3f19398f6a0dd324384d31f823f70114fc561f0e: Backed out changesets 5d7c97e14b24 through 17f49897a54d NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 16 Oct 2017 15:18:57 +1100 - rev 14048
Push 2825 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:20:45 +0000
Backed out changesets 5d7c97e14b24 through 17f49897a54d
a34a2d72112fa59c468fdf80f4b3e4a0bb874116: Bug 1405565 - ssl_keylog_unittest: ignore remove failure, r=mt NSS_TLS13_DRAFT19_BRANCH
Peter Wu <peter@lekensteyn.nl> - Sun, 15 Oct 2017 19:21:23 +0100 - rev 14047
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1405565 - ssl_keylog_unittest: ignore remove failure, r=mt The file normally does not exist (ENOENT), only when running tests manually (direct execution of the ssl_gtests binary) you will run into existing files. Ignore the return result to please Coverity.
17f49897a54dbf28315fec52b7fff552015b238e: Bug 1398679 - Make cipher specs properly directional, r?ekr NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 15:49:53 +1000 - rev 14046
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1398679 - Make cipher specs properly directional, r?ekr This makes each cipher spec unidirectional. This is a tiny bit less efficient in TLS 1.2 and earlier, where some of the material could be shared (primarily the master secret), but it is much more efficient for TLS 1.3. Also, there is now only one variable of each type on the specs. Up to now, the specs had two copies of almost everything to support being used for both read and write. Now there are separate specs for reading and writing. We only duplicate the pointers to the master secret, and the cipher definitions. This also does away with the backing array that was used to hold two copies of specs. Cipher specs are allocated on the heap as they are used and reference counted, using the same system as is already used for TLS 1.3. This uses the |direction| attribute that was previously added for TLS 1.3 and uses that more thoroughly. Finally, this REMOVES compression support from libssl entirely.
f40a0235d88d06f9812a4193617fb219a8f0f197: Bug 1398679 - Move much of the cipher spec code into a dedicated file, r?ekr NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 15:48:47 +1000 - rev 14045
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1398679 - Move much of the cipher spec code into a dedicated file, r?ekr This is preliminary work, just to keep the renaming and other such tedious things separate from the main event. This should just move stuff around. I don't think that there are any non-trivial changes (I need to self-review for that though).
5d7c97e14b24071cdfd178fe6171759f769ccaac: Bug 1398663 - Split epoch from sequence number fields in specs, r?ekr NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 14:35:01 +1000 - rev 14044
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1398663 - Split epoch from sequence number fields in specs, r?ekr
4093ae8b787b968ffe85787049e88c5b86d9bfcc: Bug 1398647 - Remove the SECItem used for "storing" the master secret, r=ttaubert NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 12:12:30 +1000 - rev 14043
Push 2823 by martin.thomson@gmail.com at Fri, 13 Oct 2017 01:37:42 +0000
Bug 1398647 - Remove the SECItem used for "storing" the master secret, r=ttaubert
f9945ebc549fa17c18a6de623dbaba4975b6cfdd: Bug 1402410, Backed out changeset b2c26676402a because of test failures
Kai Engert <kaie@kuix.de> - Thu, 12 Oct 2017 18:52:00 +0200 - rev 14042
Push 2822 by kaie@kuix.de at Thu, 12 Oct 2017 16:51:42 +0000
Bug 1402410, Backed out changeset b2c26676402a because of test failures
b2c26676402af28fcb10e563c9ad4b9fd2a4c76e: Bug 1402410, Make nss-softokn verify that RSA exponent is not smaller than 0x10001, when NSS is built with full FIPS support; r=fkiefer, r=kaie
Kai Engert <kaie@kuix.de> - Thu, 12 Oct 2017 18:22:33 +0200 - rev 14041
Push 2821 by kaie@kuix.de at Thu, 12 Oct 2017 16:22:14 +0000
Bug 1402410, Make nss-softokn verify that RSA exponent is not smaller than 0x10001, when NSS is built with full FIPS support; r=fkiefer, r=kaie
994e89150fc1cd0008d19a8ad8aafed565d98069: Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
Kai Engert <kaie@kuix.de> - Thu, 12 Oct 2017 17:59:16 +0200 - rev 14040
Push 2820 by kaie@kuix.de at Thu, 12 Oct 2017 15:58:58 +0000
Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
f3766809817ba03aa8cc1da4fdf48bd011fc01e3: Bug 1405522 - Fix authenticated attribute migration under password changes in the sql DBs r=ttaubert
David Keeler <dkeeler@mozilla.com> - Thu, 12 Oct 2017 13:22:47 +0200 - rev 14039
Push 2819 by ttaubert@mozilla.com at Thu, 12 Oct 2017 11:26:45 +0000
Bug 1405522 - Fix authenticated attribute migration under password changes in the sql DBs r=ttaubert Summary: The underlying issue is that the sqlite-backed DB format stores CK_ULONG values in a machine-independent format, meaning it has to translate back and forth when running on a machine where CK_ULONG is not the same size (or endianness, presumably) as the stored format. Before this patch, both sftkdb_SetAttributeValue and sftk_updateMacs did not use the machine-independent format in the correct places. This manifested in a bug where if the password was changed, certificate trust settings would be reset to "untrusted". Bug #: 1405522 Differential Revision: https://phabricator.services.mozilla.com/D100
0b6c9cf9486f32842dce2c3cdf4e1d8981335619: Bug 1407560 - Tweak integer handling for CID 1419486, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Wed, 11 Oct 2017 20:32:41 +1100 - rev 14038
Push 2818 by martin.thomson@gmail.com at Wed, 11 Oct 2017 21:33:04 +0000
Bug 1407560 - Tweak integer handling for CID 1419486, r=ttaubert
6c08a77543a053129046acff6e985821bfc8adfe: Bug 1397992 - Refactor pk11 signing test cases, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Tue, 10 Oct 2017 08:22:35 +1100 - rev 14037
Push 2817 by martin.thomson@gmail.com at Tue, 10 Oct 2017 00:16:27 +0000
Bug 1397992 - Refactor pk11 signing test cases, r=ttaubert
905d42a409b02ebdabe65000ba916353c519a80a: Fix build issues, a=bustage NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Oct 2017 11:48:26 +1100 - rev 14036
Push 2816 by martin.thomson@gmail.com at Mon, 09 Oct 2017 05:11:26 +0000
Fix build issues, a=bustage
244e8f00c3efa6c7dca02e454e291fc00f748110: Merge NSS trunk to NSS_TLS13_DRAFT19_BRANCH NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Oct 2017 11:30:43 +1100 - rev 14035
Push 2815 by martin.thomson@gmail.com at Mon, 09 Oct 2017 00:32:50 +0000
Merge NSS trunk to NSS_TLS13_DRAFT19_BRANCH
ad8b29fc0466e819af334372c68f0ca9a2b4f54b: Bug 1295163 - Enable datagram TlsZeroRttReplayTest, r=me NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Oct 2017 10:59:14 +1100 - rev 14034
Push 2814 by martin.thomson@gmail.com at Sun, 08 Oct 2017 23:59:24 +0000
Bug 1295163 - Enable datagram TlsZeroRttReplayTest, r=me
a0cb1758c33fc179135d5688851105e8812375ee: Bug 1295163 - Actually enable TlsZeroRttReplayTest, r=mt NSS_TLS13_DRAFT19_BRANCH
Peter Wu <peter@lekensteyn.nl> - Wed, 04 Oct 2017 23:31:08 +0100 - rev 14033
Push 2813 by martin.thomson@gmail.com at Sun, 08 Oct 2017 23:35:25 +0000
Bug 1295163 - Actually enable TlsZeroRttReplayTest, r=mt
342a11656eb760e7060aa2804fffa5e43e5e6080: close MOZILLA_0_6_SECURITY_MAC_BRANCH MOZILLA_0_6_SECURITY_MAC_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 29 Sep 2017 15:17:44 +0200 - rev 14032
Push 2812 by franziskuskiefer@gmail.com at Thu, 05 Oct 2017 08:06:24 +0000
close MOZILLA_0_6_SECURITY_MAC_BRANCH
7750d06dda88eca000e363180cdf405b0c7b1e74: close MOZILLA_0_7_BRANCH MOZILLA_0_7_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 29 Sep 2017 15:17:41 +0200 - rev 14031
Push 2811 by franziskuskiefer@gmail.com at Thu, 05 Oct 2017 08:06:17 +0000
close MOZILLA_0_7_BRANCH
d6c65608ab2c58ff31f4d1160eaa06d787b9517a: close IMGLIB2_20010126_BRANCH IMGLIB2_20010126_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 29 Sep 2017 15:17:36 +0200 - rev 14030
Push 2810 by franziskuskiefer@gmail.com at Thu, 05 Oct 2017 08:06:10 +0000
close IMGLIB2_20010126_BRANCH
cd0eac9716782a778ada5f1b2d9a9e4454cde92c: close XPCDOM_20010223_BRANCH XPCDOM_20010223_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 29 Sep 2017 15:17:33 +0200 - rev 14029
Push 2809 by franziskuskiefer@gmail.com at Thu, 05 Oct 2017 08:06:02 +0000
close XPCDOM_20010223_BRANCH
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 tip