зеркало из https://github.com/mozilla/gecko-dev.git
4d7b3b72ef
2020-02-27 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/ssl_masking_unittest.cc, gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h, gtests/ssl_gtest/tls_hkdf_unittest.cc, gtests/ssl_gtest/tls_protect.cc, lib/ssl/dtls13con.c, lib/ssl/ssl3con.c, lib/ssl/ssl3prot.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslprimitive.c, lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13esni.c, lib/ssl/tls13hkdf.c, lib/ssl/tls13hkdf.h, lib/ssl/tls13replay.c: Bug 1608892 - Update DTLS 1.3 to draft-34 r=mt This patch updates the DTLS 1.3 implementation to draft-34. Notable changes: 1) Key separation via `ssl_protocol_variant`. 2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`. 3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters). 4) Parameterize masking tests, as appropriate. 5) Reject non-empty legacy_cookie, and test. 6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`). [52a75c5373ef] [tip] 2020-02-24 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> * lib/cryptohi/secsign.c: Bug 1617387 fix compiler warning r=jcj [ab0e7e272e36] 2020-02-24 Kevin Jacobs <kjacobs@mozilla.com> * gtests/common/testvectors/p384ecdh-vectors.h, gtests/common/testvectors/p521ecdh-vectors.h, gtests/common/wycheproof/genTestVectors.py, gtests/common/wycheproof/source_vectors/ecdh_secp384r1_test.json, gtests/common/wycheproof/source_vectors/ecdh_secp521r1_test.json, gtests/pk11_gtest/pk11_ecdh_unittest.cc: Bug 1612259 - Add Wycheproof vectors for P384 and P521 ECDH. r=bbeurdouche [badb4da1ec85] 2020-02-19 Kevin Jacobs <kjacobs@mozilla.com> * gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mplogic.h: Bug 1609751 - Additional tests for mp_comba r=mt Verify that when clamping, the upper 4 bytes of an `mp_digit` is checked. [a5e8c14016cd] 2020-02-19 Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> * lib/freebl/ecl/ecp_25519.c: Bug 1561337: fix compiler warning r=jcj [4c771e6a79db] Differential Revision: https://phabricator.services.mozilla.com/D64683 --HG-- extra : moz-landing-system : lando |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| ct | ||
| mac/hardenedruntime | ||
| manager | ||
| nss | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||