Граф коммитов

974 Коммитов

Автор SHA1 Сообщение Дата
Ricky Stewart fbc6c5a60f Bug 1667892 - Move search for `wget` binary from `old-configure` to Python `configure` r=dmajor
Differential Revision: https://phabricator.services.mozilla.com/D91645
2020-09-30 15:37:21 +00:00
Razvan Maries 3b3e92d8ee Backed out changeset a86359ce9e75 (bug 1667892) for L10n bustages. CLOSED TREE 2020-09-30 05:16:28 +03:00
Ricky Stewart 3f16cd05ff Bug 1667898 - Remove `MOZ_EXCLUDE_HYPHENATION_DICTIONARIES` r=nalexander
This is unused (evidently a Fennec thing).

Differential Revision: https://phabricator.services.mozilla.com/D91648
2020-09-28 22:47:35 +00:00
Ricky Stewart 2bb808e369 Bug 1667896 - Remove `MOZ_ANDROID_DISTRIBUTION_DIRECTORY` r=nalexander
This config value is evidently a Fennec thing that isn't used anywhere any more.

Differential Revision: https://phabricator.services.mozilla.com/D91647
2020-09-29 01:51:13 +00:00
Ricky Stewart d9aa989230 Bug 1667892 - Move search for `wget` binary from `old-configure` to Python `configure` r=dmajor
Differential Revision: https://phabricator.services.mozilla.com/D91645
2020-09-28 22:33:33 +00:00
Jed Davis 9cca235bba Bug 1663550 - Enable sandbox on Linux/arm and Linux/arm64. r=gcp,glandium
Differential Revision: https://phabricator.services.mozilla.com/D90002
2020-09-16 20:53:19 +00:00
Agi Sferro 5151d7d8a7 Bug 1666372 - Don't enable the crashreporter for local android builds. r=snorp,nalexander
Differential Revision: https://phabricator.services.mozilla.com/D90931
2020-09-22 20:38:29 +00:00
Mike Hommey b297cc22e4 Bug 1664077 - Remove _NON_GLOBAL_ACDEFINES. r=firefox-build-system-reviewers,mhentges,rstewart
I think they're remnants from the past that we don't really need anymore.
And they're making things more complicated for some pending work of mine.

Differential Revision: https://phabricator.services.mozilla.com/D89687
2020-09-15 14:25:14 +00:00
Razvan Maries f46af2adfc Backed out changeset ee6dbeaf8852 (bug 1664077) for build bustages on gfxFontUtils.h. CLOSED TREE 2020-09-15 04:02:01 +03:00
Mike Hommey 3fd47263f8 Bug 1664077 - Remove _NON_GLOBAL_ACDEFINES. r=firefox-build-system-reviewers,mhentges,rstewart
I think they're remnants from the past that we don't really need anymore.
And they're making things more complicated for some pending work of mine.

Differential Revision: https://phabricator.services.mozilla.com/D89687
2020-09-14 16:31:31 +00:00
Mike Hommey 3c3839d4b3 Bug 1664083 - Remove support for external source directories. r=nalexander
It was there for comm-central, and hasn't been used since bug 1479904.

Differential Revision: https://phabricator.services.mozilla.com/D89691
2020-09-10 03:44:30 +00:00
Keefer Rourke 53c14a2428 Bug 1657663: Improve timestamp precision for nsLocalFileUnix r=froydnj,barret
This change updates the unix implementation of nsLocalFile
Set/GetLastModifiedTime methods to improve the precision of file modification
times from a 1 second resolution to a 1 millisecond resolution.

Differential Revision: https://phabricator.services.mozilla.com/D86238
2020-08-26 15:32:15 +00:00
Razvan Maries ff54551a34 Backed out 12 changesets (bug 1660328, bug 1660015, bug 1649595, bug 1649596, bug 1649593, bug 1659176, bug 1659839, bug 1659838, bug 1657663, bug 1657647, bug 1655460) for xpcshell perma failures. CLOSED TREE
Backed out changeset ff95badf90e3 (bug 1660328)
Backed out changeset a92f8525ab6f (bug 1659176)
Backed out changeset 8ca05470a0d5 (bug 1659839)
Backed out changeset 5de389b735d3 (bug 1649596)
Backed out changeset 73bdddd96664 (bug 1649595)
Backed out changeset 59800d609b55 (bug 1659838)
Backed out changeset 8aca41723313 (bug 1649593)
Backed out changeset dc0d90b3e135 (bug 1657647)
Backed out changeset e3dd5b6b4fbd (bug 1657663)
Backed out changeset f9c823fa14ba (bug 1657663)
Backed out changeset a5aecc7a6469 (bug 1655460)
Backed out changeset 21b64ef30e12 (bug 1660015)
2020-08-26 06:35:20 +03:00
Keefer Rourke c438dddf23 Bug 1657663: Improve timestamp precision for nsLocalFileUnix r=froydnj,barret
This change updates the unix implementation of nsLocalFile
Set/GetLastModifiedTime methods to improve the precision of file modification
times from a 1 second resolution to a 1 millisecond resolution.

Differential Revision: https://phabricator.services.mozilla.com/D86238
2020-08-24 15:41:07 +00:00
Ricky Stewart f5328d27ba Bug 1659756 - Move `MOZ_USE_NATIVE_POPUP_WINDOWS` from `old-configure` to Python `configure` r=geckoview-reviewers,mhentges,agi,froydnj,glandium
Differential Revision: https://phabricator.services.mozilla.com/D87462
2020-08-21 22:48:09 +00:00
Ricky Stewart 71dca9f811 Bug 1659746 - Move `MOZ_WINCONSOLE` from `old-configure` to Python `configure` r=nalexander
Differential Revision: https://phabricator.services.mozilla.com/D87454
2020-08-18 16:05:26 +00:00
Ricky Stewart cd9a620ede Bug 1657954 - Move various branding options from `old-configure` r=geckoview-reviewers,mhentges,nalexander,snorp
Differential Revision: https://phabricator.services.mozilla.com/D86391
2020-08-11 15:58:52 +00:00
Razvan Maries abf299d7f6 Backed out changeset 60059f7d5c46 (bug 1657663) for perma failures on test_schema_change.js. CLOSED TREE 2020-08-10 22:55:35 +03:00
Keefer Rourke 148dabd639 Bug 1657663: Improve timestamp precision for nsLocalFileUnix r=froydnj,barret
This change updates the unix implementation of nsLocalFile
Set/GetLastModifiedTime methods to improve the precision of file modification
times from a 1 second resolution to a 1 millisecond resolution.

Differential Revision: https://phabricator.services.mozilla.com/D86238
2020-08-10 17:50:23 +00:00
Mike Hommey 527e667296 Bug 1537703 - Use llvm-rc instead of rc.exe. r=mhentges,froydnj
This makes us use one less tool from MSVC, and removes one more use of wine
in cross builds.

We replace the call to either rc/llvm-rc or windres with a wrapper script.
While the script is not strictly needed for the latter, we use a wrapper
in that case anyway because it's one step towards fixing bug 1498414.
For llvm-rc, however, we need a wrapper because llvm-rc doesn't preprocess
on its own, so the wrapper does that too.

The wrapper script also allows to deal with the default flags passed to
llvm-rc or windres, rather than inherit them from old-configure.

We also need to explicitly pass the codepage to llvm-rc, which was not
necessary with rc (presumably, llvm-rc has a different default).

While here, remove the unused WINDRES subst from js/src/old-configure.in.
Also, while here, we remove --use-temp-file, because as described in the
linked bug and in the windres manual page, it was used to work around bugs
on Windows 98 and earlier.

Differential Revision: https://phabricator.services.mozilla.com/D86312
2020-08-08 21:02:04 +00:00
Ricky Stewart b1627141d4 Bug 1656346 - Move `--enable-startupcache` from `old-configure` r=firefox-build-system-reviewers,mhentges,glandium
Differential Revision: https://phabricator.services.mozilla.com/D85466
2020-08-05 00:28:34 +00:00
Ricky Stewart adbb976913 Bug 1656341 - Move `--enable-pref-extensions` from `old-configure` r=firefox-build-system-reviewers,mhentges,glandium
Differential Revision: https://phabricator.services.mozilla.com/D85463
2020-08-05 00:26:16 +00:00
Ricky Stewart 729697662f Bug 1656044 - Move `--enable-mobile-optimize`, `MOZ_GFX_OPTIMIZE_MOBILE` from `old-configure` r=geckoview-reviewers,mhentges,froydnj,glandium,esawin
Differential Revision: https://phabricator.services.mozilla.com/D85321
2020-08-03 13:36:59 +00:00
Robert Mader c5a05df5d3 Bug 1653950 - Bump glib version requirement. r=karlt
We already inherit a minimum version of 2.41.2 through GTK 3.14.
This silences some build warnings.

Differential Revision: https://phabricator.services.mozilla.com/D84578
2020-07-24 09:11:59 +00:00
Butkovits Atila a58bc11558 Backed out changeset 0650d1a61f16 (bug 1653950) for bustages on gversionmacros.h CLOSED TREE 2020-07-23 03:42:33 +03:00
Robert Mader cdb8166f86 Bug 1653950 - Bump glib version requirement. r=karlt
We already inherit a minimum version of 2.41.2 through GTK 3.14.
This silences some build warnings.

Differential Revision: https://phabricator.services.mozilla.com/D84578
2020-07-23 00:07:47 +00:00
Narcis Beleuzu 72a6746940 Backed out changeset 5df50fa24cca (bug 1653950) for bustages on gversionmacros.h . CLOSED TREE 2020-07-23 02:01:54 +03:00
Robert Mader 71c0319dd9 Bug 1653950 - Bump glib version requirement. r=karlt
We already inherit a minimum version of 2.41.2 through GTK 3.14.
This silences some build warnings.

Differential Revision: https://phabricator.services.mozilla.com/D84578
2020-07-22 22:32:07 +00:00
Robert Mader 0d74f2d95f Bug 1617002 - Remove checks for unsupported GTK3 versions. r=stransky
Cleans up the code a bit to make actually used fallback code easier to spot
and update the required GTK version so deprecation warnings are more accurate.

Also make `gdk_window_set_opaque_region` always available - we can now assume
it to be present in all supported versions.

Differential Revision: https://phabricator.services.mozilla.com/D82804
2020-07-20 15:43:30 +00:00
Nick Alexander bcbf1ce06f Bug 1641291 - Pre: Work around logging not handling '\x' in `old-configure` output. r=froydnj
Windows accepts both paths, so let's just avoid the issue for now.

Differential Revision: https://phabricator.services.mozilla.com/D77116
2020-07-07 02:13:22 +00:00
Coroiu Cristina 3cce853af2 Backed out 4 changesets (bug 1641291) for build bustages and SM failures on a CLOSED TREE
Backed out changeset 9c0a44614576 (bug 1641291)
Backed out changeset 0dcf604b880e (bug 1641291)
Backed out changeset d830bee40b5c (bug 1641291)
Backed out changeset fe38c82c2dad (bug 1641291)
2020-06-03 22:09:52 +03:00
Nick Alexander 77c491766c Bug 1641291 - Pre: Work around logging not handling '\x' in `old-configure` output. r=froydnj
Windows accepts both paths, so let's just avoid the issue for now.

Differential Revision: https://phabricator.services.mozilla.com/D77116
2020-06-03 18:17:58 +00:00
Mike Hommey 038f9f8138 Bug 1641790 - Move --with-system-nss to python configure. r=firefox-build-system-reviewers,rstewart
Version of NSS >= 3.27 have a pkg-config file. We're now requiring 3.53,
so while moving, just use pkg-config, which is simpler.

The old-configure check that rejected some untested platforms for
in-tree NSS is actually rejecting none: the accepted platforms cover all
the supported ones, so we remove that check.

And because building with system NSS without system NSPR doesn't make
sense, imply the latter when the former is used.

Differential Revision: https://phabricator.services.mozilla.com/D77428
2020-05-29 17:02:09 +00:00
Mike Hommey 9088528947 Bug 1635764 - Move --with-system-icu and --with-intl-api to python configure. r=firefox-build-system-reviewers,rstewart
At the same time, because it's now simpler to do so, set the right data
file name for big-endians, even though we don't have or produce it
(bug #1264836). Also remove USE_ICU, which is redundant with
JS_HAS_INTL_API, and actively break the build at configure time when
using --without-intl-api with Firefox because this hasn't actually
worked for close to 3 years (since bug 1402048).

Differential Revision: https://phabricator.services.mozilla.com/D77416
2020-05-29 21:29:52 +00:00
Mike Hommey 8a9448c75b Bug 1641785 - Move --with-jitreport-granularity to python configure. r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D77415
2020-05-29 12:17:26 +00:00
Mike Hommey 313131917e Bug 1641775 - Move --with-system-nspr to python configure. r=firefox-build-system-reviewers,rstewart
Versions of NSPR >= 4.10 come with a pkg-config file. We currently
depend on 4.9.2 for spidermonkey, but much more recent versions for
Firefox. 4.10 is less than a year newer than 4.9.2, and 4.10 is 7 years
old, so bumping the requirement to 4.10 is not really a big deal.

With the use of pkg-config, --with-nspr-cflags and --with-nspr-libs are
not needed.

None of the AC_TRY_COMPILE tests were any useful because
PR_STATIC_ASSERT and PR_UINT64 have been when we look for them since
4.8.6 and 4.9 respectively.

Differential Revision: https://phabricator.services.mozilla.com/D77412
2020-05-29 17:11:27 +00:00
Mike Hommey cab23e6d7f Bug 1641783 - Move MOZ_FOLD_LIBS to python configure. r=froydnj
Also remove MOZ_FOLD_LIBS_FLAGS because it is always empty since bug 1577521.

Differential Revision: https://phabricator.services.mozilla.com/D77410
2020-05-29 12:15:51 +00:00
Mike Hommey eba22e2279 Bug 1641760 - Move --with-system-zlib to python configure. r=froydnj
As all versions of zlib >= 1.2.3.1 have a pkg-config file, and 1.2.3.1
is close to 14 years old, let's drop 1.2.3 and just use pkg-config, which
simplifies what we need to do dramatically.

Differential Revision: https://phabricator.services.mozilla.com/D77404
2020-05-29 20:59:00 +00:00
Mike Hommey a97c7ebfe7 Bug 1640578 - Remove --disable-install-strip from mac mozconfigs. r=froydnj
The need for --disable-install-strip in the mac mozconfigs comes from a
discrepancy in how stripping is handled between platforms. On Windows,
there is no stripping. On non-Mac unix, `strip` removes local symbols as
well as debug info and debug symbols. On Mac, it actually removes too
much, and one has to pass flags to remove both local symbols (`-x`) and
debug symbols (`-S`). Debug info is already in a separate file
(`.dSYM`).

For profiling reasons, we do ship e.g. nightlies with local symbols but
not debug info or symbols (or at least that's the intent). On Windows,
again, nothing to do. On non-Mac unix, we pass `--strip-debug` to
`strip` so that it keeps local symbols. That's where the discrepancy
comes in for Mac: the build system doesn't handle this at all, so the
mozconfigs contain --disable-install-strip to avoid stripping.

The build system should be doing what it's expected to be doing from the
start, without mozconfigs opting into anything.

AFAIK, we only really need the local symbols, so we can `strip -S` on
Mac when profiling is enabled, rather than `strip -x -S`. This also
significantly reduces the size of the installer for nightlies.

And while we're here, move the logic out of old-configure and into
python configure.

Differential Revision: https://phabricator.services.mozilla.com/D76789
2020-05-27 01:42:07 +00:00
Mike Hommey 6ba1065508 Bug 1639815 - Move --enable-strip and --enable-install-strip to python configure. r=nalexander
Differential Revision: https://phabricator.services.mozilla.com/D76291
2020-05-21 23:51:58 +00:00
Mike Hommey 03b3bd5a35 Bug 1639815 - Move --enable-dtrace to python configure. r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D76289
2020-05-21 22:38:47 +00:00
Bogdan Tara 0bff3c4d0b Backed out 7 changesets (bug 1639815) for --disable-install-strip related bustages CLOSED TREE
Backed out changeset 04a1388fc17d (bug 1639815)
Backed out changeset d48eea557b6d (bug 1639815)
Backed out changeset 6fba10f61bd2 (bug 1639815)
Backed out changeset cfb945f6c82f (bug 1639815)
Backed out changeset 16447c678749 (bug 1639815)
Backed out changeset 89475adf15b6 (bug 1639815)
Backed out changeset 94877a079054 (bug 1639815)
2020-05-22 01:33:22 +03:00
Mike Hommey 9725d351de Bug 1639815 - Move --enable-strip and --enable-install-strip to python configure. r=nalexander
Differential Revision: https://phabricator.services.mozilla.com/D76291
2020-05-21 20:39:54 +00:00
Mike Hommey 1304fec22e Bug 1639815 - Move --enable-dtrace to python configure. r=froydnj
Differential Revision: https://phabricator.services.mozilla.com/D76289
2020-05-21 10:13:35 +00:00
Mike Hommey 28de21d935 Bug 1638193 - Remove build system support for iOS. r=nalexander
iOS support for Gecko has not been tested in years and is most probably
out of date. The build system part of it, specifically the checks in
build/autoconf/ios.m4, are not trivial to port to python configure, and
they prevent other things from moving to python configure (because some
of them change value when MOZ_IOS is set).

The code is left alone, although it could probably be stripped off as
well, but I'll leave that as an exercise for someone else.

Differential Revision: https://phabricator.services.mozilla.com/D75463
2020-05-15 03:56:16 +00:00
J.C. Jones 638a597baa Bug 1636656 - land NSS e3444f4cc638 UPGRADE_NSS_RELEASE,
Differential Revision: https://phabricator.services.mozilla.com/D74716
2020-05-11 18:20:52 +00:00
Nick Alexander 9c6b68bbb2 Bug 1635271 - Restore CFLAGS to avoid repeat -fPIC flag when running configure after clobber. r=froydnj
If we don't restore CFLAGS, then after a clobber, there's no configure
cache, and therefore the CFLAGS get tweaked.  But running configure
again, the cache steps in and the extra -fPIC isn't added.  Locally
this means fewer sccache hits (but in automation, all builds at this
time are clobber builds, so there's no impact).

Differential Revision: https://phabricator.services.mozilla.com/D73757
2020-05-04 23:13:55 +00:00
Nathan Froyd 795e06301c Bug 1635099 - remove _USE_CPP_INCLUDE_FLAG; r=dmajor
We only set this and never reference it otherwise.  I attempted to
determine when the last use was, but even esr17 (!) only set it, never
used it, and `hg grep` is very slow...

Differential Revision: https://phabricator.services.mozilla.com/D73662
2020-05-04 15:03:17 +00:00
Kevin Jacobs 7d42f279f2 Bug 1629594 - land NSS 50dcc34d470d UPGRADE_NSS_RELEASE, r=jcj
2020-04-13  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/pk11wrap/debug_module.c, lib/pk11wrap/pk11load.c:
	Bug 1629105 - Update PKCS11 module debug logger for v3.0 r=rrelyea

	Differential Revision:
	https://phabricator.services.mozilla.com/D70582
	[50dcc34d470d] [tip]

2020-04-07  Robert Relyea  <rrelyea@redhat.com>

        * lib/ckfw/builtins/testlib/Makefile:
        Bug 1465613 Fix gmake issue create by the patch which adds ability
        to distrust certificates issued after a certain date for a specified
        root cert r=jcj

        I've been trying to run down an issue I've been having, and I think
        this bug is the source. Whenever I build ('gmake' build), I get the
        following untracted files: ? lib/ckfw/builtins/testlib/anchor.o ?
        lib/ckfw/builtins/testlib/bfind.o ?
        lib/ckfw/builtins/testlib/binst.o ?
        lib/ckfw/builtins/testlib/bobject.o ?
        lib/ckfw/builtins/testlib/bsession.o ?
        lib/ckfw/builtins/testlib/bslot.o ?
        lib/ckfw/builtins/testlib/btoken.o ?
        lib/ckfw/builtins/testlib/ckbiver.o ?
        lib/ckfw/builtins/testlib/constants.o

        This is because of the way lib/ckfw/builtins/testlib works, it uses
        the sources from the directory below, and explicitly reference them
        with ../{source_name}.c. The object file then becomes
        lib/ckfw/builtins/testlib/{OBJDIR}/../{source_name}.o.

        The simple fix would be to paper over the issue and just add these
        to .hgignore, but that would break our ability to build multiple
        platforms on a single source directory. I'll include a patch that
        fixes this issue.

        bob

        Differential Revision:
        https://phabricator.services.mozilla.com/D70077
        [92058f185316]

2020-04-06  Robert Relyea  <rrelyea@redhat.com>

	* automation/abi-check/expected-report-libnss3.so.txt,
	gtests/ssl_gtest/tls_hkdf_unittest.cc, lib/nss/nss.def,
	lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c,
	lib/ssl/sslprimitive.c, lib/ssl/tls13con.c, lib/ssl/tls13con.h,
	lib/ssl/tls13hkdf.c, lib/ssl/tls13replay.c, tests/ssl/ssl.sh:
	Bug 1561637 TLS 1.3 does not work in FIPS mode r=mt

	Part 2 of 2

	Use the official PKCS #11 HKDF mechanism to implement tls 1.3.

	1) The new mechanism is a single derive mechanism, so we no longer
	need to pick it based on the underlying hmac (Note, we still need to
	know the underlying hmac, which is passed in as a mechanism
	parameter).

	2) Use the new keygen to generate CKK_HKDF keys rather than doing it
	by hand with the random number generator (never was really the best
	way of doing this).

	3) modify tls13hkdf.c to use the new mechanisms: 1) Extract: use the
	new key handle in the mechanism parameters to pass the salt when the
	salt is a key handle. Extract: use the explicit NULL salt parameter
	if for the hash len salt of zeros. 2) Expand: Expand is mostly a
	helper function which takes a mechanism. For regular expand, the
	mechanism is the normal _Derive, for the Raw version its the _Data
	function. That creates a data object, which is extractable in FIPS
	mode.

	4) update slot handling in tls13hkdf.c: 1) we need to make sure that
	the key and the salt key are in the same slot. Provide a PK11wrap
	function to make that guarrentee (and use that function in
	PK11_WrapKey, which already has to do the same function). 2) When
	importing a 'data' key for the zero key case, make sure we import
	into the salt key's slot. If there is no salt key, use
	PK11_GetBestSlot() rather than PK11_GetInternal slot.

	Differential Revision:
	https://phabricator.services.mozilla.com/D69899
	[3d2b1738e064]

2020-04-06  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/common/testvectors/curve25519-vectors.h,
	gtests/common/testvectors/p256ecdh-vectors.h,
	gtests/common/testvectors/p384ecdh-vectors.h,
	gtests/common/testvectors/p521ecdh-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha256-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha1-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha384-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha1-vectors.h,
	gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha512-vectors.h,
	gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h,
	gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h,
	gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h,
	gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h,
	gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h,
	gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h,
	gtests/common/testvectors/rsa_pss_misc-vectors.h,
	gtests/common/testvectors/rsa_signature-vectors.h,
	gtests/common/testvectors/rsa_signature_2048_sha224-vectors.h,
	gtests/common/testvectors/rsa_signature_2048_sha256-vectors.h,
	gtests/common/testvectors/rsa_signature_2048_sha512-vectors.h,
	gtests/common/testvectors/rsa_signature_3072_sha256-vectors.h,
	gtests/common/testvectors/rsa_signature_3072_sha384-vectors.h,
	gtests/common/testvectors/rsa_signature_3072_sha512-vectors.h,
	gtests/common/testvectors/rsa_signature_4096_sha384-vectors.h,
	gtests/common/testvectors/rsa_signature_4096_sha512-vectors.h,
	gtests/common/testvectors_base/rsa_signature-vectors_base.txt,
	gtests/common/testvectors_base/test-structs.h,
	gtests/common/wycheproof/genTestVectors.py,
	gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
	gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc,
	gtests/pk11_gtest/pk11_rsaoaep_unittest.cc,
	gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc,
	gtests/pk11_gtest/pk11_rsapss_unittest.cc:
	Bug 1612260 - Add Wycheproof vectors for RSA PKCS1 and PSS signing,
	PKCS1 and OEAP decryption. r=bbeurdouche

	This patch updates the Wycheproof script to build RSA test vectors
	(covering PKCS1 decryption/verification, as well as PSS and OAEP)
	and adds the appropriate test drivers.

	Differential Revision:
	https://phabricator.services.mozilla.com/D69847
	[469fd8633757]

2020-04-01  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/taskcluster/docker-fuzz32/Dockerfile:
	Bug 1626751 - Add apt-transport-https & apt-utils to fuzz32 docker
	image r=jcj

	We already install these packages on the image_builder image itself.
	It seems they're now required on the fuzz32 image as well.

	Differential Revision:
	https://phabricator.services.mozilla.com/D69274
	[c7a8195e3072]

2020-04-01  Giulio Benetti  <giulio.benetti@benettiengineering.com>

	* lib/freebl/Makefile:
	Bug 1624864 - Don't force ARMv7 for gcm-arm32-neon r=jcj
	[858209235972]

	* coreconf/config.gypi, coreconf/config.mk, lib/freebl/Makefile,
	lib/freebl/freebl.gyp, lib/freebl/gcm.c:
	Bug 1620799 - Introduce NSS_DISABLE_ARM32_NEON r=jcj

	Only some Arm32 supports neon, so let's introduce
	NSS_DISABLE_ARM32_NEON to allow disabling Neon acceleration when
	building for Arm32.

	Signed-off-by: Giulio Benetti
	<giulio.benetti@benettiengineering.com>
	[b47b2c35aa64]

2020-04-01  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
	check/expected-report-libsoftokn3.so.txt, automation/abi-check
	/expected-report-libssl3.so.txt:
	Fixup ABI checks after libabigail update and Delegated Credentials
	backport. r=me
	[7f50f6ca7658]

2020-03-31  hajma  <tropikhajma@gmail.com>

	* coreconf/SunOS5.mk:
	Bug 1625133 - Fix implicit declaration of function 'getopt' on SunOS
	r=jcj
	[744788dd18dc]

2020-03-30  Robert Relyea  <rrelyea@redhat.com>

	* automation/abi-check/expected-report-libnss3.so.txt,
	gtests/pk11_gtest/pk11_hkdf_unittest.cc, lib/nss/nss.def,
	lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11obj.c,
	lib/pk11wrap/pk11pub.h, lib/softoken/pkcs11.c,
	lib/softoken/pkcs11c.c:
	Bug 1561637 TLS 1.3 does not work in FIPS mode

	Patch 1 of 2. This patch updates softoken and helper functions with
	the new PKCS #11 v3 HKDF, which handles all the correct key
	management so that we can work in FIPS mode

	1) Salts can be passed in as data, as and explicit NULL (which per
	spec means a zero filled buffer of length of the underlying HMAC),
	or through a key handle 2) A Data object can be used as a key
	(explicitly allowed for this mechanism by the spec). 3) A special
	mechansism produces a data object rather than a key, the latter
	which can be exported. Softoken does not do the optional validation
	on the pInfo to verify that the requested values are supposed to be
	data rather than keys. Some other tokens may.

	The old hkdf mechanism has been retained for compatibility (well
	namely until patch 2 is created, tls is still using it). The hkdf
	function has been broken off into it's own function rather than
	inline in the derive function.

	Note: because the base key and/or the export key could really be a
	data object, our explicit handling of sensitive and extractable are
	adjusted to take into account that those flags do not exist in data
	objects.

	Differential Revision:
	https://phabricator.services.mozilla.com/D68940
	[e0922aac5267]

2020-03-26  Hans Petter Jansson  <hpj@cl.no>

	* cmd/lowhashtest/lowhashtest.c:
	Bug 1622555 - Fix lowhashtest argument parsing. r=kjacobs
	[f3c5ab41c972]

2020-03-26  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* lib/freebl/Makefile, lib/freebl/freebl.gyp:
	Bug 1624377 - Replace freebl flag -msse4 by -msse4.1 -msse4.2 which
	are supported by older compilers r=kjacobs

	Differential Revision:
	https://phabricator.services.mozilla.com/D68407
	[16ee7cb36fff]

2020-03-26  Robert Relyea  <rrelyea@redhat.com>

	* gtests/ssl_gtest/libssl_internals.c, lib/pk11wrap/exports.gyp,
	lib/pk11wrap/manifest.mn, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c,
	lib/ssl/sslspec.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h,
	lib/ssl/tls13esni.c, lib/ssl/tls13exthandle.c:
	Bug 1623374 Need to support the new PKCS #11 Message interface for
	AES GCM and ChaCha Poly r=mt

	Update ssl to use the new PK11_AEADOp() interface. 1. We restore the
	use of PK11Context_Create() for AEAD operations. 2. AES GCM and
	CHACHA/Poly specific functions are no longer needed as PK11_AEADOp()
	handles all the mechanism specific processing. 3. TLS semantic
	differences between the two algorithms is handled by their
	parameters: 1. Nonce length is the length of the nonce counter. If
	it's zero, then XOR_Counter is used (and the nonce length is the
	sizeof(sslSequenceNumber)). 2. IV length is the full IV length -
	nonce length. 3. TLS 1.3 always uses XOR_Counter. 4. The IV is
	returned from the token in the encrypt case. Only in the explict
	nonce case is it examined. (The code depends on the fact that the
	count in the token will match sslSequenceNumber). I did have assert
	code to verify this was happening for testing, but it's removed from
	this patch it can be added back. 5. All the decrypt instances of
	XOR_Counter IV creation have been colapsed into tls13_WriteNonce().
	6. Even tough PK11_AEADOp returns and accepts the tag separately
	(for encrypt and decrypt respectively). The SSL code still returns
	the values as buffer||tag. 7. tls13_AEAD() has been enhanced so all
	uses of AEAD outside of the TLS stream can use it instead of their
	own wrapped version. It can handle streams (CreateContext()
	tls13_AEAD() tls13_AEAD() DestroyContext()) or single shot
	tls13_AEAD(context=NULL). In the later case, the keys for the single
	shot operation should not be resued. 8. libssl_internals.c in the
	gtests directory has been updated to handle advancing the internal
	iv counter when we artifically advance the seqNum. Since we don't
	have access to any token iv counter (including softoken), The code
	switches to simulated message mode, and updates the simulated state
	as appropriate. (obviously this is for testing only code as it
	reaches into normally private data structures).

	Differential Revision:
	https://phabricator.services.mozilla.com/D68480
	[e7c7f305078e]

2020-03-26  Robert Relyea  <rrelyea@redhat.com>

        * gtests/ssl_gtest/libssl_internals.c, lib/pk11wrap/exports.gyp,
        lib/pk11wrap/manifest.mn, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c,
        lib/ssl/sslspec.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h,
        lib/ssl/tls13esni.c, lib/ssl/tls13exthandle.c:
        Bug 1623374 Need to support the new PKCS #11 Message interface for
        AES GCM and ChaCha Poly r=mt

        Update ssl to use the new PK11_AEADOp() interface. 1. We restore the
        use of PK11Context_Create() for AEAD operations. 2. AES GCM and
        CHACHA/Poly specific functions are no longer needed as PK11_AEADOp()
        handles all the mechanism specific processing. 3. TLS semantic
        differences between the two algorithms is handled by their
        parameters: 1. Nonce length is the length of the nonce counter. If
        it's zero, then XOR_Counter is used (and the nonce length is the
        sizeof(sslSequenceNumber)). 2. IV length is the full IV length -
        nonce length. 3. TLS 1.3 always uses XOR_Counter. 4. The IV is
        returned from the token in the encrypt case. Only in the explict
        nonce case is it examined. (The code depends on the fact that the
        count in the token will match sslSequenceNumber). I did have assert
        code to verify this was happening for testing, but it's removed from
        this patch it can be added back. 5. All the decrypt instances of
        XOR_Counter IV creation have been colapsed into tls13_WriteNonce().
        6. Even tough PK11_AEADOp returns and accepts the tag separately
        (for encrypt and decrypt respectively). The SSL code still returns
        the values as buffer||tag. 7. tls13_AEAD() has been enhanced so all
        uses of AEAD outside of the TLS stream can use it instead of their
        own wrapped version. It can handle streams (CreateContext()
        tls13_AEAD() tls13_AEAD() DestroyContext()) or single shot
        tls13_AEAD(context=NULL). In the later case, the keys for the single
        shot operation should not be resued. 8. libssl_internals.c in the
        gtests directory has been updated to handle advancing the internal
        iv counter when we artifically advance the seqNum. Since we don't
        have access to any token iv counter (including softoken), The code
        switches to simulated message mode, and updates the simulated state
        as appropriate. (obviously this is for testing only code as it
        reaches into normally private data structures).

        Differential Revision:
        https://phabricator.services.mozilla.com/D68480
        [e7c7f305078e]


2020-03-23  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/softoken/pkcs11.c:
	Bug 1624402 - Fix compilation error when NO_FORK_CHECK and
	CHECK_FORK_* are defined r=rrelyea

	Differential Revision:
	https://phabricator.services.mozilla.com/D67911
	[0225889e5292]

2020-03-23  Kevin Jacobs  <kjacobs@mozilla.com>

    * lib/util/pkcs11.h:
    Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed.
    r=rrelyea

    Differential Revision:
    https://phabricator.services.mozilla.com/D67741
    [7ab62d3d0445]

2020-03-19  Robert Relyea  <rrelyea@redhat.com>

	* automation/abi-check/expected-report-libnss3.so.txt,
	gtests/pk11_gtest/pk11_aes_gcm_unittest.cc,
	gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
	lib/freebl/blapi.h, lib/freebl/blapii.h, lib/freebl/blapit.h,
	lib/freebl/chacha20poly1305.c, lib/freebl/gcm.c, lib/freebl/gcm.h,
	lib/freebl/intel-gcm-wrap.c, lib/freebl/intel-gcm.h,
	lib/freebl/ldvector.c, lib/freebl/loader.c, lib/freebl/loader.h,
	lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/nss/nss.def,
	lib/pk11wrap/pk11cxt.c, lib/pk11wrap/pk11mech.c,
	lib/pk11wrap/pk11priv.h, lib/pk11wrap/pk11pub.h,
	lib/pk11wrap/pk11skey.c, lib/pk11wrap/pk11slot.c,
	lib/pk11wrap/secmodti.h, lib/softoken/fipstokn.c,
	lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
	lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
	lib/softoken/sftkmessage.c, lib/util/pkcs11n.h, lib/util/pkcs11t.h,
	lib/util/secport.h:
	Bug 1623374 Need to support the new PKCS #11 Message interface for
	AES GCM and ChaCha Poly

	PKCS #11 defines a new interface for handling AEAD type ciphers that
	allow multiple AEAD operations without repeating the key schedule.
	It also allows tokens to keep track of the number of operations, and
	generate IVs (depending on the cipher).

	This patch: 1. implement those new functions in softoken. With the
	addition of CKF_MESSAGE_* flags to various mechanism, we need to
	strip them when using the version 2 API of softoken (since there are
	no C_Message* function in version 2). For that we need a separate
	C_GetMechanismInfo function. We use the same trick we used to have a
	separate version function for the V2 interface. Also now that the
	new message functions are in their own file, they still need access
	to the common Session state processing functions. those have gone
	from static to exported within softoken to accomidate that. Same
	with sftk_MapDecryptError() (sftk_MapVerifyError() was also made
	global, though nothing else is yet using it). Only
	C_MessageEncrptInit(), C_EncryptMessage(), C_MessageEncryptFinal,
	C_MessageDecryptInit(), C_DecryptMessage(), and
	C_MessageDecryptFinal are implemented. C_EncryptMessageBegin(),
	C_EncryptMessageNext(), C_DecryptMessageBegin(), and
	C_DecryptMessageNext() are all part of the multi-part withing a
	multi-part operation and are only necessary for things like S/MIME
	(potentially). If we wanted to implement them, we would need more
	functions exported from freebl (and initaead, updateaead, finalaead
	for each mechanism type). 2. make those interfaces call aes_gcm and
	chacha20_poly1503 (and make adjustments for those ciphers). For AES,
	I added a new function AES_AEAD, which handles both encrypt and
	decrypt. Internally, the gcm functions (both the generic gcm and the
	intel gcm wrapper) had their init functions split into key
	scheduling and counter mode/tag initialization. The latter is still
	called from init, but the former is now for each update call. IV
	generation is handled by a single function in gcm.c, and shared with
	intel_gcm_wrapper.c Since the AES functions already know about the
	underlying PKCS #11 mechanism parameters, the new AEAD functions
	also parse the PKCS #11 GCM parameters. For Chacha/Poly new aead
	update functions were created called ChaChaPoly1305_Encrypt and
	ChaChaChaPoly1305_Decrypt. There was no Message specific
	initialization in the existing chacha_init, so no changes were
	needed there. The primary difference between _Encrypt/_Decrypt and
	_Seal/_Open is the fact that the tag is put at the end of the
	encrypted data buffer in the latter, and in a generic buffer in the
	former. 3. create new pk11wrap interfaces that also squash the api
	differences between the various mechanisms for aead (similiar to the
	way we do it for CBC and ECB crypto today). To accomplish this I
	added PK11_AEADOp() and PK11_AEADRawOp(). Both functions handle the
	case where the token only supports the single shot interface, by
	using the single short interface to simulate the Message interface.
	The PK11_AEADOp() also smooths out the differences in the parameters
	and symantics of the various mechanism so the application does not
	need to worry about the PKCS #11 differences in the mechanism. Both
	use contexts from the standard PK11_CreateContext(), so key
	schedules are done once for each key rather than once for each
	message. MESSAGE/AEAD operations are selected by adding the psuedo
	attribute flag CKA_NSS_MESSAGE to the requested operation
	(CKA_ENCRYPT, CKA_DECRYPT, CKA_SIGN, CKA_VERIFY). 4. write tests for
	the new interfaces Tests were added to make sure the PK11_AEADRawOp
	interface works, The single shot interface is used to test output of
	the message interface we also use two test only functions to force
	the connection to use the simulation interface, which is also
	compared to the non-simulate inteface. The AES_GCM also tests
	various IV generators.

	Differential Revision:
	https://phabricator.services.mozilla.com/D67552
	[293ac3688ced]

2020-03-18  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/freebl/mpi/mpcpucache.c:
	Bug 1623184 - Clear ECX prior to cpuid, fixing query for Extended
	Features r=bbeurdouche

	While trying to benchmark the recent HACL* AVX2 code, I noticed that
	it was not being called on two machines (that both support AVX2),
	instead using only the AVX version.

	In order to query for Extended Features (cpuid with EAX=7), we also
	need to set ECX to 0: https://www.intel.com/content/www/us/en
	/architecture-and-technology/64-ia-32-architectures-software-
	developer-vol-2a-manual.html. The current code fails to do this,
	resulting in flags that show no support.

	Initially, I wrote a separate `freebl_cpuid_ex` function that
	accepted a value for ECX as a separate input argument. However, some
	definitions of `freebl_cpuid` already zero ECX, so making this
	consistent is the simplest way to get the desired behavior.

	With this patch, the two test machines (MacOS and Linux x64)
	correctly use the AVX2 ChaCha20Poly1305 code.

	Differential Revision:
	https://phabricator.services.mozilla.com/D67235
	[06d41fe87c58]

2020-03-17  Robert Relyea  <rrelyea@redhat.com>

	* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
	check/expected-report-libsoftokn3.so.txt, cmd/pk11mode/pk11mode.c,
	lib/pk11wrap/pk11load.c, lib/pk11wrap/secmodi.h,
	lib/pk11wrap/secmodt.h, lib/softoken/fipstokn.c,
	lib/softoken/manifest.mn, lib/softoken/pkcs11.c,
	lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h,
	lib/softoken/sftkmessage.c, lib/softoken/softoken.gyp,
	lib/softoken/softoken.h, lib/softoken/softokn.def,
	lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h,
	nss/automation/abi-check/new-report-libnss3.so.txt, nss/automation
	/abi-check/new-report-libsoftokn3.so.txt:
	Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=ueno r=mt

	Update to PKCS #11 v3.0 part 2.

	Create the functions and switch to the C_Interface() function to
	fetch the PKCS #11 function table. Also PKCS #11 v3.0 uses a new
	fork safe interface. NSS can already handle the case if the PKCS #11
	module happens to be fork safe (when asked by the application to
	refresh the tokens in the child process, NSS can detect that such a
	refresh is not necessary and continue. Softoken could also be put in
	fork_safe mode with an environment variable. With this patch it's
	the default, and NSS asks for the fork safe API by default.
	Technically softoken should implement the old non-fork safe
	interface when PKCS #11 v2.0 is called, but NSS no longer needs it,
	and doing so would double the number of PKCS #11 interfaces are
	needed. You can still compile with fork unsafe semantics, and the
	PKCS #11 V3.0 module will do the right thing and not include the
	fork safe flag. Firefox does not fork(), so for firefox this is
	simply code that is no longer compilied.

	We now use C_GetInterface, which allows us to specify what kind of
	interface we want (PKCS #11 v3.0, PKCS #11 v2.0, fork safe, etc.).
	Vendor specific functions can now be accessed through the
	C_GetInterface. If the C_GetInterface function does not exists, we
	fall bak to the old C_GetFunctionList.

	There are 24 new functions in PKCS #11 v3.0: C_GetInterfaceList -
	return a table of all the supported interfaces C_GetInterface -
	return a specific interface. You can specify interface name, version
	and flags separately. You can leave off any of these and you will
	get what the token thinks is the best match of the interfaces that
	meet the criteria. We do this in softoken by the order of the
	interface list. C_SessionCancel - Cancel one or more multipart
	operation C_LoginUser - Supply a user name to C_Login(). This
	function has no meaning for softoken, so it just returns
	CKR_OPERATION_NOT_INITIALIZED under the theory that if we in the
	future want to support usernames, the NSS db would need special
	initialization to make that happen. C_Message* and C_*Message* (20
	functions in all) are the new AEAD interface (they are written
	generally so that it can be used for things other than AEAD). In
	this patch they are unimplemented (see the next patch).

	This patch adds regular (NSC_) and FIPS (FC_) versions of these
	functions. Also when creating the PKCS #11 v2.0 interface, we had to
	create a 2.0 specific version of C_GetInfo so that it can return a
	2.40 in the CK_VERSION field rather than 3.00. We do this with
	#defines since all the function tables are generated automagically
	with pkcs11f.h.

	Differential Revision:
	https://phabricator.services.mozilla.com/D67240
	[2364598f8a36]

2020-03-09  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

	* automation/taskcluster/scripts/run_hacl.sh,
	lib/freebl/verified/Hacl_Poly1305_128.c,
	lib/freebl/verified/Hacl_Poly1305_256.c:
	Bug 1612493 - Fix Firefox build for Windows 2012 x64. r=kjacobs

	Differential Revision:
	https://phabricator.services.mozilla.com/D65945
	[7e09cdab32d0]

2020-03-02  Kurt Miller  <kurt@intricatesoftware.com>

        * lib/freebl/blinit.c:
        Bug 1618400 - Fix unused variable 'getauxval' on OpenBSD/arm64 r=jcj

        https://bugzilla.mozilla.org/show_bug.cgi?id=1618400
        [2c989888dee7]

2020-03-02  Giulio Benetti  <giulio.benetti@benettiengineering.com>

        * lib/freebl/blinit.c:
        Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>). r=kjacobs
        Some build environment doesn't provide <sys/auxv.h> and this causes
        build failure, so let's check if that header exists by using
        __has_include() helper.

        Signed-off-by: Giulio Benetti
        <giulio.benetti@benettiengineering.com>
        [bb7c46049f26]

2020-02-28  Benjamin Beurdouche  <bbeurdouche@mozilla.com>

        * automation/taskcluster/scripts/run_hacl.sh,
        lib/freebl/verified/Hacl_Chacha20.c,
        lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
        lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
        lib/freebl/verified/Hacl_Chacha20_Vec128.c,
        lib/freebl/verified/Hacl_Curve25519_51.c,
        lib/freebl/verified/Hacl_Kremlib.h,
        lib/freebl/verified/Hacl_Poly1305_128.c,
        lib/freebl/verified/Hacl_Poly1305_32.c,
        lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
        lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
        b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
        d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
        6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
        Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
        _uint128_gcc64.h, lib/freebl/verified/libintvector.h:
        Bug 1617533 - Update of HACL* after libintvector.h and coding style
        changes. r=kjacobs

        *** Bug 1617533 - Clang format

        *** Bug 1617533 - Update HACL* commit for job in Taskcluster

        *** Bug 1617533 - Update HACL* Kremlin code

        Differential Revision:
        https://phabricator.services.mozilla.com/D63829
        [b6677ae9067e]

        * automation/taskcluster/graph/src/extend.js, coreconf/arch.mk,
        coreconf/config.mk, lib/freebl/Makefile, lib/freebl/blapii.h,
        lib/freebl/blinit.c, lib/freebl/chacha20poly1305.c,
        lib/freebl/freebl.gyp,
        lib/freebl/verified/Hacl_Chacha20Poly1305_256.c,
        lib/freebl/verified/Hacl_Chacha20Poly1305_256.h,
        lib/freebl/verified/Hacl_Chacha20_Vec256.c,
        lib/freebl/verified/Hacl_Chacha20_Vec256.h,
        lib/freebl/verified/Hacl_Poly1305_256.c,
        lib/freebl/verified/Hacl_Poly1305_256.h, nss-tool/hw-support.c:
        Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and
        Chacha20Poly1305. r=kjacobs

        *** Bug 1612493 - Import AVX2 code from HACL*
        *** Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE
        *** Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and
        freebl.gyp
        *** Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t
        support -mavx2
        *** Bug 1612493 - Disable tests when the platform doesn't have
        support for AVX2

        Differential Revision:
        https://phabricator.services.mozilla.com/D64718
        [d5deac55f543]


2020-02-18  Robert Relyea  <rrelyea@redhat.com>

	* cmd/bltest/blapitest.c, cmd/fipstest/fipstest.c,
	cmd/lib/pk11table.c, cmd/pk11gcmtest/pk11gcmtest.c,
	cmd/shlibsign/shlibsign.c,
	gtests/pk11_gtest/pk11_aes_gcm_unittest.cc,
	gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/certdb/crl.c,
	lib/ckfw/dbm/db.c, lib/dev/devslot.c, lib/dev/devtoken.c,
	lib/dev/devutil.c, lib/freebl/fipsfreebl.c, lib/freebl/gcm.c,
	lib/freebl/intel-gcm-wrap.c, lib/pk11wrap/debug_module.c,
	lib/pk11wrap/dev3hack.c, lib/pk11wrap/pk11akey.c,
	lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c,
	lib/pk11wrap/pk11err.c, lib/pk11wrap/pk11load.c,
	lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11merge.c,
	lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11obj.c,
	lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11pk12.c,
	lib/pk11wrap/pk11pqg.c, lib/pk11wrap/pk11skey.c,
	lib/pk11wrap/pk11slot.c, lib/pk11wrap/pk11util.c, lib/pkcs12/p12d.c,
	lib/pkcs12/p12e.c, lib/softoken/fipstokn.c,
	lib/softoken/legacydb/lgattr.c, lib/softoken/legacydb/lgcreate.c,
	lib/softoken/legacydb/lgfind.c, lib/softoken/legacydb/lginit.c,
	lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
	lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sftkdb.c,
	lib/softoken/sftkpwd.c, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c,
	lib/ssl/tls13con.c, lib/util/pkcs11.h, lib/util/pkcs11f.h,
	lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secoid.c, nss-
	tool/enc/enctool.cc:
	Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye

	https://phabricator.services.mozilla.com/D63241

	This patch implements the first phase: updating the headers.

	lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h

	Were updated using the released OASIS PKCS #11 v3.0 header files.
	lib/util/pkcs11n.h was updated to finally deprecate all uses of
	CK?_NETSCAPE_?.

	A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the
	small semantic changes (including the removal of deprecated defines)
	between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are
	reverted in favor of the PKCS #11 v2 definitions. This include the
	removal of CK?_NETSCAPE_? in favor of CK?_NSS_?.

	One notable change was caused by an inconsistancy between the spec
	and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an
	extra field in the header that was not in the spec. OASIS considers
	the header file to be normative, so PKCS #11 v3.0 resolved the issue
	in favor of the header file definition. NSS had the spec definition,
	so now there are 2 defines for this structure:

	CK_NSS_GCM_PARAMS - the old nss define. Still used internally in
	freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer
	referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if
	NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
	CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.

	Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
	CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
	CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.

	 One other semantic difference between the 3.0 version of pkcs11f.h
	and the version here: In the oasis version of the header, you must
	define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In
	our version you must define CK_PKCS11_3 to get the PCKS #11 v3
	defines.

	Most of this patch is to handle changing the deprecated defines that
	have been removed in PCKS #11 v3 from NSS.

	Differential Revision:
	https://phabricator.services.mozilla.com/D63241
	[b5d90a7fe217]

Differential Revision: https://phabricator.services.mozilla.com/D70773

--HG--
extra : moz-landing-system : lando
2020-04-14 17:53:38 +00:00
Kevin Jacobs d3ee51ff83 Bug 1621350 - land NSS NSS_3_51_1_RTM UPGRADE_NSS_RELEASE, r=jcj
2020-04-03  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.51.1 final
	[81a16f9b6562] [NSS_3_51_1_RTM] <NSS_3_51_BRANCH>

2020-04-01  Kevin Jacobs  <kjacobs@mozilla.com>

	* .hgtags:
	Added tag NSS_3_51_1_BETA1 for changeset 581ed41d0a8d
	[99b5a3b50511] <NSS_3_51_BRANCH>

Differential Revision: https://phabricator.services.mozilla.com/D69651

--HG--
extra : moz-landing-system : lando
2020-04-03 22:39:37 +00:00