(Note that this is to: dev-tech-crypto) Short Version: We are looking at taking a private patch for one Firefox beta cycle in mozilla-central to export the MPI functions from FreeBL on all platforms in our private copy of NSS. Then, we could push the next NSS 3.12 release to the week after American Thanksgiving instead of the week of American Thanksgiving. Please let me know if you know of a reason why this wouldn't work.
Long Version: I spoke with the Sync team and we don't think there is enough time to get the NSS J-PAKE implementation completed and reviewed and have the Sync team redo their prototype on top of it before Fennec code freeze on Monday. The Sync team already has a J-PAKE implementation in JavaScript that uses JS-ctypes to call into MPI, which they have already written and tested on Mac OS X. Somehow it worked on Mac OS X even though the MPI symbols aren't supposed to be exported from FreeBL. So, basically the patch is just exporting those same symbols from FreeBL on other platforms. We wouldn't expect J-PAKE to work on any platforms that repackage Firefox to use system NSS. And, in Firefox B9 / Fennec B4, we would switch to the NSS-based implementations and we would back out the patch. Obviously, it is far from ideal but it seems better than trying to rush a whole new J-PAKE system over the weekend. Based on what the Sync team said, the patch would consist purely of these additions to the FreeBL .def file: mp_init mp_clear mp_set mp_sub_d mp_sub mp_cmp mp_cmp_d mp_mod mp_addmod mp_submod mp_mulmod mp_exptmod mp_read_raw mp_raw_size mp_toraw mp_read_radix mp_radix_size mp_toradix and maybe, but hopefully not: SHA256_Hash SHA256_HashBuf SHA256_NewContext SHA256_DestroyContext SHA256_Begin SHA256_Update SHA256_End Thanks, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
