| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nssCryptokiObject_Create r=ttaubert
Summary: add a null check in nssCryptokiObject_Create that seems to be necessary
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1438277
Differential Revision: https://phabricator.services.mozilla.com/D640
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code.
Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox.
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1424663
Differential Revision: https://phabricator.services.mozilla.com/D467
|
|
|
|
| |
PK11_ListCerts(PK11CertListAll) with p11-kit-trust.so, r=rrelyea
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fairly disruptive change, but mostly just mechanical. There are a few extra changes:
- I have renamed the TlsInspector* filters for consistency. This was purely mechanical.
- I renamed the SetPacketFilter function to just SetFilter. Also mechanical.
- TlsRecordFilter maintains a weak pointer reference to the TlsAgent now rather than using a bare pointer. This meant that I had to change TlsAgentTestBase to use shared_ptr rather than unique_ptr to support of use of filters with those tests.
- I removed the helper function that enables decryption. Enabling decryption is now more explicit.
- I ran a newer clang-format version and it fixed a few extra things, like the comments on the end of namespace {} blocks, some of which were wrong.
- I discovered a bug in some of the drop tests: in the 0-RTT tests, the filters were being installed on the client and server right at the start, which meant that they were capturing the first handshake and not the second one. This was clearly against intent, but the tests were mostly right still, it was only the expected ACKs that were wrong. We were expecting just one record to be ACKed by a server (Finished), but the record with EndOfEarlyData should have been acknowledged as well.
- In TlsSkipTest and Tls13SkipTest, I had to override SetUp() so that client_ and server_ are initialized prior to constructing filters. In doing so, I noticed that we weren't being consistent about overriding SetUp properly, so I fixed the small number of instances of that by adding an override label to each and marking the base method virtual.
- The stateless HRR test for TLS 1.3 compat mode was replacing the server, but expecting to retain the same filters. That wasn't a problem in that case, but I didn't want to have any places where the filter was set on a different agent from the one that was passed to it.
|
| |
|
|
|
|
|
|
| |
Crash in PK11_DoesMechanism due to race condition
fix additional race with reset.
r=mt
|
| |
|
|
|
|
| |
r=fkiefer
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Bug #: 1437810
Differential Revision: https://phabricator.services.mozilla.com/D591
|
|
|
|
| |
not just the key, r=rrelyea
|
|
|
|
|
| |
patch=jjelen
r=rrelyea
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
SIDs usage is pretty messy. In this patch I move all *sid to point to ss->sec.ci.sid (unless the SID is purely local to the function).
This allows us to free sids when uncaching them.
Reviewers: mt
Reviewed By: mt
Bug #: 1432144
Differential Revision: https://phabricator.services.mozilla.com/D517
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1434596
Differential Revision: https://phabricator.services.mozilla.com/D516
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D470
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: mt
Reviewed By: mt
Bug #: 1432748
Differential Revision: https://phabricator.services.mozilla.com/D436
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
We had an API for this in tests, but this formalizes it. Note that we
can't use SSL_OptionSet here, but I decided to use the structures.
Reviewers: ekr
Subscribers: mcmanus
Bug #: 1427556
Differential Revision: https://phabricator.services.mozilla.com/D344
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
I wrote Cryptol and SAW specs for Poly1305 that are able to verify our
implementations for a single input/key pair. The 128-bit multiplication isn't
verifiable as-is. It takes forever, almost literally. We would need to take
the HACL* approach and gently guide Z3 to link the mathematical spec to the
optimized spec.
Let's not do this now, let's just land the specs so we have them in the repo.
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1432431
Differential Revision: https://phabricator.services.mozilla.com/D430
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1432824
Differential Revision: https://phabricator.services.mozilla.com/D435
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D434
|
|
|
|
| |
value handling, r=kaie
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1367470
Differential Revision: https://phabricator.services.mozilla.com/D431
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1367470
Differential Revision: https://phabricator.services.mozilla.com/D412
|
|
|
|
| |
distracting summary lines, update expectation to release format of abidiff 1.10, r=jallmann
|
| |
|
|
|
|
| |
conclude failures, r=fkiefer
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1432113
Differential Revision: https://phabricator.services.mozilla.com/D426
|
|
|
|
|
|
|
|
| |
Reviewers: mt, ekr
Bug #: 1399439
Differential Revision: https://phabricator.services.mozilla.com/D284
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failures persistent. r=mt, wtc
Summary:
- Make any call to ssl3_GatherCompleteHandshake (which transitively
means any read from the wire) return PR_IO_ERROR if an alert has
been sent.
- Patch up a few of the tests to handle this new behavior properly.
These tests actually were a bit harder to follow so they should
also be a bit clearer.
- Add a new set of tests for certificate authentication failure.
Reviewers: mt
Differential Revision: https://phabricator.services.mozilla.com/D365
|
|
|
|
|
|
|
|
|
| |
Reviewers: mt
Bug #: 1427673
Differential Revision: https://phabricator.services.mozilla.com/D348
|
|
|
|
| |
client hello list, the NSS server sends an incorrect TLS alert, r=mt
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1431087
Differential Revision: https://phabricator.services.mozilla.com/D406
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1430582
Differential Revision: https://phabricator.services.mozilla.com/D388
|
| |
|
|
|
|
|
|
|
|
| |
Crash in PK11_DoesMechanism due to race condition
Fix is present race.
initial review r=rsleevi
second review r=kamel
|
|
|
|
| |
result code, r=franziskus
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This seems to trigger assertion failures in PR_Unlock across a number of
utilities. It seems intermittent and limited to win32 builds. It's also
possible that this is a latent bug, but right now the change is making things
noticeably worse.
|
| |
|
| |
|