b5d90a7fe2174eb311922906ef533254bf25fb7c: Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye
Robert Relyea <rrelyea@redhat.com> - Tue, 18 Feb 2020 11:47:29 -0800 - rev 15536
Push 3695 by rrelyea@redhat.com at Tue, 17 Mar 2020 18:07:26 +0000
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye https://phabricator.services.mozilla.com/D63241 This patch implements the first phase: updating the headers. lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h Were updated using the released OASIS PKCS #11 v3.0 header files. lib/util/pkcs11n.h was updated to finally deprecate all uses of CK?_NETSCAPE_?. A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the small semantic changes (including the removal of deprecated defines) between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are reverted in favor of the PKCS #11 v2 definitions. This include the removal of CK?_NETSCAPE_? in favor of CK?_NSS_?. One notable change was caused by an inconsistancy between the spec and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an extra field in the header that was not in the spec. OASIS considers the header file to be normative, so PKCS #11 v3.0 resolved the issue in favor of the header file definition. NSS had the spec definition, so now there are 2 defines for this structure: CK_NSS_GCM_PARAMS - the old nss define. Still used internally in freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined. Softoken has been updated to accept either CK_NSS_GCM_PARAMS or CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS. One other semantic difference between the 3.0 version of pkcs11f.h and the version here: In the oasis version of the header, you must define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In our version you must define CK_PKCS11_3 to get the PCKS #11 v3 defines. Most of this patch is to handle changing the deprecated defines that have been removed in PCKS #11 v3 from NSS. Differential Revision: https://phabricator.services.mozilla.com/D63241
44eb9e27d9460f850174913e004368d6cdd4b4bd: Bug 1617968 - Update Delegated Credentials implementation to draft-07 r=mt
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 16 Mar 2020 22:06:14 +0000 - rev 15535
Push 3694 by kjacobs@mozilla.com at Tue, 17 Mar 2020 00:14:03 +0000
Bug 1617968 - Update Delegated Credentials implementation to draft-07 r=mt Remove support for RSAE in delegated credentials (both in DC signatures and SPKIs), add SignatureScheme list functionality to initial DC extension. Differential Revision: https://phabricator.services.mozilla.com/D65252
d7b12847a6503ebcb3f7df56badc79149207d476: Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy
Robert Relyea <rrelyea@redhat.com> - Fri, 13 Mar 2020 11:17:11 -0700 - rev 15534
Push 3693 by rrelyea@redhat.com at Fri, 13 Mar 2020 19:01:46 +0000
Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy https://phabricator.services.mozilla.com/D59412 When testing Bug 1608245, I realized that I had inadvertently broken fipstest.c's handling of KI and KI_len. This lead to it passing bogus keys (with unusually large lengths exceeding the bounds of sizeof KI) to kbkdf_Dispatch(...). This uses Bob Relyea's suggestion on how to handle this: detect the size of KI when processing the mech selection, storing KI_len there. This simplifies reading of the KI value in later code.
4c43bc0998f39884da48febd56aa7fff34bcabfd: Bug 1608245 KBKDF - Consistently handle NULL slot/session r=kjacobs
Robert Relyea <rrelyea@redhat.com> - Fri, 13 Mar 2020 10:58:55 -0700 - rev 15533
Push 3692 by rrelyea@redhat.com at Fri, 13 Mar 2020 18:01:15 +0000
Bug 1608245 KBKDF - Consistently handle NULL slot/session r=kjacobs Patch by cipherboy, review by kjacobs. https://phabricator.services.mozilla.com/D59409 Per Bug 1607955, the KBKDF code introduced in Bug 1599603 confused Coverity with a elided NULL check on sftk_SlotFromSessionHandle(...). While Coverity is incorrect (and the behavior is fine as-is), it isn't consistent with the KBKDF code's handling of sftk_SessionFromHandle(...) (which is NULL checked). This brings these two call sites into internal consistency.
710d10a72934b52713e44cba4a8aeb0668f2b9c0: Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket r=jcj,bbeurdouche
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 10 Mar 2020 14:28:14 +0000 - rev 15532
Push 3691 by kjacobs@mozilla.com at Tue, 10 Mar 2020 17:03:57 +0000
Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket r=jcj,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D66130
12fc91fad84ad7f514d7abe64c15b375515a3710: Bug 1618739 - Don't assert fuzzer behavior in SSL_ParseSessionTicket r=jcj
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 09 Mar 2020 22:18:59 +0000 - rev 15531
Push 3690 by kjacobs@mozilla.com at Mon, 09 Mar 2020 22:32:04 +0000
Bug 1618739 - Don't assert fuzzer behavior in SSL_ParseSessionTicket r=jcj Differential Revision: https://phabricator.services.mozilla.com/D66122
08944e50dce0c95dfe009ceccf6608815bc56e5c: Bug 1619056 - Update README: TLS 1.3 is not experimental anymore. r=jcj
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Tue, 03 Mar 2020 16:53:23 +0000 - rev 15530
Push 3689 by kjacobs@mozilla.com at Mon, 09 Mar 2020 16:31:56 +0000
Bug 1619056 - Update README: TLS 1.3 is not experimental anymore. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D64863
53803dc4628f9750125c2cb27319845df75cc189: Bug 1619102 - Add workaround option to include both DTLS and TLS versions in DTLS supported_versions. r=mt
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 09 Mar 2020 15:09:20 +0000 - rev 15529
Push 3688 by kjacobs@mozilla.com at Mon, 09 Mar 2020 15:17:47 +0000
Bug 1619102 - Add workaround option to include both DTLS and TLS versions in DTLS supported_versions. r=mt Add an experimental function for enabling a DTLS 1.3 supported_versions compatibility workaround. Differential Revision: https://phabricator.services.mozilla.com/D65735
7e09cdab32d0adac17ea3796c6837aba6fe5453f: Bug 1612493 - Fix Firefox build for Windows 2012 x64. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Mon, 09 Mar 2020 14:13:50 +0000 - rev 15528
Push 3687 by kjacobs@mozilla.com at Mon, 09 Mar 2020 14:22:00 +0000
Bug 1612493 - Fix Firefox build for Windows 2012 x64. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D65945
73971cbbc28859be06efa4e129ca56a7d0daa63c: Added tag NSS_3_51_RTM for changeset d3e6d637eaec NSS_3_51_BRANCH
Kevin Jacobs <kjacobs@mozilla.com> - Fri, 06 Mar 2020 10:45:46 -0800 - rev 15527
Push 3686 by kjacobs@mozilla.com at Fri, 06 Mar 2020 20:34:18 +0000
Added tag NSS_3_51_RTM for changeset d3e6d637eaec
d3e6d637eaec993866502b390e697233935553e3: Set version numbers to 3.51 final NSS_3_51_BRANCH NSS_3_51_RTM
Kevin Jacobs <kjacobs@mozilla.com> - Fri, 06 Mar 2020 10:44:20 -0800 - rev 15526
Push 3686 by kjacobs@mozilla.com at Fri, 06 Mar 2020 20:34:18 +0000
Set version numbers to 3.51 final
bea0b3a5d45110d80159b1d47b5c45ba9fef2025: Added tag NSS_3_51_BETA2 for changeset 6e610ed9b196 NSS_3_51_BRANCH
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 03 Mar 2020 17:58:54 -0800 - rev 15525
Push 3685 by kjacobs@mozilla.com at Wed, 04 Mar 2020 02:10:03 +0000
Added tag NSS_3_51_BETA2 for changeset 6e610ed9b196
6e610ed9b196cc8b9e58e4e6efd2436add727946: Backed out changeset b6677ae9067e (Bug 1612493) for Windows build failures. NSS_3_51_BRANCH NSS_3_51_BETA2
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 03 Mar 2020 15:47:36 -0800 - rev 15524
Push 3684 by kjacobs@mozilla.com at Wed, 04 Mar 2020 01:27:00 +0000
Backed out changeset b6677ae9067e (Bug 1612493) for Windows build failures.
4215a0b45a221bc4d0416eb458d3e2339711ef00: Backed out changeset d5deac55f543 NSS_3_51_BRANCH
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 03 Mar 2020 15:46:55 -0800 - rev 15523
Push 3684 by kjacobs@mozilla.com at Wed, 04 Mar 2020 01:27:00 +0000
Backed out changeset d5deac55f543
0e2ea0cc28bd536d31c0cd593a44d42ce537af9d: Set version numbers to 3.52 Beta
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 02 Mar 2020 12:28:39 -0800 - rev 15522
Push 3683 by kjacobs@mozilla.com at Mon, 02 Mar 2020 20:33:17 +0000
Set version numbers to 3.52 Beta
9564790a9cf6bca654b5f630b2764787ccbbca2a: Added tag NSS_3_51_BETA1 for changeset b17a367b83de NSS_3_51_BRANCH
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 02 Mar 2020 12:13:12 -0800 - rev 15521
Push 3682 by kjacobs@mozilla.com at Mon, 02 Mar 2020 20:21:17 +0000
Added tag NSS_3_51_BETA1 for changeset b17a367b83de
b17a367b83de9ac633bbe9e8258c15c978d30952: Bug 1614183 - Fixup, clang-format. r=me NSS_3_51_BETA1
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 02 Mar 2020 10:44:38 -0800 - rev 15520
Push 3681 by kjacobs@mozilla.com at Mon, 02 Mar 2020 19:00:49 +0000
Bug 1614183 - Fixup, clang-format. r=me
bb7c46049f26cd2f44acc6ac51ffa4004158e1d7: Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>). r=kjacobs
Giulio Benetti <giulio.benetti@benettiengineering.com> - Mon, 02 Mar 2020 10:09:04 -0800 - rev 15519
Push 3680 by kjacobs@mozilla.com at Mon, 02 Mar 2020 18:27:01 +0000
Bug 1614183 - Check if PPC __has_include(<sys/auxv.h>). r=kjacobs Some build environment doesn't provide <sys/auxv.h> and this causes build failure, so let's check if that header exists by using __has_include() helper. Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
2c989888dee7512662365910c9f7f96f11816aba: Bug 1618400 - Fix unused variable 'getauxval' on OpenBSD/arm64 r=jcj
Kurt Miller <kurt@intricatesoftware.com> - Mon, 02 Mar 2020 10:28:34 -0700 - rev 15518
Push 3679 by jjones@mozilla.com at Mon, 02 Mar 2020 18:00:07 +0000
Bug 1618400 - Fix unused variable 'getauxval' on OpenBSD/arm64 r=jcj https://bugzilla.mozilla.org/show_bug.cgi?id=1618400
d5deac55f54350d60fd6ae69899ac399fdfcfc72: Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and Chacha20Poly1305. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Fri, 28 Feb 2020 22:00:34 +0000 - rev 15517
Push 3678 by kjacobs@mozilla.com at Mon, 02 Mar 2020 16:28:40 +0000
Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and Chacha20Poly1305. r=kjacobs *** Bug 1612493 - Import AVX2 code from HACL* *** Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE *** Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp *** Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2 *** Bug 1612493 - Disable tests when the platform doesn't have support for AVX2 Differential Revision: https://phabricator.services.mozilla.com/D64718
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 tip