зеркало из https://github.com/mozilla/gecko-dev.git
8e222a79cb
2020-10-12 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_tls13compat_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h: Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt This makes the server reject CCS when the client doesn't indicate the use of the middlebox compatibility mode with a non-empty ClientHello.legacy_session_id, or it sends multiple CCS in a row. [57bbefa79323] [NSS_3_58_BETA1] 2020-10-12 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/taskcluster/scripts/build_gyp.sh, automation/taskcluster/windows/build_gyp.sh, coreconf/config.gypi, coreconf/config.mk, cpputil/nss_scoped_ptrs.h, gtests/common/testvectors/hpke-vectors.h, gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def, lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn, lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11wrap.gyp, lib/util/SECerrs.h, lib/util/secerr.h: Bug 1631890 - Add support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). r=mt This patch adds support for Hybrid Public Key Encryption (draft- irtf-cfrg-hpke-05). Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions. Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH. [6e3bc17f0508] 2020-10-12 Makoto Kato <m_kato@ga2.so-net.ne.jp> * automation/taskcluster/graph/src/extend.js, tests/common/cleanup.sh: Bug 1657255 - Update CI for aarch64. r=kjacobs Actually, we have the implementation of ARM Crypto extension, so CI is always run with this extension. It means that we don't run CI without ARM Crypto extension. So I would like to add NoAES and NoSHA for aarch64 CI. Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this on aarch64 hardware. [e8c370a8db13] Differential Revision: https://phabricator.services.mozilla.com/D93268 |
||
---|---|---|
.. | ||
bogo | ||
cert | ||
chains | ||
cipher | ||
cmdtests | ||
common | ||
crmf | ||
dbtests | ||
dbupgrade | ||
doc | ||
dummy | ||
ec | ||
fips | ||
gtests | ||
interop | ||
iopr | ||
libpkix | ||
lowhash | ||
memleak | ||
merge | ||
mpi | ||
multinit | ||
ocsp | ||
perf | ||
pkcs11/netscape/suites/security/ssl | ||
pkits | ||
policy | ||
remote | ||
sdr | ||
smime | ||
ssl | ||
ssl_gtests | ||
tlsfuzzer | ||
tools | ||
README.txt | ||
all.sh | ||
clean_tbx | ||
core_watch | ||
dll_version.sh | ||
header | ||
jss_dll_version.sh | ||
jssdir | ||
jssqa | ||
mksymlinks | ||
nssdir | ||
nsspath | ||
nssqa | ||
path_uniq | ||
platformlist | ||
platformlist.tbx | ||
qa_stage | ||
qa_stat | ||
qaclean | ||
run_niscc.sh | ||
set_environment |
README.txt
Hints for running the NSS test suite: - all.sh is used to run all tests - if your host is not registered with DNS you may use: HOST=localhost DOMSUF=localdomain ./all.sh