2577eb148c
Bugzilla bug 302286: fixed the bug that NSS misinterpreted the
...
CKA_PRIME_BITS attribute for DSA's p parameter. r=relyea.
Modified files: pk11wrap/pk11pqg.c softoken/pkcs11c.c
2005-08-13 00:09:26 +00:00
67ffaff684
Bugzilla Bug 298514: added a missing break statement and removed an unused
...
variable. r=jpierre.
2005-08-12 00:44:35 +00:00
7755e752cd
Make changes from review feedback. Bug 303316. r=wtchang.
...
Modified Files: freebl/alghmac.h freebl/blapi.h freebl/ldvector.c
freebl/loader.c freebl/loader.h freebl/rawhash.c
freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
2005-08-09 02:54:54 +00:00
1f607bc371
Move the TLS Pseudo Random Function (PRF) and the HMAC algorithm from
...
softoken to freebl. Bug 303316. r=wtchang (with suggested changes)
Modified Files:
freebl/blapi.h freebl/ldvector.c freebl/loader.c
freebl/loader.h freebl/manifest.mn softoken/lowpbe.c
softoken/manifest.mn softoken/pkcs11c.c softoken/pkcs11i.h
softoken/tlsprf.c
Added Files:
freebl/alghmac.c freebl/alghmac.h freebl/rawhash.c
freebl/tlsprfalg.c
Removed Files:
softoken/alghmac.c softoken/alghmac.h softoken/rawhash.c
2005-08-06 09:27:28 +00:00
a82541564d
Added a comment that answers the question "why isn't there a pairwise
...
consistency test for Diffie-Hellman or ECDH key pairs?"
2005-08-01 21:04:41 +00:00
512a35d372
Bugzilla Bug 298514: Moved the FIPS 140-2 pairwise consistency check from
...
pk11wrap to softoken because the softoken shared library is our new crypto
module boundary. r=relyea,nelsonb.
Modified files: pk11wrap/pk11akey.c softoken/fipstokn.c softoken/pkcs11c.c
2005-07-22 22:11:22 +00:00
2b2395e4a9
Bugzilla Bug 287418: remove redundant memory allocation in DSA and ECDSA sign
...
wtchang: review+
julien.pierre.bugs: superreview+
2005-07-07 20:19:36 +00:00
c03b9d33fe
Rename all internal private softoken functions types and symbols from
...
PK11 or pk11 prefixes to SFTK or sftk prefixes. Bug 286685.
r=relyea,wtchang Modified Files:
cmd/bltest/blapitest.c lib/pk11wrap/pk11pars.c lib/softoken/dbinit.c
lib/softoken/dbmshim.c lib/softoken/fipstest.c lib/softoken/fipstokn.c
lib/softoken/pcertdb.c lib/softoken/pk11db.c lib/softoken/pk11pars.h
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c lib/softoken/pkcs11i.h
lib/softoken/pkcs11u.c lib/softoken/softoken.h lib/softoken/tlsprf.c
2005-03-29 18:21:18 +00:00
3634d4d94b
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-25 15:03:26 +00:00
76e3cc1538
Bugzilla bug 90906: removed unused variable 'size'. The patch is from
...
Serge GAUTHERIE <gautheri@noos.fr>. r=wtc.
2004-04-21 18:57:51 +00:00
78ce53de23
bug 231698: fix regression in reading SDR data in databases written on 64-bit platforms.
...
r=MisterSSL
2004-01-27 18:31:29 +00:00
9bc7ce19bb
Removed an extraneous character (`) after #endif.
2003-11-15 16:16:33 +00:00
14c8c093a3
Repair error case for DH code in previous patch.
2003-11-07 16:21:40 +00:00
8cac9b6d61
Verify Parameters from the user before passing it on to freebl. r=nelson
2003-11-07 03:38:59 +00:00
1ce0f542ee
Require DES, DES2 and DES3 keys to have correct length in all cases.
...
Expand DES2 keys to be DES3 keys when used with DES3 mechanisms.
Bug 201521.
2003-10-25 00:12:34 +00:00
5c2c5888f9
ECC code landing.
...
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
40c2250bfc
Bug 191467
...
Multipart signing and verifying broken for several mechanisms in softoken
Reporter: Andreas.Sterbenz@sun.com (Andreas Sterbenz)
sr=nelsonb
2003-10-10 15:32:26 +00:00
ce11300ca6
Bug 206926: 1. Undo the changes to secrng.h, pqgutil.h, swfutl.c,
...
unix_rand.c, and win_rand.c. 2. Make secrng.h and pqgutil.h private.
3. Public header pk11pqg.h can't include private header pqgutil.h.
4. Many files don't need to include secrng.h. A few don't need to include
pqgutil.h. 5. Remove duplicate declarations of PQG_DestroyParams and
PQG_DestroyVerify from blapi.h.
2003-05-30 23:31:32 +00:00
e04a964222
bug 198452, zero-byte memcpys
...
r=relyea
2003-04-17 17:05:09 +00:00
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
140acf91e3
Move the implementation of the TLS Pseudo Random Function (PRF) from
...
pkcs11c.c into a new file: tlsprf.c.
2003-02-07 06:42:20 +00:00
447f0c56f9
Check bug 188856 into the tip.
...
1)return proper error code in more cases. 2) Fix bug in DH KeyPair Generation.
the essential part of this fix in pkcs11c.c where we add the CKA_NETSCAPE_DB
attribute on Diffie-Hellman key gen. I don't know why the code would have even
thought of working without this (unless we were testing with pregenerated
keys).
The rest of the fix is to surface more of the PKCS #11 error back up. There is
a separate bug to continue tracking the issue of lost PKCS #11 errors.
2003-01-31 23:39:34 +00:00
65a0422f22
Implement new AES Key Wrap mechanisms. Bug 167818.
2003-01-22 03:13:04 +00:00
b39068212e
When wrapping secret keys with an unpadded block cipher, null padd the keys
...
as necessary, per the PKCS 11 spec. Also, implement padding and unpadding
for single-part only ciphers.
2003-01-17 05:50:08 +00:00
bd1c6e2d6f
Fix incorrect usage of QuickDER . See bug 160805 comment 16
2003-01-16 00:56:10 +00:00
48e7307212
Enforce that softoken's mechanisms are used only with the PKCS 11
...
functions that they're defined to work with.
2003-01-16 00:28:05 +00:00
f8ffa9b2df
Remove the implementation of CKM_KEY_WRAP_LYNKS from softoken.
2003-01-16 00:14:07 +00:00
a4ffefd8be
Support SHA256, SHA384, and SHA512 hashes in NSS.
2002-12-12 06:05:45 +00:00
603a1de75c
Fix padding value.
2002-12-06 19:11:57 +00:00
a897ae16a9
Bugs 166734 and 166785: fixed compiler warnings reported by gcc on Linux.
...
The patch for this checkin is attached to bug 166785.
2002-09-06 00:27:52 +00:00
5e5a705cb7
Fix for 160805 . Make a copy of items into the arena before calling SEC_QuickDERDecodeItem where needed
2002-08-31 00:37:52 +00:00
463500a5ab
Convert slow SEC_ASN1DecodeItem calls to SEC_QuickDERDecodeItem where possible. Performance improvement. Bug #160805 . r=relyea
2002-08-24 00:52:47 +00:00
dd0afb2cee
Bug 148220: implements FIPS 198 conformance. r=relyea.
...
Modified Files: alghmac.c alghmac.h lowpbe.c pkcs11c.c
2002-08-07 23:27:58 +00:00
65f7eca2f9
Checking in riceman+bmo@mail.rit.edu's patch for bug 133702
2002-07-30 20:57:44 +00:00
0992642b67
bug 150704, PK11_Finalize can crash because softoken does not implement C_XXXFinal correctly
2002-06-19 14:59:24 +00:00
bb528345ff
Return public and private keys in the order specified by the PKCS #11 spec.
2002-06-10 20:33:31 +00:00
0a88feb486
Implement PKCS #11 2.11 DSA PQG Parameter generation.
2002-03-02 00:52:05 +00:00
bc5808a5ed
bug 125359, by default the ASN.1 en/decoder should treat all numbers as signed. But many source/target items desire unsigned integers (specifically, bignums in the crypto stuff), so implement an siUnsignedInteger type which notifies the en/decoder to handle the conversion.
...
r=nelsonb
2002-02-21 22:41:44 +00:00
b2373e435c
unfortunately, the SDR key keeps the value of CK_KEY_TYPE in the coefficient field of an RSA key. This means some format is lost through the ASN.1 encoder/decoer. Trying again to account for that without affecting normal key type attributes.
2002-01-16 16:02:51 +00:00
a4a2117751
fix up problems in last change
2002-01-16 00:04:16 +00:00
37ccf29e2d
revert last change, and move conversion of attribute value to host long up to where the long variable actually appears.
2002-01-15 21:45:38 +00:00
7ab6e5488e
Fix Bug 115657.
...
1) advance the pointers in the initialization setup for p12 pbes (at the same
time fix the code to be much easier to read and understand).
2) Copy out the returned IV in pkcs11c.c.
2001-12-19 18:06:29 +00:00
4716955bf3
Fix several memory leaks.
...
Adjust the default hash sizes down for mozilla client.
Merge the NSS 3.3 key check and signature check stuff.
2001-11-30 23:24:35 +00:00
2fbc6dfd61
fix pbe gen bugs
2001-11-08 22:11:07 +00:00
0781ad6053
Fixes to make pkcs12 work correctly:
...
1) Make pkcs12 pbe function.
2) add code to allow setting and getting of the key nickname attribute.
2001-11-08 05:39:56 +00:00
e27189dd1d
Land BOB_WORK_BRANCH unto the tip.
...
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
2001-11-08 00:15:51 +00:00
3a020389f9
1) Fix Solaris, AIX, HP, and Linux warnings. Several were potential real
...
problems (mostly uninitialized variables in error cases).
2) Start separating softoken from the rest of NSS where appropriate (finish
separating out the key stuff, the cert stuff is coming).
3) Make the prototypes between the new functions consistant.
2001-09-20 21:05:53 +00:00
3870ce15b8
Generate larger block of key material correctly for SSL3 as well as TLS.
...
Add assert to detect if key material is ever too small again.
2001-09-20 04:36:14 +00:00
a73d7da074
Increase the amount of key material derived from the master secret to that
...
it will be enough for AES with 256-bit keys.
2001-09-20 03:55:16 +00:00
636f968efc
Fix pk11_DecryptInit for AES. It was telling AES to encrypt, not decrypt.
2001-09-20 02:56:18 +00:00
a119a2b900
fix unitialized key_type variable. Add asserts to it doesn't happen again.
2001-08-18 19:15:46 +00:00
879c001c45
clean up patch based on wtc review
2001-08-13 13:50:56 +00:00
7eb7ae03e3
fix for 94866, DSA key gen broken on 64-bit platforms
2001-08-11 14:59:03 +00:00
9d98643622
fix for #92940 , PKCS#12 broken in FIPS mode. Force keygen to occur on token, added new PKCS#11 mechanisms to handle PKCS#12 integrity key generation.
2001-08-03 18:50:54 +00:00
fae86f4dbc
Fix 87670: memory corruption in NSC_SignInit.
2001-06-25 21:48:07 +00:00
7c1b2dd0c9
Make CKM_MD5_RSA_PKCS actually do MD5 hashes instead of MD2 hashes.
2001-05-02 00:02:10 +00:00
f8e2a2a948
Implementation of 5 DHE ciphersuites, client side only.
...
Contributed by Dr Stephen Henson <stephen.henson@gemplus.com>
2001-04-11 00:29:18 +00:00
a23285e902
DES key gens need to fall through to set the rest of their attributes
...
(remove spurious break). S/MIME should function again after this.
2001-03-13 00:04:51 +00:00
9d9fb5174d
Fix AIX 64 bit tools failure. For some reason the 64 bit compilier didn't like
...
the massive switch statement. The new code is easier to read anyway now.
bug 70713
2001-03-10 01:34:08 +00:00
34316080bc
Fix mismatched parameter problem.
2001-02-22 18:27:28 +00:00
6e2d9268f5
Add wrapper bindings for AES so S/MIME and SSL may implement their AES suites.
2001-02-21 19:52:12 +00:00
42e1aaee86
Fix error value to return a less misleading generic error when the bignum libraries fail
2001-02-06 00:09:54 +00:00
8bad955812
Effectively remove all the code that uses RC5 from the software token
...
by surrounding it with #if NSS_SOFTOKEN_DOES_RC5
2000-09-07 01:17:00 +00:00
67e0b44687
Fix DSA / BLAPI interface by creating stub functions that have the
...
correct signature for being called via context->update or context->verify.
2000-06-12 23:43:42 +00:00
2900921f0d
Fix bug which would have bypassed mac checking in TLS
2000-05-31 22:36:02 +00:00
1d3f68dd7e
Changing all MIN's and MAX's to PR_MIN, PR_MAX
2000-05-18 15:30:12 +00:00
9fd7059a19
Initial NSS Open Source checkin
2000-03-31 20:13:40 +00:00
wtchang%redhat.com
nelsonb%netscape.com
relyea%netscape.com
gerv%gerv.net
wchang0222%aol.com
ian.mcgreer%sun.com
wtc%netscape.com
jpierre%netscape.com
bishakhabanerjee%netscape.com
mcgreer%netscape.com
nicolson%netscape.com
chrisk%netscape.com