03d7bcade60aa49fa7561215c83c176d0709b200: Bug 1529813 - Expose Hkdf-Expand-Label with mechanism, r=ekr
Martin Thomson <mt@lowentropy.net> - Fri, 15 Mar 2019 09:07:53 +1100 - rev 15052
Push 3300 by martin.thomson@gmail.com at Thu, 14 Mar 2019 23:53:48 +0000
Bug 1529813 - Expose Hkdf-Expand-Label with mechanism, r=ekr Summary: It turns out that leaf keys sometimes need to be exposed with different mechanisms and sizes. The default function provides something good enough for use with the AEAD functions that were exposed, but if you want to use the key directly, that isn't enough. So here we are: new arguments for specifying the mechanism and key size are needed. Reviewers: ekr Tags: #secure-revision Bug #: 1529813 Differential Revision: https://phabricator.services.mozilla.com/D23596
2c1cd23c3718c05b7b03b35812e28338a09a7f1e: Added tag NSS_3_43_BETA3 for changeset de94039f5c30 NSS_3_43_BRANCH
Kai Engert <kaie@kuix.de> - Thu, 14 Mar 2019 21:25:42 +0100 - rev 15051
Push 3299 by kaie@kuix.de at Thu, 14 Mar 2019 20:25:55 +0000
Added tag NSS_3_43_BETA3 for changeset de94039f5c30
de94039f5c30ff6e6e7beeccd61fb1aeec5abe47: Bug 1529308, amend earlier commit 68578ca0ba17f205e4f92512157368eaf1694eb3, which wasn't the reviewed patch. r=jcj NSS_3_43_BRANCH NSS_3_43_BETA3
Kai Engert <kaie@kuix.de> - Thu, 14 Mar 2019 21:12:08 +0100 - rev 15050
Push 3299 by kaie@kuix.de at Thu, 14 Mar 2019 20:25:55 +0000
Bug 1529308, amend earlier commit 68578ca0ba17f205e4f92512157368eaf1694eb3, which wasn't the reviewed patch. r=jcj
3ed1a9e945feb1c8653a01d2bda6b55cb525bc6f: Bug 1529308, amend earlier commit 68578ca0ba17f205e4f92512157368eaf1694eb3, which wasn't the reviewed patch. r=jcj
Kai Engert <kaie@kuix.de> - Thu, 14 Mar 2019 21:03:38 +0100 - rev 15049
Push 3298 by kaie@kuix.de at Thu, 14 Mar 2019 20:03:45 +0000
Bug 1529308, amend earlier commit 68578ca0ba17f205e4f92512157368eaf1694eb3, which wasn't the reviewed patch. r=jcj
f0235b8ca87c54c9e21d9f3922db13c48fdb9218: Added tag NSS_3_43_BETA2 for changeset e611b174c065 NSS_3_43_BRANCH
J.C. Jones <jjones@mozilla.com> - Wed, 13 Mar 2019 16:57:13 -0700 - rev 15048
Push 3297 by jjones@mozilla.com at Wed, 13 Mar 2019 23:58:22 +0000
Added tag NSS_3_43_BETA2 for changeset e611b174c065
e611b174c065cb744194b916af3ec669ee66169a: Bug 1517714 - Properly handle ESNI with HRR, r=mt NSS_3_43_BRANCH NSS_3_43_BETA2
Ekr <ekr@rtfm.com> - Thu, 14 Mar 2019 07:58:21 +1100 - rev 15047
Push 3296 by jjones@mozilla.com at Wed, 13 Mar 2019 23:53:40 +0000
Bug 1517714 - Properly handle ESNI with HRR, r=mt
acfa940c8a18e108b9be153f66c7f77119a1b396: Bug 1535122 - Align TLS 1.3 HKDF trace levels, r=mt NSS_3_43_BRANCH
Ekr <ekr@rtfm.com> - Thu, 14 Mar 2019 07:57:45 +1100 - rev 15046
Push 3296 by jjones@mozilla.com at Wed, 13 Mar 2019 23:53:40 +0000
Bug 1535122 - Align TLS 1.3 HKDF trace levels, r=mt
81275ef77c8d26a984733f7a591aa1792eb9d9a2: Bug 1517714 - Properly handle ESNI with HRR, r=mt
Ekr <ekr@rtfm.com> - Thu, 14 Mar 2019 07:58:21 +1100 - rev 15045
Push 3295 by martin.thomson@gmail.com at Wed, 13 Mar 2019 21:14:40 +0000
Bug 1517714 - Properly handle ESNI with HRR, r=mt
2292f1b96d97d0a229e1133a601774306965abe7: Bug 1535122 - Align TLS 1.3 HKDF trace levels, r=mt
Ekr <ekr@rtfm.com> - Thu, 14 Mar 2019 07:57:45 +1100 - rev 15044
Push 3295 by martin.thomson@gmail.com at Wed, 13 Mar 2019 21:14:40 +0000
Bug 1535122 - Align TLS 1.3 HKDF trace levels, r=mt
cf681f9cffd6107ba759d61336328deb1f26f693: Bug 1530472 - handle issue when server ECC key is in a token that doesn't handle the TLS mechanisms.
Robert Relyea <rrelyea@redhat.com> - Thu, 07 Mar 2019 15:53:21 -0800 - rev 15043
Push 3294 by rrelyea@redhat.com at Tue, 12 Mar 2019 00:02:04 +0000
Bug 1530472 - handle issue when server ECC key is in a token that doesn't handle the TLS mechanisms. Differential Revision: https://phabricator.services.mozilla.com/D22625
740e49c4fb0e63db9877dbf893c48a5a3ae9f103: Added tag NSS_3_43_BETA1 for changeset 55dfd930f934 NSS_3_43_BRANCH
J.C. Jones <jjones@mozilla.com> - Fri, 08 Mar 2019 14:38:17 -0700 - rev 15042
Push 3293 by jjones@mozilla.com at Fri, 08 Mar 2019 21:48:57 +0000
Added tag NSS_3_43_BETA1 for changeset 55dfd930f934
55dfd930f93447ad3daeecdd319e87b59a6ca275: Bug 1531074 - SECKEY_SetPublicValue derefs after null checks, r=rrelyea NSS_3_43_BETA1
Martin Thomson <mt@lowentropy.net> - Thu, 28 Feb 2019 07:06:59 +1100 - rev 15041
Push 3292 by martin.thomson@gmail.com at Fri, 08 Mar 2019 05:37:37 +0000
Bug 1531074 - SECKEY_SetPublicValue derefs after null checks, r=rrelyea Summary: This should help with our coverity analysis. Reviewers: rrelyea Tags: #secure-revision Bug #: 1531074 Differential Revision: https://phabricator.services.mozilla.com/D21423
a306d84e4c70fd97fec81b30f7945661b6508727: Bug 1533087 - March 2019 batch of root changes r=kwilson
J.C. Jones <jjones@mozilla.com> - Wed, 06 Mar 2019 10:53:58 -0800 - rev 15040
Push 3291 by jjones@mozilla.com at Wed, 06 Mar 2019 20:22:30 +0000
Bug 1533087 - March 2019 batch of root changes r=kwilson Summary: Additions: eMudhra: Bug 1515457 Hongkong Post: Bug 1532753 Tags: #secure-revision Bug #: 1533087 Differential Revision: https://phabricator.services.mozilla.com/D22357
2207f6eb1c3cde2b18a2ad71eb73c0138bc593d0: Bug 1521174 - Add some initial S/MIME gtests r=mt
J.C. Jones <jjones@mozilla.com> - Mon, 10 Dec 2018 08:01:16 -0700 - rev 15039
Push 3290 by jjones@mozilla.com at Wed, 06 Mar 2019 15:34:57 +0000
Bug 1521174 - Add some initial S/MIME gtests r=mt Differential Revision: https://phabricator.services.mozilla.com/D17014
7ab8f43873f5940e64ca61a3247dd1d8837d7577: Bug 1513909, add manual for nss-policy-check, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Mon, 04 Mar 2019 14:58:28 +0100 - rev 15038
Push 3289 by dueno@redhat.com at Mon, 04 Mar 2019 16:37:11 +0000
Bug 1513909, add manual for nss-policy-check, r=rrelyea
0ca8eb488eacb7e8b4e0480ae99330165ebfd631: Bug 1528262, add -J option to strsclnt to specify sigschemes, r=mt
Daiki Ueno <dueno@redhat.com> - Mon, 04 Mar 2019 11:13:38 +0100 - rev 15037
Push 3288 by dueno@redhat.com at Mon, 04 Mar 2019 10:14:07 +0000
Bug 1528262, add -J option to strsclnt to specify sigschemes, r=mt Reviewers: mt Reviewed By: mt Bug #: 1528262 Differential Revision: https://phabricator.services.mozilla.com/D21516
5ea3ab44389052cd2a8174350b86fb8fdadce075: Bug 1529813 - Expose HKDF-Expand-Label, r=ekr
Martin Thomson <martin.thomson@gmail.com> - Tue, 26 Feb 2019 16:07:29 +1100 - rev 15036
Push 3287 by martin.thomson@gmail.com at Sun, 03 Mar 2019 21:54:45 +0000
Bug 1529813 - Expose HKDF-Expand-Label, r=ekr Summary: I forgot about packet number encryption. This will help with that. I decided to replace DeriveSecret with this. No point in having that when you have this. Reviewers: ekr Bug #: 1529813 Differential Revision: https://phabricator.services.mozilla.com/D20937
536fd7c9db5a19e7429039ffa591ac576bc0d930: 1531267, enable FIPS mode if the system FIPS mode flag is set, r=jcj,mt
Robert Relyea <rrelyea@redhat.com> - Thu, 28 Feb 2019 09:59:05 +0100 - rev 15035
Push 3286 by dueno@redhat.com at Fri, 01 Mar 2019 09:22:40 +0000
1531267, enable FIPS mode if the system FIPS mode flag is set, r=jcj,mt This patch forces NSS into FIPS mode if system fips mode bit is set. - If that bit is set, applications trying to switch out of FIPS mode will get and error code. - Applications that check to see if they can change modes (Like Firefox and Thunderbird) will be told it can't, so the firefox <Disable FIPS> button should be grayed out if the sytem fips mode bit is set. If the bit is not set, NSS get's it's FIPS indication it's traditional way, so the Firefox 'Enable FIPS' button will be on as normal. This but does not change NSS behavior WRT non-FIPS algorithms.
68578ca0ba17f205e4f92512157368eaf1694eb3: Bug 1529308 - Use a new comm_client flag in nss.gyp, which enables TB to build cmsutil. r=jcj
Kai Engert <kaie@kuix.de> - Thu, 28 Feb 2019 10:44:02 +0100 - rev 15034
Push 3285 by kaie@kuix.de at Thu, 28 Feb 2019 09:44:36 +0000
Bug 1529308 - Use a new comm_client flag in nss.gyp, which enables TB to build cmsutil. r=jcj
ee8e4996a6b364a2d7c65fd734afcb63c865ac7b: Bug 1530134 - Run clang-format without docker as a fallback, r=jcj
Martin Thomson <martin.thomson@gmail.com> - Tue, 26 Feb 2019 10:34:38 +1100 - rev 15033
Push 3284 by martin.thomson@gmail.com at Thu, 28 Feb 2019 05:36:28 +0000
Bug 1530134 - Run clang-format without docker as a fallback, r=jcj Running clang-format with a bad version is better than not running it at all. Reviewers: jcj Reviewed By: jcj Bug #: 1530134 Differential Revision: https://phabricator.services.mozilla.com/D20938
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 tip