3f52ba47c1
Changes to enable ECC over characteristic 2^m fields.
...
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
a98f4c0628
Bug 199082: checked in Nelson's patch, which
...
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
abfd3a64f2
Make indention style consistant with SSL's usage, not softoken/pk11 usage.
2003-03-13 16:36:43 +00:00
d9b9435a62
Allow for tokens that don't require login. bug 197082
2003-03-12 19:22:32 +00:00
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
15064057ce
Fix bug 160207. Make TLS implementation resistant to timing attacks on
...
CBC block mode cipher suites in TLS. See bug for details.
2003-02-21 23:00:16 +00:00
4c4ce5586d
Bug 167756. Address Nelson's review comments. remove socket specific latency
...
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
998b101109
Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure.
2003-01-23 22:02:37 +00:00
7d03017158
Check for token removal before continuing SSL sessions which have client auth
...
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
6b4fae5a4a
Don't reject a cert request with an empty list of CA cert names.
...
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
6710514e32
Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342.
2002-11-05 00:25:20 +00:00
d7b153e145
Bug 127740: added a comment to explain the thread yield in
...
ssl3_SendApplicationData.
2002-09-30 20:51:05 +00:00
78ade1e7f9
Fix compiler warnings
2002-09-07 01:48:46 +00:00
644319e67f
Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529.
2002-08-09 21:53:17 +00:00
3843ef99c0
Fix bug 160207 by changing the error alerts we send for failed decryption.
2002-08-07 20:01:51 +00:00
43480112f3
Initialize type field to clear off purify warnings.
2002-06-25 23:00:59 +00:00
071fe9ae9c
Fix bug 135261. Create symbolic names for the values 2 and 3 for the
...
SSL_REQUIRE_CERTIFICATE option. Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
2002-06-22 01:40:32 +00:00
607f12501a
bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc
...
r=relyea
2002-06-19 15:21:37 +00:00
681ff24ca9
1. the sslSecurityInfo and sslGather structs are now part of the sslSocket
...
rather than being pointed to by the sslSocket. This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks. sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
2002-02-27 04:40:17 +00:00
494eb9ffcc
Plug one of the leaks reported in bugzilla bug 123081
2002-02-04 23:15:11 +00:00
4b50e9da08
Fix 114787 - ssl_recv crashes in client. bogus assert. reviewed by nelson
2001-12-12 21:44:04 +00:00
75f3b7599d
Clean up compilier warnings on Solaris and Linux, most particularly:
...
1) Implicit declaration of function.
2) Possibly unitialized variables.
These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.
2001-12-07 01:36:25 +00:00
6d66aee5ea
Add localCert field to sid cache entry so SSL_LocalCertificate can
...
remember the certs it sent back when it established the SSL session.
Bug 78959. Also, hold on the certs in the received cert chain until
the SSL connection is complete. This makes it easier for applications
to look at the entire cert chain after the handshake is over without
having to write their own custom authCert callbacks. It is backwards
compatible with older NSS SSL applications, but may use more memory.
2001-11-09 05:39:36 +00:00
d2f7dcc16c
Implement new function SSL_LocalCertificate(). Bug 78959.
2001-11-08 02:15:38 +00:00
e27189dd1d
Land BOB_WORK_BRANCH unto the tip.
...
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
2001-11-08 00:15:51 +00:00
9740e66d2f
Reimplement SSL_GetChannelInfo. Add new function SSL_GetCipherSuiteInfo().
...
Also, implement new ciphersuite preference order. Bug 78959.
2001-11-02 04:24:28 +00:00
874e400e1a
Fix bug 107619. The new DHE_ ciphersuites were enabled by default.
...
Now they are disabled by default, for compatibility with NSS 2.0.
2001-10-30 21:09:47 +00:00
a2bae99930
Add support to TLS for new 128-bit and 256-bit AES ciphersuites. 87021.
2001-09-21 03:07:35 +00:00
d62c65c9a6
Remove dependancy on direct calls inside softoken.
2001-09-20 21:26:40 +00:00
0e45538807
Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959.
2001-09-18 01:59:21 +00:00
4ba020ddd2
Bugzilla bug 94685: deleted the unreferenced label 'no_wrapped_key'.
2001-08-22 23:15:45 +00:00
86f0b37c13
Check to make sure we're still logged into a slot when trying
...
to re-use a client-auth session.
2001-08-22 22:50:26 +00:00
5b19a40e9e
Fix bug 68869. Don't ignore TLS no certificate messages when the server
...
requires client auth. Work around bug in NT TCP stack by only shutting
down the socket for SEND (not for BOTH) after sending a bad_certificate
alert. This avoids bogus CONNECTION_RESET_BY_PEER errors at the client.
2001-06-13 21:14:54 +00:00
6bfd47f3e1
Fix bug that caused version number to be wrong in SSL3 client hellos
...
when restarting an SSL3 (not TLS) session. (no bug number)
2001-06-05 00:26:37 +00:00
f8e2a2a948
Implementation of 5 DHE ciphersuites, client side only.
...
Contributed by Dr Stephen Henson <stephen.henson@gemplus.com>
2001-04-11 00:29:18 +00:00
661c26b99c
Fix a couple of memory leaks that occur in rare error paths.
2001-03-31 02:49:59 +00:00
46c15355d3
Reinterpret the READ and WRITE poll flags depending on the state of the
...
socket and the SSL handshake. Rename the badly named "connected" flag.
Bugzilla bugs 56924, 56926, 66706.
Modified Files:
ssl3con.c sslauth.c sslcon.c ssldef.c sslgathr.c sslimpl.h
sslsecur.c sslsock.c
2001-03-16 23:26:06 +00:00
4207bb1bdb
Coalesce the final Finished message in the SSL handshake and the first
...
record of application data into a single write, when possible, to avoid
TCP's "Nagle" delays. Fixes bug 67898. r&a: wtc. Modified Files:
ssl3con.c sslimpl.h sslsecur.c sslsock.c
2001-02-07 00:34:56 +00:00
104ac36a8d
Bugzilla bug #66367 : rename the internal NSS functions that we have to
...
export from the NSS shared library. Reviewed by Bob Relyea.
Modified Files:
nss/lib/certdb/certdb.c nss/lib/certdb/pcertdb.c
nss/lib/nss/Makefile nss/lib/nss/manifest.mn
nss/lib/nss/nss.def nss/lib/pk11wrap/pk11skey.c
nss/lib/pkcs12/p12d.c nss/lib/pkcs12/p12e.c
nss/lib/pkcs12/p12local.c nss/lib/pkcs7/certread.c
nss/lib/pkcs7/p7decode.c nss/lib/pkcs7/p7encode.c
nss/lib/smime/cmsutil.c nss/lib/softoken/secpkcs5.c
nss/lib/ssl/ssl3con.c nss/lib/ssl/sslcon.c
nss/lib/ssl/sslnonce.c nss/lib/ssl/sslsnce.c
nss/lib/util/nsslocks.c
Added Files:
nss/lib/nss/nssrenam.h
2001-01-30 21:02:28 +00:00
edc48f136d
Send SSL 3.x alert records when a version mismatch occurs.
...
Use the other party's version number to decide which alert to send.
Bug 65142. R&A: relyea.
2001-01-13 02:32:39 +00:00
14c87961d5
Add implementation of SSL_RSA_WITH_RC4_128_SHA SSL3 cipher suite,
...
which is not enabled by default. Bug 59795.
2001-01-13 02:05:15 +00:00
1311ab52d4
Changes to deal with exporting data from Windows DLLs.
...
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.
2001-01-05 01:38:26 +00:00
351f30a205
Bugzilla: 64132. NSS lock instrumentation
2001-01-03 19:51:22 +00:00
686aa7a151
Release the SpecRead Lock before returning in an error path.
...
This bug was found while reading code looking for a different bug.
2000-11-10 01:36:26 +00:00
4df4541965
Remove duplicate PORT_Free call. Fix bug 52633.
2000-09-14 20:25:26 +00:00
51e59fccb4
support IPv6 in ssl: bug 48657 r=nelsonb
2000-09-12 20:15:44 +00:00
6449cf0e9f
Emulate an SSL3 client more closely after a server negotiates down to 3.0.
2000-08-08 22:54:02 +00:00
0ea2ec3f99
Fix the logic in client and server to detect version roll-back attack,
...
rolling back from TLS (SSL 3.1) to SSL 3.0. Provide a new SSL socket
option to disable roll-back detection in servers, since certain TLS
clients are doing it incorrectly.
2000-05-24 03:35:23 +00:00
5ca43c9e50
Changing MIN's and MAX's to PR_MIN, PR_MAX
2000-05-18 15:32:18 +00:00
401cd644f6
In ssl3_GenerateSessionKeys() ensure params secitem always points to valid
...
CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure. Bugzilla bug 39682.
2000-05-18 00:41:38 +00:00
7dc028cf1e
Minor changes to fix mac build bustages.
2000-05-12 18:43:28 +00:00
e65d9f2223
Small optimization for RSA Server Key exchange message. Uses fewer PK11_
...
calls to do the job. Also, plug one mem leak in Fortezza code.
2000-05-08 23:55:05 +00:00
9fd7059a19
Initial NSS Open Source checkin
2000-03-31 20:13:40 +00:00
nelsonb%netscape.com
wtc%netscape.com
relyea%netscape.com
jpierre%netscape.com
ian.mcgreer%sun.com
javi%netscape.com
larryh%netscape.com
jgmyers%netscape.com
mcgreer%netscape.com
dougt%netscape.com