2020-02-07 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.50 final
[5bb3927fa234] [NSS_3_50_RTM] <NSS_3_50_BRANCH>
2020-02-05 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA2 for changeset b91bbf7a88c9
[a8656c823c1f] <NSS_3_50_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D62106
--HG--
extra : moz-landing-system : lando
See bug 1613275 and bug 1607845. In bug 1607845, the aim was to regenerate all
test certificates that would be expiring. Unfortunately, a few were missed:
* build/pgo/certs/ certificate DBs and mochitest.client are regenerated in a
different way than the rest of the certificates in bug 1607845. These would
probably best be addressed by formally documenting the process of
re-generating all of the certificates.
* security/manager/ssl/tests/unit/test_certDB_import/ certificates were
missed by mistake. It's unclear how this happened.
* security/manager/ssl/tests/unit/test_intermediate_preloads/ were missed
because there was no test_intermediate_preloads entry in the TEST_DIRS
section of security/manager/ssl/tests/unit/moz.build, which means that the
build system never knew to re-generate those certificates, even after
un-commenting-out the contents of
security/manager/ssl/tests/unit/test_intermediate_preloads/moz.build
* security/manager/ssl/tests/unit/test_missing_intermediate/missing-intermediate.der
was DER, not PEM, and we don't have a way to automatically re-generate DER
certificates in the same way. However, it didn't even need to be DER.
Differential Revision: https://phabricator.services.mozilla.com/D61712
--HG--
extra : moz-landing-system : lando
Upstream patch:
6bd491daaf%5E%21/#F0
_sifields is a glibc-internal field, and is not available on musl
libc. Instead, use the public-facing fields si_call_addr, si_syscall,
and si_arch, if they are available.
Differential Revision: https://phabricator.services.mozilla.com/D61051
--HG--
extra : moz-landing-system : lando
2020-02-05 J.C. Jones <jjones@mozilla.com>
* lib/softoken/exports.gyp, lib/softoken/manifest.mn,
lib/softoken/pkcs11.c, lib/softoken/sftkdb.c,
lib/softoken/softoken.gyp:
Bug 1609673 - Conditionally compile out all libnssdbm glue if
NSS_DISABLE_DBM is set r=mt
Remove `lgglue` from compilation entirely if DBM is disabled
[b91bbf7a88c9] [NSS_3_50_BETA2] <NSS_3_50_BRANCH>
2020-02-04 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA1 for changeset de6ba04bb1f4
[1201d0d89b72] <NSS_3_50_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D61770
--HG--
extra : moz-landing-system : lando
In order to reuse SSLServerCertVerificationJob, this patch exposes SSLServerCertVerificationJob and adds ServerCertVerificationResultCallback for delivering the verification result.
Differential Revision: https://phabricator.services.mozilla.com/D58604
--HG--
extra : moz-landing-system : lando
2020-02-03 Kai Engert <kaie@kuix.de>
* automation/release/nspr-version.txt:
Bug 1612623 - NSS 3.50 should depend on NSPR 4.25. r=kjacobs
[de6ba04bb1f4] [NSS_3_50_BETA1]
2020-01-27 Giulio Benetti <giulio.benetti@benettiengineering.com>
* coreconf/config.gypi, coreconf/config.mk, lib/freebl/Makefile,
lib/freebl/freebl.gyp, lib/freebl/gcm.h:
Bug 1608151 - Introduce NSS_DISABLE_ALTIVEC and disable_altivec
r=jcj
At the moment NSS assumes that every PowerPC64 architecture supports
Altivec but it's not true and this leads to build failure. So add
NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for
gyp) to disable Altivec extension on PowerPC build that don't
support Altivec.
[f2d947817850]
Differential Revision: https://phabricator.services.mozilla.com/D61574
--HG--
extra : moz-landing-system : lando
2020-01-27 J.C. Jones <jjones@mozilla.com>
* lib/freebl/blinit.c:
Bug 1602386 - clang-format r=bustage
[4bf79c4d2954] [tip]
2020-01-27 Piotr Kubaj <pkubaj@FreeBSD.org>
* lib/freebl/Makefile, lib/freebl/blinit.c:
Bug 1602386 - Fix build on FreeBSD/powerpc platforms. r=jcj
FreeBSD has elf_aux_info instead of getauxval, but only since
FreeBSD 12. Previous versions (11 is still supported) don't have any
equivalent and users need to query sysctl manually.
[f2ac5e318886]
2020-01-27 Jan Beich <jbeich@FreeBSD.org>
* lib/freebl/blinit.c:
Bug 1609181 - Detect ARM CPU features on FreeBSD. r=jcj
Implement `getauxval` via `elf_aux_info` to avoid code duplication.
`AT_HWCAP*` can be used on powerpc* and riscv64 as well.
[edb60bae9219]
2020-01-22 Martin Thomson <mt@lowentropy.net>
* lib/zlib/README, lib/zlib/README.nss, lib/zlib/adler32.c,
lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h,
lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzguts.h,
lib/zlib/gzlib.c, lib/zlib/gzread.c, lib/zlib/gzwrite.c,
lib/zlib/infback.c, lib/zlib/inffast.c, lib/zlib/inffixed.h,
lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c,
lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c,
lib/zlib/zconf.h, lib/zlib/zlib.h, lib/zlib/zutil.c,
lib/zlib/zutil.h:
Bug 1547639 - Update zlib to 1.2.11, r=jcj
[91f3f0749d0b]
* lib/zlib/README.nss, lib/zlib/config.mk, lib/zlib/example.c,
lib/zlib/manifest.mn, lib/zlib/minigzip.c, lib/zlib/vendor.sh,
lib/zlib/zlib.gyp:
Bug 1547639 - Automatic vendoring of zlib, r=jcj
[fc128963a9aa]
Differential Revision: https://phabricator.services.mozilla.com/D61126
--HG--
extra : moz-landing-system : lando
At this point, there is no consumer that uses ContentBlockingLog stored
in the child. This patch removes the following code:
1. Removing nsGlobalWindowOuter::NotifyContentBlockingEvent
2. Removing nsDocLoader::OnContentBlockingEvent
3. Removing contentBlockingEvent in nsISecureBrowserUI.idl
4. Removing mContentBlockingLog from Document.cpp and APIs related to it.
Differential Revision: https://phabricator.services.mozilla.com/D56874
--HG--
extra : moz-landing-system : lando
At this point, there is no consumer that uses ContentBlockingLog stored
in the child. This patch removes the following code:
1. Removing nsGlobalWindowOuter::NotifyContentBlockingEvent
2. Removing nsDocLoader::OnContentBlockingEvent
3. Removing contentBlockingEvent in nsISecureBrowserUI.idl
4. Removing mContentBlockingLog from Document.cpp and APIs related to it.
Differential Revision: https://phabricator.services.mozilla.com/D56874
--HG--
extra : moz-landing-system : lando
MozTrees persist column ordering using the XUL persist="ordinal" attribute. This patch synchronizes MozTree with that old mechanism to restore the ability to save and restore column ordering. Because the persist data will be stored in the same place as before, this should prevent people from losing their column ordering data without requiring data migration.
Differential Revision: https://phabricator.services.mozilla.com/D59763
--HG--
extra : rebase_source : 0474619cb817263d7a56b970c44cf8987d719355
extra : histedit_source : d8ed787170f5dd3ac6e19bf318e1a69c9ad0eac5
2020-01-22 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c:
Bug 1606992 - Follow-up to also cache most recent PBKDF1 hash (in
addition to PBKDF2 hash). r=kjacobs
[cd55a3a90502] [tip]
2020-01-22 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/aes-x86.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h:
Bug 1608493 - Use AES-NI intrinsics for CBC and ECB decrypt when no
assembly implementation is available. r=mt
AES-NI is currently not used for //CBC// or //ECB decrypt// when an
assembly implementation (`intel-aes.s` or `intel-
aes-x86/64-masm.asm`) is not available. Concretely, this is the case
on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch
adds the plumbing to use AES-NI intrinsics when available.
Before: ``` mode in symmkey opreps cxreps context op time(sec)
thrgput aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb aes_cbc_e
78Mb 256 10T 0 0.000 392.000 0.393 198Mb aes_cbc_d 78Mb 256 10T 0
0.000 425.000 0.425 183Mb
```
After: ``` mode in symmkey opreps cxreps context op time(sec)
thrgput aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb aes_cbc_e
78Mb 256 10T 0 0.000 94.000 0.094 831Mb aes_cbc_d 78Mb 256 10T 0
0.000 74.000 0.075 1Gb
```
[9804c76e76f3]
Differential Revision: https://phabricator.services.mozilla.com/D60763
--HG--
extra : moz-landing-system : lando
This was done by:
This was done by applying:
```
diff --git a/python/mozbuild/mozbuild/code-analysis/mach_commands.py b/python/mozbuild/mozbuild/code-analysis/mach_commands.py
index 789affde7bbf..fe33c4c7d4d1 100644
--- a/python/mozbuild/mozbuild/code-analysis/mach_commands.py
+++ b/python/mozbuild/mozbuild/code-analysis/mach_commands.py
@@ -2007,7 +2007,7 @@ class StaticAnalysis(MachCommandBase):
from subprocess import Popen, PIPE, check_output, CalledProcessError
diff_process = Popen(self._get_clang_format_diff_command(commit), stdout=PIPE)
- args = [sys.executable, clang_format_diff, "-p1", "-binary=%s" % clang_format]
+ args = [sys.executable, clang_format_diff, "-p1", "-binary=%s" % clang_format, '-sort-includes']
if not output_file:
args.append("-i")
```
Then running `./mach clang-format -c <commit-hash>`
Then undoing that patch.
Then running check_spidermonkey_style.py --fixup
Then running `./mach clang-format`
I had to fix four things:
* I needed to move <utility> back down in GuardObjects.h because I was hitting
obscure problems with our system include wrappers like this:
0:03.94 /usr/include/stdlib.h:550:14: error: exception specification in declaration does not match previous declaration
0:03.94 extern void *realloc (void *__ptr, size_t __size)
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/malloc_decls.h:53:1: note: previous declaration is here
0:03.94 MALLOC_DECL(realloc, void*, void*, size_t)
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/mozilla/mozalloc.h:22:32: note: expanded from macro 'MALLOC_DECL'
0:03.94 MOZ_MEMORY_API return_type name##_impl(__VA_ARGS__);
0:03.94 ^
0:03.94 <scratch space>:178:1: note: expanded from here
0:03.94 realloc_impl
0:03.94 ^
0:03.94 /home/emilio/src/moz/gecko-2/obj-debug/dist/include/mozmemory_wrap.h:142:41: note: expanded from macro 'realloc_impl'
0:03.94 #define realloc_impl mozmem_malloc_impl(realloc)
Which I really didn't feel like digging into.
* I had to restore the order of TrustOverrideUtils.h and related files in nss
because the .inc files depend on TrustOverrideUtils.h being included earlier.
* I had to add a missing include to RollingNumber.h
* Also had to partially restore include order in JsepSessionImpl.cpp to avoid
some -WError issues due to some static inline functions being defined in a
header but not used in the rest of the compilation unit.
Differential Revision: https://phabricator.services.mozilla.com/D60327
--HG--
extra : moz-landing-system : lando
rg -l 'mozilla/Move.h' | xargs sed -i 's/#include "mozilla\/Move.h"/#include <utility>/g'
Further manual fixups and cleanups to the include order incoming.
Differential Revision: https://phabricator.services.mozilla.com/D60323
--HG--
extra : moz-landing-system : lando
We need to stop relying on the global `this` in order to support ES Modules.
In this case we have `this.DER` (which is exported) and `class DER` in the
same module.
Because of this, changing `this.DER` to `const DER` would lead to an error.
So this change renames the class to avoid the conflict.
Differential Revision: https://phabricator.services.mozilla.com/D60078
--HG--
extra : moz-landing-system : lando
2020-01-15 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/chacha20poly1305.c:
Bug 1574643 - Check for AVX support before using vectorized ChaCha20
decrypt r=jcj
The addition of an AVX support check in `ChaCha20Poly1305_Seal`
seems to have stopped the Encrypt crashes on old Intel CPUs, however
we're seeing new reports from
`Hacl_Chacha20Poly1305_128_aead_decrypt` (which is called from
`ChaCha20Poly1305_Open`). This needs an AVX check as well...
[5f9f410d0b60] [tip]
2020-01-14 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc:
Bug 1573911 - Add RSA Encryption test r=jcj
Add a test for various sizes of RSA encryption input.
[4abc6ff828ab]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hkdf-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hkdf_unittest.cc:
Bug 1585429 - Add HKDF test vectors r=jcj
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC
test vectors, as well as upper-bound length checks for the output
key material.
[239797efc34b]
2020-01-14 J.C. Jones <jjones@mozilla.com>
* coreconf/config.gypi:
Bug 1608327 - Fixup for dc57fe5d65d4, add a default for
softfp_cflags r=bustage
[05b923624b73]
2020-01-14 Sylvestre Ledru <sledru@mozilla.com>
* automation/buildbot-slave/bbenv-example.sh, automation/buildbot-
slave/build.sh, automation/buildbot-slave/reboot.bat, automation
/buildbot-slave/startbuild.bat:
Bug 1607099 - Remove the buildbot configuration r=jcj
[7a87cef808f3]
2020-01-14 Greg V <greg@unrelenting.technology>
* lib/freebl/blinit.c:
Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one
platform but not the other.
[fbde548e8114]
2020-01-14 Mike Hommey <mh@glandium.org>
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c,
lib/freebl/rijndael.c:
Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj
Despite the code having runtime detection of NEON and crypto
extensions, the optimized code using those instructions is disabled
at build time on platforms where the compiler doesn't enable NEON by
default of with the flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every
case, letting the caller code choose whether to use that code based
on the existing runtime checks.
But this can't be simply done either, because those optimized parts
of the code need to be built with NEON enabled, unconditionally, but
that is not compatible with platforms using the softfloat ABI. For
those, we need to use the softfp ABI, which is compatible. However,
the softfp ABI is not compatible with the hardfp ABI, so we also
can't unconditionally use the softfp ABI, so we do so only when the
compiler targets the softfloat ABI, which confusingly enough is
advertized via the `__SOFTFP__` define.
[dc57fe5d65d4]
2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/saw/chacha20.saw, automation/taskcluster/docker-
builds/Dockerfile, automation/taskcluster/docker-
hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc,
automation/taskcluster/docker-hacl/Dockerfile,
automation/taskcluster/docker-hacl/bin/checkout.sh,
automation/taskcluster/docker-hacl/license.txt,
automation/taskcluster/docker-hacl/setup-user.sh,
automation/taskcluster/docker-hacl/setup.sh,
automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/run_hacl.sh,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c,
lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c,
lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, nss-tool/hw-support.c:
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
This patch contains the changes in NSS, necessary to pick up HACL*v2
in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled
pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
[a8df94132dd3]
2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h,
lib/freebl/verified/Hacl_Chacha20.c,
lib/freebl/verified/Hacl_Chacha20.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.h,
lib/freebl/verified/Hacl_Chacha20_Vec128.c,
lib/freebl/verified/Hacl_Chacha20_Vec128.h,
lib/freebl/verified/Hacl_Curve25519.c,
lib/freebl/verified/Hacl_Curve25519.h,
lib/freebl/verified/Hacl_Curve25519_51.c,
lib/freebl/verified/Hacl_Curve25519_51.h,
lib/freebl/verified/Hacl_Kremlib.h,
lib/freebl/verified/Hacl_Poly1305_128.c,
lib/freebl/verified/Hacl_Poly1305_128.h,
lib/freebl/verified/Hacl_Poly1305_32.c,
lib/freebl/verified/Hacl_Poly1305_32.h,
lib/freebl/verified/Hacl_Poly1305_64.c,
lib/freebl/verified/Hacl_Poly1305_64.h,
lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h,
lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h,
lib/freebl/verified/kremlin/include/kremlin/internal/compat.h,
lib/freebl/verified/kremlin/include/kremlin/internal/target.h,
lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h,
lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
_uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f
star_uint128_msvc.h, lib/freebl/verified/libintvector.h,
lib/freebl/verified/specs/Spec.CTR.fst,
lib/freebl/verified/specs/Spec.Chacha20.fst,
lib/freebl/verified/specs/Spec.Curve25519.fst,
lib/freebl/verified/specs/Spec.Poly1305.fst,
lib/freebl/verified/vec128.h:
Bug 1574643 - haclv2 code r=kjacobs
This updates the in-tree version of our existing HACL* code to v2,
replacing what we have already. Once this landed NSS can pick up
more (faster) code from HACL*.
[5bf2547d671f]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/windows/build_gyp.sh:
Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded
to python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0
| Setuptools 45.0.0 ]] drops support for Python2, which our Windows
workers are running.
This patch installs the prior version during build, in order to
unblock CI until the workers can be upgraded.
[64c5410f98e0]
Differential Revision: https://phabricator.services.mozilla.com/D60086
--HG--
extra : moz-landing-system : lando
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hkdf-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hkdf_unittest.cc:
Bug 1585429 - Add HKDF test vectors r=jcj
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC
test vectors, as well as upper-bound length checks for the output
key material.
[239797efc34b] [tip]
2020-01-14 J.C. Jones <jjones@mozilla.com>
* coreconf/config.gypi:
Bug 1608327 - Fixup for dc57fe5d65d4, add a default for
softfp_cflags r=bustage
[05b923624b73]
2020-01-14 Sylvestre Ledru <sledru@mozilla.com>
* automation/buildbot-slave/bbenv-example.sh, automation/buildbot-
slave/build.sh, automation/buildbot-slave/reboot.bat, automation
/buildbot-slave/startbuild.bat:
Bug 1607099 - Remove the buildbot configuration r=jcj
[7a87cef808f3]
2020-01-14 Greg V <greg@unrelenting.technology>
* lib/freebl/blinit.c:
Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one
platform but not the other.
[fbde548e8114]
2020-01-14 Mike Hommey <mh@glandium.org>
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c,
lib/freebl/rijndael.c:
Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj
Despite the code having runtime detection of NEON and crypto
extensions, the optimized code using those instructions is disabled
at build time on platforms where the compiler doesn't enable NEON by
default of with the flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every
case, letting the caller code choose whether to use that code based
on the existing runtime checks.
But this can't be simply done either, because those optimized parts
of the code need to be built with NEON enabled, unconditionally, but
that is not compatible with platforms using the softfloat ABI. For
those, we need to use the softfp ABI, which is compatible. However,
the softfp ABI is not compatible with the hardfp ABI, so we also
can't unconditionally use the softfp ABI, so we do so only when the
compiler targets the softfloat ABI, which confusingly enough is
advertized via the `__SOFTFP__` define.
[dc57fe5d65d4]
2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/saw/chacha20.saw, automation/taskcluster/docker-
builds/Dockerfile, automation/taskcluster/docker-
hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc,
automation/taskcluster/docker-hacl/Dockerfile,
automation/taskcluster/docker-hacl/bin/checkout.sh,
automation/taskcluster/docker-hacl/license.txt,
automation/taskcluster/docker-hacl/setup-user.sh,
automation/taskcluster/docker-hacl/setup.sh,
automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/run_hacl.sh,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c,
lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c,
lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, nss-tool/hw-support.c:
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
This patch contains the changes in NSS, necessary to pick up HACL*v2
in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled
pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
[a8df94132dd3]
2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h,
lib/freebl/verified/Hacl_Chacha20.c,
lib/freebl/verified/Hacl_Chacha20.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.h,
lib/freebl/verified/Hacl_Chacha20_Vec128.c,
lib/freebl/verified/Hacl_Chacha20_Vec128.h,
lib/freebl/verified/Hacl_Curve25519.c,
lib/freebl/verified/Hacl_Curve25519.h,
lib/freebl/verified/Hacl_Curve25519_51.c,
lib/freebl/verified/Hacl_Curve25519_51.h,
lib/freebl/verified/Hacl_Kremlib.h,
lib/freebl/verified/Hacl_Poly1305_128.c,
lib/freebl/verified/Hacl_Poly1305_128.h,
lib/freebl/verified/Hacl_Poly1305_32.c,
lib/freebl/verified/Hacl_Poly1305_32.h,
lib/freebl/verified/Hacl_Poly1305_64.c,
lib/freebl/verified/Hacl_Poly1305_64.h,
lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h,
lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h,
lib/freebl/verified/kremlin/include/kremlin/internal/compat.h,
lib/freebl/verified/kremlin/include/kremlin/internal/target.h,
lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h,
lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
_uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f
star_uint128_msvc.h, lib/freebl/verified/libintvector.h,
lib/freebl/verified/specs/Spec.CTR.fst,
lib/freebl/verified/specs/Spec.Chacha20.fst,
lib/freebl/verified/specs/Spec.Curve25519.fst,
lib/freebl/verified/specs/Spec.Poly1305.fst,
lib/freebl/verified/vec128.h:
Bug 1574643 - haclv2 code r=kjacobs
This updates the in-tree version of our existing HACL* code to v2,
replacing what we have already. Once this landed NSS can pick up
more (faster) code from HACL*.
[5bf2547d671f]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/windows/build_gyp.sh:
Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded
to python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0
| Setuptools 45.0.0 ]] drops support for Python2, which our Windows
workers are running.
This patch installs the prior version during build, in order to
unblock CI until the workers can be upgraded.
[64c5410f98e0]
Differential Revision: https://phabricator.services.mozilla.com/D59928
--HG--
extra : moz-landing-system : lando
2020-01-11 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c, lib/softoken/pkcs11.c:
Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed
up repeated SDR operations. r=jcj
[a06bd0f6bbe8] [tip]
Differential Revision: https://phabricator.services.mozilla.com/D59741
--HG--
extra : moz-landing-system : lando