summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix clang issues.relyeaRobert Relyea2018-07-031-92/+102
|
* close-relyea-branchRobert Relyea2018-07-030-0/+0
|
* /cmd/fipstest needs KAS tests for ECC and DHRobert Relyea2018-07-023-45/+1065
| | | | | r= kai Bug 1444148
* Bug 1447816 - Fix assignment where a comparison intended r=mtJ.C. Jones2018-03-221-1/+1
| | | | | | | | | | | | | | Summary: Coverity found an unintended assignment in dtls_GatherData in a PORT_Assert, which is only evaluated in debug builds. Reviewers: mt Reviewed By: mt Bug #: 1447816 Differential Revision: https://phabricator.services.mozilla.com/D787
* Bug 1447825 - Check sslBuffer_Append in ssl_CallCustomExtensionSenders r=mtJ.C. Jones2018-03-211-1/+5
| | | | | | Coverity caught that one use of sslBuffer_Append doesn't check the return, which is abnormal. Since cleanup is the same either way, it's a matter for OOM propagation. This adds the check in a minimal way.
* Bug 1446643 - Update to TLS 1.3 draft-26. r=mtEKR2018-03-1516-120/+300
| | | | | | | | | | | | | - Update version number - Forbid negotiating < TLS 1.3 with supported_versions - Change to version number 0303 after HRR. Plus test - Update AAD. https://phabricator.services.mozilla.com/D753
* Bug 1427675 - Short header for DTLS 1.3, r=ekrMartin Thomson2018-03-1624-311/+724
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: The code changes here are relatively straightforward, though there are a few changes of note: * To make read and write more consistent, I changed `seqNum` on ssl3CipherSpec `nextSeqNum`. The write side didn't change, but the read side previously saved the last sequence number in that slot. This makes the sequence number recovery simpler and makes the code easier to reason able as a whole. * SSL3Ciphertext now it holds the raw header and no longer has a type field. Passing the raw header through allows ssl3_HandleRecord and the functions that it calls to recover the sequence number. I considered doing the recovery in the gather functions, which used to recover the sequence number, but they don't have access to the cipher spec. * Record construction now works in order: the header is written out first, with the length filled in after encryption. This uses sslBuffer in a way more consistent with other functions. * The hack where a cText of NULL was passed to ssl3_HandleRecord in order to have it handle the outstanding handshake message from the receive buffer was removed. In addition to teaching TlsRecordFilter about the agent that it is operating with (in a separate CL), there are several changes to tests: * We previously relied on the epoch and sequence number being properly encoded for DTLS records, so the sequence number reconstruction (used when we decrypt and re-encrypt) was invalid. I restored the epoch to this field when doing DTLS. * TlsRecordHeader no longer stores the wire format of the version, it includes a variant and non-wire version. * TlsRecordHeader needs to know whether it is parsing DTLS 1.3, so TlsRecordFilter passes that info to it after asking the agent. * TlsRecordHeader writes out DTLS 1.3 records in the 7 octet form always. It can read the 2 octet header, using logic similar to that used by the main code, but it won't ever write that form. * TlsAgentTestBase::MakeRecord also writes the 7 octet header. * I parameterized the record drop tests so that I could test out of order delivery and various patterns with the short header. This revealed some issues, including one good one. I had a neat underflow bug that can happen near zero, which leads to ridiculously large sequence numbers being incorrectly assumed by a receiver. This includes fuzzing-specific changes to account for the fact that fuzzing operates at the record layer, which is inconvenient for this change. Ideally, we should change the fuzzing code so that only the core cipher parts are changed (that is, ssl3CipherSpec->cipher and ssl3CipherSpec->aead). That will have to wait for another day. Reviewers: ekr Reviewed By: ekr Bug #: 1427675 Differential Revision: https://phabricator.services.mozilla.com/D554
* Bug 1445989, Don't skip ECC tests in ssl.sh, r=kaieDaiki Ueno2018-03-151-69/+53
|
* Bug 1446100: Add range-check & cast to PR_Write result, to address build ↵Daniel Holbert2018-03-151-1/+1
| | | | warning. r=kaie
* Bug 1441219 - always compile FStar to have it available on 32-bit non-intel ↵Franziskus Kiefer2018-03-151-2/+2
| | | | | | platforms, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D735
* Bug 1444960, Exercise SSL tests which only run under non-FIPS, r=kaieDaiki Ueno2018-03-121-1/+1
|
* Bug 1443400 - Don't use getauxval() when not available, r=franziskusJan Beich2018-03-091-3/+27
|
* Bug 1413596, Preserve private-key info in PKCS #8 when wrappingDaiki Ueno2018-03-0813-7/+179
| | | | | | | | | | | | | | | | | | Summary: Previously, NSS dropped PKCS #8 PrivateKeyInfo when importing a private key from a PKCS #12 file. This patch attaches the corresponding CKA_PUBLIC_KEY_INFO attribute to a private key when unwrapping it (see PKCS #11 v2.40 4.9). When wrapping it again, the attribute is restored in the encrypted PrivateKeyInfo. Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1413596 Differential Revision: https://phabricator.services.mozilla.com/D198
* Bug 1443799 - Update BoGo to a runner that supports draft-23 r=franziskusTim Taubert2018-03-083-2/+10
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1443799 Differential Revision: https://phabricator.services.mozilla.com/D696
* Bug 1443759 - Fix clang-format bustage r=meTim Taubert2018-03-071-4/+3
|
* Bug 1443759 - Fix our BoGo shim's signing-prefs switch r=franziskusTim Taubert2018-03-071-1/+1
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1443759 Differential Revision: https://phabricator.services.mozilla.com/D692
* Bug 1443136 - Fix build and clang-format bustage r=meTim Taubert2018-03-062-6/+7
|
* Bug 1443136 - Add support for signature scheme preferences in BoGo ↵Tim Taubert2018-03-065-20/+76
| | | | | | | | | | | | r=franziskus,ekr Reviewers: franziskus, ekr Reviewed By: franziskus Bug #: 1443136 Differential Revision: https://phabricator.services.mozilla.com/D676
* Bug 1424663 - update HACL* version, r=ttaubertFranziskus Kiefer2018-03-062-19/+13
| | | | | | Unbreak VS2015 32-bit, see bug 1442554. Differential Revision: https://phabricator.services.mozilla.com/D678
* Bug 1441219 - HACL* poly1305 32-bit, r=ttaubertFranziskus Kiefer2018-02-2610-1284/+721
| | | | Differential Revision: https://phabricator.services.mozilla.com/D649
* Bug 1439226 - update HACL*, r=ttaubertFranziskus Kiefer2018-03-012-1/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D662
* Bug 1309068 - clang-format, a=bustageMartin Thomson2018-03-017-44/+26
|
* Bug 1438426 - Avoid stringop-truncation warning, r=franziskusMartin Thomson2018-02-151-1/+1
|
* Bug 1309068 - Enable -Wshadow, r=franziskusMartin Thomson2018-02-1470-591/+569
|
* Bug 1441793 - Fix interop tests to default to IPv6 r=franziskusTim Taubert2018-02-281-1/+1
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1441793 Differential Revision: https://phabricator.services.mozilla.com/D656
* Bug 1441573 - Make BoGo shim use IPv6 by default and IPv4 as fallback ↵Tim Taubert2018-02-282-66/+11
| | | | | | | | | | | | r=franziskus Reviewers: franziskus Reviewed By: franziskus Bug #: 1441573 Differential Revision: https://phabricator.services.mozilla.com/D655
* set NSS trunk version number to 3.37 betaKai Engert2018-02-285-35/+7
|
* Bug 1429591, reverting the part of my previous commit that was unnecessary, ↵Kai Engert2018-02-272-2/+2
| | | | and which introduced a bad ABI change.
* Bug 1429591, Importing a certificate with CERT_ImportCerts to an NSS SQL db ↵Robert Relyea2018-02-273-2/+16
| | | | doesn't associate it to the existing private key, r=kaie
* Bug 1438266 - Disable SupportedVersionSelection-TLS12 BoGo test to fix ↵Tim Taubert2018-02-271-0/+1
| | | | | | | | | | | | bustage r=franziskus Reviewers: franziskus Reviewed By: franziskus Bug #: 1438266 Differential Revision: https://phabricator.services.mozilla.com/D650
* Added tag NSS_3_36_BETA2 for changeset 3570602e2812Kai Engert2018-02-270-0/+0
| | | | DONTBUILD
* NSS 3.36 depends on NSPR 4.19, r=meNSS_3_36_BETA2Kai Engert2018-02-271-1/+1
| | | | DONTBUILD
* Added tag NSS_3_36_BETA1 for changeset f9e336b12cb4Kai Engert2018-02-270-0/+0
| | | | DONTBUILD
* Backout revision b33b017eede5, bug 1432144, r=franziskusNSS_3_36_BETA1Kai Engert2018-02-2716-211/+209
|
* Bug 1438277 - Be even more defensive about bad token implementations in ↵David Keeler2018-02-271-1/+1
| | | | | | | | | | | | | | nssCryptokiObject_Create r=ttaubert Summary: add a null check in nssCryptokiObject_Create that seems to be necessary Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1438277 Differential Revision: https://phabricator.services.mozilla.com/D640
* Bug 1424663 - vectorized ChaCha20 from HACL* for SSSE3 and ARM NEON, r=ttaubertFranziskus Kiefer2018-02-1920-413/+1136
| | | | | | | | | | | | | | Summary: This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code. Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox. Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1424663 Differential Revision: https://phabricator.services.mozilla.com/D467
* Bug 1439350, NSS 3.31 introduced a shutdown leak, after executing ↵Kai Engert2018-02-221-0/+2
| | | | PK11_ListCerts(PK11CertListAll) with p11-kit-trust.so, r=rrelyea
* Bug 1427675 - Template for common TlsRecordFilter instantiation pattern, r=ekrMartin Thomson2018-02-1422-291/+204
|
* Bug 1427675 - Add TlsAgent argument to TlsRecordFilter, r=ekrMartin Thomson2018-01-0332-628/+733
| | | | | | | | | | | | | | | | | | | | This is a fairly disruptive change, but mostly just mechanical. There are a few extra changes: - I have renamed the TlsInspector* filters for consistency. This was purely mechanical. - I renamed the SetPacketFilter function to just SetFilter. Also mechanical. - TlsRecordFilter maintains a weak pointer reference to the TlsAgent now rather than using a bare pointer. This meant that I had to change TlsAgentTestBase to use shared_ptr rather than unique_ptr to support of use of filters with those tests. - I removed the helper function that enables decryption. Enabling decryption is now more explicit. - I ran a newer clang-format version and it fixed a few extra things, like the comments on the end of namespace {} blocks, some of which were wrong. - I discovered a bug in some of the drop tests: in the 0-RTT tests, the filters were being installed on the client and server right at the start, which meant that they were capturing the first handshake and not the second one. This was clearly against intent, but the tests were mostly right still, it was only the expected ACKs that were wrong. We were expecting just one record to be ACKed by a server (Finished), but the record with EndOfEarlyData should have been acknowledged as well. - In TlsSkipTest and Tls13SkipTest, I had to override SetUp() so that client_ and server_ are initialized prior to constructing filters. In doing so, I noticed that we weren't being consistent about overriding SetUp properly, so I fixed the small number of instances of that by adding an override label to each and marking the base method virtual. - The stateless HRR test for TLS 1.3 compat mode was replacing the server, but expecting to retain the same filters. That wasn't a problem in that case, but I didn't want to have any places where the filter was set on a different agent from the one that was passed to it.
* Bug 1437734 - Use snprintf in sign.c, r=ttaubertMartin Thomson2018-02-131-10/+48
|
* bug 1054373Robert Relyea2018-02-143-7/+26
| | | | | | Crash in PK11_DoesMechanism due to race condition fix additional race with reset. r=mt
* Bug 1346932 - set -std=gnu99 on BSDs too in lib/freebl, r=franziskusLandry Breuil2018-02-092-1/+6
|
* bug 1429651 NIST no longer requires the continuous PRNG test. It can be removed.Robert Relyea2018-02-131-14/+1
| | | | r=fkiefer
* Bug 1437810 - Update Bogo tests to latest BoringSSL revision, r=franziskusJonas Allmann2018-02-132-1/+64
| | | | | | | | Reviewers: franziskus Bug #: 1437810 Differential Revision: https://phabricator.services.mozilla.com/D591
* Bug 1429393, Clarify certutil docs/help that -F deletes both cert and key, ↵Kai Engert2018-02-132-4/+4
| | | | not just the key, r=rrelyea
* Bug 1333725 Fix always authenticate issues with tokens.Robert Relyea2018-02-121-1/+1
| | | | | patch=jjelen r=rrelyea
* Bug 1426602 - Remove certcgi command from NSS - r=franziskus,kaieJonathan Kingston2017-12-2113-4031/+0
|
* Bug 1432144 - clean-up sid handling, r=mtFranziskus Kiefer2018-02-0716-209/+211
| | | | | | | | | | | | | | Summary: SIDs usage is pretty messy. In this patch I move all *sid to point to ss->sec.ci.sid (unless the SID is purely local to the function). This allows us to free sids when uncaching them. Reviewers: mt Reviewed By: mt Bug #: 1432144 Differential Revision: https://phabricator.services.mozilla.com/D517
* Bug 1434596 - Disable Taskcluster failure notification emails r=franziskusTim Taubert2018-01-311-2/+3
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1434596 Differential Revision: https://phabricator.services.mozilla.com/D516
* Bug 1433644 - sid uncache hotfix, r=ttaubertFranziskus Kiefer2018-01-291-4/+6
| | | | Differential Revision: https://phabricator.services.mozilla.com/D470
View Lorry Controller Status