Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-27 12:50:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
gecko-dev/security
History
Kevin Jacobs e9ae922ddc Bug 1642687 - land NSS cbf75aedf480 UPGRADE_NSS_RELEASE, r=jcj 
2020-06-12  Kevin Jacobs  <kjacobs@mozilla.com>

	* cmd/lib/secutil.c:
	Bug 1645479 - Use SECITEM_CopyItem instead of SECITEM_MakeItem in
	secutil.c. r=jcj

	This patch converts a call to `SECITEM_MakeItem` to use
	`SECITEM_CopyItem` instead. Using the former works fine in NSS CI,
	but causes build failures in mozilla-central due to differences in
	how both symbols are exported (i.e. when folding nssutil into nss).

	[cbf75aedf480] [tip]

2020-06-11  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/ssl_gtest/libssl_internals.c,
	gtests/ssl_gtest/ssl_resumption_unittest.cc:
	Bug 1644774 - Use ClearServerCache instead of
	SSLInt_ClearSelfEncryptKey for ticket invalidation. r=mt

	[7b2413d80ce3]

2020-06-10  Kevin Jacobs  <kjacobs@mozilla.com>

	* cmd/lib/basicutil.c, cmd/lib/secutil.c, cmd/lib/secutil.h,
	cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, lib/ssl/tls13psk.c:
	Bug 1603042 - Support external PSKs in tstclnt/selfserv. r=jcj

	This patch adds support for TLS 1.3 external PSKs in tstclnt and
	selfserv with the `-z` option.

	Command examples:
	- `selfserv -D -p 4443 -d . -n localhost.localdomain -w nss -V tls1.3:
	-H 1 -z 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -m`
	- `tstclnt -h 127.0.0.1 -p 4443 -z
	0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD[:label] -d . -w nss`

	For OpenSSL interop:
	- `openssl s_server -nocert -port 4433 -psk
	AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD [-psk_identity label]`

	Note: If the optional label is omitted, both NSS tools and OpenSSL
	default to "Client_identity".

	[c1b1112af415]

2020-06-09  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/ssl/tls13con.c:
	Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer
	mode. r=mt

	[238bd7912429]

2020-06-08  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/freebl/freebl.gyp, lib/freebl/freebl_base.gypi:
	Bug 1642802 - Win64 GYP builds to use HACL* curve25519.
	r=bbeurdouche

	This patch causes Windows 64-bit GYP builds to use HACL* curve25519
	rather than the 32-bit (fiat-crypto) implementation.

	For non-clang/GCC Win64 builds, we define `KRML_VERIFIED_UINT128` to
	workaround an upstream bug that breaks Win32 builds by selecting a
	64-bit `__int128` implementation (in types.h).

	For clang/GCC builds, using the compiler-provided type yields a ~5x
	speedup on Win64.

	[566fa62d6522]

2020-06-05  Jeff Walden  <jwalden@mit.edu>

	* lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11kea.c,
	lib/pk11wrap/pk11merge.c, lib/pk11wrap/pk11nobj.c,
	lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11skey.c,
	lib/pk11wrap/secmodi.h:
	Bug 1643557 - Make pk11_FindObjectByTemplate accept a size_t count
	rather than a signed type to avoid internal signed-unsigned
	comparison warnings. r=kjacobs

	Depends on D78454

	[5ee293d1a282]

	* lib/pk11wrap/pk11skey.c:
	Bug 1643557 - Make PK11_SetWrapKey explicitly handle being passed a
	negative wrap argument, to avoid a signed-unsigned comparison.
	r=kjacobs

	Depends on D78453

	[7bb3677a2ed0]

	* lib/pk11wrap/pk11akey.c, lib/pk11wrap/pk11cert.c,
	lib/pk11wrap/pk11obj.c, lib/pk11wrap/secmodi.h:
	Bug 1643557 - Change the type of the size argument to
	pk11_FindObjectsByTemplate to be size_t, consistent with the type of
	some (small) numeric values passed to it after the previous
	revision. r=kjacobs

	Depends on D78452

	[eaf223c2646a]

	* lib/pk11wrap/pk11slot.c:
	Bug 1643557 - Use size_t for various counts in pk11slot.c. r=kjacobs

	Depends on D78451

	[465a7954ce0a]

	* lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11slot.c:
	Bug 1643557 - Make pk11_MatchString accept a size_t length rather
	than an int length (consistent with all callers), and reformulate
	its internals to avoid a signed-unsigned comparison. r=kjacobs

	Depends on D78450

	[fff8c883ef7d]

	* lib/pk11wrap/pk11skey.c, lib/ssl/sslsnce.c, lib/util/secport.h:
	Bug 1643557 - Add PORT_AssertNotReached and use it instead of
	PORT_Assert(!"str"), which may warn about vacuous string literal to
	boolean conversions. r=kjacobs

	Depends on D78449

	[c0aa47eb2fdd]

	* lib/util/secoid.c:
	Bug 1643557 - Use SECOidTag as the type of a loop variable over all
	values of that type to avoid a signed-unsigned comparison warning.
	r=kjacobs

	Depends on D78448

	[d7f1e9975e67]

	* lib/util/utilpars.c:
	Bug 1643557 - Use size_t for a parameter-indexing variable to
	eliminate a signed-unsigned comparison warning. r=kjacobs

	Depends on D78447

	[5d7206908ca7]

	* lib/freebl/rsapkcs.c:
	Bug 1643557 - Used unsigned int for two for-loops upper-bounded by
	unsigned ints in rsa_FormatOneBlock. r=kjacobs

	Depends on D78446

	[ed9a1a41ca1e]

	* lib/pk11wrap/debug_module.c:
	Bug 1643557 - Use unsigned int for log level, consistent with
	PRLogModuleLevel. r=kjacobs

	[7f89fa701ce3]

Differential Revision: https://phabricator.services.mozilla.com/D79566
2020-06-12 23:42:37 +00:00
..
apps
certverifier
ct
mac/hardenedruntime
manager
Bug 1612116 - Added diagnostics to ensure mErrorCode and mCanceled are consistent r=keeler
2020-06-12 08:04:15 +00:00
nss
Bug 1642687 - land NSS cbf75aedf480 UPGRADE_NSS_RELEASE, r=jcj
2020-06-12 23:42:37 +00:00
sandbox
Bug 1642721 - convert security.sandbox.logging.enabled to a StaticPref. r=bobowen
2020-06-11 12:35:45 +00:00
.eslintrc.js
generate_certdata.py
generate_mapfile.py
moz.build
nss.symbols