- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: dfd03239 by Sam Foster at 2024-08-31T13:04:35+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - toolkit/modules/LogManager.sys.mjs Changes: ===================================== toolkit/modules/LogManager.sys.mjs ===================================== @@ -384,12 +384,7 @@ export class LogManager { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dfd0323… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dfd0323… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] Bug 1909099 - Always clean up old session restore and sync log files....
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: a6ebf61b by Sam Foster at 2024-08-31T13:04:26+08:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 1 changed file: - toolkit/modules/LogManager.sys.mjs Changes: ===================================== toolkit/modules/LogManager.sys.mjs ===================================== @@ -384,12 +384,7 @@ export class LogManager { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a6ebf61… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a6ebf61… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 56aaa8f3 by Anna Weine at 2024-08-31T13:01:28+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1802,7 +1802,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1907,11 +1908,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -396,10 +409,11 @@ TestArray.addTest( "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", function() { var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; async function doTest() { - let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, "ECDH", false, ["deriveKey"]); - let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, "ECDH", false, []); + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); let ecdhAlg = { name: "ECDH", public: pubKey }; let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); @@ -454,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/56a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/56a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9380dbe6 by Anna Weine at 2024-08-31T12:38:09+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1802,7 +1802,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1907,11 +1908,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -396,10 +409,11 @@ TestArray.addTest( "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", function() { var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; async function doTest() { - let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, "ECDH", false, ["deriveKey"]); - let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, "ECDH", false, []); + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); let ecdhAlg = { name: "ECDH", public: pubKey }; let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); @@ -454,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9380dbe… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9380dbe… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 62e7b72b by Anna Weine at 2024-08-31T12:40:33+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1802,7 +1802,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1907,11 +1908,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -396,10 +409,11 @@ TestArray.addTest( "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", function() { var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; async function doTest() { - let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, "ECDH", false, ["deriveKey"]); - let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, "ECDH", false, []); + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); let ecdhAlg = { name: "ECDH", public: pubKey }; let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); @@ -454,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/62e7b72… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/62e7b72… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.15.0esr-13.5-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 7d80ca6a by Anna Weine at 2024-08-31T12:30:55+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/7d8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/7d8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.15.0esr-13.5-1] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: e9d93c56 by Anna Weine at 2024-08-31T12:30:48+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e9d93c5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e9d93c5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser Commits: 84c46aeb by Anna Weine at 2024-08-31T12:30:34+08:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 4 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/84c46ae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/84c46ae… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 94077be2 by Morgan at 2024-08-31T10:23:33+08:00 fixup! Firefox preference overrides. Bug 42684: Disable network prefetch - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -459,8 +459,12 @@ pref("privacy.purge_trackers.enabled", false); // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); +// tor-browser#42684: Disable network prefetch pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); +pref("dom.prefetch_dns_for_anchor_http_document", false); +pref("dom.prefetch_dns_for_anchor_https_document", false); + pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/940… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/940… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: e02979b1 by Morgan at 2024-08-31T10:23:24+08:00 fixup! Firefox preference overrides. Bug 42684: Disable network prefetch - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -459,8 +459,12 @@ pref("privacy.purge_trackers.enabled", false); // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); +// tor-browser#42684: Disable network prefetch pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); +pref("dom.prefetch_dns_for_anchor_http_document", false); +pref("dom.prefetch_dns_for_anchor_https_document", false); + pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e02979b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e02979b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 31 Aug '24

31 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 546ec417 by Morgan at 2024-08-29T23:43:47+00:00 fixup! Firefox preference overrides. Bug 42684: Disable network prefetch - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -459,8 +459,12 @@ pref("privacy.purge_trackers.enabled", false); // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); +// tor-browser#42684: Disable network prefetch pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); +pref("dom.prefetch_dns_for_anchor_http_document", false); +pref("dom.prefetch_dns_for_anchor_https_document", false); + pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/546ec41… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/546ec41… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41188: Upgrade binutils to 2.41
by morgan (＠morgan) 30 Aug '24

30 Aug '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 156c6f25 by Morgan at 2024-08-30T20:20:29+00:00 Bug 41188: Upgrade binutils to 2.41 - - - - - 1 changed file: - projects/binutils/config Changes: ===================================== projects/binutils/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 2.39 +version: 2.41 filename: '[% project %]-[% c("version") %]-[% IF c("var/linux-cross") %]cross-[% c("arch") %]-[% END %][% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41096: set SOURCE_DATE_EPOCH in set_default_env
by morgan (＠morgan) 30 Aug '24

30 Aug '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 4957118d by Morgan at 2024-08-29T16:34:04+00:00 Bug 41096: set SOURCE_DATE_EPOCH in set_default_env - - - - - 5 changed files: - projects/linux-packages/build - projects/nsis/README.md - projects/nsis/build - projects/openssl/build - rbm.conf Changes: ===================================== projects/linux-packages/build ===================================== @@ -6,7 +6,6 @@ OUTDIR='[% dest_dir _ "/" _ c("filename") %]' mkdir -p $OUTDIR mkdir -p "$distdir" -export SOURCE_DATE_EPOCH='[% c("timestamp") %]' umask 0022 [% IF c("var/build_deb_pkg") -%] ===================================== projects/nsis/README.md ===================================== @@ -44,19 +44,3 @@ References: in which they mention the `IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` flag for compatibility. - [tor-browser-build#40900](https://gitlab.torproject.org/tpo/applications/tor… - -## Reproducibility issues - -We have a patch to add `--no-insert-timestamp` to make the binaries -reproducible. - -We could drop our patch and switch to the official way to do it -(`SOURCE_DATE_EPOCH`). - -References: - -- [nsis#294](https://sourceforge.net/p/nsis/patches/294/): the patch for - `SOURCE_DATE_EPOCH` -- [nsis#309](https://sourceforge.net/p/nsis/patches/309/): the attempt to uplift - our patch -- [tor-browser-build#40090](https://gitlab.torproject.org/tpo/applications/tor… ===================================== projects/nsis/build ===================================== @@ -37,7 +37,6 @@ cd "$builddir" sed -i 's/-Wl,--exclude-libs,msvcrt.a/-Wl,-Xlink=-fixed/' SCons/Config/gnu sed -i '2i extern "C"' SCons/Config/{memcpy,memset}.c -export SOURCE_DATE_EPOCH=$(stat -c '%Y' Source) # Resource.dll does not obey the source date epoch... patch -p1 < "$rootdir/resource-reproducible.diff" ===================================== projects/openssl/build ===================================== @@ -19,7 +19,6 @@ export CC='gcc -m32' # from GCC to Clang and vice versa. export CC=cc [% END -%] -export SOURCE_DATE_EPOCH='[% c("timestamp") %]' # OpenSSL 3 uses lib64 on 64-bit systems, but tor looks for lib ./Configure --prefix="$distdir" --libdir=lib [% c('var/configure_opts') %] make -j[% c("num_procs") %] ===================================== rbm.conf ===================================== @@ -204,6 +204,7 @@ var: rootdir=$(pwd) export SHELL=/bin/bash export HOME=$rootdir + export SOURCE_DATE_EPOCH='[% c("timestamp") %]' umask 0022 [% IF c("container/global_disable") -%] rm -Rf /var/tmp/build /var/tmp/dist @@ -214,6 +215,7 @@ var: export ZSTD_NBTHREADS=[% c("num_procs") > 1 ? c("num_procs") : '2' %] [% END -%] + DOCSDIR_project: '[% project %]' set_MOZ_BUILD_DATE: 'export MOZ_BUILD_DATE=[% c("var/MOZ_BUILD_DATE") %]' MOZ_BUILD_DATE: '[% USE date; date.format(c("var/browser_release_date"), "%Y%m%d%H%M%S") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 29 Aug '24

29 Aug '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 72fa55f0 by Morgan at 2024-08-29T19:01:45+00:00 fixup! Firefox preference overrides. Bug 42687: Disable contentRelevancy component - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -290,6 +290,11 @@ pref("browser.preferences.moreFromMozilla", false); pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); +// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) +pref("toolkit.contentRelevancy.enabled", false; +pref("toolkit.contentRelevancy.ingestEnabled", false); +pref("toolkit.contentRelevancy.log", false); + pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254) // Disable use of WiFi location information pref("browser.region.network.scan", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/72f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/72f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 29 Aug '24

29 Aug '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 2003c61d by Morgan at 2024-08-29T19:00:31+00:00 fixup! Firefox preference overrides. Bug 42687: Disable contentRelevancy component - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -290,6 +290,11 @@ pref("browser.preferences.moreFromMozilla", false); pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); +// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) +pref("toolkit.contentRelevancy.enabled", false; +pref("toolkit.contentRelevancy.ingestEnabled", false); +pref("toolkit.contentRelevancy.log", false); + pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254) // Disable use of WiFi location information pref("browser.region.network.scan", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2003c61… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2003c61… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 29 Aug '24

29 Aug '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 1cd99490 by Morgan at 2024-08-29T18:59:28+00:00 fixup! Firefox preference overrides. Bug 42687: Disable contentRelevancy component - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -290,6 +290,11 @@ pref("browser.preferences.moreFromMozilla", false); pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); +// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) +pref("toolkit.contentRelevancy.enabled", false; +pref("toolkit.contentRelevancy.ingestEnabled", false); +pref("toolkit.contentRelevancy.log", false); + pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254) // Disable use of WiFi location information pref("browser.region.network.scan", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1cd9949… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1cd9949… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Bug 32308: Use direct browser sizing for letterboxing.
by ma1 (＠ma1) 29 Aug '24

29 Aug '24

ma1 pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 28135e70 by Henry Wilkes at 2024-08-30T00:13:26+08:00 fixup! Bug 32308: Use direct browser sizing for letterboxing. Bug 42764: Reduce letterboxing jank from find bar. - - - - - 1 changed file: - toolkit/themes/shared/findbar.css Changes: ===================================== toolkit/themes/shared/findbar.css ===================================== @@ -39,6 +39,14 @@ xul|findbar { transition-duration: 0s; transition-delay: 0s; } + + /* When letterboxing is in use, we do not transition to avoid layout jank. + * This has an additional benefit that the find bar cannot be used to + * fingerprint prefers-reduced-motion. See tor-browser#42764. */ + .letterboxing & { + transition-duration: 0s; + transition-delay: 0s; + } } .findbar-container { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/281… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/281… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Bug 32308: Use direct browser sizing for letterboxing.
by ma1 (＠ma1) 29 Aug '24

29 Aug '24

ma1 pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 35b22106 by Henry Wilkes at 2024-08-30T00:13:00+08:00 fixup! Bug 32308: Use direct browser sizing for letterboxing. Bug 42764: Reduce letterboxing jank from find bar. - - - - - 1 changed file: - toolkit/themes/shared/findbar.css Changes: ===================================== toolkit/themes/shared/findbar.css ===================================== @@ -39,6 +39,14 @@ xul|findbar { transition-duration: 0s; transition-delay: 0s; } + + /* When letterboxing is in use, we do not transition to avoid layout jank. + * This has an additional benefit that the find bar cannot be used to + * fingerprint prefers-reduced-motion. See tor-browser#42764. */ + .letterboxing & { + transition-duration: 0s; + transition-delay: 0s; + } } .findbar-container { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/35b2210… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/35b2210… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Bug 32308: Use direct browser sizing for letterboxing.
by ma1 (＠ma1) 29 Aug '24

29 Aug '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8449d263 by Henry Wilkes at 2024-08-29T16:59:09+01:00 fixup! Bug 32308: Use direct browser sizing for letterboxing. Bug 42764: Reduce letterboxing jank from find bar. - - - - - 1 changed file: - toolkit/themes/shared/findbar.css Changes: ===================================== toolkit/themes/shared/findbar.css ===================================== @@ -39,6 +39,14 @@ xul|findbar { transition-duration: 0s; transition-delay: 0s; } + + /* When letterboxing is in use, we do not transition to avoid layout jank. + * This has an additional benefit that the find bar cannot be used to + * fingerprint prefers-reduced-motion. See tor-browser#42764. */ + .letterboxing & { + transition-duration: 0s; + transition-delay: 0s; + } } .findbar-container { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8449d26… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8449d26… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] 2 commits: fixup! Bug 4234: Use the Firefox Update Process for Base Browser.
by Pier Angelo Vendrame (＠pierov) 29 Aug '24

29 Aug '24

Pier Angelo Vendrame pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser Commits: 757b1f4d by Pier Angelo Vendrame at 2024-08-28T08:45:55+02:00 fixup! Bug 4234: Use the Firefox Update Process for Base Browser. Bug 42747: Discard unsupported updates earlier. Firefox's updater has a function to select updates, which checks mainly the version number. Therefore, a more recent update that is unsupported will be chosen over a compatible one. We patch this to be able to provide an alternative update path to Windows 7. - - - - - 2f730245 by Pier Angelo Vendrame at 2024-08-28T08:45:55+02:00 fixup! Bug 19121: reinstate the update.xml hash check Revert "Bug 19121: reinstate the update.xml hash check" This reverts commit 39a712fbaf18cb64b6dc601c71bac82718de1a01. - - - - - 3 changed files: - toolkit/mozapps/update/UpdateService.sys.mjs - toolkit/mozapps/update/UpdateTelemetry.sys.mjs - toolkit/mozapps/update/nsIUpdateService.idl Changes: ===================================== toolkit/mozapps/update/UpdateService.sys.mjs ===================================== @@ -2127,8 +2127,6 @@ function UpdatePatch(patch) { } break; case "finalURL": - case "hashFunction": - case "hashValue": case "state": case "type": case "URL": @@ -2148,8 +2146,6 @@ UpdatePatch.prototype = { // over writing nsIUpdatePatch attributes. _attrNames: [ "errorCode", - "hashFunction", - "hashValue", "finalURL", "selected", "size", @@ -2163,8 +2159,6 @@ UpdatePatch.prototype = { */ serialize: function UpdatePatch_serialize(updates) { var patch = updates.createElementNS(URI_UPDATE_NS, "patch"); - patch.setAttribute("hashFunction", this.hashFunction); - patch.setAttribute("hashValue", this.hashValue); patch.setAttribute("size", this.size); patch.setAttribute("type", this.type); patch.setAttribute("URL", this.URL); @@ -3737,18 +3731,20 @@ UpdateService.prototype = { switch (aUpdate.type) { case "major": - if (!majorUpdate) { + if (!majorUpdate || majorUpdate.unsupported) { majorUpdate = aUpdate; } else if ( + !aUpdate.unsupported && vc.compare(majorUpdate.appVersion, aUpdate.appVersion) <= 0 ) { majorUpdate = aUpdate; } break; case "minor": - if (!minorUpdate) { + if (!minorUpdate || minorUpdate.unsupported) { minorUpdate = aUpdate; } else if ( + !aUpdate.unsupported && vc.compare(minorUpdate.appVersion, aUpdate.appVersion) <= 0 ) { minorUpdate = aUpdate; @@ -5792,56 +5788,7 @@ Downloader.prototype = { } LOG("Downloader:_verifyDownload downloaded size == expected size."); - let fileStream = Cc[ - "@mozilla.org/network/file-input-stream;1" - ].createInstance(Ci.nsIFileInputStream); - fileStream.init( - destination, - FileUtils.MODE_RDONLY, - FileUtils.PERMS_FILE, - 0 - ); - - let digest; - try { - let hash = Cc["@mozilla.org/security/hash;1"].createInstance( - Ci.nsICryptoHash - ); - var hashFunction = - Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()]; - if (hashFunction == undefined) { - throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED); - } - hash.init(hashFunction); - hash.updateFromStream(fileStream, -1); - // NOTE: For now, we assume that the format of _patch.hashValue is hex - // encoded binary (such as what is typically output by programs like - // sha1sum). In the future, this may change to base64 depending on how - // we choose to compute these hashes. - hash = hash.finish(false); - digest = Array.from(hash, (c, i) => - hash.charCodeAt(i).toString(16).padStart(2, "0") - ).join(""); - } catch (e) { - LOG( - "Downloader:_verifyDownload - failed to compute hash of the downloaded update archive" - ); - digest = ""; - } - - fileStream.close(); - - if (digest == this._patch.hashValue.toLowerCase()) { - LOG("Downloader:_verifyDownload hashes match."); - return true; - } - - LOG("Downloader:_verifyDownload hashes do not match. "); - AUSTLMY.pingDownloadCode( - this.isCompleteUpdate, - AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH - ); - return false; + return true; }, /** @@ -6477,9 +6424,6 @@ Downloader.prototype = { " is higher than patch size: " + this._patch.size ); - // It's important that we use a different code than - // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference - // between a hash error and a wrong download error. AUSTLMY.pingDownloadCode( this.isCompleteUpdate, AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER @@ -6498,9 +6442,6 @@ Downloader.prototype = { " is not equal to expected patch size: " + this._patch.size ); - // It's important that we use a different code than - // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference - // between a hash error and a wrong download error. AUSTLMY.pingDownloadCode( this.isCompleteUpdate, AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL ===================================== toolkit/mozapps/update/UpdateTelemetry.sys.mjs ===================================== @@ -190,7 +190,6 @@ export var AUSTLMY = { DWNLD_ERR_VERIFY_NO_REQUEST: 13, DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14, DWNLD_ERR_WRITE_FAILURE: 15, - DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16, // Temporary failure code to see if there are failures without an update phase DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40, ===================================== toolkit/mozapps/update/nsIUpdateService.idl ===================================== @@ -39,17 +39,6 @@ interface nsIUpdatePatch : nsISupports */ attribute AString finalURL; - /** - * The hash function to use when determining this file's integrity - */ - attribute AString hashFunction; - - /** - * The value of the hash function named above that should be computed if - * this file is not corrupt. - */ - attribute AString hashValue; - /** * The size of this file, in bytes. */ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/6935ca… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/6935ca… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 41568: Disable LaterRun
by Pier Angelo Vendrame (＠pierov) 29 Aug '24

29 Aug '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: e4de0ac8 by Henry Wilkes at 2024-08-29T16:42:57+02:00 fixup! Bug 41568: Disable LaterRun Bug 42630: Revert patch. - - - - - ae50f625 by Henry Wilkes at 2024-08-29T16:42:58+02:00 Bug 42630: Disable LaterRun module. - - - - - 2 changed files: - browser/components/BrowserContentHandler.sys.mjs - browser/modules/LaterRun.sys.mjs Changes: ===================================== browser/components/BrowserContentHandler.sys.mjs ===================================== @@ -774,8 +774,8 @@ nsBrowserContentHandler.prototype = { additionalPage = Services.urlFormatter.formatURLPref( "startup.homepage_welcome_url.additional" ); - // Disable 'later run' pages for new profiles (tor-browser#41568) - lazy.LaterRun.selfDestruct(); + // Turn on 'later run' pages for new profiles. + lazy.LaterRun.enable(lazy.LaterRun.ENABLE_REASON_NEW_PROFILE); break; case OVERRIDE_NEW_MSTONE: { // Check whether we will restore a session. If we will, we assume ===================================== browser/modules/LaterRun.sys.mjs ===================================== @@ -61,6 +61,20 @@ export let LaterRun = { }, init(reason) { + // Keep disabled in Base Browser. See tor-browser#41568. + // NOTE: This means that users cannot benefit from feature prompts gated + // behind LaterRun. + // In mozilla ESR 128 it is only used in one place, and is gated behind a + // feature recommendation preference that we switch off in Base Browser + // anyway. See tor-browser#42630. + // But this decision should be reviewed. See tor-browser#43093. + Services.prefs.setBoolPref(kEnabledPref, false); + // Clear any preferences that may have been set before LaterRun was + // disabled. + Services.prefs.clearUserPref(kSessionCountPref); + Services.prefs.clearUserPref(kProfileCreationTime); + Services.prefs.clearUserPref(kUpdateAppliedTime); + if (!this.enabled) { return; } @@ -99,11 +113,8 @@ export let LaterRun = { return Services.prefs.getBoolPref(kEnabledPref, false); }, - enable(reason) { - if (!this.enabled) { - Services.prefs.setBoolPref(kEnabledPref, true); - this.init(reason); - } + enable(_reason) { + // Keep disabled in Base Browser. See tor-browser#41568. }, get hoursSinceInstall() { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/07… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/07… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 41568: Disable LaterRun
by Pier Angelo Vendrame (＠pierov) 29 Aug '24

29 Aug '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 44820468 by Henry Wilkes at 2024-08-29T16:42:37+02:00 fixup! Bug 41568: Disable LaterRun Bug 42630: Revert patch. - - - - - d44ef5f7 by Henry Wilkes at 2024-08-29T16:42:41+02:00 Bug 42630: Disable LaterRun module. - - - - - 2 changed files: - browser/components/BrowserContentHandler.sys.mjs - browser/modules/LaterRun.sys.mjs Changes: ===================================== browser/components/BrowserContentHandler.sys.mjs ===================================== @@ -757,8 +757,8 @@ nsBrowserContentHandler.prototype = { additionalPage = Services.urlFormatter.formatURLPref( "startup.homepage_welcome_url.additional" ); - // Disable 'later run' pages for new profiles (tor-browser#41568) - lazy.LaterRun.selfDestruct(); + // Turn on 'later run' pages for new profiles. + lazy.LaterRun.enable(lazy.LaterRun.ENABLE_REASON_NEW_PROFILE); break; case OVERRIDE_NEW_MSTONE: { // Check whether we will restore a session. If we will, we assume ===================================== browser/modules/LaterRun.sys.mjs ===================================== @@ -61,6 +61,20 @@ export let LaterRun = { }, init(reason) { + // Keep disabled in Base Browser. See tor-browser#41568. + // NOTE: This means that users cannot benefit from feature prompts gated + // behind LaterRun. + // In mozilla ESR 128 it is only used in one place, and is gated behind a + // feature recommendation preference that we switch off in Base Browser + // anyway. See tor-browser#42630. + // But this decision should be reviewed. See tor-browser#43093. + Services.prefs.setBoolPref(kEnabledPref, false); + // Clear any preferences that may have been set before LaterRun was + // disabled. + Services.prefs.clearUserPref(kSessionCountPref); + Services.prefs.clearUserPref(kProfileCreationTime); + Services.prefs.clearUserPref(kUpdateAppliedTime); + if (!this.enabled) { return; } @@ -99,11 +113,8 @@ export let LaterRun = { return Services.prefs.getBoolPref(kEnabledPref, false); }, - enable(reason) { - if (!this.enabled) { - Services.prefs.setBoolPref(kEnabledPref, true); - this.init(reason); - } + enable(_reason) { + // Keep disabled in Base Browser. See tor-browser#41568. }, get hoursSinceInstall() { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8fe2c1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8fe2c1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 41568: Disable LaterRun
by Pier Angelo Vendrame (＠pierov) 29 Aug '24

29 Aug '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: e85915bc by Henry Wilkes at 2024-08-29T15:11:30+01:00 fixup! Bug 41568: Disable LaterRun Bug 42630: Revert patch. - - - - - 8a110fc4 by Henry Wilkes at 2024-08-29T15:12:01+01:00 Bug 42630: Disable LaterRun module. - - - - - 2 changed files: - browser/components/BrowserContentHandler.sys.mjs - browser/modules/LaterRun.sys.mjs Changes: ===================================== browser/components/BrowserContentHandler.sys.mjs ===================================== @@ -774,8 +774,8 @@ nsBrowserContentHandler.prototype = { additionalPage = Services.urlFormatter.formatURLPref( "startup.homepage_welcome_url.additional" ); - // Disable 'later run' pages for new profiles (tor-browser#41568) - lazy.LaterRun.selfDestruct(); + // Turn on 'later run' pages for new profiles. + lazy.LaterRun.enable(lazy.LaterRun.ENABLE_REASON_NEW_PROFILE); break; case OVERRIDE_NEW_MSTONE: { // Check whether we will restore a session. If we will, we assume ===================================== browser/modules/LaterRun.sys.mjs ===================================== @@ -61,6 +61,20 @@ export let LaterRun = { }, init(reason) { + // Keep disabled in Base Browser. See tor-browser#41568. + // NOTE: This means that users cannot benefit from feature prompts gated + // behind LaterRun. + // In mozilla ESR 128 it is only used in one place, and is gated behind a + // feature recommendation preference that we switch off in Base Browser + // anyway. See tor-browser#42630. + // But this decision should be reviewed. See tor-browser#43093. + Services.prefs.setBoolPref(kEnabledPref, false); + // Clear any preferences that may have been set before LaterRun was + // disabled. + Services.prefs.clearUserPref(kSessionCountPref); + Services.prefs.clearUserPref(kProfileCreationTime); + Services.prefs.clearUserPref(kUpdateAppliedTime); + if (!this.enabled) { return; } @@ -99,11 +113,8 @@ export let LaterRun = { return Services.prefs.getBoolPref(kEnabledPref, false); }, - enable(reason) { - if (!this.enabled) { - Services.prefs.setBoolPref(kEnabledPref, true); - this.init(reason); - } + enable(_reason) { + // Keep disabled in Base Browser. See tor-browser#41568. }, get hoursSinceInstall() { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/df4211… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/df4211… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Bug 23247: Communicating security expectations for .onion
by Pier Angelo Vendrame (＠pierov) 29 Aug '24

29 Aug '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: df421101 by Pier Angelo Vendrame at 2024-08-29T10:15:34+02:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 42743: Check for .onion in the actual document URI in pageInfo. One of our patches checks whether we are in a .onion domain when showing the security information in pageInfo.xhtml. However, it checks it in the requested URI rather than doing it on the actually loaded URI, therefore about:neterror is shown as a secure Onion service, which is not consistent with failures in loading clearnet domains with HTTPS. - - - - - 1 changed file: - browser/base/content/pageinfo/security.js Changes: ===================================== browser/base/content/pageinfo/security.js ===================================== @@ -53,16 +53,15 @@ var security = { (Ci.nsIWebProgressListener.STATE_LOADED_MIXED_ACTIVE_CONTENT | Ci.nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT); var isEV = ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL; - var isOnion = false; - let hostName; - try { - hostName = Services.eTLD.getBaseDomain(this.uri); - } catch (e) { - hostName = this.windowInfo.hostName; - } - if (hostName && hostName.endsWith(".onion")) { - isOnion = true; + let uriInformation = new URL(gDocInfo.documentURIObject.spec); + // If the Onion site could not be loaded, the view-source will be also be + // about:neterror. + if (uriInformation.protocol == "view-source:") { + uriInformation = new URL(uriInformation.pathname); } + const isOnion = + ["http:", "https:"].includes(uriInformation.protocol) && + uriInformation.hostname.endsWith(".onion"); let retval = { cAName: "", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/df42110… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/df42110… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.15.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 29 Aug '24

29 Aug '24

Pier Angelo Vendrame pushed new tag mullvad-browser-115.15.0esr-13.5-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits