| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
The two exceptions will require a bit of work to remediate.
Differential Revision: https://phabricator.services.mozilla.com/D167650
|
|
|
|
|
|
| |
r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D158327
|
|
|
|
|
|
| |
r=djackson
Differential Revision: https://phabricator.services.mozilla.com/D171859
|
|
|
|
|
|
|
|
| |
This patch enables various compiler warnings in NSS, sourced from
`warnings.configure` in mozilla-central. Several checks were too noisy
to adopt and were already silenced in mozilla-central builds of NSS.
Differential Revision: https://phabricator.services.mozilla.com/D171580
|
| |
|
| |
|
|
|
|
| |
but something went out of wack. Back this change out of the tip
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D166506
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D165006
|
|
|
|
|
|
| |
r=nss-reviewers,djackson
Differential Revision: https://phabricator.services.mozilla.com/D142421
|
|
|
|
|
|
| |
sanitizer r=nss-reviewers,mt
Differential Revision: https://phabricator.services.mozilla.com/D135764
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,bbeurdouche
The patch now introduces a new flag for ninja build - cc_is_cc. It states if the compiler we use is cc (that's indeed often stands for gcc, but for some cases the compiler check fails).
Differential Revision: https://phabricator.services.mozilla.com/D163602
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D157990
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,djackson
Depends on D36757
Differential Revision: https://phabricator.services.mozilla.com/D37215
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,djackson
Depends on D36756
Differential Revision: https://phabricator.services.mozilla.com/D36757
|
|
|
|
|
|
| |
r=nss-reviewers,djackson
Differential Revision: https://phabricator.services.mozilla.com/D36755
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,djackson
Patch provided by Giulio Benetti.
Differential Revision: https://phabricator.services.mozilla.com/D147534
|
|
|
|
|
|
| |
Submitted on behalf of Zi Lin, the author of the patch.
Differential Revision: https://phabricator.services.mozilla.com/D141119
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since clang 9, NSS can build for x86_64 without the -fno-integrated-as
flag.
The tricky part is that clang versions are unreliable. For instance, a
check for "clang version 9 or more" would break building with Xcode
versions between 9.0 and 11.3.1 (because clang in those say it has
version >= 9, but they are actually clang versions between 4.0 and 8.0;
the clang version reflects the Xcode version, not the real clang version).
We do have a complicated version check in Firefox that works around
that, but I don't feel like porting this to NSS, so instead, allow
to set a gyp variable to force enable it, and let the Firefox build
system decide for itself.
Differential Revision: https://phabricator.services.mozilla.com/D134741
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D129246
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D128906
|
|
|
|
| |
Last rebase we submitted a patch that used a subdirectory to measure the performance for the SQLite patch. This code wasn't active by default on linux, however, because of a typo in the build system. This is a low priority issue since NSS does not default to measure, so the patch only affects older versions of RHEL or users that have explicitly asked for 'measure' semantics.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=bbeurdouche
Before applying (on Ryzen 9 3900X)
```
# mode in opreps cxreps context op time(sec) thrgput
sha256_e 1Gb 208Mb 23M 0 0.000 10000.000 10.000 123Mb 301Kb
```
After applying
```
# mode in opreps cxreps context op time(sec) thrgput
sha256_e 5Gb 797Mb 110M 0 0.000 10000.000 10.000 591Mb 769Kb
```
Differential Revision: https://phabricator.services.mozilla.com/D116962
|
|
|
|
|
|
| |
r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D116922
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
patch by Thomas Klausner
r=rrelyea
In the NetBSD configuration, the symbol hiding flags are not defined. This leads to conflicts when openssl and nss are linked into the same binary.
For a longer discussion on the topic, see
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/Al0Pt0zhARE
Match more closely to OpenBSD.mk, and in particular, hide symbols (MAPFILE).
- fix wrong value of CPU_ARCH on NetBSD/evbarm-earmv7f
- s/aarch64eb/aarch64/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the final HPKE version string.
This removes the draft version markers from the implementation and stops
tracking the draft version with the exported syntax.
I've added the script that I used to convert the JSON test vectors from the
specification; that should allow us to pick up new tests relatively easily,
especially if we need to add new algorithms.
This change breaks several ECH test cases. As fixing those tests is
extraordinarily fiddly, I'm going to defer making those changes until we need to
update ECH. As we can't land this code until ECH is updated to depend on the
final HPKE and until we have coordinated with servers on when the ECH update can
be deployed, it should be OK to defer.
In short, don't land this without the matching ECH changes.
Differential Revision: https://phabricator.services.mozilla.com/D105256
|
| |
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D112143
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=bbeurdouche
Currently, NSS assumes that every PowerPC target supports the crypto
and VSX extensions of the PowerPC ABI. However, VSX was only introduced
with ISA version 2.06 and the crypto extensions with ISA version 2.07
and enabling them on older PowerPC targets will result in a SIGILL. Thus,
make their use configurable and enable them by default on ppc64le only.
Differential Revision: https://phabricator.services.mozilla.com/D105354
|
|
|
|
|
|
| |
r=kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D98154
|
|
|
|
|
|
| |
r=kjacobs,bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D26278
|
|
|
|
|
|
|
|
|
|
|
|
| |
(draft-irtf-cfrg-hpke-05). r=mt
This patch adds support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05).
Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions.
Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH.
Differential Revision: https://phabricator.services.mozilla.com/D73947
|
|
|
|
|
|
|
|
| |
r=kjacobs,mt
This fixes a breakage if the Python path happens to have a space in it.
Differential Revision: https://phabricator.services.mozilla.com/D92236
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D90077
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D90081
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Current code base use CPU_ARCH to detect if avx2 is supported in arch.mk
However, when arch.mk included, CPU_ARCH haven't been initialised, CPU_ARCH
will be initialised by the OS specific code later on.
Move the AVX2 detection to config.mk, after all other initialisation done.
Reviewers: kjacobs
Reviewed By: kjacobs
Subscribers: kjacobs
Bug #: 1659727
Differential Revision: https://phabricator.services.mozilla.com/D88517
|
| |
|
|
|
|
|
|
|
|
| |
This case comes up when attempting to build NSS on ARM64 Mac. If we don't
do this, we wind up detecting arm64 as "arm", with predictably bad
consequences.
Differential Revision: https://phabricator.services.mozilla.com/D85786
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ARM Crypto extension has SHA1 acceleration. Using this, SHA1 is 3 times
faster on ARMv8 CPU. The following data is AWS's a1 instance (Cortex-A72).
Before
======
```
# mode in opreps cxreps context op time(sec) thrgput
sha1_e 954Mb 31M 0 0.000 10000.000 10.000 95Mb
```
After
=====
```
# mode in opreps cxreps context op time(sec) thrgput
sha1_e 2Gb 94M 0 0.000 10000.000 10.000 288Mb
```
Differential Revision: https://phabricator.services.mozilla.com/D84125
|
|
|
|
|
|
| |
lib/freebl/deprecated. r=kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D83494
|
| |
|
|
|
|
|
|
| |
ARMv8 CPU has accelerated hardware instruction for SHA256 that supports GCC 4.9+. We should use it if available.
Differential Revision: https://phabricator.services.mozilla.com/D38830
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally I tried multiple variants using make's conditionals
to limit DIRS and enforce building the parent directory before
the sub-directory. None of them worked for me, most resulting in
an infinite recursion, so I used the current pre-depends
workaround to fulfill the real dependency.
Now I remembered that automake can handle this case for SUBDIRS
specifying "." as a directory. The generated Makefile handles it
via shell scripting; not nice, but it works.
So this gets rid of the workaround, replacing it with a small
shell test.
Differential Revision: https://phabricator.services.mozilla.com/D74855
|
|
|
|
|
|
|
|
|
|
| |
Introduces a simple "%/d" rule to create directories using
$(MAKE_OBJDIR) and replace all explicit $(MAKE_OBJDIR) calls
with an order-only-prerequisites.
To expand the $(@D) prerequisite, this needs .SECONDEXPANSION.
Differential Revision: https://phabricator.services.mozilla.com/D70989
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D70988
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D70987
|