| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Some build environment doesn't provide <sys/auxv.h> and this causes
build failure, so let's check if that header exists by using
__has_include() helper.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
|
|
|
|
| |
https://bugzilla.mozilla.org/show_bug.cgi?id=1618400
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chacha20Poly1305. r=kjacobs
***
Bug 1612493 - Import AVX2 code from HACL*
***
Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE
***
Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp
***
Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2
***
Bug 1612493 - Disable tests when the platform doesn't have support for AVX2
Differential Revision: https://phabricator.services.mozilla.com/D64718
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=kjacobs
***
Bug 1617533 - Clang format
***
Bug 1617533 - Update HACL* commit for job in Taskcluster
***
Bug 1617533 - Update HACL* Kremlin code
Differential Revision: https://phabricator.services.mozilla.com/D63829
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the DTLS 1.3 implementation to draft-34. Notable changes:
1) Key separation via `ssl_protocol_variant`.
2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`.
3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters).
4) Parameterize masking tests, as appropriate.
5) Reject non-empty legacy_cookie, and test.
6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`).
Differential Revision: https://phabricator.services.mozilla.com/D62488
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D63771
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D63688
|
|
|
|
|
|
| |
Verify that when clamping, the upper 4 bytes of an `mp_digit` is checked.
Differential Revision: https://phabricator.services.mozilla.com/D58576
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D62999
|
|
|
|
|
|
|
|
| |
extension r=mt
This patch modifies `supported_versions` encodings to reflect DTLS versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include `[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd, 0xfeff]`, causing compatibility issues.
Differential Revision: https://phabricator.services.mozilla.com/D62963
|
|
|
|
| |
enable NEON code generation.
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D62676
|
|
|
|
|
|
|
|
| |
ssl_DecodeResumptionToken. r=mt
This patch adds a missing `PORT_Free()` when reallocating `sid->PeerID`, and adds a test for a non-empty PeerID.
Differential Revision: https://phabricator.services.mozilla.com/D62653
|
|
|
|
|
|
| |
is safe to call r=jcj,kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D61931
|
|
|
|
|
|
| |
Fixes a regression from Bug 1582169
../../lib/sysinit/nsssysinit.c:153:1: error: ‘getFIPSEnv’ defined but not used [-Werror=unused-function]
|
|
|
|
|
|
| |
enabled on build r=jcj,rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D61236
|
|
|
|
| |
r=rrelyea
|
|
|
|
|
|
| |
AES-NI intrinsics r=kjacobs
https://phabricator.services.mozilla.com/D60699
|
| |
|
|
|
|
|
|
|
|
| |
NSS_DISABLE_DBM is set r=mt
Remove `lgglue` from compilation entirely if DBM is disabled
Differential Revision: https://phabricator.services.mozilla.com/D61759
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D61380
|
|
|
|
|
|
|
|
| |
At the moment NSS assumes that every PowerPC64 architecture supports
Altivec but it's not true and this leads to build failure. So add
NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for
gyp) to disable Altivec extension on PowerPC build that don't support
Altivec.
|
| |
|
|
|
|
|
|
| |
FreeBSD has elf_aux_info instead of getauxval, but only since FreeBSD 12. Previous versions (11 is still supported) don't have any equivalent and users need to query sysctl manually.
Differential Revision: https://phabricator.services.mozilla.com/D56712
|
|
|
|
|
| |
Implement `getauxval` via `elf_aux_info` to avoid code duplication.
`AT_HWCAP*` can be used on powerpc* and riscv64 as well.
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D58500
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D58499
|
|
|
|
|
|
| |
to PBKDF2 hash). r=kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D60739
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implementation is available. r=mt
AES-NI is currently not used for //CBC// or //ECB decrypt// when an assembly implementation (`intel-aes.s` or `intel-aes-x86/64-masm.asm`) is not available. Concretely, this is the case on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch adds the plumbing to use AES-NI intrinsics when available.
Before:
```
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb
aes_cbc_e 78Mb 256 10T 0 0.000 392.000 0.393 198Mb
aes_cbc_d 78Mb 256 10T 0 0.000 425.000 0.425 183Mb
```
After:
```
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb
aes_cbc_e 78Mb 256 10T 0 0.000 94.000 0.094 831Mb
aes_cbc_d 78Mb 256 10T 0 0.000 74.000 0.075 1Gb
```
Differential Revision: https://phabricator.services.mozilla.com/D60195
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and CMAC tests r=franziskus
This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH:
ChaCha20: +141 tests
Curve25519: +431 tests
GCM: +39 tests
CBC (new): +183 tests
CMAC (new): +308 tests
P256 ECDH (new): +460 tests
Differential Revision: https://phabricator.services.mozilla.com/D57477
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D60236
|
|
|
|
| |
DONTBUILD
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D59671
|
|
|
|
|
|
|
|
| |
assembly/mp_comba. r=mt
Compare all 8 bytes of an `mp_digit` when clamping in Windows x64 assembly (mp_sqr/mp_mul). Also adds an assertion to ensure that the size of `mp_digit` matches implementation assumptions.
Differential Revision: https://phabricator.services.mozilla.com/D58571
|
|
|
|
|
|
|
|
| |
r=jcj
The addition of an AVX support check in `ChaCha20Poly1305_Seal` seems to have stopped the Encrypt crashes on old Intel CPUs, however we're seeing new reports from `Hacl_Chacha20Poly1305_128_aead_decrypt` (which is called from `ChaCha20Poly1305_Open`). This needs an AVX check as well...
Differential Revision: https://phabricator.services.mozilla.com/D60032
|
|
|
|
|
|
| |
Add a test for various sizes of RSA encryption input.
Differential Revision: https://phabricator.services.mozilla.com/D41999
|
|
|
|
|
|
| |
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC test vectors, as well as upper-bound length checks for the output key material.
Differential Revision: https://phabricator.services.mozilla.com/D45434
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D58725
|
|
|
|
|
|
|
|
| |
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one platform
but not the other.
Differential Revision: https://phabricator.services.mozilla.com/D55386
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite the code having runtime detection of NEON and crypto extensions,
the optimized code using those instructions is disabled at build time on
platforms where the compiler doesn't enable NEON by default of with the
flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every case,
letting the caller code choose whether to use that code based on the
existing runtime checks.
But this can't be simply done either, because those optimized parts of
the code need to be built with NEON enabled, unconditionally, but that
is not compatible with platforms using the softfloat ABI. For those,
we need to use the softfp ABI, which is compatible. However, the softfp
ABI is not compatible with the hardfp ABI, so we also can't
unconditionally use the softfp ABI, so we do so only when the compiler
targets the softfloat ABI, which confusingly enough is advertized via
the `__SOFTFP__` define.
Differential Revision: https://phabricator.services.mozilla.com/D59451
|
|
|
|
|
|
|
|
|
|
| |
This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
Differential Revision: https://phabricator.services.mozilla.com/D55414
|
|
|
|
|
|
| |
This updates the in-tree version of our existing HACL* code to v2, replacing what we have already. Once this landed NSS can pick up more (faster) code from HACL*.
Differential Revision: https://phabricator.services.mozilla.com/D55413
|
|
|
|
|
|
|
|
|
|
| |
python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0 | Setuptools 45.0.0 ]] drops support for Python2, which our Windows workers are running.
This patch installs the prior version during build, in order to unblock CI until the workers can be upgraded.
Differential Revision: https://phabricator.services.mozilla.com/D59756
|
|
|
|
| |
repeated SDR operations. r=jcj
|
|
|
|
| |
4349f611f7b96de63934837d6940095ac1a5db33 r=bustage
|