b0cfcff316261733a183e3c4a9e211b479f58a86: Added tag NSS_3_74_RTM for changeset 83d13f65aff5 NSS_3_74_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 06 Jan 2022 12:39:17 +0100 - rev 16095
Push 4062 by bbeurdouche@mozilla.com at Thu, 06 Jan 2022 11:40:12 +0000
Added tag NSS_3_74_RTM for changeset 83d13f65aff5
83d13f65aff55bba36016fbe81095d02e006dd1f: Set version numbers to 3.74 RTM NSS_3_74_BRANCH NSS_3_74_RTM
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 06 Jan 2022 12:38:58 +0100 - rev 16094
Push 4062 by bbeurdouche@mozilla.com at Thu, 06 Jan 2022 11:40:12 +0000
Set version numbers to 3.74 RTM
e04f9534a194392a2fced9e4692784429824235c: Fix formatting for gtests/ssl_gtest/tls_filter.cc
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Wed, 05 Jan 2022 17:07:29 +0100 - rev 16093
Push 4061 by bbeurdouche@mozilla.com at Wed, 05 Jan 2022 16:07:57 +0000
Fix formatting for gtests/ssl_gtest/tls_filter.cc
b49989d67356e85d520bb5bfe5aa9b8a3a79d0f8: Set version numbers to 3.75 Beta
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Wed, 05 Jan 2022 15:03:03 +0100 - rev 16092
Push 4060 by bbeurdouche@mozilla.com at Wed, 05 Jan 2022 14:03:13 +0000
Set version numbers to 3.75 Beta
2902346fab195bb18486a502f306d9a0f711d15d: Bug 1747310 - real move assignment operator, r=nss-reviewers,bbeurdouche
Martin Thomson <mt@lowentropy.net> - Wed, 05 Jan 2022 13:45:04 +0000 - rev 16091
Push 4059 by bbeurdouche@mozilla.com at Wed, 05 Jan 2022 13:47:10 +0000
Bug 1747310 - real move assignment operator, r=nss-reviewers,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D134818
52ff95ddeeef96656a31712b4367a2c9175ba861: Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests. r=nkulatova
Natalia Kulatova <nkulatova@mozilla.com> - Wed, 05 Jan 2022 13:23:33 +0000 - rev 16090
Push 4058 by bbeurdouche@mozilla.com at Wed, 05 Jan 2022 13:25:38 +0000
Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests. r=nkulatova Differential Revision: https://phabricator.services.mozilla.com/D134866
3089389aafe4ebc7365bfd31ef629a89f9a8e44f: Bug 1743302 - Add ECDSA test vectors to the bltest command line tool r=nss-reviewers,bbeurdouche
Natalia Kulatova <nkulatova@mozilla.com> - Wed, 05 Jan 2022 13:23:33 +0000 - rev 16089
Push 4058 by bbeurdouche@mozilla.com at Wed, 05 Jan 2022 13:25:38 +0000
Bug 1743302 - Add ECDSA test vectors to the bltest command line tool r=nss-reviewers,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D134702
d982efc0e22d3739246786de419e6051f7a5e4a2: Bug 1747772 - Allow to build using clang's integrated assembler. r=bbeurdouche
Mike Hommey <mh@glandium.org> - Tue, 04 Jan 2022 22:50:03 +0000 - rev 16088
Push 4057 by mh@glandium.org at Tue, 04 Jan 2022 22:52:08 +0000
Bug 1747772 - Allow to build using clang's integrated assembler. r=bbeurdouche Since clang 9, NSS can build for x86_64 without the -fno-integrated-as flag. The tricky part is that clang versions are unreliable. For instance, a check for "clang version 9 or more" would break building with Xcode versions between 9.0 and 11.3.1 (because clang in those say it has version >= 9, but they are actually clang versions between 4.0 and 8.0; the clang version reflects the Xcode version, not the real clang version). We do have a complicated version check in Firefox that works around that, but I don't feel like porting this to NSS, so instead, allow to set a gyp variable to force enable it, and let the Firefox build system decide for itself. Differential Revision: https://phabricator.services.mozilla.com/D134741
c468deab26338621ce875bfaaa8cbdb2058761ab: Bug 1321398 - Allow to override python for the build. r=bbeurdouche
Mike Hommey <mh@glandium.org> - Tue, 04 Jan 2022 22:06:19 +0000 - rev 16087
Push 4056 by mh@glandium.org at Tue, 04 Jan 2022 22:08:25 +0000
Bug 1321398 - Allow to override python for the build. r=bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D134739
a6d0435514b6dc9d0e6974cf0a4fa2ce07402de0: Added tag NSS_3_74_BETA1 for changeset 1831460a6f34 NSS_3_74_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Fri, 31 Dec 2021 13:32:22 +0100 - rev 16086
Push 4055 by bbeurdouche@mozilla.com at Fri, 31 Dec 2021 12:32:45 +0000
Added tag NSS_3_74_BETA1 for changeset 1831460a6f34
fed99dcac37f311fbab373dd6f5ed358123afe57: Bug 1747317 - test HKDF output rather than input, r=nss-reviewers,jschanck
Martin Thomson <mt@lowentropy.net> - Tue, 28 Dec 2021 23:25:50 +0000 - rev 16085
Push 4054 by mthomson@mozilla.com at Tue, 28 Dec 2021 23:27:57 +0000
Bug 1747317 - test HKDF output rather than input, r=nss-reviewers,jschanck Depends on D134557 Differential Revision: https://phabricator.services.mozilla.com/D134558
19d7a09a001c77c454ecd1e29833c6819b0a935b: Bug 1747316 - Use ASSERT_ macros to end failed tests early, r=nss-reviewers,jschanck
Martin Thomson <mt@lowentropy.net> - Tue, 28 Dec 2021 23:25:50 +0000 - rev 16084
Push 4054 by mthomson@mozilla.com at Tue, 28 Dec 2021 23:27:57 +0000
Bug 1747316 - Use ASSERT_ macros to end failed tests early, r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D134557
6a6731d4e0a38a4e42060597061606e864aa107d: Bug 1747310 - move assignment operator for DataBuffer r=nss-reviewers,jschanck
Martin Thomson <mt@lowentropy.net> - Tue, 28 Dec 2021 23:25:49 +0000 - rev 16083
Push 4054 by mthomson@mozilla.com at Tue, 28 Dec 2021 23:27:57 +0000
Bug 1747310 - move assignment operator for DataBuffer r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D134556
d41c0fcdcf85118f1866880d10ac7bf15d7edc5f: Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH. r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:32 +0000 - rev 16082
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH. r=mt * Update the test custom extension injectors to create large (1024 byte) extensions * Update the compression tests to verify that compression ocurrs correctly. * Add tests to ensure that when accepting ECH, the client rejects Xtns which are only valid for the CHO and vice versa Differential Revision: https://phabricator.services.mozilla.com/D130699
ea27fc06556ad8203425bce244b90ff003b75af5: Bug 1725938 - Update tests for ECH-13. r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:31 +0000 - rev 16081
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1725938 - Update tests for ECH-13. r=mt * Add a new test helper function for creating an ECH Config/ * Update ECH Config tests to dynamically generate their configs. * Regenerate tests using fixed ClientHello configs for ECH-13. * Add test for recursive ECH Outer Extensions. * Add test for ECH Inner Extension with payload (should be empty). * Add test to ensure AAD covers both before and after ECH extension. Differential Revision: https://phabricator.services.mozilla.com/D130698
dbfeabc22622b027459e3cfd256a3cf7e8ce0fc8: Bug 1725938 - Tidy up error handling r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:31 +0000 - rev 16080
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1725938 - Tidy up error handling r=mt Small commit to tidy up the error handling when receiving ECH extensions. Differential Revision: https://phabricator.services.mozilla.com/D130697
28c3375fe2efb6b5821e9fa06a672b4cae90ed8b: Bug 1728281 - Add tests for ECH HRR Changes. r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:31 +0000 - rev 16079
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1728281 - Add tests for ECH HRR Changes. r=mt Testcases for HRR ECH Xtns: - Clients reject xtns of the wrong size. - Clients reject mangled xtns. - Clients reject unsolicited xtns. - Servers send ECH HRR Xtns when accepting, rejecting or GREASEing - Clients and Servers do not send xtns if disabled and not GREASEing - Clients alert if servers accept ECH in HRR, then reject in SH. Differential Revision: https://phabricator.services.mozilla.com/D130696
e387d382de4799591436a28cc8cdc4a8cc45e0cd: Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference. r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:30 +0000 - rev 16078
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference. r=mt Draft 13 added an ECH extension for HRR messages. When GREASEing, this should only be sent if the server was configured with ECH support or explicitly opted in. Differential Revision: https://phabricator.services.mozilla.com/D130695
e31c41c04527750434f9f9180b4eb53d50243eea: Bug 1725938 - Update generation of the Associated Data for ECH-13 r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:30 +0000 - rev 16077
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1725938 - Update generation of the Associated Data for ECH-13 r=mt In Draft 13, the associated data compromises the entire ClientHelloOuter, with the ECH payload zeroed out. This patch updates the generation of the ClientHelloOuter and associated data and unifies the generation of the ECH Xtn. As a result, tls13_EncryptClientHello now puts the encrypted ClientHelloInner directly into the ClientHelloOuter. Differential Revision: https://phabricator.services.mozilla.com/D124649
beef1385132760879b9b8c9cecd4e0bb9d8b8efe: Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello r=mt
Dennis Jackson <djackson@mozilla.com> - Fri, 17 Dec 2021 13:21:29 +0000 - rev 16076
Push 4053 by djackson@mozilla.com at Fri, 17 Dec 2021 13:23:39 +0000
Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello r=mt Previously, we only tracked whether we'd advertised an extension at all. This change allows us to track the advertisements for both the Outer and Inner Client Hello seperately. If the server accepts ECH but includes an extension we only offered in the Outer Client Hello, we will send an alert. As a side-effect, if the client offers an extension in the ClientHelloInner which is not offered in the ClientHelloOuter and the server accepts, we will send the same alert. It is unclear whether this is desirable behavior or not - since if we did not alert this would allow a network observer to distinguish whether ECH was used. Differential Revision: https://phabricator.services.mozilla.com/D125193
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 tip