summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Added tag NSS_3_40_1_RTM for changeset 701ccb7a49c7NSS_3_40_BRANCHJ.C. Jones2018-11-300-0/+0
|
* Set version numbers to 3.40.1 finalNSS_3_40_1_RTMJ.C. Jones2018-11-303-6/+6
|
* Bug 1485864 - Constant time mp_to_fixlen_octets, r=franziskusMartin Thomson2018-11-303-24/+122
| | | | Differential Revision: https://phabricator.services.mozilla.com/D11722
* Bug 1485864 - improve padding checks in RSA_DecryptBlock, r=mtFranziskus Kiefer2018-10-312-36/+80
| | | | Differential Revision: https://phabricator.services.mozilla.com//D10357
* Bug 1485864 - improve RSA key exchange handling, r=mtFranziskus Kiefer2018-10-261-26/+31
| | | | Differential Revision: https://phabricator.services.mozilla.com//D9914
* Added tag NSS_3_40_RTM for changeset 704d253fa016J.C. Jones2018-10-240-0/+0
|
* Backed out changeset 77ae602f995a for gecko build failures, a=bustageNSS_3_40_RTMMartin Thomson2018-10-162-34/+5
| | | | See https://bugzilla.mozilla.org/show_bug.cgi?id=1471566#c4
* Set version numbers to 3.40 finalDaiki Ueno2018-10-123-6/+6
|
* Bug 1498437 - Require that the server negotiate TLS 1.3 if we sent ESNI. r=mtEKR2018-10-112-2/+30
| | | | | | | | | | | Reviewers: mt Tags: #secure-revision Bug #: 1498437 Differential Revision: https://phabricator.services.mozilla.com/D8496
* Bug 1489945 - Handle second ticket with external ticket caching, r=franziskusMartin Thomson2018-10-123-13/+52
| | | | | | | | | | | | | | | | | | | | | | Summary: If we get a second session ticket in TLS 1.3 (as boringssl is wont to do, and maybe others) while the external session cache is enabled, we assert. The fix is to stop assuming that only in_client_cache sessions have a ticket attached. The bigger fix ensures that sessions are properly labelled so that we correctly create a new session in the event that we get multiple tickets from a server. I *think* that this isn't that high a priority. Michal is apparently working on code related to this, but should still be able to make progress by disabling TLS 1.3 (or avoiding boringSSL servers). Reviewers: franziskus, ekr Reviewed By: franziskus Bug #: 1489945 Differential Revision: https://phabricator.services.mozilla.com/D5740
* Bug 1434943 - Support for MSVC in build.sh, r=jcjMartin Thomson2018-10-1211-135/+265
| | | | | | | | | | | | | | | | | | | | Summary: This adds basic support for MSVC to build.sh. It uses the registry and vswhere (which is part of the standard mozilla-build setup now) to work out paths and set them properly. It's probably a little fragile, but it's better than the shoestring and tape we have in builds right now. I took the liberty of sanitizing the command-line options a little here. Mostly that is sorting them, but I also deprecated the -m32 option in favour of specifying target architecture with -t. That turned out to be a lot cleaner. Reviewers: jcj Reviewed By: jcj Bug #: 1434943 Differential Revision: https://phabricator.services.mozilla.com/D5125
* Bug 1471566 - fix OSS fuzzing build, r=mtFranziskus Kiefer2018-10-082-5/+34
| | | | Differential Revision: https://phabricator.services.mozilla.com/D7996
* Bug 1495451 - Fix issues flagged by coverity. r=mtEKR2018-10-012-0/+5
| | | | | | | | | Tags: #secure-revision Bug #: 1495451 Differential Revision: https://phabricator.services.mozilla.com/D7358
* Bug 1493822, Removal of "Visa eCommerce Root" CA from Mozilla Root Program, ↵Kai Engert2018-10-012-142/+2
| | | | k=kwilson
* Bug 1479787 - clang-format, r=mt,keelerFranziskus Kiefer2018-08-0313-834/+598
| | | | Differential Revision: https://phabricator.services.mozilla.com/D2721
* Bug 1479787 - build mozpkix as part of NSS, r=mt,keelerFranziskus Kiefer2018-08-03105-624/+608
| | | | | | Differential Revision: https://phabricator.services.mozilla.com/D2719 Differential Revision: https://phabricator.services.mozilla.com/D2720 Differential Revision: https://phabricator.services.mozilla.com/D2861
* Bug 1479787 - merge mozpkix from mozilla-central to NSSFranziskus Kiefer2018-08-0349-0/+21289
|\
| * Bug 1476486 - Apply clang warning suppression (rather than msvc) in pkix for ↵Xidorn Quan2018-07-192-5/+5
| | | | | | | | | | | | clang-cl. r=froydnj MozReview-Commit-ID: 6BCF6VYMI88
| * Bug 1453795 - PSM-Security - Initialize member fields in classes/ ↵Andi-Bogdan Postelnicu2018-06-185-3/+14
| | | | | | | | structures. r=keeler
| * Backed out changeset 6692fb61e97c (bug 1453795) for build bustages on ↵Narcis Beleuzu2018-06-195-13/+2
| | | | | | | | CertVerifier.h . CLOSED TREE
| * Bug 1453795 - PSM-Security - Initialize member fields in classes/ ↵Andi-Bogdan Postelnicu2018-06-185-2/+13
| | | | | | | | structures. r=keeler
| * Bug 1464869 - Run autopep8 on security/ r=fkieferSylvestre Ledru2018-05-261-3/+9
| | | | | | | | MozReview-Commit-ID: K3aWVqsO0O8
| * Backed out 4 changesets (bug 525063) on request from Andi. a=backoutSebastian Hengst2018-04-133-14/+5
| | | | | | | | | | | | | | Backed out changeset 9d7f1e63d6f7 (bug 525063) Backed out changeset 9d7f1e63d6f7 (bug 525063) Backed out changeset 9d7f1e63d6f7 (bug 525063) Backed out changeset 9d7f1e63d6f7 (bug 525063)
| * Bug 1450967 - MITM error string update, r=keelerFranziskus Kiefer2018-04-121-1/+1
| | | | | | | | Differential Revision: https://phabricator.services.mozilla.com/D894
| * Bug 525063 - Initialize uninitialized class attributes in m-c. r=ehsanTristan Bourvon2018-04-103-5/+14
| |
| * Bug 1450967 - mitm detection v0.0.1, r=keeler,johannhFranziskus Kiefer2018-03-163-0/+6
| | | | | | | | Differential Revision: https://phabricator.services.mozilla.com/D839
| * bug 1056341 - introduce a budget for path searching in mozilla::pkix to ↵David Keeler2018-03-272-8/+181
| | | | | | | | | | | | avoid unbounded search r=fkiefer,jcj MozReview-Commit-ID: Ght1wx5lb34
| * Bug 1448787 - separate error for self-signed certs, r=keeler,johannhFranziskus Kiefer2018-03-293-0/+5
| | | | | | | | | | | | | | | | Reviewed By: keeler, johannh Bug #: 1448787 Differential Revision: https://phabricator.services.mozilla.com/D805
| * Bug 1443744 - fix shadowing issues in pkix, r=keelerFranziskus Kiefer2018-03-0719-136/+131
| | | | | | | | Differential Revision: https://phabricator.services.mozilla.com/D689
| * bug 1441223 - add a new (overridable) error code to describe extra policy ↵David Keeler2018-02-273-0/+6
| | | | | | | | | | | | | | | | | | | | | | constraint failures r=jcj Certificate verification failures that result from additional policy constraint failures now use the error code "MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED" (also known as "Result::ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED", depending on the context). MozReview-Commit-ID: 9rE7gRBapRF
| * bug 1437214 - if PathBuildingStep::Check fails due to a problem with the ↵David Keeler2018-02-092-2/+174
| | | | | | | | | | | | subject certificate rather than the potential issuer, set keepGoing to false r=jcj MozReview-Commit-ID: DEr4YgXfkOL
| * bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests ↵David Keeler2018-01-123-29/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r=franziskus Before this patch, mozilla::pkix gtests would generate a public/private key pair and stash it in a global variable. Since this wasn't part of XPCOM nor tracked by the PSM/NSS shutdown machinery, it wouldn't get released at the appropriate time. The solution to this is to generate the key and then essentially export it as data, so no NSS objects are held alive. Since NSS considers private keys stored in the persistent database sensitive and won't export them in the clear, we "encrypt" the key material with an empty password so we can import it when necessary. (While the gtests don't use persistent keys, the test utilties in the gtests are also used by some xpcshell tests that do use persistent keys, hence the need to encrypt the key material.)
| * Bug 1394734 - Simplify various corner cases r=glandiumSylvestre Ledru2017-12-071-1/+1
| | | | | | | | MozReview-Commit-ID: 4s4JdXZPvmv
| * Bug 1394734 - Replace CONFIG['CLANG*'] by CONFIG['CC_TYPE'] r=glandiumSylvestre Ledru2017-12-072-3/+3
| | | | | | | | MozReview-Commit-ID: HbF5oT5HW6f
| * Bug 1394734 - Replace CONFIG['MSVC'] by CONFIG['CC_TYPE'] r=glandiumSylvestre Ledru2017-12-083-3/+3
| | | | | | | | MozReview-Commit-ID: 5orfnoude7h
| * Bug 1394734 - Replace CONFIG['GNU_C*'] by CONFIG['CC_TYPE'] r=glandiumSylvestre Ledru2017-12-073-4/+4
| | | | | | | | MozReview-Commit-ID: 7duJk2gSd4m
| * Bug 1198481 - Fixed typo 'id_pk_serverAuth' to 'id_kp_serverAuth'. r=keelermanikishan2017-12-021-1/+1
| |
| * Bug 1411001 - Remove the +x permissions on cpp & h files r=froydnjSylvestre Ledru2017-10-231-0/+0
| | | | | | | | MozReview-Commit-ID: DjDkL20wRg0
| * Bug 1406736 Match MinGW's macro so we declare gmtime_r under MinGW too r=froydnjTom Ritter2017-10-091-1/+1
| | | | | | | | MozReview-Commit-ID: 2U2ToeyVUUt
| * Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't ↵Nicolas Vigier2017-10-161-5/+5
| | | | | | | | include cstring explicitly. r=keeler
| * Bug 1406687 Pass return values from fwrite to Unused to silence the ↵Tom Ritter2017-10-091-1/+3
| | | | | | | | | | | | warn-unused-result warning r=njn MozReview-Commit-ID: 4v6tPF5aMz7
| * Backed out changeset 7a5d74db770b (bug 1406687) for build bustage at ↵Sebastian Hengst2017-10-091-3/+1
| | | | | | | | testing/gtest/gtest/src/gtest.cc:3871: 'Unused' was not declared in this scope. r=backout
| * Bug 1406687 Pass return values from fwrite to Unused to silence the ↵Tom Ritter2017-10-091-1/+3
| | | | | | | | | | | | warn-unused-result warning r=njn MozReview-Commit-ID: 4v6tPF5aMz7
| * Bug 1369806: Fix up pkix test to correctly pass zero to ↵Daniel Holbert2017-06-021-2/+4
| | | | | | | | | | | | CreateEncodedBasicConstraints (which takes a pointer-to-long, rather than a long). r=keeler MozReview-Commit-ID: Ki8AHuW5zyP
| * Bug 1369864: Suppress clang -Wno-zero-as-null-pointer-constant build ↵Daniel Holbert2017-06-021-0/+1
| | | | | | | | | | | | | | | | | | warning, in pkix/test/gtest. r=keeler The gtest headers trigger many instances of this warning, due to their usage of NULL instead of nullptr. MozReview-Commit-ID: Dhv7mPHpZ7I
| * Bug 1369871: Add "const" keyword to a long* param in a pkix test function. ↵Daniel Holbert2017-06-022-2/+2
| | | | | | | | | | | | | | | | | | | | | | r=keeler The only reason this param is a pointer is so that it can be optional. It's not an outparam -- the function does not (and does not intend to) modify it -- so it should be declared as 'const' to make that clearer & to allow clients to pass in pointers to const values. MozReview-Commit-ID: HbF96YNfnSt
| * Bug 1361750 - Disable various MSVC 2017 warnings in PSM to unbreak ↵Cykesiopka2017-05-051-0/+12
| | | | | | | | | | | | | | | | | | | | | | --enable-warnings-as-errors builds. r=keeler MSVC 2017 headers aren't warning free at the -Wall level. Since PSM enables -Wall in some moz.build files, this breaks --enable-warnings-as-errors builds. As a temporary measure, disable enough warnings to get working builds. MozReview-Commit-ID: G0oUsAYYct2
| * bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcjDavid Keeler2017-04-039-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (adapted from bug 1349762 comment 0) Google Trust Services (GTS) recently purchased two roots from GlobalSign that are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC Root CA - R4". However, GTS does not have an EV audit, so we are going to turn off EV treatment for both of those root certificates. But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to be used to migrate their customers off dependence on that root. This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the chain. MozReview-Commit-ID: Ej9L9zTwoPN
| * Bug 1351779 - Removed unused variable 'loopDetected' from ↵Tim Taubert2017-03-291-3/+2
| | | | | | | | PathBuildingStep::Check() r=keeler
| * bug 1339921 - disable clang's shadowed field warning in a mozilla::pkix ↵David Keeler2017-03-141-0/+16
| | | | | | | | | | | | | | | | | | | | gtest class r=Cykesiopka,dholbert pkixocsp_VerifyEncodedResponse_GetCertTrust has a field trustDomain that deliberately shadows the field it inherits from so that code doesn't use it by accident. MozReview-Commit-ID: 1Y4W6sA7lHD
View Lorry Controller Status