Closed
Bug 1606927
Opened 4 years ago
Closed 4 years ago
Upgrade Firefox 74 to use NSS 3.50
Categories
(Core :: Security: PSM, task, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla74
| Tracking | Status | |
|---|---|---|
| firefox74 | --- | fixed |
People
(Reporter: jcj, Assigned: jcj)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned][nss])
Attachments
(9 files, 2 obsolete files)
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review |
Tracking NSS 3.50 for Firefox 74. Ultimate tag will be NSS_3_50_RTM.
|
Assignee | |
Comment 1•4 years ago
|
||
2020-01-07 J.C. Jones <jjones@mozilla.com>
* tests/fips/cavs_samples/KBKDF/fax/KBKDFCounter.fax.orig,
tests/fips/cavs_samples/KBKDF/req/KBKDFCounter.req.orig:
Bug 1599603 - Remove .orig files accidentally committed in
4349f611f7b96de63934837d6940095ac1a5db33 r=bustage
[4921046404f1] [tip]
2020-01-07 Giulio Benetti <giulio.benetti@benettiengineering.com>
* cmd/signtool/manifest.mn, lib/ssl/manifest.mn:
Bug 1603438 - Fix native tools build failure due to lack of zlib
include dir if external r=jcj
Add ZLIB_INCLUDE_DIR variable
On Linux platform[1], the build system forces to use zlib from the
system instead of compiling the one located intree.
The following error is raised when the zlib header is installed
somewhere else than in the default system include path:
ssl3con.c:39:18: fatal error: zlib.h: No such file or directory
#include "zlib.h"
The same trick setup for sqlite include directory is reproduced for
zlib. The build system disallows in any manner to give arguments to
the compiler explicity.
The variable ZLIB_INCLUDE_DIR point to the directory where the zlib
header is located.
[1]: https://hg.mozilla.org/projects/nss/file/NSS_3_33_BRANCH/coreco
nf/Linux.mk#l180 [2]: https://hg.mozilla.org/projects/nss/file/NSS_3
_33_BRANCH/lib/softoken/manifest.mn#l17
[477d370d1bab]
2020-01-06 Kevin Jacobs <kjacobs@mozilla.com>
* cpputil/databuffer.h, cpputil/scoped_ptrs_ssl.h,
cpputil/tls_parser.h, gtests/ssl_gtest/manifest.mn,
gtests/ssl_gtest/ssl_aead_unittest.cc,
gtests/ssl_gtest/ssl_ciphersuite_unittest.cc,
gtests/ssl_gtest/ssl_drop_unittest.cc,
gtests/ssl_gtest/ssl_gtest.gyp,
gtests/ssl_gtest/ssl_masking_unittest.cc,
gtests/ssl_gtest/ssl_primitive_unittest.cc,
gtests/ssl_gtest/ssl_record_unittest.cc,
gtests/ssl_gtest/ssl_recordsize_unittest.cc,
gtests/ssl_gtest/ssl_tls13compat_unittest.cc,
gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_filter.cc,
gtests/ssl_gtest/tls_filter.h, gtests/ssl_gtest/tls_protect.cc,
gtests/ssl_gtest/tls_protect.h, lib/ssl/dtls13con.c,
lib/ssl/dtls13con.h, lib/ssl/dtlscon.c, lib/ssl/dtlscon.h,
lib/ssl/ssl3con.c, lib/ssl/ssl3gthr.c, lib/ssl/ssl3prot.h,
lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslprimitive.c,
lib/ssl/sslsock.c, lib/ssl/sslspec.c, lib/ssl/sslspec.h,
lib/ssl/tls13con.c, lib/ssl/tls13con.h:
Bug 1599514 - Update DTLS 1.3 support to draft-30 r=mt
This patch updates the DTLS 1.3 implementation to draft version 30,
including unified header format and sequence number encryption.
Also added are new `SSL_CreateMask` experimental functions.
[8b7f0180c5b0]
2020-01-06 Robert Relyea <rrelyea@redhat.com>
* cmd/fipstest/fipstest.c, gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_gtest.gyp, gtests/pk11_gtest/pk11_kbkdf.cc,
lib/softoken/kbkdf.c, lib/softoken/manifest.mn,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11i.h, lib/softoken/pkcs11u.c,
lib/softoken/sftkhmac.c, lib/softoken/softoken.gyp,
lib/util/pkcs11n.h, lib/util/pkcs11t.h,
tests/fips/cavs_samples/KBKDF/fax/KBKDFCounter.fax,
tests/fips/cavs_samples/KBKDF/fax/KBKDFCounter.fax.orig,
tests/fips/cavs_samples/KBKDF/fax/README,
tests/fips/cavs_samples/KBKDF/req/KBKDFCounter.req,
tests/fips/cavs_samples/KBKDF/req/KBKDFCounter.req.orig,
tests/fips/cavs_samples/KBKDF/req/README,
tests/fips/cavs_scripts/README, tests/fips/cavs_scripts/kbkdf.sh,
tests/fips/cavs_scripts/runtest.sh:
This implements NIST SP800-108 Counter, Feedback, and Double
Pipeline mode KDFs suitable for use in SCP03 and other protocols.
These KDFs were introduced in PKCS#11 v3.0.
Resolves: BZ#1599603
[4349f611f7b9]
2020-01-03 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/previous-nss-release, lib/nss/nss.h,
lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.50 Beta
[569ca5b163e7]
|
|
Assignee | |
Updated•4 years ago
|
Keywords: leave-open
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/40a825b2197c Bug 1602020 - land NSS 4921046404f1 UPGRADE_NSS_RELEASE, r=kjacobs
|
||
Comment 3•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 4•4 years ago
|
||
2020-01-11 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c, lib/softoken/pkcs11.c:
Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed
up repeated SDR operations. r=jcj
[a06bd0f6bbe8] [tip]
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4be422a6d5e7 land NSS a06bd0f6bbe8 UPGRADE_NSS_RELEASE, r=kjacobs
|
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 7•4 years ago
|
||
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hkdf-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hkdf_unittest.cc:
Bug 1585429 - Add HKDF test vectors r=jcj
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC
test vectors, as well as upper-bound length checks for the output
key material.
[239797efc34b] [tip]
2020-01-14 J.C. Jones <jjones@mozilla.com>
* coreconf/config.gypi:
Bug 1608327 - Fixup for dc57fe5d65d4, add a default for
softfp_cflags r=bustage
[05b923624b73]
2020-01-14 Sylvestre Ledru <sledru@mozilla.com>
* automation/buildbot-slave/bbenv-example.sh, automation/buildbot-
slave/build.sh, automation/buildbot-slave/reboot.bat, automation
/buildbot-slave/startbuild.bat:
Bug 1607099 - Remove the buildbot configuration r=jcj
[7a87cef808f3]
2020-01-14 Greg V <greg@unrelenting.technology>
* lib/freebl/blinit.c:
Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one
platform but not the other.
[fbde548e8114]
2020-01-14 Mike Hommey <mh@glandium.org>
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c,
lib/freebl/rijndael.c:
Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj
Despite the code having runtime detection of NEON and crypto
extensions, the optimized code using those instructions is disabled
at build time on platforms where the compiler doesn't enable NEON by
default of with the flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every
case, letting the caller code choose whether to use that code based
on the existing runtime checks.
But this can't be simply done either, because those optimized parts
of the code need to be built with NEON enabled, unconditionally, but
that is not compatible with platforms using the softfloat ABI. For
those, we need to use the softfp ABI, which is compatible. However,
the softfp ABI is not compatible with the hardfp ABI, so we also
can't unconditionally use the softfp ABI, so we do so only when the
compiler targets the softfloat ABI, which confusingly enough is
advertized via the `__SOFTFP__` define.
[dc57fe5d65d4]
2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/saw/chacha20.saw, automation/taskcluster/docker-
builds/Dockerfile, automation/taskcluster/docker-
hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc,
automation/taskcluster/docker-hacl/Dockerfile,
automation/taskcluster/docker-hacl/bin/checkout.sh,
automation/taskcluster/docker-hacl/license.txt,
automation/taskcluster/docker-hacl/setup-user.sh,
automation/taskcluster/docker-hacl/setup.sh,
automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/run_hacl.sh,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c,
lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c,
lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, nss-tool/hw-support.c:
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
This patch contains the changes in NSS, necessary to pick up HACL*v2
in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled
pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
[a8df94132dd3]
2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h,
lib/freebl/verified/Hacl_Chacha20.c,
lib/freebl/verified/Hacl_Chacha20.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.h,
lib/freebl/verified/Hacl_Chacha20_Vec128.c,
lib/freebl/verified/Hacl_Chacha20_Vec128.h,
lib/freebl/verified/Hacl_Curve25519.c,
lib/freebl/verified/Hacl_Curve25519.h,
lib/freebl/verified/Hacl_Curve25519_51.c,
lib/freebl/verified/Hacl_Curve25519_51.h,
lib/freebl/verified/Hacl_Kremlib.h,
lib/freebl/verified/Hacl_Poly1305_128.c,
lib/freebl/verified/Hacl_Poly1305_128.h,
lib/freebl/verified/Hacl_Poly1305_32.c,
lib/freebl/verified/Hacl_Poly1305_32.h,
lib/freebl/verified/Hacl_Poly1305_64.c,
lib/freebl/verified/Hacl_Poly1305_64.h,
lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h,
lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h,
lib/freebl/verified/kremlin/include/kremlin/internal/compat.h,
lib/freebl/verified/kremlin/include/kremlin/internal/target.h,
lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h,
lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
_uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f
star_uint128_msvc.h, lib/freebl/verified/libintvector.h,
lib/freebl/verified/specs/Spec.CTR.fst,
lib/freebl/verified/specs/Spec.Chacha20.fst,
lib/freebl/verified/specs/Spec.Curve25519.fst,
lib/freebl/verified/specs/Spec.Poly1305.fst,
lib/freebl/verified/vec128.h:
Bug 1574643 - haclv2 code r=kjacobs
This updates the in-tree version of our existing HACL* code to v2,
replacing what we have already. Once this landed NSS can pick up
more (faster) code from HACL*.
[5bf2547d671f]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/windows/build_gyp.sh:
Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded
to python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0
| Setuptools 45.0.0 ]] drops support for Python2, which our Windows
workers are running.
This patch installs the prior version during build, in order to
unblock CI until the workers can be upgraded.
[64c5410f98e0]
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3006febc4c38 land NSS 239797efc34b UPGRADE_NSS_RELEASE, r=kjacobs
|
||
Comment 9•4 years ago
|
||
| bugherder | ||
|
||
Comment 10•4 years ago
|
||
Backed out from central: https://hg.mozilla.org/mozilla-central/rev/46e1717494fbf0f1913e22052c3304fe9f7c19b8
|
||
Updated•4 years ago
|
Attachment #9120861 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 11•4 years ago
|
||
2020-01-15 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/chacha20poly1305.c:
Bug 1574643 - Check for AVX support before using vectorized ChaCha20
decrypt r=jcj
The addition of an AVX support check in `ChaCha20Poly1305_Seal`
seems to have stopped the Encrypt crashes on old Intel CPUs, however
we're seeing new reports from
`Hacl_Chacha20Poly1305_128_aead_decrypt` (which is called from
`ChaCha20Poly1305_Open`). This needs an AVX check as well...
[5f9f410d0b60] [tip]
2020-01-14 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc:
Bug 1573911 - Add RSA Encryption test r=jcj
Add a test for various sizes of RSA encryption input.
[4abc6ff828ab]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/hkdf-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hkdf_unittest.cc:
Bug 1585429 - Add HKDF test vectors r=jcj
Adds test vectors for SHA1/256/384/512 HKDF. This includes the RFC
test vectors, as well as upper-bound length checks for the output
key material.
[239797efc34b]
2020-01-14 J.C. Jones <jjones@mozilla.com>
* coreconf/config.gypi:
Bug 1608327 - Fixup for dc57fe5d65d4, add a default for
softfp_cflags r=bustage
[05b923624b73]
2020-01-14 Sylvestre Ledru <sledru@mozilla.com>
* automation/buildbot-slave/bbenv-example.sh, automation/buildbot-
slave/build.sh, automation/buildbot-slave/reboot.bat, automation
/buildbot-slave/startbuild.bat:
Bug 1607099 - Remove the buildbot configuration r=jcj
[7a87cef808f3]
2020-01-14 Greg V <greg@unrelenting.technology>
* lib/freebl/blinit.c:
Bug 1575843 - Detect AArch64 CPU features on FreeBSD r=jcj
Environment checks are reogranized to be separate from platform code
to make it impossible to forget to check disable_FEATURE on one
platform but not the other.
[fbde548e8114]
2020-01-14 Mike Hommey <mh@glandium.org>
* lib/freebl/Makefile, lib/freebl/aes-armv8.c, lib/freebl/freebl.gyp,
lib/freebl/gcm-arm32-neon.c, lib/freebl/gcm.c,
lib/freebl/rijndael.c:
Bug 1608327 - Fix freebl arm NEON code use on tier3 platforms. r=jcj
Despite the code having runtime detection of NEON and crypto
extensions, the optimized code using those instructions is disabled
at build time on platforms where the compiler doesn't enable NEON by
default of with the flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every
case, letting the caller code choose whether to use that code based
on the existing runtime checks.
But this can't be simply done either, because those optimized parts
of the code need to be built with NEON enabled, unconditionally, but
that is not compatible with platforms using the softfloat ABI. For
those, we need to use the softfp ABI, which is compatible. However,
the softfp ABI is not compatible with the hardfp ABI, so we also
can't unconditionally use the softfp ABI, so we do so only when the
compiler targets the softfloat ABI, which confusingly enough is
advertized via the `__SOFTFP__` define.
[dc57fe5d65d4]
2020-01-14 Franziskus Kiefer <franziskuskiefer@gmail.com>
* automation/saw/chacha20.saw, automation/taskcluster/docker-
builds/Dockerfile, automation/taskcluster/docker-
hacl/B6C8F98282B944E3B0D5C2530FC3042E345AD05D.asc,
automation/taskcluster/docker-hacl/Dockerfile,
automation/taskcluster/docker-hacl/bin/checkout.sh,
automation/taskcluster/docker-hacl/license.txt,
automation/taskcluster/docker-hacl/setup-user.sh,
automation/taskcluster/docker-hacl/setup.sh,
automation/taskcluster/graph/src/extend.js,
automation/taskcluster/scripts/run_hacl.sh,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
lib/freebl/Makefile, lib/freebl/blapii.h, lib/freebl/blinit.c,
lib/freebl/chacha20poly1305.c, lib/freebl/det_rng.c,
lib/freebl/ecl/curve25519_64.c, lib/freebl/freebl.gyp,
lib/freebl/freebl_base.gypi, nss-tool/hw-support.c:
Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobs
This patch contains the changes in NSS, necessary to pick up HACL*v2
in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled
pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
[a8df94132dd3]
2019-12-21 Franziskus Kiefer <franziskuskiefer@gmail.com>
* lib/freebl/verified/FStar.c, lib/freebl/verified/FStar.h,
lib/freebl/verified/Hacl_Chacha20.c,
lib/freebl/verified/Hacl_Chacha20.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_128.h,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.c,
lib/freebl/verified/Hacl_Chacha20Poly1305_32.h,
lib/freebl/verified/Hacl_Chacha20_Vec128.c,
lib/freebl/verified/Hacl_Chacha20_Vec128.h,
lib/freebl/verified/Hacl_Curve25519.c,
lib/freebl/verified/Hacl_Curve25519.h,
lib/freebl/verified/Hacl_Curve25519_51.c,
lib/freebl/verified/Hacl_Curve25519_51.h,
lib/freebl/verified/Hacl_Kremlib.h,
lib/freebl/verified/Hacl_Poly1305_128.c,
lib/freebl/verified/Hacl_Poly1305_128.h,
lib/freebl/verified/Hacl_Poly1305_32.c,
lib/freebl/verified/Hacl_Poly1305_32.h,
lib/freebl/verified/Hacl_Poly1305_64.c,
lib/freebl/verified/Hacl_Poly1305_64.h,
lib/freebl/verified/kremlib.h, lib/freebl/verified/kremlib_base.h,
lib/freebl/verified/kremlin/include/kremlin/internal/callconv.h,
lib/freebl/verified/kremlin/include/kremlin/internal/compat.h,
lib/freebl/verified/kremlin/include/kremlin/internal/target.h,
lib/freebl/verified/kremlin/include/kremlin/internal/types.h,
lib/freebl/verified/kremlin/include/kremlin/lowstar_endianness.h,
lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128.h, li
b/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt128_Verifie
d.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/FStar_UInt_8_1
6_32_64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/LowStar_
Endianness.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar
_uint128_gcc64.h, lib/freebl/verified/kremlin/kremlib/dist/minimal/f
star_uint128_msvc.h, lib/freebl/verified/libintvector.h,
lib/freebl/verified/specs/Spec.CTR.fst,
lib/freebl/verified/specs/Spec.Chacha20.fst,
lib/freebl/verified/specs/Spec.Curve25519.fst,
lib/freebl/verified/specs/Spec.Poly1305.fst,
lib/freebl/verified/vec128.h:
Bug 1574643 - haclv2 code r=kjacobs
This updates the in-tree version of our existing HACL* code to v2,
replacing what we have already. Once this landed NSS can pick up
more (faster) code from HACL*.
[5bf2547d671f]
2020-01-13 Kevin Jacobs <kjacobs@mozilla.com>
* automation/taskcluster/windows/build_gyp.sh:
Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded
to python3 r=jcj
[[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0
| Setuptools 45.0.0 ]] drops support for Python2, which our Windows
workers are running.
This patch installs the prior version during build, in order to
unblock CI until the workers can be upgraded.
[64c5410f98e0]
|
||
Comment 12•4 years ago
|
||
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ef97ef459394 land NSS 5f9f410d0b60 UPGRADE_NSS_RELEASE, r=kjacobs
|
||
Comment 13•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 14•4 years ago
|
||
2020-01-16 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/common/testvectors/cbc-vectors.h, gtests/common/testvectors
/chachapoly-vectors.h, gtests/common/testvectors/cmac-vectors.h,
gtests/common/testvectors/curve25519-vectors.h,
gtests/common/testvectors/gcm-vectors.h, gtests/common/testvectors
/p256ecdh-vectors.h, gtests/common/testvectors_base/chachapoly-
vectors_base.h,
gtests/common/testvectors_base/curve25519-vectors_base.h,
gtests/common/testvectors_base/gcm-vectors_base.h,
gtests/common/testvectors_base/test-structs.h,
gtests/common/wycheproof/genTestVectors.py,
gtests/common/wycheproof/source_vectors/aes_cbc_pkcs5_test.json,
gtests/common/wycheproof/source_vectors/aes_cmac_test.json,
gtests/common/wycheproof/source_vectors/aes_gcm_test.json,
gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json,
gtests/common/wycheproof/source_vectors/ecdh_secp256r1_test.json,
gtests/common/wycheproof/source_vectors/x25519_test.json,
gtests/freebl_gtest/ghash_unittest.cc,
gtests/pk11_gtest/manifest.mn,
gtests/pk11_gtest/pk11_aes_cmac_unittest.cc,
gtests/pk11_gtest/pk11_aes_gcm_unittest.cc,
gtests/pk11_gtest/pk11_cbc_unittest.cc,
gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc,
gtests/pk11_gtest/pk11_curve25519_unittest.cc,
gtests/pk11_gtest/pk11_ecdh_unittest.cc,
gtests/pk11_gtest/pk11_gtest.gyp, mach:
Bug 1604596 - Update Wycheproof vectors and add support for CBC,
P256-ECDH, and CMAC tests r=franziskus
This patch updates to the latest Wycheproof vectors and adds
Wycheproof support for CBC, CMAC, and P256-ECDH:
ChaCha20: +141 tests Curve25519: +431 tests GCM: +39 tests CBC
(new): +183 tests CMAC (new): +308 tests P256 ECDH (new): +460 tests
[124c43a9f768] [tip]
2020-01-17 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c:
Bug 1606992 - Permit sftk_PBELockInit being called multiple times.
r=kjacobs
[9d1ced9ae01e]
* lib/softoken/lowpbe.c:
Bug 1606992 - follow up to fix clang-format, whitespace only. rs=me
DONTBUILD
[7c9dcf601c83]
2020-01-15 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c:
Bug 1606992 - Follow-up to cleanup PBE cache code. r=kjacobs
[1d782fb6eede]
2020-01-03 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/mpi/mp_comba_amd64_masm.asm, lib/freebl/mpi/mpi-priv.h:
Bug 1605314 - Compare all 8 bytes of an mp_digit when clamping in
Windows assembly/mp_comba. r=mt
Compare all 8 bytes of an `mp_digit` when clamping in Windows x64
assembly (mp_sqr/mp_mul). Also adds an assertion to ensure that the
size of `mp_digit` matches implementation assumptions.
[09673f933c6d]
|
|
||
Comment 15•4 years ago
|
||
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3f28a5d853ec land NSS 124c43a9f768 UPGRADE_NSS_RELEASE, r=kjacobs
|
||
Comment 16•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 17•4 years ago
|
||
2020-01-22 Kai Engert <kaie@kuix.de>
* lib/softoken/lowpbe.c:
Bug 1606992 - Follow-up to also cache most recent PBKDF1 hash (in
addition to PBKDF2 hash). r=kjacobs
[cd55a3a90502] [tip]
2020-01-22 Kevin Jacobs <kjacobs@mozilla.com>
* lib/freebl/aes-x86.c, lib/freebl/rijndael.c, lib/freebl/rijndael.h:
Bug 1608493 - Use AES-NI intrinsics for CBC and ECB decrypt when no
assembly implementation is available. r=mt
AES-NI is currently not used for //CBC// or //ECB decrypt// when an
assembly implementation (`intel-aes.s` or `intel-
aes-x86/64-masm.asm`) is not available. Concretely, this is the case
on MacOS, Linux32, and other non-Linux OSes such as BSD. This patch
adds the plumbing to use AES-NI intrinsics when available.
Before: ``` mode in symmkey opreps cxreps context op time(sec)
thrgput aes_ecb_d 78Mb 256 10T 0 0.000 395.000 0.395 197Mb aes_cbc_e
78Mb 256 10T 0 0.000 392.000 0.393 198Mb aes_cbc_d 78Mb 256 10T 0
0.000 425.000 0.425 183Mb
```
After: ``` mode in symmkey opreps cxreps context op time(sec)
thrgput aes_ecb_d 78Mb 256 10T 0 0.000 39.000 0.039 1Gb aes_cbc_e
78Mb 256 10T 0 0.000 94.000 0.094 831Mb aes_cbc_d 78Mb 256 10T 0
0.000 74.000 0.075 1Gb
```
[9804c76e76f3]
|
|
||
Comment 18•4 years ago
|
||
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ec6b96eefc18 land NSS cd55a3a90502 UPGRADE_NSS_RELEASE, r=kjacobs
|
||
Comment 19•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 20•4 years ago
|
||
2020-01-27 J.C. Jones <jjones@mozilla.com>
* lib/freebl/blinit.c:
Bug 1602386 - clang-format r=bustage
[4bf79c4d2954] [tip]
2020-01-27 Piotr Kubaj <pkubaj@FreeBSD.org>
* lib/freebl/Makefile, lib/freebl/blinit.c:
Bug 1602386 - Fix build on FreeBSD/powerpc platforms. r=jcj
FreeBSD has elf_aux_info instead of getauxval, but only since
FreeBSD 12. Previous versions (11 is still supported) don't have any
equivalent and users need to query sysctl manually.
[f2ac5e318886]
2020-01-27 Jan Beich <jbeich@FreeBSD.org>
* lib/freebl/blinit.c:
Bug 1609181 - Detect ARM CPU features on FreeBSD. r=jcj
Implement `getauxval` via `elf_aux_info` to avoid code duplication.
`AT_HWCAP*` can be used on powerpc* and riscv64 as well.
[edb60bae9219]
2020-01-22 Martin Thomson <mt@lowentropy.net>
* lib/zlib/README, lib/zlib/README.nss, lib/zlib/adler32.c,
lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h,
lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzguts.h,
lib/zlib/gzlib.c, lib/zlib/gzread.c, lib/zlib/gzwrite.c,
lib/zlib/infback.c, lib/zlib/inffast.c, lib/zlib/inffixed.h,
lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c,
lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c,
lib/zlib/zconf.h, lib/zlib/zlib.h, lib/zlib/zutil.c,
lib/zlib/zutil.h:
Bug 1547639 - Update zlib to 1.2.11, r=jcj
[91f3f0749d0b]
* lib/zlib/README.nss, lib/zlib/config.mk, lib/zlib/example.c,
lib/zlib/manifest.mn, lib/zlib/minigzip.c, lib/zlib/vendor.sh,
lib/zlib/zlib.gyp:
Bug 1547639 - Automatic vendoring of zlib, r=jcj
[fc128963a9aa]
|
|
||
Comment 21•4 years ago
|
||
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b8ba7d63b685 land NSS 4bf79c4d2954 UPGRADE_NSS_RELEASE, r=kjacobs
|
||
Comment 22•4 years ago
|
||
| bugherder | ||
|
||
Comment 23•4 years ago
|
||
2020-02-03 Kai Engert <kaie@kuix.de>
* automation/release/nspr-version.txt:
Bug 1612623 - NSS 3.50 should depend on NSPR 4.25. r=kjacobs
[de6ba04bb1f4] [NSS_3_50_BETA1]
2020-01-27 Giulio Benetti <giulio.benetti@benettiengineering.com>
* coreconf/config.gypi, coreconf/config.mk, lib/freebl/Makefile,
lib/freebl/freebl.gyp, lib/freebl/gcm.h:
Bug 1608151 - Introduce NSS_DISABLE_ALTIVEC and disable_altivec
r=jcj
At the moment NSS assumes that every PowerPC64 architecture supports
Altivec but it's not true and this leads to build failure. So add
NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for
gyp) to disable Altivec extension on PowerPC build that don't
support Altivec.
[f2d947817850]
|
|
||
Comment 24•4 years ago
|
||
Pushed by ccoroiu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/dfa143ba202e land NSS de6ba04bb1f4 UPGRADE_NSS_RELEASE, r=jcj
|
|
||
Comment 25•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 26•4 years ago
|
||
2020-02-05 J.C. Jones <jjones@mozilla.com>
* lib/softoken/exports.gyp, lib/softoken/manifest.mn,
lib/softoken/pkcs11.c, lib/softoken/sftkdb.c,
lib/softoken/softoken.gyp:
Bug 1609673 - Conditionally compile out all libnssdbm glue if
NSS_DISABLE_DBM is set r=mt
Remove `lgglue` from compilation entirely if DBM is disabled
[b91bbf7a88c9] [NSS_3_50_BETA2] <NSS_3_50_BRANCH>
2020-02-04 Kevin Jacobs <kjacobs@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA1 for changeset de6ba04bb1f4
[1201d0d89b72] <NSS_3_50_BRANCH>
|
|
||
Comment 27•4 years ago
|
||
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/eb5fda247c7d land NSS NSS_3_50_BETA2 UPGRADE_NSS_RELEASE, r=kjacobs
|
|
||
Comment 28•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 29•4 years ago
|
||
2020-02-07 J.C. Jones <jjones@mozilla.com>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.50 final
[5bb3927fa234] [NSS_3_50_RTM] <NSS_3_50_BRANCH>
2020-02-05 J.C. Jones <jjones@mozilla.com>
* .hgtags:
Added tag NSS_3_50_BETA2 for changeset b91bbf7a88c9
[a8656c823c1f] <NSS_3_50_BRANCH>
|
|
||
Comment 30•4 years ago
|
||
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/330be8de6e43 land NSS NSS_3_50_RTM UPGRADE_NSS_RELEASE,
|
|
Assignee | |
Updated•4 years ago
|
Keywords: leave-open
|
||
Comment 31•4 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox74:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
|
|
||
Comment 32•4 years ago
|
||
2020-02-18 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_extension_unittest.cc,
gtests/ssl_gtest/ssl_version_unittest.cc, lib/ssl/dtlscon.c,
lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c:
Bug 1615208 - Send DTLS version numbers in DTLS 1.3
supported_versions extension r=mt
This patch modifies `supported_versions` encodings to reflect DTLS
versions when DTLS1.3 is use. Previously, a DTLS1.3 CH would include
`[0x7f1e, 0x303, 0x302]` instead of the expected `[0x7f1e, 0xfefd,
0xfeff]`, causing compatibility issues.
[9e0d34a6cf91] [tip]
2020-02-12 Mikael Urankar <mikael.urankar@gmail.com>
* lib/freebl/Makefile, lib/freebl/freebl.gyp:
Bug 1612177 - Set -march=armv7 when compiling gcm-arm32-neon, in
order to enable NEON code generation.
[4413841bd26d]
2020-02-14 Dmitry Baryshkov <dbaryshkov@gmail.com>
* gtests/freebl_gtest/blake2b_unittest.cc, lib/freebl/blake2b.c:
Bug 1431940 - remove dereference before NULL check in BLAKE2B code.
r=kjacobs
[5e661906698f]
2020-02-12 Kevin Jacobs <kjacobs@mozilla.com>
* gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/sslnonce.c:
Bug 1614870 - Free sid->peerID before reallocating in
ssl_DecodeResumptionToken. r=mt
This patch adds a missing `PORT_Free()` when reallocating
`sid->PeerID`, and adds a test for a non-empty PeerID.
[1eb4e00b016e]
|
|
||
Comment 33•4 years ago
|
||
Pushed by nbeleuzu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b356f4fe601f land NSS 9e0d34a6cf91 UPGRADE_NSS_RELEASE, r=jcj
|
|
||
Comment 34•4 years ago
|
||
| bugherder | ||
|
|
||
Comment 35•4 years ago
|
||
Comment on attachment 9127342 [details]
Bug 1606927 - land NSS 9e0d34a6cf91 UPGRADE_NSS_RELEASE, r=jcj
Revision D63220 was moved to bug 1614053. Setting attachment 9127342 [details] to obsolete.
Attachment #9127342 -
Attachment is obsolete: true
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
||
Updated•5 months ago
|
Blocks: nss-uplift
You need to log in
before you can comment on or make changes to this bug.
Description
•