Closed Bug 1666567 Opened 4 years ago Closed 4 years ago

Upgrade Firefox 83 to use NSS 3.58

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
83 Branch
Tracking Status
firefox83 --- fixed

People

(Reporter: jcj, Assigned: jcj)

References

()

Details

Attachments

(6 files)

Tracking NSS 3.58 for Firefox 83. Ultimate tag will be NSS_3_58_RTM.

Keywords: leave-open
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0dc1fc4850cd land NSS c28e20f61e5d UPGRADE_NSS_RELEASE, r=kjacobs

2020-09-23 Dana Keeler <dkeeler@mozilla.com>

* gtests/mozpkix_gtest/pkixbuild_tests.cpp,
gtests/mozpkix_gtest/pkixcert_extension_tests.cpp,
gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp,
gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp,
gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp,
gtests/mozpkix_gtest/pkixgtest.h,
lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp:
Bug 1665715 - (2/2) pass encoded signed certificate timestamp
extension (if present) in CheckRevocation r=jcj

This will allow Firefox to make decisions based on the earliest
known time that a certificate exists (with respect to certificate
transparency) that a CA is unlikely to back-date. In particular,
this is essential for CRLite. Note that if the SCT signature isn't
validated, a CA could still make a certificate appear to have
existed for longer than it really has. However, this change is not
an attempt to catch malicious CAs. The aim is to avoid false
positives in CRLite resulting from CAs backdating the notBefore
field on certificates they issue.

Depends on D90595

[8ebee3cec9cf] [tip]

2020-09-18 Dana Keeler <dkeeler@mozilla.com>

* gtests/mozpkix_gtest/pkixbuild_tests.cpp,
gtests/mozpkix_gtest/pkixcert_extension_tests.cpp,
gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp,
gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp,
gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp,
gtests/mozpkix_gtest/pkixgtest.h,
lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixbuild.cpp:
Bug 1665715 - (1/2) revert e8f2720c8254 (bug 1593141) because it's
no longer necessary r=jcj

Bug 1593141 added the certificate's notBefore field as an argument
to TrustDomain::CheckRevocation so that Firefox could use it with
CRLite. However, since CAs can backdate that field, we need to use
the earliest embedded SCT timestamp instead.

[c1f4d565ceda]
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7e50f86ea20b land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs

Backed out changeset 7e50f86ea20b (bug 1666567) for security related bustage.

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&group_state=expanded&searchStr=build&fromchange=e150ad21a32c1e9c24a10c99d3b65210cf44e762&tochange=6537439bb7895ab775685f15755aa7c03447a63d&selectedTaskRun=Jma1tpiMTB-WtsO4pDKuBQ.0

Backout link: https://hg.mozilla.org/integration/autoland/rev/6537439bb7895ab775685f15755aa7c03447a63d

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=316544900&repo=autoland&lineNumber=47021

[task 2020-09-24T00:49:54.983Z] 00:49:54     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/security/ct'
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o Unified_cpp_security_ct0.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG -DTRIMMED=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/ct -I/builds/worker/workspace/obj-build/security/ct -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -Wall -Wextra -Wunreachable-code -Wno-unused-parameter -fexperimental-new-pass-manager  -MD -MP -MF .deps/Unified_cpp_security_ct0.o.pp   Unified_cpp_security_ct0.cpp
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -  In file included from Unified_cpp_security_ct0.cpp:29:
[task 2020-09-24T00:49:54.987Z] 00:49:54    ERROR -  /builds/worker/checkouts/gecko/security/ct/CTLogVerifier.cpp:42:54: error: non-virtual member function marked 'override' hides virtual member function
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -                           const Input*, const Input*) override {
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -                                                       ^
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: hidden overloaded virtual function 'mozilla::pkix::TrustDomain::CheckRevocation' declared here: type mismatch at 4th parameter ('mozilla::pkix::Duration' vs 'mozilla::pkix::Time')
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -                   ^
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -  In file included from Unified_cpp_security_ct0.cpp:29:
[task 2020-09-24T00:49:54.987Z] 00:49:54    ERROR -  /builds/worker/checkouts/gecko/security/ct/CTLogVerifier.cpp:27:7: error: abstract class is marked 'final' [-Werror,-Wabstract-final-class]
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -  class SignatureParamsTrustDomain final : public TrustDomain {
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -        ^
[task 2020-09-24T00:49:54.987Z] 00:49:54     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: unimplemented pure virtual method 'CheckRevocation' in 'SignatureParamsTrustDomain'
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -                   ^
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -  In file included from Unified_cpp_security_ct0.cpp:29:
[task 2020-09-24T00:49:54.988Z] 00:49:54    ERROR -  /builds/worker/checkouts/gecko/security/ct/CTLogVerifier.cpp:127:30: error: variable type 'mozilla::ct::SignatureParamsTrustDomain' is an abstract class
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -    SignatureParamsTrustDomain trustDomain;
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -                               ^
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -  3 errors generated.
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -  /builds/worker/checkouts/gecko/config/rules.mk:723: recipe for target 'Unified_cpp_security_ct0.o' failed
[task 2020-09-24T00:49:54.988Z] 00:49:54    ERROR -  make[4]: *** [Unified_cpp_security_ct0.o] Error 1
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/security/ct'
[task 2020-09-24T00:49:54.988Z] 00:49:54     INFO -  /builds/worker/checkouts/gecko/config/recurse.mk:72: recipe for target 'security/ct/target-objects' failed
[task 2020-09-24T00:49:54.988Z] 00:49:54    ERROR -  make[3]: *** [security/ct/target-objects] Error 2
[task 2020-09-24T00:49:54.989Z] 00:49:54     INFO -  make[3]: *** Waiting for unfinished jobs....
[task 2020-09-24T00:49:54.990Z] 00:49:54     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/netwerk/protocol/http'
[task 2020-09-24T00:49:54.990Z] 00:49:54     INFO -  netwerk/protocol/http/Unified_cpp_protocol_http2.o
[task 2020-09-24T00:49:54.990Z] 00:49:54     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/netwerk/protocol/http'
[task 2020-09-24T00:49:55.143Z] 00:49:55     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/netwerk/protocol/http'
[task 2020-09-24T00:49:55.148Z] 00:49:55     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o nsHttpHandler.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/netwerk/protocol/http -I/builds/worker/workspace/obj-build/netwerk/protocol/http -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/checkouts/gecko/dom/base -I/builds/worker/checkouts/gecko/extensions/auth -I/builds/worker/checkouts/gecko/netwerk/base -I/builds/worker/checkouts/gecko/netwerk/cookie -I/builds/worker/checkouts/gecko/netwerk/dns -I/builds/worker/checkouts/gecko/netwerk/ipc -I/builds/worker/checkouts/gecko/netwerk/socket/neqo_glue -I/builds/worker/checkouts/gecko/netwerk/url-classifier -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -fexperimental-new-pass-manager  -MD -MP -MF .deps/nsHttpHandler.o.pp   /builds/worker/checkouts/gecko/netwerk/protocol/http/nsHttpHandler.cpp
[task 2020-09-24T00:49:55.148Z] 00:49:55     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/netwerk/protocol/http'
[task 2020-09-24T00:49:55.148Z] 00:49:55     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/netwerk/protocol/http'
[task 2020-09-24T00:49:55.148Z] 00:49:55     INFO -  netwerk/protocol/http/Unified_cpp_protocol_http3.o
[task 2020-09-24T00:49:55.148Z] 00:49:55     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/netwerk/protocol/http'
[task 2020-09-24T00:49:55.846Z] 00:49:55     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/netwerk/base'
[task 2020-09-24T00:49:55.846Z] 00:49:55     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o Unified_cpp_netwerk_base2.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/netwerk/base -I/builds/worker/workspace/obj-build/netwerk/base -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/checkouts/gecko/docshell/base -I/builds/worker/checkouts/gecko/dom/base -I/builds/worker/checkouts/gecko/netwerk/protocol/http -I/builds/worker/checkouts/gecko/netwerk/socket -I/builds/worker/checkouts/gecko/netwerk/url-classifier -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -Wno-error=shadow -fexperimental-new-pass-manager  -MD -MP -MF .deps/Unified_cpp_netwerk_base2.o.pp   Unified_cpp_netwerk_base2.cpp
[task 2020-09-24T00:49:55.846Z] 00:49:55     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/netwerk/base'
[task 2020-09-24T00:49:55.848Z] 00:49:55     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/netwerk/url-classifier'
[task 2020-09-24T00:49:55.848Z] 00:49:55     INFO -  netwerk/url-classifier/Unified_cpp_url-classifier1.o
[task 2020-09-24T00:49:55.848Z] 00:49:55     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/netwerk/url-classifier'
[task 2020-09-24T00:49:55.887Z] 00:49:55     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/security/apps'
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o Unified_cpp_security_apps0.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DNSS_ENABLE_ECC=True '-DDLL_PREFIX="lib"' '-DDLL_SUFFIX=".so"' -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/apps -I/builds/worker/workspace/obj-build/security/apps -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/checkouts/gecko/security/certverifier -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/checkouts/gecko/third_party/rust/cose-c/include -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -Wextra -Wno-unused-parameter -fexperimental-new-pass-manager  -MD -MP -MF .deps/Unified_cpp_security_apps0.o.pp   Unified_cpp_security_apps0.cpp
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -  In file included from Unified_cpp_security_apps0.cpp:2:
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -  In file included from /builds/worker/checkouts/gecko/security/apps/AppSignatureVerification.cpp:9:
[task 2020-09-24T00:49:55.894Z] 00:49:55    ERROR -  /builds/worker/checkouts/gecko/security/apps/AppTrustDomain.h:39:18: error: 'CheckRevocation' marked 'override' but does not override any member functions
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -    virtual Result CheckRevocation(
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.894Z] 00:49:55    ERROR -  /builds/worker/checkouts/gecko/security/apps/AppTrustDomain.h:23:7: error: abstract class is marked 'final' [-Werror,-Wabstract-final-class]
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -  class AppTrustDomain final : public mozilla::pkix::TrustDomain {
[task 2020-09-24T00:49:55.894Z] 00:49:55     INFO -        ^
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: unimplemented pure virtual method 'CheckRevocation' in 'AppTrustDomain'
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  In file included from Unified_cpp_security_apps0.cpp:2:
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  In file included from /builds/worker/checkouts/gecko/security/apps/AppSignatureVerification.cpp:9:
[task 2020-09-24T00:49:55.895Z] 00:49:55    ERROR -  /builds/worker/checkouts/gecko/security/apps/AppTrustDomain.h:39:18: error: 'mozilla::psm::AppTrustDomain::CheckRevocation' hides overloaded virtual function [-Werror,-Woverloaded-virtual]
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -    virtual Result CheckRevocation(
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: hidden overloaded virtual function 'mozilla::pkix::TrustDomain::CheckRevocation' declared here: type mismatch at 4th parameter ('mozilla::pkix::Duration' vs 'mozilla::pkix::Time')
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  In file included from Unified_cpp_security_apps0.cpp:2:
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  In file included from /builds/worker/checkouts/gecko/security/apps/AppSignatureVerification.cpp:11:
[task 2020-09-24T00:49:55.895Z] 00:49:55    ERROR -  /builds/worker/checkouts/gecko/security/certverifier/NSSCertDBTrustDomain.h:223:18: error: 'CheckRevocation' marked 'override' but does not override any member functions
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -    virtual Result CheckRevocation(
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.895Z] 00:49:55    ERROR -  /builds/worker/checkouts/gecko/security/certverifier/NSSCertDBTrustDomain.h:223:18: error: 'mozilla::psm::NSSCertDBTrustDomain::CheckRevocation' hides overloaded virtual function [-Werror,-Woverloaded-virtual]
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: hidden overloaded virtual function 'mozilla::pkix::TrustDomain::CheckRevocation' declared here: type mismatch at 4th parameter ('mozilla::pkix::Duration' vs 'mozilla::pkix::Time')
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  In file included from Unified_cpp_security_apps0.cpp:2:
[task 2020-09-24T00:49:55.895Z] 00:49:55    ERROR -  /builds/worker/checkouts/gecko/security/apps/AppSignatureVerification.cpp:624:18: error: variable type 'mozilla::psm::AppTrustDomain' is an abstract class
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -    AppTrustDomain trustDomain(std::move(collectedCerts));
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -                   ^
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  6 errors generated.
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  /builds/worker/checkouts/gecko/config/rules.mk:723: recipe for target 'Unified_cpp_security_apps0.o' failed
[task 2020-09-24T00:49:55.895Z] 00:49:55    ERROR -  make[4]: *** [Unified_cpp_security_apps0.o] Error 1
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/security/apps'
[task 2020-09-24T00:49:55.895Z] 00:49:55     INFO -  /builds/worker/checkouts/gecko/config/recurse.mk:72: recipe for target 'security/apps/target-objects' failed
[task 2020-09-24T00:49:55.895Z] 00:49:55    ERROR -  make[3]: *** [security/apps/target-objects] Error 2
[task 2020-09-24T00:49:57.146Z] 00:49:57     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/parser/prototype'
[task 2020-09-24T00:49:57.149Z] 00:49:57     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o Unified_cpp_parser_prototype0.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/parser/prototype -I/builds/worker/workspace/obj-build/parser/prototype -I/builds/worker/checkouts/gecko/dom/xul -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -fexperimental-new-pass-manager  -MD -MP -MF .deps/Unified_cpp_parser_prototype0.o.pp   Unified_cpp_parser_prototype0.cpp
[task 2020-09-24T00:49:57.149Z] 00:49:57     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/parser/prototype'
[task 2020-09-24T00:49:57.301Z] 00:49:57     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/netwerk/ipc'
[task 2020-09-24T00:49:57.304Z] 00:49:57     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o Unified_cpp_netwerk_ipc1.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/netwerk/ipc -I/builds/worker/workspace/obj-build/netwerk/ipc -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/checkouts/gecko/caps -I/builds/worker/checkouts/gecko/dom/base -I/builds/worker/checkouts/gecko/dom/media/webrtc/transport -I/builds/worker/checkouts/gecko/media/webrtc -I/builds/worker/checkouts/gecko/modules/libjar -I/builds/worker/checkouts/gecko/netwerk/base -I/builds/worker/checkouts/gecko/netwerk/protocol/http -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/checkouts/gecko/xpcom/threads -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -fexperimental-new-pass-manager  -MD -MP -MF .deps/Unified_cpp_netwerk_ipc1.o.pp   Unified_cpp_netwerk_ipc1.cpp
[task 2020-09-24T00:49:57.304Z] 00:49:57     INFO -  make[4]: Leaving directory '/builds/worker/workspace/obj-build/netwerk/ipc'
[task 2020-09-24T00:49:57.709Z] 00:49:57     INFO -  make[4]: Entering directory '/builds/worker/workspace/obj-build/security/certverifier'
[task 2020-09-24T00:49:57.713Z] 00:49:57     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ -std=gnu++17 -o Unified_cpp_certverifier0.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/certverifier -I/builds/worker/workspace/obj-build/security/certverifier -I/builds/worker/checkouts/gecko/security/ct -I/builds/worker/checkouts/gecko/security/manager/ssl -I/builds/worker/workspace/obj-build/ipc/ipdl/_ipdlheaders -I/builds/worker/checkouts/gecko/ipc/chromium/src -I/builds/worker/checkouts/gecko/ipc/glue -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -Qunused-arguments -Qunused-arguments -Wall -Wbitfield-enum-conversion -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtype-limits -Wunreachable-code -Wunreachable-code-return -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wc++2a-compat -Wcomma -Wimplicit-fallthrough -Wunused-function -Wunused-variable -Werror=non-literal-null-conversion -Wstring-conversion -Wtautological-overlap-compare -Wtautological-unsigned-enum-zero-compare -Wtautological-unsigned-zero-compare -Wno-error=tautological-type-limit-compare -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=backend-plugin -Wno-error=return-std-move -Wno-error=atomic-alignment -Wno-error=deprecated-copy -Wformat -Wformat-security -Wno-gnu-zero-variadic-macro-arguments -Werror=implicit-function-declaration -Wno-psabi -Wno-unknown-warning-option -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fcrash-diagnostics-dir=/builds/worker/artifacts -fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -Wall -Wextra -Wunreachable-code -Wno-unused-parameter -fexperimental-new-pass-manager  -MD -MP -MF .deps/Unified_cpp_certverifier0.o.pp   Unified_cpp_certverifier0.cpp
[task 2020-09-24T00:49:57.713Z] 00:49:57     INFO -  In file included from Unified_cpp_certverifier0.cpp:11:
[task 2020-09-24T00:49:57.714Z] 00:49:57     INFO -  In file included from /builds/worker/checkouts/gecko/security/certverifier/CertVerifier.cpp:16:
[task 2020-09-24T00:49:57.714Z] 00:49:57    ERROR -  /builds/worker/checkouts/gecko/security/certverifier/NSSCertDBTrustDomain.h:223:18: error: 'CheckRevocation' marked 'override' but does not override any member functions
[task 2020-09-24T00:49:57.714Z] 00:49:57     INFO -    virtual Result CheckRevocation(
[task 2020-09-24T00:49:57.715Z] 00:49:57     INFO -                   ^
[task 2020-09-24T00:49:57.715Z] 00:49:57    ERROR -  /builds/worker/checkouts/gecko/security/certverifier/NSSCertDBTrustDomain.h:223:18: error: 'mozilla::psm::NSSCertDBTrustDomain::CheckRevocation' hides overloaded virtual function [-Werror,-Woverloaded-virtual]
[task 2020-09-24T00:49:57.716Z] 00:49:57     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: hidden overloaded virtual function 'mozilla::pkix::TrustDomain::CheckRevocation' declared here: type mismatch at 4th parameter ('mozilla::pkix::Duration' vs 'mozilla::pkix::Time')
[task 2020-09-24T00:49:57.716Z] 00:49:57     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:57.716Z] 00:49:57     INFO -                   ^
[task 2020-09-24T00:49:57.716Z] 00:49:57     INFO -  In file included from Unified_cpp_certverifier0.cpp:11:
[task 2020-09-24T00:49:57.717Z] 00:49:57    ERROR -  /builds/worker/checkouts/gecko/security/certverifier/CertVerifier.cpp:564:28: error: variable type 'mozilla::psm::NSSCertDBTrustDomain' is an abstract class
[task 2020-09-24T00:49:57.717Z] 00:49:57     INFO -        NSSCertDBTrustDomain trustDomain(
[task 2020-09-24T00:49:57.717Z] 00:49:57     INFO -                             ^
[task 2020-09-24T00:49:57.718Z] 00:49:57     INFO -  /builds/worker/workspace/obj-build/dist/include/nss/mozpkix/pkixtypes.h:279:18: note: unimplemented pure virtual method 'CheckRevocation' in 'NSSCertDBTrustDomain'
[task 2020-09-24T00:49:57.718Z] 00:49:57     INFO -    virtual Result CheckRevocation(EndEntityOrCA endEntityOrCA,
[task 2020-09-24T00:49:57.718Z] 00:49:57     INFO -                   ^
[task 2020-09-24T00:49:57.719Z] 00:49:57     INFO -  In file included from Unified_cpp_certverifier0.cpp:11:
[task 2020-09-24T00:49:57.719Z] 00:49:57    ERROR -  /builds/worker/checkouts/gecko/security/certverifier/CertVerifier.cpp:641:30: error: variable type 'mozilla::psm::NSSCertDBTrustDomain' is an abstract class
[task 2020-09-24T00:49:57.719Z] 00:49:57     INFO -          NSSCertDBTrustDomain trustDomain(
...
...
...
Flags: needinfo?(jjones)
Pushed by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9bc4c7e79cd6 land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs

Re-landed after bug 1605273 landed.

Flags: needinfo?(jjones)
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9a924b9ddabf land NSS 8ebee3cec9cf UPGRADE_NSS_RELEASE, r=kjacobs
Flags: needinfo?(jjones)

2020-09-24 Kevin Jacobs <kjacobs@mozilla.com>

* automation/abi-check/expected-report-libnss3.so.txt,
gtests/pk11_gtest/pk11_hkdf_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11skey.c,
lib/ssl/tls13hkdf.c:
Bug 1667153 - Add PK11_ImportDataKey API. r=rrelyea

This patch adds and exports `PK11_ImportDataKey`, and refactors the
null PSK TLS 1.3 code to use it.

[8fdbec414ce2] [tip]
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ab875fa23be4 land NSS 8fdbec414ce2 UPGRADE_NSS_RELEASE, r=kjacobs

2020-10-05 Ricky Stewart <rstewart@mozilla.com>

* coreconf/config.gypi:
Bug 1668328 - Enclose Python paths in `coreconf/config.gypi` in
quotes r=kjacobs,mt

This fixes a breakage if the Python path happens to have a space in
it.

[c7d3b214dd41] [tip]
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d22eea8d7760 land NSS c7d3b214dd41 UPGRADE_NSS_RELEASE, r=kjacobs

2020-10-12 Daiki Ueno <dueno@redhat.com>

* gtests/ssl_gtest/ssl_tls13compat_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h:
Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode,
r=mt

This makes the server reject CCS when the client doesn't indicate
the use of the middlebox compatibility mode with a non-empty
ClientHello.legacy_session_id, or it sends multiple CCS in a row.

[57bbefa79323] [NSS_3_58_BETA1]

2020-10-12 Kevin Jacobs <kjacobs@mozilla.com>

* automation/abi-check/expected-report-libnss3.so.txt,
automation/taskcluster/scripts/build_gyp.sh,
automation/taskcluster/windows/build_gyp.sh, coreconf/config.gypi,
coreconf/config.mk, cpputil/nss_scoped_ptrs.h,
gtests/common/testvectors/hpke-vectors.h,
gtests/pk11_gtest/manifest.mn, gtests/pk11_gtest/pk11_gtest.gyp,
gtests/pk11_gtest/pk11_hpke_unittest.cc, lib/nss/nss.def,
lib/pk11wrap/exports.gyp, lib/pk11wrap/manifest.mn,
lib/pk11wrap/pk11hpke.c, lib/pk11wrap/pk11hpke.h,
lib/pk11wrap/pk11pub.h, lib/pk11wrap/pk11wrap.gyp,
lib/util/SECerrs.h, lib/util/secerr.h:
Bug 1631890 - Add support for Hybrid Public Key Encryption (draft-
irtf-cfrg-hpke-05). r=mt

This patch adds support for Hybrid Public Key Encryption (draft-
irtf-cfrg-hpke-05).

Because the draft number (and the eventual RFC number) is an input
to the key schedule, future updates will *not* be backwards
compatible in terms of key material or encryption/decryption. For
this reason, a default compilation will produce stubs that simply
return an "Invalid Algorithm" error. To opt into using the HPKE
functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once
finalized, this flag will not be required to access the functions.

Lastly, the `DeriveKeyPair` API is not implemented as it adds
complextiy around PKCS #11 and is unnecessary for ECH.

[6e3bc17f0508]

2020-10-12 Makoto Kato <m_kato@ga2.so-net.ne.jp>

* automation/taskcluster/graph/src/extend.js, tests/common/cleanup.sh:
Bug 1657255 - Update CI for aarch64. r=kjacobs

Actually, we have the implementation of ARM Crypto extension, so CI
is always run with this extension. It means that we don't run CI
without ARM Crypto extension. So I would like to add NoAES and NoSHA
for aarch64 CI.

Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this
on aarch64 hardware.

[e8c370a8db13]
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/42043250eaf2 land NSS NSS_3_58_BETA1 UPGRADE_NSS_RELEASE, r=kjacobs

2020-10-16 J.C. Jones <jjones@mozilla.com>

* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.58 final
[1f3db03bba02] [NSS_3_58_RTM] <NSS_3_58_BRANCH>

2020-10-12 J.C. Jones <jjones@mozilla.com>

* .hgtags:
Added tag NSS_3_58_BETA1 for changeset 57bbefa79323
[a8deadf7adbe]
Keywords: leave-open
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/25d37fda4a41 land NSS NSS_3_58_RTM UPGRADE_NSS_RELEASE, r=kjacobs
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: