зеркало из https://github.com/mozilla/gecko-dev.git
6a6ed41ab7
2020-06-26 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, automation/abi- check/previous-nss-release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h: Set version numbers to 3.55 beta [332ab7db68ba] 2020-06-25 Kevin Jacobs <kjacobs@mozilla.com> * tests/all.sh: Bug 1649190 - Run cipher, sdr, and ocsp tests under standard test cycle. [f373809abfc0] 2020-06-15 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/p256ecdsa-sha256-vectors.h, gtests/common/testvectors/p384ecdsa-sha384-vectors.h, gtests/common/testvectors/p521ecdsa-sha512-vectors.h, gtests/common/testvectors_base/test-structs.h, gtests/common/wycheproof/genTestVectors.py, gtests/pk11_gtest/pk11_ecdsa_unittest.cc: Bug 1649226 - Add Wycheproof ECDSA tests. [41292ff7f545] 2020-06-30 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/pkcs12/p12d.c: Bug 1649322 - Fix null pointer passed as argument in pk11wrap/pk11pbe.c:1246 r=kjacobs [cc43ebf5bf88] 2020-06-30 Danh <congdanhqx@gmail.com> * coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile: Bug 1646594 - Enable AVX2 if applicable on x86_64 with make 4.3 r=bbeurdouche [b579895aceb0] 2020-07-02 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/ssl/ssl3con.c: Bug 1649316 - Prevent memcmp to be called with a zero length in ssl/ssl3con.c:6621 r=kjacobs [8fe9213d0551] 2020-07-02 Alexander Scheel <ascheel@redhat.com> * lib/cryptohi/secvfy.c: Bug 1649487 - Fix bad assert in VFY_EndWithSignature. r=jcj [c9438b528103] 2020-07-06 Dana Keeler <dkeeler@mozilla.com> * automation/abi-check/expected-report-libnss3.so.txt, gtests/pk11_gtest/pk11_find_certs_unittest.cc, lib/nss/nss.def, lib/pk11wrap/pk11cert.c, lib/pk11wrap/pk11pub.h: Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj PK11_FindEncodedCertInSlot can be used to determine the PKCS#11 object handle of an encoded certificate in a given slot. If the given certificate does not exist in that slot, CK_INVALID_HANDLE is returned. [32fe710a942f] * gtests/pk11_gtest/pk11_find_certs_unittest.cc: Bug 1649633 - follow-up to make test comparisons in pk11_find_certs_unittest.cc yoda comparisons r=kjacobs [424dae31a1c1] 2020-07-07 Kevin Jacobs <kjacobs@mozilla.com> * gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc, lib/freebl/rsapkcs.c: Bug 1067214 - Check minimum padding in RSA_CheckSignRecover. r=rrelyea This patch adds a check to `RSA_CheckSignRecover` enforcing a minimum padding length of 8 bytes for PKCS #1 v1.5-formatted signatures. In practice, RSA key size requirements already ensure this requirement is met, but smaller (read: broken) key sizes can be used via configuration overrides, and NSS should just follow the spec. [e5324bd5a885] 2020-07-08 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/ssl_record_unittest.cc, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, lib/ssl/dtls13con.c, lib/ssl/dtls13con.h, lib/ssl/ssl3con.c, lib/ssl/ssl3prot.h, lib/ssl/sslspec.h, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13exthandle.c: Bug 1647752 - Update DTLS 1.3 implementation to draft-38. r=mt This patch updates DTLS 1.3 to draft-38. Specifically: # `ssl_ct_ack` value changes from 25 to 26. # AEAD limits in `tls13_UnprotectRecord` enforce a maximum of 2^36-1 (as we only support GCM/ChaCha20 AEADs) decryption failures before the connection is closed. # Post-handshake authentication will no longer be negotiated in DTLS 1.3. This allows us to side-step the more convoluted state machine requirements. [132a87fc8689] 2020-07-09 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/pk11wrap/pk11pbe.c, lib/pkcs12/p12d.c: Bug 1649322 - Fix null pointer passed as argument in pk11wrap/pk11pbe.c:1246 r=kjacobs This is a fixup patch that reverts https://hg.mozilla.org/projects/n ss/rev/cc43ebf5bf88355837c5fafa2f3c46e37626707a and adds a null check around the memcpy in question. [80bea0e22b20] 2020-07-09 J.C. Jones <jjones@mozilla.com> * lib/softoken/pkcs11.c: Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. [0] [0] https://searchfox.org/nss/rev/a412e70e55218aaf670f1f10322fa734d8 a9fbde/lib/softoken/pkcs11i.h#320-321 [58c2abd7404e] [tip] Differential Revision: https://phabricator.services.mozilla.com/D82466 |
||
---|---|---|
.. | ||
apps | ||
certverifier | ||
ct | ||
mac/hardenedruntime | ||
manager | ||
nss | ||
sandbox | ||
.eslintrc.js | ||
generate_certdata.py | ||
generate_mapfile.py | ||
moz.build | ||
nss.symbols |