author J.C. Jones <>
Wed, 01 Feb 2017 15:21:04 -0700
changeset 395063 ad5adacd8e14472b0abcf9065efbcc96d5a859c4
parent 292565 ae64d16898395607093db2e2dd667b6544cb1f55
child 376644 150eacc885c23d1845280917cda4e6a652f8a7b6
child 396850 40911fc4bf7eff4f84add35cceb3a67d69a6e75a
permissions -rw-r--r--
Bug 1260318 - Scope U2F Soft Tokens to a single AppID r=qdot,rbarnes This change includes the FIDO "App ID" as part of the function used to generate the wrapping key used in the NSS-based U2F soft token, cryptographically binding the "Key Handle" to the site that Key Handle is intended for. This is a breaking change with existing registered U2F keys, but since our soft token is hidden behind a pref, it does not attempt to be backward-compatible. - Updated for rbarnes' and qdot's reviews comments. Thanks! - Made more strict in size restrictions, and added a version field to help us be this strict. - Bugfix for an early unprotected buffer use (Thanks again rbarnes!) - Fix a sneaky memory leak re: CryptoBuffer.ToSECItem MozReview-Commit-ID: Jf6gNPauT4Y

An explanation of the Mozilla Source Code Directory Structure and links to
project pages with documentation can be found at:

For information on how to build Mozilla from the source code, see:

To have your bug fix / feature added to Mozilla, you should create a patch and
submit it to Bugzilla ( Instructions are at:

If you have a question about developing Mozilla, and can't find the solution
on, you can try asking your question in a
mozilla.* Usenet group, or on IRC at [The Mozilla news groups
are accessible on Google Groups, or with a NNTP reader.]

You can download nightly development builds from the Mozilla FTP server.
Keep in mind that nightly builds, which are used by Mozilla developers for
testing, may be buggy. Firefox nightlies, for example, can be found at:
            - or -