searching for reviewer(kjacobs)
642b574bfa5e9528356d864e8786a03c3b405375: Bug 1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Tue, 23 Feb 2021 08:34:43 +0000 - rev 15861
Push 3922 by bbeurdouche@mozilla.com at Tue, 23 Feb 2021 08:36:52 +0000
Bug 1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D85334
a5c857139b37476ca10032504ea876b97e066424: Bug 1688374 - Fix parallel build NSS-3.61 with make. r=kjacobs NSS_3_62_BETA1
Danh <congdanhqx@gmail.com> - Fri, 05 Feb 2021 21:13:45 +0000 - rev 15850
Push 3913 by bbeurdouche@mozilla.com at Mon, 08 Feb 2021 19:42:54 +0000
Bug 1688374 - Fix parallel build NSS-3.61 with make. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D104259
ef9198eb289520f78a0c51526f343ed8b6b6bfba: Bug 1570539 - Removed -X alt-server-hello option from tstclnt r=kjacobs
yogesh <yoyogesh01@gmail.com> - Thu, 03 Dec 2020 19:42:42 +0000 - rev 15813
Push 3886 by kjacobs@mozilla.com at Thu, 03 Dec 2020 19:45:01 +0000
Bug 1570539 - Removed -X alt-server-hello option from tstclnt r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D98634
4c69d6d0cf210546bef1eed490712462b9296c62: Bug 1670769 - Remove 10 GeoTrust, thawte, and VeriSign root certs from NSS. r=kjacobs,KathleenWilson
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Tue, 01 Dec 2020 18:27:29 +0000 - rev 15809
Push 3884 by kjacobs@mozilla.com at Tue, 01 Dec 2020 18:33:04 +0000
Bug 1670769 - Remove 10 GeoTrust, thawte, and VeriSign root certs from NSS. r=kjacobs,KathleenWilson Differential Revision: https://phabricator.services.mozilla.com/D97956
22bf7c680b607b6df1850ef1faf54d45f1567a89: Bug 1678384 - Add a build flag to allow building nssckbi-testlib in m-c r=kjacobs
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Mon, 30 Nov 2020 17:48:49 +0000 - rev 15807
Push 3882 by kjacobs@mozilla.com at Tue, 01 Dec 2020 17:40:03 +0000
Bug 1678384 - Add a build flag to allow building nssckbi-testlib in m-c r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D98154
e3bd9c2f925932b301440fb07ea1228f2d4e39ac: Bug 1667989 - coreconf/config.gypi should allow correct linking on Solaris r=kjacobs,bbeurdouche
Petr Sumbera <petr.sumbera@oracle.com> - Fri, 23 Oct 2020 20:34:27 +0000 - rev 15779
Push 3860 by kjacobs@mozilla.com at Fri, 23 Oct 2020 20:36:50 +0000
Bug 1667989 - coreconf/config.gypi should allow correct linking on Solaris r=kjacobs,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D26278
7076e78ddafe8beed50903106c656facd7e32f3c: Bug 1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 30 Jul 2020 19:08:56 +0000 - rev 15777
Push 3858 by jjones@mozilla.com at Wed, 21 Oct 2020 15:55:40 +0000
Bug 1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D85330
d0153cc0c464b257cb6ef87a68e216eb10d501b4: Bug 1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder r=kjacobs
J.C. Jones <jjones@mozilla.com> - Wed, 14 Oct 2020 02:23:44 +0000 - rev 15776
Push 3857 by jjones@mozilla.com at Tue, 20 Oct 2020 15:59:26 +0000
Bug 1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder r=kjacobs The streaming ASN.1 decoder had assertions that, on debug builds, blocked embedding indefinite-length fields inside of definite-length fields/contexts, however that behavior does work correctly, and is valid ASN.1: it tends to happen when wrapping a signature around existing ASN.1-encoded data, if that already-encoded data had an indefinite length. Really these two assertion were just overzealous. The conditional after the asserts handle the case well, and memory sanitizers have not found issue here either. Differential Revision: https://phabricator.services.mozilla.com/D93135
58dc3216d518278f35cf8d9cc7751858c5d019d2: Bug 1670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on mac. r=kjacobs
Mike Hommey <mh@glandium.org> - Tue, 13 Oct 2020 20:29:00 +0000 - rev 15775
Push 3856 by jjones@mozilla.com at Fri, 16 Oct 2020 21:28:43 +0000
Bug 1670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on mac. r=kjacobs AFAICT, the Makefile equivalent already does. Differential Revision: https://phabricator.services.mozilla.com/D93304
54be084e3ba8787580fb50f7cf2e2e979714e5be: Bug 1670839 - Only build sha1-armv8.c code when USE_HW_SHA1 is defined. r=kjacobs
Mike Hommey <mh@glandium.org> - Tue, 13 Oct 2020 20:28:59 +0000 - rev 15774
Push 3856 by jjones@mozilla.com at Fri, 16 Oct 2020 21:28:43 +0000
Bug 1670839 - Only build sha1-armv8.c code when USE_HW_SHA1 is defined. r=kjacobs This matches what is done in sha256-armv8.c, and avoids inconsistency with sha1-fast.c, which will define the same functions in the case USE_HW_SHA1 is not defined. Differential Revision: https://phabricator.services.mozilla.com/D93303
e8c370a8db134f5afb50915acc64b8d648ed98c9: Bug 1657255 - Update CI for aarch64. r=kjacobs
Makoto Kato <m_kato@ga2.so-net.ne.jp> - Mon, 12 Oct 2020 15:57:38 +0000 - rev 15767
Push 3850 by kjacobs@mozilla.com at Mon, 12 Oct 2020 16:50:35 +0000
Bug 1657255 - Update CI for aarch64. r=kjacobs Actually, we have the implementation of ARM Crypto extension, so CI is always run with this extension. It means that we don't run CI without ARM Crypto extension. So I would like to add NoAES and NoSHA for aarch64 CI. Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this on aarch64 hardware. Differential Revision: https://phabricator.services.mozilla.com/D93062
ce24171832b550cc70b792ec1782c1fabafda100: Bug 1668328 - Enclose Python paths in `coreconf/config.gypi` in quotes r=kjacobs,mt NSS_3_57_BRANCH
Ricky Stewart <rstewart@mozilla.com> - Mon, 05 Oct 2020 15:15:02 +0000 - rev 15766
Push 3849 by jjones@mozilla.com at Wed, 07 Oct 2020 15:10:31 +0000
Bug 1668328 - Enclose Python paths in `coreconf/config.gypi` in quotes r=kjacobs,mt This fixes a breakage if the Python path happens to have a space in it. Differential Revision: https://phabricator.services.mozilla.com/D92236
c7d3b214dd4199fc7ab6040a9e7ef14149ca2151: Bug 1668328 - Enclose Python paths in `coreconf/config.gypi` in quotes r=kjacobs,mt
Ricky Stewart <rstewart@mozilla.com> - Mon, 05 Oct 2020 15:15:02 +0000 - rev 15765
Push 3848 by kjacobs@mozilla.com at Mon, 05 Oct 2020 15:18:43 +0000
Bug 1668328 - Enclose Python paths in `coreconf/config.gypi` in quotes r=kjacobs,mt This fixes a breakage if the Python path happens to have a space in it. Differential Revision: https://phabricator.services.mozilla.com/D92236
2a17c8655a746c7cce0278114fc0845209b7d374: Bug 1660735 - Fix typo in coreconfig/arch.mk. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Mon, 14 Sep 2020 14:55:56 +0000 - rev 15756
Push 3841 by kjacobs@mozilla.com at Mon, 14 Sep 2020 14:58:08 +0000
Bug 1660735 - Fix typo in coreconfig/arch.mk. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D90077
4ae56ec2411b8e274f0c3a0f04a80c549a2c6ea3: Bug 1660734 - Fix typo in coreconf/config.mk. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Mon, 14 Sep 2020 14:54:04 +0000 - rev 15755
Push 3840 by kjacobs@mozilla.com at Mon, 14 Sep 2020 14:56:37 +0000
Bug 1660734 - Fix typo in coreconf/config.mk. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D90081
c6dcb99e61210c730ca7cae65dc03d83d7cbf7ff: Bug 1659727 - Move makefile avx2 detection to config.mk. r=kjacobs
Danh <congdanhqx@gmail.com> - Fri, 11 Sep 2020 07:40:57 -0700 - rev 15749
Push 3838 by kjacobs@mozilla.com at Fri, 11 Sep 2020 14:47:52 +0000
Bug 1659727 - Move makefile avx2 detection to config.mk. r=kjacobs Summary: Current code base use CPU_ARCH to detect if avx2 is supported in arch.mk However, when arch.mk included, CPU_ARCH haven't been initialised, CPU_ARCH will be initialised by the OS specific code later on. Move the AVX2 detection to config.mk, after all other initialisation done. Reviewers: kjacobs Reviewed By: kjacobs Subscribers: kjacobs Bug #: 1659727 Differential Revision: https://phabricator.services.mozilla.com/D88517
b4a1c57eb569859170ef7b321039404f537f8fb9: Bug 1656429 - Correct RTT estimate used in anti-replay, r=kjacobs
Martin Thomson <mt@lowentropy.net> - Wed, 05 Aug 2020 00:17:52 +0000 - rev 15727
Push 3817 by mthomson@mozilla.com at Wed, 05 Aug 2020 00:20:47 +0000
Bug 1656429 - Correct RTT estimate used in anti-replay, r=kjacobs This was never a security problem, but the more time that passes between the handshake and sending a ticket, the more likely we are to reject 0-RTT. Eventually, 0-RTT only works if it is delayed in the network by a surprising amount. Differential Revision: https://phabricator.services.mozilla.com/D85540
e6b77a9c417a53e51e6dc2e40e085fa4aa46a83b: Bug 1654142 - Add CPU feature detection for Intel SHA extension. r=kjacobs
Makoto Kato <m_kato@ga2.so-net.ne.jp> - Fri, 31 Jul 2020 11:04:12 +0000 - rev 15725
Push 3815 by kaie@kuix.de at Fri, 31 Jul 2020 11:29:01 +0000
Bug 1654142 - Add CPU feature detection for Intel SHA extension. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D84286
68b6eb7376897d6db3bb86337a3c99789d9687b8: Bug 1650702 - Use ARM's crypt extension for SHA1. r=kjacobs
Makoto Kato <m_kato@ga2.so-net.ne.jp> - Wed, 29 Jul 2020 21:49:09 +0000 - rev 15723
Push 3813 by kjacobs@mozilla.com at Wed, 29 Jul 2020 21:52:17 +0000
Bug 1650702 - Use ARM's crypt extension for SHA1. r=kjacobs ARM Crypto extension has SHA1 acceleration. Using this, SHA1 is 3 times faster on ARMv8 CPU. The following data is AWS's a1 instance (Cortex-A72). Before ====== ``` # mode in opreps cxreps context op time(sec) thrgput sha1_e 954Mb 31M 0 0.000 10000.000 10.000 95Mb ``` After ===== ``` # mode in opreps cxreps context op time(sec) thrgput sha1_e 2Gb 94M 0 0.000 10000.000 10.000 288Mb ``` Differential Revision: https://phabricator.services.mozilla.com/D84125
e6c6f1d2d544918ebc85bfb587c88ad304423948: Bug 1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Fri, 24 Jul 2020 17:16:51 +0000 - rev 15720
Push 3810 by kjacobs@mozilla.com at Mon, 27 Jul 2020 14:17:25 +0000
Bug 1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D83494
c25adfdfab34ddb08d3262aac3242e3399de1095: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:38 +0000 - rev 15715
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
f282556e6cc7715f5754aeaadda6f902590e7e38: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:14 +0000 - rev 15714
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
89733253df83ef7fe8dd0d49f6370b857e93d325: Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche NSS_3_53_BRANCH
Billy Brumley <bbrumley@gmail.com> - Mon, 20 Jul 2020 22:18:45 +0000 - rev 15713
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding. Timing attack countermeasures are now applied more generally deeper in the call stack. Differential Revision: https://phabricator.services.mozilla.com/D82011
a7c4657f24201710bfd55482927e50b6e7955f25: Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 16 Jul 2020 21:31:45 +0000 - rev 15712
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj Differential Revision: https://phabricator.services.mozilla.com/D75774
3f022d5eca5d3cd0e366a825a5681953d76299d0: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche NSS_3_53_BRANCH
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 16:10:36 +0000 - rev 15711
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
0768baa431e720672263deaee5b1409fbce93fdd: Bug 1653202 - Fix issue disabling other mechanisms when SEED is deprecated in cmd/bltest/blapitest.c. r=kjacobs NSS_3_55_BETA1
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Tue, 21 Jul 2020 16:15:33 +0000 - rev 15707
Push 3803 by kjacobs@mozilla.com at Tue, 21 Jul 2020 16:18:24 +0000
Bug 1653202 - Fix issue disabling other mechanisms when SEED is deprecated in cmd/bltest/blapitest.c. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D83758
aeb2e583ee957a699d949009c7ba37af76515c20: Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche
Billy Brumley <bbrumley@gmail.com> - Mon, 20 Jul 2020 22:18:45 +0000 - rev 15705
Push 3801 by kjacobs@mozilla.com at Mon, 20 Jul 2020 22:26:16 +0000
Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding. Timing attack countermeasures are now applied more generally deeper in the call stack. Differential Revision: https://phabricator.services.mozilla.com/D82011
ca207655b4b7cb1d3a5e438c1fb9b90d45596da6: Bug 1653310 - On macOS check if nssckbi exists prior to loading it. r=kjacobs
Kai Engert <kaie@kuix.de> - Mon, 20 Jul 2020 17:08:25 +0000 - rev 15704
Push 3800 by lando_landing_worker@mozilla.com at Mon, 20 Jul 2020 17:27:15 +0000
Bug 1653310 - On macOS check if nssckbi exists prior to loading it. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D84194
615362dff5adcec579cc769e3ad0dbfe29d2a86f: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:14 +0000 - rev 15703
Push 3799 by lando_landing_worker@mozilla.com at Sat, 18 Jul 2020 00:18:12 +0000
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
a5e82e40f03e24941e5890fbb0056ee90c0a4026: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:38 +0000 - rev 15702
Push 3799 by lando_landing_worker@mozilla.com at Sat, 18 Jul 2020 00:18:12 +0000
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
0c70232cb6d3a3328c72e6de1d1631bfe2cf8943: Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 16 Jul 2020 21:31:45 +0000 - rev 15701
Push 3798 by lando_landing_worker@mozilla.com at Fri, 17 Jul 2020 15:26:12 +0000
Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj Differential Revision: https://phabricator.services.mozilla.com/D75774
ca068f5b5c176c503ddce969e78dd326cc5fd29a: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 16:10:36 +0000 - rev 15700
Push 3797 by kjacobs@mozilla.com at Thu, 16 Jul 2020 16:11:22 +0000
Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
de661583d46713c9b4873a904dda3a8ba4a61976: Bug 1649648 - Fix null pointers passed as argument in pk11wrap/pk11pbe.c:886 r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 09 Jul 2020 22:45:27 +0000 - rev 15696
Push 3793 by kjacobs@mozilla.com at Thu, 09 Jul 2020 22:45:56 +0000
Bug 1649648 - Fix null pointers passed as argument in pk11wrap/pk11pbe.c:886 r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D81824
58c2abd7404eee86503e53be6d401297150f2ce3: Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs
J.C. Jones <jjones@mozilla.com> - Thu, 09 Jul 2020 18:03:00 +0000 - rev 15695
Push 3792 by kjacobs@mozilla.com at Thu, 09 Jul 2020 19:22:37 +0000
Bug 1651520 - slotLock race in NSC_GetTokenInfo r=kjacobs Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. [0] [0] https://searchfox.org/nss/rev/a412e70e55218aaf670f1f10322fa734d8a9fbde/lib/softoken/pkcs11i.h#320-321 Differential Revision: https://phabricator.services.mozilla.com/D82955
80bea0e22b202b3b701374dd5c72b6a93dca4485: Bug 1649322 - Fix null pointer passed as argument in pk11wrap/pk11pbe.c:1246 r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 09 Jul 2020 16:27:22 +0000 - rev 15694
Push 3791 by kjacobs@mozilla.com at Thu, 09 Jul 2020 16:29:43 +0000
Bug 1649322 - Fix null pointer passed as argument in pk11wrap/pk11pbe.c:1246 r=kjacobs This is a fixup patch that reverts https://hg.mozilla.org/projects/nss/rev/cc43ebf5bf88355837c5fafa2f3c46e37626707a and adds a null check around the memcpy in question. Differential Revision: https://phabricator.services.mozilla.com/D82494
424dae31a1c1a068de5e1db29a95ac8b3baa06a0: Bug 1649633 - follow-up to make test comparisons in pk11_find_certs_unittest.cc yoda comparisons r=kjacobs
Dana Keeler <dkeeler@mozilla.com> - Mon, 06 Jul 2020 22:57:35 +0000 - rev 15691
Push 3788 by kjacobs@mozilla.com at Mon, 06 Jul 2020 23:10:11 +0000
Bug 1649633 - follow-up to make test comparisons in pk11_find_certs_unittest.cc yoda comparisons r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D82460
32fe710a942f240bca76ecbeda671aeb2cf1b8ee: Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj
Dana Keeler <dkeeler@mozilla.com> - Mon, 06 Jul 2020 22:58:25 +0000 - rev 15690
Push 3788 by kjacobs@mozilla.com at Mon, 06 Jul 2020 23:10:11 +0000
Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj PK11_FindEncodedCertInSlot can be used to determine the PKCS#11 object handle of an encoded certificate in a given slot. If the given certificate does not exist in that slot, CK_INVALID_HANDLE is returned. Differential Revision: https://phabricator.services.mozilla.com/D81924
8fe9213d05512082e2fccb254559a9b534fd3c96: Bug 1649316 - Prevent memcmp to be called with a zero length in ssl/ssl3con.c:6621 r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 02 Jul 2020 15:40:08 +0000 - rev 15688
Push 3786 by kjacobs@mozilla.com at Thu, 02 Jul 2020 15:40:40 +0000
Bug 1649316 - Prevent memcmp to be called with a zero length in ssl/ssl3con.c:6621 r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D81667
cc43ebf5bf88355837c5fafa2f3c46e37626707a: Bug 1649322 - Fix null pointer passed as argument in pk11wrap/pk11pbe.c:1246 r=kjacobs
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Tue, 30 Jun 2020 14:51:24 +0000 - rev 15686
Push 3784 by kjacobs@mozilla.com at Tue, 30 Jun 2020 14:52:05 +0000
Bug 1649322 - Fix null pointer passed as argument in pk11wrap/pk11pbe.c:1246 r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D81668
87fa2f0598ad5c0294298ea83e9c4d9dec31a1fc: Bug 1640516 - NSS 3.54 should depend on NSPR 4.26. r=kjacobs
Kai Engert <kaie@kuix.de> - Wed, 24 Jun 2020 14:46:52 +0000 - rev 15680
Push 3779 by kaie@kuix.de at Wed, 24 Jun 2020 15:51:23 +0000
Bug 1640516 - NSS 3.54 should depend on NSPR 4.26. r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D80879
699541a7793bbe9b20f1d73dc49e25c6054aa4c1: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs
Sohaib ul Hassan <sohaibulhassan@tuni.fi> - Tue, 16 Jun 2020 23:03:22 +0000 - rev 15677
Push 3776 by jjones@mozilla.com at Tue, 16 Jun 2020 23:52:26 +0000
Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
c5c89b18053aad6147f82abecc568653b78095b4: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs NSS_3_53_BRANCH
Sohaib ul Hassan <sohaibulhassan@tuni.fi> - Tue, 16 Jun 2020 15:40:57 -0700 - rev 15674
Push 3775 by jjones@mozilla.com at Tue, 16 Jun 2020 23:52:22 +0000
Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
6d397f2a5f01dff6f1a3e74897087315119caa0c: Bug 1645174 - Add e-Szigno Root CA 2017 r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:31:47 +0000 - rev 15671
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1645174 - Add e-Szigno Root CA 2017 r=KathleenWilson,kjacobs Depends on D79371 Differential Revision: https://phabricator.services.mozilla.com/D79372
576f52ca3f02b22a4e0282c01283ff5933cd3d08: Bug 1641716 - Add Microsoft non-EV roots r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:30:36 +0000 - rev 15670
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1641716 - Add Microsoft non-EV roots r=KathleenWilson,kjacobs Friendly Name: Microsoft ECC Root Certificate Authority 2017 Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Root%20Certificate%20Authority%202017.crt SHA-1 Fingerprint: 999A64C37FF47D9FAB95F14769891460EEC4C3C5 SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02 Trust Flags: Websites Test URL: https://acteccroot2017.pki.microsoft.com/ Friendly Name: Microsoft RSA Root Certificate Authority 2017 Cert Location: http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt SHA-1 Fingerprint: 73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0 Trust Flags: Websites Test URL: https://actrsaroot2017.pki.microsoft.com/ Depends on D79370 Differential Revision: https://phabricator.services.mozilla.com/D79371
96d0279ef929c97c96c6d1c25781bdbbd563bd76: Bug 1645199 - Remove Expired AddTrust root certs r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:35:09 +0000 - rev 15669
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1645199 - Remove Expired AddTrust root certs r=KathleenWilson,kjacobs Remove the following two expired AddTrust root certs from NSS. Subject/Issuer: CN=AddTrust Class 1 CA Root; OU=AddTrust TTP Network; O=AddTrust AB; C=SE Valid To (GMT): 5/30/2020 SHA-1 Fingerprint: CCAB0EA04C2301D6697BDD379FCD12EB24E3949D SHA-256 Fingerprint: 8C7209279AC04E275E16D07FD3B775E80154B5968046E31F52DD25766324E9A7 Subject/Issuer: CN=AddTrust External CA Root; OU=AddTrust External TTP Network; O=AddTrust AB; C=SE Valid To (GMT): 5/30/2020 SHA-1 Fingerprint: 02FAF3E291435468607857694DF5E45B68851868 SHA-256 Fingerprint: 687FA451382278FFF0C8B11F8D43D576671C6EB2BCEAB413FB83D965D06D2FF2 Mozilla EV Policy OID(s): 1.3.6.1.4.1.6449.1.2.1.5.1 Depends on D79369 Differential Revision: https://phabricator.services.mozilla.com/D79370
cc40386d3958dfcf083b2764967460aeeaaf7b1c: Bug 1641718 - Remove "LuxTrust Global Root 2" root cert r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:29:05 +0000 - rev 15668
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1641718 - Remove "LuxTrust Global Root 2" root cert r=KathleenWilson,kjacobs Subject: CN=LuxTrust Global Root 2; O=LuxTrust S.A.; C=LU Valid From (GMT): 3/5/2015 Valid To (GMT): 3/5/2035 Certificate Serial Number: 0A7EA6DF4B449EDA6A24859EE6B815D3167FBBB1 SHA-1 Fingerprint: 1E0E56190AD18B2598B20444FF668A0417995F3F SHA-256 Fingerprint: 54455F7129C20B1447C418F997168F24C58FC5023BF5DA5BE2EB6E1DD8902ED5 Depends on D79368 Differential Revision: https://phabricator.services.mozilla.com/D79369
7236f86d8db7de6c7db6c1041e61fc0f92d44f40: Bug 1639987 - Remove expired Staat der Nederlanden Root CA - G2 root cert r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:26:08 +0000 - rev 15667
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1639987 - Remove expired Staat der Nederlanden Root CA - G2 root cert r=KathleenWilson,kjacobs Subject: CN=Staat der Nederlanden Root CA - G2; O=Staat der Nederlanden; C=NL Valid From (GMT): 3/26/2008 Valid To (GMT): 3/25/2020 Certificate Serial Number: 0098968C SHA-1 Fingerprint: 59AF82799186C7B47507CBCF035746EB04DDB716 SHA-256 Fingerprint: 668C83947DA63B724BECE1743C31A0E6AED0DB8EC5B31BE377BB784F91B6716F Depends on D79367 Differential Revision: https://phabricator.services.mozilla.com/D79368
d56b95fc344f2f6a16719e7a38eecc08262e6924: Bug 1621151 - Disable email trust bit for TW Government Root Certification Authority root r=kjacobs,KathleenWilson
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:24:50 +0000 - rev 15666
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1621151 - Disable email trust bit for TW Government Root Certification Authority root r=kjacobs,KathleenWilson Depends on D79366 Differential Revision: https://phabricator.services.mozilla.com/D79367
606157f404c2753afe710194b12a11936a6c76b8: Bug 1618402 - Disable email trust bit for several Symantec certs r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:23:06 +0000 - rev 15665
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1618402 - Disable email trust bit for several Symantec certs r=KathleenWilson,kjacobs Disable the Email trust bit for the following root certs" Subject: CN=GeoTrust Global CA; O=GeoTrust Inc.; C=US Certificate Serial Number: 023456 SHA-1 Fingerprint: DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 SHA-256 Fingerprint: FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A Subject: CN=GeoTrust Primary Certification Authority - G2; OU=(c) 2007 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US Certificate Serial Number: 3CB2F4480A00E2FEEB243B5E603EC36B SHA-1 Fingerprint: 8D1784D537F3037DEC70FE578B519A99E610D7B0 SHA-256 Fingerprint: 5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766 Subject: CN=GeoTrust Primary Certification Authority - G3; OU=(c) 2008 GeoTrust Inc. - For authorized use only; O=GeoTrust Inc.; C=US Certificate Serial Number: 15AC6E9419B2794B41F627A9C3180F1F SHA-1 Fingerprint: 039EEDB80BE7A03C6953893B20D2D9323A4C2AFD SHA-256 Fingerprint: B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4 Subject: CN=GeoTrust Universal CA; O=GeoTrust Inc.; C=US Certificate Serial Number: 01 SHA-1 Fingerprint: E621F3354379059A4B68309D8A2F74221587EC79 SHA-256 Fingerprint: A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912 Subject: CN=GeoTrust Universal CA 2; O=GeoTrust Inc.; C=US Certificate Serial Number: 01 SHA-1 Fingerprint: 379A197B418545350CA60369F33C2EAF474F2079 SHA-256 Fingerprint: A0234F3BC8527CA5628EEC81AD5D69895DA5680DC91D1CB8477F33F878B95B0B Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4; OU=VeriSign Trust Network, (c) 2007 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US Certificate Serial Number: 2F80FE238C0E220F486712289187ACB3 SHA-1 Fingerprint: 22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A SHA-256 Fingerprint: 69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79 Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5; OU=VeriSign Trust Network, (c) 2006 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US Certificate Serial Number: 18DAD19E267DE8BB4A2158CDCC6B3B4A SHA-1 Fingerprint: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 SHA-256 Fingerprint: 9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF Depends on D79365 Differential Revision: https://phabricator.services.mozilla.com/D79366
8cd8fd97f0e7509c92915682bd8057e6995a25c4: Bug 1618402 - Remove VeriSign CA and associated EgyptTrust distrust entries r=KathleenWilson,kjacobs
J.C. Jones <jjones@mozilla.com> - Fri, 12 Jun 2020 21:17:07 +0000 - rev 15664
Push 3774 by kjacobs@mozilla.com at Mon, 15 Jun 2020 19:11:00 +0000
Bug 1618402 - Remove VeriSign CA and associated EgyptTrust distrust entries r=KathleenWilson,kjacobs Remove the VeriSign Class 3 Public Primary Certification Authority - G3 CA: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3; OU=VeriSign Trust Network, (c) 1999 VeriSign, Inc. - For authorized use only; O=VeriSign, Inc.; C=US Certificate Serial Number: 009B7E0649A33E62B9D5EE90487129EF57 SHA-1 Fingerprint: 132D0D45534B6997CDB2D5C339E25576609B5CC6 SHA-256 Fingerprint: EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244 Because of the removal of VeriSign Class 3 Public Primary Certification Authority - G3, these knock-out entries, signed by that CA, should be removed: cert 1: Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34 Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/epository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1 cert 2: Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51 Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/epository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34 Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E cert 3: Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use nly",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76 Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG Not Valid Before: Sun May 18 00:00:00 2008 Not Valid After : Thu May 17 23:59:59 2018 Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2 Depends on D79364 Differential Revision: https://phabricator.services.mozilla.com/D79365