module is loaded afterwards,
Summary: When the builtin trust module is loaded after some temp certs
being created, these temp certs are usually not accompanied by trust
information. This causes a problem in UXP as it loads the module from a
separate thread while accessing the network cache which populates temp
certs.
This change makes it properly roll up the trust information, if a temp
cert doesn't have trust information.
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that, NSC_CloseSession
can just call `sftk_DestroySession` directly and leave
`sftk_FreeSession` as a no-op to be removed in the future.
HKDF-Expand enforces a maximum output length much shorter than stated in
the RFC. This patch aligns the implementation with the RFC by allocating
more output space when necessary.
https://bugzilla.mozilla.org/show_bug.cgi?id=1513913
Mozilla's solution to this is arguably overkill, since the namespace issue on Solaris only required them to change (or temporarily undefine) __log2. Instead they changed ALL the functions to be something along the lines of dbm_log2. They haven't changed the external interface at all, though.
If you're unhappy with this patch, I think I could also use XP_SOLARIS ifdefs to undefine __log2 prior to where it's declared in the dbm headers. The good thing about Mozilla's solution is that it guarantees this namespace issue never occurs again on any platform, though.
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
Kai Engert
Daiki Ueno
wolfbeast
Craig Disselkoen
J.C. Jones
Moonchild
Kevin Jacobs
athenian200
wolfbeast
JustOff
Matt A. Tobin
Matt A. Tobin