9499265f5c
Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
...
Change existing callers to pass this argument. Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files: freebl/alghmac.c freebl/alghmac.h freebl/loader.c
freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
2577eb148c
Bugzilla bug 302286: fixed the bug that NSS misinterpreted the
...
CKA_PRIME_BITS attribute for DSA's p parameter. r=relyea.
Modified files: pk11wrap/pk11pqg.c softoken/pkcs11c.c
2005-08-13 00:09:26 +00:00
67ffaff684
Bugzilla Bug 298514: added a missing break statement and removed an unused
...
variable. r=jpierre.
2005-08-12 00:44:35 +00:00
7755e752cd
Make changes from review feedback. Bug 303316. r=wtchang.
...
Modified Files: freebl/alghmac.h freebl/blapi.h freebl/ldvector.c
freebl/loader.c freebl/loader.h freebl/rawhash.c
freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
2005-08-09 02:54:54 +00:00
1f607bc371
Move the TLS Pseudo Random Function (PRF) and the HMAC algorithm from
...
softoken to freebl. Bug 303316. r=wtchang (with suggested changes)
Modified Files:
freebl/blapi.h freebl/ldvector.c freebl/loader.c
freebl/loader.h freebl/manifest.mn softoken/lowpbe.c
softoken/manifest.mn softoken/pkcs11c.c softoken/pkcs11i.h
softoken/tlsprf.c
Added Files:
freebl/alghmac.c freebl/alghmac.h freebl/rawhash.c
freebl/tlsprfalg.c
Removed Files:
softoken/alghmac.c softoken/alghmac.h softoken/rawhash.c
2005-08-06 09:27:28 +00:00
a82541564d
Added a comment that answers the question "why isn't there a pairwise
...
consistency test for Diffie-Hellman or ECDH key pairs?"
2005-08-01 21:04:41 +00:00
512a35d372
Bugzilla Bug 298514: Moved the FIPS 140-2 pairwise consistency check from
...
pk11wrap to softoken because the softoken shared library is our new crypto
module boundary. r=relyea,nelsonb.
Modified files: pk11wrap/pk11akey.c softoken/fipstokn.c softoken/pkcs11c.c
2005-07-22 22:11:22 +00:00
2b2395e4a9
Bugzilla Bug 287418: remove redundant memory allocation in DSA and ECDSA sign
...
wtchang: review+
julien.pierre.bugs: superreview+
2005-07-07 20:19:36 +00:00
c03b9d33fe
Rename all internal private softoken functions types and symbols from
...
PK11 or pk11 prefixes to SFTK or sftk prefixes. Bug 286685.
r=relyea,wtchang Modified Files:
cmd/bltest/blapitest.c lib/pk11wrap/pk11pars.c lib/softoken/dbinit.c
lib/softoken/dbmshim.c lib/softoken/fipstest.c lib/softoken/fipstokn.c
lib/softoken/pcertdb.c lib/softoken/pk11db.c lib/softoken/pk11pars.h
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c lib/softoken/pkcs11i.h
lib/softoken/pkcs11u.c lib/softoken/softoken.h lib/softoken/tlsprf.c
2005-03-29 18:21:18 +00:00
3634d4d94b
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-25 15:03:26 +00:00
76e3cc1538
Bugzilla bug 90906: removed unused variable 'size'. The patch is from
...
Serge GAUTHERIE <gautheri@noos.fr>. r=wtc.
2004-04-21 18:57:51 +00:00
78ce53de23
bug 231698: fix regression in reading SDR data in databases written on 64-bit platforms.
...
r=MisterSSL
2004-01-27 18:31:29 +00:00
9bc7ce19bb
Removed an extraneous character (`) after #endif.
2003-11-15 16:16:33 +00:00
14c8c093a3
Repair error case for DH code in previous patch.
2003-11-07 16:21:40 +00:00
8cac9b6d61
Verify Parameters from the user before passing it on to freebl. r=nelson
2003-11-07 03:38:59 +00:00
1ce0f542ee
Require DES, DES2 and DES3 keys to have correct length in all cases.
...
Expand DES2 keys to be DES3 keys when used with DES3 mechanisms.
Bug 201521.
2003-10-25 00:12:34 +00:00
5c2c5888f9
ECC code landing.
...
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
40c2250bfc
Bug 191467
...
Multipart signing and verifying broken for several mechanisms in softoken
Reporter: Andreas.Sterbenz@sun.com (Andreas Sterbenz)
sr=nelsonb
2003-10-10 15:32:26 +00:00
ce11300ca6
Bug 206926: 1. Undo the changes to secrng.h, pqgutil.h, swfutl.c,
...
unix_rand.c, and win_rand.c. 2. Make secrng.h and pqgutil.h private.
3. Public header pk11pqg.h can't include private header pqgutil.h.
4. Many files don't need to include secrng.h. A few don't need to include
pqgutil.h. 5. Remove duplicate declarations of PQG_DestroyParams and
PQG_DestroyVerify from blapi.h.
2003-05-30 23:31:32 +00:00
e04a964222
bug 198452, zero-byte memcpys
...
r=relyea
2003-04-17 17:05:09 +00:00
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
140acf91e3
Move the implementation of the TLS Pseudo Random Function (PRF) from
...
pkcs11c.c into a new file: tlsprf.c.
2003-02-07 06:42:20 +00:00
447f0c56f9
Check bug 188856 into the tip.
...
1)return proper error code in more cases. 2) Fix bug in DH KeyPair Generation.
the essential part of this fix in pkcs11c.c where we add the CKA_NETSCAPE_DB
attribute on Diffie-Hellman key gen. I don't know why the code would have even
thought of working without this (unless we were testing with pregenerated
keys).
The rest of the fix is to surface more of the PKCS #11 error back up. There is
a separate bug to continue tracking the issue of lost PKCS #11 errors.
2003-01-31 23:39:34 +00:00
65a0422f22
Implement new AES Key Wrap mechanisms. Bug 167818.
2003-01-22 03:13:04 +00:00
b39068212e
When wrapping secret keys with an unpadded block cipher, null padd the keys
...
as necessary, per the PKCS 11 spec. Also, implement padding and unpadding
for single-part only ciphers.
2003-01-17 05:50:08 +00:00
bd1c6e2d6f
Fix incorrect usage of QuickDER . See bug 160805 comment 16
2003-01-16 00:56:10 +00:00
48e7307212
Enforce that softoken's mechanisms are used only with the PKCS 11
...
functions that they're defined to work with.
2003-01-16 00:28:05 +00:00
f8ffa9b2df
Remove the implementation of CKM_KEY_WRAP_LYNKS from softoken.
2003-01-16 00:14:07 +00:00
a4ffefd8be
Support SHA256, SHA384, and SHA512 hashes in NSS.
2002-12-12 06:05:45 +00:00
603a1de75c
Fix padding value.
2002-12-06 19:11:57 +00:00
a897ae16a9
Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
...
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
5e5a705cb7
Fix for 160805 . Make a copy of items into the arena before calling SEC_QuickDERDecodeItem where needed
2002-08-31 00:37:52 +00:00
463500a5ab
Convert slow SEC_ASN1DecodeItem calls to SEC_QuickDERDecodeItem where possible. Performance improvement. Bug #160805 . r=relyea
2002-08-24 00:52:47 +00:00
dd0afb2cee
Bug 148220: implements FIPS 198 conformance. r=relyea.
...
Modified Files: alghmac.c alghmac.h lowpbe.c pkcs11c.c
2002-08-07 23:27:58 +00:00
65f7eca2f9
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:57:44 +00:00
0992642b67
bug 150704, PK11_Finalize can crash because softoken does not implement C_XXXFinal correctly
2002-06-19 14:59:24 +00:00
bb528345ff
Return public and private keys in the order specified by the PKCS #11 spec.
2002-06-10 20:33:31 +00:00
0a88feb486
Implement PKCS #11 2.11 DSA PQG Parameter generation.
2002-03-02 00:52:05 +00:00
bc5808a5ed
bug 125359, by default the ASN.1 en/decoder should treat all numbers as signed. But many source/target items desire unsigned integers (specifically, bignums in the crypto stuff), so implement an siUnsignedInteger type which notifies the en/decoder to handle the conversion.
...
r=nelsonb
2002-02-21 22:41:44 +00:00
b2373e435c
unfortunately, the SDR key keeps the value of CK_KEY_TYPE in the coefficient field of an RSA key. This means some format is lost through the ASN.1 encoder/decoer. Trying again to account for that without affecting normal key type attributes.
2002-01-16 16:02:51 +00:00
a4a2117751
fix up problems in last change
2002-01-16 00:04:16 +00:00
37ccf29e2d
revert last change, and move conversion of attribute value to host long up to where the long variable actually appears.
2002-01-15 21:45:38 +00:00
7ab6e5488e
Fix Bug 115657.
...
1) advance the pointers in the initialization setup for p12 pbes (at the same
time fix the code to be much easier to read and understand).
2) Copy out the returned IV in pkcs11c.c.
2001-12-19 18:06:29 +00:00
4716955bf3
Fix several memory leaks.
...
Adjust the default hash sizes down for mozilla client.
Merge the NSS 3.3 key check and signature check stuff.
2001-11-30 23:24:35 +00:00
2fbc6dfd61
fix pbe gen bugs
2001-11-08 22:11:07 +00:00
0781ad6053
Fixes to make pkcs12 work correctly:
...
1) Make pkcs12 pbe function.
2) add code to allow setting and getting of the key nickname attribute.
2001-11-08 05:39:56 +00:00
e27189dd1d
Land BOB_WORK_BRANCH unto the tip.
...
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
2001-11-08 00:15:51 +00:00
3a020389f9
1) Fix Solaris, AIX, HP, and Linux warnings. Several were potential real
...
problems (mostly uninitialized variables in error cases).
2) Start separating softoken from the rest of NSS where appropriate (finish
separating out the key stuff, the cert stuff is coming).
3) Make the prototypes between the new functions consistant.
2001-09-20 21:05:53 +00:00
3870ce15b8
Generate larger block of key material correctly for SSL3 as well as TLS.
...
Add assert to detect if key material is ever too small again.
2001-09-20 04:36:14 +00:00
a73d7da074
Increase the amount of key material derived from the master secret to that
...
it will be enough for AES with 256-bit keys.
2001-09-20 03:55:16 +00:00
nelsonb%netscape.com
wtchang%redhat.com
relyea%netscape.com
gerv%gerv.net
wchang0222%aol.com
ian.mcgreer%sun.com
wtc%netscape.com
jpierre%netscape.com
bishakhabanerjee%netscape.com