| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TLS 1.3
We need to be able to select Client certificates based on the schemes sent to us from the server. Rather than changing the callback function, this patch adds those schemes to the ssl socket info as suggested by Dana. In addition, two helpful functions have been added to aid User applications in properly selecting the Certificate:
PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate *cert) - returns true if the given cert matches the schemes of the server, the schemes configured on the socket, capability of the token the private key resides on, and the current policy. For future SSL protocol, additional restrictions may be parsed.
SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) - removes the certs from the cert list that doesn't pass the SSL_CertIsUsable() call.
In addition the built in cert selection function (NSS_GetClientAuthData) uses the above functions to filter the list. In order to support the NSS_GetClientAuthData three new functions have been added:
SECStatus CERT_FilterCertListByNickname(CERTCertList *certList, char *nickname, void *pwarg) -- removes the certs that don't match the 'nickname'.
SECStatus CERT_FilterCertListByCertList(CERTCertlist *certList, const CERTCertlist *filterList ) -- removes all the certs on the first cert list that isn't on the second.
PRBool CERT_IsInList(CERTCertificate *, const CERTCertList *certList) -- returns true if cert is on certList.
In addition
* PK11_FindObjectForCert() is exported so the token the cert lives on can be accessed.
* the ssle ssl_PickClientSignatureScheme() function (along with several supporing functions) have been modified so it can be used by SSL_CertIsUsable()
Differential Revision: https://phabricator.services.mozilla.com/D135715
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D129982
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and CMAC tests r=franziskus
This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH:
ChaCha20: +141 tests
Curve25519: +431 tests
GCM: +39 tests
CBC (new): +183 tests
CMAC (new): +308 tests
P256 ECDH (new): +460 tests
Differential Revision: https://phabricator.services.mozilla.com/D57477
|
|
|
|
|
|
| |
the analysis artifact. r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D55963
|
|
|
|
|
|
|
|
|
| |
Disale libnssdbm by default and add flag to enable it in builds.
On CI a build and certs test with enabled legacy DB are added.
Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas.
Differential Revision: https://phabricator.services.mozilla.com/D54673
|
|
|
|
|
|
| |
This means that we can point our completion at the gecko one.
Differential Revision: https://phabricator.services.mozilla.com/D45804
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D39311
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D36584
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D33487
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D33138
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running clang-format with a bad version is better than not running it at all.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1530134
Differential Revision: https://phabricator.services.mozilla.com/D20938
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D14843
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Adapted chacha20_poly1305 unittests to wycheproof testcases.
Extended test vector header generation script to include chacha.
Depends on D12559.
Reviewers: franziskus
Subscribers: jcj
Bug #: 1508673
Differential Revision: https://phabricator.services.mozilla.com/D13798
|
|
|
|
|
|
| |
This patch also introduces the ./mach wycheproof command to update wycheproof test cases.
Differential Revision: https://phabricator.services.mozilla.com/D12559
|
|
|
|
| |
for errors, r=rrelyea
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D1843
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1281967
Differential Revision: https://phabricator.services.mozilla.com/D906
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D905
|
| |
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D348
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D360
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D350
|
|
Differential Revision: https://nss-review.dev.mozaws.net/D300
|