searching for reviewer(rrelyea)
8fdbec414ce239ab243b929df9c0c9724b7daa20: Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea default tip
Kevin Jacobs <kjacobs@mozilla.com> - Thu, 24 Sep 2020 19:25:32 +0000 - rev 15764
Push 3847 by kjacobs@mozilla.com at Thu, 24 Sep 2020 19:40:49 +0000
Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea This patch adds and exports `PK11_ImportDataKey`, and refactors the null PSK TLS 1.3 code to use it. Differential Revision: https://phabricator.services.mozilla.com/D91316
b971c77c0d68d76c086a0df21841efb813b78c7b: Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Wed, 09 Sep 2020 06:47:08 +0200 - rev 15747
Push 3836 by dueno@redhat.com at Wed, 09 Sep 2020 04:50:40 +0000
Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea Summary: As described in https://access.redhat.com/solutions/19458, gcc version in RHEL-7 is still 4.8.x and cannot compile the newly added aes-armv8.c. There is a version check already for 32-bit arm, but not for AArch64. This also removes NS_USE_GCC check added in bug 1652032 in favor of the automatic detection using CC_IS_* macros. Reviewers: rrelyea Reviewed By: rrelyea Subscribers: jmux, kjacobs Bug #: 1659256 Differential Revision: https://phabricator.services.mozilla.com/D87174
e03296e73ba666329bd9c1257038353bc9074466: Bug 1662738, run RNG self-tests only if NSPR is linked, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Sat, 05 Sep 2020 08:53:40 +0200 - rev 15745
Push 3834 by dueno@redhat.com at Sat, 05 Sep 2020 06:54:46 +0000
Bug 1662738, run RNG self-tests only if NSPR is linked, r=rrelyea Summary: After the continuous DRBG test was added, RNG self-tests have no longer worked standalone. This moves the self-tests to the DO_REST block so it only runs when the program is also linked to NSPR. Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1662738 Differential Revision: https://phabricator.services.mozilla.com/D89250
ab04fd73fd6daef78d3d2932c7295671f75242fa: Bug 1651834 - Fix various static analyzer warnings. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 24 Aug 2020 22:52:43 +0000 - rev 15742
Push 3831 by kjacobs@mozilla.com at Tue, 25 Aug 2020 16:48:34 +0000
Bug 1651834 - Fix various static analyzer warnings. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D87452
4d55d36ca6efefa97fe1837edbade8f20c7059b9: Bug 1659252, disable building libnssdbm3.so if NSS_DISABLE_DBM=1, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Tue, 25 Aug 2020 15:49:43 +0200 - rev 15741
Push 3830 by dueno@redhat.com at Tue, 25 Aug 2020 13:50:32 +0000
Bug 1659252, disable building libnssdbm3.so if NSS_DISABLE_DBM=1, r=rrelyea Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1659252 Differential Revision: https://phabricator.services.mozilla.com/D87173
eb52747b7000210971b590ad06d041c5f4ef464b: Bug 1653975 - Set "all" as the default Makefile target r=jcj,rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Wed, 29 Jul 2020 23:47:05 +0000 - rev 15724
Push 3814 by jjones@mozilla.com at Wed, 29 Jul 2020 23:49:33 +0000
Bug 1653975 - Set "all" as the default Makefile target r=jcj,rrelyea Just reorder the rules in manifest.mn, so all is again the first rule. This restores pre-3.53 Makefile defaults. Differential Revision: https://phabricator.services.mozilla.com/D85195
d98bbb6168f4ca2abd534e4c2fce56b7a5d1ad7e: Bug 1652032 Disable all freebl assembler code for MSVC arm64 r=rrelyea,bbeurdouche
Jan-Marek Glogowski <glogow@fbihome.de> - Mon, 27 Jul 2020 12:41:32 +0000 - rev 15719
Push 3809 by kjacobs@mozilla.com at Mon, 27 Jul 2020 14:12:59 +0000
Bug 1652032 Disable all freebl assembler code for MSVC arm64 r=rrelyea,bbeurdouche There are two places, where NSS tries to compile either x86_64 MSVC assembler or GCC aarch64 code, which will fail the build. And also drop the non-MSVC arch build flags for them. AFAI could identify, there isn't any armasm64 compatible asm code in the whole NSS library, so I don't even adapt AS for the build. The cross-build finishes this way. Differential Revision: https://phabricator.services.mozilla.com/D83137
c25adfdfab34ddb08d3262aac3242e3399de1095: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:38 +0000 - rev 15715
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
f282556e6cc7715f5754aeaadda6f902590e7e38: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea NSS_3_53_BRANCH
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:14 +0000 - rev 15714
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
3f022d5eca5d3cd0e366a825a5681953d76299d0: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche NSS_3_53_BRANCH
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 16:10:36 +0000 - rev 15711
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
e55ab3145546ae3cf1333b43956a974675d2d25c: Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea NSS_3_53_BRANCH
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 14:32:36 +0000 - rev 15710
Push 3806 by jjones@mozilla.com at Thu, 23 Jul 2020 03:05:13 +0000
Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D79267
615362dff5adcec579cc769e3ad0dbfe29d2a86f: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:14 +0000 - rev 15703
Push 3799 by lando_landing_worker@mozilla.com at Sat, 18 Jul 2020 00:18:12 +0000
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
a5e82e40f03e24941e5890fbb0056ee90c0a4026: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Sat, 18 Jul 2020 00:13:38 +0000 - rev 15702
Push 3799 by lando_landing_worker@mozilla.com at Sat, 18 Jul 2020 00:18:12 +0000
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
ca068f5b5c176c503ddce969e78dd326cc5fd29a: Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 16:10:36 +0000 - rev 15700
Push 3797 by kjacobs@mozilla.com at Thu, 16 Jul 2020 16:11:22 +0000
Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdouche This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
d19a3cd451bbf9602672fdbba8d6a817a55bfc69: Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea
Billy Brumley <bbrumley@gmail.com> - Thu, 16 Jul 2020 14:32:36 +0000 - rev 15699
Push 3796 by kjacobs@mozilla.com at Thu, 16 Jul 2020 14:46:34 +0000
Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyea This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D79267
e5324bd5a88553e2fe721a6ba196f3759002ba1d: Bug 1067214 - Check minimum padding in RSA_CheckSignRecover. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Tue, 07 Jul 2020 23:44:46 +0000 - rev 15692
Push 3789 by kjacobs@mozilla.com at Wed, 08 Jul 2020 14:38:11 +0000
Bug 1067214 - Check minimum padding in RSA_CheckSignRecover. r=rrelyea This patch adds a check to `RSA_CheckSignRecover` enforcing a minimum padding length of 8 bytes for PKCS #1 v1.5-formatted signatures. In practice, RSA key size requirements already ensure this requirement is met, but smaller (read: broken) key sizes can be used via configuration overrides, and NSS should just follow the spec. Differential Revision: https://phabricator.services.mozilla.com/D82462
699541a7793bbe9b20f1d73dc49e25c6054aa4c1: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs
Sohaib ul Hassan <sohaibulhassan@tuni.fi> - Tue, 16 Jun 2020 23:03:22 +0000 - rev 15677
Push 3776 by jjones@mozilla.com at Tue, 16 Jun 2020 23:52:26 +0000
Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
c5c89b18053aad6147f82abecc568653b78095b4: Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs NSS_3_53_BRANCH
Sohaib ul Hassan <sohaibulhassan@tuni.fi> - Tue, 16 Jun 2020 15:40:57 -0700 - rev 15674
Push 3775 by jjones@mozilla.com at Tue, 16 Jun 2020 23:52:22 +0000
Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobs The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
789d7241e1f008df82b09a441cad7f053d62252a: Bug 1637083 fix the lib dependencies for the split build r=jcj,rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Thu, 14 May 2020 17:42:03 +0000 - rev 15609
Push 3742 by jjones@mozilla.com at Thu, 14 May 2020 17:42:29 +0000
Bug 1637083 fix the lib dependencies for the split build r=jcj,rrelyea This build can be tested by running NSS_BUILD_MODULAR=1 nss/automation/taskcluster/scripts/build.sh from a directory containing the nss and nspr repositories. To make this build's make conditionals easier to handle, it also merges the manifest.mn into the Makefile, because parts of the conditionals depends on $(OS_ARCH) setting. In the end, the goal is just to set the correct build $(DIRS). This also drops the freebl dependeny of ssl, which seems not to be needed, even if it's declared in /lib/ssl/ssl.gyp. Differential Revision: https://phabricator.services.mozilla.com/D75074
744881490c78fd9a93a1ce742a5b6dcbe104763e: Bug 1637083 Replace pre-dependency with shell hack r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Wed, 13 May 2020 19:00:40 +0000 - rev 15608
Push 3742 by jjones@mozilla.com at Thu, 14 May 2020 17:42:29 +0000
Bug 1637083 Replace pre-dependency with shell hack r=rrelyea Originally I tried multiple variants using make's conditionals to limit DIRS and enforce building the parent directory before the sub-directory. None of them worked for me, most resulting in an infinite recursion, so I used the current pre-depends workaround to fulfill the real dependency. Now I remembered that automake can handle this case for SUBDIRS specifying "." as a directory. The generated Makefile handles it via shell scripting; not nice, but it works. So this gets rid of the workaround, replacing it with a small shell test. Differential Revision: https://phabricator.services.mozilla.com/D74855
c3f11da5acfc4d7fb2bbf042bb74072b95b47b7f: Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Fri, 08 May 2020 22:04:11 +0000 - rev 15606
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyea Introduces a simple "%/d" rule to create directories using $(MAKE_OBJDIR) and replace all explicit $(MAKE_OBJDIR) calls with an order-only-prerequisites. To expand the $(@D) prerequisite, this needs .SECONDEXPANSION. Differential Revision: https://phabricator.services.mozilla.com/D70989
6c5f91e098a14bf436ae24091d28c05b25f3db00: Bug 1438431 Remove mkdepend tool and targets r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:32:03 +0000 - rev 15605
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1438431 Remove mkdepend tool and targets r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70988
d1f9546272601278cf34a41815537db964313fef: Bug 1629553 Drop duplicate header DIR variables r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:31:50 +0000 - rev 15604
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Drop duplicate header DIR variables r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70987
7d285fe69c8c06a0cab4b97f40d16e4321594a72: Bug 1629553 Drop coreconf java support r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:31:43 +0000 - rev 15603
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Drop coreconf java support r=rrelyea There aren't an Java sources in NSS, so just drop all the stuff referencing java, jars, jni, etc. I didn't try to remove it from tests. Differential Revision: https://phabricator.services.mozilla.com/D70986
dc1ef0faf4a6ca181486b6fe45bf63cd01e166bf: Bug 1629553 Merge simple config.mk files r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:31:30 +0000 - rev 15602
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Merge simple config.mk files r=rrelyea There is really no good reason to explicitly change the TARGET variable. And the empty SHARED_LIBRARY variable should also be in the manifest.mn to begin with. All the other empty variables start empty or undefined, so there is also no need to explicitly set them empty. Differential Revision: https://phabricator.services.mozilla.com/D70691
877d721d93cdb151eb0ded41a1dc6de9e94ecad6: Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:30:24 +0000 - rev 15601
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyea * Drop the WIN% "32" default DLL suffix * Add default resource file handling => drop default RES * Generate IMPORT_LIBRARY based on IMPORT_LIB_SUFFIX and SHARED_LIBRARY, so we can drop all the explicit empty IMPORT_LIBRARY lines Originally this patch also tried to add a default MAPFILE rule, but this fails, because the ARCH makefiles set linker flags based on an existing MAPFILE variable. Differential Revision: https://phabricator.services.mozilla.com/D70369
9b628d9c57e5c490a5bcc90005f13f366026ebb6: Bug 1629553 Use an eval template for C++ compile rules r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:30:01 +0000 - rev 15600
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use an eval template for C++ compile rules r=rrelyea These pattern rules already had a comment to keep both in sync, so just use an eval template to enforce this. Differential Revision: https://phabricator.services.mozilla.com/D70985
71dd05b782e4554b1e3b42ee3cde9028114fd3b8: Bug 1629553 Use an eval template for freebl libs r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:59 +0000 - rev 15599
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use an eval template for freebl libs r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D69022
45db681898be760e53c70206912456dd296bb629: Bug 1629553 Use an eval template for export targets r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:51 +0000 - rev 15598
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Use an eval template for export targets r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70984
cbb737bc6c0ccda559c9e7b34fd5d5004dbe3316: Bug 1629553 Prefix pk11wrap (SHLIB|LIBRARY)_VERSION with NSS_ r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:44 +0000 - rev 15597
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 1629553 Prefix pk11wrap (SHLIB|LIBRARY)_VERSION with NSS_ r=rrelyea In the manifest.mn the LIBRARY_VERSION is normally used to define the major version of the build shared library. This ust works for the pk11wrap case, because pk11wrap is a static library. But it's still very confusing when reading the manifest.mn. Also the referenced define in the code is just named SHLIB_VERSION. So this prefixes the defines and the variables with NSS_, because it tries to load the NSS library, just as the SOFTOKEN_.*_VERSION is used to load the versioned softokn library. Differential Revision: https://phabricator.services.mozilla.com/D70689
f3a0ef69c0569c8512845075a48e796bc08bf636: Bug 290526 Drop double-colon usage and add directory depends r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:36 +0000 - rev 15596
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Drop double-colon usage and add directory depends r=rrelyea Double-colon rule behaviour isn't really compatible with parallel build. This gets rid of all of them, so we can codify the directory dependencies. This leaves just three problems, which aren't really fixable with the current build system without completely replacing it: * everything depends on nsinstall * everything depends on installed headers * ckfw child directories depend on the build parent libs This is handled by the prepare_build target. Overall this allows most if the build to run in parallel. P.S. the release_md:: has to stay :-( P.P.S. no clue, why freebl must use libs: instead of using the TARGETS and .PHONY variables Differential Revision: https://phabricator.services.mozilla.com/D69023
a82a55886c1d84ac17c9fd6c31ce03f682e93cfe: Bug 290526 Fix gtests build for WIN% targets r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:29 +0000 - rev 15595
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Fix gtests build for WIN% targets r=rrelyea The google_test gtest build doesn't provide any exports for the shared library on Windows and the gyp build also builds just a static library. So build gtest and gtestutil libraries as static. For whatever reason, the Windows linker doesn't find the main function inside the gtestutil library, if we don't tell it to build a console executable. But linking works fine, if the object file is used directly. But since we can have different main() objects based on build flags, we enforce building console applications binaries. Differential Revision: https://phabricator.services.mozilla.com/D70665
989ecbd870f3c2f81f0e2c559e277b11aa0c577b: Bug 290526 Drop recursive private_exports r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:29:21 +0000 - rev 15594
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Drop recursive private_exports r=rrelyea Copying private headers is now simply included in the exports target, as these headers use an extra directory anyway. Differential Revision: https://phabricator.services.mozilla.com/D69021
5d0bfa092e0fc37be1791132fa00f7f2e74f5a9b: Bug 290526 Parallelize part of the NSS build r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:28:43 +0000 - rev 15593
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Parallelize part of the NSS build r=rrelyea This still serializes many targets, but at least these targets themself run their build in parallel. The main serialization happens in nss/Makefile and nss/coreconf/rules.mk's all target. We can't add these as real dependencies, as all Makefile snippets use the same variable names. I tried to always run sub-makes to hack in the depndencies, but these don't know of each other, so targets very often run twice, and this breaks the build. Having a tests:: target and a tests directory leads to misery (and doesn't work), so it's renamed to check. This just works with NSS_DISABLE_GTESTS=1 specified and is fixed by a follow up patch, which removes the double-colon usage and adds the directory dependencies! Differential Revision: https://phabricator.services.mozilla.com/D69019
fb377d36262de7bd204187491dc2e3455b97fee0: Bug 290526 Don't delete directories r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:28:36 +0000 - rev 15592
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Don't delete directories r=rrelyea If these files exist and aren't directories, there might be other problems. Trying to "fix" them by removing will break the build. Differential Revision: https://phabricator.services.mozilla.com/D69018
585942b1d556a689b72e6a9f84c6ee23413f07a4: Bug 290526 Handle empty install variables r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:28:28 +0000 - rev 15591
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Handle empty install variables r=rrelyea Originally I added the install commands to the individual build targets. But this breaks the incremental build, because there is actually no dependency for the install. But it turns out, that in the end it's enough to ignore empty defined variables, so just do this. Differential Revision: https://phabricator.services.mozilla.com/D69017
d30a6953b897a8c8beff5ac5e29c7d75d71530ff: Bug 290526 Handle parallel PROGRAM and PROGRAMS r=rrelyea
Jan-Marek Glogowski <glogow@fbihome.de> - Tue, 05 May 2020 12:28:21 +0000 - rev 15590
Push 3740 by jjones@mozilla.com at Mon, 11 May 2020 21:08:39 +0000
Bug 290526 Handle parallel PROGRAM and PROGRAMS r=rrelyea I have no real clue, why PROGRAMS is actually working in the sequence build. There is no special make code really handling it, except for the install target. This patches code is inspired by the $(eval ...) example in the GNU make documentation. It generates a program specific make target and maps the programs objects based on the defined variables. Differential Revision: https://phabricator.services.mozilla.com/D69016
63b5f45e7383adb4c68f6fe48c65ec420778d7ab: Bug 1622033 - Disable flag for SEED deprecation. r=kjacobs,rrelyea
Benjamin Beurdouche <bbeurdouche@mozilla.com> - Tue, 05 May 2020 16:09:27 +0000 - rev 15586
Push 3736 by kjacobs@mozilla.com at Tue, 05 May 2020 17:26:09 +0000
Bug 1622033 - Disable flag for SEED deprecation. r=kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70672
aae226c20dfd2189fb395f43269fe06cf1fb9cb1: Bug 1612881 - Maintain PKCS11 C_GetAttributeValue semantics on attributes that lack NSS database columns r=keeler,rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Fri, 24 Apr 2020 15:50:42 +0000 - rev 15574
Push 3725 by kjacobs@mozilla.com at Fri, 24 Apr 2020 16:15:39 +0000
Bug 1612881 - Maintain PKCS11 C_GetAttributeValue semantics on attributes that lack NSS database columns r=keeler,rrelyea `sdb_GetAttributeValueNoLock` builds a query string from a list of attributes in the input template. Unfortunately, `sqlite3_prepare_v2` will fail the entire query if one of the attributes is missing from the underlying table. The PKCS #11 spec [[ https://www.cryptsoft.com/pkcs11doc/v220/pkcs11__all_8h.html#aC_GetAttributeValue | requires ]] setting the output `ulValueLen` field to -1 for such invalid attributes. This patch reads and stores the columns of nssPublic/nssPrivate when opened, then filters an input template in `sdb_GetAttributeValueNoLock` for unbacked/invalid attributes, removing them from the query and setting their template output lengths to -1. Differential Revision: https://phabricator.services.mozilla.com/D71622
50dcc34d470d802c2eae0dea81b3cb3a2c81281d: Bug 1629105 - Update PKCS11 module debug logger for v3.0 r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 13 Apr 2020 16:07:59 +0000 - rev 15566
Push 3717 by kjacobs@mozilla.com at Mon, 13 Apr 2020 17:07:07 +0000
Bug 1629105 - Update PKCS11 module debug logger for v3.0 r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D70582
c1608f1a86444d2709ad8c31caf0510c2e6ed986: Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy NSS_3_51_BRANCH
Robert Relyea <rrelyea@redhat.com> - Fri, 13 Mar 2020 11:17:11 -0700 - rev 15548
Push 3702 by kjacobs@mozilla.com at Fri, 27 Mar 2020 20:35:22 +0000
Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy https://phabricator.services.mozilla.com/D59412 When testing Bug 1608245, I realized that I had inadvertently broken fipstest.c's handling of KI and KI_len. This lead to it passing bogus keys (with unusually large lengths exceeding the bounds of sizeof KI) to kbkdf_Dispatch(...). This uses Bob Relyea's suggestion on how to handle this: detect the size of KI when processing the mech selection, storing KI_len there. This simplifies reading of the KI value in later code.
0225889e5292b4c686fe053003712b09390bf32b: Bug 1624402 - Fix compilation error when NO_FORK_CHECK and CHECK_FORK_* are defined r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 23 Mar 2020 20:47:31 +0000 - rev 15540
Push 3699 by kjacobs@mozilla.com at Mon, 23 Mar 2020 20:48:25 +0000
Bug 1624402 - Fix compilation error when NO_FORK_CHECK and CHECK_FORK_* are defined r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D67911
7ab62d3d04451dcc496da273d0624ab0902319f6: Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed. r=rrelyea
Kevin Jacobs <kjacobs@mozilla.com> - Mon, 23 Mar 2020 16:34:56 +0000 - rev 15539
Push 3698 by kjacobs@mozilla.com at Mon, 23 Mar 2020 16:35:14 +0000
Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed. r=rrelyea Differential Revision: https://phabricator.services.mozilla.com/D67741
d7b12847a6503ebcb3f7df56badc79149207d476: Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy
Robert Relyea <rrelyea@redhat.com> - Fri, 13 Mar 2020 11:17:11 -0700 - rev 15534
Push 3693 by rrelyea@redhat.com at Fri, 13 Mar 2020 19:01:46 +0000
Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea p=cipherboy https://phabricator.services.mozilla.com/D59412 When testing Bug 1608245, I realized that I had inadvertently broken fipstest.c's handling of KI and KI_len. This lead to it passing bogus keys (with unusually large lengths exceeding the bounds of sizeof KI) to kbkdf_Dispatch(...). This uses Bob Relyea's suggestion on how to handle this: detect the size of KI when processing the mech selection, storing KI_len there. This simplifies reading of the KI value in later code.
55ba54adfcaea2f984a999a511eec5047462eb57: Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not enabled on build r=jcj,rrelyea
Victor Tapia <victor.tapia@canonical.com> - Tue, 11 Feb 2020 15:52:08 +0000 - rev 15504
Push 3666 by jjones@mozilla.com at Tue, 11 Feb 2020 15:52:18 +0000
Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not enabled on build r=jcj,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D61236
df142975f4f695f84a662abdd27219c21c87c8d1: Bug 1611209 - Value of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL are swapped r=rrelyea
Robert Relyea <rrelyea@redhat.com> - Mon, 10 Feb 2020 17:14:01 -0800 - rev 15503
Push 3665 by rrelyea@redhat.com at Tue, 11 Feb 2020 01:14:13 +0000
Bug 1611209 - Value of CKM_AES_CMAC and CKM_AES_CMAC_GENERAL are swapped r=rrelyea
c46bc59ce7d4937509018a473d4c0248a9bbe6e4: Bug 1593167, certdb: propagate trust information if trust module is loaded afterwards, r=rrelyea,keeler
Daiki Ueno <dueno@redhat.com> - Fri, 06 Dec 2019 10:47:01 +0100 - rev 15426
Push 3608 by dueno@redhat.com at Fri, 06 Dec 2019 09:47:54 +0000
Bug 1593167, certdb: propagate trust information if trust module is loaded afterwards, r=rrelyea,keeler Summary: When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs. This change makes it properly roll up the trust information, if a temp cert doesn't have trust information. Reviewers: rrelyea, keeler Reviewed By: rrelyea, keeler Subscribers: reviewbot, heftig Bug #: 1593167 Differential Revision: https://phabricator.services.mozilla.com/D54726
b39c8eeabe6a7b51cafbff1b1730ceec5aefbbc2: Bug 1577803, pk11wrap: set friendly flag if token implements CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Wed, 06 Nov 2019 11:33:14 +0100 - rev 15377
Push 3570 by dueno@redhat.com at Wed, 06 Nov 2019 10:34:15 +0000
Bug 1577803, pk11wrap: set friendly flag if token implements CKP_PUBLIC_CERTIFICATES_TOKEN, r=rrelyea Summary: This makes NSS look for CKO_PROFILE object at token initialization time to check if it implements the [[ https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.0/pkcs11-profiles-v3.0.pdf | Public Certificates Token profile ]] as defined in PKCS #11 v3.0. If it is found, the token is automatically marked as friendly so no authentication attempts will be made when accessing certificates. Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 Differential Revision: https://phabricator.services.mozilla.com/D45669
0a86945adf746d78954c4a5ac4dfa365debb76c6: Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Tue, 05 Nov 2019 18:29:32 +0100 - rev 15373
Push 3566 by dueno@redhat.com at Tue, 05 Nov 2019 17:30:04 +0000
Bug 1577803, gtests: import pkcs11testmodule from Firefox, r=rrelyea Summary: This adds a mock PKCS #11 module from Firefox and add basic tests around it. This is needed for proper testing of PKCS #11 v3.0 profile objects (D45669). Reviewers: rrelyea Reviewed By: rrelyea Subscribers: reviewbot Bug #: 1577803 Differential Revision: https://phabricator.services.mozilla.com/D47060
ced91a705aa399e63e2084c608a31faf947a06a4: Bug 1562671 - Add environment variables to control Master Password KDF iteration count. Disable iteration count for legacy DBM storage by default. r=rrelyea
Kai Engert <kaie@kuix.de> - Fri, 01 Nov 2019 10:46:52 +0100 - rev 15367
Push 3561 by kaie@kuix.de at Fri, 01 Nov 2019 09:57:47 +0000
Bug 1562671 - Add environment variables to control Master Password KDF iteration count. Disable iteration count for legacy DBM storage by default. r=rrelyea