1. 16 Oct, 2020 2 commits
  2. 12 Oct, 2020 4 commits
  3. 05 Oct, 2020 1 commit
  4. 24 Sep, 2020 1 commit
  5. 23 Sep, 2020 1 commit
    • Dana Keeler's avatar
      Bug 1665715 - (2/2) pass encoded signed certificate timestamp extension (if... · 33c0a6a3
      Dana Keeler authored
      Bug 1665715 - (2/2) pass encoded signed certificate timestamp extension (if present) in CheckRevocation r=jcj
      
      This will allow Firefox to make decisions based on the earliest known time that
      a certificate exists (with respect to certificate transparency) that a CA is
      unlikely to back-date. In particular, this is essential for CRLite. Note that
      if the SCT signature isn't validated, a CA could still make a certificate
      appear to have existed for longer than it really has. However, this change is
      not an attempt to catch malicious CAs. The aim is to avoid false positives in
      CRLite resulting from CAs backdating the notBefore field on certificates they
      issue.
      
      Depends on D90595
      
      Differential Revision: https://phabricator.services.mozilla.com/D90596
      
      --HG--
      extra : moz-landing-system : lando
      33c0a6a3
  6. 18 Sep, 2020 2 commits
  7. 15 Sep, 2020 2 commits
  8. 14 Sep, 2020 2 commits
  9. 11 Sep, 2020 6 commits
  10. 08 Sep, 2020 1 commit
  11. 09 Sep, 2020 1 commit
  12. 08 Sep, 2020 1 commit
  13. 05 Sep, 2020 1 commit
  14. 02 Sep, 2020 1 commit
    • Khem Raj's avatar
      Bug 1661378 - pkix: Do not use NULL where 0 is needed · b2ad4a0d
      Khem Raj authored
      Clang finds this error
      
      pkix_logger.c:316:32: error: cast to smaller integer type 'PKIX_ERRORCLASS' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
              logger->logComponent = (PKIX_ERRORCLASS)NULL;
                                     ^~~~~~~~~~~~~~~~~~~~~
      pkix_logger.c:617:32: error: cast to smaller integer type 'PKIX_ERRORCLASS' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
              logger->logComponent = (PKIX_ERRORCLASS)NULL;
                                     ^~~~~~~~~~~~~~~~~~~~~
      2 errors generated.
      Signed-off-by: default avatarKhem Raj <raj.khem@gmail.com>
      b2ad4a0d
  15. 28 Aug, 2020 1 commit
  16. 24 Aug, 2020 1 commit
  17. 25 Aug, 2020 1 commit
  18. 24 Aug, 2020 2 commits
    • Robert Relyea's avatar
      Bug 1660304 New FIPS IG requires self-tests for approved kdfs. r=ueno comments=kjacobs · 591a5fb6
      Robert Relyea authored
      FIPS guidance now requires self-tests for our kdfs. It also requires self-tests for cmac which we didn't have in the cmac patch.
      
      Currently only one test per kdf is necessary. Specifially for SP-800-108, only
      one of the three flavors are needed (counter, feedback, or pipeline). This
      patch includes more complete testing but it has been turned off the currently
      extraneous tests under the assumption that NIST guidance may require them
      in the future. HKDF is currently not included in FIPS, but is on track to be
      included, so hkdf have been included in this patch.
      
      Because the test vectors are const strings, the patch pushes some const
      definitions that were missing in existing private interfaces.
      
      There are three flavors of self-tests:
      Function implemented in freebl are added to the freebl/fipsfreebl.c
      Functions implemented in pkcs11c.c have selftests completely implemented in
      softoken/fipstest.c
      Functions implemented in their own .c file have their selftest function
      implemented in that .c file and called by fipstests.c
      These are consistant with the previous choices for selftests.
      
      Some private interfaces that took in keys from pkcs #11 structures or outputted keys to pkcs #11 structures were modified to optionally take keys in by bytes
      and output keys as bytes so the self-tests can work in just bytes.
      
      Differential Revision: https://phabricator.services.mozilla.com/D87812
      591a5fb6
    • Kevin Jacobs's avatar
      Bug 1653641 - Cleanup inaccurate DTLS comments, code review fixes. r=mt · ba6a897b
      Kevin Jacobs authored
      Differential Revision: https://phabricator.services.mozilla.com/D84255
      
      --HG--
      extra : moz-landing-system : lando
      ba6a897b
  19. 21 Aug, 2020 1 commit
  20. 19 Aug, 2020 2 commits
  21. 18 Aug, 2020 2 commits
  22. 07 Aug, 2020 4 commits