1
0
mirror of https://github.com/roytam1/UXP.git synced 2026-07-08 16:19:09 +00:00
Commit Graph

43 Commits

Author SHA1 Message Date
Moonchild 01d894938b [NSS] Destroy certificate on error paths 2025-12-17 22:45:58 +08:00
Moonchild fe21538da4 [NSS] Avoid leak in pkcs12 decoder. 2025-08-21 16:07:31 +08:00
Brian Smith e8b3077d4f No Issue - Fixes for building with LLVM 19 included with FreeBSD 13.5. Fix a conflict with libc++ 19 and the old Mozilla (re)alloc macros. LLVM 18+ does not allow std::char_traits<unsigned char> so avoid it. https://bugzilla.mozilla.org/show_bug.cgi?id=1849070 Partial NSS upgrade to replace ByteString with a class. https://bugzilla.mozilla.org/show_bug.cgi?id=1851092 2025-05-14 14:20:07 +08:00
Moonchild be9a6ed2ac [NSS] Improve locking in nssPKIObject_GetInstances. 2025-04-30 23:03:04 +08:00
Moonchild dcb76fe0f7 [NSS] Ensure zero-initialization of collectArgs.cert 2025-02-06 09:25:33 +08:00
Moonchild ecb18ddf57 [NSS] Simplify error handling in get_token_objects_for_cache. 2025-02-06 09:25:01 +08:00
Kai Engert e825209039 [NSS] Bug 1899402 - Correctly destroy bulkkey in error scenario. r=jschanck
Differential Revision: https://phabricator.services.mozilla.com/D223837

--HG--
extra : rebase_source : d06a6bb8d51bb844c814c5ee682a1b24de3e2e69
2024-11-29 20:55:45 +08:00
John Schanck 266b96a53a [NSS] add a defensive check for large ssl_DefSend return values. 2024-01-25 12:13:04 +08:00
Moonchild cdda874cff [NSS] Update NSS to pick up fixes. 2023-02-20 12:01:55 +08:00
Moonchild 10fdf0e1c5 [NSS] Fix uninitialized value in cert_ComputeCertType. 2022-07-30 08:43:45 +08:00
Moonchild a77cf423c2 [NSS] Avoid potential data race on primary password change. 2022-07-30 08:43:44 +08:00
Moonchild b9084ea29d [NSS] protect SFTKSlot needLogin with slotLock. 2022-07-30 08:43:44 +08:00
Moonchild 2706ef696d Update NSS 2022-07-05 17:21:07 +08:00
roytam1 e3fb994063 Bug 1735028 - check for missing signedData field r=keeler 2022-01-19 10:25:05 +08:00
Moonchild d8fdbcd88c [NSS] Version and build bump 2020-12-02 09:57:49 +08:00
Moonchild b71804f4a3 [NSS] Update root certificates. 2020-12-02 09:57:48 +08:00
Moonchild 8c395520d9 Issue #1656 - Part 1: Nuke most vim config lines in the tree.
Since these are just interpreted comments, there's 0 impact on actual code.
This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are
a few others scattered around which will be removed manually in a second part.
2020-09-25 22:04:12 +08:00
Moonchild 38470e4fe9 [NSS] Version and build bump 2020-09-04 22:30:57 +08:00
J.C. Jones 0e23c7cc48 [NSS] Prevent slotLock race in NSC_GetTokenInfo
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot
after obtaining it, even though slotLock is defined as its lock.
2020-09-04 22:30:55 +08:00
Moonchild 9890572c8e [NSS] Version and build bump 2020-07-10 22:18:56 +08:00
Sohaib ul Hassan 62467c473d [NSS] Implement constant-time GCD and modular inversion
The implementation is based on the work by Bernstein and Yang
(https://eprint.iacr.org/2019/266)
"Fast constant-time gcd computation and modular inversion".

It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes
mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to
reduce side-channel leaks.

Co-authored by : Billy Bob Brumley
2020-07-10 22:18:52 +08:00
Moonchild ca3ce88bd1 [NSS] Bump NSS version 2020-06-06 07:21:18 +08:00
Moonchild 4789fee7cf [NSS] Force a fixed length for DSA exponentiation 2020-06-06 07:21:15 +08:00
Kai Engert a8daf97de0 Issue #1338 - Follow-up: Also cache the most recent PBKDF1 hash
This rewrites the caching mechanism to apply to both PBKDF1 and PBKDF2
2020-01-24 09:36:33 +08:00
wolfbeast abb2afe2a7 Issue #1338 - Bump NSS version
Our NSS version is closer to the currently-released .1, so bump version
to that.
Note: we still have some additional patches to the in-tree version in
place so this isn't a 100% match to the RTM one.
2020-01-24 09:28:39 +08:00
Kai Engert 3d75257e8d Issue #1338: Follow-up: Cache the most recent PBKDF2 password hash,
to speed up repeated SDR operations.

Landed on NSS-3.48 for Bug 1606992
2020-01-17 09:15:04 +08:00
Daiki Ueno 75fdf9c3b0 Issue #1338 - Followup: certdb: propagate trust information if trust
module is loaded afterwards,

Summary: When the builtin trust module is loaded after some temp certs
being created, these temp certs are usually not accompanied by trust
information. This causes a problem in UXP as it loads the module from a
separate thread while accessing the network cache which populates temp
certs.

This change makes it properly roll up the trust information, if a temp
cert doesn't have trust information.
2020-01-11 06:47:38 +08:00
wolfbeast c57cac24e8 Issue #1338 - Part 2: Update NSS to 3.48-RTM 2020-01-05 11:42:29 +08:00
Craig Disselkoen b7f6024e34 [NSS] Bug 1586176 - EncryptUpdate should use maxout not block size. 2019-12-07 06:55:10 +08:00
J.C. Jones 0916deba59 [NSS] Bug 1508776 - Remove unneeded refcounting from SFTKSession
SFTKSession objects are only ever actually destroyed at PK11 session
closure, as the session is always the final holder -- and asserting
refCount == 1 shows that to be true. Because of that, NSC_CloseSession
can just call `sftk_DestroySession` directly and leave
`sftk_FreeSession` as a no-op to be removed in the future.
2019-12-07 06:55:07 +08:00
wolfbeast 5f0986e66f Update NSS to 3.41 2019-02-16 00:22:24 +08:00
wolfbeast d36d4eb674 Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
2019-02-16 00:11:10 +08:00
wolfbeast 1ed60ee41b Don't leak newTemplate in pk11_copyAttributes()
Cherry-pick of NSS fix from 3.37
2019-02-16 00:07:15 +08:00
JustOff fe96962962 Update NSS to 3.36.4-RTM 2019-02-16 00:02:32 +08:00
wolfbeast 8c296a9714 Revert "Restore NSS default storage file format to DBM when no prefix is given."
This reverts commit b2c78bbf83f75bf034028814329fdd43b6bfe885.
2019-02-16 00:01:08 +08:00
wolfbeast e88fd14de6 Restore NSS default storage file format to DBM when no prefix is given. 2019-02-16 00:01:06 +08:00
wolfbeast 608f9fca02 Update NSS to 3.35-RTM 2019-02-16 00:01:03 +08:00
NTD da15587e4a Partially revert 1ef526f0f - sftkpwd.c
#82 #265
2019-02-15 23:51:37 +08:00
wolfbeast 9e32522120 Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
2019-02-15 23:50:26 +08:00
wolfbeast 522a346ef8 Strengthen the use of the Master Password.
- Use 30k iterations instead of 1.
- Enforce minimum password length of 8 characters.
- Adjust strength meter accordingly.

This resolves #82.
2019-02-15 23:46:38 +08:00
wolfbeast 66dd670b60 Update NSS to 3.35-RTM 2019-02-15 23:33:36 +08:00
wolfbeast c91ef9012b Update NSS to 3.32.1-RTM 2019-02-15 23:29:46 +08:00
roytam1 dcd9973243 import FIREFOX_52_6_0esr_RELEASE from mozilla-esr52 hg repo 2018-01-19 03:59:58 +08:00