summaryrefslogtreecommitdiff
path: root/security/nss/lib
Commit message (Collapse)AuthorAge
* [NSS] Version bumpMoonchild2022-07-27
|
* [NSS] Fix uninitialized value in cert_ComputeCertType.Moonchild2022-07-27
|
* [NSS] Avoid potential data race on primary password change.Moonchild2022-07-27
|
* [NSS] protect SFTKSlot needLogin with slotLock.Moonchild2022-07-27
|
* Update NSS to 3.52.7Moonchild2022-07-03
|
* [NSS] Update NSS to 3.52.6Moonchild2022-06-01
| | | | - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple (Bug 1767590)
* Update NSS to 3.52.5Moonchild2022-05-04
| | | | | - Default configure to enable dbm - Remove a redundant check on ASN1 decoding (Bug 1753535)
* [NSS] Update NSS to 3.52.4Moonchild2022-04-08
|
* Merge pull request 'Land final NSS-gyp work' (#1850) from nss-gyp-work into ↵Moonchild2022-04-08
|\ | | | | | | | | | | master Reviewed-on: https://repo.palemoon.org/MoonchildProductions/UXP/pulls/1850
| * Issue #1847 - Get NSS gyp to understand disabling avx2 in freeblMatt A. Tobin2022-04-07
| |
* | [NSS] check for missing signedData field and bump versionMoonchild2022-04-08
|/
* Issue #1693 - Update NSS to 3.52.2-UXPMoonchild2021-03-15
| | | | Update root certificates and port NSS sec patches from previous work.
* [NSS] Update root certificates.Moonchild2021-03-15
|
* [NSS] Prevent slotLock race in NSC_GetTokenInfoJ.C. Jones2021-03-15
| | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock.
* [NSS] Implement constant-time GCD and modular inversionSohaib ul Hassan2021-03-15
| | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley
* Issue #1693 - Update NSS to 3.52.1-RTMMoonchild2021-03-15
|
* Issue #1746 - Revert "Update to NSS 3.59.1.1"Moonchild2021-03-14
|
* Issue #1693 - Update NSS to 3.59.1.1Moonchild2020-12-23
| | | | | This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our consumption of the library.
* [NSS] Version and build bumpMoonchild2020-12-01
|
* [NSS] Update root certificates.Moonchild2020-12-01
|
* Issue #1656 - Part 1: Nuke most vim config lines in the tree.Moonchild2020-09-23
| | | | | | Since these are just interpreted comments, there's 0 impact on actual code. This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are a few others scattered around which will be removed manually in a second part.
* [NSS] Version and build bumpMoonchild2020-08-29
|
* [NSS] Prevent slotLock race in NSC_GetTokenInfoJ.C. Jones2020-08-29
| | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock.
* [NSS] Version and build bumpMoonchild2020-07-09
|
* [NSS] Implement constant-time GCD and modular inversionSohaib ul Hassan2020-07-09
| | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley
* [NSS] Bump NSS versionMoonchild2020-06-03
|
* [NSS] Force a fixed length for DSA exponentiationMoonchild2020-06-03
|
* Issue #1338 - Follow-up: Also cache the most recent PBKDF1 hashKai Engert2020-01-23
| | | | This rewrites the caching mechanism to apply to both PBKDF1 and PBKDF2
* Issue #1338 - Bump NSS versionwolfbeast2020-01-20
| | | | | | | Our NSS version is closer to the currently-released .1, so bump version to that. Note: we still have some additional patches to the in-tree version in place so this isn't a 100% match to the RTM one.
* Issue #1338: Follow-up: Cache the most recent PBKDF2 password hash,Kai Engert2020-01-14
| | | | | | to speed up repeated SDR operations. Landed on NSS-3.48 for Bug 1606992
* Issue #1338 - Followup: certdb: propagate trust information if trustDaiki Ueno2020-01-10
| | | | | | | | | | | | | module is loaded afterwards, Summary: When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in UXP as it loads the module from a separate thread while accessing the network cache which populates temp certs. This change makes it properly roll up the trust information, if a temp cert doesn't have trust information.
* Issue #1338 - Part 2: Update NSS to 3.48-RTMwolfbeast2020-01-02
|
* Update NSS version.wolfbeast2019-12-06
|
* [NSS] Bug 1586176 - EncryptUpdate should use maxout not block size.Craig Disselkoen2019-12-06
|
* [NSS] Bug 1508776 - Remove unneeded refcounting from SFTKSessionJ.C. Jones2019-12-06
| | | | | | | | SFTKSession objects are only ever actually destroyed at PK11 session closure, as the session is always the final holder -- and asserting refCount == 1 shows that to be true. Because of that, NSC_CloseSession can just call `sftk_DestroySession` directly and leave `sftk_FreeSession` as a no-op to be removed in the future.
* Merge pull request #1262 from athenian200/solaris-workMoonchild2019-11-02
|\ | | | | Support Modern Solaris
| * MoonchildProductions#1251 - Part 16: Resolve namespace conflicts with dbm on ↵athenian2002019-10-21
| | | | | | | | | | | | | | | | | | | | Solaris. https://bugzilla.mozilla.org/show_bug.cgi?id=1513913 Mozilla's solution to this is arguably overkill, since the namespace issue on Solaris only required them to change (or temporarily undefine) __log2. Instead they changed ALL the functions to be something along the lines of dbm_log2. They haven't changed the external interface at all, though. If you're unhappy with this patch, I think I could also use XP_SOLARIS ifdefs to undefine __log2 prior to where it's declared in the dbm headers. The good thing about Mozilla's solution is that it guarantees this namespace issue never occurs again on any platform, though.
* | Update NSS versionwolfbeast2019-10-24
| |
* | Add length checks for cryptographic primitivesKevin Jacobs2019-10-24
| | | | | | | | | | This rollup patch adds additional length checks around cryptographic primitives.
* | Support longer (up to RFC maximum) HKDF outputswolfbeast2019-10-24
|/ | | | | | HKDF-Expand enforces a maximum output length much shorter than stated in the RFC. This patch aligns the implementation with the RFC by allocating more output space when necessary.
* Update NSS version.wolfbeast2019-07-17
|
* Prohibit the use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3wolfbeast2019-07-17
| | | | This is a spec compliance issue.
* Don't unnecessarily strip leading 0's from key material during PKCS11 import.wolfbeast2019-07-17
|
* Apply better input checking discipline.wolfbeast2019-07-17
|
* Change softoken password rounds to a more conservative number stillwolfbeast2019-07-03
| | | | | within industry standard security, considering our db hashing is more CPU intensive than anticipated.
* Update NSS to 3.41.1 (custom)wolfbeast2019-06-27
| | | | This resolves #82
* Revert "Update NSS to 3.41.1 (custom)"wolfbeast2019-06-26
| | | | This reverts commit fbc2eaacd679f0c484993ffe23d786fd06da22c3.
* Update NSS to 3.41.1 (custom)wolfbeast2019-06-26
| | | | This resolves #82
* Update NSS to 3.41wolfbeast2018-12-15
|
* Update NSS to 3.38wolfbeast2018-08-14
| | | | | | | | | | | | | - Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.