searching for reviewer(rrelyea)
499ae15c18adc391db748d1669d3e083b07d3dfa: Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots. r=rrelyea
John M. Schanck <jschanck@mozilla.com> - Mon, 16 May 2022 18:27:29 +0000 - rev 16208
Push 4135 by jschanck@mozilla.com at Mon, 16 May 2022 18:29:35 +0000
Bug 1753315 - Add SECMOD_LockedModuleHasRemovableSlots. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D137702
e3ac914bc684c080ba73f29b53a990f83308e37f: Bug 1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. r=rrelyea
Kai Engert <kaie@kuix.de> - Fri, 13 May 2022 20:12:57 +0200 - rev 16207
Push 4134 by kaie@kuix.de at Sat, 14 May 2022 17:38:04 +0000
Bug 1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D146334
a9a8e1f8a252a6902d4acbe27120aa0dd42f7eab: Bug 205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. r=rrelyea
John M. Schanck <jschanck@mozilla.com> - Thu, 28 Apr 2022 20:53:02 +0000 - rev 16203
Push 4130 by jschanck@mozilla.com at Thu, 28 Apr 2022 20:55:07 +0000
Bug 205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D144633
7706dfb0906b1403053bf35612659ea65492d173: Bug 1760813 - Make SEC_PKCS12EnableCipher succeed r=rrelyea
Marcin Cieślak <saper@saper.info> - Mon, 04 Apr 2022 16:53:24 +0000 - rev 16191
Push 4121 by jschanck@mozilla.com at Mon, 04 Apr 2022 16:55:30 +0000
Bug 1760813 - Make SEC_PKCS12EnableCipher succeed r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D142247
41966ff1253b09fdb39ca99ba4127831f7c958b1: Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea NSS_3_76_1_BRANCH
John M. Schanck <jschanck@mozilla.com> - Wed, 23 Mar 2022 17:51:52 +0000 - rev 16174
Push 4114 by jschanck@mozilla.com at Mon, 28 Mar 2022 15:50:56 +0000
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D139547
e3da860d9d1c08135bd6aca0eb26a1ece8f77ba1: Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea NSS_3_68_3_BRANCH NSS_3_68_3_RTM
John M. Schanck <jschanck@mozilla.com> - Wed, 23 Mar 2022 17:51:52 +0000 - rev 16171
Push 4113 by jschanck@mozilla.com at Mon, 28 Mar 2022 15:41:24 +0000
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D139547
1931b2b09b551434b6b138382b3b6223d0a222ae: Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea NSS_3_68_3_BRANCH
John M. Schanck <jschanck@mozilla.com> - Thu, 24 Feb 2022 00:21:34 +0000 - rev 16170
Push 4113 by jschanck@mozilla.com at Mon, 28 Mar 2022 15:41:24 +0000
Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D138852
800111fa3bf8225fd45a50cc192a032b62b54fc6: Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. r=rrelyea
John M. Schanck <jschanck@mozilla.com> - Wed, 23 Mar 2022 18:07:30 +0000 - rev 16162
Push 4109 by jschanck@mozilla.com at Wed, 23 Mar 2022 18:09:38 +0000
Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. r=rrelyea The `stateEnd->parent != state` check was added in Bug 95458 to avoid a crash in `sec_asn1d_free_child`. The diagnosis in Bug 95458 is incorrect---the crash was actually due to a `PORT_Assert(0)` that was meant to highlight a memory leak when `SEC_ASN1DecoderStart` was called with `their_pool==NULL`. The offending assertion was removed in Bug 95311, which makes the `stateEnd` check obsolete. In Bug 1753535 it was observed that the `stateEnd` check could read from a poisoned region of an arena when the decoder was used in a streaming mode. This read-after-poison could lead to an arena memory leak, although this is mitigated by the fact that the read-after-poison is on an error-handling path where the caller typically frees the entire arena. Differential Revision: https://phabricator.services.mozilla.com/D140861
55052f78244cb4a39ef2a19aebd19fbface06829: Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea
John M. Schanck <jschanck@mozilla.com> - Wed, 23 Mar 2022 17:51:52 +0000 - rev 16161
Push 4108 by jschanck@mozilla.com at Wed, 23 Mar 2022 17:53:58 +0000
Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D139547
a36477f0ee5060bdfcedb69ce51b64ff32300747: Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea NSS_3_76_BETA1
John M. Schanck <jschanck@mozilla.com> - Thu, 24 Feb 2022 00:21:34 +0000 - rev 16136
Push 4090 by jschanck@mozilla.com at Thu, 24 Feb 2022 00:23:41 +0000
Bug 1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D138852
3351260b4b2deb115d039a9af0e5e6d24f5dc0c4: Bug 1750624 - Pin validation date for PayPalEE test cert. r=nss-reviewers,bbeurdouche,rrelyea
John M. Schanck <jschanck@mozilla.com> - Sat, 05 Feb 2022 11:12:43 +0000 - rev 16127
Push 4082 by bbeurdouche@mozilla.com at Sat, 05 Feb 2022 11:14:47 +0000
Bug 1750624 - Pin validation date for PayPalEE test cert. r=nss-reviewers,bbeurdouche,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D136289
f9708b22f2f6cdafd2b1ecda572d31828c21b991: Bug 1748386 - Remove redundant key type check, r=rrelyea
Martin Thomson <mt@lowentropy.net> - Thu, 13 Jan 2022 22:55:35 +0000 - rev 16105
Push 4067 by mthomson@mozilla.com at Thu, 13 Jan 2022 22:57:42 +0000
Bug 1748386 - Remove redundant key type check, r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D135808
44e6341be5e829c33bdd72d8f9b22ad6f308f227: Bug 1748386 - Enable CKM_CHACHA20, r=rrelyea
Martin Thomson <mt@lowentropy.net> - Tue, 11 Jan 2022 23:30:17 +0000 - rev 16103
Push 4065 by mthomson@mozilla.com at Tue, 11 Jan 2022 23:32:22 +0000
Bug 1748386 - Enable CKM_CHACHA20, r=rrelyea This change makes a few tiny changes to the code to re-enable the use of Chacha20 ciphers and align their key type. There are a lot more changes in tests, mostly just to factor existing tests and determine that the legacy and final PKCS#11 mechanisms work as expected. Differential Revision: https://phabricator.services.mozilla.com/D135007
f80fafd04cf82b4d315c8fe42bb4639703f6ee4f: Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea
Dennis Jackson <djackson@mozilla.com> - Mon, 22 Nov 2021 10:40:42 +0000 - rev 16037
Push 4043 by bbeurdouche@mozilla.com at Wed, 01 Dec 2021 16:19:17 +0000
Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D129514
dea71cbef9e03636f37c6cb120f8deccce6e17dd: Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea NSS_3_68_1_BRANCH
Dennis Jackson <djackson@mozilla.com> - Mon, 22 Nov 2021 10:40:42 +0000 - rev 16033
Push 4042 by bbeurdouche@mozilla.com at Wed, 01 Dec 2021 16:15:11 +0000
Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D129514
6b3dc97a8767d9dc5c4c181597d1341d0899aa58: Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea NSS_3_73_BRANCH
Dennis Jackson <djackson@mozilla.com> - Mon, 22 Nov 2021 10:40:42 +0000 - rev 16029
Push 4042 by bbeurdouche@mozilla.com at Wed, 01 Dec 2021 16:15:11 +0000
Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D129514
2199f01d7f1e860fb440735386122d3597b95e90: Bug 1717716 - Set nssckbi version number to 2.52. r=rrelyea NSS_3_71_BETA1
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Thu, 16 Sep 2021 20:50:20 +0200 - rev 16008
Push 4027 by bbeurdouche@mozilla.com at Thu, 16 Sep 2021 18:50:40 +0000
Bug 1717716 - Set nssckbi version number to 2.52. r=rrelyea
60211e7f03ee2ade9272a85fd3bf2c4071b6a538: Bug 1722613 - Disable DTLS 1.0 and 1.1 by default, r=rrelyea NSS_3_69_BETA1
Martin Thomson <mt@lowentropy.net> - Thu, 29 Jul 2021 14:20:52 +1000 - rev 15969
Push 4003 by martin.thomson@gmail.com at Fri, 30 Jul 2021 01:10:53 +0000
Bug 1722613 - Disable DTLS 1.0 and 1.1 by default, r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D121161
c1974e72e099ff45f3e0e3d1ab0a1b2e969dfc4a: Bug 1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. r=rrelyea
Arora Aashish <arora.aashish@rocketmail.com> - Wed, 24 Feb 2021 16:09:46 +0000 - rev 15864
Push 3925 by bbeurdouche@mozilla.com at Wed, 24 Feb 2021 16:12:00 +0000
Bug 1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D104418
3ddcd845704cd1e382eba63ac4487f038cc46ca0: Bug 1686134 - Renew two chains libpkix test certificates. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Sat, 23 Jan 2021 18:50:04 +0000 - rev 15839
Push 3906 by kjacobs@mozilla.com at Mon, 25 Jan 2021 17:09:46 +0000
Bug 1686134 - Renew two chains libpkix test certificates. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D102670
424974716ef0af19fc1c1c865f4415e64d55dd67: Bug 1670835 - Fixup for 6f79a7695812, add missing return value check. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Fri, 30 Oct 2020 17:09:49 +0000 - rev 15787
Push 3866 by kjacobs@mozilla.com at Mon, 02 Nov 2020 16:14:24 +0000
Bug 1670835 - Fixup for 6f79a7695812, add missing return value check. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D95221
33f920fcd1753d2b8f4a5e4f31e317c102d8cbfe: Bug 1666891 - Add PK11_Pub{Wrap,Unwrap}SymKeyWithMechanism r=mt,rrelyea
Robert Relyea <rrelyea@redhat.com> - Fri, 23 Oct 2020 15:34:01 -0700 - rev 15780
Push 3861 by rrelyea@redhat.com at Fri, 23 Oct 2020 22:34:27 +0000
Bug 1666891 - Add PK11_Pub{Wrap,Unwrap}SymKeyWithMechanism r=mt,rrelyea Summary This is useful for RSA-OAEP support. The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS be present for PKCS#11 calls. This provides required context for OAEP. However, PK11_PubWrapSymKey lacks a way of providing this context and historically silently converted CKM_RSA_PKCS_OAEP to CKM_RSA_PKCS when a RSA key is provided. Introducing a new call will let us indicate parameters and potentially support other mechanisms in the future. This call mirrors the earlier calls introduced for RSA-PSS: PK11_SignWithMechanism and PK11_VerifyWithMechanism. The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS be present for PKCS#11 calls. This provides required context for OAEP. However, PK11_PubUnwrapSymKey lacks a way of providing this context, and additionally lacked a way of indicating which mechanism type to use for the unwrap operation (instead detecting it by key type). Introducing a new call will let us indicate parameters and potentially support other mechanisms in the future. Signed-off-by: Alexander Scheel <ascheel@redhat.com> Differential Revision: https://phabricator.services.mozilla.com/D93424
8fdbec414ce239ab243b929df9c0c9724b7daa20: Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Thu, 24 Sep 2020 19:25:32 +0000 - rev 15764
Push 3847 by kjacobs@mozilla.com at Thu, 24 Sep 2020 19:40:49 +0000
Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea This patch adds and exports `PK11_ImportDataKey`, and refactors the null PSK TLS 1.3 code to use it. Differential Revision: https://phabricator.services.mozilla.com/D91316
b971c77c0d68d76c086a0df21841efb813b78c7b: Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Wed, 09 Sep 2020 06:47:08 +0200 - rev 15747
Push 3836 by dueno@redhat.com at Wed, 09 Sep 2020 04:50:40 +0000
Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea Summary: As described in https://access.redhat.com/solutions/19458, gcc version in RHEL-7 is still 4.8.x and cannot compile the newly added aes-armv8.c. There is a version check already for 32-bit arm, but not for AArch64. This also removes NS_USE_GCC check added in bug 1652032 in favor of the automatic detection using CC_IS_* macros. Reviewers: rrelyea Reviewed By: rrelyea Subscribers: jmux, kjacobs Bug #: 1659256 Differential Revision: https://phabricator.services.mozilla.com/D87174
e03296e73ba666329bd9c1257038353bc9074466: Bug 1662738, run RNG self-tests only if NSPR is linked, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Sat, 05 Sep 2020 08:53:40 +0200 - rev 15745
Push 3834 by dueno@redhat.com at Sat, 05 Sep 2020 06:54:46 +0000
Bug 1662738, run RNG self-tests only if NSPR is linked, r=rrelyea Summary: After the continuous DRBG test was added, RNG self-tests have no longer worked standalone. This moves the self-tests to the DO_REST block so it only runs when the program is also linked to NSPR. Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1662738 Differential Revision: https://phabricator.services.mozilla.com/D89250
ab04fd73fd6daef78d3d2932c7295671f75242fa: Bug 1651834 - Fix various static analyzer warnings. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 24 Aug 2020 22:52:43 +0000 - rev 15742
Push 3831 by kjacobs@mozilla.com at Tue, 25 Aug 2020 16:48:34 +0000
Bug 1651834 - Fix various static analyzer warnings. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D87452
4d55d36ca6efefa97fe1837edbade8f20c7059b9: Bug 1659252, disable building libnssdbm3.so if NSS_DISABLE_DBM=1, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Tue, 25 Aug 2020 15:49:43 +0200 - rev 15741
Push 3830 by dueno@redhat.com at Tue, 25 Aug 2020 13:50:32 +0000
Bug 1659252, disable building libnssdbm3.so if NSS_DISABLE_DBM=1, r=rrelyea Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1659252 Differential Revision: https://phabricator.services.mozilla.com/D87173
eb52747b7000210971b590ad06d041c5f4ef464b: Bug 1653975 - Set "all" as the default Makefile target r=jcj,rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Wed, 29 Jul 2020 23:47:05 +0000 - rev 15724
Push 3814 by jjones@mozilla.com at Wed, 29 Jul 2020 23:49:33 +0000
Bug 1653975 - Set "all" as the default Makefile target r=jcj,rrelyea Just reorder the rules in manifest.mn, so all is again the first rule. This restores pre-3.53 Makefile defaults. Differential Revision: https://phabricator.services.mozilla.com/D85195
d98bbb6168f4ca2abd534e4c2fce56b7a5d1ad7e: Bug 1652032 Disable all freebl assembler code for MSVC arm64 r=rrelyea,bbeurdouche
Jan-Marek Glogowski <glogow@fbihome.de> - Mon, 27 Jul 2020 12:41:32 +0000 - rev 15719
Push 3809 by kjacobs@mozilla.com at Mon, 27 Jul 2020 14:12:59 +0000
Bug 1652032 Disable all freebl assembler code for MSVC arm64 r=rrelyea,bbeurdouche There are two places, where NSS tries to compile either x86_64 MSVC assembler or GCC aarch64 code, which will fail the build. And also drop the non-MSVC arch build flags for them. AFAI could identify, there isn't any armasm64 compatible asm code in the whole NSS library, so I don't even adapt AS for the build. The cross-build finishes this way. Differential Revision: https://phabricator.services.mozilla.com/D83137
c25adfdfab34ddb08d3262aac3242e3399de1095: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:38 +0000 - rev 15715
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
f282556e6cc7715f5754aeaadda6f902590e7e38: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:14 +0000 - rev 15714
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
3f022d5eca5d3cd0e366a825a5681953d76299d0: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche NSS_3_53_BRANCH
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 16:10:36 +0000 - rev 15711
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
e55ab3145546ae3cf1333b43956a974675d2d25c: Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea NSS_3_53_BRANCH
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 14:32:36 +0000 - rev 15710
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D79267
615362dff5adcec579cc769e3ad0dbfe29d2a86f: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:14 +0000 - rev 15703
Push 3799 by lando_landing_worker@mozilla.com at Sat, 18 Jul 2020 00:18:12 +0000
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
a5e82e40f03e24941e5890fbb0056ee90c0a4026: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:38 +0000 - rev 15702
Push 3799 by lando_landing_worker@mozilla.com at Sat, 18 Jul 2020 00:18:12 +0000
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
ca068f5b5c176c503ddce969e78dd326cc5fd29a: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 16:10:36 +0000 - rev 15700
Push 3797 by kjacobs@mozilla.com at Thu, 16 Jul 2020 16:11:22 +0000
Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
d19a3cd451bbf9602672fdbba8d6a817a55bfc69: Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 14:32:36 +0000 - rev 15699
Push 3796 by kjacobs@mozilla.com at Thu, 16 Jul 2020 14:46:34 +0000
Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D79267
e5324bd5a88553e2fe721a6ba196f3759002ba1d: Bug 1067214 - Check minimum padding in RSA_CheckSignRecover. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 07 Jul 2020 23:44:46 +0000 - rev 15692
Push 3789 by kjacobs@mozilla.com at Wed, 08 Jul 2020 14:38:11 +0000
Bug 1067214 - Check minimum padding in RSA_CheckSignRecover. r=rrelyea This patch adds a check to `RSA_CheckSignRecover` enforcing a minimum padding length of 8 bytes for PKCS #1 v1.5-formatted signatures. In practice, RSA key size requirements already ensure this requirement is met, but smaller (read: broken) key sizes can be used via configuration overrides, and NSS should just follow the spec. Differential Revision: https://phabricator.services.mozilla.com/D82462
699541a7793bbe9b20f1d73dc49e25c6054aa4c1: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs
Sohaib ul Hassan <sohaibulhassan@tuni.fi> - Tue, 16 Jun 2020 23:03:22 +0000 - rev 15677
Push 3776 by jjones@mozilla.com at Tue, 16 Jun 2020 23:52:26 +0000
Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
c5c89b18053aad6147f82abecc568653b78095b4: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs NSS_3_53_BRANCH
Sohaib ul Hassan <sohaibulhassan@tuni.fi> - Tue, 16 Jun 2020 15:40:57 -0700 - rev 15674
Push 3775 by jjones@mozilla.com at Tue, 16 Jun 2020 23:52:22 +0000
Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
789d7241e1f008df82b09a441cad7f053d62252a: Bug 1637083 fix the lib dependencies for the split build r=jcj,rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Thu, 14 May 2020 17:42:03 +0000 - rev 15609
Push 3742 by jjones@mozilla.com at Thu, 14 May 2020 17:42:29 +0000
Bug 1637083 fix the lib dependencies for the split build r=jcj,rrelyea This build can be tested by running NSS_BUILD_MODULAR=1 nss/automation/taskcluster/scripts/build.sh from a directory containing the nss and nspr repositories. To make this build's make conditionals easier to handle, it also merges the manifest.mn into the Makefile, because parts of the conditionals depends on $(OS_ARCH) setting. In the end, the goal is just to set the correct build $(DIRS). This also drops the freebl dependeny of ssl, which seems not to be needed, even if it's declared in /lib/ssl/ssl.gyp. Differential Revision: https://phabricator.services.mozilla.com/D75074
744881490c78fd9a93a1ce742a5b6dcbe104763e: Bug 1637083 Replace pre-dependency with shell hack r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Wed, 13 May 2020 19:00:40 +0000 - rev 15608
Push 3742 by jjones@mozilla.com at Thu, 14 May 2020 17:42:29 +0000
Bug 1637083 Replace pre-dependency with shell hack r=rrelyea Originally I tried multiple variants using make's conditionals to limit DIRS and enforce building the parent directory before the sub-directory. None of them worked for me, most resulting in an infinite recursion, so I used the current pre-depends workaround to fulfill the real dependency. Now I remembered that automake can handle this case for SUBDIRS specifying "." as a directory. The generated Makefile handles it via shell scripting; not nice, but it works. So this gets rid of the workaround, replacing it with a small shell test. Differential Revision: https://phabricator.services.mozilla.com/D74855
c3f11da5acfc4d7fb2bbf042bb74072b95b47b7f: Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Fri, 08 May 2020 22:04:11 +0000 - rev 15606
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyea Introduces a simple "%/d" rule to create directories using $(MAKE_OBJDIR) and replace all explicit $(MAKE_OBJDIR) calls with an order-only-prerequisites. To expand the $(@D) prerequisite, this needs .SECONDEXPANSION. Differential Revision: https://phabricator.services.mozilla.com/D70989
6c5f91e098a14bf436ae24091d28c05b25f3db00: Bug 1438431 Remove mkdepend tool and targets r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:32:03 +0000 - rev 15605
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1438431 Remove mkdepend tool and targets r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70988
d1f9546272601278cf34a41815537db964313fef: Bug 1629553 Drop duplicate header DIR variables r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:31:50 +0000 - rev 15604
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Drop duplicate header DIR variables r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70987
7d285fe69c8c06a0cab4b97f40d16e4321594a72: Bug 1629553 Drop coreconf java support r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:31:43 +0000 - rev 15603
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Drop coreconf java support r=rrelyea There aren't an Java sources in NSS, so just drop all the stuff referencing java, jars, jni, etc. I didn't try to remove it from tests. Differential Revision: https://phabricator.services.mozilla.com/D70986
dc1ef0faf4a6ca181486b6fe45bf63cd01e166bf: Bug 1629553 Merge simple config.mk files r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:31:30 +0000 - rev 15602
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Merge simple config.mk files r=rrelyea There is really no good reason to explicitly change the TARGET variable. And the empty SHARED_LIBRARY variable should also be in the manifest.mn to begin with. All the other empty variables start empty or undefined, so there is also no need to explicitly set them empty. Differential Revision: https://phabricator.services.mozilla.com/D70691
877d721d93cdb151eb0ded41a1dc6de9e94ecad6: Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:30:24 +0000 - rev 15601
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyea * Drop the WIN% "32" default DLL suffix * Add default resource file handling => drop default RES * Generate IMPORT_LIBRARY based on IMPORT_LIB_SUFFIX and SHARED_LIBRARY, so we can drop all the explicit empty IMPORT_LIBRARY lines Originally this patch also tried to add a default MAPFILE rule, but this fails, because the ARCH makefiles set linker flags based on an existing MAPFILE variable. Differential Revision: https://phabricator.services.mozilla.com/D70369
9b628d9c57e5c490a5bcc90005f13f366026ebb6: Bug 1629553 Use an eval template for C++ compile rules r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:30:01 +0000 - rev 15600
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use an eval template for C++ compile rules r=rrelyea These pattern rules already had a comment to keep both in sync, so just use an eval template to enforce this. Differential Revision: https://phabricator.services.mozilla.com/D70985
71dd05b782e4554b1e3b42ee3cde9028114fd3b8: Bug 1629553 Use an eval template for freebl libs r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:59 +0000 - rev 15599
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use an eval template for freebl libs r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D69022