| Commit message (Collapse) | Author | Age | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation is based on the work by Bernstein and Yang
(https://eprint.iacr.org/2019/266)
"Fast constant-time gcd computation and modular inversion".
It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes
mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to
reduce side-channel leaks.
Co-authored by : Billy Bob Brumley
|
| |
|
| |
|
| |
|
|
|
|
| |
This rewrites the caching mechanism to apply to both PBKDF1 and PBKDF2
|
|
|
|
|
|
|
| |
Our NSS version is closer to the currently-released .1, so bump version
to that.
Note: we still have some additional patches to the in-tree version in
place so this isn't a 100% match to the RTM one.
|
|
|
|
|
|
| |
to speed up repeated SDR operations.
Landed on NSS-3.48 for Bug 1606992
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
module is loaded afterwards,
Summary: When the builtin trust module is loaded after some temp certs
being created, these temp certs are usually not accompanied by trust
information. This causes a problem in UXP as it loads the module from a
separate thread while accessing the network cache which populates temp
certs.
This change makes it properly roll up the trust information, if a temp
cert doesn't have trust information.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that, NSC_CloseSession
can just call `sftk_DestroySession` directly and leave
`sftk_FreeSession` as a no-op to be removed in the future.
|
|\
| |
| | |
Support Modern Solaris
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Solaris.
https://bugzilla.mozilla.org/show_bug.cgi?id=1513913
Mozilla's solution to this is arguably overkill, since the namespace issue on Solaris only required them to change (or temporarily undefine) __log2. Instead they changed ALL the functions to be something along the lines of dbm_log2. They haven't changed the external interface at all, though.
If you're unhappy with this patch, I think I could also use XP_SOLARIS ifdefs to undefine __log2 prior to where it's declared in the dbm headers. The good thing about Mozilla's solution is that it guarantees this namespace issue never occurs again on any platform, though.
|
| | |
|
| |
| |
| |
| |
| | |
This rollup patch adds additional length checks around cryptographic
primitives.
|
|/
|
|
|
|
| |
HKDF-Expand enforces a maximum output length much shorter than stated in
the RFC. This patch aligns the implementation with the RFC by allocating
more output space when necessary.
|
| |
|
|
|
|
| |
This is a spec compliance issue.
|
| |
|
| |
|
|
|
|
|
| |
within industry standard security, considering our db hashing is more
CPU intensive than anticipated.
|
|
|
|
| |
This resolves #82
|
|
|
|
| |
This reverts commit fbc2eaacd679f0c484993ffe23d786fd06da22c3.
|
|
|
|
| |
This resolves #82
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
|
|
|
|
| |
Cherry-pick of NSS fix from 3.37
|
| |
|
|
|
|
| |
This reverts commit b2c78bbf83f75bf034028814329fdd43b6bfe885.
|
| |
|
| |
|
|
|
|
| |
#82 #265
|
|
|
|
| |
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
|
|
|
|
|
|
|
|
| |
- Use 30k iterations instead of 1.
- Enforce minimum password length of 8 characters.
- Adjust strength meter accordingly.
This resolves #82.
|
| |
|
| |
|
| |
|
|
|