summaryrefslogtreecommitdiff
path: root/mach
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1552254 internal_error alert on Certificate Request with sha1+ecdsa in ↵Robert Relyea2022-03-181-1/+2
| | | | | | | | | | | | | | | | | | | TLS 1.3 We need to be able to select Client certificates based on the schemes sent to us from the server. Rather than changing the callback function, this patch adds those schemes to the ssl socket info as suggested by Dana. In addition, two helpful functions have been added to aid User applications in properly selecting the Certificate: PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate *cert) - returns true if the given cert matches the schemes of the server, the schemes configured on the socket, capability of the token the private key resides on, and the current policy. For future SSL protocol, additional restrictions may be parsed. SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) - removes the certs from the cert list that doesn't pass the SSL_CertIsUsable() call. In addition the built in cert selection function (NSS_GetClientAuthData) uses the above functions to filter the list. In order to support the NSS_GetClientAuthData three new functions have been added: SECStatus CERT_FilterCertListByNickname(CERTCertList *certList, char *nickname, void *pwarg) -- removes the certs that don't match the 'nickname'. SECStatus CERT_FilterCertListByCertList(CERTCertlist *certList, const CERTCertlist *filterList ) -- removes all the certs on the first cert list that isn't on the second. PRBool CERT_IsInList(CERTCertificate *, const CERTCertList *certList) -- returns true if cert is on certList. In addition * PK11_FindObjectForCert() is exported so the token the cert lives on can be accessed. * the ssle ssl_PickClientSignatureScheme() function (along with several supporing functions) have been modified so it can be used by SSL_CertIsUsable() Differential Revision: https://phabricator.services.mozilla.com/D135715
* Bug 1738600 - sunset Coverity from NSS. r=nss-reviewers,bbeurdoucheAndi-Bogdan Postelnicu2021-11-081-296/+0
| | | | Differential Revision: https://phabricator.services.mozilla.com/D129982
* Bug 1604596 - Update Wycheproof vectors and add support for CBC, P256-ECDH, ↵Kevin Jacobs2020-01-161-21/+0
| | | | | | | | | | | | | | | and CMAC tests r=franziskus This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH: ChaCha20: +141 tests Curve25519: +431 tests GCM: +39 tests CBC (new): +183 tests CMAC (new): +308 tests P256 ECDH (new): +460 tests Differential Revision: https://phabricator.services.mozilla.com/D57477
* Bug 1598485 - Exclude files that are not part of the nss repository from ↵Andi-Bogdan Postelnicu2019-12-091-0/+3
| | | | | | the analysis artifact. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D55963
* Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcjFranziskus Kiefer2019-12-041-4/+12
| | | | | | | | | Disale libnssdbm by default and add flag to enable it in builds. On CI a build and certs test with enabled legacy DB are added. Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas. Differential Revision: https://phabricator.services.mozilla.com/D54673
* Bug 1581041 - Rename mach-commands to mach-completion, r=jcjMartin Thomson2019-09-171-2/+2
| | | | | | This means that we can point our completion at the gecko one. Differential Revision: https://phabricator.services.mozilla.com/D45804
* Bug 1568776 - Output paths relative to repository in coverity, r=andi,jcjBastien Abadie2019-07-251-1/+9
| | | | Differential Revision: https://phabricator.services.mozilla.com/D39311
* Bug 1562867 - Specify port for Coverity platform. r=jcjAndi-Bogdan Postelnicu2019-07-021-2/+4
| | | | Differential Revision: https://phabricator.services.mozilla.com/D36584
* Bug 1555621 - Add Coverity static-analysis tool as a try job. r=jcjAndi-Bogdan Postelnicu2019-06-051-45/+8
| | | | Differential Revision: https://phabricator.services.mozilla.com/D33487
* Bug 1555621 - add Coverity as static-analysis target in `mach`. r=jcjAndi-Bogdan Postelnicu2019-06-051-0/+324
| | | | Differential Revision: https://phabricator.services.mozilla.com/D33138
* Bug 1530134 - Run clang-format without docker as a fallback, r=jcjMartin Thomson2019-02-261-10/+21
| | | | | | | | | | | | Running clang-format with a bad version is better than not running it at all. Reviewers: jcj Reviewed By: jcj Bug #: 1530134 Differential Revision: https://phabricator.services.mozilla.com/D20938
* Bug 1514999 - Add wycheproof Curve25519 testcases to nss, r=franziskusJonas Allmann2018-12-191-9/+0
| | | | Differential Revision: https://phabricator.services.mozilla.com/D14843
* Bug 1508673 - Added ChachaPoly testcases from Wycheproof, r=franziskusJonas Allmann2018-12-131-3/+3
| | | | | | | | | | | | | | | | Summary: Adapted chacha20_poly1305 unittests to wycheproof testcases. Extended test vector header generation script to include chacha. Depends on D12559. Reviewers: franziskus Subscribers: jcj Bug #: 1508673 Differential Revision: https://phabricator.services.mozilla.com/D13798
* Bug 1508666 - AES-GCM Wycheproof testcases, r=franziskusJonas Allmann2018-12-111-0/+29
| | | | | | This patch also introduces the ./mach wycheproof command to update wycheproof test cases. Differential Revision: https://phabricator.services.mozilla.com/D12559
* Bug 1474887, nss-policy-check: a tool to check a NSS policy configuration ↵Kai Engert2018-07-171-1/+1
| | | | for errors, r=rrelyea
* Bug 1471586 - Enable interop testing against boringssl, r=franziskusFranziskus Kiefer2018-07-111-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D1843
* Bug 1281967 - Add "mach coverage ssl_gtests" using sancov r=franziskusTim Taubert2018-04-131-14/+77
| | | | | | | | | | Reviewers: franziskus Reviewed By: franziskus Bug #: 1281967 Differential Revision: https://phabricator.services.mozilla.com/D906
* Bug 1437882 - mach bogo, r=ttaubertFranziskus Kiefer2018-04-111-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D905
* Bug 1451955 - python3 compatibility fix for reading, r=ttaubertMartin Thomson2018-04-061-1/+1
|
* Bug 1392504 - Fix mach clang-format when run outside the root, r=franziskusMartin Thomson2017-08-281-3/+2
|
* Bug 1392504 - clang-format changed files by default, r=franziskusMartin Thomson2017-08-221-11/+50
|
* Bug 1370667 - don't do startup tests when not in fips mode, r=ttaubert,rrelyeaFranziskus Kiefer2017-08-181-1/+3
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D348
* Bug 1386561 - Add mach-commands command to mach, r=franziskusMartin Thomson2017-08-021-0/+17
|
* Bug 1384791 - Fix clang-format script, r=franziskusMartin Thomson2017-07-271-2/+10
|
* Bug 1372127 - move .chk to root folder, r=ttaubertFranziskus Kiefer2017-07-031-1/+1
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D360
* Bug 1372515 - allow enabling libpkix in gyp builds, r=ttaubertFranziskus Kiefer2017-06-091-2/+8
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D350
* Bug 1372127 - mach command to run clang-format, build, and tests, r=mtFranziskus Kiefer2017-04-271-0/+148
Differential Revision: https://nss-review.dev.mozaws.net/D300
View Lorry Controller Status