Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Issue %3005 - Centralize the Security Features and locate them to ↵ | Matt A. Tobin | 2021-11-23 |
| | | | | system/security | ||
* | Issue %3005 - Move security/nss to libs/ | Matt A. Tobin | 2021-11-21 |
| | |||
* | [NSS/GYP] Update generate_certdata.py so it matches what this version of nss ↵ | Matt A. Tobin | 2021-11-21 |
| | | | | expects | ||
* | [NSS/GYP] Get nss gyp to understand disabling avx2 in freebl | Matt A. Tobin | 2021-11-21 |
| | |||
* | [NSS/GYP] Transfer build configuration to gyp | Matt A. Tobin | 2021-11-20 |
| | |||
* | Issue %3029 - Part 5: Remove remaining telemetry structs, callers and flags. | Moonchild | 2021-11-01 |
| | |||
* | Issue %3029 - Part 1: Remove Telemetry plumbing and fix build. | Moonchild | 2021-10-29 |
| | | | | | Note this won't give working applications. Requires FE changes and additional js module changes (next part). | ||
* | Issue %3020 - Part 6: Clean up docs and some code comments. | Moonchild | 2021-10-15 |
| | | | | Polish only, no code changes. | ||
* | Issue %3020 - Part 2: First pass Android defines and remove Android Annotation | Moonchild | 2021-10-14 |
| | | | | processors, some Andoid packaging stuff, Eclipse IDE support et al. | ||
* | Issue %3004 - Add an option to enable TLS 1.3 "compatibility" mode. | Moonchild | 2021-10-11 |
| | | | | | | | Critical note: this potentially reduces the strength of TLS 1.3 and should only be enabled if absolutely necessary to access a site. A browser restart is required for the pref change to take effect as it is set on NSS initialization. | ||
* | Issue %3010 - Remove --disable-xul config and conditionals. | Moonchild | 2021-10-10 |
| | |||
* | No issue - Clean up some obsolete/archaic code paths. | Moonchild | 2021-09-30 |
| | |||
* | [NSS hotpatch] Hard disable AVX2 in NSS Build System | Matt A. Tobin | 2021-03-15 |
| | |||
* | Issue mcp-graveyard/UXP%1693 - Update NSS to 3.52.2-UXP | Moonchild | 2021-03-15 |
| | | | | Update root certificates and port NSS sec patches from previous work. | ||
* | [NSS] Update root certificates. | Moonchild | 2021-03-15 |
| | |||
* | [NSS] Prevent slotLock race in NSC_GetTokenInfo | J.C. Jones | 2021-03-15 |
| | | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. | ||
* | [NSS] Implement constant-time GCD and modular inversion | Sohaib ul Hassan | 2021-03-15 |
| | | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley | ||
* | Issue mcp-graveyard/UXP%1693 - Update NSS to 3.52.1-RTM | Moonchild | 2021-03-15 |
| | |||
* | Issue mcp-graveyard/UXP%1746 - Revert "Update to NSS 3.59.1.1" | Moonchild | 2021-03-14 |
| | |||
* | Issue mcp-graveyard/UXP%1746 - Update pkix code with later NSS code. | Moonchild | 2021-03-14 |
| | |||
* | Issue mcp-graveyard/UXP%457 - Remove duplicate PKCS11 definitions | Moonchild | 2021-02-24 |
| | |||
* | [security] Hold mutex when accessing TSI fields. | Moonchild | 2021-02-24 |
| | |||
* | [NSS hotpatch] Hard disable AVX2 in NSS Build System | Matt A. Tobin | 2021-01-03 |
| | | | | This should be ported to the NSS repo | ||
* | Issue mcp-graveyard/UXP%1693 - Update NSS to 3.59.1.1 | Moonchild | 2020-12-23 |
| | | | | | This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our consumption of the library. | ||
* | [NSS] Version and build bump | Moonchild | 2020-12-01 |
| | |||
* | [NSS] Update root certificates. | Moonchild | 2020-12-01 |
| | |||
* | Issue mcp-graveyard/UXP%1280 - Follow-up: Get rid of HPKP pinning mode. | adesh | 2020-11-10 |
| | | | | | | This was a leftover from HPKP removal. Also remove a couple of unused variables from security/manager/ssl/nsSiteSecurityService.cpp. | ||
* | Issue mcp-graveyard/UXP%1656 - Nuke the remaining vim lines in UXP | Moonchild | 2020-10-26 |
| | | | | Closes %1656 | ||
* | Issue mcp-graveyard/UXP%1656 - Part 9: Single-line-comment style. | Moonchild | 2020-09-24 |
| | |||
* | Issue mcp-graveyard/UXP%1656 - Part 8: Devtools and misc. | Moonchild | 2020-09-24 |
| | |||
* | Issue mcp-graveyard/UXP%1656 - Part 6: Clean up the build files | Moonchild | 2020-09-23 |
| | |||
* | Issue mcp-graveyard/UXP%1656 - Part 4: Manual cleanup | Moonchild | 2020-09-23 |
| | |||
* | Issue mcp-graveyard/UXP%1656 - Part 4: Tackle *.idl, *.css, *.ipdlh, ↵ | Moonchild | 2020-09-23 |
| | | | | *.webidl, *.cc | ||
* | Issue mcp-graveyard/UXP%1656 - Part 3: Nuke more vim config lines in the tree. | Moonchild | 2020-09-23 |
| | | | | Another S&R run with some smarter matching. | ||
* | Issue mcp-graveyard/UXP%1656 - Part 1: Nuke most vim config lines in the tree. | Moonchild | 2020-09-23 |
| | | | | | | Since these are just interpreted comments, there's 0 impact on actual code. This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are a few others scattered around which will be removed manually in a second part. | ||
* | Issue mcp-graveyard/UXP%1280 - Remove hostname parameter to trust domain. | adeshkp | 2020-09-12 |
| | | | | | | Host name was purely being used for HPKP and since HPKP is killed, this can also go. Currently it doesn't do anything other than generating build warnings. | ||
* | [NSS] Version and build bump | Moonchild | 2020-08-29 |
| | |||
* | [NSS] Prevent slotLock race in NSC_GetTokenInfo | J.C. Jones | 2020-08-29 |
| | | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock. | ||
* | [NSS] Version and build bump | Moonchild | 2020-07-09 |
| | |||
* | [NSS] Implement constant-time GCD and modular inversion | Sohaib ul Hassan | 2020-07-09 |
| | | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley | ||
* | Issue mcp-graveyard/UXP%439 - Remove, fix and clean up automated tests | Moonchild | 2020-06-08 |
| | | | | | | | With the big amount of code churn around DOM a lot of tests broke severely enough that they caused build bustage. This commit cleans up, removes or otherwise fixes tests that are broken, no longer relevant or obsolete. | ||
* | [NSS] Bump NSS version | Moonchild | 2020-06-03 |
| | |||
* | [NSS] Force a fixed length for DSA exponentiation | Moonchild | 2020-06-03 |
| | |||
* | Merge pull request %1502 from athenian200/nss348_solaris | Moonchild | 2020-03-31 |
|\ | | | | | Un-bust building of NSS after update to 3.48 on Solaris. | ||
| * | Issue mcp-graveyard/UXP%1501 - Un-bust building of NSS after update to 3.48 ↵ | athenian200 | 2020-03-30 |
| | | | | | | | | on Solaris. | ||
* | | Issue mcp-graveyard/UXP%1280 - Un-bust certerror pages and ForgetAboutSite | wolfbeast | 2020-03-31 |
|/ | |||
* | Issue mcp-graveyard/UXP%1280 - Part 2: Remove HPKP tests. | wolfbeast | 2020-03-28 |
| | |||
* | Issue mcp-graveyard/UXP%1280 - Part 1: Remove HPKP components. | wolfbeast | 2020-03-28 |
| | | | | | This also removes leftover plumbing for storing preload information in SiteSecurityService since no service still uses it. | ||
* | Issue mcp-graveyard/UXP%1498 - Part 6: Remove STS preloadlist pref. | wolfbeast | 2020-03-27 |
| | |||
* | Issue mcp-graveyard/UXP%1498 - Part 5: Update SSService CID and correct ↵ | wolfbeast | 2020-03-27 |
| | | | | mismatch. |