зеркало из https://github.com/mozilla/gecko-dev.git
3167ebf65d
2019-11-04 Marcus Burghardt <mburghardt@mozilla.com> * lib/pk11wrap/pk11cert.c: Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj Fixed controls to avoid crashes caused by slots possibly without a token in pk11_fastCert. Also, improved arguments controls in PK11_MakeCertFromHandle. [dc9552c2aa77] [tip] 2019-11-01 Franziskus Kiefer <franziskuskiefer@gmail.com> * gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_des_unittest.cc, gtests/pk11_gtest/pk11_gtest.gyp, lib/softoken/pkcs11c.c: Bug 1591742 - check des iv length and add test for it, r=jcj,kjacobs Summary: Let's make sure the DES IV has the length we expect it to have. Bug #: 1591742 [35857ae98190] 2019-11-01 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp, lib/mozpkix /test-lib/pkixtestnss.cpp, tests/gtests/gtests.sh: Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj [27a29997f598] 2019-11-01 Deian Stefan <deian@cs.ucsd.edu> * lib/softoken/pkcs11c.c: Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs Update NSC_Decrypt length in constant time [7f578a829b29] 2019-11-01 Kai Engert <kaie@kuix.de> * automation/taskcluster/graph/src/queue.js: Bug 1562671 - Limit Master Password KDF iterations for NSS continuous integration tests. r=mt [c8b490583b86] * lib/softoken/lgglue.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c: Bug 1562671 - Add environment variables to control Master Password KDF iteration count. Disable iteration count for legacy DBM storage by default. r=rrelyea [ced91a705aa3] 2019-11-01 Bob Relyea <rrelyea@redhat.com> * lib/softoken/legacydb/keydb.c, lib/softoken/lgglue.c, lib/softoken/pkcs11.c, lib/softoken/sftkdb.c, lib/softoken/sftkdb.h, lib/softoken/sftkdbti.h, lib/softoken/sftkpwd.c: Bug 1562671 - Support higher iteration count for Master Password KDF. Bob Relyea's base patch. Requires the follow-up patch. r=kaie [6619bb43d746] 2019-10-28 Martin Thomson <mt@lowentropy.net> * coreconf/Linux.mk, coreconf/WIN32.mk, coreconf/command.mk, coreconf/config.gypi, coreconf/rules.mk, lib/freebl/aes-armv8.c, lib/freebl/aes-x86.c, lib/freebl/config.mk, lib/freebl/freebl.gyp, lib/freebl/intel-aes.h, lib/freebl/intel-gcm-wrap.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h, lib/ssl/config.mk, lib/ssl/ssl.gyp: Bug 1590972 - Use -std=c99 for all C code, r=jcj This switches to using -std=c99 for compiling all C code. Previously, we only enabled this option for lib/freebl and lib/ssl. For Linux, this means we need to define _DEFAULT_SOURCE to access some of the functions we use. On glibc 2.12 (our oldest supported version), we also need to define _BSD_SOURCE to access these functions. The only tricky part is dealing with partial C99 implementation in gcc 4.4. From what I've seen, the only problem is that - in that mode - it doesn't support nesting of unnamed fields: https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Unnamed-Fields.html This also switches from -std=c++0x to -std=c++11 as the 0x variant, though identical in meaning, is deprecated. [dbba7db4b79d] 2019-10-30 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/freebl/aes-armv8.c, lib/freebl/rijndael.c: Bug 1590676 - Fix build if arm doesn't support NEON r=kjacobs At the moment NSS assumes that ARM supports NEON extension but this is not true and leads to build failure on ARM without NEON extension. Add check to assure USE_HW_AES is not defined if ARM without NEON extension is used. [58f2471ace3b] 2019-10-30 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_agent.cc: Bug 1575411 - Disable EMS for tests, a=bustage [6e5f69781137] 2019-10-29 J.C. Jones <jjones@mozilla.com> * gtests/ssl_gtest/tls_esni_unittest.cc: Bug 1590970 - Fix clang-format from e7956ee3ba1b6d05e3175bbcd795583fde867720 r=me [d1e43cb9f227] 2019-10-29 Giulio Benetti <giulio.benetti@benettiengineering.com> * lib/ssl/tls13esni.c: Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c r=jcj [df5e9021809a] 2019-10-29 Martin Thomson <martin.thomson@gmail.com> * lib/ssl/ssl.h, lib/ssl/sslsock.c: Bug 1575411 - Enable extended master secret by default, r=jcj,kjacobs See the bug for discussion about the implications of this. [d1c68498610d] 2019-10-29 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/tls_esni_unittest.cc, lib/ssl/sslexp.h: Bug 1590970 - Stop using time() for ESNI tests, r=kjacobs Summary: The ESNI tests were using time() rather than PR_Now(), so they slipped the net when I went looking for bad time functions. Now they do the right thing again. What we were probably seeing in the intermittents was the case where we set the time for most of the SSL functions to PR_Now(), and that was just before a second rollover. Then, when time() was called, it returned t+1 so the ESNI keys that were being generated in the ESNI tests were given a notBefore time that was in the future relative to the time being given to the TLS stack. Had the ESNI keys generation been given time() - 1 for notBefore, as I have done here, this would never have turned up. Reviewers: kjacobs Tags: #secure-revision Bug #: 1590970 [e7956ee3ba1b] Differential Revision: https://phabricator.services.mozilla.com/D51858 --HG-- extra : moz-landing-system : lando |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| ct | ||
| mac/hardenedruntime | ||
| manager | ||
| nss | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||