Граф коммитов

4630 Коммитов

Автор SHA1 Сообщение Дата
J.C. Jones 26d284f717 Bug 1577822 - land NSS dc86215aea17 UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-03  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
	Bug 1576307 - Fixup for fips tests, permit NULL iv as necessary.
	r=jcj

	ECB mode should not require an IV.

	[dc86215aea17] [tip]

2019-09-30  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/softoken/pkcs11c.c:
	Bug 1576307 - Check mechanism param and param length before casting
	to mechanism-specific structs. r=jcj

	This patch adds missing PKCS11 input parameter checks, which are
	needed prior to casting to mechanism-specific structs.

	[53d92a324080]

Differential Revision: https://phabricator.services.mozilla.com/D48109

--HG--
extra : moz-landing-system : lando
2019-10-03 20:05:41 +00:00
J.C. Jones a9376fa7c8 Bug 1577822 - land NSS c0913ad7a560 UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-01  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/softoken/pkcs11c.c:
	Bug 1577953 - Support longer (up to RFC maximum) HKDF outputs r=jcj

	HKDF-Expand enforces a maximum output length much shorter than
	stated in the RFC. This patch aligns the implementation with the RFC
	by allocating more output space when necessary.

	[c0913ad7a560] [tip]

2019-09-30  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/common/testvectors/curve25519-vectors.h,
	gtests/pk11_gtest/pk11_curve25519_unittest.cc,
	gtests/pk11_gtest/pk11_ecdsa_unittest.cc,
	gtests/pk11_gtest/pk11_ecdsa_vectors.h,
	gtests/pk11_gtest/pk11_signature_test.h:
	Bug 1558234 - Additional EC key tests, r=jcj

	Adds additional EC key corner case testing.

	[c20364849713]

Differential Revision: https://phabricator.services.mozilla.com/D47805

--HG--
extra : moz-landing-system : lando
2019-10-01 22:59:31 +00:00
J.C. Jones af55efcd96 Bug 1577822 - land NSS 5619cbbca3db UPGRADE_NSS_RELEASE, r=kjacobs
2019-09-27  J.C. Jones  <jjones@mozilla.com>

	* lib/softoken/pkcs11.c, lib/softoken/pkcs11i.h,
	lib/softoken/pkcs11u.c:
	Bug 1508776 - Remove unneeded refcounting from SFTKSession
	r=mt,kjacobs

	SFTKSession objects are only ever actually destroyed at PK11 session
	closure, as the session is always the final holder -- and asserting
	refCount == 1 shows that to be true. Because of that,
	NSC_CloseSession can just call `sftk_DestroySession` directly and
	leave `sftk_FreeSession` as a no-op to be removed in the future.

	[5619cbbca3db] [tip]

Differential Revision: https://phabricator.services.mozilla.com/D47631

--HG--
extra : moz-landing-system : lando
2019-09-30 16:26:14 +00:00
J.C. Jones ecb14a1f95 Bug 1577822 - land NSS be9c48ad76cb UPGRADE_NSS_RELEASE, r=kjacobs
2019-09-27  Daiki Ueno  <dueno@redhat.com>

	* cmd/lib/Makefile, cmd/lib/lib.gyp, cmd/lib/manifest.mn,
	cmd/lib/secutil.c, cmd/lib/secutil.h, cmd/platlibs.mk,
	cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c, tests/ssl/ssl.sh:
	Bug 1494063, add -x option to tstclnt/selfserv to export keying
	material, r=mt

	Reviewers: rrelyea, mt

	Reviewed By: mt

	Subscribers: HubertKario

	Bug #: 1494063

	[be9c48ad76cb] [tip]

2019-02-25  Martin Thomson  <martin.thomson@gmail.com>

	* gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
	gtests/pk11_gtest/pk11_import_unittest.cc,
	gtests/pk11_gtest/pk11_key_unittest.cc,
	gtests/pk11_gtest/pk11_keygen.cc, gtests/pk11_gtest/pk11_keygen.h:
	Bug 1515342 - Tests for invalid DH public keys, r=jcj

	Summary: This prevents crashes on invalid, particularly NULL, keys
	for DH and ECDH.

	I factored out test code already landed for this.

	[7e3476b7a912]

2019-09-27  Martin Thomson  <martin.thomson@gmail.com>

	* cpputil/nss_scoped_ptrs.h, cpputil/scoped_ptrs_util.h,
	gtests/common/testvectors/curve25519-vectors.h,
	gtests/der_gtest/der_quickder_unittest.cc, lib/util/quickder.c:
	Bug 1515342 - Checks for invalid bit strings, r=jcj

	[f4fe0da73446]

2019-09-27  Martin Thomson  <mt@lowentropy.net>

	* cmd/lib/derprint.c:
	Bug 1581024 - Fix pointer comparisons, a=bustage
	[062bc5e9859a]

2019-09-24  Kevin Jacobs  <kjacobs@mozilla.com>

	* cmd/lib/derprint.c:
	Bug 1581024 - fixup pointer wrap check to prevent it from being
	optimized out. r=jcj

	[f7fef2487a60]

2019-09-26  Deian Stefan  <deian@cs.ucsd.edu>

	* lib/softoken/pkcs11c.c, lib/softoken/tlsprf.c:
	Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj
	[86ef6ba1f1d7]

2019-09-26  Marcus Burghardt  <mburghardt@mozilla.com>

	* gtests/pk11_gtest/pk11_aes_gcm_unittest.cc, lib/freebl/gcm.c,
	lib/freebl/intel-gcm-wrap.c:
	Bug 1578238 - Validate tag size in AES_GCM. r=kjacobs,jcj

	Validate tag size in AES_GCM.

	[4e3971fd992c]

	* gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
	gtests/pk11_gtest/pk11_seed_cbc_unittest.cc, lib/freebl/seed.c:
	Bug 1576295 - SEED_CBC encryption check input arguments.
	r=kjacobs,jcj,mt

	Ensure the arguments passed to these functions are valid.

	[7580a5a212c7]

Differential Revision: https://phabricator.services.mozilla.com/D47494

--HG--
extra : moz-landing-system : lando
2019-09-27 20:31:22 +00:00
J.C. Jones 3e77ba718d Bug 1577822 - land NSS 03039d4fad57 UPGRADE_NSS_RELEASE, r=kjacobs
2019-09-23  Daiki Ueno  <dueno@redhat.com>

	* gtests/ssl_gtest/ssl_recordsize_unittest.cc, lib/ssl/ssl3con.c,
	tests/tlsfuzzer/config.json.in, tests/tlsfuzzer/tlsfuzzer.sh:
	Bug 1580286, account for IV size when checking TLS 1.2 records, r=mt

	Summary: This increases the limit of record expansion by 16 so that
	it doesn't reject maximum block padding when HMAC-SHA384 is used.

	To test this, tlsfuzzer is updated to the latest version (commit
	80d7932ead1d8dae6e555cfd2b1c4c5beb2847df).

	Reviewers: mt

	Reviewed By: mt

	Bug #: 1580286

	[03039d4fad57] [tip]

2019-09-20  Kai Engert  <kaie@kuix.de>

	* tests/smime/smime.sh:
	Bug 1577448 - Create additional nested S/MIME test messages for
	Thunderbird. r=jcj
	[57977ceea00e]

2019-09-19  Kai Engert  <kaie@kuix.de>

	* automation/taskcluster/docker-gcc-4.4/Dockerfile,
	automation/taskcluster/graph/src/try_syntax.js,
	automation/taskcluster/scripts/build.sh,
	automation/taskcluster/scripts/build_gyp.sh,
	automation/taskcluster/scripts/build_nspr.sh,
	automation/taskcluster/scripts/check_abi.sh,
	automation/taskcluster/scripts/gen_coverage_report.sh,
	automation/taskcluster/scripts/run_coverity.sh,
	automation/taskcluster/scripts/run_scan_build.sh,
	automation/taskcluster/windows/build.sh,
	automation/taskcluster/windows/build_gyp.sh:
	Bug 1399095 - Allow nss-try to be used to test NSPR changes.
	r=kjacobs
	[6e1a8a7cb469]

2019-09-16  Marcus Burghardt  <mburghardt@mozilla.com>

	* gtests/ssl_gtest/manifest.mn,
	gtests/ssl_gtest/ssl_cipherorder_unittest.cc,
	gtests/ssl_gtest/ssl_gtest.gyp, lib/ssl/ssl3con.c, lib/ssl/sslexp.h,
	lib/ssl/sslsock.c:
	Bug 1267894 - New functions for CipherSuites Ordering and gtests.
	r=jcj,kjacobs,mt

	Created two new experimental functions which permit the caller
	change the default order of CipherSuites used during the handshake.

	[2deb38fc1d68]

2019-09-18  Christian Weisgerber  <naddy@mips.inka.de>

	* tests/policy/policy.sh, tests/ssl/ssl.sh:
	Bug 1581507 - Fix unportable grep expression in test scripts
	r=marcusburghardt
	[edc1e405afa4]

2019-09-18  Franziskus Kiefer  <franziskuskiefer@gmail.com>

	* lib/jar/jarfile.c:
	Bug 1234830 - [CID 1242894][CID 1242852] unused values.
	r=kaie,r=kjacobs
	[b6d3f5c95aad]

2019-09-18  Kai Engert  <kaie@kuix.de>

	* cmd/symkeyutil/symkeyutil.c:
	Bug 1581759 - fix incorrect if condition in symkeyutil. r=kjacobs
	[306550105228]

Differential Revision: https://phabricator.services.mozilla.com/D46967

--HG--
extra : moz-landing-system : lando
2019-09-24 17:22:25 +00:00
J.C. Jones 484db3870b Bug 1577822 - land NSS a3ee4f26b4c1 UPGRADE_NSS_RELEASE, r=kjacobs
2019-09-18  Kevin Jacobs  <kjacobs@mozilla.com>

	* cmd/lib/derprint.c:
	Bug 1581024 - Check for pointer wrap in derprint.c. r=jcj

	Check for pointer wrap on output-length check in the derdump
	utility.

	[a3ee4f26b4c1] [tip]

2019-09-18  Giulio Benetti  <giulio.benetti@micronovasrl.com>

	* lib/freebl/gcm-aarch64.c:
	Bug 1580126 - Fix build failure on aarch64_be while building
	freebl/gcm r=kjacobs

	Build failure is caused by different #ifdef conditions in gcm.c and
	gcm-aarch64.c that leads to double declaration of the same gcm_*
	functions.

	Fix #ifdef condition in gcm-aarch64.c making it the same as the one
	in gcm.c.

	Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
	[fa0d958de0c3]

2019-09-17  Kai Engert  <kaie@kuix.de>

	* automation/taskcluster/graph/src/extend.js:
	Bug 1385039 - Build NSPR tests as part of NSS continuous
	integration. r=kjacobs
	[cc97f1a93038]

2019-09-17  Landry Breuil  <landry@openbsd.org>

	* lib/freebl/Makefile:
	Bug 1581391 - include gcm-aarch64 on all unices, not only linux
	r=kjacobs
	[e7b4f293fa4e]

2019-09-17  Martin Thomson  <mt@lowentropy.net>

	* mach:
	Bug 1581041 - Rename mach-commands to mach-completion, r=jcj

	This means that we can point our completion at the gecko one.

	[bc91272fcbdc]

2019-09-16  Jenine  <jenine_c@outlook.com>

	* cmd/pk11importtest/pk11importtest.c, lib/softoken/pkcs11.c:
	Bug 1558313 - Fix clang warnings in pk11importtest.c and pkcs11.c
	r=marcusburghardt

	[4569b745f74e]

2019-09-13  Daiki Ueno  <dueno@redhat.com>

	* lib/certhigh/certvfy.c:
	Bug 1542207, fix policy check on signature algorithms, r=rrelyea

	Reviewers: rrelyea

	Reviewed By: rrelyea

	Bug #: 1542207

	[ed8a41d16c1c]

2019-09-05  Daiki Ueno  <dueno@redhat.com>

	* lib/freebl/drbg.c:
	Bug 1560329, drbg: perform continuous test on entropy source,
	r=rrelyea

	Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
	to check that consecutive entropy blocks from the system are
	different. As neither getentropy() nor /dev/urandom provides that
	check on the output, this adds the self test at caller side.

	Reviewers: rrelyea

	Reviewed By: rrelyea

	Bug #: 1560329

	[c66dd879d16a]

2019-09-06  Martin Thomson  <mt@lowentropy.net>

	* automation/taskcluster/graph/src/queue.js:
	Bug 1579290 - Disable LSAN during builds, r=ueno

	Summary: See the bug description for details.

	[f28f3d7b7cf0]

2019-09-13  Kai Engert  <kaie@kuix.de>

	* Makefile, build.sh, coreconf/nspr.sh, help.txt:
	Bug 1385061 - Build NSPR tests with NSS make; Add gyp parameters to
	build/run NSPR tests. r=jcj
	[8b4a226f7d23]

2019-09-11  Kai Engert  <kaie@kuix.de>

	* nss.gyp:
	Bug 1577359 - Build atob and btoa for Thunderbird. r=jcj
	[1fe61aadaf57]

2019-09-10  Marcus Burghardt  <mburghardt@mozilla.com>

	* cmd/pk12util/pk12util.c:
	Bug 1579036 - Define error when trying to export non-existent cert
	with pk12util. r=jcj

	[65ab97f03c89]

2019-09-04  Martin Thomson  <mt@lowentropy.net>

	* gtests/mozpkix_gtest/pkixder_input_tests.cpp:
	Bug 1578626 - Remove undefined nullptr decrement, r=keeler

	Summary: This uses uintptr_t to avoid the worst. It still looks
	terrible and might trip static analysis warnings, but the
	reinterpret_cast should hide that.

	This assumes that sizeof(uintptr_t) == sizeof(void*), so I've added
	an assertion so that we'll at least fail the test on those systems.
	(We could use GTEST_SKIP instead, but we don't have that in the
	version of gtest that we use.)

	Reviewers: keeler

	Tags: #secure-revision

	Bug #: 1578626

	[d2485b1c997e]

2019-09-05  Marcus Burghardt  <mburghardt@mozilla.com>

	* gtests/pk11_gtest/pk11_find_certs_unittest.cc:
	Bug 1578751 - Ensure a consistent style for
	pk11_find_certs_unittest.cc. r=jcj

	Adjusted the style and clang-format after the changes in some var
	names.

	[e95fee7f59e5]

Differential Revision: https://phabricator.services.mozilla.com/D46246

--HG--
extra : moz-landing-system : lando
2019-09-18 03:27:20 +00:00
J.C. Jones e46ef2b607 Bug 1577822 - land NSS cf0df88aa807 UPGRADE_NSS_RELEASE, r=kjacobs
2019-08-30  Alexander Scheel  <ascheel@redhat.com>

	* automation/taskcluster/scripts/build_softoken.sh,
	cmd/lib/pk11table.c, gtests/pk11_gtest/pk11_aes_cmac_unittest.cc,
	gtests/pk11_gtest/pk11_gtest.gyp, lib/pk11wrap/debug_module.c,
	lib/pk11wrap/pk11mech.c, lib/softoken/pkcs11.c,
	lib/softoken/pkcs11c.c, lib/util/pkcs11t.h:
	Bug 1570501 - Expose AES-CMAC in PKCS #11 API, r=mt

	[cf0df88aa807] [tip]

	* cpputil/freebl_scoped_ptrs.h, gtests/freebl_gtest/cmac_unittests.cc,
	gtests/freebl_gtest/freebl_gtest.gyp, lib/freebl/blapi.h,
	lib/freebl/cmac.c, lib/freebl/cmac.h, lib/freebl/exports.gyp,
	lib/freebl/freebl_base.gypi, lib/freebl/ldvector.c,
	lib/freebl/loader.c, lib/freebl/loader.h, lib/freebl/manifest.mn:
	Bug 1570501 - Add AES-CMAC implementation to freebl, r=mt

	[a42c6882ba1b]

2019-09-05  David Cooper  <dcooper16@gmail.com>

	* lib/smime/cmssiginfo.c:
	Bug 657379 - NSS uses the wrong OID for signatureAlgorithm field of
	signerInfo in CMS for DSA and ECDSA. r=rrelyea
	[7a83b248de30]

2019-09-05  Daiki Ueno  <dueno@redhat.com>

	* lib/freebl/drbg.c:
	Backed out changeset 934c8d0e7aba

	It turned out to cause some new errors in LSan; backing out for now.
	[34a254dd1357]

	* lib/freebl/drbg.c:
	Bug 1560329, drbg: perform continuous test on entropy source,
	r=rrelyea

	Summary: FIPS 140-2 section 4.9.2 requires a conditional self test
	to check that consecutive entropy blocks from the system are
	different. As neither getentropy() nor /dev/urandom provides that
	check on the output, this adds the self test at caller side.

	Reviewers: rrelyea

	Reviewed By: rrelyea

	Bug #: 1560329

	[934c8d0e7aba]

2019-08-30  Kevin Jacobs  <kjacobs@mozilla.com>

	* coreconf/WIN32.mk:
	Bug 1576664 - Remove -mms-bitfields from win32 makefile r=jcj

	[bf4de7985f3d]

2019-08-29  Dana Keeler  <dkeeler@mozilla.com>

	* automation/abi-check/expected-report-libnss3.so.txt,
	gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def,
	lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h:
	bug 1577038 - add PK11_GetCertsFromPrivateKey r=jcj,kjacobs

	PK11_GetCertFromPrivateKey only returns one certificate with a
	public key that matches the given private key. This change
	introduces PK11_GetCertsFromPrivateKey, which returns a list of all
	certificates with public keys that match the given private key.

	[9befa8d296c0]

2019-08-30  J.C. Jones  <jjones@mozilla.com>

	* automation/abi-check/previous-nss-release, lib/nss/nss.h,
	lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.47 beta
	[685cea0a7b48]

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.46 final
	[decbf7bd40fd] [NSS_3_46_RTM]

Differential Revision: https://phabricator.services.mozilla.com/D44927

--HG--
extra : moz-landing-system : lando
2019-09-06 00:25:25 +00:00
J.C. Jones 61fc016d4c Bug 1564499 - land NSS NSS_3_46_RTM UPGRADE_NSS_RELEASE, r=kjacobs
2019-08-30  J.C. Jones  <jjones@mozilla.com>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.46 final
	[decbf7bd40fd] [NSS_3_46_RTM]

2019-08-27  J.C. Jones  <jjones@mozilla.com>

	* .hgtags:
	Added tag NSS_3_46_BETA2 for changeset 24b0fc700203
	[29cd579e74e4]

Differential Revision: https://phabricator.services.mozilla.com/D44206

--HG--
extra : moz-landing-system : lando
2019-08-30 16:34:27 +00:00
J.C. Jones 95ca91b62f Bug 1564499 - land NSS NSS_3_46_BETA2 UPGRADE_NSS_RELEASE, r=kjacobs
2019-08-27  Kevin Jacobs  <kjacobs@mozilla.com>

        * automation/taskcluster/graph/src/extend.js,
        automation/taskcluster/scripts/build_gyp.sh,
        automation/taskcluster/windows/build_gyp.sh, fuzz/fuzz.gyp,
        gtests/pk11_gtest/pk11_gtest.gyp,
        gtests/softoken_gtest/softoken_gtest.gyp, tests/all.sh,
        tests/ssl/ssl.sh:
        Bug 1485533 - Close gaps in taskcluster SSL testing. r=mt

        This patch increases SSL testing on taskcluster, specifically,
        running an additional 395 tests on each SSL cycle (more for FIPS
        targets), and adding a new 'stress' cycle.

        Notable changes:

        1) This patch removes SSL stress tests from the default
        `NSS_SSL_RUN` list in all.sh and ssl.sh. If stress tests are needed,
        this variable must be set to include.

        2) The "normal_normal" case is added to `NSS_SSL_TESTS` for all
        targets. FIPS targets also run "normal_fips", "fips_normal", and
        "fips_fips".

        3) `--enable-libpkix` is now set for all taskcluster "build.sh"
        builds in order to support a number of OCSP tests that were
        previously not run.

        [24b0fc700203] [NSS_3_46_BETA2]

2019-08-23  Edouard Oger  <eoger@fastmail.com>

        * lib/sqlite/Makefile, lib/sqlite/sqlite.gyp:
        Bug 1549847 - Ignore sqlite compilation warnings. r=mt

        [7f146eb7adac]

2019-08-23  J.C. Jones  <jjones@mozilla.com>

        * .hgtags:
        Added tag NSS_3_46_BETA1 for changeset 44aa330de2aa
        [d3035cc9dc73]

Differential Revision: https://phabricator.services.mozilla.com/D43724

--HG--
extra : moz-landing-system : lando
2019-08-28 14:30:55 +00:00
J.C. Jones 73f0968aaa Bug 1564499 - land NSS NSS_3_46_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs
2019-08-23  Kevin Jacobs  <kjacobs@mozilla.com>

	* tests/common/cleanup.sh:
	Bug 1560593 - Check that BUILD_OPT is defined before testing its
	value. r=jcj

	[44aa330de2aa] [NSS_3_46_BETA1]

	* cmd/strsclnt/strsclnt.c:
	Bug 1575968 - Add strsclnt option to enforce the use of either IPv4
	or IPv6 r=jcj

	[da284d8993ea]

2019-08-23  Marcus Burghardt  <mburghardt@mozilla.com>

	* gtests/softoken_gtest/softoken_gtest.cc:
	Bug 1573942 - Gtest for pkcs11.txt with different breaking line
	formats. r=kjacobs

	[d07a07eb0e40]

2019-08-21  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/util/utilmod.c:
	Bug 1564284: Added check for CR + LF, r=marcusburghardt,kjacobs

	Looks good and it was already tested locally with this gtest patch:

	[d1d2e1e320cd]

2019-08-22  Martin Thomson  <mt@lowentropy.net>

	* lib/ssl/ssl3con.c:
	Bug 1528666 - Formatting, a=bustage
	[60eeac76c8ec]

2019-08-20  Martin Thomson  <martin.thomson@gmail.com>

	* gtests/ssl_gtest/ssl_0rtt_unittest.cc,
	gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/ssl3con.c:
	Bug 1528666 - Correct resumption validation checks, r=jcj

	We allowed cross-suite resumption before, but it didn't work. This
	enables that for clients.

	As a secondary minor tweak, clients will no longer validate the
	availability of a cipher suite based on their configured version
	range when attempting resumption. Instead, they will check whether
	the suite works for the version in the session that they are
	attempting to resume. In theory, this doesn't change anything
	because the previous session should not have selected an
	incompatible combination of version and cipher suite, but it's worth
	being extra precise.

	[cab2c8905214]

2019-08-22  Martin Thomson  <mt@lowentropy.net>

	* gtests/ssl_gtest/ssl_auth_unittest.cc,
	gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/ssl3con.c:
	Bug 1568803 - More tests for client certificate authentication,
	r=kjacobs

	These were previously disabled because of difficulties (at the time)
	in writing these tests for TLS 1.3. The framework, and my
	understanding of it, has since improved, so these tests can be
	restored and expanded. This exposed a minor correctness issue that
	is also corrected.

	[95f97d31c313]

Differential Revision: https://phabricator.services.mozilla.com/D43308

--HG--
extra : moz-landing-system : lando
2019-08-23 22:45:47 +00:00
J.C. Jones 6d66ec3bef Bug 1564499 - land NSS eeb9a6715a93 UPGRADE_NSS_RELEASE, r=kjacobs
2019-08-20  Marcus Burghardt  <mburghardt@mozilla.com>

	* lib/ckfw/builtins/certdata.txt:
	Bug 1574670 - Remove Expired root certificates - Class 2 Primary,
	UTN-USERFirst-Client, Deutsche Telekom Root CA 2.
	r=jcj,KathleenWilson

	[eeb9a6715a93] [tip]

2019-08-12  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/softoken/pkcs11c.c:
	Bug 1572164 - Don't unnecessarily free session in NSC_WrapKey r=jcj

	[b306ff3d6f4d]

Differential Revision: https://phabricator.services.mozilla.com/D42768

--HG--
extra : moz-landing-system : lando
2019-08-21 15:56:17 +00:00
J.C. Jones c8cf90a75f Bug 1564499 - land NSS ea8bc9f43de3 UPGRADE_NSS_RELEASE, r=kjacobs
Revset: reverse(bbfc55939d75~-1::ea8bc9f43de3)

2019-08-19  Kai Engert  <kaie@kuix.de>

	* automation/release/nspr-version.txt:
	Bug 1562330 - require NSPR version 4.22 r=jcj
	[ea8bc9f43de3] [tip]

2019-08-16  J.C. Jones  <jjones@mozilla.com>

	* cmd/selfserv/selfserv.c:
	Bug 1574220 - Fixup clang-format r=bustage
	[165664ff322c]

2019-08-15  Marcus Burghardt  <mburghardt@mozilla.com>

	* cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c,
	cmd/vfyserv/vfyserv.c:
	Bug 1574220 - Improve controls after errors in tstcln, selfserv and
	vfyserv cmds. r=kjacobs

	Differential Revision:
	https://phabricator.services.mozilla.com/D42165
	[32766e60ffa8]

2019-08-16  Marcus Burghardt  <mburghardt@mozilla.com>

	* lib/sqlite/README, lib/sqlite/sqlite3.c, lib/sqlite/sqlite3.h:
	Bug 1550636 - Upgrade SQLite in NSS to v3.29 (2019-07-10). r=jcj

	#define SQLITE_VERSION "3.29.0" #define SQLITE_VERSION_NUMBER
	3029000 #define SQLITE_SOURCE_ID "2019-07-10 17:32:03
	fc82b73eaac8b36950e527f12c4b5dc1e147e6f4ad2217ae43ad82882a88bfa6"

	Differential Revision:
	https://phabricator.services.mozilla.com/D42332
	[ed55badc848d]

2019-08-15  Marcus Burghardt  <mburghardt@mozilla.com>

	* lib/ckfw/builtins/certdata.txt, lib/ckfw/builtins/nssckbi.h:
	Bug 1566569 - Remove Swisscom Root CA 2 root certificate. r=jcj

	Differential Revision:
	https://phabricator.services.mozilla.com/D42161
	[660d7c210878]

Differential Revision: https://phabricator.services.mozilla.com/D42554

--HG--
extra : moz-landing-system : lando
2019-08-20 14:59:04 +00:00
J.C. Jones 66170e3716 Bug 1564499 - land NSS bbfc55939d75 UPGRADE_NSS_RELEASE, r=kjacobs
Revset: reverse(89aa19677e37~-1::bbfc55939d75)

2019-08-14  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/ssl_gtest/tls_agent.cc:
	Bug 1572593 - Re-revert call to CheckCertReqAgainstDefaultCAs to
	avoid memory leak (filed as bug 1573945). r=jcj

	Revert back to the changes Franziskus had made. Updated the in-
	source bug number to point to the new memleak bug.

	Differential Revision:
	https://phabricator.services.mozilla.com/D42020
	[bbfc55939d75] [tip]

2019-08-12  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/freebl_gtest/freebl_gtest.gyp,
	gtests/mozpkix_gtest/mozpkix_gtest.gyp:
	Bug 1415118 - Fix --enable-libpkix builds from build.sh r=mt,jcj

	Differential Revision:
	https://phabricator.services.mozilla.com/D41617
	[f8926908be71]

2019-08-14  J.C. Jones  <jjones@mozilla.com>

	* gtests/ssl_gtest/tls_agent.cc, lib/ssl/ssl3ext.c:
	Bug 1572593 - Reset advertised extensions in ssl_ConstructExtensions
	r=mt,kjacobs

	Reset the list of advertised extensions before sending a new set.

	This reverts the changes of https://hg.mozilla.org/projects/nss/rev/
	1ca362213631d6edc885b6b965b52ecffcf29afd

	Differential Revision:
	https://phabricator.services.mozilla.com/D41302
	[b03ff661491e]

2019-08-14  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/freebl/ctr.c:
	Bug 1539788 - UBSAN fixup for 128b counter. r=mt,jcj

	Differential Revision:
	https://phabricator.services.mozilla.com/D41884
	[9d1f5e71773d]

2019-08-13  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/freebl/chacha20poly1305.c, lib/freebl/ctr.c, lib/freebl/gcm.c,
	lib/freebl/intel-gcm-wrap.c, lib/freebl/rsapkcs.c:
	Bug 1539788 - Add length checks for cryptographic primitives
	r=mt,jcj

	This patch adds additional length checks around cryptographic
	primitives.

	Differential Revision:
	https://phabricator.services.mozilla.com/D36079
	[dfd6996fe742]

2019-08-13  Marcus Burghardt  <mburghardt@mozilla.com>

	* gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/README,
	lib/freebl/mpi/mpi.c, lib/freebl/mpi/mpi.h:
	Bug 1542077 - Added extra controls and tests to mp_set_int and
	mp_set_ulong. r=jcj,kjacobs

	Differential Revision:
	https://phabricator.services.mozilla.com/D40649
	[9bc47e69613e]

2019-08-13  J.C. Jones  <jjones@mozilla.com>

	* gtests/ssl_gtest/ssl_resumption_unittest.cc,
	gtests/ssl_gtest/tls_agent.cc:
	Bug 1572791 - Fixup clang-format r=bustage
	[ec113de50cdd]

	* gtests/ssl_gtest/tls_agent.cc,
	gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/tls13subcerts.c:
	Bug 1572791 - Check for nulls in SSLExp_DelegateCredential and its
	tests r=kjacobs

	This particularly catches test errors in tls_subcerts_unittest when
	the profile is stale.

	Differential Revision:
	https://phabricator.services.mozilla.com/D41429
	[ed5067857563]

2019-08-13  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/ssl_gtest/ssl_auth_unittest.cc,
	gtests/ssl_gtest/ssl_cert_ext_unittest.cc,
	gtests/ssl_gtest/ssl_resumption_unittest.cc,
	gtests/ssl_gtest/tls_agent.cc:
	Bug 1572791 - Fix ASAN cert errors when SSL gtests run on empty
	profile r=jcj

	Differential Revision:
	https://phabricator.services.mozilla.com/D41787
	[cef2aa7f3b8c]

2019-08-09  Kevin Jacobs  <kjacobs@mozilla.com>

	* tests/common/cleanup.sh:
	Bug 1560593 - Cleanup.sh to treat core dumps as test failures on
	optimized builds. r=jcj

	Differential Revision:
	https://phabricator.services.mozilla.com/D41392
	[360010725fdb]

Differential Revision: https://phabricator.services.mozilla.com/D42139

--HG--
extra : moz-landing-system : lando
2019-08-15 16:06:15 +00:00
Kevin Jacobs 019f597297 Bug 1564499 - land NSS 89aa19677e37 UPGRADE_NSS_RELEASE, r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D40907

--HG--
extra : moz-landing-system : lando
2019-08-07 16:20:37 +00:00
J.C. Jones 83fd5c4742 Bug 1564499 - land NSS 777b6070fe76 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 6a0e320432b452bc692f712c63c0cc66699cd130
2019-08-05 15:58:54 +00:00
Mihai Alexandru Michis e9b6a4610d Backed out changeset f742215abea8 (bug 1564499) for causing Bug 1570891. UPGRADE_NSS_RELEASE a=backout 2019-08-02 12:45:49 +03:00
J.C. Jones 8c9ade1d25 Bug 1564499 - land NSS 009a7163c80a UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 6f459dfb1cd7238d9c4b258d41b8b411941acb6e
2019-07-31 20:20:02 +00:00
J.C. Jones b979163b23 Bug 1564499 - land NSS a31fc0eefc4c UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 49049f21b591cf139ea6f4c7fc91f53dfb4e4e1e
2019-07-23 19:31:53 +00:00
J.C. Jones 0b2f8f9f7c Bug 1564499 - land NSS 8c6fad5544a6 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 5434866d8339b5c9f91a5114d37b863e7880f6e8
2019-07-15 21:40:37 +00:00
J.C. Jones 12e7f4d58f Bug 1564499 - land NSS 264f19e7ede7 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : ff8107777ed0677caaa7249d77f5cf3871c25de2
extra : amend_source : bc8998d1b575164552d4b44396a7db4122a04777
2019-07-09 18:01:15 +00:00
J.C. Jones 61484db444 Bug 1550889 - land NSS NSS_3_45_RTM UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : d983d1f4fbb04332d4cf317e36cff87523c56636
2019-07-05 17:57:05 +00:00
J.C. Jones bc5c1226d8 Bug 1550889 - land NSS NSS_3_45_BETA2 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 9dbabf7a7500a34854642e5c55cc4507c4c1aa4a
2019-07-03 17:02:31 +00:00
J.C. Jones e24b9a2678 Bug 1550889 - land NSS NSS_3_45_BETA1 UPGRADE_NSS_RELEASE, r=me 2019-07-01 21:19:55 +00:00
J.C. Jones e7523bd63a Bug 1550889 - land NSS 0c5d37301637 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 95c4646b380b9a784ba7404d62e7e73c22a28cee
2019-06-26 21:18:33 +00:00
J.C. Jones 462ff49535 Bug 1550889 - land NSS ebc93d6daeaa UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : ab7873318ae458442c82321dbb9ec5cf72875fbf
2019-06-23 03:45:47 +00:00
J.C. Jones 967507bdb6 Bug 1550889 - land NSS 313dfef345bd UPGRADE_NSS_RELEASE, r=me 2019-06-13 15:27:11 +00:00
J.C. Jones 1ab58c0d27 Bug 1550889 - land NSS d17569aa9d56 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 4fdf16aeb31e95f10548c847907eeffdbddb2d19
2019-06-07 17:51:08 +00:00
J.C. Jones 2f955dea5e Bug 1550889 - land NSS 8082be3a6363 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 84cb27998d0b4e36d9a7d388e3a8b2a4fc3bb886
2019-06-04 19:39:40 +00:00
J.C. Jones 5c17d448f9 Bug 1550889 - land NSS 29a48b604602 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 5ccf83f8eaa4e94a502770717e1afca14e59c0fb
2019-05-29 15:52:05 +00:00
J.C. Jones 6aa1eca84d Bug 1550889 - land NSS ec6843bc0ce7 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : d85221a37ef901187c3f2c5c5a85ab0ba5ce52b5
2019-05-21 20:39:24 +00:00
J.C. Jones d9eeca3c6c Bug 1539227 - land NSS NSS_3_44_RTM UPGRADE_NSS_RELEASE, r=me 2019-05-10 22:43:57 +00:00
J.C. Jones 0f55e0eb15 Bug 1539227 - land NSS NSS_3_44_BETA3 UPGRADE_NSS_RELEASE, r=me 2019-05-10 16:53:27 +00:00
J.C. Jones bf9ea71d10 Bug 1539227 - land NSS NSS_3_44_BETA2 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 84773cad9a575a014fadaa5f5f02b3ef1574f5fe
2019-05-07 20:39:31 +00:00
J.C. Jones a4fac47abc Bug 1539227 - land NSS NSS_3_44_BETA1 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 9615a9e7d10ea8ab23717f9c6bba175d1657c27c
2019-05-04 00:18:13 +00:00
J.C. Jones 3a664655a8 Bug 1539227 - land NSS 4e4eb31ce200 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 5652117d258915d256693b4e1f1d6d97eba6c1ff
2019-05-01 19:07:31 +00:00
J.C. Jones 6c93b0dea7 Bug 1539227 - land NSS 56826bedabba UPGRADE_NSS_RELEASE, r=KevinJacobs
NSS uplift, 30 April 2019.

Commit log: https://hg.mozilla.org/projects/nss/log?rev=e5e10a46b9ad..56826bedabba

Differential Revision: https://phabricator.services.mozilla.com/D29382

--HG--
extra : moz-landing-system : lando
2019-04-30 18:22:11 +00:00
J.C. Jones 90063f487b Bug 1539227 - land NSS e5e10a46b9ad UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : ae4a161a8dfc00fe4f3120629a098c94e29ea7dc
2019-04-02 20:29:18 +00:00
J.C. Jones d602553050 Bug 1539227 - land NSS 67c41e385581 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : cd4c8d05e32ee16c9aaa1aeb23014b2299c100fd
2019-03-26 18:48:46 +00:00
J.C. Jones 8b64b97bc6 Bug 1523175 - land NSS NSS_3_43_RTM UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : d609bbce8603071c011dfe7133866b734ff3c380
2019-03-16 17:50:02 +00:00
J.C. Jones 71e92bcea0 Bug 1523175 - land NSS NSS_3_43_BETA4 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : a037e888e5a7381c66432ce52fa1179c60e49e15
2019-03-15 16:01:25 +00:00
J.C. Jones f9c60986dd Bug 1523175 - land NSS NSS_3_43_BETA3 UPGRADE_NSS_RELEASE, r=me 2019-03-14 21:05:01 +00:00
J.C. Jones 969d56eccc Bug 1523175 - land NSS NSS_3_43_BETA2 UPGRADE_NSS_RELEASE, r=me 2019-03-14 00:08:17 +00:00
J.C. Jones 624e56f66c Bug 1523175 - land NSS NSS_3_43_BETA1 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : eae65b8dc034554ed61a87e2d034ffa8b1d07089
2019-03-08 22:44:27 +00:00
J.C. Jones 129044424e Bug 1523175 - land NSS a306d84e4c70 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : bef6e6945c8f62707a5daa51bd1a1092769c9c20
2019-03-06 21:10:05 +00:00
J.C. Jones 8ce632b49b Bug 1523175 - land NSS 536fd7c9db5a UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 3ea4d18e7b20830289b6f3397fa6777067c4cd24
2019-03-01 15:42:49 +00:00
J.C. Jones 3a5a08c197 Bug 1523175 - land NSS f7be0a534e89 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 373a3bcc93e21eef7dcc6e1208419b3ef58b87b3
2019-02-25 20:59:41 +00:00
J.C. Jones 5dd18017b0 Bug 1523175 - land NSS 1f04eea8834a UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 898c7f9e93ce450d26c88e1715ef92ea6f203d91
2019-02-20 16:24:29 +00:00
J.C. Jones 323f397330 Bug 1523175 - land NSS b7713856ebf2 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 9dbb754fb73fde471308ac331ae445a45c77c870
extra : amend_source : 68c501b209d49f8c5d04c891056dda2a9057fbd9
2019-02-14 21:41:08 +00:00
J.C. Jones 6fba287075 Bug 1523175 - land NSS 794984bb1169 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : 5b86719e1f801522367afb5296d66ff843d5ad79
2019-02-08 00:04:23 +00:00
J.C. Jones 05555ab923 Bug 1523175 - land NSS d0a282507d59 UPGRADE_NSS_RELEASE, r=me
--HG--
extra : rebase_source : dd44102a2725f37040b0048499987421d1a11781
2019-02-04 16:29:50 +00:00