gecko-dev/security
Benjamin Beurdouche d901b16ba2 Bug 1688685 - land NSS fc3a4c142c16 UPGRADE_NSS_RELEASE, r=kjacobs
2021-02-04  Kevin Jacobs  <kjacobs@mozilla.com>

	* gtests/ssl_gtest/ssl_recordsize_unittest.cc, lib/ssl/ssl3ext.c:
	Bug 1690583 - Fix CH padding extension size calculation. r=mt

	Bug 1654332 changed the way that NSS constructs Client Hello
	messages. `ssl_CalculatePaddingExtLen` now receives a
	`clientHelloLength` value that includes the 4B handshake header.
	This looks okay per the inline comment (which states that only the
	record header is omitted from the length), but the function actually
	assumes that the handshake header is also omitted.

	This patch removes the addition of the handshake header length.
	Those bytes are already included in the buffered CH.

	[fc3a4c142c16] [tip]

	* automation/abi-check/expected-report-libnss3.so.txt:
	Bug 1690421 - Adjust 3.62 ABI report formatting for new libabigail.
	r=bbeurdouche

	[a1ed44dba32e]

2021-02-03  Kevin Jacobs  <kjacobs@mozilla.com>

	* automation/taskcluster/docker-builds/Dockerfile:
	Bug 1690421 - Install packaged libabigail in docker-builds image
	r=bbeurdouche

	[3c719b620136]

2021-01-31  Kevin Jacobs  <kjacobs@mozilla.com>

	* cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c,
	lib/ssl/tls13hashstate.c, lib/ssl/tls13hashstate.h:
	Bug 1689228 - Minor ECH -09 fixes for interop testing, fuzzing. r=mt

	A few minor ECH -09 fixes for interop testing and fuzzing:
	- selfserv now takes a PKCS8 keypair for ECH. This is more
	maintainable and significantly less terrible than parsing the
	ECHConfigs and cobbling one together within selfserv (e.g. we can
	support other KEMs without modifying the server).
	- Get rid of the newline character in tstclnt retry_configs output.
	- Fuzzer fixes in tls13_HandleHrrCookie:
	 - We shouldn't use internal_error when PK11_HPKE_ImportContext fails.
	Cookies are unprotected in fuzzer mode, so this can be expected to
	occur.
	 - Only restore the application token when recovering hash state,
	otherwise the copy could happen twice, leaking one of the
	allocations.

	[8bbea1902024]

2021-01-25  Kevin Jacobs  <kjacobs@mozilla.com>

	* lib/ssl/ssl3exthandle.c:
	Bug 1674819 - Fixup a51fae403328, enum type may be signed.
	r=bbeurdouche

	[2004338a2080]

Differential Revision: https://phabricator.services.mozilla.com/D104258
2021-02-05 21:13:47 +00:00
..
apps Bug 1682989 - remove CertBlocklist implementation and MOZ_NEW_CERT_STORAGE build variable r=rmf 2021-01-19 22:11:25 +00:00
certverifier Bug 1689729 - use NSS only on the socket thread in NSSCertDBTrustDomain::GetCertTrust and FindIssuer r=rmf,dragana 2021-02-04 16:59:48 +00:00
ct
mac/hardenedruntime
manager No Bug, mozilla-central repo-update HSTS HPKP remote-settings - a=repo-update r=jcristau 2021-02-04 14:55:37 +00:00
nss Bug 1688685 - land NSS fc3a4c142c16 UPGRADE_NSS_RELEASE, r=kjacobs 2021-02-05 21:13:47 +00:00
sandbox Backed out changeset ee49da8ea890 (bug 1649590) for failures on browser_content_sandbox_fs.js. CLOSED TREE 2021-02-05 04:21:45 +02:00
.eslintrc.js
generate_certdata.py
generate_mapfile.py
moz.build Backed out changeset e20e32462008 (bug 1678384) for causing build bustages complaining about generate_certdata-testlib. CLOSED TREE 2021-01-20 18:51:35 +02:00
nss.symbols Bug 1684040 - P3: Encrypt and decrypt DNS packet r=necko-reviewers,kjacobs,valentin 2021-01-26 17:44:45 +00:00