Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-21 01:05:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f36309192d
gecko-dev/security/nss/automation/abi-check
History
Kevin Jacobs 6a6ed41ab7 Bug 1649545 - land NSS 58c2abd7404e UPGRADE_NSS_RELEASE, r=jcj 
2020-06-26  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/abi-check/expected-report-libssl3.so.txt, automation/abi-
	check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h,
	lib/util/nssutil.h:
	Set version numbers to 3.55 beta
	[332ab7db68ba]

2020-06-25  Kevin Jacobs  <kjacobs@mozilla.com>

	* tests/all.sh:
	Bug 1649190 - Run cipher, sdr, and ocsp tests under standard test
	cycle.
	[f373809abfc0]

2020-06-15  Kevin Jacobs  <kjacobs@mozilla.com>

        * gtests/common/testvectors/p256ecdsa-sha256-vectors.h,
        gtests/common/testvectors/p384ecdsa-sha384-vectors.h,
        gtests/common/testvectors/p521ecdsa-sha512-vectors.h,
        gtests/common/testvectors_base/test-structs.h,
        gtests/common/wycheproof/genTestVectors.py,
        gtests/pk11_gtest/pk11_ecdsa_unittest.cc:
        Bug 1649226 - Add Wycheproof ECDSA tests.
        [41292ff7f545]

2020-06-30  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* lib/pkcs12/p12d.c:
	Bug 1649322 - Fix null pointer passed as argument in
	pk11wrap/pk11pbe.c:1246 r=kjacobs
	[cc43ebf5bf88]

2020-06-30  Danh  <congdanhqx@gmail.com>

	* coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile:
	Bug 1646594 - Enable AVX2 if applicable on x86_64 with make 4.3
	r=bbeurdouche
	[b579895aceb0]

2020-07-02  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* lib/ssl/ssl3con.c:
	Bug 1649316 - Prevent memcmp to be called with a zero length in
	ssl/ssl3con.c:6621 r=kjacobs
	[8fe9213d0551]

2020-07-02  Alexander Scheel  <ascheel@redhat.com>

	* lib/cryptohi/secvfy.c:
	Bug 1649487 - Fix bad assert in VFY_EndWithSignature. r=jcj
	[c9438b528103]

2020-07-06  Dana Keeler  <dkeeler@mozilla.com>

	* automation/abi-check/expected-report-libnss3.so.txt,
	gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
	lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
	Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj

	PK11_FindEncodedCertInSlot can be used to determine the PKCS#11
	object handle of an encoded certificate in a given slot. If the
	given certificate does not exist in that slot, CK_INVALID_HANDLE is
	returned.
	[32fe710a942f]

	* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
	Bug 1649633 - follow-up to make test comparisons in
	pk11_find_certs_unittest.cc yoda comparisons r=kjacobs
	[424dae31a1c1]


2020-07-07  Kevin Jacobs  <kjacobs@mozilla.com>

        * gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, lib/freebl/rsapkcs.c:
        Bug 1067214 - Check minimum padding in RSA_CheckSignRecover.
        r=rrelyea

        This patch adds a check to `RSA_CheckSignRecover` enforcing a
        minimum padding length of 8 bytes for PKCS #1 v1.5-formatted
        signatures. In practice, RSA key size requirements already ensure
        this requirement is met, but smaller (read: broken) key sizes can be
        used via configuration overrides, and NSS should just follow the
        spec.
        [e5324bd5a885]

2020-07-08  Kevin Jacobs  <kjacobs@mozilla.com>

        * gtests/ssl_gtest/libssl_internals.c,
        gtests/ssl_gtest/libssl_internals.h,
        gtests/ssl_gtest/ssl_record_unittest.cc,
        gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h,
        lib/ssl/dtls13con.c, lib/ssl/dtls13con.h, lib/ssl/ssl3con.c,
        lib/ssl/ssl3prot.h, lib/ssl/sslspec.h, lib/ssl/sslt.h,
        lib/ssl/tls13con.c, lib/ssl/tls13exthandle.c:
        Bug 1647752 - Update DTLS 1.3 implementation to draft-38. r=mt

        This patch updates DTLS 1.3 to draft-38. Specifically:

         # `ssl_ct_ack` value changes from 25 to 26. # AEAD limits in
        `tls13_UnprotectRecord` enforce a maximum of 2^36-1 (as we only
        support GCM/ChaCha20 AEADs) decryption failures before the
        connection is closed. # Post-handshake authentication will no longer
        be negotiated in DTLS 1.3. This allows us to side-step the more
        convoluted state machine requirements.
        [132a87fc8689]

2020-07-09  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

        * lib/pk11wrap/pk11pbe.c, lib/pkcs12/p12d.c:
        Bug 1649322 - Fix null pointer passed as argument in
        pk11wrap/pk11pbe.c:1246 r=kjacobs

        This is a fixup patch that reverts https://hg.mozilla.org/projects/n
        ss/rev/cc43ebf5bf88355837c5fafa2f3c46e37626707a and adds a null
        check around the memcpy in question.
        [80bea0e22b20]

2020-07-09  J.C. Jones  <jjones@mozilla.com>

        * lib/softoken/pkcs11.c:
        Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs

        Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before
        accessing slot after obtaining it, even though slotLock is defined
        as its lock. [0]

        [0] https://searchfox.org/nss/rev/a412e70e55218aaf670f1f10322fa734d8
        a9fbde/lib/softoken/pkcs11i.h#320-321
        [58c2abd7404e] [tip]

Differential Revision: https://phabricator.services.mozilla.com/D82466
2020-07-09 23:05:48 +00:00
..
expected-report-libfreebl3.so.txt
expected-report-libfreeblpriv3.so.txt
expected-report-libnspr4.so.txt
expected-report-libnss3.so.txt Bug 1649545 - land NSS 58c2abd7404e UPGRADE_NSS_RELEASE, r=jcj 2020-07-09 23:05:48 +00:00
expected-report-libnssckbi.so.txt
expected-report-libnssdbm3.so.txt
expected-report-libnsssysinit.so.txt
expected-report-libnssutil3.so.txt
expected-report-libplc4.so.txt
expected-report-libplds4.so.txt
expected-report-libsmime3.so.txt
expected-report-libsoftokn3.so.txt Bug 1636656 - land NSS e3444f4cc638 UPGRADE_NSS_RELEASE, 2020-05-11 18:20:52 +00:00
expected-report-libssl3.so.txt Bug 1649545 - land NSS 58c2abd7404e UPGRADE_NSS_RELEASE, r=jcj 2020-07-09 23:05:48 +00:00
previous-nss-release Bug 1649545 - land NSS 58c2abd7404e UPGRADE_NSS_RELEASE, r=jcj 2020-07-09 23:05:48 +00:00