summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Backed out changeset b6677ae9067e (Bug 1612493) for Windows build failures.NSS_3_51_BETA2Kevin Jacobs2020-03-0316-1222/+1254
|
* Backed out changeset d5deac55f543Kevin Jacobs2020-03-0315-4593/+44
|
* Added tag NSS_3_51_BETA1 for changeset b17a367b83deKevin Jacobs2020-03-020-0/+0
|
* Bug 1614183 - Fixup, clang-format. r=meNSS_3_51_BETA1Kevin Jacobs2020-03-021-0/+2
|
* Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>). r=kjacobsGiulio Benetti2020-03-021-0/+10
| | | | | | | | Some build environment doesn't provide <sys/auxv.h> and this causes build failure, so let's check if that header exists by using __has_include() helper. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
* Bug 1618400 - Fix unused variable 'getauxval' on OpenBSD/arm64 r=jcjKurt Miller2020-03-021-1/+1
| | | | https://bugzilla.mozilla.org/show_bug.cgi?id=1618400
* Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and ↵Benjamin Beurdouche2020-02-2815-44/+4593
| | | | | | | | | | | | | | | | | Chacha20Poly1305. r=kjacobs *** Bug 1612493 - Import AVX2 code from HACL* *** Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE *** Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp *** Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2 *** Bug 1612493 - Disable tests when the platform doesn't have support for AVX2 Differential Revision: https://phabricator.services.mozilla.com/D64718
* Bug 1617533 - Update of HACL* after libintvector.h and coding style changes. ↵Benjamin Beurdouche2020-02-2816-1254/+1222
| | | | | | | | | | | | | | | r=kjacobs *** Bug 1617533 - Clang format *** Bug 1617533 - Update HACL* commit for job in Taskcluster *** Bug 1617533 - Update HACL* Kremlin code Differential Revision: https://phabricator.services.mozilla.com/D63829
* Bug 1608892 - Update DTLS 1.3 to draft-34 r=mtKevin Jacobs2020-02-2720-245/+476
| | | | | | | | | | | | | This patch updates the DTLS 1.3 implementation to draft-34. Notable changes: 1) Key separation via `ssl_protocol_variant`. 2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`. 3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters). 4) Parameterize masking tests, as appropriate. 5) Reject non-empty legacy_cookie, and test. 6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`). Differential Revision: https://phabricator.services.mozilla.com/D62488
* Bug 1617387 fix compiler warning r=jcjJean-Luc Bonnafoux2020-02-241-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D63771
* Bug 1612259 - Add Wycheproof vectors for P384 and P521 ECDH. r=bbeurdoucheKevin Jacobs2020-02-246-13/+47545
| | | | Differential Revision: https://phabricator.services.mozilla.com/D63688
* Bug 1609751 - Additional tests for mp_comba r=mtKevin Jacobs2020-02-192-0/+52
| | | | | | Verify that when clamping, the upper 4 bytes of an `mp_digit` is checked. Differential Revision: https://phabricator.services.mozilla.com/D58576
* Bug 1561337: fix compiler warning r=jcjJean-Luc Bonnafoux2020-02-191-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D62999
* Bug 1615208 - Send DTLS version numbers in DTLS 1.3 supported_versions ↵Kevin Jacobs2020-02-186-17/+90
| | | | | | | | extension r=mt This patch modifies `supported_versions` encodings to reflect DTLS versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include `[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd, 0xfeff]`, causing compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D62963
* Bug 1612177 - Set -march=armv7 when compiling gcm-arm32-neon, in order to ↵Mikael Urankar2020-02-122-1/+2
| | | | enable NEON code generation.
* Bug 1431940 - remove dereference before NULL check in BLAKE2B code. r=kjacobsDmitry Baryshkov2020-02-142-8/+18
| | | | Differential Revision: https://phabricator.services.mozilla.com/D62676
* Bug 1614870 - Free sid->peerID before reallocating in ↵Kevin Jacobs2020-02-122-2/+36
| | | | | | | | ssl_DecodeResumptionToken. r=mt This patch adds a missing `PORT_Free()` when reallocating `sid->PeerID`, and adds a test for a non-empty PeerID. Differential Revision: https://phabricator.services.mozilla.com/D62653
* bug 1538980 - null-terminate ascii input in SECU_ReadDERFromFile so strstr ↵Dana Keeler2020-02-112-14/+24
| | | | | | is safe to call r=jcj,kjacobs Differential Revision: https://phabricator.services.mozilla.com/D61931
* Bug 1614786 - Fixup for ‘getFIPSEnv’ being unused r=kjacobsJ.C. Jones2020-02-111-1/+3
| | | | | | Fixes a regression from Bug 1582169 ../../lib/sysinit/nsssysinit.c:153:1: error: ‘getFIPSEnv’ defined but not used [-Werror=unused-function]
* Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not ↵Victor Tapia2020-02-112-0/+6
| | | | | | enabled on build r=jcj,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D61236
* Bug 1611209 - Value of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL are swapped ↵Robert Relyea2020-02-101-2/+2
| | | | r=rrelyea
* Bug 1610687 - Crash on unaligned CMACContext.aes.keySchedule when using ↵Robert Relyea2020-02-101-6/+7
| | | | | | AES-NI intrinsics r=kjacobs https://phabricator.services.mozilla.com/D60699
* Set version numbers to 3.51 betaJ.C. Jones2020-02-054-7/+7
|
* Bug 1609673 - Conditionally compile out all libnssdbm glue if ↵J.C. Jones2020-02-055-5/+38
| | | | | | | | NSS_DISABLE_DBM is set r=mt Remove `lgglue` from compilation entirely if DBM is disabled Differential Revision: https://phabricator.services.mozilla.com/D61759
* Bug 1612623 - NSS 3.50 should depend on NSPR 4.25. r=kjacobsNSS_3_50_BETA1Kai Engert2020-02-031-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D61380
* Bug 1608151 - Introduce NSS_DISABLE_ALTIVEC and disable_altivec r=jcjGiulio Benetti2020-01-275-3/+21
| | | | | | | | At the moment NSS assumes that every PowerPC64 architecture supports Altivec but it's not true and this leads to build failure. So add NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for gyp) to disable Altivec extension on PowerPC build that don't support Altivec.
* Bug 1602386 - clang-format r=bustageJ.C. Jones2020-01-271-3/+3
|
* Bug 1602386 - Fix build on FreeBSD/powerpc platforms. r=jcjPiotr Kubaj2020-01-272-2/+18
| | | | | | FreeBSD has elf_aux_info instead of getauxval, but only since FreeBSD 12. Previous versions (11 is still supported) don't have any equivalent and users need to query sysctl manually. Differential Revision: https://phabricator.services.mozilla.com/D56712
* Bug 1609181 - Detect ARM CPU features on FreeBSD. r=jcjJan Beich2020-01-271-0/+16
| | | | | Implement `getauxval` via `elf_aux_info` to avoid code duplication. `AT_HWCAP*` can be used on powerpc* and riscv64 as well.
* Bug 1547639 - Update zlib to 1.2.11, r=jcjMartin Thomson2020-01-2225-1755/+2873
| | | | Differential Revision: https://phabricator.services.mozilla.com/D58500
* Bug 1547639 - Automatic vendoring of zlib, r=jcjMartin Thomson2020-01-227-1016/+69
| | | | Differential Revision: https://phabricator.services.mozilla.com/D58499
* Bug 1606992 - Follow-up to also cache most recent PBKDF1 hash (in addition ↵Kai Engert2020-01-221-40/+114
| | | | | | to PBKDF2 hash). r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D60739
* Bug 1608493 - Use AES-NI intrinsics for CBC and ECB decrypt when no assembly ↵Kevin Jacobs2020-01-223-34/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | implementation is available. r=mt AES-NI is currently not used for //CBC// or //ECB decrypt// when an assembly implementation (`intel-aes.s` or `intel-aes-x86/64-masm.asm`) is not available. Concretely, this is the case on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch adds the plumbing to use AES-NI intrinsics when available. Before: ``` mode in symmkey opreps cxreps context op time(sec) thrgput aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb aes_cbc_e 78Mb 256 10T 0 0.000 392.000 0.393 198Mb aes_cbc_d 78Mb 256 10T 0 0.000 425.000 0.425 183Mb ``` After: ``` mode in symmkey opreps cxreps context op time(sec) thrgput aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb aes_cbc_e 78Mb 256 10T 0 0.000 94.000 0.094 831Mb aes_cbc_d 78Mb 256 10T 0 0.000 74.000 0.075 1Gb ``` Differential Revision: https://phabricator.services.mozilla.com/D60195
* Bug 1604596 - Update Wycheproof vectors and add support for CBC, P256-ECDH, ↵Kevin Jacobs2020-01-1627-4120/+49551
| | | | | | | | | | | | | | | and CMAC tests r=franziskus This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH: ChaCha20: +141 tests Curve25519: +431 tests GCM: +39 tests CBC (new): +183 tests CMAC (new): +308 tests P256 ECDH (new): +460 tests Differential Revision: https://phabricator.services.mozilla.com/D57477
* Bug 1606992 - Permit sftk_PBELockInit being called multiple times. r=kjacobsKai Engert2020-01-171-2/+3
| | | | Differential Revision: https://phabricator.services.mozilla.com/D60236
* Bug 1606992 - follow up to fix clang-format, whitespace only. rs=meKai Engert2020-01-171-7/+7
| | | | DONTBUILD
* Bug 1606992 - Follow-up to cleanup PBE cache code. r=kjacobsKai Engert2020-01-151-50/+67
| | | | Differential Revision: https://phabricator.services.mozilla.com/D59671
* Bug 1605314 - Compare all 8 bytes of an mp_digit when clamping in Windows ↵Kevin Jacobs2020-01-032-13/+13
| | | | | | | | assembly/mp_comba. r=mt Compare all 8 bytes of an `mp_digit` when clamping in Windows x64 assembly (mp_sqr/mp_mul). Also adds an assertion to ensure that the size of `mp_digit` matches implementation assumptions. Differential Revision: https://phabricator.services.mozilla.com/D58571
* Bug 1574643 - Check for AVX support before using vectorized ChaCha20 decrypt ↵Kevin Jacobs2020-01-151-1/+1
| | | | | | | | r=jcj The addition of an AVX support check in `ChaCha20Poly1305_Seal` seems to have stopped the Encrypt crashes on old Intel CPUs, however we're seeing new reports from `Hacl_Chacha20Poly1305_128_aead_decrypt` (which is called from `ChaCha20Poly1305_Open`). This needs an AVX check as well... Differential Revision: https://phabricator.services.mozilla.com/D60032
* Bug 1573911 - Add RSA Encryption test r=jcjKevin Jacobs2020-01-143-0/+79
| | | | | | Add a test for various sizes of RSA encryption input. Differential Revision: https://phabricator.services.mozilla.com/D41999
* Bug 1585429 - Add HKDF test vectors r=jcjKevin Jacobs2020-01-134-0/+287
| | | | | | Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC test vectors, as well as upper-bound length checks for the output key material. Differential Revision: https://phabricator.services.mozilla.com/D45434
* Bug 1608327 - Fixup for dc57fe5d65d4, add a default for softfp_cflags r=bustageJ.C. Jones2020-01-141-0/+1
|
* Bug 1607099 - Remove the buildbot configuration r=jcjSylvestre Ledru2020-01-144-635/+0
| | | | Differential Revision: https://phabricator.services.mozilla.com/D58725
* Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcjGreg V2020-01-141-11/+37
| | | | | | | | Environment checks are reogranized to be separate from platform code to make it impossible to forget to check disable_FEATURE on one platform but not the other. Differential Revision: https://phabricator.services.mozilla.com/D55386
* Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcjMike Hommey2020-01-146-16/+25
| | | | | | | | | | | | | | | | | | | | | | | | Despite the code having runtime detection of NEON and crypto extensions, the optimized code using those instructions is disabled at build time on platforms where the compiler doesn't enable NEON by default of with the flags it's given for the caller code. In the case of gcm, this goes as far as causing a build error. What is needed is for the optimized code to be enabled in every case, letting the caller code choose whether to use that code based on the existing runtime checks. But this can't be simply done either, because those optimized parts of the code need to be built with NEON enabled, unconditionally, but that is not compatible with platforms using the softfloat ABI. For those, we need to use the softfp ABI, which is compatible. However, the softfp ABI is not compatible with the hardfp ABI, so we also can't unconditionally use the softfp ABI, so we do so only when the compiler targets the softfloat ABI, which confusingly enough is advertized via the `__SOFTFP__` define. Differential Revision: https://phabricator.services.mozilla.com/D59451
* Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobsFranziskus Kiefer2020-01-1420-493/+197
| | | | | | | | | | This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. Differential Revision: https://phabricator.services.mozilla.com/D55414
* Bug 1574643 - haclv2 code r=kjacobsFranziskus Kiefer2019-12-2140-4877/+8620
| | | | | | This updates the in-tree version of our existing HACL* code to v2, replacing what we have already. Once this landed NSS can pick up more (faster) code from HACL*. Differential Revision: https://phabricator.services.mozilla.com/D55413
* Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded to ↵Kevin Jacobs2020-01-131-1/+1
| | | | | | | | | | python3 r=jcj [[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0 | Setuptools 45.0.0 ]] drops support for Python2, which our Windows workers are running. This patch installs the prior version during build, in order to unblock CI until the workers can be upgraded. Differential Revision: https://phabricator.services.mozilla.com/D59756
* Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed up ↵Kai Engert2020-01-112-1/+82
| | | | repeated SDR operations. r=jcj
* Bug 1599603 - Remove .orig files accidentally committed in ↵J.C. Jones2020-01-072-93534/+0
| | | | 4349f611f7b96de63934837d6940095ac1a5db33 r=bustage
View Lorry Controller Status