searching for reviewer(ttaubert)
3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8: Bug 1423043 - Enable half-close, r=ttaubert,ekr
Martin Thomson <martin.thomson@gmail.com> - Thu, 25 Oct 2018 13:55:30 +1100 - rev 14925
Push 3217 by martin.thomson@gmail.com at Fri, 26 Oct 2018 06:07:19 +0000
Bug 1423043 - Enable half-close, r=ttaubert,ekr Summary: TLS 1.3 explicitly changed to allow close_notify on one half of the connection. Since SSL, an endpoint was required to send close_notify if it received close_notify. The general agreement was that this was a silly requirement and that we would remove it and allow one side of the connection to be closed. This is critical for some protocols that are being moved to use TLS. NSS was almost perfect here. The only problem was that it suppressed the second close_notify. I've added a test for that. Differential Revision: https://phabricator.services.mozilla.com/D797
7a5ecfb8bf8c0ef4bf85ee23e48fdcdecef5e626: Bug 1427921 - Restore RSA-PSS support for TLS 1.2 and 1.3, r=ttaubert,ueno
Martin Thomson <martin.thomson@gmail.com> - Thu, 04 Jan 2018 17:47:14 +1100 - rev 14409
Push 3127 by martin.thomson@gmail.com at Tue, 26 Jun 2018 07:30:31 +0000
Bug 1427921 - Restore RSA-PSS support for TLS 1.2 and 1.3, r=ttaubert,ueno This adds support for the new codepoints that we added in TLS 1.3 draft -23. In short, the split between rsa_pss_rsae and rsa_pss_pss made our support for PSS inconsistent (we would generate only the former). This adds support for the rsa_pss_pss_shaX signature schemes. It does so by using the ssl_auth_rsa_pss codepoint, which I originally added, then we decided not to use because the generic RSA codepoints were enough at the time. Now, with the split on signature schemes, it isn't possible with the current certificate configuration APIs to have everything work with just ssl_auth_rsa_sign. We expect PSS keys to be configured alongside PKCS#1 keys and use SSLAuthType to distinguish them, but if we only use ssl_auth_rsa_sign, we can't find the right key when resuming. In this way, we are assigning certificates an SSLAuthType based on the type of the key and not the signature it has. That makes it cleaner than what we used to have, at least. That said, once we support signature_algorithms_cert extensions properly, we will not want to bucket certificates on the server. Instead, we will have a list and pick the first that matches, with no attempt to use types as we had. There are just too many ways in which a certificate might be chosen or not when you have to examine the entire chain. Of course, that's an even bigger change than this. The biggest change here is to attempt to determine the signature scheme based on the certificate SPKI. If that works, then we use that signature scheme, otherwise we fall back to the existing logic (which searches a list). For PSS with parameters and EC (EC only in TLS 1.3), there is just one signature scheme for a given SPKI, so that works out nicely. PSS without parameters, ECDSA, and older RSA certificates fall back to searching. I expect all future schemes to have just one scheme each, so it's a structure that I think supports that well.
1ca362213631d6edc885b6b965b52ecffcf29afd: Bug 1457716 - bustage fix, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Tue, 29 May 2018 17:01:05 +0200 - rev 14377
Push 3107 by franziskuskiefer@gmail.com at Tue, 29 May 2018 15:38:18 +0000
Bug 1457716 - bustage fix, r=ttaubert
a89d294083a6a3717d698f71b3acb9099b0ab838: Bug 1460673 - handle p12 properly, r=ttaubert NSS_3_37_BRANCH NSS_3_37_1_RTM
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 16 May 2018 10:24:05 +0200 - rev 14365
Push 3097 by jjones@mozilla.com at Tue, 22 May 2018 14:59:08 +0000
Bug 1460673 - handle p12 properly, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D1295
2251be26fa214eba03f47600d914cd0ab2ab8a30: Bug 1460673 - handle p12 properly, r=ttaubert NSS_3_36_BRANCH NSS_3_36_2_RTM
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 16 May 2018 10:24:05 +0200 - rev 14363
Push 3095 by jjones@mozilla.com at Tue, 22 May 2018 14:50:46 +0000
Bug 1460673 - handle p12 properly, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D1295
ff35a3edaafb1586d839fca8cdcae53dcdf02ee9: Bug 1462303 - Allow TLS 1.3 compat mode when attempting to resume TLS 1.2, r=ekr,ttaubert NSS_3_36_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Fri, 18 May 2018 12:51:29 +1000 - rev 14359
Push 3091 by martin.thomson@gmail.com at Fri, 18 May 2018 23:09:42 +0000
Bug 1462303 - Allow TLS 1.3 compat mode when attempting to resume TLS 1.2, r=ekr,ttaubert
2f5e8b4bf89729ea5ee18c089e684d4e8138b557: Bug 1462303 - Allow TLS 1.3 compat mode when attempting to resume TLS 1.2, r=ekr,ttaubert NSS_3_37_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Fri, 18 May 2018 12:51:29 +1000 - rev 14358
Push 3090 by martin.thomson@gmail.com at Fri, 18 May 2018 23:03:19 +0000
Bug 1462303 - Allow TLS 1.3 compat mode when attempting to resume TLS 1.2, r=ekr,ttaubert
8872ebb63acdaf69cbe3a134c1aeb2c223e3eaaa: Bug 1460673 - handle p12 properly, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 16 May 2018 10:24:05 +0200 - rev 14357
Push 3089 by franziskuskiefer@gmail.com at Fri, 18 May 2018 13:44:54 +0000
Bug 1460673 - handle p12 properly, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D1295
43018e031dee1b0c7cac16d3de268de3de6d938d: Bug 1462303 - Allow TLS 1.3 compat mode when attempting to resume TLS 1.2, r=ekr,ttaubert
Martin Thomson <martin.thomson@gmail.com> - Fri, 18 May 2018 12:51:29 +1000 - rev 14354
Push 3086 by martin.thomson@gmail.com at Fri, 18 May 2018 06:30:29 +0000
Bug 1462303 - Allow TLS 1.3 compat mode when attempting to resume TLS 1.2, r=ekr,ttaubert
6e4b0141df2f33fcb75bc02811110aab8e0af501: Bug 1460409 - fix blake2b begin, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 14 May 2018 11:59:06 +0200 - rev 14350
Push 3082 by franziskuskiefer@gmail.com at Mon, 14 May 2018 13:02:09 +0000
Bug 1460409 - fix blake2b begin, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D1271
4d41d769000774895041caec8ce8e4a5a145c1b4: Bug 1458165 - Fix saw image to 16.04, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Tue, 01 May 2018 17:04:42 +1000 - rev 14345
Push 3078 by martin.thomson@gmail.com at Thu, 03 May 2018 02:07:58 +0000
Bug 1458165 - Fix saw image to 16.04, r=ttaubert
7aacbcdb41d17d5cf242e7ab62b282efd8bbde77: Bug 1423043 - Enable half-close, r=ttaubert,ekr
Martin Thomson <martin.thomson@gmail.com> - Tue, 01 May 2018 10:51:04 +1000 - rev 14341
Push 3074 by martin.thomson@gmail.com at Tue, 01 May 2018 06:49:16 +0000
Bug 1423043 - Enable half-close, r=ttaubert,ekr Summary: TLS 1.3 explicitly changed to allow close_notify on one half of the connection. Since SSL, an endpoint was required to send close_notify if it received close_notify. The general agreement was that this was a silly requirement and that we would remove it and allow one side of the connection to be closed. This is critical for some protocols that are being moved to use TLS. NSS was almost perfect here. The only problem was that it suppressed the second close_notify. I've added a test for that. Reviewers: ttaubert, ekr Reviewed By: ttaubert, ekr Subscribers: ekr Bug #: 1423043 Differential Revision: https://phabricator.services.mozilla.com/D797
29360fc78ccb5bbd74ecf2f28b10e36cdb635a8f: Bug 1437882 - mach bogo, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 11 Apr 2018 11:04:09 +0200 - rev 14320
Push 3055 by franziskuskiefer@gmail.com at Wed, 11 Apr 2018 10:35:55 +0000
Bug 1437882 - mach bogo, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D905
a7ae252f516175b5907ae694a1b2aeaee7531a05: Bug 1451395 - update hacl* version with fixed poly305 32-bit proof, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 09 Apr 2018 12:16:19 +0200 - rev 14316
Push 3051 by franziskuskiefer@gmail.com at Tue, 10 Apr 2018 06:39:56 +0000
Bug 1451395 - update hacl* version with fixed poly305 32-bit proof, r=ttaubert Also move the HACL* verification to the hacl tool job, out of the image build to work around taskcluster issues. Differential Revision: https://phabricator.services.mozilla.com/D885
1587b1c1d09cf3af3c8a3f6dff4254521d91f1f3: Bug 1452564 - fix domain resolution on taskcluster, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 09 Apr 2018 09:32:26 +0200 - rev 14311
Push 3046 by franziskuskiefer@gmail.com at Mon, 09 Apr 2018 09:25:23 +0000
Bug 1452564 - fix domain resolution on taskcluster, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D882
f5444a2e1f68de9ddc2df65b7b348e9cca6f205d: Bug 1423043 - Enable half-close, r?ttaubert
Martin Thomson <martin.thomson@gmail.com> - Fri, 06 Apr 2018 09:11:29 +1000 - rev 14309
Push 3045 by martin.thomson@gmail.com at Mon, 09 Apr 2018 04:14:53 +0000
Bug 1423043 - Enable half-close, r?ttaubert Summary: TLS 1.3 explicitly changed to allow close_notify on one half of the connection. Since SSL, an endpoint was required to send close_notify if it received close_notify. The general agreement was that this was a silly requirement and that we would remove it and allow one side of the connection to be closed. This is critical for some protocols that are being moved to use TLS. NSS was almost perfect here. The only problem was that it suppressed the second close_notify. I've added a test for that. Reviewers: ttaubert Bug #: 1423043 Differential Revision: https://phabricator.services.mozilla.com/D797
92ec52c839cb3ae890d7a9f228e3c12dc72b6f38: Bug 1451955 - python3 compatibility fix for reading, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Fri, 06 Apr 2018 09:36:53 +1000 - rev 14308
Push 3044 by martin.thomson@gmail.com at Mon, 09 Apr 2018 02:24:29 +0000
Bug 1451955 - python3 compatibility fix for reading, r=ttaubert
0b0eb03449450c5af1e2bb4c32a3259923ca2542: Bug 1451395 - update hacl* version to fix image build, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 04 Apr 2018 10:35:35 +0200 - rev 14307
Push 3043 by franziskuskiefer@gmail.com at Thu, 05 Apr 2018 10:05:13 +0000
Bug 1451395 - update hacl* version to fix image build, r=ttaubert This version of HACL* has an incomplete proof and has to be update soon. This is to fix the image build til taskcluster is fixed. Differential Revision: https://phabricator.services.mozilla.com/D842
f0d4789c89169de0641b8b4e8b7cd2cec015d4dd: Bug 1441219 - always compile FStar to have it available on 32-bit non-intel platforms, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 15 Mar 2018 09:19:17 +0100 - rev 14291
Push 3027 by franziskuskiefer@gmail.com at Thu, 15 Mar 2018 08:23:01 +0000
Bug 1441219 - always compile FStar to have it available on 32-bit non-intel platforms, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D735
620af5fe20ad116ceb2c3da2be931dc694176c3a: Bug 1424663 - update HACL* version, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Tue, 06 Mar 2018 08:57:41 +0100 - rev 14282
Push 3018 by franziskuskiefer@gmail.com at Tue, 06 Mar 2018 09:04:24 +0000
Bug 1424663 - update HACL* version, r=ttaubert Unbreak VS2015 32-bit, see bug 1442554. Differential Revision: https://phabricator.services.mozilla.com/D678
eb5b400ffc1b2010a078572e58398a2067b75ff4: Bug 1441219 - HACL* poly1305 32-bit, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 26 Feb 2018 16:09:56 +0100 - rev 14281
Push 3017 by franziskuskiefer@gmail.com at Tue, 06 Mar 2018 07:46:18 +0000
Bug 1441219 - HACL* poly1305 32-bit, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D649
6a55ed283ee0b5025d3e3405f54e9daf16755c27: Bug 1439226 - update HACL*, r=ttaubert NSS_3_36_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 01 Mar 2018 09:59:21 +0100 - rev 14278
Push 3015 by franziskuskiefer@gmail.com at Mon, 05 Mar 2018 14:20:28 +0000
Bug 1439226 - update HACL*, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D662
87d1da047952191d05df7279d07e2508b4d26fe9: Bug 1442554 - inline store_4_vec to fix win32 vs2015 builds, r=kaie,ttaubert NSS_3_36_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 02 Mar 2018 16:52:05 +0100 - rev 14277
Push 3015 by franziskuskiefer@gmail.com at Mon, 05 Mar 2018 14:20:28 +0000
Bug 1442554 - inline store_4_vec to fix win32 vs2015 builds, r=kaie,ttaubert
6ef5c7c316505c41d241ac53828938d33ab1431c: Bug 1439226 - update HACL*, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 01 Mar 2018 09:59:21 +0100 - rev 14276
Push 3014 by franziskuskiefer@gmail.com at Thu, 01 Mar 2018 10:47:59 +0000
Bug 1439226 - update HACL*, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D662
ea519bc56872db135c36d2ef4d03545d1cc5507f: Bug 1438277 - Be even more defensive about bad token implementations in nssCryptokiObject_Create r=ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 27 Feb 2018 10:47:16 +0100 - rev 14258
Push 2998 by ttaubert@mozilla.com at Tue, 27 Feb 2018 09:48:41 +0000
Bug 1438277 - Be even more defensive about bad token implementations in nssCryptokiObject_Create r=ttaubert Summary: add a null check in nssCryptokiObject_Create that seems to be necessary Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1438277 Differential Revision: https://phabricator.services.mozilla.com/D640
e37522dc7c96b747acd69d2b661c84babf4db8bb: Bug 1424663 - vectorized ChaCha20 from HACL* for SSSE3 and ARM NEON, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 19 Feb 2018 12:32:59 +0100 - rev 14257
Push 2997 by franziskuskiefer@gmail.com at Fri, 23 Feb 2018 14:04:05 +0000
Bug 1424663 - vectorized ChaCha20 from HACL* for SSSE3 and ARM NEON, r=ttaubert Summary: This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code. Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox. Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1424663 Differential Revision: https://phabricator.services.mozilla.com/D467
f47d5a4034111a25e7096f8d0ba42f19cdb1dd26: Bug 1437734 - Use snprintf in sign.c, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Tue, 13 Feb 2018 12:30:58 +1100 - rev 14253
Push 2995 by martin.thomson@gmail.com at Thu, 15 Feb 2018 01:47:05 +0000
Bug 1437734 - Use snprintf in sign.c, r=ttaubert
1b20549e10753e82b756463dfdb597884ad39b4d: Bug 1433644 - sid uncache hotfix, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 29 Jan 2018 10:05:51 +0100 - rev 14242
Push 2984 by franziskuskiefer@gmail.com at Mon, 29 Jan 2018 10:59:07 +0000
Bug 1433644 - sid uncache hotfix, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D470
be1dca5ac80541d3b81a8da9d42854d8b1cceefb: bug 1431087, Always print logfiles on Interop failure, r=ttaubert
Kai Engert <kaie@kuix.de> - Tue, 23 Jan 2018 11:38:21 +0100 - rev 14229
Push 2971 by kaie@kuix.de at Tue, 23 Jan 2018 10:37:48 +0000
bug 1431087, Always print logfiles on Interop failure, r=ttaubert
f5cb448b91f9a2efacdf50fd6405acb00eaa9869: Bug 1419342 - add Curve25519 F* spec to NSS, r=beurdouche,ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 13 Dec 2017 13:07:09 -0600 - rev 14192
Push 2937 by franziskuskiefer@gmail.com at Wed, 13 Dec 2017 19:08:15 +0000
Bug 1419342 - add Curve25519 F* spec to NSS, r=beurdouche,ttaubert Summary: Cuve25519 spec and some other small fixes. Reviewers: ttaubert, beurdouche Reviewed By: ttaubert, beurdouche Differential Revision: https://phabricator.services.mozilla.com/D333
59f3ff0efb518295aa30eb10dbc88f6381ffe0ed: Bug 1399763 - add license headers to spec files and make diff work, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 07 Dec 2017 16:02:37 -0800 - rev 14190
Push 2935 by franziskuskiefer@gmail.com at Fri, 08 Dec 2017 16:50:14 +0000
Bug 1399763 - add license headers to spec files and make diff work, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D331
d5433562dee489df800d97c8afb72d3b6971cb9f: Bug 1399763 - formally verified code from HACL* for Poly1305 64bits, r=franziskus,ttaubert
Benjamin Beurdouche <benjamin.beurdouche@inria.fr> - Thu, 07 Dec 2017 11:27:22 -0800 - rev 14189
Push 2935 by franziskuskiefer@gmail.com at Fri, 08 Dec 2017 16:50:14 +0000
Bug 1399763 - formally verified code from HACL* for Poly1305 64bits, r=franziskus,ttaubert try: -p none -t hacl Summary: Code for Poly1305 Reviewers: franziskus, ttaubert Reviewed By: franziskus, ttaubert Bug #: 1399763 Differential Revision: https://phabricator.services.mozilla.com/D276
2fa960eb84a223677ac61845540a8e504c35ad85: Bug 1418780 - Check against integer underflow in ugly_split r=ttaubert
David Keeler <dkeeler@mozilla.com> - Tue, 05 Dec 2017 10:03:13 +0100 - rev 14187
Push 2933 by ttaubert@mozilla.com at Tue, 05 Dec 2017 09:04:34 +0000
Bug 1418780 - Check against integer underflow in ugly_split r=ttaubert Summary: Before this change, if the metadata for a dbm-format certificate (or presumably key) database were corrupted, ugly_split could do an unchecked subtraction resulting in unsigned integer underflow, and would attempt to operate on something it thought was very big, resulting in (at least) an out-of-bounds read. Reviewers: ttaubert Reviewed By: ttaubert Subscribers: keeler Bug #: 1418780 Differential Revision: https://phabricator.services.mozilla.com/D310
0c062fe18d23acaa3ded5787664a39ea3cdf8f58: Bug 1421788 - Add a length check in nssCryptokiObject_Create to maybe prevent null pointer deref r=ttaubert
David Keeler <dkeeler@mozilla.com> - Fri, 01 Dec 2017 06:24:29 +0100 - rev 14176
Push 2924 by ttaubert@mozilla.com at Fri, 01 Dec 2017 06:46:42 +0000
Bug 1421788 - Add a length check in nssCryptokiObject_Create to maybe prevent null pointer deref r=ttaubert Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1421788 Differential Revision: https://phabricator.services.mozilla.com/D302
79f689370b96037c38d2268673d5c1f8e1037467: Bug 1212199 - Fix signed/unsigned warning for V2Hello handler, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Fri, 24 Nov 2017 10:47:00 +1100 - rev 14173
Push 2921 by martin.thomson@gmail.com at Wed, 29 Nov 2017 10:03:36 +0000
Bug 1212199 - Fix signed/unsigned warning for V2Hello handler, r=ttaubert
96e6dbbd080f07b325a31e67fea8ed858c6b21cf: Bug 1419278 - make lg_CopyAttribute handle optionsDate and smimeOptions properly, r=ttaubert,jseward
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 29 Nov 2017 09:24:43 +0100 - rev 14172
Push 2920 by franziskuskiefer@gmail.com at Wed, 29 Nov 2017 08:28:29 +0000
Bug 1419278 - make lg_CopyAttribute handle optionsDate and smimeOptions properly, r=ttaubert,jseward Reviewers: ttaubert Reviewed By: ttaubert Subscribers: ttaubert, franziskus, jseward Bug #: 1419278 Differential Revision: https://phabricator.services.mozilla.com/D267
2e84661d39faf3b224384180d9ca81314b9f127c: NSS_TLS13_DRAFT19_BRANCH merge follow-up, remove ssl3encode, r=mt,ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 29 Nov 2017 09:24:33 +0100 - rev 14171
Push 2920 by franziskuskiefer@gmail.com at Wed, 29 Nov 2017 08:28:29 +0000
NSS_TLS13_DRAFT19_BRANCH merge follow-up, remove ssl3encode, r=mt,ttaubert Reviewers: mt, ttaubert Reviewed By: mt, ttaubert Differential Revision: https://phabricator.services.mozilla.com/D283
807662e6ba57db5be05036511ac8634466ed473f: Bug 1383369 - update HACL* dockerfile and ChaCha20, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 24 Nov 2017 15:46:03 +0100 - rev 14166
Push 2915 by franziskuskiefer@gmail.com at Fri, 24 Nov 2017 16:32:27 +0000
Bug 1383369 - update HACL* dockerfile and ChaCha20, r=ttaubert Reviewers: ttaubert Reviewed By: ttaubert Differential Revision: https://phabricator.services.mozilla.com/D277
f83e6fee069d5a7962ee18e1223bdf1c574671b4: Bug 1414811 - ssl3_config_match_init() shouldn't return a signed int r=ttaubert
Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> - Thu, 23 Nov 2017 16:56:42 +0100 - rev 14157
Push 2910 by ttaubert@mozilla.com at Thu, 23 Nov 2017 16:23:35 +0000
Bug 1414811 - ssl3_config_match_init() shouldn't return a signed int r=ttaubert Summary: ssl3_config_match_init() shouldn't return a signed int Reviewers: ttaubert Bug #: 1414811 Differential Revision: https://phabricator.services.mozilla.com/D197
3b10f0e78d33b10e336bcb0ea004222630d917e9: Bug 1409872 - Remove active distrust entries for certificates that have expired r=ttaubert NSS_3_34_BRANCH
David Keeler <dkeeler@mozilla.com> - Thu, 16 Nov 2017 21:49:57 +0100 - rev 14152
Push 2909 by kaie@kuix.de at Thu, 23 Nov 2017 15:11:17 +0000
Bug 1409872 - Remove active distrust entries for certificates that have expired r=ttaubert Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1409872 Differential Revision: https://phabricator.services.mozilla.com/D139 (grafted from fbd5eb8b3fc1303cf6fa3ed7d6746ae55e616ac3)
ff7594d3dc94dc7f6d4f9b8b638a477dc48052a3: Bug 1383369 - formally verified code from HaCl* for Chacha20 (non-vectorized), r=ttaubert,beurdouche
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 22 Nov 2017 10:48:42 +0100 - rev 14151
Push 2908 by franziskuskiefer@gmail.com at Wed, 22 Nov 2017 20:21:33 +0000
Bug 1383369 - formally verified code from HaCl* for Chacha20 (non-vectorized), r=ttaubert,beurdouche Differential Revision: https://phabricator.services.mozilla.com/D272
ce3cd8618d008df60eaa2a99c5c77f29b323340a: Bug 1419173 - fix uint128 defines, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 22 Nov 2017 17:59:09 +0100 - rev 14149
Push 2906 by franziskuskiefer@gmail.com at Wed, 22 Nov 2017 17:00:07 +0000
Bug 1419173 - fix uint128 defines, r=ttaubert Summary: We accidentally disabled uint128_t for the HACL curve in GYP builds. This is less nice but works. Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1419173 Differential Revision: https://phabricator.services.mozilla.com/D274
feada205ae4c0603e4bb8fb7908d12817fd9b7b9: Bug 1419290 - enable curve25519 64-bit on aarch64, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Mon, 20 Nov 2017 11:50:07 +0100 - rev 14139
Push 2896 by franziskuskiefer@gmail.com at Tue, 21 Nov 2017 07:09:48 +0000
Bug 1419290 - enable curve25519 64-bit on aarch64, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D264
6121674fd16307c05c4a1ffc1a3267796008d152: Bug 1418021 - make sure sidBytes item is not NULL before copying, r=ttaubert
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 17 Nov 2017 08:57:18 +0100 - rev 14131
Push 2892 by franziskuskiefer@gmail.com at Fri, 17 Nov 2017 10:27:09 +0000
Bug 1418021 - make sure sidBytes item is not NULL before copying, r=ttaubert Differential Revision: https://phabricator.services.mozilla.com/D253
fbd5eb8b3fc1303cf6fa3ed7d6746ae55e616ac3: Bug 1409872 - Remove active distrust entries for certificates that have expired r=ttaubert
David Keeler <dkeeler@mozilla.com> - Thu, 16 Nov 2017 21:49:57 +0100 - rev 14130
Push 2891 by ttaubert@mozilla.com at Fri, 17 Nov 2017 05:01:47 +0000
Bug 1409872 - Remove active distrust entries for certificates that have expired r=ttaubert Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1409872 Differential Revision: https://phabricator.services.mozilla.com/D139
04b7a364c8b5bc67ae45f5a20ff3168437281904: Bug 1416292 - ssl3encode.c fix signed / unsigned compilation warnings r=ttaubert
Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> - Mon, 13 Nov 2017 12:56:16 +0100 - rev 14121
Push 2884 by ttaubert@mozilla.com at Mon, 13 Nov 2017 11:57:32 +0000
Bug 1416292 - ssl3encode.c fix signed / unsigned compilation warnings r=ttaubert Summary: ssl3encode.c fix signed / unsigned compilation warnings Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1416292 Differential Revision: https://phabricator.services.mozilla.com/D219
820263a5733e7cb4d6cdbeec2cd6e7f7fb59bbf5: Bug 1414863 - sslsock.c fix signed / unsigned compilation warnings r=ttaubert
Jean-Luc Bonnafoux <jeanluc.bonnafoux@wanadoo.fr> - Mon, 13 Nov 2017 12:54:21 +0100 - rev 14120
Push 2884 by ttaubert@mozilla.com at Mon, 13 Nov 2017 11:57:32 +0000
Bug 1414863 - sslsock.c fix signed / unsigned compilation warnings r=ttaubert Summary: Bug 1414863 - sslsock.c fix signed / unsigned compilation warnings Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1414863 Differential Revision: https://phabricator.services.mozilla.com/D199
54be8a4501d454b2b7454e4a44ea013738e0b693: Bug 1415033 - Assert on RWLock leak, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Tue, 07 Nov 2017 14:13:24 +1100 - rev 14118
Push 2882 by martin.thomson@gmail.com at Thu, 09 Nov 2017 22:09:13 +0000
Bug 1415033 - Assert on RWLock leak, r=ttaubert
5b6c6551931f46228c82285dec1969687f9dd47a: Bug 1415718 - Initialize version in ssl3_SendClientHello, r=ttaubert
Martin Thomson <martin.thomson@gmail.com> - Thu, 09 Nov 2017 10:40:46 +1100 - rev 14117
Push 2882 by martin.thomson@gmail.com at Thu, 09 Nov 2017 22:09:13 +0000
Bug 1415718 - Initialize version in ssl3_SendClientHello, r=ttaubert
1d800910df751bb0fa23b6838984f98cae06ba0a: Bug 1415795 - revert renaming of SSL_UseAltServerHelloType part2, r=ttaubert NSS_3_34_BRANCH NSS_3_34_BETA5
Franziskus Kiefer <franziskuskiefer@gmail.com> - Thu, 09 Nov 2017 14:26:49 +0100 - rev 14114
Push 2879 by franziskuskiefer@gmail.com at Thu, 09 Nov 2017 13:27:06 +0000
Bug 1415795 - revert renaming of SSL_UseAltServerHelloType part2, r=ttaubert