mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/nss/tests
История
Kevin Jacobs f9716bc8ab Bug 1688685 - land NSS 92dcda94c1d4 UPGRADE_NSS_RELEASE, r=bbeurdouche 
2021-01-22  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/abi-check/previous-nss-release, lib/nss/nss.h,
	lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.62 Beta
	[680ec01577b9]

2021-01-23  Kevin Jacobs  <kjacobs@mozilla.com>

	* tests/chains/scenarios/nameconstraints.cfg,
	tests/libpkix/certs/NameConstraints.ipaca.cert,
	tests/libpkix/certs/NameConstraints.ocsp1.cert:
	Bug 1686134 - Renew two chains libpkix test certificates. r=rrelyea

	[3ddcd845704c]

2021-01-25  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/common/testvectors/hpke-vectors.h,
	gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/pk11wrap/pk11hpke.c,
	lib/pk11wrap/pk11hpke.h, lib/pk11wrap/pk11pub.h:
	Bug 1678398 - Update HPKE to draft-07. r=mt

	This patch updates HPKE to draft-07. A few other minor changes are
	included:
	- Refactor HPKE gtests for increased parameterized testing.
	- Replace memcpy calls with PORT_Memcpy
	- Serialization tweaks to make way for context Export/Import (D99277).

	This should not be landed without an ECH update, as fixed ECH test
	vectors will otherwise fail to decrypt.

	[e0bf8cadadc7]

	* automation/abi-check/expected-report-libnss3.so.txt,
	gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def,
	lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11pub.h:
	Bug 1678398 - Add Export/Import functions for HPKE context. r=mt

	This patch adds and exports two new HPKE functions:
	`PK11_HPKE_ExportContext` and `PK11_HPKE_ImportContext`, which are
	used to export a serialized HPKE context, then later reimport that
	context and resume Open and Export operations. Only receiver
	contexts are currently supported for export (see the rationale in
	pk11pub.h).

	One other change introduced here is that `PK11_HPKE_GetEncapPubKey`
	now works as expected on the receiver side.

	If the `wrapKey` argument is provided to the Export/Import
	functions, then the symmetric keys are wrapped with AES Key Wrap
	with Padding (SP800-38F, 6.3) prior to serialization.

	[8bcd12ab3b34]

	* automation/abi-check/expected-report-libssl3.so.txt,
	gtests/ssl_gtest/libssl_internals.c,
	gtests/ssl_gtest/libssl_internals.h,
	gtests/ssl_gtest/ssl_extension_unittest.cc,
	gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c,
	lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslexp.h,
	lib/ssl/sslimpl.h, lib/ssl/sslsecur.c, lib/ssl/sslsock.c,
	lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h,
	lib/ssl/tls13ech.c, lib/ssl/tls13ech.h, lib/ssl/tls13exthandle.c,
	lib/ssl/tls13exthandle.h, lib/ssl/tls13hashstate.c,
	lib/ssl/tls13hashstate.h:
	Bug 1681585 - Update ECH to Draft-09. r=mt

	This patch updates ECH implementation to draft-09. Changes of note
	are:

	- Acceptance signal derivation is now based on the handshake secret.
	- `config_id` hint changes from 32B to 8B, trial decryption added on
	the server.
	- Duplicate code in HRR cookie handling has been consolidated into
	`tls13_HandleHrrCookie`.
	- `ech_is_inner` extension is added, which causes a server to indicate
	ECH acceptance.
	- Per the above, support signaling ECH acceptance when acting as a
	backend server in split-mode (i.e. when there is no other local
	Encrypted Client Hello state).

	[ed07a2e2a124]

2021-01-24  Kevin Jacobs  <kjacobs@mozilla.com>

	* cmd/selfserv/selfserv.c:
	Bug 1681585 - Add ECH support to selfserv. r=mt

	Usage example: mkdir dbdir && cd dbdir certutil -N -d . certutil -S
	-s "CN=ech-public.com" -n ech-public.com -x -t "C,C,C" -m 1234 -d .
	certutil -S -s "CN=ech-private-backend.com" -n ech-private-
	backend.com -x -t "C,C,C" -m 2345 -d . ../dist/Debug/bin/selfserv -a
	ech-public.com -a ech-private-backend.com -n ech-public.com -n ech-
	private-backend.com -p 8443 -d dbdir/ -X publicname:ech-public.com
	(Copy echconfig from selfserv output and paste into the below
	command) ../dist/Debug/bin/tstclnt -D -p 8443 -v -A
	tests/ssl/sslreq.dat -h ech-private-backend.com -o -N <echconfig> -v

	[92dcda94c1d4]

Differential Revision: https://phabricator.services.mozilla.com/D102982
 		2021-01-26 15:30:01 +00:00
..
bogo
cert
chains Bug 1688685 - land NSS 92dcda94c1d4 UPGRADE_NSS_RELEASE, r=bbeurdouche 2021-01-26 15:30:01 +00:00
cipher
cmdtests
common Bug 1666567 - land NSS NSS_3_58_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs 2020-10-12 20:42:51 +00:00
crmf
dbtests
dbupgrade
doc
dummy
ec
fips
gtests Bug 1684061 - land NSS a8de35c990e3 UPGRADE_NSS_RELEASE, r=bbeurdouche 2021-01-14 15:16:11 +00:00
interop Bug 1655105 - land NSS NSS_3_56_BETA1 UPGRADE_NSS_RELEASE, r=jcj 2020-08-19 21:02:09 +00:00
iopr
libpkix Bug 1688685 - land NSS 92dcda94c1d4 UPGRADE_NSS_RELEASE, r=bbeurdouche 2021-01-26 15:30:01 +00:00
lowhash
memleak
merge
mpi
multinit
ocsp
perf
pkcs11/netscape/suites/security/ssl
pkits
policy Bug 1671713 - land NSS 035110dfa0b9 UPGRADE_NSS_RELEASE, r=bbeurdouche 2020-11-02 18:04:59 +00:00
remote
sdr
smime
ssl Bug 1671713 - land NSS 035110dfa0b9 UPGRADE_NSS_RELEASE, r=bbeurdouche 2020-11-02 18:04:59 +00:00
ssl_gtests
tlsfuzzer
tools
README.txt
all.sh
clean_tbx
core_watch
dll_version.sh
header
jss_dll_version.sh
jssdir
jssqa
mksymlinks
nssdir
nsspath
nssqa
path_uniq
platformlist
platformlist.tbx
qa_stage
qa_stat
qaclean
run_niscc.sh
set_environment

README.txt 

Hints for running the NSS test suite:

- all.sh is used to run all tests

- if your host is not registered with DNS you may use:
  HOST=localhost DOMSUF=localdomain ./all.sh