Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | bump version to 3.29, r=me | Franziskus Kiefer | 2016-11-15 | 3 | -6/+6 |
| | |||||
* | bug 1316604 - Add variables for <(nss_dist_dir)/{public,private}. r=franziskus | Ted Mielczarek | 2016-11-10 | 34 | -48/+48 |
| | | | | | Mozilla's build system currently puts NSS public headers directly in $(DIST)/include/nss, so we need a way to override the export directory. | ||||
* | bug 1316115 - Only build det_rng.c when fuzz==1. r=ttaubert | Ted Mielczarek | 2016-11-08 | 1 | -1/+3 |
| | |||||
* | bug 1315231 - fix gyp build on windows. r=franziskus | Ted Mielczarek | 2016-11-09 | 1 | -42/+35 |
| | |||||
* | Bug 1316974 - Clean up protect record functions r=mt | Tim Taubert | 2016-11-14 | 4 | -196/+103 |
| | | | | Differential Revision: https://nss-review.dev.mozaws.net/D54 | ||||
* | Bug 1310610 - Exporters for TLS 1.3, r=ekr | Martin Thomson | 2016-11-12 | 7 | -6/+102 |
| | |||||
* | Bug 1317017 - Improve logging of TLS 1.3 Finished calculation, r=ekr | Martin Thomson | 2016-11-12 | 1 | -2/+3 |
| | |||||
* | Bug 1252745 - Fix Signed Certificate Timestamps for TLS 1.3, r=ttaubert | Martin Thomson | 2016-11-10 | 4 | -27/+23 |
| | |||||
* | Bug 1315936 - Memory error introduced by bug 1287271, r=martin.thomson | Kai Engert | 2016-11-09 | 1 | -1/+3 |
| | |||||
* | Bug 1314604 - Extra checking when validating DH shares, r=rrelyea | Martin Thomson | 2016-11-08 | 1 | -0/+3 |
| | |||||
* | Bug 1315735 - Static-ize phase variables. r=mt | EKR | 2016-11-07 | 1 | -3/+3 |
| | |||||
* | Bug 1315735 - TLS 1.3 draft 18 - clang-format. r=me | EKR | 2016-11-07 | 7 | -45/+33 |
| | |||||
* | Bug 1315735 - TLS 1.3 draft 18 - tests for psk binder. r=mt | EKR | 2016-11-04 | 1 | -6/+12 |
| | | | | | https://nss-review.dev.mozaws.net/D31 | ||||
* | Bug 1315735 - TLS 1.3 draft 18 - Update to draft-18 key schedule and code ↵ | EKR | 2016-11-03 | 4 | -54/+27 |
| | | | | | | | | | | | point. r=mt Reviewers: mt Reviewed By: mt Differential Revision: https://nss-dev.phacility.com/D138 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - Update cipher suite/hash consistency ↵ | EKR | 2016-11-03 | 2 | -22/+49 |
| | | | | | | | | | | | | | checks. r=mt Reviewers: mt Reviewed By: mt Subscribers: mt Differential Revision: https://nss-dev.phacility.com/D137 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - New Certificate structure. r=mt | EKR | 2016-11-03 | 5 | -38/+288 |
| | | | | | | | Subscribers: mt Differential Revision: https://nss-dev.phacility.com/D136 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - Simplified key derivation labels. r=mt | EKR | 2016-11-03 | 1 | -16/+2 |
| | | | | | | | | | Reviewers: mt Reviewed By: mt Differential Revision: https://nss-dev.phacility.com/D135 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - implement psk binders, remove resumption ↵ | EKR | 2016-11-03 | 8 | -419/+423 |
| | | | | | | | | | | | PSK, and 0-RTT Finished. r=mt Subscribers: mt Differential Revision: https://nss-dev.phacility.com/D134 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - Restructure PSK negotiation. r=mt | EKR | 2016-11-03 | 9 | -188/+150 |
| | | | | | | | | | | - move ticket_age_add into NST - max_early_data_size as an extension. - Remove server signature algorithm sending NOTE: This version fails some of the tests because I did not update the canned server hello. | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - update draft number. r=mt | EKR | 2016-11-03 | 1 | -1/+1 |
| | | | | | | | | | | | Reviewers: mt Reviewed By: mt Subscribers: mt Differential Revision: https://nss-dev.phacility.com/D130 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - Replace key shares in response to HRR. r=mt | EKR | 2016-11-03 | 1 | -0/+15 |
| | | | | | | | Subscribers: mt Differential Revision: https://nss-dev.phacility.com/D129 | ||||
* | Bug 1315735 - TLS 1.3 draft 17 - Change ticket_early_data_info code point. r=mt | EKR | 2016-11-03 | 1 | -4/+1 |
| | | | | | | | | | Reviewers: mt Reviewed By: mt Differential Revision: https://nss-dev.phacility.com/D128 | ||||
* | Bug 1315455 - Constify sslSocket for extension processing. r=mt. | EKR | 2016-11-02 | 13 | -810/+969 |
| | | | | | | | | | | | | | | | | | | | | Summary: Extension handlers now take a const sslSocket* and a non-const xtnData. Things aren't entirely clean yet. I had to do two things: - Write a series of ssl_Ext* thunks for things that have innocuous side effects in sslSocket like updating the transcript or encrypting stuff. - Add a CONST_CAST macro for the few cases where it's clear we're having real side effects but they weren't simple to unwind. them. The macro makes them easy to find. Test Plan: None Differential Revision: https://nss-review.dev.mozaws.net/D17 | ||||
* | Revert "Bug 1315455 - Constify sslSocket for extension processing. r=mt." | EKR | 2016-11-05 | 12 | -964/+808 |
| | | | | | This reverts commit 6b37e9783638d6ac6689f5b50f6e60f41ea753cc. | ||||
* | Revert "Clang-format. r=me" | EKR | 2016-11-05 | 2 | -4/+4 |
| | | | | | This reverts commit 7dd48050057108cce55bd8488899c24d953eb197. | ||||
* | Clang-format. r=me | EKR | 2016-11-05 | 2 | -4/+4 |
| | |||||
* | Bug 1315455 - Constify sslSocket for extension processing. r=mt. | EKR | 2016-11-02 | 12 | -808/+964 |
| | | | | | | | | | | | | | | | | | | | | Summary: Extension handlers now take a const sslSocket* and a non-const xtnData. Things aren't entirely clean yet. I had to do two things: - Write a series of ssl_Ext* thunks for things that have innocuous side effects in sslSocket like updating the transcript or encrypting stuff. - Add a CONST_CAST macro for the few cases where it's clear we're having real side effects but they weren't simple to unwind. them. The macro makes them easy to find. Test Plan: None Differential Revision: https://nss-review.dev.mozaws.net/D17 | ||||
* | Bug 1315193 - Fuzzing mode: ssl_Time() must return a constant value r=franziskus | Tim Taubert | 2016-11-04 | 2 | -0/+9 |
| | | | | Differential Revision: https://nss-review.dev.mozaws.net/D19 | ||||
* | Bug 1314705 - Remove spurious call to ssl3_SetupPendingCipherSpec(). ↵ | EKR | 2016-11-02 | 1 | -4/+8 |
| | | | | | | | | | | | | | | | | | | | r=mt,ttaubert Summary: This has no impact on the cipher suite state because we call tls13_SetCipherSuite after the call to ssl3_SendServerHello, but it does leave kea_defs in a busted state re-setting it to kea_defs after we tweaked it during negotiation. Test Plan: Blah Reviewers: mt, ttaubert Reviewed By: mt, ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D14 | ||||
* | Bug 1311213 - Handle repeated NST messages correctly r=ekr,mt | Tim Taubert | 2016-11-02 | 2 | -15/+19 |
| | | | | Differential Revision: https://nss-review.dev.mozaws.net/D13 | ||||
* | Fix gypfile bustage. r=me | EKR | 2016-11-02 | 1 | -1/+1 |
| | |||||
* | Bug 1314676 - Refactor extension handler files. r=mt | EKR | 2016-11-02 | 7 | -3533/+3592 |
| | | | | | | | | | | | | | | | | | | This doesn't represent any new code or functionality. I just split things up into three files: Summary: - ssl3ext.c -- generic extension processing machinery - ssl3exthandle.c -- extension handlers for TLS < 1.3 - tls13exthandle.c -- extension handlers for TLS 1.3 Note that there are still extension handlers in ssl3ext.c. Reviewers: mt Reviewed By: mt Differential Revision: https://nss-dev.phacility.com/D141 | ||||
* | Bug 1311950 - Don't send PSS signature algorithms if we have no token that ↵ | Tim Taubert | 2016-11-02 | 1 | -1/+8 |
| | | | | | | supports verifying them r=mt Differential Revision: https://nss-review.dev.mozaws.net/D15 | ||||
* | Bug 1311950 - Check for PSS token support when negotiating PSS signature ↵ | Tim Taubert | 2016-11-02 | 3 | -18/+44 |
| | | | | | | schemes r=mt Differential Revision: https://nss-review.dev.mozaws.net/D11 | ||||
* | Bug 1313846 - Declare 'it = NULL' earlier. r=franziskus | catdesk | 2016-10-29 | 1 | -1/+1 |
| | |||||
* | Backed out changeset d405c74dfab8 for bustage | Franziskus Kiefer | 2016-10-31 | 3 | -7/+0 |
| | |||||
* | Bug 1313430, ssl_CreateECDHEphemeralKeyPair needs database password, ↵ | Kai Engert | 2016-10-31 | 2 | -5/+15 |
| | | | | r=martin.thomson | ||||
* | Bug 1312141 - fix coverity issue CID1374320, r=rrelyea | Franziskus Kiefer | 2016-10-28 | 1 | -18/+15 |
| | |||||
* | Bug 1312977 - Add read/write direction to logging, r=ekr | Martin Thomson | 2016-10-29 | 1 | -2/+3 |
| | |||||
* | Bug 1118245 - clang-format on lib/smime, r=ttaubert | Franziskus Kiefer | 2016-10-27 | 27 | -3859/+3868 |
| | |||||
* | Bug 1313496 - Prevent PK11_FindSlotsByNames from double-refcounting the ↵ | David Keeler | 2016-10-28 | 1 | -1/+7 |
| | | | | internal key module r=ttaubert | ||||
* | Bug 1118245 - clang-format on lib/pki and lib/pkcs7, r=ttaubert | Franziskus Kiefer | 2016-10-27 | 29 | -10175/+8971 |
| | | | | try: -b do -p none -t clang-format | ||||
* | Bug 1312141, follow up fix, r=rrelyea | Kai Engert | 2016-10-27 | 1 | -1/+1 |
| | |||||
* | Bug 1263017, CKR_DEVICE_ERROR after fork() when NSS was initialized by ↵ | Robert Relyea | 2016-10-27 | 1 | -0/+15 |
| | | | | someone else, r=kaie | ||||
* | Bug 1311175 - Remove inline keyword from mpi.c functions as they are used ↵ | David Major | 2016-10-27 | 1 | -9/+5 |
| | | | | outside this file. r=ttaubert | ||||
* | Bug 1118245 - clang-format on lib/pkcs12, r=ttaubert | Franziskus Kiefer | 2016-09-10 | 13 | -5174/+5083 |
| | | | | try: -b do -p none -t all | ||||
* | Bug 1118245 - clang-format on lib/pk11wrap, r=ttaubert | Franziskus Kiefer | 2016-10-27 | 31 | -14300/+14761 |
| | |||||
* | Bug 1312977 - clang-format, a=bustage | Martin Thomson | 2016-10-27 | 1 | -1/+1 |
| | |||||
* | Bug 1312977 - Improve tracing for TLS 1.3, r=ekr | Martin Thomson | 2016-10-21 | 5 | -16/+48 |
| | |||||
* | Bug 1312141 - SECMOD_OpenUserDB will allow multiple opens of the same database. | Robert Relyea | 2016-10-26 | 3 | -9/+152 |
| | | | | r=mt |