d41f5350554e1c89e42c52b962e89fd585bee99d: Set version numbers to 3.49 final NSS_3_49_BRANCH NSS_3_49_RTM
J.C. Jones <jjones@mozilla.com> - Fri, 03 Jan 2020 13:27:43 -0700 - rev 15447
Push 3627 by jjones@mozilla.com at Fri, 03 Jan 2020 20:30:28 +0000
Set version numbers to 3.49 final
569ca5b163e7bfac933d154c06f315d5b7d79cbb: Set version numbers to 3.50 Beta
J.C. Jones <jjones@mozilla.com> - Fri, 03 Jan 2020 13:28:32 -0700 - rev 15446
Push 3626 by jjones@mozilla.com at Fri, 03 Jan 2020 20:30:04 +0000
Set version numbers to 3.50 Beta
993717228da05c6bf468ac861f01b6849a94eae3: Bug 1513586 - Set downgrade sentinel for client TLS versions lower than 1.2. r=mt
Kevin Jacobs <kjacobs@mozilla.com> - Thu, 02 Jan 2020 20:46:26 +0000 - rev 15445
Push 3625 by mthomson@mozilla.com at Fri, 03 Jan 2020 05:14:23 +0000
Bug 1513586 - Set downgrade sentinel for client TLS versions lower than 1.2. r=mt Per-[[ https://tools.ietf.org/html/rfc8446#section-4.1.3 | RFC 8446 ]], the downgrade sentinel must be set by a TLS 1.3 server (and should be set by a TLS 1.2 server) that negotiates TLS 1.0 or 1.1. This patch corrects the behavior and adds a test. Differential Revision: https://phabricator.services.mozilla.com/D57585
62d36f2ee1cc7d86939582af1a3440d11c2b726e: Added tag NSS_3_49_BETA1 for changeset 9ecd41cd2fa3
J.C. Jones <jjones@mozilla.com> - Thu, 02 Jan 2020 08:25:44 -0700 - rev 15444
Push 3624 by jjones@mozilla.com at Thu, 02 Jan 2020 15:59:47 +0000
Added tag NSS_3_49_BETA1 for changeset 9ecd41cd2fa3
9ecd41cd2fa3c88217c75d0642fca9154a16d162: Bug 1606025 - Remove -Wmaybe-uninitialized warning in sslsnce.c r=jcj NSS_3_49_BETA1
Giulio Benetti <giulio.benetti@benettiengineering.com> - Thu, 02 Jan 2020 08:21:23 -0700 - rev 15443
Push 3623 by jjones@mozilla.com at Thu, 02 Jan 2020 15:24:12 +0000
Bug 1606025 - Remove -Wmaybe-uninitialized warning in sslsnce.c r=jcj (Amended by jcj to also set privKeyCopy to NULL)
7ab634a7d7724142f21e5b1c90b32890947090a9: Bug 1606119 - Fix PPC HW Crypto build failure r=jcj
Giulio Benetti <giulio.benetti@benettiengineering.com> - Thu, 02 Jan 2020 08:14:50 -0700 - rev 15442
Push 3622 by jjones@mozilla.com at Thu, 02 Jan 2020 15:16:43 +0000
Bug 1606119 - Fix PPC HW Crypto build failure r=jcj All Altivec *_be() functions are supported from gcc version 8.x not 5.x so modify gcc version check that at the moment cause build failure due to missing Altivec *_be() functions.
748b308170a4092cbb98a6577d4a16e8956452b2: Bug 1605545 - Fix memory leak in Pk11Install_Platform_Generate. r=mt
Alex Henrie <alexhenrie24@gmail.com> - Wed, 01 Jan 2020 23:13:46 +0000 - rev 15441
Push 3621 by mthomson@mozilla.com at Wed, 01 Jan 2020 23:15:23 +0000
Bug 1605545 - Fix memory leak in Pk11Install_Platform_Generate. r=mt Differential Revision: https://phabricator.services.mozilla.com/D58072
b6eb18f04260ea45d119e9c9e5e698d254845dcf: Backed out changeset c351b2f60b40 (Bug 1574643) for crashes on early SSE4 CPUs
J.C. Jones <jjones@mozilla.com> - Fri, 20 Dec 2019 15:52:27 -0700 - rev 15440
Push 3620 by jjones@mozilla.com at Fri, 20 Dec 2019 22:56:57 +0000
Backed out changeset c351b2f60b40 (Bug 1574643) for crashes on early SSE4 CPUs
f6d8c73584e02111ee3385aaaffed23c3f05a799: Backed out changeset ac51d2490f9c (Bug 1574643) for crashes on early SSE4 CPUs
J.C. Jones <jjones@mozilla.com> - Fri, 20 Dec 2019 15:52:04 -0700 - rev 15439
Push 3620 by jjones@mozilla.com at Fri, 20 Dec 2019 22:56:57 +0000
Backed out changeset ac51d2490f9c (Bug 1574643) for crashes on early SSE4 CPUs
82bae6299c8e91bfaa200f83c37798ac40f5aa88: Bug 1602288 - Fix build failure due to missing posix signal.h r=kjacobs
Giulio Benetti <giulio.benetti@benettiengineering.com> - Thu, 19 Dec 2019 14:48:01 -0700 - rev 15438
Push 3619 by jjones@mozilla.com at Thu, 19 Dec 2019 21:49:00 +0000
Bug 1602288 - Fix build failure due to missing posix signal.h r=kjacobs
3ba8a584ddeaf1b4d81fabc650ff7c86223a72d5: Bug 1588714 - Implement CheckARMSupport for Win64/aarch64. r=kjacobs
Makoto Kato <m_kato@ga2.so-net.ne.jp> - Thu, 12 Dec 2019 10:18:21 +0000 - rev 15437
Push 3618 by jjones@mozilla.com at Thu, 19 Dec 2019 21:47:21 +0000
Bug 1588714 - Implement CheckARMSupport for Win64/aarch64. r=kjacobs aarch64 doesn't have `cpuid` like instruction set. Actually, we use getauxval system call on Linux/aarch64 to check CPU features. Windows has `IsProcessorFeaturePresent` API to get CPU features, so we should use it to check whether current CPU supports ARM Crypto extension. Differential Revision: https://phabricator.services.mozilla.com/D55270
ac51d2490f9c3fccae9fd1408f4b5ef3b20c9cb4: Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 18 Dec 2019 18:03:47 +0000 - rev 15436
Push 3617 by franziskuskiefer@gmail.com at Thu, 19 Dec 2019 07:52:30 +0000
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. Differential Revision: https://phabricator.services.mozilla.com/D55414
c351b2f60b400c8cc4ecffe3418cb8b2d0e5520b: Bug 1574643 - haclv2 code r=kjacobs
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 18 Dec 2019 18:02:05 +0000 - rev 15435
Push 3617 by franziskuskiefer@gmail.com at Thu, 19 Dec 2019 07:52:30 +0000
Bug 1574643 - haclv2 code r=kjacobs This updates the in-tree version of our existing HACL* code to v2, replacing what we have already. Once this landed NSS can pick up more (faster) code from HACL*. Differential Revision: https://phabricator.services.mozilla.com/D55413
fc636973ad06392d11597620b602779b4af312f6: Bug 1585189 - Changed the algorithm used to encrypt NSS database entries, from 3DES to AES256.
Robert Relyea <rrelyea@redhat.com> - Mon, 25 Nov 2019 11:28:16 -0800 - rev 15434
Push 3616 by rrelyea@redhat.com at Fri, 13 Dec 2019 00:04:46 +0000
Bug 1585189 - Changed the algorithm used to encrypt NSS database entries, from 3DES to AES256. Our NSS DB uses 3DES internally to encrypt their entries. This patch changes the default algorithm for AES256 to increase the security. This patch also adds code to use AES Wrap in the future. It also adds an integrity check to the AES256 CBC. The change only affects sqlite databases. bob Differential Revision: https://phabricator.services.mozilla.com/D54589
9ca79efd6d2980fa2f3d4f0b59d0398c8fea8dfc: Bug 1603257 - Fix UBSAN issue in softoken CKM_NSS_CHACHA20_CTR initialization r=mt
Kevin Jacobs <kjacobs@mozilla.com> - Thu, 12 Dec 2019 00:35:34 +0000 - rev 15433
Push 3615 by jjones@mozilla.com at Thu, 12 Dec 2019 21:32:32 +0000
Bug 1603257 - Fix UBSAN issue in softoken CKM_NSS_CHACHA20_CTR initialization r=mt This patch adds an explicit cast to fix a UBSAN issue that was flagged in https://treeherder.mozilla.org/#/jobs?repo=nss-try&selectedJob=280720441. It also updates the test to use a random IV. Differential Revision: https://phabricator.services.mozilla.com/D56810
8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78: Bug 1590001 - Additional HRR Tests. r=mt
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 10 Dec 2019 20:16:48 +0000 - rev 15432
Push 3614 by jjones@mozilla.com at Thu, 12 Dec 2019 21:10:38 +0000
Bug 1590001 - Additional HRR Tests. r=mt This patch adds new tests for version limitations after a HRR. Differential Revision: https://phabricator.services.mozilla.com/D51023
014f37ecee3e4a6e47e620572ba75abf38eb0be9: Bug 1600144 - clang-format, a=bustage
Martin Thomson <mt@lowentropy.net> - Wed, 11 Dec 2019 16:53:03 +1100 - rev 15431
Push 3613 by martin.thomson@gmail.com at Wed, 11 Dec 2019 06:23:03 +0000
Bug 1600144 - clang-format, a=bustage
f55fe2a2dab90b7a8d8d4e36c9777ec5bd097eaa: Bug 1600144 - Treat ClientHello with message_seq of 1 as a second ClientHello, r=kjacobs
Martin Thomson <mt@lowentropy.net> - Fri, 29 Nov 2019 12:57:12 +1100 - rev 15430
Push 3612 by martin.thomson@gmail.com at Wed, 11 Dec 2019 06:19:46 +0000
Bug 1600144 - Treat ClientHello with message_seq of 1 as a second ClientHello, r=kjacobs Summary: The logic that deals with stateless HelloRetryRequest in DTLS allows this one-off increment to the message_seq field in case the server was operating statelessly. However, when it does, it should insist on the ClientHello carrying a cookie; concretely, it should set the flag that says that a HelloRetryRequest was sent, even if it doesn't currently remember that it sent one. That is the only way that this condition could be met. Differential Revision: https://phabricator.services.mozilla.com/D55210
ca9adb8eb89978e6aecc89454b156c5f886f8060: Bug 1603027 - clang-format, a=bustage
Martin Thomson <mt@lowentropy.net> - Wed, 11 Dec 2019 16:29:15 +1100 - rev 15429
Push 3611 by martin.thomson@gmail.com at Wed, 11 Dec 2019 05:59:01 +0000
Bug 1603027 - clang-format, a=bustage
6655d8a1f4bdf95ef21ac6bacc89c36748444ff7: Bug 1603027 - Check that ESNI gets regenerated with HRR r=mt
EKR <ekr@rtfm.com> - Wed, 11 Dec 2019 05:31:57 +0000 - rev 15428
Push 3610 by mthomson@mozilla.com at Wed, 11 Dec 2019 05:32:20 +0000
Bug 1603027 - Check that ESNI gets regenerated with HRR r=mt Differential Revision: https://phabricator.services.mozilla.com/D23446
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 tip