946f134980f369f9f684eca031e550736470c8fc: Bug 1408080, October 2017 batch of root CA changes, r=kwilson
Kai Engert <kaie@kuix.de> - Tue, 17 Oct 2017 19:09:49 +0200 - rev 14052
Push 2829 by kaie@kuix.de at Tue, 17 Oct 2017 17:09:23 +0000
Bug 1408080, October 2017 batch of root CA changes, r=kwilson
5aa759101b03d052f3ddb77403c0987690797783: Bug 1407853 - Uncouple databuffer.h from ssl_gtest, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Thu, 12 Oct 2017 11:52:35 +1100 - rev 14051
Push 2828 by martin.thomson@gmail.com at Tue, 17 Oct 2017 04:22:11 +0000
Bug 1407853 - Uncouple databuffer.h from ssl_gtest, r=ttaubert
e73fedaecd63afe28c9da46cd26906f247375d59: Bug 1403691, follow up fix to allow the pkits tests to work with sql db format
Kai Engert <kaie@kuix.de> - Mon, 16 Oct 2017 12:39:33 +0200 - rev 14050
Push 2827 by kaie@kuix.de at Mon, 16 Oct 2017 10:39:09 +0000
Bug 1403691, follow up fix to allow the pkits tests to work with sql db format
24695a55c095a1c37ed92ac2a4fa6c56595e17c0: Bug 1405565 - ssl_keylog_unittest: ignore remove failure, r=mt
Peter Wu <peter@lekensteyn.nl> - Sun, 15 Oct 2017 19:21:23 +0100 - rev 14049
Push 2826 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:28:02 +0000
Bug 1405565 - ssl_keylog_unittest: ignore remove failure, r=mt The file normally does not exist (ENOENT), only when running tests manually (direct execution of the ssl_gtests binary) you will run into existing files. Ignore the return result to please Coverity.
3f19398f6a0dd324384d31f823f70114fc561f0e: Backed out changesets 5d7c97e14b24 through 17f49897a54d NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 16 Oct 2017 15:18:57 +1100 - rev 14048
Push 2825 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:20:45 +0000
Backed out changesets 5d7c97e14b24 through 17f49897a54d
a34a2d72112fa59c468fdf80f4b3e4a0bb874116: Bug 1405565 - ssl_keylog_unittest: ignore remove failure, r=mt NSS_TLS13_DRAFT19_BRANCH
Peter Wu <peter@lekensteyn.nl> - Sun, 15 Oct 2017 19:21:23 +0100 - rev 14047
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1405565 - ssl_keylog_unittest: ignore remove failure, r=mt The file normally does not exist (ENOENT), only when running tests manually (direct execution of the ssl_gtests binary) you will run into existing files. Ignore the return result to please Coverity.
17f49897a54dbf28315fec52b7fff552015b238e: Bug 1398679 - Make cipher specs properly directional, r?ekr NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 15:49:53 +1000 - rev 14046
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1398679 - Make cipher specs properly directional, r?ekr This makes each cipher spec unidirectional. This is a tiny bit less efficient in TLS 1.2 and earlier, where some of the material could be shared (primarily the master secret), but it is much more efficient for TLS 1.3. Also, there is now only one variable of each type on the specs. Up to now, the specs had two copies of almost everything to support being used for both read and write. Now there are separate specs for reading and writing. We only duplicate the pointers to the master secret, and the cipher definitions. This also does away with the backing array that was used to hold two copies of specs. Cipher specs are allocated on the heap as they are used and reference counted, using the same system as is already used for TLS 1.3. This uses the |direction| attribute that was previously added for TLS 1.3 and uses that more thoroughly. Finally, this REMOVES compression support from libssl entirely.
f40a0235d88d06f9812a4193617fb219a8f0f197: Bug 1398679 - Move much of the cipher spec code into a dedicated file, r?ekr NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 15:48:47 +1000 - rev 14045
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1398679 - Move much of the cipher spec code into a dedicated file, r?ekr This is preliminary work, just to keep the renaming and other such tedious things separate from the main event. This should just move stuff around. I don't think that there are any non-trivial changes (I need to self-review for that though).
5d7c97e14b24071cdfd178fe6171759f769ccaac: Bug 1398663 - Split epoch from sequence number fields in specs, r?ekr NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 14:35:01 +1000 - rev 14044
Push 2824 by martin.thomson@gmail.com at Mon, 16 Oct 2017 04:17:31 +0000
Bug 1398663 - Split epoch from sequence number fields in specs, r?ekr
4093ae8b787b968ffe85787049e88c5b86d9bfcc: Bug 1398647 - Remove the SECItem used for "storing" the master secret, r=ttaubert NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 11 Sep 2017 12:12:30 +1000 - rev 14043
Push 2823 by martin.thomson@gmail.com at Fri, 13 Oct 2017 01:37:42 +0000
Bug 1398647 - Remove the SECItem used for "storing" the master secret, r=ttaubert
f9945ebc549fa17c18a6de623dbaba4975b6cfdd: Bug 1402410, Backed out changeset b2c26676402a because of test failures
Kai Engert <kaie@kuix.de> - Thu, 12 Oct 2017 18:52:00 +0200 - rev 14042
Push 2822 by kaie@kuix.de at Thu, 12 Oct 2017 16:51:42 +0000
Bug 1402410, Backed out changeset b2c26676402a because of test failures
b2c26676402af28fcb10e563c9ad4b9fd2a4c76e: Bug 1402410, Make nss-softokn verify that RSA exponent is not smaller than 0x10001, when NSS is built with full FIPS support; r=fkiefer, r=kaie
Kai Engert <kaie@kuix.de> - Thu, 12 Oct 2017 18:22:33 +0200 - rev 14041
Push 2821 by kaie@kuix.de at Thu, 12 Oct 2017 16:22:14 +0000
Bug 1402410, Make nss-softokn verify that RSA exponent is not smaller than 0x10001, when NSS is built with full FIPS support; r=fkiefer, r=kaie
994e89150fc1cd0008d19a8ad8aafed565d98069: Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
Kai Engert <kaie@kuix.de> - Thu, 12 Oct 2017 17:59:16 +0200 - rev 14040
Push 2820 by kaie@kuix.de at Thu, 12 Oct 2017 15:58:58 +0000
Bug 1403691, Change first NSS test cycle to explicitly use dbm file format, r=rrelyea
f3766809817ba03aa8cc1da4fdf48bd011fc01e3: Bug 1405522 - Fix authenticated attribute migration under password changes in the sql DBs r=ttaubert
David Keeler <dkeeler@mozilla.com> - Thu, 12 Oct 2017 13:22:47 +0200 - rev 14039
Push 2819 by ttaubert@mozilla.com at Thu, 12 Oct 2017 11:26:45 +0000
Bug 1405522 - Fix authenticated attribute migration under password changes in the sql DBs r=ttaubert Summary: The underlying issue is that the sqlite-backed DB format stores CK_ULONG values in a machine-independent format, meaning it has to translate back and forth when running on a machine where CK_ULONG is not the same size (or endianness, presumably) as the stored format. Before this patch, both sftkdb_SetAttributeValue and sftk_updateMacs did not use the machine-independent format in the correct places. This manifested in a bug where if the password was changed, certificate trust settings would be reset to "untrusted". Bug #: 1405522 Differential Revision: https://phabricator.services.mozilla.com/D100
0b6c9cf9486f32842dce2c3cdf4e1d8981335619: Bug 1407560 - Tweak integer handling for CID 1419486, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Wed, 11 Oct 2017 20:32:41 +1100 - rev 14038
Push 2818 by martin.thomson@gmail.com at Wed, 11 Oct 2017 21:33:04 +0000
Bug 1407560 - Tweak integer handling for CID 1419486, r=ttaubert
6c08a77543a053129046acff6e985821bfc8adfe: Bug 1397992 - Refactor pk11 signing test cases, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Tue, 10 Oct 2017 08:22:35 +1100 - rev 14037
Push 2817 by martin.thomson@gmail.com at Tue, 10 Oct 2017 00:16:27 +0000
Bug 1397992 - Refactor pk11 signing test cases, r=ttaubert
905d42a409b02ebdabe65000ba916353c519a80a: Fix build issues, a=bustage NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Oct 2017 11:48:26 +1100 - rev 14036
Push 2816 by martin.thomson@gmail.com at Mon, 09 Oct 2017 05:11:26 +0000
Fix build issues, a=bustage
244e8f00c3efa6c7dca02e454e291fc00f748110: Merge NSS trunk to NSS_TLS13_DRAFT19_BRANCH NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Oct 2017 11:30:43 +1100 - rev 14035
Push 2815 by martin.thomson@gmail.com at Mon, 09 Oct 2017 00:32:50 +0000
Merge NSS trunk to NSS_TLS13_DRAFT19_BRANCH
ad8b29fc0466e819af334372c68f0ca9a2b4f54b: Bug 1295163 - Enable datagram TlsZeroRttReplayTest, r=me NSS_TLS13_DRAFT19_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Mon, 09 Oct 2017 10:59:14 +1100 - rev 14034
Push 2814 by martin.thomson@gmail.com at Sun, 08 Oct 2017 23:59:24 +0000
Bug 1295163 - Enable datagram TlsZeroRttReplayTest, r=me
a0cb1758c33fc179135d5688851105e8812375ee: Bug 1295163 - Actually enable TlsZeroRttReplayTest, r=mt NSS_TLS13_DRAFT19_BRANCH
Peter Wu <peter@lekensteyn.nl> - Wed, 04 Oct 2017 23:31:08 +0100 - rev 14033
Push 2813 by martin.thomson@gmail.com at Sun, 08 Oct 2017 23:35:25 +0000
Bug 1295163 - Actually enable TlsZeroRttReplayTest, r=mt
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 tip