeSetDefault

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
aa4e2eba by Alexander Scheel at 2020-03-09T11:01:41-04:00
Move CryptoManager logging to debug

When loading JSS as part of the default JDK setup, we don't really wish
to spam unsuspecting users with log messages. Move logger.info to
logger.debug in the CryptoManager initialization process. Leave only a
single logger.info statement, saying that JSS was successfully
initialized.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ae8728ec by Alexander Scheel at 2020-03-09T14:59:04-04:00
Remove deprecated netscape.security.acl

The corresponding JDK interfaces under the java.security.acl package
namespace have been marked deprecated since Java 9, but a replacement
has been present since Java 1.2. The implementation of these interfaces
isn't used by JSS or Dogtag and is thus removed.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
16c8de46 by Alexander Scheel at 2020-03-12T12:08:29-04:00
Detect NSS with broken CMACs during configuration

NSS versions v3.47 to v3.50 included swapped values for CKM_AES_CMAC and
CKM_AES_CMAC_GENERAL. This adds feature detection to JSS, disabling CMAC
and KBKDF at compile time for the broken NSS versions.

Related: moz-bz#1611209

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
6a91bbc5 by Alexander Scheel at 2020-03-12T19:11:10-04:00
Add JSSProviderLoader implementation

Similar to the way the SunPKCS11 provider works, expose an alternative
JSSProvider, JSSProviderLoader, which loads configuration from a path or
InputStream, and configures our CryptoManager correctly. This allows us
to inject the provider via the java.security interface, rather than via
the existing CryptoManager.initialize(...) method.

Currently this only supports using a single, fixed password. In the
future, JSSProvider could be converted into an AuthProvider (which
supports logging-in to arbitrary tokens), or a more comprehensive
File-based PasswordCallback implementation added.

Additionally, this provider (unlike the JSSProvider it derives from)
supports the JDK9+ style of static initialization, accepting a path to a
configuration file.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
38324383 by Alexander Scheel at 2020-03-12T19:11:10-04:00
Provision files for JSSProviderLoader

This allows the test suite to use the JSSProviderLoader system,
injecting the JSS Provider via a java.security override file. This
includes:

 - Updating the test framework
 - Introducing a java.security and jss.cfg configuration file
 - Updating run_test.sh to add the new parameter
 - Introducing the java.security.Provider service file in the JAR

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
836b879f by Alexander Scheel at 2020-03-12T19:11:10-04:00
Convert test suite to JSSProviderLoader

This converts the test suite from the previous
CryptoManager.initialize() based approach to the new java.security
approach. This should work on most platforms. If this fails on your
specified platform, it is likely due to the providers contained in
tools/java.security.in; make sure to update them to match your system's
file.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5cae3675 by Alexander Scheel at 2020-03-17T13:00:12-04:00
Add diff to pkcs11check installation list

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
a3a91a8e by Alexander Scheel at 2020-03-20T13:33:48-04:00
Remove token key checks

Previously we enforced strict token key matching: the primary key used
for the operation must strictly reside on the current PKCS#11 token,
otherwise JSS would bail. However, NSS has the ability to move the key
to whichever token best supports the given operation. This means that
we'd prematurely bail when the operation would succeed if it were
actually executed. By removing these checks, we still leave the ability
to generate keys on a specific token, we just allow them to be used on
whatever token supports the given operation (and the key is allowed to
be moved to).

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ed907540 by Alexander Scheel at 2020-03-23T12:50:38-04:00
Move to proper feature checks

SSLCipher was the first use of a feature which could appear in a later
version of NSS than we support. Rather than bumping the minimum NSS
version, we chose to use compile-time detection of the NSS version and
limit our code accordingly. However, this sets a precedence for ignoring
the features actually present in the NSS system. Certain downstream
distributions are fond of backporting features, which means our code
could've executed but didn't.

Switching to feature detection (via the check_struct_has_member macro)
allows us to be sure we execute this code on as many platforms as
possible.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
a9fcb05f by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLKEAType enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
754e89fa by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLNamedGroup enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
513bde3a by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLAuthType enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4747cb78 by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLCipherAlgorithm enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
905c7c81 by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLCompressionMethod enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
15d18d45 by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLMACAlgorithm enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f16e6dad by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLSignatureScheme enum

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
04bc82d0 by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSLChannelInfo, SSLPreliminaryChannelInfo

These two types are the results of two nss.SSL calls;
SSLPreliminaryChannelInfo contains the same information as
SSLChannelInfo, with added members to check if a field has been
populated by the respective NSS call. This occurs when the SSL handshake
isn't yet complete.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
8fe4879c by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSL_GetChannelInfo, SSL_GetPreliminaryChannelInfo

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
7cd32c5d by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add tests for SSL_GetChannelInfo, SSL_GetPreliminaryChannelInfo

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
3f2661f4 by Alexander Scheel at 2020-03-24T12:40:14-04:00
Add SSL_InvalidateSession

This allows the caller to invalidate the current session on a SSLFDProxy
instance.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4fc106e8 by Alexander Scheel at 2020-03-24T16:43:52-04:00
Update PKCS11Constants from NSS v3.50

Includes the CMAC fixes backported to existing Fedora releases.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d54ea507 by Alexander Scheel at 2020-03-26T09:48:50-04:00
Move from #if to #ifdef in nss/SSL.c

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
7b980a0c by Alexander Scheel at 2020-03-26T09:48:50-04:00
Add detection for SSLCipherInfo's peerDelegCred

Trust but verify. NSS usually documents the version a feature was added
in. However, this wasn't documented in the peerDelegCred case; because
the comment above referred to the following fields being added in NSS
3.34, I assumed it held for this field as well. However, according to
the commit history, it was added more recently, in NSS v3.45.

Add feature detection and another conditional field for this.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
512dbec6 by Alexander Scheel at 2020-03-26T11:30:15-04:00
Add zip, unzip to BuildRequires

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
36ca9b14 by Alexander Scheel at 2020-03-26T11:40:19-04:00
Add CentOS 8 Dockerfile

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
34dc07a3 by Alexander Scheel at 2020-03-26T11:40:19-04:00
Add CentOS 7 Dockerfile

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
6a347c62 by Alexander Scheel at 2020-03-26T11:40:19-04:00
Add CentOS 7, 8 to Optional section

This reflects that while they're platforms that receive support from
various JSS versions, upstream might pass what downstream ships in
features (either due to the downstream NSS version or for other
reasons). This lets us check the status but consciously break the build
when necessary on those platforms.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
05a4ceb2 by Alexander Scheel at 2020-03-31T13:41:32-04:00
Add NSS-specific SSLSession

The javax.net.ssl.SSLSession interface exposes various details about
the TLS connection handled by this SSLEngine instance.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
80e69b06 by Alexander Scheel at 2020-03-31T13:41:32-04:00
Add NSS-backed SSLEngine

javax.net.ssl.SSLEngine provides modern, non-blocking SSL support to
Java applications via the Provider interface. This is used by
applications such as Tomcat. The calling application controls the number
of sockets and SSLEngines, with each TLS connection using a single
SSLEngine.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e505fddf by Alexander Scheel at 2020-03-31T13:41:32-04:00
Add SSLContext implementation

A SSLContext implementation is required for a Java Cryptography provider
to expose TLS functionality to other applications.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
499ddac4 by Alexander Scheel at 2020-03-31T13:41:32-04:00
Add tests for SSLEngine

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d3463a5d by Alexander Scheel at 2020-03-31T14:27:43-04:00
Add getters to SSLChannelInfo

Marking the data members private allows us to use getters which throw an
exception when the corresponding feature isn't available from NSS. This
gives us a more descriptive error message including how to fix it, if
necessary. It also hides the less descriptive haveNSS<Version> fields
from the developer.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
cfcfb455 by Alexander Scheel at 2020-03-31T14:27:43-04:00
Add getters to SSLPreliminaryChannelInfo

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
386ac1b9 by Alexander Scheel at 2020-03-31T16:54:46-04:00
Check for java.security loaded JSS

When JSS is initialized from java.security, loading is delayed until the
provider is used. This means that CryptoManager.getInstance() will fail,
unless such a call has been made. Security.getProvider(...) is sufficient
to check for this case.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
97e5597f by Alexander Scheel at 2020-03-31T16:54:46-04:00
Migrate tests to local CryptoManager configuration

Two tests require the new local-preferential CryptoManager
initialization: SetupDBs and FipsTest. Refactor these tests.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
83a987a0 by Alexander Scheel at 2020-03-31T16:54:46-04:00
Introduce NONE java.security mode

This prevents any custom java.security policy from being used during
testing.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
834f15a3 by Alexander Scheel at 2020-03-31T16:54:46-04:00
Remove CryptoManager initialization from tests

Except for the two tests previously excluded, this removes calls to
explicitly initialize CryptoManager from all other tests.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
61a884df by Alexander Scheel at 2020-04-01T11:03:40-04:00
Track SSFDProxy in JSSEngine

All JSSEngines will use the SSLFDProxy instance, though some will push
more into a single JNI call (rather than the multiple JNI calls that the
reference implementation uses). Open up access to the SSLFDProxy
instance to more than just the current caller.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
17947606 by Alexander Scheel at 2020-04-01T11:03:40-04:00
Expose NSS Session information in JSSSession

This updates JSSSession to expose all session information available from
NSS, refreshing data when necessary. This allows callers to use the
standard SSLSession interface when desired, but also extends it with
access to SSLPreliminaryChannelInfo and SSLChannelInfo structs for
advanced (and JSS-specific) callers.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
78f6e06a by Alexander Scheel at 2020-04-01T11:03:40-04:00
Add SSLSession to the test suite

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
18499430 by Alexander Scheel at 2020-04-01T12:16:55-04:00
Prevent post-handshake configuration changes

Certain parameters cannot be modified after the handshake begins. These
are which mode we're using (client/server), cipher suites, and protocol
versions. Throw an exception when these are changed after the handshake
has begun.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d748ba3f by Alexander Scheel at 2020-04-01T17:46:14-04:00
Override supported SSL parameters in JSSContext

The default JDK implementation assumes that all SSLContextSpi
implementations expose a SSLSocket; it doesn't use a SSLEngine
when a SSLSocket is unavailable, instead throwing an NPE. Lack
of an overridden SSLParameters breaks Tomcat.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c8ea1700 by Alexander Scheel at 2020-04-01T19:16:20-04:00
Update version script with missing functions

jss.map was missing several functions in the version script, thus
removing them as public symbols from libjss4.so. This introduces those
missing symbols, allowing the native function calls to succeed.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
92657a86 by Alexander Scheel at 2020-04-01T19:16:20-04:00
Add CI to check version script symbols

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ae808f70 by Alexander Scheel at 2020-04-02T10:50:30-04:00
Add optional CI to check if PKI is broken

This adds an optional CI check that builds JSS and then builds PKI,
installing both sets of RPMs.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0789edca by Alexander Scheel at 2020-04-02T12:22:22-04:00
Add unchecked exceptions to debug build tests

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1886ac1a by Alexander Scheel at 2020-04-06T18:56:12-04:00
Add test for GlobalRefProxy

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0bb89734 by Alexander Scheel at 2020-04-06T19:34:23-04:00
Enable BadSSL tests with internet connection

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0aeff1f8 by Alexander Scheel at 2020-04-06T19:34:23-04:00
Set WITH_INTERNET=1 in rawhide CI

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
453f482f by Alexander Scheel at 2020-04-06T19:34:23-04:00
Document WITH_INTERNET option

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c0f4d20d by Alexander Scheel at 2020-04-06T19:54:26-04:00
Extend default valgrind leak checking

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5925ff3f by Alexander Scheel at 2020-04-06T19:54:26-04:00
Enable CryptoManager Shutdown

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9550e9ad by Alexander Scheel at 2020-04-06T19:54:26-04:00
Add test for CryptoManager.shutdown()

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
cadc299f by Alexander Scheel at 2020-04-06T21:25:12-04:00
Support RSA-PSS Signature scheme

Provide support for the various SHAxxxwithRSAPSS algorithms, including
SHA-256, SHA-384, and SHA-512 variants.

Authored by Jack Magne; revised patch forwarded ported from v4.4.x by
Alexander Scheel.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
a4dd80d6 by Alexander Scheel at 2020-04-06T21:25:12-04:00
Refactor JCASigTest

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f48986f3 by Alexander Scheel at 2020-04-06T21:25:12-04:00
Refactor SigTest

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
dd9fc06b by Alexander Scheel at 2020-04-07T12:08:36-04:00
Move from _NETSCAPE_ to _NSS_ PKCS#11 constants

In NSS v3.52, support is coming for PKCS#11 v3.0. This deprecates the
_NETSCAPE_ namespace for PKCS#11 constants in favor of _NSS_. The few
remaining _NETSCAPE_ constants will be moved to _NSS_. We only use one,
CKM_NETSCAPE_PBE_SHA1_DES_CBC. Add an #ifdef for compatibility with the
new preferred name.

See also: moz-bz#1603628

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0ac36dc3 by Endi S. Dewata at 2020-04-08T15:04:47-05:00
Added stack trace in Utils.base64decode()

- - - - -
3b34c2ca by Alexander Scheel at 2020-04-09T13:49:24-04:00
Branch to v4.7.0 beta release 1

Since SSLEngine is a breaking change introducing significant new
functionality (and strictly requiring NSS v3.44 or greater), move
to a new minor version.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
3860960d by Alexander Scheel at 2020-04-09T13:53:33-04:00
Throw NPE in PK11PrivKey.getPublicKey()

In NSS < v3.44, getPublicKey() will return null, resulting in a
RuntimException about an unknown key type during a call to
PK11ECPrivateKey.getParams(). This isn't strictly true; the
reason is that the native code doesn't handle NSS returning NULL
from SECKEY_ConvertToPublicKey(...). This only happens when NSS is
an old enough version.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
b73595e9 by Alexander Scheel at 2020-04-09T13:53:33-04:00
Bump minimum required NSS version to 3.44

Due to a bug in NSS not fixed until v3.44, bump the minimum required NSS
version to v3.44.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f74dd43e by Alexander Scheel at 2020-04-09T13:53:33-04:00
Document known NSS incompatibilities

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
814fa962 by Alexander Scheel at 2020-04-13T17:25:53-04:00
Fix latest jss.map entry to v4.7.0

When v4.6.x was branched off of v4.6.3, jss.map wasn't updated to
reflect the next version on the master branch.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
451f78b5 by Alexander Scheel at 2020-04-14T10:48:17-04:00
Accept NULL in CryptoManager.setPasswordCallback()

In the javadocs for CryptoManager.setPasswordCallback(), it says:

> The callback may be NULL, in which case password callbacks will
> fail gracefully.

However, setNativePasswordCallback() will assert on a NULL callback.
Fix this to handle NULL gracefully.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
30b3cde1 by Alexander Scheel at 2020-04-15T10:54:36-04:00
Allow NULL PK11PrivKey identifiers

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f7f0e265 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Make PK11Cert AutoCloseable

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d57c7a8a by Alexander Scheel at 2020-04-15T20:06:48-04:00
Make PK11Cipher AutoCloseable

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
de6f81e4 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Make PK11Key AutoCloseable

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5bb02e2d by Alexander Scheel at 2020-04-15T20:06:48-04:00
Make PK11MessageDigest AutoCloseable

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f678f583 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Make PK11Signature AutoCloseable

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
33ae12d7 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Fix NativeProxy registry tracking

When the switch was made to a HashSet-based registry in
eb5df01003d74b57473eacb84e538d31f5bb06ca, NativeProxy didn't override
hashCode(...). This resulted in calls to close() (and thus, finalize())
not invoking the releaseNativeResources() function to release the
underlying memory.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9cdc9101 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Improve SSLFDProxy's globalRef access

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d00a2fe9 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Fix SSLSocketBase/SocketProxy closure

With NativeProxy now exposing a close method, we can fix the interaction
between SSLSocketBase and its wrapped SocketProxy. Previously,
SSLSocketBase invoked a native method, socketClose() during its close()
handler (which is invoked from SSLSocket.close() and in turn from
SSLSocket.finalize()). This gives a potential race condition when the
value of mPointer is NULLed between SocketProxy.finalize() and
SSLSocket.close() / SSLSocket.finalize() -- if the former executes
before the latter, socketClose() would attempt to dereference a NULL
pointer.

Fix this in two parts:

 1. Make SocketProxy.releaseNativeResource() actually release native
    resources by calling JSSL_DestroySocketData(...); at the same time,
    make closeSocket merely call PR_Close(...).
 2. Update SSLSocketBase to call SocketProxy.close() explicitly.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0c5f6703 by Alexander Scheel at 2020-04-15T20:06:48-04:00
Handle NULL pointers in releaseNativeResources

In the style of the previous commit, ensure all pointers are
non-NULL before continuing to free them. Some of these are excessive as
NSS does do some checking, but in this case consistency is better.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9342d695 by Alexander Scheel at 2020-04-20T12:38:16-04:00
Add documentation on the Mozilla-JSS Provider

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
fe382e52 by Alexander Scheel at 2020-04-20T12:38:16-04:00
Improve documentation in InitializationValues

Also add clearer InvalidLengthException descriptions.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
51e88434 by Alexander Scheel at 2020-04-20T13:38:31-04:00
Remove space from AlgorithmId.toString()

In cadc299fa69554e2e7ab9226298be639219476ab and v4.4.x commit
e1ee07a3c19cd15d7dab1dedf383128a2b83b925, AlgorithmId was updated
to unconditionally add an extra space to toString, to separate the
algorithm name from the parameters. This suffices in some cases, but
AlgorithmId.toString() is used by PKI to compare against a tokenized
list of characters. Removing the extraneous whitespace was the solution
proposed in PKI commit 53de751485b04fe2a1555228342ed642c9a9e347, but
this should really be handled in JSS instead of PKI.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
8627b3c0 by Alexander Scheel at 2020-04-21T14:02:09-04:00
Fix NPE in Utils.HexEncode

In 30b3cde147283d32ec2fd902128e18f54252cf4d, allowances were made for
keys without a unique identifier yet. This happens when the key is new
and code is racing to create an identifier for a key held by another
process which is also accessing the NSS DB. Mostly, this occurs in the
JSS test suite process.

As a result of the now-NULL result, JSSKeyStoreSpi.getAliases will call
Utils.HexEncode with a value of null, raising a NPE. Allow
Utils.HexEncode to return an empty string instead of raising an NPE in
this case.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
edfdbb54 by Alexander Scheel at 2020-04-21T21:44:04-04:00
Simplify PR.Close() logic

>From earlier discussions on memory management, we should isolate the
concerns of the NSPR layer from having to deal with SSL FD specific
stuff as much as possible. Move what used to be in the SSLFD-specific
NSPR close layer to SSLEngine itself.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
8b517720 by Dinesh Prasanth M K at 2020-04-23T11:36:16-04:00
Minor improvement to GH actions

Add matrix strategy to avoid redundant code

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
26882552 by Alexander Scheel at 2020-04-23T12:09:01-04:00
Fix SHA512withRSA/PSS identifier

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
cac2f35b by Alexander Scheel at 2020-04-23T13:56:09-04:00
Consume all input bytes in logging sockets

When the read end of the logging socket is full, writing also tends to
hang. Drain the read end of both sockets before attempting any writes
to help ensure nothing hangs.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
6225bf87 by Alexander Scheel at 2020-04-23T13:56:16-04:00
Enable debug logging with run_test.sh

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4974db86 by Alexander Scheel at 2020-04-23T17:08:09-04:00
Add AlgorithmId.toStringWithParams, fix toString

PKI's usage of AlgorithmId.toString() doesn't handle having the
parameters encoded in the toString() representation of the id.
Move toString() back to only having the contents of algName, and
move parameters to a separate method.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c5691d07 by Endi S. Dewata at 2020-04-27T12:20:54-05:00
Refactored CertificateChain

The CertificateChain class has been modified to use
a List instead of a fixed array of X509Certificates.

- - - - -
2cba9b86 by Endi S. Dewata at 2020-04-27T12:20:54-05:00
Added CertificateChainTest

- - - - -
1c7193ca by Alexander Scheel at 2020-04-27T13:40:39-04:00
Comply with crypto-policies outside of Tomcat

When constructing a new SSLEngine, Tomcat will take the supported
ciphers and limit the enabled cipher suites to only ones which are
supported by this SSLEngine implementation. Because the list of cipher
suites we returned were allowed by local crypto policy, out result was
compliant. However, other usages of SSLEngine aren't guaranteed to
behave the same; make sure we explicitly filter to only supported cipher
suites.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9711bfdd by Alexander Scheel at 2020-04-27T16:06:50-04:00
Use non-interactive apt installation

Lately an update for tzdata has been breaking CI tests for Ubuntu:

    Setting up tzdata (2019c-3ubuntu1) ...
    debconf: unable to initialize frontend: Dialog
    debconf: (TERM is not set, so the dialog frontend is not usable.)
    debconf: falling back to frontend: Readline
    Configuring tzdata
    ------------------

    Please select the geographic area in which you live. Subsequent configuration
    questions will narrow this down by presenting a list of cities, representing
    the time zones in which they are located.

      1. Africa      4. Australia  7. Atlantic  10. Pacific  13. Etc
      2. America     5. Arctic     8. Europe    11. SystemV
      3. Antarctica  6. Asia       9. Indian    12. US

Setting DEBIAN_FRONTEND=noninteractive should prevent apt from querying
information from the container image.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4ecd5bac by Alexander Scheel at 2020-04-27T16:53:23-04:00
Always run workflows regardless of branch

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ba07d407 by Endi S. Dewata at 2020-04-28T12:38:08-04:00
Added PKCS7 constructor

A new constructor has been added to create a PKCS7 from
an array of certificates. This can be used to simplify
CertificateChain.encode() and some other code in PKI.

- - - - -
d6872887 by Endi S. Dewata at 2020-04-28T15:27:16-04:00
Added CertificateChain.sort()

The CertificateChain.sort() has been added to sort the
certificates in the certificate chain.

- - - - -
03afe804 by Alexander Scheel at 2020-04-28T16:47:44-04:00
Handle premature JSSEngine.cleanup()

When JSSengine.cleanup is called prematurely, before ssl_fd or any
buffers are created, many of the native methods would segfault if
called with NULL buffers.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
2a6b443f by Endi S. Dewata at 2020-04-29T13:40:33-04:00
Fixed CertificateChainTest.testGetterMethods()

The CertificateChainTest.testGetterMethods() has been
modified to ignore the exception message since it may
change in different JDK versions.

- - - - -
20a3497b by Alexander Scheel at 2020-04-29T13:41:07-04:00
Expose SSL_ENABLE_POST_HANDSHAKE_AUTH

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
cb117b7f by Alexander Scheel at 2020-04-29T13:41:07-04:00
Expose SSL renegotiation related options

Includes:
 - SSL_ENABLE_RENEGOTIATION and its four values:
    - SSL_RENEGOTIATE_NEVER
    - SSL_RENEGOTIATE_UNRESTRICTED
    - SSL_RENEGOTIATE_REQUIRES_XTN
    - SSL_RENEGOTIATE_TRANSITIONAL
 - SSL_REQUIRE_SAFE_NEGOTIATION
 - SSL_ENABLE_FALLBACK_SCSV

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
305b55c2 by Alexander Scheel at 2020-04-29T13:41:07-04:00
Expose SSL_ReHandshake

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
115b233f by Alexander Scheel at 2020-04-29T13:41:07-04:00
Track handshake completion in SSLFDProxy

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
3107b195 by Alexander Scheel at 2020-04-29T13:41:07-04:00
Implement SSL_SendCertificateRequest

This method is experimental for TLS v1.3 support and replaces
SSL_ReHandshake(...) for proper Post-Handshake Authentication
support.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d9da9bf3 by Alexander Scheel at 2020-04-29T13:41:07-04:00
Add SSL_REQUIRE_CERTIFICATE Values

This adds the following values for use with SSL_REQUIRE_CERTIFICATE:

 - SSL_REQUIRE_NEVER
 - SSL_REQUIRE_ALWAYS
 - SSL_REQUIRE_FIRST_HANDSHAKE
 - SSL_REQUIRE_NO_ERROR

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f677a71b by Alexander Scheel at 2020-04-29T13:41:07-04:00
Implement SSL_KeyUpdate

This method is experimental for TLS v1.3 support and issues a key update
request, similar to a reduced handshake.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1e18963b by Alexander Scheel at 2020-04-29T13:41:07-04:00
Introduce JSSEngine configuration, PHA support

NSS (and TomcatJSS) claim post-handshake authentication (PHA) support.
In order to support this, we need two features in JSSEngine:

 - Expose configuration options from NSS, including PHA options,
 - Adding ability to notify JSSEngine implementations about
   certain configuration changes.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4cadb954 by Alexander Scheel at 2020-04-29T13:41:07-04:00
Add Post-Handshake/rehandshake SSLEngine tests

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c5a6d68e by Alexander Scheel at 2020-04-29T14:42:39-04:00
Move JDK11 test to required section

Fedora 33 will ship with OpenJDK 11 by default and packages will be
required to compile with it. Move this to the default section so we
can catch failures with JDK11 support.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
01aee640 by Alexander Scheel at 2020-04-30T09:55:01-04:00
Add test case for large wrap/unwrap

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1b95a469 by Alexander Scheel at 2020-04-30T09:55:01-04:00
Allow dummy PR.Write with NULL buffer

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
004d3aa9 by Alexander Scheel at 2020-04-30T09:55:01-04:00
Allow JSSEngine.wrap/unwrap of large buffers

Because JSSEngine wraps the native NSS, there are two places data can be
buffered:

 - Within JSSEngine's internal buffers,
 - Within NSS's internal buffers.

When the handshake has completed, we need to ensure we always drain as
much data as possible from these buffers into wrap/unwrap. This requires
us to invoke multiple calls to PR.Read and PR.Write, until they
eventually return EWOULDBLOCK or 0 data written.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
74c5ffab by Alexander Scheel at 2020-04-30T09:55:01-04:00
Gate socket logging behind debug flag

This debug logging is broken for large messages because it timesout
trying to write data. Disable it by default unless explicitly recompiled
with support in the test suite.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
074a389d by Alexander Scheel at 2020-04-30T09:55:01-04:00
Handle JSSEngine.putData(...) with large arrays

When data and the destination buffer are roughly the same size, and both
suitably large, it makes more sense to use ByteBuffer.put(...) with
the source array (providing offset and lengths) rather than manually
putting each byte into the buffer.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
8763efc4 by Alexander Scheel at 2020-04-30T09:55:01-04:00
Handle PR.Writes of smaller sizes in JSSEngine

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e58cd697 by Alexander Scheel at 2020-04-30T09:55:01-04:00
Return FINISHED status from JSSEngine.{un,}wrap

When handling large messages, updateHandshakeState() gets called
multiple times during handshaking. If the handshake becomes FINISHED
and data gets written to a buffer, we'll call updateHandshakeState()
again, resulting in it immediately moving to NOT_HANDSHAKING. Because
clients expect a FINISHED message before NOT_HANDSHAKING, only step
further after FINISHED has been returned from either wrap or unwrap.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c0d054b8 by Alexander Scheel at 2020-04-30T18:27:32-04:00
Hack: provide JSSContext's SSLSocket via SunJSSE

Use the default SunJSSE provider to implement getSocketFactory and
getServerSocketFactory rather than returning null. This should appease
implementations expecting a SocketFactory instance.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4f63549e by Alexander Scheel at 2020-05-04T10:27:47-04:00
Add getSSLParameters to JSSEngine

This returns a new instance of JSSParameters which can be used to clone
the configuration of this SSLEngine into another. This is helpful for
implementing SSLServerSocket, which must accept(), creating a new
SSLSocket with the same initial configuration.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
32844305 by Alexander Scheel at 2020-05-05T13:19:09-04:00
Gate JSSContextSpi behind SSLEngine feature flag

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
13734eaf by Alexander Scheel at 2020-05-07T13:00:32-04:00
Switch to using %license macro for LICENSE files

See: https://pagure.io/packaging-committee/issue/411
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
3416031d by Jack Magne at 2020-05-07T13:24:20-04:00
Fix RSA/PSS with SHA-512 signature algorithm

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
dce67265 by Alexander Scheel at 2020-05-07T16:03:42-04:00
Provide JSSSocket for JSSContextSpi

JSSSocket provides a way of utilizing JSSEngine over an existing Socket,
thus utilizing NSS to provide TLS capabilities for this socket. Unlike
the existing org.mozilla.jss.ssl.SSLSocket, JSS socket complies with
the standard javax.net.ssl.SSLSocket interface, making it compatible
with existing applications and libraries expecting the SSLSocketFactory
from SSLContext to provide SSLSocket instances. This is necessary as
many applications don't handle when SSLContext returns null from the
getSocketFactory() call.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1ca5fa6f by Alexander Scheel at 2020-05-07T16:03:42-04:00
Introduce JSSSocketChannel for JSSSocket

Under java.net.Socket semantics, non-blocking sockets have a
java.nio.SocketChannel member exposed via getChannel(); the older
org.mozilla.jss.ssl.SSLSocket implementation lacks this as it was
implemented over NSPR-backed sockets. However, java.nio.SocketChannel
semantics makes it easier to implement the core interactions with our
JSSEngine. We chose to always expose a JSSSocketChannel instance, even
when the underlying socket isn't explicitly configured as non-blocking.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
8f42f349 by Alexander Scheel at 2020-05-08T11:24:13-04:00
SSLSocket: detect failure to recieve CLOSE_NOTIFY

An important part of the TLS protocol is the ability to detect whether
or not the peer closed the connection or if an attacker terminated the
connection prematurely. In order to do this, both sides send a
CLOSE_NOTIFY event. When this event isn't detected, raise an IOException
to inform the application about it.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f8b589eb by Alexander Scheel at 2020-05-11T17:49:51-04:00
Provide a JSSServerSocket implementation

JSSServerSocket implements the javax.net.ssl.SSLServerSocket interface;
this is an interface over java.net.ServerSocket that, upon accept,
creates a JSSSocket and initializes it with configuration from the
ServerSocket. This allows child sockets to be used with minimal extra
configuration beyond what the server itself has.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c7990385 by Alexander Scheel at 2020-05-11T17:49:51-04:00
Add JSSServerSocketChannel for JSSServerSocket

JSSServerSocketChannel introduces the semantics of ServerSocketChannel
to JSSServerSocket. Like JSSSocketChannel and JSSSocket, the server
socket always has a channel associated with it, even if the underlying
socket doesn't.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
07ff6dad by Alexander Scheel at 2020-05-11T19:27:45-04:00
Simplify JSSServerSocketChannel.accept()

Since we won't return the JSSServerSocketChannel in situations where the
wrapped socket lacks a channel, it is highly unlikely that this method
will ever be called when the parent channel is null. Simplify the logic
and throw an exception in this case instead of returning an accepted
socket channel. Note that, while calling accept() on the parent socket will
allows return a non-null socket, it isn't guaranteed to have a
SocketChannel.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
a57bd7c8 by Alexander Scheel at 2020-05-12T10:12:17-04:00
Introduce JSS-specific SocketFactories

In order to finish implementing the SSLContext interface, we need to
introduce SocketFactories which return instances of our sockets. The
methods available on these factories influenced the design of the
socket implementations: because SSLSocketFactory can wrap an existing
Socket into a SSLSocket, we made JSSSocket a wrapped implementation.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d16099c0 by Alexander Scheel at 2020-05-12T10:12:17-04:00
Switch to JSS-provided SSL Sockets, Factories

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
fb7424e3 by Alexander Scheel at 2020-05-12T10:12:17-04:00
Move classpath, java.security to variables

This allows for easier editing when running select external tests.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
74f06c6d by Alexander Scheel at 2020-05-12T10:12:17-04:00
Update BadSSL to test JSSSocket as well

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
015d299f by Alexander Scheel at 2020-05-12T10:12:17-04:00
Allow null src[index] in JSSEngine

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1ca5d622 by Alexander Scheel at 2020-05-14T14:07:15-04:00
Move to shared buffers for TestSSLEngine

This reduces the load on the allocator and on the GC by moving to a
single set of shared, pre-allocated buffers for all tests. We clear
them between tests, ensuring data isn't reused.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1bd646a4 by Alexander Scheel at 2020-05-14T14:07:15-04:00
Add support for running under perf

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
02725fd5 by Alexander Scheel at 2020-05-14T14:35:26-04:00
Make PK11Cert hashable

This hashes a PK11Cert instance based on the encoded contents of the
cert itself. Two certs are equal if their encoding is the same.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
947c9964 by Alexander Scheel at 2020-05-14T14:35:26-04:00
Reuse Server SSLFDProxy instances

One of the slowest calls in JSSEngine is the call to
SSL_ConfigServerCert. By calling this once per certificate on a
model SSL PRFileDesc instance, we can reuse it on all other
server sockets using the same cert, saving us the overhead of
that call.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
791630dc by Alexander Scheel at 2020-05-20T15:28:06-04:00
Enable JSS-Provided SSLEngine

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9ae00be8 by Jack Magne at 2020-05-21T09:56:07-04:00
Related: Bug 1710105 - JSS: add RSA PSS support

Add PSS cases to algorithm name translating method.

- - - - -
10ca1539 by Alexander Scheel at 2020-05-22T11:33:19-04:00
Don't wait for peer close confirmation

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e64413a1 by Alexander Scheel at 2020-05-22T11:33:19-04:00
Throw SSLException in JSSEngineReferenceImpl.init

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
b01412ad by Alexander Scheel at 2020-05-22T11:33:19-04:00
Fix race in configuring session cache

When multiple JSSSockets and/or JSSEngines are started concurrently,
they will race to configure the session cache. However, the cache can
only be created by one thread at a time and only needs to be done once
in the lifetime of JSS. Make JSSEngine take ownership of cache creation
and utilize this within the legacy SSLSocket as well.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5b5b1a64 by Alexander Scheel at 2020-05-22T12:10:33-04:00
Add SSLSocket benchmark

This benchmark supports three providers:

 1. org.mozilla.jss.ssl.SSLSocket, named JSS.legacy
 2. org.mozilla.jss.ssl.javax.JSSSocket, named JSS.SSLSocket
 3. the JDK's SunJSSE provider's SSLSocket, named SunJSSE.SSLSocket

Documentation for this benchmark is available under the docs/usage
folder.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4791c10f by Alexander Scheel at 2020-05-22T17:16:02-04:00
Allow URL-safe Base64 decoding

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
18843715 by Endi S. Dewata at 2020-05-26T21:31:11-05:00
Updated version number to 4.7.0-0.1 (beta 1)

- - - - -
b9abee59 by Andrew Helgeson at 2020-06-02T13:31:58-04:00
Fix memory leak caused by not freeing ref counted key in hmac initialization

- - - - -
3ceb5b37 by Alexander Scheel at 2020-06-10T09:09:10-04:00
Remove Fedora 30, introduce Fedora 32 for CI

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
80ef41c4 by Alexander Scheel at 2020-06-10T09:24:29-04:00
Move informational messages to debug

Previously these were warnings, resulting in many messages during normal
operation that weren't necessarily important.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ac6495f9 by Endi S. Dewata at 2020-06-10T11:35:54-05:00
Updated version number to 4.7.0-0.2 (beta 2)

- - - - -
393dc27a by Dinesh Prasanth M K at 2020-06-10T16:06:52-04:00
Remove Group tag from spec

Removing Group tag from spec file, as it has been deprecated
https://fedoraproject.org/wiki/RPMGroups#DEPRECATION_ALERT

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
3789795e by Christina Fu at 2020-06-16T14:30:33-04:00
bug1846565 - JSS: Extensions in CertificateExtensions class could get out of order and cause signature discrepency

This patch replaces Hashtable with LinkedHashMap to ensure order of
extensions.

https://bugzilla.redhat.com/show_bug.cgi?id=1846565

- - - - -
2b0f9eea by Alexander Scheel at 2020-06-19T20:58:17-04:00
Add documentation about JSSEngine usage and design

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9736786e by Alexander Scheel at 2020-06-19T20:58:17-04:00
Add documentation on PHA/renegotation

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e6155359 by Alexander Scheel at 2020-06-19T20:58:17-04:00
Document key selection in JSSEngine

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
9daf4256 by Alexander Scheel at 2020-06-19T20:58:17-04:00
Document cipher, protocol selection, sessions

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e509d734 by Alexander Scheel at 2020-06-19T20:58:17-04:00
Document large wrap/unwrap theory

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e72367bc by Alexander Scheel at 2020-06-19T20:58:17-04:00
Further document JSSParameters

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e0958838 by Alexander Scheel at 2020-06-19T20:58:17-04:00
Mention JSSSocket, clarify performance issues

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
3e97e9da by Alexander Scheel at 2020-06-19T20:58:17-04:00
Minor improvements to SSLEngine documentation

Addresses feedback by jmagne.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
20a15857 by Alexander Scheel at 2020-06-22T12:32:42-04:00
Updated version number to 4.7.0-0.3 (beta 3)

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5c6cef67 by Alexander Scheel at 2020-06-24T12:09:33-04:00
Fix loading of CryptoManager in JSSLoader scenario

When using JSSLoader to initialize JSSProvider from the java.security
list, sometimes CryptoManager.getInstance() will fail. Usually this is
because instance is still null, even though

    Security.getProvider("Mozilla-JSS") != null

The error message will usually be something like:

    FINE: CryptoManager: loading JSS library
    FINE: CryptoManager: loaded JSS library from java.library.path
    Exception in thread "main" org.mozilla.jss.NotInitializedException
           at org.mozilla.jss.CryptoManager.getInstance(CryptoManager.java:365)
           at org.mozilla.jss.tests.SigTest.main(SigTest.java:52)

Allow JSSLoader to return the new CryptoManager object, let JSSProvider
store it, so that in this case, CryptoManager.getInstance() will return
an initialized instance.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
2bc188e6 by Endi S. Dewata at 2020-06-24T15:02:04-05:00
Cleaned up PKCS10Attributes

The PKCS10Attributes has been modified to use a SLF4J logger
instead of printing to standard output.

- - - - -
642aa37f by Endi S. Dewata at 2020-06-24T15:02:04-05:00
Cleaned up EncryptedContentInfo.decrypt()

The EncryptedContentInfo.decrypt() has been modified to clear
PBEKeyGenParams to avoid warnings about uncleared passwords.

- - - - -
cac4b559 by Alexander Scheel at 2020-06-25T12:37:26-04:00
Split JSSKeyManager interface, implementation

JSSKeyManager extends X509KeyManager and provides one additional call
that is used by JSSEngine. We also introduce a token-backed KeyManager,
using the existing KeyStore API. When no KeyStore is provided, this
KeyManager falls back to loading certificates from the CryptoManager,
matching existing behavior.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
23109160 by Alexander Scheel at 2020-06-25T12:37:26-04:00
Add test for Token-based KeyManager

Into the JSSEngine tests, we introduce an additional path which uses the
new JSSTokenKeyManager both with the KeyStore and without it.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
65b484ba by Alexander Scheel at 2020-06-25T12:54:33-04:00
Support asynchronous certificate authentication

This exposes support for the SSL_AuthCertificateComplete API call, which
allows us to create a SSL_AuthCertificateHook handler which returns
SECWouldBlock. This returns control back to the caller, allowing them to
execute certificate authentication on their own, lazily. When the result
is available, the Complete call can be performed with the result of the
check. This will enable us to do external (non-native) X509TrustManager
checking in JSS's SSLEngine implementation in a Runnable, implementing
the DelegatedTask aspect.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
23f8aed1 by Alexander Scheel at 2020-06-25T12:54:33-04:00
Check whether DSS certificates are required

Allow SSLCipher to check whether or not a DSS certificate is strictly
required by the given cipher suite. This will be used in SSLEngine to
determine the AuthType to pass to the X509TrustManager.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
e0d66ba2 by Alexander Scheel at 2020-06-25T12:54:33-04:00
Handle NSS/TLS SSLVersion identifiers

NSS uses the TLS protocol version identifiers from the specs (two byte
integers, 0x0002 for SSLv2, 0x0300 for SSLv3, and 0x030{version+1} for
TLSv1.0 -> TLSv1.3); when the caller forgets to convert the value to the
internal JSS enum index, they're left holding a NULL enum value.
Instead, track the real NSS value and return the proper Enum for it.
This shouldn't be a problem as these values are mostly unique (sans a
SSLv2 / SSL_ENABLE_TLS conflict with value 0x0002.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f5d07a1f by Alexander Scheel at 2020-06-25T12:54:33-04:00
Map certificate exceptions to NSS error codes

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5e0284d5 by Alexander Scheel at 2020-06-25T12:54:33-04:00
Implement synchronous CertAuthHook for SSLFDProxy

In conjunction with the previous commit enabling asynchronous
certificate authentication, NSS as of v3.53 still doesn't support
asynchronous certificate authentication on the server side of the
handshake. This implementation allows for easy implementation of both
synchronous and asynchronous certificate authentication handlers.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
cc2937cf by Alexander Scheel at 2020-06-25T12:54:33-04:00
Add TrustManager validation support to JSSEngine

This implements external (to NSS) TrustManager validation in
JSSEngineReferenceImpl, allowing validation of certs from
TrustManagers provided by the caller. This works with both client and
server SSLEngines, though while the former delegates the task via
getDelegatedTask, the latter cannot and does it synchronously.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
775d588f by Alexander Scheel at 2020-06-25T12:54:33-04:00
Support NEED_TASK in SSLSocket

Note that the JSSTrustManager doesn't give the same output as
JSSNativeTrustManager so we cannot enable this in the BadSSL tests.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1efa2db7 by Alexander Scheel at 2020-06-25T17:33:43-04:00
Limit JSSSession refreshData calls

Calling refreshData excessively doesn't necessarily bring any fresh
data, while hurting performance. Remove the call to check peer's
certificate chain and only check it after the handshake has completed.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
c38222a6 by Alexander Scheel at 2020-06-25T17:33:43-04:00
Make sure sockets closed in BadSSL

Sometimes we leak a socket because it throws an exception (that we're
expecting!). Use the try-with-resources pattern to make sure we close
it.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
a13d8fe0 by Alexander Scheel at 2020-06-25T17:33:43-04:00
Ensure JSSEngine gets freed in JSSSocket, Channel

By calling cleanup() on our JSSEngine, we can ensure that all of its
associated resources can get cleaned up as well, including the
underlying PRFileDesc * instance. Call it both during JSSSocket close
and JSSSocketChannel close.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
0e76ce92 by Alexander Scheel at 2020-06-25T17:33:43-04:00
Correctly implement BufferPRFD

This fixes several issues with our BufferPRFD implementation:

 - It needs a unique layer identifier,
 - It needs to be created via PR_CreateIOLayerStub,
 - We shouldn't override the default dtor,
 - And we should make sure to delete ourselves from our Close
   implementation.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d29c7603 by Alexander Scheel at 2020-06-25T17:33:43-04:00
Free values in SecurityStatusResult

Because we create a copy of their values, we are safe to free these
values on exiting from JSS_NewSecurityStatusResult().

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
276b3d0f by Alexander Scheel at 2020-06-25T17:33:43-04:00
Implement PRFDProxy.releaseNativeResources

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
7dd26422 by Alexander Scheel at 2020-06-25T18:40:12-04:00
Updated version number to 4.7.0-0.4 (beta 4)

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
1fb6097a by Alexander Scheel at 2020-07-01T13:05:24-04:00
Replace SHA-1 signature with SHA-256

A recent change in Fedora Rawhide's crypto-policies package caused
failures in the tests like the following:

    Exception in thread "main" java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
        at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1494)
        at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:38)
        at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:25)
        at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:435)
        at java.lang.Thread.run(Thread.java:748)
    Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
        at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
        at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1488)
        ... 4 more
    Server exiting
    org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8016) Unknown error
        at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
        at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:345)
        at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:156)
        at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:90)

This was caused by dropping SHA-1 as an allowed hash during handshakes.
However, because SSLClientAuth manually generated its certificate (and
explicitly asked for SHA-1), it failed.

Switch to SHA-256 instead.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
8ed5a82a by Alexander Scheel at 2020-07-01T13:05:24-04:00
Remove all legacy DSS/DSA tests

The only signature algorithm suppoted with DSS is SHA-1, which will soon
become deprecated and broken. DSS itself isn't widely used either, so we
should remove it from the test suite as well.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
93d88fcb by Alexander Scheel at 2020-07-02T11:37:06-04:00
Add concurrency limit on BenchmarkSSLSocket

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
ab834638 by Endi S. Dewata at 2020-07-02T15:53:26-05:00
Updated build.sh to generate UTC timestamp

The build.sh has been modified to generate UTC timestamp such
that it is consistent across different time zones.

- - - - -
1dd7166b by Alexander Scheel at 2020-07-06T12:37:24-04:00
Close outbound when inbound side is closed

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
3e1750a1 by Alexander Scheel at 2020-07-06T14:38:49-04:00
Add jdk11u Basics tests

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
f4a2aad6 by Alexander Scheel at 2020-07-06T14:38:49-04:00
Test semantics of ByteBuffer indices

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
5ef4c22c by Alexander Scheel at 2020-07-06T18:24:21-04:00
Detect and report buffer underflow status

This fixes an issue with large POST requests and Tomcat looping. Tomcat
is expecting unwrap() to produce data, but NSS won't produce any data
until it has the entire packet and can validate the message signatures.
This means we need to report the status back to Tomcat, so it can add
more data to the buffer (occasionally, increasing the size of the buffer
when necessary).

Occasionally this will report a false-positive: if we get an alert or a
protocol-level message after the handshake (such as a re-key event or a
post-handshake auth event in TLSv1.3), we'll report the status as
BUFFER_UNDERFLOW. However, this should largely be fine unless our caller
gets stuck querying more data from the socket. In the worst case, it'll
trigger a premature close notification (and corresponding wrap call).

However, from our testing, this appears to be safe.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
30162370 by Alexander Scheel at 2020-07-06T18:24:21-04:00
Update JSSSocketChannel to handle BUFFER_UNDERFLOW

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -


30 changed files:

- .github/workflows/optional.yml
- .github/workflows/required.yml
- .gitignore
- CMakeLists.txt
- build.sh
- cmake/JSSCommon.cmake
- cmake/JSSConfig.cmake
- cmake/JSSTests.cmake
- docs/build_system.md
- docs/dependencies.md
- + docs/nss.md
- + docs/usage/benchmarksslsocket.md
- + docs/usage/jssengine.md
- + docs/usage/jssprovider.md
- docs/using_jss.md
- jss.spec
- + lib/java.security.Provider.in
- lib/jss.map
- org/mozilla/jss/CryptoManager.c
- org/mozilla/jss/CryptoManager.java
- org/mozilla/jss/InitializationValues.java
- org/mozilla/jss/InvalidLengthException.java
- + org/mozilla/jss/JSSLoader.java
- org/mozilla/jss/JSSProvider.java
- org/mozilla/jss/crypto/Algorithm.c
- org/mozilla/jss/crypto/Algorithm.h
- org/mozilla/jss/crypto/Algorithm.java
- org/mozilla/jss/crypto/IVParameterSpec.java
- org/mozilla/jss/crypto/KeyWrapAlgorithm.java
- org/mozilla/jss/crypto/Policy.java


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/8cab3e04a644e8dddd0cad84621c2ad33cf0dcb6...30162370f1e6302e5425a044067632b0a7c22bbd

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/jss/-/compare/8cab3e04a644e8dddd0cad84621c2ad33cf0dcb6...30162370f1e6302e5425a044067632b0a7c22bbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200728/40c43ae4/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list