| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Remove support for RSAE in delegated credentials (both in DC signatures and SPKIs), add SignatureScheme list functionality to initial DC extension.
Differential Revision: https://phabricator.services.mozilla.com/D65252
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://phabricator.services.mozilla.com/D59412
When testing Bug 1608245, I realized that I had inadvertently broken
fipstest.c's handling of KI and KI_len. This lead to it passing bogus
keys (with unusually large lengths exceeding the bounds of sizeof KI)
to kbkdf_Dispatch(...).
This uses Bob Relyea's suggestion on how to handle this: detect the
size of KI when processing the mech selection, storing KI_len there.
This simplifies reading of the KI value in later code.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch by cipherboy, review by kjacobs.
https://phabricator.services.mozilla.com/D59409
Per Bug 1607955, the KBKDF code introduced in Bug 1599603 confused
Coverity with a elided NULL check on sftk_SlotFromSessionHandle(...).
While Coverity is incorrect (and the behavior is fine as-is), it isn't
consistent with the KBKDF code's handling of sftk_SessionFromHandle(...)
(which is NULL checked).
This brings these two call sites into internal consistency.
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D66130
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D66122
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D64863
|
|
|
|
|
|
|
|
| |
DTLS supported_versions. r=mt
Add an experimental function for enabling a DTLS 1.3 supported_versions compatibility workaround.
Differential Revision: https://phabricator.services.mozilla.com/D65735
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Some build environment doesn't provide <sys/auxv.h> and this causes
build failure, so let's check if that header exists by using
__has_include() helper.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
|
|
|
|
| |
https://bugzilla.mozilla.org/show_bug.cgi?id=1618400
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chacha20Poly1305. r=kjacobs
***
Bug 1612493 - Import AVX2 code from HACL*
***
Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE
***
Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp
***
Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2
***
Bug 1612493 - Disable tests when the platform doesn't have support for AVX2
Differential Revision: https://phabricator.services.mozilla.com/D64718
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=kjacobs
***
Bug 1617533 - Clang format
***
Bug 1617533 - Update HACL* commit for job in Taskcluster
***
Bug 1617533 - Update HACL* Kremlin code
Differential Revision: https://phabricator.services.mozilla.com/D63829
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the DTLS 1.3 implementation to draft-34. Notable changes:
1) Key separation via `ssl_protocol_variant`.
2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`.
3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters).
4) Parameterize masking tests, as appropriate.
5) Reject non-empty legacy_cookie, and test.
6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`).
Differential Revision: https://phabricator.services.mozilla.com/D62488
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D63771
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D63688
|
|
|
|
|
|
| |
Verify that when clamping, the upper 4 bytes of an `mp_digit` is checked.
Differential Revision: https://phabricator.services.mozilla.com/D58576
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D62999
|
|
|
|
|
|
|
|
| |
extension r=mt
This patch modifies `supported_versions` encodings to reflect DTLS versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include `[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd, 0xfeff]`, causing compatibility issues.
Differential Revision: https://phabricator.services.mozilla.com/D62963
|
|
|
|
| |
enable NEON code generation.
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D62676
|
|
|
|
|
|
|
|
| |
ssl_DecodeResumptionToken. r=mt
This patch adds a missing `PORT_Free()` when reallocating `sid->PeerID`, and adds a test for a non-empty PeerID.
Differential Revision: https://phabricator.services.mozilla.com/D62653
|
|
|
|
|
|
| |
is safe to call r=jcj,kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D61931
|
|
|
|
|
|
| |
Fixes a regression from Bug 1582169
../../lib/sysinit/nsssysinit.c:153:1: error: ‘getFIPSEnv’ defined but not used [-Werror=unused-function]
|
|
|
|
|
|
| |
enabled on build r=jcj,rrelyea
Differential Revision: https://phabricator.services.mozilla.com/D61236
|
|
|
|
| |
r=rrelyea
|
|
|
|
|
|
| |
AES-NI intrinsics r=kjacobs
https://phabricator.services.mozilla.com/D60699
|
| |
|
|
|
|
|
|
|
|
| |
NSS_DISABLE_DBM is set r=mt
Remove `lgglue` from compilation entirely if DBM is disabled
Differential Revision: https://phabricator.services.mozilla.com/D61759
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D61380
|
|
|
|
|
|
|
|
| |
At the moment NSS assumes that every PowerPC64 architecture supports
Altivec but it's not true and this leads to build failure. So add
NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for
gyp) to disable Altivec extension on PowerPC build that don't support
Altivec.
|
| |
|
|
|
|
|
|
| |
FreeBSD has elf_aux_info instead of getauxval, but only since FreeBSD 12. Previous versions (11 is still supported) don't have any equivalent and users need to query sysctl manually.
Differential Revision: https://phabricator.services.mozilla.com/D56712
|
|
|
|
|
| |
Implement `getauxval` via `elf_aux_info` to avoid code duplication.
`AT_HWCAP*` can be used on powerpc* and riscv64 as well.
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D58500
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D58499
|
|
|
|
|
|
| |
to PBKDF2 hash). r=kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D60739
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implementation is available. r=mt
AES-NI is currently not used for //CBC// or //ECB decrypt// when an assembly implementation (`intel-aes.s` or `intel-aes-x86/64-masm.asm`) is not available. Concretely, this is the case on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch adds the plumbing to use AES-NI intrinsics when available.
Before:
```
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb
aes_cbc_e 78Mb 256 10T 0 0.000 392.000 0.393 198Mb
aes_cbc_d 78Mb 256 10T 0 0.000 425.000 0.425 183Mb
```
After:
```
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb
aes_cbc_e 78Mb 256 10T 0 0.000 94.000 0.094 831Mb
aes_cbc_d 78Mb 256 10T 0 0.000 74.000 0.075 1Gb
```
Differential Revision: https://phabricator.services.mozilla.com/D60195
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and CMAC tests r=franziskus
This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH:
ChaCha20: +141 tests
Curve25519: +431 tests
GCM: +39 tests
CBC (new): +183 tests
CMAC (new): +308 tests
P256 ECDH (new): +460 tests
Differential Revision: https://phabricator.services.mozilla.com/D57477
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D60236
|
|
|
|
| |
DONTBUILD
|