1. 02 May, 2019 4 commits
  2. 10 Sep, 2018 1 commit
    • Martin Thomson's avatar
      Bug 1487597 - Improve 0-RTT data delivery, r=ekr · e81e0639
      Martin Thomson authored
      This improves the code that delivers 0-RTT.  When the caller provided a read
      buffer to small to hold an entire record, the previous code reported errors.
      Those errors might cause the connection to be dropped by the caller, but the
      socket was still usable.  If the socket was used again, there would be a gap in
      the stream.
      This fixes that bug and adds a bunch of tests around 0-RTT delivery.  More tests
      check the order of operations.
      For instance, in TLS, we strictly maintain ordering between 0-RTT data delivery
      and handshake completion.  That is not the case for DTLS, where this allows
      0-RTT records that arrive before the handshake completes to be read afterwards.
      We do drop keys as soon as we see EndOfEarlyData (this is going away for DTLS,
      so I assume Certificate/Finished will be the trigger eventually).  The tests
      added here confirm that late arrival causes 0-RTT to be dropped.  Another test
      confirms that any early arrival that is only read late will be delivered.
      Reviewers: ekr
      Subscribers: mt, ekr
      Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3
      Bug #: 1487597
      Differential Revision: https://phabricator.services.mozilla.com/D4736
      extra : rebase_source : 540d790d678828a155457e9d0f5a3e34527391c0
      extra : amend_source : 3856c989ac5b323d6683d33304fa8887d6fd7ac0
  3. 01 May, 2019 1 commit
  4. 29 Apr, 2019 1 commit
    • Martin Thomson's avatar
      Bug 1543545 - Option to produce static libraries, r=kevinjacobs · 5e56bd97
      Martin Thomson authored
      The fine folks in application services would like to use NSS, but would greatly
      prefer static linking.  Part of that is driven by iOS constraints on performance
      and a possible rejection from the store for dynamic linking (NSS dynamically
      loads softoken).  This provides a build option that produces a fully statically
      linked set of libraries.
      Reviewers: KevinJacobs
      Tags: #secure-revision
      Bug #: 1543545
      Differential Revision: https://phabricator.services.mozilla.com/D29303
      extra : rebase_source : 8d75b17776ecde38c7350cf70946e0221349e01f
  5. 20 Nov, 2017 1 commit
    • Hanno Boeck's avatar
      Bug 1418944 - Quote CC/CXX variables passed to nspr r=franziskus · d54e6bb4
      Hanno Boeck authored
      The Makefile doesn't put quotes around the assignment of CC variables when
      calling the nspr configure (if building with nss_build_all).
      This breaks e.g. if someone tries to pass flags in the CC (hacky, but sometimes
      makes things easier) or if there are spaces in the path to the compiler. In any
      case, quoting makes things cleaner and shouldn't have any downsides.
      extra : transplant_source : %B6%DFj%0C/%1Ba%D8%B2%1F%3E%1A%87r%94%1C%7B%92%25H
  6. 26 Apr, 2019 2 commits
  7. 11 Mar, 2019 1 commit
    • Martin Thomson's avatar
      Bug 1534468 - Expose ChaCha20 primitive through PKCS#11, r=ekr · e9fdd32d
      Martin Thomson authored
      This adds a "CTR" mode for ChaCha20.  This takes a composite 16 octet "IV",
      which is internally decomposed into a nonce and counter.
      This operates like a CTR mode cipher on arbitrary input, up to the ChaCha20
      limit of 2^32 x 64 octet blocks.  The counter provided is a starting counter and
      it is incremented if more than 64 octets of input is provided.
      Reviewers: ekr
      Tags: #secure-revision
      Bug #: 1534468
      Differential Revision: https://phabricator.services.mozilla.com/D23060
      extra : rebase_source : 64ebd50bab6111d980569d5127882aa2c8444507
  8. 25 Apr, 2019 3 commits
  9. 08 Apr, 2019 1 commit
  10. 16 Apr, 2019 1 commit
  11. 08 Apr, 2019 4 commits
  12. 01 Apr, 2019 1 commit
  13. 29 Mar, 2019 2 commits
  14. 08 Mar, 2019 1 commit
  15. 29 Mar, 2019 1 commit
  16. 24 Mar, 2019 1 commit
  17. 23 Mar, 2019 1 commit
  18. 04 Mar, 2019 1 commit
  19. 21 Mar, 2019 2 commits
  20. 20 Mar, 2019 1 commit
  21. 28 Feb, 2019 1 commit
    • Martin Thomson's avatar
      Bug 1531236 - Accessor for certificate DER, r=jcj · b7b584f9
      Martin Thomson authored
      Forgot to put this up.  This will make the neqo wrapper considerably more
      hygenic.  Having to explode the entire CERTCertificate struct (which is public
      and never should have been) into the FFI is a complete disaster.  Better to
      treat it as opaque and use an accessor function.
      Reviewers: jcj
      Tags: #secure-revision
      Bug #: 1531236
      Differential Revision: https://phabricator.services.mozilla.com/D24129
      extra : rebase_source : cc0c75ba0153307ae7138ae6cf1953e3584f8345
  22. 20 Mar, 2019 7 commits
  23. 16 Mar, 2019 1 commit