summaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAge
* Issue %3005 - Centralize the Security Features and locate them to ↵Matt A. Tobin2021-11-23
| | | | system/security
* Issue %3005 - Move security/nss to libs/Matt A. Tobin2021-11-21
|
* [NSS/GYP] Update generate_certdata.py so it matches what this version of nss ↵Matt A. Tobin2021-11-21
| | | | expects
* [NSS/GYP] Get nss gyp to understand disabling avx2 in freeblMatt A. Tobin2021-11-21
|
* [NSS/GYP] Transfer build configuration to gypMatt A. Tobin2021-11-20
|
* Issue %3029 - Part 5: Remove remaining telemetry structs, callers and flags.Moonchild2021-11-01
|
* Issue %3029 - Part 1: Remove Telemetry plumbing and fix build.Moonchild2021-10-29
| | | | | Note this won't give working applications. Requires FE changes and additional js module changes (next part).
* Issue %3020 - Part 6: Clean up docs and some code comments.Moonchild2021-10-15
| | | | Polish only, no code changes.
* Issue %3020 - Part 2: First pass Android defines and remove Android AnnotationMoonchild2021-10-14
| | | | processors, some Andoid packaging stuff, Eclipse IDE support et al.
* Issue %3004 - Add an option to enable TLS 1.3 "compatibility" mode.Moonchild2021-10-11
| | | | | | | Critical note: this potentially reduces the strength of TLS 1.3 and should only be enabled if absolutely necessary to access a site. A browser restart is required for the pref change to take effect as it is set on NSS initialization.
* Issue %3010 - Remove --disable-xul config and conditionals.Moonchild2021-10-10
|
* No issue - Clean up some obsolete/archaic code paths.Moonchild2021-09-30
|
* [NSS hotpatch] Hard disable AVX2 in NSS Build SystemMatt A. Tobin2021-03-15
|
* Issue mcp-graveyard/UXP%1693 - Update NSS to 3.52.2-UXPMoonchild2021-03-15
| | | | Update root certificates and port NSS sec patches from previous work.
* [NSS] Update root certificates.Moonchild2021-03-15
|
* [NSS] Prevent slotLock race in NSC_GetTokenInfoJ.C. Jones2021-03-15
| | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock.
* [NSS] Implement constant-time GCD and modular inversionSohaib ul Hassan2021-03-15
| | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley
* Issue mcp-graveyard/UXP%1693 - Update NSS to 3.52.1-RTMMoonchild2021-03-15
|
* Issue mcp-graveyard/UXP%1746 - Revert "Update to NSS 3.59.1.1"Moonchild2021-03-14
|
* Issue mcp-graveyard/UXP%1746 - Update pkix code with later NSS code.Moonchild2021-03-14
|
* Issue mcp-graveyard/UXP%457 - Remove duplicate PKCS11 definitionsMoonchild2021-02-24
|
* [security] Hold mutex when accessing TSI fields.Moonchild2021-02-24
|
* [NSS hotpatch] Hard disable AVX2 in NSS Build SystemMatt A. Tobin2021-01-03
| | | | This should be ported to the NSS repo
* Issue mcp-graveyard/UXP%1693 - Update NSS to 3.59.1.1Moonchild2020-12-23
| | | | | This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our consumption of the library.
* [NSS] Version and build bumpMoonchild2020-12-01
|
* [NSS] Update root certificates.Moonchild2020-12-01
|
* Issue mcp-graveyard/UXP%1280 - Follow-up: Get rid of HPKP pinning mode.adesh2020-11-10
| | | | | | This was a leftover from HPKP removal. Also remove a couple of unused variables from security/manager/ssl/nsSiteSecurityService.cpp.
* Issue mcp-graveyard/UXP%1656 - Nuke the remaining vim lines in UXPMoonchild2020-10-26
| | | | Closes %1656
* Issue mcp-graveyard/UXP%1656 - Part 9: Single-line-comment style.Moonchild2020-09-24
|
* Issue mcp-graveyard/UXP%1656 - Part 8: Devtools and misc.Moonchild2020-09-24
|
* Issue mcp-graveyard/UXP%1656 - Part 6: Clean up the build filesMoonchild2020-09-23
|
* Issue mcp-graveyard/UXP%1656 - Part 4: Manual cleanupMoonchild2020-09-23
|
* Issue mcp-graveyard/UXP%1656 - Part 4: Tackle *.idl, *.css, *.ipdlh, ↵Moonchild2020-09-23
| | | | *.webidl, *.cc
* Issue mcp-graveyard/UXP%1656 - Part 3: Nuke more vim config lines in the tree.Moonchild2020-09-23
| | | | Another S&R run with some smarter matching.
* Issue mcp-graveyard/UXP%1656 - Part 1: Nuke most vim config lines in the tree.Moonchild2020-09-23
| | | | | | Since these are just interpreted comments, there's 0 impact on actual code. This removes all lines that match /* vim: set(.*)tw=80: */ with S&R -- there are a few others scattered around which will be removed manually in a second part.
* Issue mcp-graveyard/UXP%1280 - Remove hostname parameter to trust domain.adeshkp2020-09-12
| | | | | | Host name was purely being used for HPKP and since HPKP is killed, this can also go. Currently it doesn't do anything other than generating build warnings.
* [NSS] Version and build bumpMoonchild2020-08-29
|
* [NSS] Prevent slotLock race in NSC_GetTokenInfoJ.C. Jones2020-08-29
| | | | | Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot after obtaining it, even though slotLock is defined as its lock.
* [NSS] Version and build bumpMoonchild2020-07-09
|
* [NSS] Implement constant-time GCD and modular inversionSohaib ul Hassan2020-07-09
| | | | | | | | | | | | The implementation is based on the work by Bernstein and Yang (https://eprint.iacr.org/2019/266) "Fast constant-time gcd computation and modular inversion". It fixes the old mp_gcd and s_mp_invmod_odd_m functions. The patch also fixes mpl_significant_bits s_mp_div_2d and s_mp_mul_2d by having less control flow to reduce side-channel leaks. Co-authored by : Billy Bob Brumley
* Issue mcp-graveyard/UXP%439 - Remove, fix and clean up automated testsMoonchild2020-06-08
| | | | | | | With the big amount of code churn around DOM a lot of tests broke severely enough that they caused build bustage. This commit cleans up, removes or otherwise fixes tests that are broken, no longer relevant or obsolete.
* [NSS] Bump NSS versionMoonchild2020-06-03
|
* [NSS] Force a fixed length for DSA exponentiationMoonchild2020-06-03
|
* Merge pull request %1502 from athenian200/nss348_solarisMoonchild2020-03-31
|\ | | | | Un-bust building of NSS after update to 3.48 on Solaris.
| * Issue mcp-graveyard/UXP%1501 - Un-bust building of NSS after update to 3.48 ↵athenian2002020-03-30
| | | | | | | | on Solaris.
* | Issue mcp-graveyard/UXP%1280 - Un-bust certerror pages and ForgetAboutSitewolfbeast2020-03-31
|/
* Issue mcp-graveyard/UXP%1280 - Part 2: Remove HPKP tests.wolfbeast2020-03-28
|
* Issue mcp-graveyard/UXP%1280 - Part 1: Remove HPKP components.wolfbeast2020-03-28
| | | | | This also removes leftover plumbing for storing preload information in SiteSecurityService since no service still uses it.
* Issue mcp-graveyard/UXP%1498 - Part 6: Remove STS preloadlist pref.wolfbeast2020-03-27
|
* Issue mcp-graveyard/UXP%1498 - Part 5: Update SSService CID and correct ↵wolfbeast2020-03-27
| | | | mismatch.