summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Backout revision b33b017eede5, bug 1432144, r=franziskusNSS_3_36_BETA1Kai Engert2018-02-2716-211/+209
|
* Bug 1438277 - Be even more defensive about bad token implementations in ↵David Keeler2018-02-271-1/+1
| | | | | | | | | | | | | | nssCryptokiObject_Create r=ttaubert Summary: add a null check in nssCryptokiObject_Create that seems to be necessary Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1438277 Differential Revision: https://phabricator.services.mozilla.com/D640
* Bug 1424663 - vectorized ChaCha20 from HACL* for SSSE3 and ARM NEON, r=ttaubertFranziskus Kiefer2018-02-1920-413/+1136
| | | | | | | | | | | | | | Summary: This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code. Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox. Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1424663 Differential Revision: https://phabricator.services.mozilla.com/D467
* Bug 1439350, NSS 3.31 introduced a shutdown leak, after executing ↵Kai Engert2018-02-221-0/+2
| | | | PK11_ListCerts(PK11CertListAll) with p11-kit-trust.so, r=rrelyea
* Bug 1427675 - Template for common TlsRecordFilter instantiation pattern, r=ekrMartin Thomson2018-02-1422-291/+204
|
* Bug 1427675 - Add TlsAgent argument to TlsRecordFilter, r=ekrMartin Thomson2018-01-0332-628/+733
| | | | | | | | | | | | | | | | | | | | This is a fairly disruptive change, but mostly just mechanical. There are a few extra changes: - I have renamed the TlsInspector* filters for consistency. This was purely mechanical. - I renamed the SetPacketFilter function to just SetFilter. Also mechanical. - TlsRecordFilter maintains a weak pointer reference to the TlsAgent now rather than using a bare pointer. This meant that I had to change TlsAgentTestBase to use shared_ptr rather than unique_ptr to support of use of filters with those tests. - I removed the helper function that enables decryption. Enabling decryption is now more explicit. - I ran a newer clang-format version and it fixed a few extra things, like the comments on the end of namespace {} blocks, some of which were wrong. - I discovered a bug in some of the drop tests: in the 0-RTT tests, the filters were being installed on the client and server right at the start, which meant that they were capturing the first handshake and not the second one. This was clearly against intent, but the tests were mostly right still, it was only the expected ACKs that were wrong. We were expecting just one record to be ACKed by a server (Finished), but the record with EndOfEarlyData should have been acknowledged as well. - In TlsSkipTest and Tls13SkipTest, I had to override SetUp() so that client_ and server_ are initialized prior to constructing filters. In doing so, I noticed that we weren't being consistent about overriding SetUp properly, so I fixed the small number of instances of that by adding an override label to each and marking the base method virtual. - The stateless HRR test for TLS 1.3 compat mode was replacing the server, but expecting to retain the same filters. That wasn't a problem in that case, but I didn't want to have any places where the filter was set on a different agent from the one that was passed to it.
* Bug 1437734 - Use snprintf in sign.c, r=ttaubertMartin Thomson2018-02-131-10/+48
|
* bug 1054373Robert Relyea2018-02-143-7/+26
| | | | | | Crash in PK11_DoesMechanism due to race condition fix additional race with reset. r=mt
* Bug 1346932 - set -std=gnu99 on BSDs too in lib/freebl, r=franziskusLandry Breuil2018-02-092-1/+6
|
* bug 1429651 NIST no longer requires the continuous PRNG test. It can be removed.Robert Relyea2018-02-131-14/+1
| | | | r=fkiefer
* Bug 1437810 - Update Bogo tests to latest BoringSSL revision, r=franziskusJonas Allmann2018-02-132-1/+64
| | | | | | | | Reviewers: franziskus Bug #: 1437810 Differential Revision: https://phabricator.services.mozilla.com/D591
* Bug 1429393, Clarify certutil docs/help that -F deletes both cert and key, ↵Kai Engert2018-02-132-4/+4
| | | | not just the key, r=rrelyea
* Bug 1333725 Fix always authenticate issues with tokens.Robert Relyea2018-02-121-1/+1
| | | | | patch=jjelen r=rrelyea
* Bug 1426602 - Remove certcgi command from NSS - r=franziskus,kaieJonathan Kingston2017-12-2113-4031/+0
|
* Bug 1432144 - clean-up sid handling, r=mtFranziskus Kiefer2018-02-0716-209/+211
| | | | | | | | | | | | | | Summary: SIDs usage is pretty messy. In this patch I move all *sid to point to ss->sec.ci.sid (unless the SID is purely local to the function). This allows us to free sids when uncaching them. Reviewers: mt Reviewed By: mt Bug #: 1432144 Differential Revision: https://phabricator.services.mozilla.com/D517
* Bug 1434596 - Disable Taskcluster failure notification emails r=franziskusTim Taubert2018-01-311-2/+3
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1434596 Differential Revision: https://phabricator.services.mozilla.com/D516
* Bug 1433644 - sid uncache hotfix, r=ttaubertFranziskus Kiefer2018-01-291-4/+6
| | | | Differential Revision: https://phabricator.services.mozilla.com/D470
* Bug 1432748 - make clang-format happyFranziskus Kiefer2018-01-291-3/+1
|
* Bug 1432748 - don't export resumption token when client auth was used, r=mtFranziskus Kiefer2018-01-296-39/+38
| | | | | | | | | | Reviewers: mt Reviewed By: mt Bug #: 1432748 Differential Revision: https://phabricator.services.mozilla.com/D436
* Bug 1427556 - API for setting max_early_data_size, r=ekrMartin Thomson2018-01-2310-41/+64
| | | | | | | | | | | | | | Summary: We had an API for this in tests, but this formalizes it. Note that we can't use SSL_OptionSet here, but I decided to use the structures. Reviewers: ekr Subscribers: mcmanus Bug #: 1427556 Differential Revision: https://phabricator.services.mozilla.com/D344
* Bug 1432431 - Land Cryptol/SAW specs for Poly1305 r=franziskusTim Taubert2018-01-264-0/+434
| | | | | | | | | | | | | | | | | | | Summary: I wrote Cryptol and SAW specs for Poly1305 that are able to verify our implementations for a single input/key pair. The 128-bit multiplication isn't verifiable as-is. It takes forever, almost literally. We would need to take the HACL* approach and gently guide Z3 to link the mathematical spec to the optimized spec. Let's not do this now, let's just land the specs so we have them in the repo. Reviewers: franziskus Reviewed By: franziskus Bug #: 1432431 Differential Revision: https://phabricator.services.mozilla.com/D430
* Bug 1432824 - Add clang-5.0 extra build to Taskcluster r=franziskusTim Taubert2018-01-266-59/+63
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1432824 Differential Revision: https://phabricator.services.mozilla.com/D435
* Bug 1432820 - coverity issues from bug 1399439, r=mtFranziskus Kiefer2018-01-241-3/+10
| | | | Differential Revision: https://phabricator.services.mozilla.com/D434
* Bug 1432460, Silence false positive ABI warnings, fix abidiff/grep return ↵Jonas Allmann2018-01-231-1/+4
| | | | value handling, r=kaie
* Bug 1367470 - Fix ABI check for taskcluster follow-up, r=franziskusJonas Allmann2018-01-232-3/+7
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1367470 Differential Revision: https://phabricator.services.mozilla.com/D431
* Bug 1367470 - ABI check for taskcluster, r=franziskusJonas Allmann2018-01-234-1/+193
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1367470 Differential Revision: https://phabricator.services.mozilla.com/D412
* Bug 1432460, Silence false positive ABI warnings in NSS 3.36, filter ↵Kai Engert2018-01-232-5/+7
| | | | distracting summary lines, update expectation to release format of abidiff 1.10, r=jallmann
* Bug 1432455, Build Hacl_Poly1305_64.o on AArch64 even with make, r=fkieferDaiki Ueno2018-01-231-1/+6
|
* Bug 1432448, buildbot script should check for word-only matches of FAILED to ↵Kai Engert2018-01-231-1/+1
| | | | conclude failures, r=fkiefer
* bug 1431087, Always print logfiles on Interop failure, r=ttaubertKai Engert2018-01-231-1/+6
|
* Bug 1432113 - Fix docker-saw image r=franziskusTim Taubert2018-01-222-1/+5
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1432113 Differential Revision: https://phabricator.services.mozilla.com/D426
* Bug 1399439 - API for external TLS session caches, r=mtFranziskus Kiefer2018-01-1624-193/+1499
| | | | | | | | Reviewers: mt, ekr Bug #: 1399439 Differential Revision: https://phabricator.services.mozilla.com/D284
* Bug 1429475: Tests for delayed failure and be more aggressive about making ↵EKR2018-01-098-25/+122
| | | | | | | | | | | | | | | | | | | | failures persistent. r=mt, wtc Summary: - Make any call to ssl3_GatherCompleteHandshake (which transitively means any read from the wire) return PR_IO_ERROR if an alert has been sent. - Patch up a few of the tests to handle this new behavior properly. These tests actually were a bit harder to follow so they should also be a bit clearer. - Add a new set of tests for certificate authentication failure. Reviewers: mt Differential Revision: https://phabricator.services.mozilla.com/D365
* Bug 1427673 - Fix NULL pointer to PORT_Memcpy(). r=mtEKR2018-01-021-1/+4
| | | | | | | | | Reviewers: mt Bug #: 1427673 Differential Revision: https://phabricator.services.mozilla.com/D348
* Bug 1413634, If TLS server has no signature algorithm overlap with the ↵Kai Engert2018-01-183-2/+19
| | | | client hello list, the NSS server sends an incorrect TLS alert, r=mt
* Bug 1431087 - Interop tests fail due to changes in dependencies r=franziskusTim Taubert2018-01-181-1/+2
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1431087 Differential Revision: https://phabricator.services.mozilla.com/D406
* Backed out changeset fa1f3948cb00Martin Thomson2018-01-1710-64/+41
|
* Bug 1428928 - Move SSL_TRC call for bad extension, r=franziskusMartin Thomson2018-01-022-3/+2
|
* Bug 1427556 - API for setting max_early_data_size, r?ekrMartin Thomson2018-01-0210-41/+64
|
* Bug 1430582 - Follow-up to define a default for emit_llvm r=bustageTim Taubert2018-01-161-0/+1
|
* Bug 1430582 - Add Cryptol/SAW runs to Taskcluster r=franziskusTim Taubert2018-01-1613-3/+564
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1430582 Differential Revision: https://phabricator.services.mozilla.com/D388
* Bug 1422843, Silence false positive ABI warnings in NSS 3.35, patch B, r=fkieferKai Engert2018-01-161-0/+28
|
* Bug 1054373Robert Relyea2018-01-153-18/+64
| | | | | | | | Crash in PK11_DoesMechanism due to race condition Fix is present race. initial review r=rsleevi second review r=kamel
* Bug 1423145, fix NSS buildbot ABI check, look at individual bits of abidiff ↵Kai Engert2018-01-121-2/+36
| | | | result code, r=franziskus
* Set version numbers to 3.36 BetaFranziskus Kiefer2018-01-116-18/+7
|
* Bug 1427276 - Fix sdb to handle UTF-8 paths correctly on Windows. r=fkieferMasatoshi Kimura2017-12-297-16/+327
|
* Bug 1427921 - RSA-PSS codepoints for TLS 1.3 draft-23, r=ekrMartin Thomson2018-01-0510-73/+92
|
* Backed out changeset 272dde8958e9Martin Thomson2018-01-053-55/+14
| | | | | | | This seems to trigger assertion failures in PR_Unlock across a number of utilities. It seems intermittent and limited to win32 builds. It's also possible that this is a latent bug, but right now the change is making things noticeably worse.
* Bug 1427921 - Update to TLS 1.3 draft-23, r=ekrMartin Thomson2018-01-045-5/+10
|
* Bug 1427977, January 2018 batch of root CA changes, r=kwilsonKai Engert2018-01-042-628/+4
|
View Lorry Controller Status