462aac7d98
[HSTS] Let parent hosts determine whether HSTS subs should be applied.
...
This aligns with the wording in RFC 6797.
2024-01-25 12:14:06 +08:00
266b96a53a
[NSS] add a defensive check for large ssl_DefSend return values.
2024-01-25 12:13:04 +08:00
fae36a95ec
No Issue - Updates to Mac packaging for notarization. Add Mac entitlements. Switch to using "create" instead of "makehybrid" when creating the disk image. This fixes bogus extended attributes which interfere with the code signature. Finally add any -bin or dylibs in the Resources folder since --deep skips that folder.
2023-05-10 11:57:07 +08:00
a39fd9e75f
Issue #1656 - Remove more vim control lines.
...
Vim control lines were re-introduced or not entirely cleaned up.
This nukes them again.
Removing from modules, netwerk, security, storage, testing, toolkit, and
a few scattered misc files. More to come.
2023-05-05 22:59:16 +08:00
f6f0a495a7
Issue #2180 - Follow-up: Move sentinel check up a bit.
2023-03-29 11:05:39 +08:00
dc4bf9b823
Issue #2180 - Add pref to control NSS TLS 1.3 protocol downgrade sentinel
2023-03-29 11:05:16 +08:00
ca93d4b42d
Issue #1831 - Add an option to enable TLS 1.3 "compatibility" mode.
...
Critical note: this potentially reduces the strength of TLS 1.3 and
should only be enabled if absolutely necessary to access a site.
A browser restart is required for the pref change to take effect as it
is set on NSS initialization.
Resolves #1831
2023-03-29 11:04:44 +08:00
0365f940fe
Issue #2148 - Make Vector not use AlignedStorage for its inline element storage
...
See Bug 1338374 1/2
2023-03-15 22:50:40 +08:00
cdda874cff
[NSS] Update NSS to pick up fixes.
2023-02-20 12:01:55 +08:00
10fdf0e1c5
[NSS] Fix uninitialized value in cert_ComputeCertType.
2022-07-30 08:43:45 +08:00
a77cf423c2
[NSS] Avoid potential data race on primary password change.
2022-07-30 08:43:44 +08:00
b9084ea29d
[NSS] protect SFTKSlot needLogin with slotLock.
2022-07-30 08:43:44 +08:00
2706ef696d
Update NSS
2022-07-05 17:21:07 +08:00
eaf9e756a0
Issue #21 - Remove remaining telemetry structs, callers and flags.
2022-04-28 10:33:44 +08:00
8d800b1cb0
Issue #21 - Remove Telemetry plumbing and fix build.
...
Note this won't give working applications. Requires FE changes and
additional js module changes (next part).
2022-04-28 10:25:48 +08:00
031a928950
Issue #738 - Follow-up: Remove explicit session cache cleanup routine from ShutdownNSS
...
This is no longer needed because the call to SSL_ConfigServerSessionIDCache on startup was already removed (see 1425f020c47b3cbe134f71717299714aead28502), meaning LocksInitializedEarly does not become true and only causes an assertion on debug builds.
On the other hand, SSL_ClearSessionCache is already called on XPCOM shutdown and calling it again here is redundant.
Additional context: https://bugzilla.mozilla.org/show_bug.cgi?id=1485087#c5
Based on https://bugzilla.mozilla.org/show_bug.cgi?id=1485087
2022-04-21 21:46:24 +08:00
roytam1
e3fb994063
Bug 1735028 - check for missing signedData field r=keeler
2022-01-19 10:25:05 +08:00
ed26fe34af
Issue #1746 - Update pkix code with later NSS code.
2021-03-16 09:49:44 +08:00
9fd40b1c93
Issue #457 - Remove duplicate PKCS11 definitions
2021-02-25 09:26:44 +08:00
ef29cca224
[security] Hold mutex when accessing TSI fields.
2021-02-25 09:26:42 +08:00
d8fdbcd88c
[NSS] Version and build bump
2020-12-02 09:57:49 +08:00
b71804f4a3
[NSS] Update root certificates.
2020-12-02 09:57:48 +08:00
2924d30a83
Issue #1280 - Follow-up: Get rid of HPKP pinning mode.
...
This was a leftover from HPKP removal.
Also remove a couple of unused variables from security/manager/ssl/nsSiteSecurityService.cpp.
2020-11-19 21:11:43 +08:00
a77ab3da7f
Issue #1656 - Nuke the remaining vim lines in UXP
...
Closes #1656
2020-10-30 09:09:20 +08:00
9305760571
Issue #1656 - Part 9: Single-line-comment style.
2020-09-25 22:07:00 +08:00
d5919942ff
Issue #1656 - Part 8: Devtools and misc.
2020-09-25 22:06:55 +08:00
0cd673d720
Issue #1656 - Part 6: Clean up the build files
2020-09-25 22:04:23 +08:00
538b420319
Issue #1656 - Part 4: Manual cleanup
2020-09-25 22:04:20 +08:00
d7a4abc3d4
Issue #1656 - Part 4: Tackle *.idl, *.css, *.ipdlh, *.webidl, *.cc
2020-09-25 22:04:18 +08:00
30df895eb2
Issue #1656 - Part 3: Nuke more vim config lines in the tree.
...
Another S&R run with some smarter matching.
2020-09-25 22:04:17 +08:00
8c395520d9
Issue #1656 - Part 1: Nuke most vim config lines in the tree.
...
Since these are just interpreted comments, there's 0 impact on actual code.
This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are
a few others scattered around which will be removed manually in a second part.
2020-09-25 22:04:12 +08:00
f7b02cecab
Issue #1280 - Remove hostname parameter to trust domain.
...
Host name was purely being used for HPKP and since HPKP is killed,
this can also go. Currently it doesn't do anything other than
generating build warnings.
2020-09-16 21:11:01 +08:00
38470e4fe9
[NSS] Version and build bump
2020-09-04 22:30:57 +08:00
0e23c7cc48
[NSS] Prevent slotLock race in NSC_GetTokenInfo
...
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot
after obtaining it, even though slotLock is defined as its lock.
2020-09-04 22:30:55 +08:00
9890572c8e
[NSS] Version and build bump
2020-07-10 22:18:56 +08:00
62467c473d
[NSS] Implement constant-time GCD and modular inversion
...
The implementation is based on the work by Bernstein and Yang
(https://eprint.iacr.org/2019/266 )
"Fast constant-time gcd computation and modular inversion".
It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes
mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to
reduce side-channel leaks.
Co-authored by : Billy Bob Brumley
2020-07-10 22:18:52 +08:00
594c930eca
Issue #439 - Remove, fix and clean up automated tests
...
With the big amount of code churn around DOM a lot of tests
broke severely enough that they caused build bustage.
This commit cleans up, removes or otherwise fixes tests
that are broken, no longer relevant or obsolete.
2020-06-10 21:00:09 +08:00
ca3ce88bd1
[NSS] Bump NSS version
2020-06-06 07:21:18 +08:00
4789fee7cf
[NSS] Force a fixed length for DSA exponentiation
2020-06-06 07:21:15 +08:00
768fad9864
Issue #1501 - Un-bust building of NSS after update to 3.48 on Solaris.
2020-04-03 09:30:25 +08:00
052b2e70a3
Issue #1280 - Un-bust certerror pages and ForgetAboutSite
2020-04-03 09:30:07 +08:00
593ea86a68
Issue #1280 - Part 2: Remove HPKP tests.
2020-04-03 09:27:13 +08:00
cf5f069080
Issue #1280 - Part 1: Remove HPKP components.
...
This also removes leftover plumbing for storing preload information
in SiteSecurityService since no service still uses it.
2020-04-03 09:27:11 +08:00
ff8c58e8db
Issue #1498 - Part 6: Remove STS preloadlist pref.
2020-04-03 09:22:00 +08:00
be0246f8e4
Issue #1498 - Part 5: Update SSService CID and correct mismatch.
2020-04-03 09:21:57 +08:00
6fe7731e5e
Issue #1498 - Part 4: Remove clearPreloads.
...
Also tag #1280
2020-04-03 09:21:53 +08:00
bcfc5b3a88
Issue #1498 - Part 3: Remove support for storing "knockout" values.
2020-04-03 09:21:49 +08:00
786480c19c
Issue #1498 - Part 1: Stop persisting preload states.
...
Since we don't use preloading anymore for either HPKP or HSTS, we no
longer need persistent storage in the profile for preload states.
Tag #1280 also
2020-04-03 09:17:35 +08:00
7d012bfdc0
Issue #1498 - Part 1: Stop using HSTS preload lists.
2020-04-03 09:17:28 +08:00
5010fed2fd
Take nsSiteSecurityService out of UNIFIED_SOURCES
...
It exceeded the obj file sections limit because of the HSTS preload list so it cannot be built in UNIFIED mode.
2020-04-03 09:16:53 +08:00
Moonchild
John Schanck
Brian Smith
FranklinDM
roytam1
adesh
adeshkp
J.C. Jones
Sohaib ul Hassan
athenian200
wolfbeast
Matt A. Tobin