зеркало из https://github.com/mozilla/gecko-dev.git
8e222a79cb
2020-10-12 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_tls13compat_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h: Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt This makes the server reject CCS when the client doesn't indicate the use of the middlebox compatibility mode with a non-empty ClientHello.legacy_session_id, or it sends multiple CCS in a row. [57bbefa79323] [NSS_3_58_BETA1] 2020-10-12 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/taskcluster/scripts/build_gyp.sh, automation/taskcluster/windows/build_gyp.sh, coreconf/config.gypi, coreconf/config.mk, cpputil/nss_scoped_ptrs.h, gtests/common/testvectors/hpke-vectors.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def, lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn, lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11wrap.gyp, lib/util/SECerrs.h, lib/util/secerr.h: Bug 1631890 - Add support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). r=mt This patch adds support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions. Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH. [6e3bc17f0508] 2020-10-12 Makoto Kato <m_kato@ga2.so-net.ne.jp> * automation/taskcluster/graph/src/extend.js, tests/common/cleanup.sh: Bug 1657255 - Update CI for aarch64. r=kjacobs Actually, we have the implementation of ARM Crypto extension, so CI is always run with this extension. It means that we don't run CI without ARM Crypto extension. So I would like to add NoAES and NoSHA for aarch64 CI. Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this on aarch64 hardware. [e8c370a8db13] Differential Revision: https://phabricator.services.mozilla.com/D93268 |
||
|---|---|---|
| .. | ||
| certdb_gtest | ||
| certhigh_gtest | ||
| common | ||
| cryptohi_gtest | ||
| der_gtest | ||
| freebl_gtest | ||
| google_test | ||
| mozpkix_gtest | ||
| nss_bogo_shim | ||
| pk11_gtest | ||
| pkcs11testmodule | ||
| smime_gtest | ||
| softoken_gtest | ||
| ssl_gtest | ||
| sysinit_gtest | ||
| util_gtest | ||
| .clang-format | ||
| Makefile | ||
| README | ||
| __init__.py | ||
| manifest.mn | ||
README
GTest-based Unit Tests
This directory contains GTest-based unit tests for NSS libssl.
If your environment doesn't have C++ compiler suitable to build these tests,
you may disable them using ``NSS_DISABLE_GTESTS=1''
Once built, they are run as part of running ``test/all.sh''
You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''
They can be run standalone or under a debugger by invoking the ssl_gtest
executable with a ``-d'' option pointing to the directory created by either
of the above options. You can find that in
tests_results/security/${hostname}.${NUMBER}/ssl_gtests