1. 13 May, 2019 2 commits
  2. 15 May, 2019 1 commit
  3. 14 May, 2019 1 commit
  4. 13 May, 2019 1 commit
  5. 10 May, 2019 3 commits
  6. 08 May, 2019 3 commits
  7. 07 May, 2019 2 commits
  8. 06 May, 2019 3 commits
  9. 03 May, 2019 3 commits
  10. 02 May, 2019 4 commits
  11. 21 Mar, 2019 1 commit
  12. 10 Sep, 2018 1 commit
    • Martin Thomson's avatar
      Bug 1487597 - Improve 0-RTT data delivery, r=ekr · e81e0639
      Martin Thomson authored
      Summary:
      This improves the code that delivers 0-RTT.  When the caller provided a read
      buffer to small to hold an entire record, the previous code reported errors.
      Those errors might cause the connection to be dropped by the caller, but the
      socket was still usable.  If the socket was used again, there would be a gap in
      the stream.
      
      This fixes that bug and adds a bunch of tests around 0-RTT delivery.  More tests
      check the order of operations.
      
      For instance, in TLS, we strictly maintain ordering between 0-RTT data delivery
      and handshake completion.  That is not the case for DTLS, where this allows
      0-RTT records that arrive before the handshake completes to be read afterwards.
      We do drop keys as soon as we see EndOfEarlyData (this is going away for DTLS,
      so I assume Certificate/Finished will be the trigger eventually).  The tests
      added here confirm that late arrival causes 0-RTT to be dropped.  Another test
      confirms that any early arrival that is only read late will be delivered.
      
      Reviewers: ekr
      
      Subscribers: mt, ekr
      
      Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
      
      Bug #: 1487597
      
      Differential Revision: https://phabricator.services.mozilla.com/D4736
      
      --HG--
      extra : rebase_source : 540d790d678828a155457e9d0f5a3e34527391c0
      extra : amend_source : 3856c989ac5b323d6683d33304fa8887d6fd7ac0
      e81e0639
  13. 01 May, 2019 1 commit
  14. 29 Apr, 2019 1 commit
    • Martin Thomson's avatar
      Bug 1543545 - Option to produce static libraries, r=kevinjacobs · 5e56bd97
      Martin Thomson authored
      Summary:
      The fine folks in application services would like to use NSS, but would greatly
      prefer static linking.  Part of that is driven by iOS constraints on performance
      and a possible rejection from the store for dynamic linking (NSS dynamically
      loads softoken).  This provides a build option that produces a fully statically
      linked set of libraries.
      
      Reviewers: KevinJacobs
      
      Tags: #secure-revision
      
      Bug #: 1543545
      
      Differential Revision: https://phabricator.services.mozilla.com/D29303
      
      --HG--
      extra : rebase_source : 8d75b17776ecde38c7350cf70946e0221349e01f
      5e56bd97
  15. 20 Nov, 2017 1 commit
    • Hanno Boeck's avatar
      Bug 1418944 - Quote CC/CXX variables passed to nspr r=franziskus · d54e6bb4
      Hanno Boeck authored
      The Makefile doesn't put quotes around the assignment of CC variables when
      calling the nspr configure (if building with nss_build_all).
      
      This breaks e.g. if someone tries to pass flags in the CC (hacky, but sometimes
      makes things easier) or if there are spaces in the path to the compiler. In any
      case, quoting makes things cleaner and shouldn't have any downsides.
      
      --HG--
      extra : transplant_source : %B6%DFj%0C/%1Ba%D8%B2%1F%3E%1A%87r%94%1C%7B%92%25H
      d54e6bb4
  16. 26 Apr, 2019 2 commits
  17. 11 Mar, 2019 1 commit
    • Martin Thomson's avatar
      Bug 1534468 - Expose ChaCha20 primitive through PKCS#11, r=ekr · e9fdd32d
      Martin Thomson authored
      Summary:
      This adds a "CTR" mode for ChaCha20.  This takes a composite 16 octet "IV",
      which is internally decomposed into a nonce and counter.
      
      This operates like a CTR mode cipher on arbitrary input, up to the ChaCha20
      limit of 2^32 x 64 octet blocks.  The counter provided is a starting counter and
      it is incremented if more than 64 octets of input is provided.
      
      Reviewers: ekr
      
      Tags: #secure-revision
      
      Bug #: 1534468
      
      Differential Revision: https://phabricator.services.mozilla.com/D23060
      
      --HG--
      extra : rebase_source : 64ebd50bab6111d980569d5127882aa2c8444507
      e9fdd32d
  18. 25 Apr, 2019 3 commits
  19. 08 Apr, 2019 1 commit
  20. 16 Apr, 2019 1 commit
  21. 08 Apr, 2019 4 commits