3f8cd3784d
Unset Beta flag to sync up JSS 4.1.1 RTM with NSS 3.10.2 RTM build date.
2005-09-21 21:06:54 +00:00
d05886f50d
Add version info to freebl shared libs for Windows and Unix. bub 303508.
...
Modified Files: config.mk ldvector.c manifest.mn
Added Files: freebl.rc freeblver.c r=wtc.
2005-09-21 03:01:49 +00:00
f12a0e5a63
Replace "fast" and "slow" with fpu and int in loader.c. Also add a
...
comment explaining ISA lists. r=wtc. bug 303508.
2005-09-21 02:53:25 +00:00
73f597f990
Bug 299197: added the comment for PK11_TokenKeyGen back. r=relyea.
2005-09-21 01:32:11 +00:00
ecdf90d92d
Bug 299197: fixed comments. r=relyea.
2005-09-21 01:31:37 +00:00
acc7931e28
fix bug 217611: Page Info can be opened multiple times
...
patch by Jason Barnabe (np) <jason_barnabe@fastmail.fm>, r=mconnor
2005-09-21 01:12:29 +00:00
aa8a2c0490
Only call C_WaitForSlotEvent if the module is PKCS #11 v2.01 or later.
...
bug 196811 r=wtc sr=julien
2005-09-20 20:56:07 +00:00
b8d9f0ef9a
Fix for 293686. Check status from SECU_ParseCommandLine. r=nelson
2005-09-20 05:13:01 +00:00
48b2d654bd
Fix for 292390. NSS tools with missing command-line operands cause crash. r=nelson
2005-09-19 20:59:46 +00:00
7e8884e00e
Fix for 293686 . signver has command-line options with optional arguments. r=nelsonb
2005-09-19 20:52:11 +00:00
41da874bf6
238319: Sun packages changes.
...
Change libfreebl name on Solaris x86 (following changes from Bugzilla 303508).
2005-09-19 19:12:24 +00:00
1d3384b1c6
Only do expensive GetName() calls if we're actually logging. Bug 304847,
...
r=kaie, sr=dmose
2005-09-19 03:23:21 +00:00
7ce62d0cd1
Bug 284636 Fix typo in Website Certified by an Unknown Authority alert
...
Patch by stephend and Kurt <supernova_00@yahoo.com> r=kaie sr=bzbarsky
2005-09-19 00:05:02 +00:00
13f41d4840
Bugzilla bug 303508: a more elegant way to decide when we need to prefix
...
LIBRARY_VERSION with '_'. r=nelsonb.
2005-09-16 23:18:01 +00:00
d42e92ad88
Fix hoarked build from previous checkin. Doh.
2005-09-16 21:28:20 +00:00
b427dc6efe
Bugzilla Bug 298517: when in FIPS mode, impose minimum password length and
...
quality to ensure a password guessing probability of less than 1 in
10,000,000, and impose a one second delay after failed login attempt to
allow at most 60 login attempts per minute. r=relyea,nelsonb.
Modified files: fipstokn.c pkcs11.c pkcs11i.h
2005-09-16 20:37:58 +00:00
c56d3589f6
Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson
2005-09-16 20:33:09 +00:00
8bda56063a
Fix bug 307293: make sure we initialize the mType and mTag members of nsNSSASN1Object. r=wtchang, sr=rrelyea.
2005-09-16 18:57:55 +00:00
2e75eae9d5
Bugzilla Bug 288728: handle invalid values of recipient identifier type.
...
r=jpierre,relyea.
2005-09-16 17:54:31 +00:00
019a13cbeb
Bugzilla Bug 288728: use a whitelist instead of a blacklist when checking
...
for invalid values of "type". r=jpierre,relyea.
2005-09-16 17:52:37 +00:00
dcad184fa4
Bugzilla Bug 303508: removed the underscore from the name of the "single"
...
freebl shared library (freebl_3.dll -> freebl3.dll). Do the recursive
child builds without changing directories. This fixed the BUILD_TREE build
problem. r=nelsonb,saul.edwards.
Modified files: Makefile freebl.def manifest.mn
2005-09-16 17:17:45 +00:00
d67071df3f
Bugzilla Bug 303508: enhanced the makefile rule for $(MAPFILE). Added
...
the new variable MAPFILE_SOURCE instead of the hardcoded
$(LIBRARY_NAME).def to represent the "source" mapfile, and use $< to
refer to the "source" mapfile (prerequisite of the target) in
PROCESS_MAP_FILE. r=nelsonb.
Modified Files:
AIX.mk BSD_OS.mk Darwin.mk FreeBSD.mk HP-UX.mk IRIX.mk
Linux.mk Linux2.1.mk Linux2.2.mk Linux2.4.mk Linux2.5.mk
Linux2.6.mk NCR3.0.mk NEC4.2.mk NetBSD.mk OS2.mk OSF1.mk
OpenUNIX.mk OpenVMS.mk ReliantUNIX.mk SCO_SV3.2.mk SunOS5.mk
UNIXWARE2.1.mk WIN16.mk WIN32.mk WINCE.mk rules.mk ruleset.mk
2005-09-16 17:09:23 +00:00
65241f7ef4
Removed an unnecessary -L linker flag. r=nelsonb,saul.edwards.
2005-09-16 17:02:49 +00:00
3eac80068d
Bugzilla Bug 303508: code cleanup. r=nelsonb,jpierre.
2005-09-16 16:59:22 +00:00
50fdf2b49f
Modified import.pl, jdk.mk and release.pl under coreconf and all.pl under
...
jss test directory for bug #302550 . Attached below is the diff of the
changes done to these files.
Index: coreconf/import.pl
===================================================================
RCS file: /cvsroot/mozilla/security/coreconf/import.pl,v
retrieving revision 1.2
diff -u -r1.2 import.pl
--- coreconf/import.pl 25 Apr 2004 15:02:17 -0000 1.2
+++ coreconf/import.pl 15 Sep 2005 18:37:51 -0000
@@ -46,7 +46,6 @@
#######-- read in variables on command line into %var
-$var{ZIP} = "zip";
$var{UNZIP} = "unzip -o";
&parse_argv;
Index: coreconf/jdk.mk
===================================================================
RCS file: /cvsroot/mozilla/security/coreconf/jdk.mk,v
retrieving revision 1.14
diff -u -r1.14 jdk.mk
--- coreconf/jdk.mk 25 Apr 2004 15:02:17 -0000 1.14
+++ coreconf/jdk.mk 15 Sep 2005 18:37:52 -0000
@@ -123,14 +123,14 @@
# set [Sun Solaris] platforms
ifeq ($(OS_ARCH), SunOS)
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
+ JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
ifeq ($(JRE_HOME),)
JRE_HOME = $(JAVA_HOME)
JRE_CLASSES = $(JAVA_CLASSES)
else
ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
+ JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
endif
endif
@@ -144,9 +144,13 @@
# (3) specify "linker" information
ifeq ($(USE_64), 1)
- JAVA_CPU = $(shell uname -p)v9
+ ifeq ($(CPU_ARCH), x86_64)
+ JAVA_CPU = amd64
+ else
+ JAVA_CPU := $(shell uname -p)v9
+ endif
else
- JAVA_CPU = $(shell uname -p)
+ JAVA_CPU := $(shell uname -p)
endif
ifeq ($(JDK_VERSION), 1.1)
@@ -163,8 +167,6 @@
ifneq ($(JDK_VERSION), 1.1)
ifeq ($(USE_64), 1)
JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server
-else
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic
endif
JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)
JAVA_LIBS += -ljvm -ljava
@@ -220,14 +222,14 @@
# set [Redhat Linux] platforms
ifeq ($(OS_ARCH), Linux)
- JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip
+ JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
ifeq ($(JRE_HOME),)
JRE_HOME = $(JAVA_HOME)
JRE_CLASSES = $(JAVA_CLASSES)
else
ifeq ($(JRE_CLASSES),)
- JRE_CLASSES = $(JRE_HOME)/lib/classes.zip
+ JRE_CLASSES = $(JRE_HOME)/jre/lib/rt.jar
endif
endif
@@ -241,16 +243,21 @@
# (3) specify "linker" information
JAVA_CPU = i386
-
+ ifeq ($(CPU_ARCH),x86_64)
+ ifeq ($(USE_64), 1)
+ JAVA_CPU = amd64
+ else
+ JAVA_CPU = i386
+ endif
+ endif
JAVA_LIBDIR = jre/lib/$(JAVA_CPU)
JAVA_CLIBS =
ifeq ($(JDK_VERSION), 1.4)
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server -ljvm
- else
- JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm
+ JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server -ljvm
endif
+
JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava
JAVA_LIBS += $(JAVA_CLIBS)
Index: coreconf/release.pl
===================================================================
RCS file: /cvsroot/mozilla/security/coreconf/release.pl,v
retrieving revision 1.3
diff -u -r1.3 release.pl
--- coreconf/release.pl 25 Apr 2004 15:02:17 -0000 1.3
+++ coreconf/release.pl 15 Sep 2005 18:37:52 -0000
@@ -41,7 +41,14 @@
#######-- read in variables on command line into %var
-$var{ZIP} = "zip";
+$use_jar = 1;
+$ZIP = "$ENV{JAVA_HOME}/bin/jar";
+
+if ( $ENV{JAVA_HOME} eq "" ) {
+ $ZIP = "zip";
+ $use_jar = 0;
+}
+
&parse_argv;
@@ -56,11 +63,15 @@
($jardir,$jaropts) = split(/\|/,$jarinfo);
- $zipoptions = "-T";
- if ($jaropts =~ /a/) {
- if ($var{OS_ARCH} eq 'WINNT') {
- $zipoptions .= ' -ll';
- }
+ if ( $use_jar ) {
+ $zipoptions = "-cvf";
+ } else {
+ $zipoptions = "-T -r";
+ if ($jaropts =~ /a/) {
+ if ($var{OS_ARCH} eq 'WINNT') {
+ $zipoptions .= ' -ll';
+ }
+ }
}
# just in case the directory ends in a /, remove it
@@ -117,8 +128,8 @@
}
closedir(DIR);
- print STDERR "zip $zipoptions -r $jarfile $filelist\n";
- system("zip $zipoptions -r $jarfile $filelist");
+ print STDERR "$ZIP $zipoptions $jarfile $filelist\n";
+ system("$ZIP $zipoptions $jarfile $filelist");
rmdir("META-INF");
for $i (1 .. $dirdepth) {
chdir("..");
Index: jss/org/mozilla/jss/tests/all.pl
===================================================================
RCS file: /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/all.pl,v
retrieving revision 1.22
diff -u -r1.22 all.pl
--- jss/org/mozilla/jss/tests/all.pl 6 Sep 2005 17:57:40 -0000 1.22
+++ jss/org/mozilla/jss/tests/all.pl 15 Sep 2005 18:37:54 -0000
@@ -136,12 +136,26 @@
exit(1);
}
+ #
+ # Use 64-bit Java on AMD64.
+ #
+
$java = "$ENV{JAVA_HOME}/jre/bin/java$exe_suffix";
+ my $java_64bit = 0;
+ if ($osname eq "SunOS") {
+ if ($ENV{USE_64}) {
+ my $cpu = `/usr/bin/isainfo -n`;
+ if ($cpu == "amd64") {
+ $java = "$ENV{JAVA_HOME}/jre/bin/amd64/java$exe_suffix";
+ $java_64bit = 1;
+ }
+ }
+ }
(-f $java) or die "'$java' does not exist\n";
$java = $java . $ENV{NATIVE_FLAG};
- if ($ENV{USE_64}) {
- $java = $java . " -d64";
+ if ($ENV{USE_64} && !$java_64bit) {
+ $java = $java . " -d64";
}
$pwfile = "passwords";
2005-09-16 00:33:23 +00:00
9499265f5c
Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
...
Change existing callers to pass this argument. Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files: freebl/alghmac.c freebl/alghmac.h freebl/loader.c
freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
f889a99cbb
Bugzilla Bug 301554: Clear the 'present' flag if slot fails to refresh.
...
relyea wrote the patch. r=wtc,nelsonb.
2005-09-14 01:35:02 +00:00
853c2b4645
bug 292368 remove obsolete file; replaced by nsICryptoHash
2005-09-12 17:51:57 +00:00
fdffe11308
Fix regression introduced in last checkin. If the caller disables the
...
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack. bug 305147. r=julien.pierre
2005-09-10 01:18:40 +00:00
d016e006b8
Bug 305147: add -B (bypass SSL) and -s (disable SSL locking) to server and client commands; add bypass testing to SSL test suite.
2005-09-09 04:50:07 +00:00
4b56704437
Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS.
...
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
2005-09-09 03:02:16 +00:00
1d31068271
Export function PK11_MapSignKeyType for use by libSSL. Bug 305147.
...
r=relyea.
Modified Files: nss/nss.def pk11wrap/pk11mech.c pk11wrap/pk11obj.c
pk11wrap/pk11pub.h pk11wrap/secmodi.h
2005-09-09 02:03:57 +00:00
cba8f8955c
238319: Sun packages changes.
...
Install 64 bit libraries in lib64 on Linux.
2005-09-08 22:23:54 +00:00
80e0981d59
Packaging for bug 303508: new freebl library names for Solaris packages.
...
Note that Linux does not require these changes because the Makefile picks up
all .so and .chk files for Linux packages.
2005-09-08 02:25:49 +00:00
4250ad5929
Bugzilla Bug 299197: define two bitflags for every PKCS #11 object
...
attribute with no exceptions. renamed PK11_ATTR_READONLY as
PK11_ATTR_UNMODIFIABLE. In pk11_OpFlagsToAttributes, backed out a change
I made before. Made pk11_AttrFlagsToAttributes table-driven. In
pk11_loadPrivKeyWithFlags, fixed the bug (always loading the public key as
a token object). Other code cleanups. r=relyea,nelsonb.
Modified files: pk11akey.c pk11obj.c pk11pub.h pk11skey.c secmodt.h
2005-09-07 18:23:35 +00:00
0194469cc5
Bug 303508: Add freebl shared libs that do 64-bit integer math. Bug 274984: softoken fails to load freebl in setuid programs. freebl becomes a shared library on all platforms. r=nelson
...
Modified Files:
coreconf/HP-UXB.11.mk coreconf/SunOS5.mk
nss/cmd/shlibsign/Makefile nss/cmd/shlibsign/manifest.mn
nss/lib/freebl/Makefile nss/lib/freebl/arcfour.c
nss/lib/freebl/blapi.h nss/lib/freebl/config.mk
nss/lib/freebl/ldvector.c nss/lib/freebl/loader.c
nss/lib/freebl/loader.h nss/lib/freebl/manifest.mn
Added Files:
nss/lib/freebl/freebl.def
2005-09-07 02:47:16 +00:00
2a16957317
306114 enable/disable FIPS modes files: CryptoManager.c, tests/all.pl, tests/FipsTest.java r=sandeep,sr=wtc
2005-09-06 17:57:40 +00:00
8ebcacd943
305984 update FIPS values for cipher suites file=sslinfo.c r=bob,sr=wtc
2005-09-06 17:15:32 +00:00
c6ba13f2ab
Fix bug 306795: nsNSSCertificateDB::IsCertTrusted() fails to check the return value from CERT_GetCertTrust(), so can return random trust bits. r=dougt, sr=rrelyea
2005-09-04 19:05:01 +00:00
fca60837f2
Added Password.clear() and PBEKeyGenParams.clear() so that the objects are
...
released when GC tries to collect them.
2005-09-02 22:48:46 +00:00
09666e78db
Adding JSS SelfServ test client and server.
2005-09-02 20:58:08 +00:00
132ddbe43e
Fix 306785 . Memory leaks in PQG_ParamGenSeedLen . r=nelson
2005-09-02 20:05:35 +00:00
db235ef59a
Bugzilla Bug 299197: added PK11AttrFlags and PK11_GenerateKeyPairWithFlags.
...
Modified PK11_TokenKeyGenWithFlags to take a PK11AttrFlags parameter.
PK11AttrFlags controls the values of commonly used PKCS #11 object
attributes that have Boolean values. r=relyea,nelsonb.
Modified Files:
nss/nss.def pk11wrap/pk11akey.c pk11wrap/pk11obj.c
pk11wrap/pk11pub.h pk11wrap/pk11skey.c pk11wrap/secmodi.h
pk11wrap/secmodt.h
2005-09-02 18:25:04 +00:00
184d7ab678
Bugzilla Bug 305835: removed NSS_ENABLE_ECC ifdefs under nss/lib except
...
nss/lib/{freebl,softoken,ssl}. r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/manifest.mn cryptohi/seckey.c
cryptohi/secsign.c freebl/ec.c pk11wrap/manifest.mn
pk11wrap/pk11akey.c pk11wrap/pk11cert.c pk11wrap/pk11mech.c
pk11wrap/pk11obj.c pk11wrap/pk11skey.c pkcs12/manifest.mn
pkcs12/p12d.c pkcs7/config.mk pkcs7/p7decode.c
pkcs7/p7encode.c smime/cmssiginfo.c smime/cmsutil.c
smime/config.mk
2005-09-02 01:24:57 +00:00
4113e9229d
Bugzilla Bug 303507: changed GCC's default OPTIMIZER back to -O2.
...
r=saul.edwards.
2005-09-02 00:59:00 +00:00
a63c75a8a1
Bug 306615 - Fold PSM into libxul r=darin
2005-09-01 12:43:58 +00:00
afccecc775
Bugzilla Bug 257693: code cleanup. 1. Change "X9.63" to "X9.62". 2. In
...
EC_ValidatePublicKey, set error codes and handle a NULL return from
ECGroup_fromName. 3. In the ECGroupStr structure, move the validate_point
field up. 4. In the test cases, if the tests that should fail, passed,
say so in the error messages. r=douglas@stebila.ca .
Modified Files:
blapi.h ec.c ecl/ecl-priv.h ecl/ecl.c ecl/ecl.h
ecl/tests/ec2_test.c ecl/tests/ecp_test.c
2005-08-27 01:09:22 +00:00
5c09c35d46
Bug 263182: Page Info (Security tab) doesn't explain mixed secure/insecure, r=kaie.bugs, sr=neil.parkwaycc.co.uk
2005-08-26 20:34:31 +00:00
7c0ee6b9d3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
32714968eb
Fix for 297802 . r=wtchang . Add $(OS_LIBS) to MKSHLIB rules.
...
Add -z defs linker option for Solaris and Linux .
Also add -z ignore on Solaris .
2005-08-26 02:17:05 +00:00
dd1fe47c6d
Bugzilla bug 302212: backed out the previous checkin. The corresponding
...
Mozilla patch hasn't been checked in yet.
2005-08-25 23:23:40 +00:00
33f6464950
Bug 302416 NSS root cert module & fortezza should not be using NSPR static libraries
...
r=wtc
sr-julien
Side effects: Root cert module now works with CKF_OS_LOCKING_OK and not callbacks,
but does not work if CKF_OS_LOCKING_OK == 0 and callbacks are define.
2005-08-25 20:08:27 +00:00
54f6fe8f80
Addendum to 303507 - set default OPTIMIZER for Linux and Solaris gcc builds
...
to -O3, consolidate flags to Linux.mk.
2005-08-24 23:58:36 +00:00
a58024a52e
Uprev JSS version to 4.1.1 Beta.
2005-08-24 23:39:12 +00:00
d624f9129a
Bugzilla Bug 296410: further simplify the code by always referencing the
...
buffer using the same union member. r=relyea.
VFYContextCVS: ----------------------------------------------------------------------
2005-08-24 23:05:39 +00:00
bb71b54311
Bugzilla bug 302670: backed out the use of system zlib because some Linux
...
distributions are using zlib 1.1.4, which causes our signtool tests to
fail intermittently. Don't know why.
2005-08-20 01:05:44 +00:00
690785e15a
add optional support for mit kerberos for windows, patches by cneberg@gmail.com, r=darin, sr=bienvenu 280792
2005-08-19 14:25:22 +00:00
22ff330626
Fix AIX build problem
2005-08-18 23:37:31 +00:00
b344095748
Bugzilla Bug 266123: support 64-bit PowerPC builds for Linux distributions
...
(such as Red Hat and Fedora) whose GCC generates 32-bit code by default.
r=cls.
2005-08-18 17:48:26 +00:00
3c64b87604
Remove fortezza header files from package. Bug 239960. patch by
...
wtchang@redhat.com , r=nelson@bolyard.com Modified Files: prototype
2005-08-18 03:42:00 +00:00
e519fb7724
bug 277587 nsSecureBrowserUIImpl's nsUIContext interface requestor doesn't give
...
access to the dom window
patch by Christian Persch <chpe@gnome.org> r=jgmyers sr=roc a=asa
2005-08-17 13:38:03 +00:00
6b5d842c09
Fix for bug 217024. add a function for comparing cert validity periods. r=wtchang
2005-08-17 02:04:12 +00:00
9c0e116e76
Bug Id: 304195
...
Added try/catch block around the method calls within toString(). Calls
such as getInetAddress(), getPort() etc does not check if the socket is
closed, and when applications use toString() on a closed socket, there
is an uncaught exception.
2005-08-16 23:44:45 +00:00
c3fa2091c5
Bug 303507: Add comba for MPI's multiply and square routines.
...
This code is currently for AMD 64 on both Linux and Solaris only.
2005-08-16 19:25:48 +00:00
d391504d03
Remove fortezza code from libSSL and from the SSL test programs.
...
Stop building fortezza's special software token, and fortezza specific
test programs. Bug 239960. r=rrelyea.
Modified Files:
cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
lib/ssl/sslt.h
2005-08-16 03:42:26 +00:00
3e2e9c754f
Bugzilla bug 296410: checked in a better fix than the previous checkin.
...
Also removed the unused, unexported function SEC_VerifyFile. r=nelsonb.
2005-08-16 01:57:51 +00:00
88fb7bee52
Bugzilla bug 296410: removed unused, unexported function SEC_SignFile.
...
r=nelsonb.
2005-08-16 01:52:17 +00:00
af11fc1310
Bugzilla Bug 302670: enable NSS to use system zlib and do that on Linux.
...
r=nelsonb.
Modified Files:
coreconf/Linux.mk nss/cmd/Makefile nss/cmd/manifest.mn
nss/cmd/platlibs.mk
2005-08-16 01:08:59 +00:00
f95409ea4c
Bugzilla Bug 302212: enable Mac OS X x86 builds to target SDKs. The patch
...
is contributed by Mark Mentovai <mark@moxienet.com>. r=wtc.
2005-08-15 22:44:22 +00:00
e758a9999b
Bugzilla Bug 298612: make sure that the int argument that we pass to the
...
isspace, etc. macros is EOF or between 0 and 255. r=nelsonb.
2005-08-15 22:06:47 +00:00
5e25df8763
Bugzilla Bug 298957: removed a comment. The code already does what the
...
comment asked for. r=relyea.
2005-08-15 21:34:42 +00:00
80d892f39d
Bug 225034 Certificate Manager Crashes Mozilla [@ nsCertTree::CmpByCrit]
...
sr=brendan r=wtc a=dbaron
The issue is the use of the PL_DHash* functions. It's possible that a given call
to PL_DHashOperate which adds a new entry may cause the hash table to expand,
and all the existing entries to be reallocated. PL_DHash does this by allocating
new memory, then copying the entries.
getCacheEntry() returns one of these hash entries. CmpBy() makes two consecutive
calls to getCacheEntry, then uses the returned entries for it's comparisons. If
the second entry call causes a new entry to be added to the table, and causes
the hash table to expand, the pointer to the first entry we retrieved will point
to freed memory.
The fix is to make the usable entry a pointer in the hashtable entry, and return
that pointer. When the hashtable rebuilds it's entries, the pointer will be
copied to the new entry and not be disturbed.
2005-08-15 21:23:51 +00:00
55197b5cfd
Bugzilla Bug 289530: fixed signed/unsigned comparison compiler warnings.
...
Fixed compilation errors of new ECC code added in the previous checkin.
r=nelsonb.
2005-08-15 21:23:39 +00:00
29e52be20d
Remove ^M from the tree version of mpcpucache.c
2005-08-15 19:00:17 +00:00
95723d010a
Bug 285932: Faster SHA1 implementation for AMD64: sha-fast-amd64-sun.s is
...
currently only for Solaris AMD 64 when using Sun studio compilers.
2005-08-15 16:55:22 +00:00
2577eb148c
Bugzilla bug 302286: fixed the bug that NSS misinterpreted the
...
CKA_PRIME_BITS attribute for DSA's p parameter. r=relyea.
Modified files: pk11wrap/pk11pqg.c softoken/pkcs11c.c
2005-08-13 00:09:26 +00:00
12ebc20147
Bugzilla Bug 302286: PQG_PBITS_TO_INDEX should reject p bits that are
...
less than 512 or greater than 1024. r=relyea.
2005-08-13 00:07:18 +00:00
0824c317a1
Bugzilla Bug 296410: enlarge the buffer size for message digest so that
...
we can generate and verify signatures that use SHA-512. r=relyea
Modified files: secsign.c secvfy.c
2005-08-12 23:50:19 +00:00
3caf238827
Bugzilla bug 240554: Alice's cert doesn't need to be added to Bob's db.
...
r=relyea.
Modified files: cert.sh eccert.sh
2005-08-12 23:27:44 +00:00
148653a358
Bugzilla bug 240554: we should pass the signature algorithm, not the
...
public key's algorithm, to VFY_VerifyData and VFY_VerifyDigest. Only
fixed this in cmssiginfo.c. In p7decode.c I just added comments saying
they should be fixed. r=relyea.
Modified files: lib/smime/cmssiginfo.c lib/pkcs7/p7decode.c
2005-08-12 23:26:38 +00:00
1a568d0852
Bugzilla bug 240554: set (better) error codes and removed an unreachable
...
break statement. r=relyea.
2005-08-12 23:24:22 +00:00
c0bd0e749a
Bugzilla bug 240554: fixed signed/unsigned comparison compiler warning.
...
r=relyea.
2005-08-12 23:22:28 +00:00
e09393045c
Bugzilla bug 292239: have the softoken report Cryptoki version 2.20.
...
r=relyea.
2005-08-12 23:14:22 +00:00
2d2b80688d
Bugzilla bug 292239: added a change missed in the previous checkin.
...
r=relyea.
2005-08-12 23:12:18 +00:00
684e5d1c2b
Correct mistyped version of wtc patch.
2005-08-12 22:19:19 +00:00
a584ef4a1d
Bug 292239 r wtc & julien
...
Merge PKCS #11 v2.20 header files
2005-08-12 18:58:47 +00:00
62ee9e4e59
As per Wan-Teh's suggestion, the comments are modified to look as shown below.
...
#/********************************************************************/
#/* The VERSION Strings should be updated in the following */
#/* files everytime a new release of JSS is generated: */
#/* */
#/* org/mozilla/jss/CryptoManager.java */
#/* org/mozilla/jss/CryptoManager.c */
#/* org/mozilla/jss/util/jssver.h */
#/* lib/manifest.mn */
#/* */
#/********************************************************************/
2005-08-12 18:39:14 +00:00
5ab7c1109c
Bug 303010 Certificate upgrade can drop S/MIME certificates
...
r=wtc.
Delay loading the S/MIME records on upgrade until the cert is loaded
2005-08-12 18:01:26 +00:00
e23ea875f3
Followup changes to bzabarsky's review for bug 296639. Reviews pending, a=drivers@mozilla.org
2005-08-12 04:11:00 +00:00
0543618d9c
Bugzilla Bug 257693: actually implemented EC_ValidatePublicKey and added a
...
test case. The patch is contributed by Douglas Stebila
<douglas@stebila.ca>. r=wtc.
Modified Files:
ec.c ecl/ec2.h ecl/ec2_aff.c ecl/ecl-priv.h ecl/ecl.c
ecl/ecl.h ecl/ecp.h ecl/ecp_aff.c ecl/tests/ec2_test.c
ecl/tests/ecp_test.c
2005-08-12 00:59:19 +00:00
67ffaff684
Bugzilla Bug 298514: added a missing break statement and removed an unused
...
variable. r=jpierre.
2005-08-12 00:44:35 +00:00
9a026f7eba
Bugzilla Bug 240554: added ECDSA support in S/MIME. The patch is
...
contributed by Vipul Gupta <vipul.gupta@sun.com>. r=wtc.
Modified Files:
cryptohi/secsign.c pkcs7/config.mk pkcs7/p7decode.c
pkcs7/p7encode.c smime/cmssiginfo.c smime/cmsutil.c
smime/config.mk
2005-08-11 23:11:40 +00:00
e8ad6847cf
Bugzilla Bug 240554: added S/MIME tests for ECDSA. The patch is
...
contributed by Vipul Gupta <vipul.gupta@sun.com>. r=wtc.
Modified files: fixtests.sh cert/eccert.sh
Added file: smime/ecsmime.sh
2005-08-11 22:50:12 +00:00
c3281b24a7
Older release of JSS had an issue with gradually slowing socket read time when
...
transfering large files (> 10MB). In order to test this in current and future
release, there needs to be a test client that can read a file and transfer it to
a server (remote or local) via JSS socket. The server should report the number
of bytes read and the time it took to read these bytes. There should not no
degradation in read time if there is no leak of any sort.
This is not part of all.pl, but is a client/server that uses JSS to transfer
files securely. The main purpose of this test would be to test the performance
of large file transfer using JSS.
NOTE: If bufferedStream.mark(Integer.MAX_VALUE); method is invoked then fill
method of BufferedInputStream class copies lot of data using System.arraycopy
(which in-turn use memcpy). This causes very high CPU usage. This is one of
the reasons secure large file transfer can become slow over time.
2005-08-11 18:28:59 +00:00
0d980a5ea1
A faster c implementation of SHA1 for most platforms. Bug 285932.
...
r=wtchang Modified Files: prng_fips1861.c sha_fast.c sha_fast.h
2005-08-11 01:01:08 +00:00
9b7075b1d2
Bugzilla Bug 303116: fixed an off-by-one error in the size of the NAF
...
buffer. We access this buffer using indices from 0 to orderBitSize.
r=douglas.stebila.
2005-08-10 20:35:07 +00:00
24b5ce2c08
Bugzilla Bug 303116: fixed an off-by-one error when duplicating a string.
...
r=douglas.stebila.
2005-08-10 18:49:29 +00:00
19e9429f0d
Bugzilla Bug 303116: this file doesn't need to include <strings.h>, which
...
doesn't exist on Windows. r=relyea.
Bugzilla Bug 303130: fixed memory leak of mp_int in ECPoints_mul.
r=douglas.stebila.
2005-08-10 18:46:29 +00:00
f728d5d9bb
Bugzilla Bug 266123: added ppc64 support. The patch is contributed by
...
Markus Rothe <markus@unixforces.net>. r=wtc.
2005-08-09 22:31:24 +00:00
51a9c2f4bd
Bugzilla bug 303986: do not assume the line ending is '\n'; it may be the
...
two character sequence '\r''\n'. Make sure a character is a digit before
using it as a digit. r=jpierre.
2005-08-09 22:19:09 +00:00
c893021cd0
Address review comments. Add test after PORT_Assert. Bug 303334.
...
r=rrelyea,sr=wtchang
Modified Files: rijndael.c
2005-08-09 03:09:38 +00:00
7755e752cd
Make changes from review feedback. Bug 303316. r=wtchang.
...
Modified Files: freebl/alghmac.h freebl/blapi.h freebl/ldvector.c
freebl/loader.c freebl/loader.h freebl/rawhash.c
freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
2005-08-09 02:54:54 +00:00
b71260a8a1
297057 fix case of doOK()
...
patch by Frank Wein <bugzilla@mcsmurf.de> r=kaie sr=neil a=bsmedberg
2005-08-06 21:34:04 +00:00
8260a85fe6
Add a new assembly language source file with multiplication code for
...
Sparc v8 (not V8plus) CPUs. This works around a performance regression
by restoring the former code. Bug 303338. r=wtchang.
Modified Files: Makefile
Added Files: mpi/mpv_sparcv8x.s
2005-08-06 11:08:41 +00:00
c02e614a66
Add a comment clarifying that this source file is for sparc v8plus CPUs.
...
Upgrade license to tri-license. Fix a bunch of whitespace problems,
WAY too much indentation. Related to bug 303338. r=wtchang.
Modified Files: mpi/mpv_sparcv8.s
2005-08-06 11:06:55 +00:00
1f607bc371
Move the TLS Pseudo Random Function (PRF) and the HMAC algorithm from
...
softoken to freebl. Bug 303316. r=wtchang (with suggested changes)
Modified Files:
freebl/blapi.h freebl/ldvector.c freebl/loader.c
freebl/loader.h freebl/manifest.mn softoken/lowpbe.c
softoken/manifest.mn softoken/pkcs11c.c softoken/pkcs11i.h
softoken/tlsprf.c
Added Files:
freebl/alghmac.c freebl/alghmac.h freebl/rawhash.c
freebl/tlsprfalg.c
Removed Files:
softoken/alghmac.c softoken/alghmac.h softoken/rawhash.c
2005-08-06 09:27:28 +00:00
9a8510d59b
This is the last trunk version of this file. The file will be moved
...
to nss/lib/freebl. This version is identical to the first version
of this file in nss/lib/freebl. Bug 303316. r=wtchang.
Modified Files: alghmac.c alghmac.h rawhash.c
2005-08-06 09:24:13 +00:00
8521bea2ba
Add new functions for blapi symmetric ciphers and digest functions,
...
so that all those functions can initialize a preallocated context.
Bug 303334. r=rrelyea.
Modified Files: aeskeywrap.c alg2268.c arcfour.c blapi.h blapit.h desblapi.c
ldvector.c loader.c loader.h md2.c md5.c rijndael.c rijndael.h sha512.c
2005-08-06 07:24:21 +00:00
51714ee5f1
Faster SHA1 implementation. Further corrections expected. bug 285932.
...
r=wtchang Modified Files: prng_fips1861.c sha_fast.c sha_fast.h
2005-08-06 07:10:34 +00:00
440dae786f
Fix for bug 303494 . SEC_LookupCrls passes the address of a stack variable that goes out of scope. r=nelson,wtchang
2005-08-05 21:15:22 +00:00
7931c0ace4
Removed noeccert.sh and noectools.sh from CVS. These two files are
...
automatically created by the fixtests.sh script by copying the non-ECC
(default) test scripts to these names. r=vipul.gupta.
Removed Files: cert/noeccert.sh tools/noectools.sh
2005-08-04 16:27:07 +00:00
a3c8d78e87
Minimo only. Backing out 300373.
2005-08-03 05:24:18 +00:00
60181a7016
NSC_CopyObject can now copy token keys to session keys. Bug 289530.
...
r=rrelyea. Modified Files: pkcs11.c pkcs11u.c
2005-08-03 02:26:55 +00:00
6ee92f33d0
Implement PK11_CopyTokenPrivKeyToSessionPrivKey, function to copy token
...
RSA private key to a session key, to eliminate DB lookups and 3DES
unwrapping for every use. Bug 274538. r=rrelyea.
Modified Files: nss/nss.def pk11wrap/pk11akey.c pk11wrap/pk11pub.h
2005-08-03 01:57:40 +00:00
6edae5d3b6
Eliminate numerous potential causes of sending invalid (zero) session
...
handles down to a PKCS11 module. Bug 292049. r=relyea.
Modified Files: pk11akey.c pk11auth.c pk11obj.c pk11skey.c pk11slot.c
pk11util.c
2005-08-03 01:22:07 +00:00
d4d47484e2
Bug 283569 OOM crash [@ nsNSS_SSLGetClientAuthData]
...
patch by b.jacques@planet.nl r=kaie sr=darin a=bsmedberg
2005-08-02 14:22:50 +00:00
eeb454fae5
remove NSS_CLASSIC code from pk11cert.c and pk11nobj.c.
...
bug 293847 r=rrelyea
2005-08-02 01:34:38 +00:00
ea595039b7
Bugzilla Bug 298957: PK11_TokenKeyGenWithFlags will be released in NSS
...
3.10.2.
2005-08-02 01:04:55 +00:00
035c21bfa6
Bugzilla Bug 298957: improved the comment for PK11_TokenKeyGenWithFlags.
...
r=relyea.
2005-08-02 01:03:08 +00:00
8825fcbdba
Bugzilla Bug 302663: SECKEY_CopySubjectPublicKeyInfo needs to copy the
...
subjectPublicKeyInfo as a bit string. r=nelsonb,jpierre. Thanks to
Mikhail Teterin <mi+mozilla@aldan.algebra.com> for the bug report and
Purify output.
2005-08-02 00:34:00 +00:00
b5b833a9c0
Bugzilla Bug 302262: Check for SECITEM_AllocItem failure in
...
MPINT_TO_SECITEM. r=nelsonb.
2005-08-01 22:43:54 +00:00
a82541564d
Added a comment that answers the question "why isn't there a pairwise
...
consistency test for Diffie-Hellman or ECDH key pairs?"
2005-08-01 21:04:41 +00:00
f7cb169d0a
Bugzilla Bug 298906 really check in the patch to the tip, not a test branch
...
crash when accepting new certificate permanently on taschenonkel.de
r=wtc, r=nelson
2005-08-01 20:41:30 +00:00
e4ab6fa7bb
Bugzilla Bug 302262: dsa.c should use the macros defined in secmpi.h.
...
r=nelsonb.
2005-08-01 18:51:06 +00:00
d527565866
I have to many patches in one tree! Stay at 1.103 until this patch has a bug and
...
reviews!
2005-08-01 18:32:45 +00:00
775b5372bc
These changes were part of a different patch, reviews are not yet complete.
...
Backing out to previous versions.
2005-08-01 18:31:12 +00:00
7af3f28d88
ARG -- reverted to the wrong version. The correct version was 1.103, not 1.102
2005-08-01 18:27:30 +00:00
625993f336
Backing out previous checkin. This was a separate unreviewed patch.
2005-08-01 18:26:12 +00:00
b62dc0bebc
Bug 298906 crash when accepting new certificate permanently on taschenonkel.de
...
r=wtc, sr=nelson
2005-08-01 18:23:56 +00:00
4cdd3ba458
form action=javascript: shouldn't trigger the insecure submit warning (bug 182179). Patch by Iain MacDonnell, r=dveditz, sr=darin, a=asa
2005-07-31 19:06:27 +00:00
7053ab4abf
Bugzilla Bug 302219: added CKM_RSA_X9_31_KEY_PAIR_GEN support. r=relyea.
2005-07-29 23:43:40 +00:00
a3ac2d6b1d
Bugzilla Bug 302219: added CKM_RSA_X9_31_KEY_PAIR_GEN support to
...
PK11_GenerateKeyPair. r=relyea.
2005-07-29 23:23:35 +00:00
03738e2557
Bug 278276 Slot List Elements cannot be freed by applications.
...
wtchang: review+
julien.pierre.bugs: superreview+
2005-07-28 23:17:43 +00:00
f212e4ecf1
bug 278276 Slot List Elements cannot be freed by applications.
...
wtchang: review+
julien.pierre.bugs: superreview+
E
2005-07-28 23:16:26 +00:00
8be47f79ed
bug 278276 Slot List Elements cannot be freed by applications.
...
Export a free function for slot list elements.
r = wtc & julien.
2005-07-28 23:13:21 +00:00
e246c70e9d
bug 194141 - missing calls to SSL_ClearSessionCache, r=nelson.bolyard, sr=dveditz, a=bsmedberg
2005-07-28 18:15:20 +00:00
0fc278d80f
Bugzilla Bug 302262: fixed an error in the comment. Set the error code
...
if signature verification fails. r=nelsonb.
2005-07-27 18:48:44 +00:00
5c55935a1d
Fix for bug 292151 . Prevent strsclnt from starting threads for each connection. Allow specifying a ratio of full handshakes . r=nelson
2005-07-25 20:39:14 +00:00
512a35d372
Bugzilla Bug 298514: Moved the FIPS 140-2 pairwise consistency check from
...
pk11wrap to softoken because the softoken shared library is our new crypto
module boundary. r=relyea,nelsonb.
Modified files: pk11wrap/pk11akey.c softoken/fipstokn.c softoken/pkcs11c.c
2005-07-22 22:11:22 +00:00
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
f970690695
238319: Sun packages changes
...
Change rpm packaging for RHEL3 i386 and x86_64.
2005-07-22 15:32:50 +00:00
75dc722c28
Bugzilla Bug 298957: moved PK11_TokenKeyGenWithFlags from the NSS_3.11
...
section to the NSS_3.10.1 section because we plan to export that function
in NSS 3.10.1. r=jpierre.
2005-07-22 01:43:36 +00:00
ee93d82c69
Bugzilla Bug 298516: fixed problems found by code inspection. r=relyea.
...
Modified Files: pk11db.c pkcs11.c
2005-07-22 00:47:18 +00:00
256eb43b03
Bugzilla Bug 298957: make the new function PK11_TokenKeyGenWithFlags
...
"legacy free" and move the code that set the CKF_ENCRYPT flag by default
and the Fortezza hack code to PK11_TokenKeyGen. r=relyea.
2005-07-22 00:07:52 +00:00
252be2d441
Bugzilla Bug 288647: enable building NSS with an NSPR binary distribution.
...
Introduced NSPR_INCLUDE_DIR and NSPR_LIB_DIR make variables. Portions of
the patch were contributed by Chris Seawood <cls@seawood.org>. r=relyea.
Modified Files:
coreconf/OS2.mk coreconf/OpenVMS.mk coreconf/location.mk
nss/cmd/platlibs.mk nss/cmd/shlibsign/Makefile
nss/cmd/shlibsign/sign.cmd nss/cmd/shlibsign/sign.sh
nss/lib/ckfw/builtins/Makefile
nss/lib/fortcrypt/swfort/pkcs11/Makefile nss/lib/nss/config.mk
nss/lib/smime/config.mk nss/lib/softoken/config.mk
nss/lib/ssl/config.mk
2005-07-21 23:48:30 +00:00
cfbc0bfe3d
Bugzilla bug 301212: Upgraded to zlib 1.2.3. r=relyea.
...
Modified Files:
README adler32.c compress.c crc32.c deflate.c deflate.h
example.c gzio.c infback.c inffast.c inflate.c inflate.h
inftrees.c inftrees.h minigzip.c trees.c uncompr.c zconf.h
zlib.h zutil.c zutil.h
2005-07-20 20:32:42 +00:00
53beab23e9
Bug 296449 - Error in string handling within <keygen>
...
r=kaie.bugs@gmail.com , sr=dveditz@cruzio.com , a=benjamin@smedbergs.us
2005-07-20 19:31:22 +00:00
f4f945e14e
Bug 283563 OOM crash [@ GetSlotWithMechanism][@ nsKeygenFormProcessor::GetPublicKey]
...
patch by b.jacques@planet.nl r=kaie sr=darin a=bsmedberg
2005-07-13 19:31:14 +00:00
fcf7e6f914
bug 224820 : support UTF-16/32 (non-byte oriented char. encoding) in the form submission : r=biesi, sr=bz, a=asa
2005-07-13 16:55:59 +00:00
1ca43db890
Fix leak due to non-use of already_AddRefed. Bug 296364, r=kaie, sr=bryner
2005-07-13 16:53:06 +00:00
christophe.ravel.bugs%sun.com
nelsonb%netscape.com
wtchang%redhat.com
db48x%yahoo.com
relyea%netscape.com
julien.pierre.bugs%sun.com
bzbarsky%mit.edu
cst%andrew.cmu.edu
smfr%smfr.org
sandeep.konchady%sun.com
cbiesinger%web.de
saul.edwards%sun.com
glen.beasley%sun.com
bsmedberg%covad.net
gavin%gavinsharp.com
dougt%meer.net
bienvenu%nventure.com
jst%mozilla.jstenback.com
timeless%mozdev.org
dveditz%cruzio.com
mconnor%steelgryphon.com
pkw%us.ibm.com
jshin%mailaps.org