Commit message (Collapse) | Author | Age | Lines | |
---|---|---|---|---|
* | [NSS hotpatch] Hard disable AVX2 in NSS Build System | Matt A. Tobin | 2021-01-03 | -23/+5 |
| | | | | This should be ported to the NSS repo | |||
* | Issue #1693 - Update NSS to 3.59.1.1 | Moonchild | 2020-12-23 | -17321/+502834 |
| | | | | | This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our consumption of the library. | |||
* | [NSS] Version and build bump | Moonchild | 2020-12-01 | -6/+6 |
| | ||||
* | [NSS] Update root certificates. | Moonchild | 2020-12-01 | -1527/+1082 |
| | ||||
* | Issue #1280 - Follow-up: Get rid of HPKP pinning mode. | adesh | 2020-11-10 | -42/+14 |
| | | | | | | This was a leftover from HPKP removal. Also remove a couple of unused variables from security/manager/ssl/nsSiteSecurityService.cpp. | |||
* | Issue #1656 - Nuke the remaining vim lines in UXP | Moonchild | 2020-10-26 | -3/+0 |
| | | | | Closes #1656 | |||
* | Issue #1656 - Part 9: Single-line-comment style. | Moonchild | 2020-09-24 | -1/+0 |
| | ||||
* | Issue #1656 - Part 8: Devtools and misc. | Moonchild | 2020-09-24 | -4/+0 |
| | ||||
* | Issue #1656 - Part 6: Clean up the build files | Moonchild | 2020-09-23 | -44/+0 |
| | ||||
* | Issue #1656 - Part 4: Manual cleanup | Moonchild | 2020-09-23 | -8/+0 |
| | ||||
* | Issue #1656 - Part 4: Tackle *.idl, *.css, *.ipdlh, *.webidl, *.cc | Moonchild | 2020-09-23 | -82/+0 |
| | ||||
* | Issue #1656 - Part 3: Nuke more vim config lines in the tree. | Moonchild | 2020-09-23 | -1/+0 |
| | | | | Another S&R run with some smarter matching. | |||
* | Issue #1656 - Part 1: Nuke most vim config lines in the tree. | Moonchild | 2020-09-23 | -163/+0 |
| | | | | | | Since these are just interpreted comments, there's 0 impact on actual code. This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are a few others scattered around which will be removed manually in a second part. | |||
* | Issue #1280 - Remove hostname parameter to trust domain. | adeshkp | 2020-09-12 | -19/+12 |
| | | | | | | Host name was purely being used for HPKP and since HPKP is killed, this can also go. Currently it doesn't do anything other than generating build warnings. | |||
* | [NSS] Version and build bump | Moonchild | 2020-08-29 | -6/+7 |
| | ||||
* | [NSS] Prevent slotLock race in NSC_GetTokenInfo | J.C. Jones | 2020-08-29 | -2/+4 |
| | | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. | |||
* | [NSS] Version and build bump | Moonchild | 2020-07-09 | -7/+6 |
| | ||||
* | [NSS] Implement constant-time GCD and modular inversion | Sohaib ul Hassan | 2020-07-09 | -132/+292 |
| | | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley | |||
* | Issue #439 - Remove, fix and clean up automated tests | Moonchild | 2020-06-08 | -1/+0 |
| | | | | | | | With the big amount of code churn around DOM a lot of tests broke severely enough that they caused build bustage. This commit cleans up, removes or otherwise fixes tests that are broken, no longer relevant or obsolete. | |||
* | [NSS] Bump NSS version | Moonchild | 2020-06-03 | -6/+7 |
| | ||||
* | [NSS] Force a fixed length for DSA exponentiation | Moonchild | 2020-06-03 | -10/+35 |
| | ||||
* | Merge pull request #1502 from athenian200/nss348_solaris | Moonchild | 2020-03-31 | -1/+1 |
|\ | | | | | Un-bust building of NSS after update to 3.48 on Solaris. | |||
| * | Issue #1501 - Un-bust building of NSS after update to 3.48 on Solaris. | athenian200 | 2020-03-30 | -1/+1 |
| | | ||||
* | | Issue #1280 - Un-bust certerror pages and ForgetAboutSite | wolfbeast | 2020-03-31 | -18/+5 |
|/ | ||||
* | Issue #1280 - Part 2: Remove HPKP tests. | wolfbeast | 2020-03-28 | -1040/+0 |
| | ||||
* | Issue #1280 - Part 1: Remove HPKP components. | wolfbeast | 2020-03-28 | -2636/+32 |
| | | | | | This also removes leftover plumbing for storing preload information in SiteSecurityService since no service still uses it. | |||
* | Issue #1498 - Part 6: Remove STS preloadlist pref. | wolfbeast | 2020-03-27 | -8/+0 |
| | ||||
* | Issue #1498 - Part 5: Update SSService CID and correct mismatch. | wolfbeast | 2020-03-27 | -4/+4 |
| | ||||
* | Issue #1498 - Part 4: Remove clearPreloads. | wolfbeast | 2020-03-27 | -20/+0 |
| | | | | Also tag #1280 | |||
* | Issue #1498 - Part 3: Remove support for storing "knockout" values. | wolfbeast | 2020-03-27 | -10/+4 |
| | ||||
* | Issue #1498 - Part 1: Stop persisting preload states. | wolfbeast | 2020-03-27 | -6/+1 |
| | | | | | | Since we don't use preloading anymore for either HPKP or HSTS, we no longer need persistent storage in the profile for preload states. Tag #1280 also | |||
* | Issue #1498 - Part 1: Stop using HSTS preload lists. | wolfbeast | 2020-03-27 | -103881/+8 |
| | ||||
* | Take nsSiteSecurityService out of UNIFIED_SOURCES | Matt A. Tobin | 2020-03-25 | -1/+4 |
| | | | | It exceeded the obj file sections limit because of the HSTS preload list so it cannot be built in UNIFIED mode. | |||
* | Issue #447 - Update HSTS preload list | wolfbeast | 2020-03-24 | -9018/+14842 |
| | ||||
* | Issue #1467 - Part 4: Rename NSS_SQLSTORE to MOZ_SECURITY_SQLSTORE. | wolfbeast | 2020-03-19 | -4/+4 |
| | | | | Rename the build config option accordingly. | |||
* | Issue #1467 - Part 3: Use UTF-8 file paths for NSS-SQL database. | wolfbeast | 2020-03-17 | -2/+11 |
| | ||||
* | Issue #1467 - Part 1: Set up conditional NSS-SQL builds. | wolfbeast | 2020-03-16 | -0/+16 |
| | | | | | | | - Adds buildconfig option --enable-nss-sqlstore - Prefixes NSS dbinit with either sql: or dbm: depending on config - Pre-initializes mozStorage when NSS-SQL storage is used to prevent an sqlite3_config race in NSS Init | |||
* | Issue #1053 - Remove android support from nsNSSComponent.cpp | Matt A. Tobin | 2020-02-28 | -61/+17 |
| | ||||
* | Issue #447 - Update HSTS preload list & reduce debug spew | wolfbeast | 2020-02-01 | -8493/+14130 |
| | | | | | Commented out spewing dump() statements in loops. With the ever growing HSTS list it takes too much time and is pointless to display. | |||
* | Issue #1338 - Follow-up: Also cache the most recent PBKDF1 hash | Kai Engert | 2020-01-23 | -50/+140 |
| | | | | This rewrites the caching mechanism to apply to both PBKDF1 and PBKDF2 | |||
* | Issue #1338 - Bump NSS version | wolfbeast | 2020-01-20 | -3/+3 |
| | | | | | | | Our NSS version is closer to the currently-released .1, so bump version to that. Note: we still have some additional patches to the in-tree version in place so this isn't a 100% match to the RTM one. | |||
* | Issue #1338: Follow-up: Cache the most recent PBKDF2 password hash, | Kai Engert | 2020-01-14 | -1/+83 |
| | | | | | | to speed up repeated SDR operations. Landed on NSS-3.48 for Bug 1606992 | |||
* | Issue #1338 - Followup: certdb: propagate trust information if trust | Daiki Ueno | 2020-01-10 | -8/+22 |
| | | | | | | | | | | | | | module is loaded afterwards, Summary: When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in UXP as it loads the module from a separate thread while accessing the network cache which populates temp certs. This change makes it properly roll up the trust information, if a temp cert doesn't have trust information. | |||
* | Issue #1338 - Un-bust building of NSS after update to 3.48 on Linux. | wolfbeast | 2020-01-10 | -1/+2 |
| | ||||
* | Be more consistent about decoding IP addresses in PSM. | wolfbeast | 2020-01-09 | -2/+7 |
| | ||||
* | Issue #1338 - Part 2: Update NSS to 3.48-RTM | wolfbeast | 2020-01-02 | -31445/+1622266 |
| | ||||
* | Issue #1118 - Part 6: Fix various tests that are no longer correct. | wolfbeast | 2019-12-22 | -1/+1 |
| | | | | | The behavior change of document.open() requires these tests to be changed to account for the new spec behavior. | |||
* | Update NSS version. | wolfbeast | 2019-12-06 | -6/+8 |
| | ||||
* | [NSS] Bug 1586176 - EncryptUpdate should use maxout not block size. | Craig Disselkoen | 2019-12-06 | -1/+1 |
| | ||||
* | [NSS] Bug 1508776 - Remove unneeded refcounting from SFTKSession | J.C. Jones | 2019-12-06 | -24/+11 |
| | | | | | | | | SFTKSession objects are only ever actually destroyed at PK11 session closure, as the session is always the final holder -- and asserting refCount == 1 shows that to be true. Because of that, NSC_CloseSession can just call `sftk_DestroySession` directly and leave `sftk_FreeSession` as a no-op to be removed in the future. |