зеркало из https://github.com/mozilla/gecko-dev.git
8e222a79cb
2020-10-12 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_tls13compat_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h: Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt This makes the server reject CCS when the client doesn't indicate the use of the middlebox compatibility mode with a non-empty ClientHello.legacy_session_id, or it sends multiple CCS in a row. [57bbefa79323] [NSS_3_58_BETA1] 2020-10-12 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/taskcluster/scripts/build_gyp.sh, automation/taskcluster/windows/build_gyp.sh, coreconf/config.gypi, coreconf/config.mk, cpputil/nss_scoped_ptrs.h, gtests/common/testvectors/hpke-vectors.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def, lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn, lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11wrap.gyp, lib/util/SECerrs.h, lib/util/secerr.h: Bug 1631890 - Add support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). r=mt This patch adds support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions. Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH. [6e3bc17f0508] 2020-10-12 Makoto Kato <m_kato@ga2.so-net.ne.jp> * automation/taskcluster/graph/src/extend.js, tests/common/cleanup.sh: Bug 1657255 - Update CI for aarch64. r=kjacobs Actually, we have the implementation of ARM Crypto extension, so CI is always run with this extension. It means that we don't run CI without ARM Crypto extension. So I would like to add NoAES and NoSHA for aarch64 CI. Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this on aarch64 hardware. [e8c370a8db13] Differential Revision: https://phabricator.services.mozilla.com/D93268 |
||
|---|---|---|
| .. | ||
| bogo | ||
| cert | ||
| chains | ||
| cipher | ||
| cmdtests | ||
| common | ||
| crmf | ||
| dbtests | ||
| dbupgrade | ||
| doc | ||
| dummy | ||
| ec | ||
| fips | ||
| gtests | ||
| interop | ||
| iopr | ||
| libpkix | ||
| lowhash | ||
| memleak | ||
| merge | ||
| mpi | ||
| multinit | ||
| ocsp | ||
| perf | ||
| pkcs11/netscape/suites/security/ssl | ||
| pkits | ||
| policy | ||
| remote | ||
| sdr | ||
| smime | ||
| ssl | ||
| ssl_gtests | ||
| tlsfuzzer | ||
| tools | ||
| README.txt | ||
| all.sh | ||
| clean_tbx | ||
| core_watch | ||
| dll_version.sh | ||
| header | ||
| jss_dll_version.sh | ||
| jssdir | ||
| jssqa | ||
| mksymlinks | ||
| nssdir | ||
| nsspath | ||
| nssqa | ||
| path_uniq | ||
| platformlist | ||
| platformlist.tbx | ||
| qa_stage | ||
| qa_stat | ||
| qaclean | ||
| run_niscc.sh | ||
| set_environment | ||
README.txt
Hints for running the NSS test suite: - all.sh is used to run all tests - if your host is not registered with DNS you may use: HOST=localhost DOMSUF=localdomain ./all.sh