зеркало из https://github.com/mozilla/gecko-dev.git
4e97e34c45
2020-07-16 Billy Brumley <bbrumley@gmail.com> * lib/freebl/ecl/ecl-priv.h, lib/freebl/ecl/ecl.c, lib/freebl/ecl/ecp_secp521r1.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> [ca068f5b5c17] [tip] * lib/freebl/ecl/ecl-priv.h, lib/freebl/ecl/ecl.c, lib/freebl/ecl/ecp_secp384r1.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn, tests/ec/ectest.sh: Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> [d19a3cd451bb] 2020-07-13 Robert Relyea <rrelyea@redhat.com> * lib/pk11wrap/pk11pub.h: Bug 1643528 Cannot compile code with nss headers and -Werror=strict- prototypes r=kjacobs [01ffd8fef7fa] 2020-07-10 Daiki Ueno <dueno@redhat.com> * gtests/ssl_gtest/ssl_auth_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/ssl3exthandle.c, lib/ssl/sslimpl.h, lib/ssl/tls13exthandle.c: Bug 1646324, advertise rsa_pkcs1_* schemes in CH and CR for certs, r=mt Summary: In TLS 1.3, unless "signature_algorithms_cert" is advertised, the "signature_algorithms" extension is used as an indication of supported algorithms for signatures on certificates. While rsa_pkcs1_* signatures schemes cannot be used for signing handshake messages, they should be advertised if the peer wants to to support certificates signed with RSA PKCS#1. This adds a flag to ssl3_EncodeSigAlgs() and ssl3_FilterSigAlgs() to preserve rsa_pkcs1_* schemes in the output. Reviewers: mt Reviewed By: mt Bug #: 1646324 [df1d2695e115] 2020-07-09 Benjamin Beurdouche <bbeurdouche@mozilla.com> * gtests/pk11_gtest/pk11_pbkdf2_unittest.cc, lib/pk11wrap/pk11pbe.c: Bug 1649648 - Fix null pointers passed as argument in pk11wrap/pk11pbe.c:886 r=kjacobs [de661583d467] Differential Revision: https://phabricator.services.mozilla.com/D83824 |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| ct | ||
| mac/hardenedruntime | ||
| manager | ||
| nss | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||