summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. ↵NSS_3_53_BRANCHBenjamin Beurdouche2020-07-182-3/+10
| | | | | | r=jcj,kjacobs,rrelyea Differential Revision: https://phabricator.services.mozilla.com/D74801
* Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyeaBenjamin Beurdouche2020-07-182-0/+50
| | | | | | Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
* Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdoucheBilly Brumley2020-07-201-21/+0
| | | | | | | | | Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding. Timing attack countermeasures are now applied more generally deeper in the call stack. Differential Revision: https://phabricator.services.mozilla.com/D82011
* Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcjBenjamin Beurdouche2020-07-161-7/+4
| | | | Differential Revision: https://phabricator.services.mozilla.com/D75774
* Bug 1631583 - ECC: constant time P-521 r=kjacobs,rrelyea,bbeurdoucheBilly Brumley2020-07-165-1/+11824
| | | | | | | | | | | This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D80012
* Bug 1631583 - ECC: constant time P-384 r=bbeurdouche,rrelyeaBilly Brumley2020-07-166-1/+19681
| | | | | | | | | | | This portable code contributed by the Network and Information Security Group (NISEC) at Tampere University comes from: [ECCKiila](https://gitlab.com/nisec/ecckiila) that uses [Fiat](https://github.com/mit-plv/fiat-crypto) for the underlying field arithmetic. Co-authored-by: Luis Rivera-Zamarripa <luis.riverazamarripa@tuni.fi> Co-authored-by: Jesús-Javier Chi-Domínguez <jesus.chidominguez@tuni.fi> Differential Revision: https://phabricator.services.mozilla.com/D79267
* Added tag NSS_3_53_1_RTM for changeset fca7a9ba4da2J.C. Jones2020-06-160-0/+0
|
* Set version numbers to 3.53.1 finalNSS_3_53_1_RTMJ.C. Jones2020-06-163-6/+6
|
* Bug 1631597 - Constant-time GCD and modular inversion r=rrelyea,kjacobsSohaib ul Hassan2020-06-163-132/+292
| | | | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fix mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co Author : Billy Bob Brumley Differential Revision: https://phabricator.services.mozilla.com/D78668
* Added tag NSS_3_53_RTM for changeset 7e453a5afcb4J.C. Jones2020-05-290-0/+0
|
* Set version numbers to 3.53 finalNSS_3_53_RTMJ.C. Jones2020-05-293-6/+6
|
* Added tag NSS_3_53_BETA2 for changeset 8fe22033a88eKevin Jacobs2020-05-280-0/+0
|
* Bug 1640260 - Initialize PBE params r=jcjNSS_3_53_BETA2Kevin Jacobs2020-05-281-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D76544
* Bug 1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs. r=jcjBenjamin Beurdouche2020-05-271-12/+48
| | | | Differential Revision: https://phabricator.services.mozilla.com/D77062
* Bug 1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and ↵Benjamin Beurdouche2020-05-271-3/+12
| | | | | | SK ID root certs. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D77065
* Added tag NSS_3_53_BETA1 for changeset c7a1c91cd9beKevin Jacobs2020-05-260-0/+0
|
* Bug 1629414 - Guard USE_PPC_CRYPTO and VSX types with __VSX__ and ↵NSS_3_53_BETA1J.C. Jones2020-05-222-3/+6
| | | | | | | | | __ALTIVEC__ r=kjacobs This avoids build errors on non-VSX architectures even when not compiling the POWER accelerated code. Differential Revision: https://phabricator.services.mozilla.com/D72014
* Bug 1639033 - Use unsigned int for a loop counter to eliminate a ↵Jeff Walden2020-05-211-1/+1
| | | | | | | | signed-unsigned comparison warning in aes-x86.c. r=kjacobs Depends on D75847 Differential Revision: https://phabricator.services.mozilla.com/D75848
* Bug 1639033 - Used unsigned int instead of int in a few places in ec.c to ↵Jeff Walden2020-05-211-4/+4
| | | | | | | | eliminate signed-unsigned comparison warnings. r=kjacobs Depends on D75846 Differential Revision: https://phabricator.services.mozilla.com/D75847
* Bug 1639033 - Use unsigned int rather than int for two variables to ↵Jeff Walden2020-05-211-2/+2
| | | | | | | | eliminate a bunch of signed-unsigned comparison warnings. r=kjacobs Depends on D75845 Differential Revision: https://phabricator.services.mozilla.com/D75846
* Bug 1639033 - Use unsigned int for various count variables in mplogic.c to ↵Jeff Walden2020-05-212-9/+7
| | | | | | | | eliminate signed-unsigned comparison warnings. r=kjacobs Depends on D75844 Differential Revision: https://phabricator.services.mozilla.com/D75845
* Bug 1639033 - Use size_t for loops up to sizeof(T) in aeskeywrap.c to ↵Jeff Walden2020-05-211-2/+4
| | | | | | | | eliminate some signed-comparison warnings. r=kjacobs Depends on D75843 Differential Revision: https://phabricator.services.mozilla.com/D75844
* Bug 1639033 - Change +sftk_xcbc_mac_pad's block-size argument to be unsigned ↵Jeff Walden2020-05-212-4/+5
| | | | | | | | int to avoid sign-comparison warnings. r=kjacobs Depends on D75842 Differential Revision: https://phabricator.services.mozilla.com/D75843
* Bug 1639033 - Use the jarType enum type, not int, for certain variables and ↵Jeff Walden2020-05-221-3/+10
| | | | | | | | arguments in jar.c -- for greater precision, and to avoid sign-comparison warnings. r=kjacobs Depends on D75841 Differential Revision: https://phabricator.services.mozilla.com/D75842
* Bug 1639033 - Make all |moduleIndex| variables in pkcs11.c be unsigned, to ↵Jeff Walden2020-05-192-12/+18
| | | | | | | | eliminate a -Wsign-compare warning. r=kjacobs Depends on D75840 Differential Revision: https://phabricator.services.mozilla.com/D75841
* Bug 1639033 - Fix signed-unsigned comparison warning in basicutil.c. r=kjacobsJeff Walden2020-05-191-1/+3
| | | | Differential Revision: https://phabricator.services.mozilla.com/D75840
* Bug 1640041 - Don't memcpy nothing, r=jcjMartin Thomson2020-05-221-1/+4
| | | | | | Depends on D76421 Differential Revision: https://phabricator.services.mozilla.com/D76422
* Bug 1640042 - Don't memcpy nothing, r=jcjMartin Thomson2020-05-221-2/+5
| | | | Differential Revision: https://phabricator.services.mozilla.com/D76421
* Bug 1639413 - Option to disable TLS 1.3 EndOfEarlyData message, r=kjacobsMartin Thomson2020-05-228-15/+270
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the ability to disable EndOfEarlyData. On the client this is relatively simple, you just turn the message off. The server is complicated because the server uses this to drive the installation of the right keys. Without it, things get very messy. Thus, I have decided that this is best left to the SSL_RecordLayerData interface. That needs an ugly hack in order to let the new data to pass, but the damage is otherwise relatively minor, apart from one obvious thing. We never really built the SSL_RecordLayerData API to take application data. It only did that to support testing of the functions. Now that we have to deal with this new wrinkle, adding support for 0-RTT is necessary. This change does that. That requires a barrage of new checks to see if application data is acceptable. And then early data is captured in a completely different way, which adds another layer of awfulness. Note that this exposes us to the possibility that Certificate or Finished are received in early data when using SSL_RecordLayerData and this option. I don't think that fixing that is worthwhile as it requires tracking the epoch of handshake messages separate to ss->ssl3.crSpec and the epoch only really exists on that API so that applications don't accidentally do bad things. In QUIC, we specifically block handshake messages in early data, so we have ample protection. Differential Revision: https://phabricator.services.mozilla.com/D76088
* Bug 1638289 - Fix multiple definitions of SHA2 on ppc64le. r=kjacobsBenjamin Beurdouche2020-05-201-1/+0
| | | | Differential Revision: https://phabricator.services.mozilla.com/D76101
* Bug 1631576 - Force a fixed length for DSA exponentiation r=pereida,bbrumleyRobert Relyea2020-05-191-10/+35
| | | | Differential Revision: https://phabricator.services.mozilla.com/D72011
* Bug 1636389 - Relocate deprecated seed algorithm. r=kjacobsBenjamin Beurdouche2020-05-145-6/+7
| | | | Differential Revision: https://phabricator.services.mozilla.com/D74384
* Bug 1637083 fix the lib dependencies for the split build r=jcj,rrelyeaJan-Marek Glogowski2020-05-143-127/+68
| | | | | | | | | | | | | | | | | This build can be tested by running NSS_BUILD_MODULAR=1 nss/automation/taskcluster/scripts/build.sh from a directory containing the nss and nspr repositories. To make this build's make conditionals easier to handle, it also merges the manifest.mn into the Makefile, because parts of the conditionals depends on $(OS_ARCH) setting. In the end, the goal is just to set the correct build $(DIRS). This also drops the freebl dependeny of ssl, which seems not to be needed, even if it's declared in /lib/ssl/ssl.gyp. Differential Revision: https://phabricator.services.mozilla.com/D75074
* Bug 1637083 Replace pre-dependency with shell hack r=rrelyeaJan-Marek Glogowski2020-05-134-9/+20
| | | | | | | | | | | | | | | | | Originally I tried multiple variants using make's conditionals to limit DIRS and enforce building the parent directory before the sub-directory. None of them worked for me, most resulting in an infinite recursion, so I used the current pre-depends workaround to fulfill the real dependency. Now I remembered that automake can handle this case for SUBDIRS specifying "." as a directory. The generated Makefile handles it via shell scripting; not nice, but it works. So this gets rid of the workaround, replacing it with a small shell test. Differential Revision: https://phabricator.services.mozilla.com/D74855
* Bug 1561331 - Additional modular inverse test r=jcjKevin Jacobs2020-05-121-0/+38
| | | | Differential Revision: https://phabricator.services.mozilla.com/D36115
* Bug 1629553 Use order-prereq for $(MAKE_OBJDIR) r=rrelyeaJan-Marek Glogowski2020-05-088-51/+27
| | | | | | | | | | Introduces a simple "%/d" rule to create directories using $(MAKE_OBJDIR) and replace all explicit $(MAKE_OBJDIR) calls with an order-only-prerequisites. To expand the $(@D) prerequisite, this needs .SECONDEXPANSION. Differential Revision: https://phabricator.services.mozilla.com/D70989
* Bug 1438431 Remove mkdepend tool and targets r=rrelyeaJan-Marek Glogowski2020-05-0521-4423/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D70988
* Bug 1629553 Drop duplicate header DIR variables r=rrelyeaJan-Marek Glogowski2020-05-052-11/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D70987
* Bug 1629553 Drop coreconf java support r=rrelyeaJan-Marek Glogowski2020-05-0515-1613/+7
| | | | | | | | | There aren't an Java sources in NSS, so just drop all the stuff referencing java, jars, jni, etc. I didn't try to remove it from tests. Differential Revision: https://phabricator.services.mozilla.com/D70986
* Bug 1629553 Merge simple config.mk files r=rrelyeaJan-Marek Glogowski2020-05-05135-776/+185
| | | | | | | | | | | There is really no good reason to explicitly change the TARGET variable. And the empty SHARED_LIBRARY variable should also be in the manifest.mn to begin with. All the other empty variables start empty or undefined, so there is also no need to explicitly set them empty. Differential Revision: https://phabricator.services.mozilla.com/D70691
* Bug 1629553 Rework the LIBRARY_NAME ruleset r=rrelyeaJan-Marek Glogowski2020-05-0534-154/+62
| | | | | | | | | | | | | | * Drop the WIN% "32" default DLL suffix * Add default resource file handling => drop default RES * Generate IMPORT_LIBRARY based on IMPORT_LIB_SUFFIX and SHARED_LIBRARY, so we can drop all the explicit empty IMPORT_LIBRARY lines Originally this patch also tried to add a default MAPFILE rule, but this fails, because the ARCH makefiles set linker flags based on an existing MAPFILE variable. Differential Revision: https://phabricator.services.mozilla.com/D70369
* Bug 1629553 Use an eval template for C++ compile rules r=rrelyeaJan-Marek Glogowski2020-05-051-28/+13
| | | | | | | These pattern rules already had a comment to keep both in sync, so just use an eval template to enforce this. Differential Revision: https://phabricator.services.mozilla.com/D70985
* Bug 1629553 Use an eval template for freebl libs r=rrelyeaJan-Marek Glogowski2020-05-051-103/+23
| | | | Differential Revision: https://phabricator.services.mozilla.com/D69022
* Bug 1629553 Use an eval template for export targets r=rrelyeaJan-Marek Glogowski2020-05-051-48/+24
| | | | Differential Revision: https://phabricator.services.mozilla.com/D70984
* Bug 1629553 Prefix pk11wrap (SHLIB|LIBRARY)_VERSION with NSS_ r=rrelyeaJan-Marek Glogowski2020-05-053-4/+4
| | | | | | | | | | | | | | In the manifest.mn the LIBRARY_VERSION is normally used to define the major version of the build shared library. This ust works for the pk11wrap case, because pk11wrap is a static library. But it's still very confusing when reading the manifest.mn. Also the referenced define in the code is just named SHLIB_VERSION. So this prefixes the defines and the variables with NSS_, because it tries to load the NSS library, just as the SOFTOKEN_.*_VERSION is used to load the versioned softokn library. Differential Revision: https://phabricator.services.mozilla.com/D70689
* Bug 290526 Drop double-colon usage and add directory depends r=rrelyeaJan-Marek Glogowski2020-05-059-106/+132
| | | | | | | | | | | | | | | | | | | | | | | Double-colon rule behaviour isn't really compatible with parallel build. This gets rid of all of them, so we can codify the directory dependencies. This leaves just three problems, which aren't really fixable with the current build system without completely replacing it: * everything depends on nsinstall * everything depends on installed headers * ckfw child directories depend on the build parent libs This is handled by the prepare_build target. Overall this allows most if the build to run in parallel. P.S. the release_md:: has to stay :-( P.P.S. no clue, why freebl must use libs: instead of using the TARGETS and .PHONY variables Differential Revision: https://phabricator.services.mozilla.com/D69023
* Bug 290526 Fix gtests build for WIN% targets r=rrelyeaJan-Marek Glogowski2020-05-056-3/+11
| | | | | | | | | | | | | | | The google_test gtest build doesn't provide any exports for the shared library on Windows and the gyp build also builds just a static library. So build gtest and gtestutil libraries as static. For whatever reason, the Windows linker doesn't find the main function inside the gtestutil library, if we don't tell it to build a console executable. But linking works fine, if the object file is used directly. But since we can have different main() objects based on build flags, we enforce building console applications binaries. Differential Revision: https://phabricator.services.mozilla.com/D70665
* Bug 290526 Drop recursive private_exports r=rrelyeaJan-Marek Glogowski2020-05-0567-165/+5
| | | | | | | Copying private headers is now simply included in the exports target, as these headers use an extra directory anyway. Differential Revision: https://phabricator.services.mozilla.com/D69021
* Bug 290526 Parallelize part of the NSS build r=rrelyeaJan-Marek Glogowski2020-05-059-85/+100
| | | | | | | | | | | | | | | | | | | | This still serializes many targets, but at least these targets themself run their build in parallel. The main serialization happens in nss/Makefile and nss/coreconf/rules.mk's all target. We can't add these as real dependencies, as all Makefile snippets use the same variable names. I tried to always run sub-makes to hack in the depndencies, but these don't know of each other, so targets very often run twice, and this breaks the build. Having a tests:: target and a tests directory leads to misery (and doesn't work), so it's renamed to check. This just works with NSS_DISABLE_GTESTS=1 specified and is fixed by a follow up patch, which removes the double-colon usage and adds the directory dependencies! Differential Revision: https://phabricator.services.mozilla.com/D69019
* Bug 290526 Don't delete directories r=rrelyeaJan-Marek Glogowski2020-05-055-12/+11
| | | | | | | If these files exist and aren't directories, there might be other problems. Trying to "fix" them by removing will break the build. Differential Revision: https://phabricator.services.mozilla.com/D69018
View Lorry Controller Status