e8b0114d09
Bugzilla Bug 333932: fixed Solaris SPARC GCC build failures.
...
r=christophe.ravel
2006-04-22 00:13:29 +00:00
5f22914b4a
[Bug 334234] PK11_NewSlotInfo returns freed objects if lock allocations fail. r=nelson
2006-04-21 23:29:37 +00:00
6f1bd4dc40
Bugzilla Bug 334533: in getPQseed we always set the most significant bit of
...
SEED to 1 to make NIST CMVP's PQG parameter validation tool happy. In
PQG_ParamGenSeedLen we require the length of SEED be at least 20 bytes.
r=nelson.
2006-04-21 17:48:30 +00:00
37a7e6c417
Bugzilla Bug 298522: changed RSA modulus size to 1024 bits and added known
...
answer tests for RSA SHA1, SHA256, SHA384, and SHA512 signatures. The
patch is written by Glen Beasley. r=wtc.
2006-04-21 17:13:50 +00:00
d0604ba735
Bugzilla Bug 236245: Use a stack buffer for ec_params.data in
...
ssl3_SendECDHServerKeyExchange. r=nelson.
2006-04-21 16:19:48 +00:00
333657e660
Bugzilla Bug 334553: fixed the comments because mp_digit is actually 64-bit
...
(unsigned long or unsigned long long). r=nelson.
2006-04-21 16:13:02 +00:00
5cd56974be
Performance tests for ec curves. Test's freebl and pkcs11 interfaces.
2006-04-21 01:40:48 +00:00
432ccc0173
Bugzilla Bug 326754: checked the change back in. We failed the NIST DSA
...
PQGGen test for some other reason (bug 334533).
2006-04-20 21:55:24 +00:00
fe04651c77
Bug 80092: SSL write indicates all data sent when some is buffered.
...
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
2006-04-20 08:46:34 +00:00
43a7c5e950
Fix buffer overflow regression. Bug 236245. sr=wtchang
2006-04-20 06:57:54 +00:00
b67f75bc05
Patch contributed by timeless@bemail.org
...
[Bug 334459] Variable "cipherName" tracked as NULL was passed to a
function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]. r=nelson
2006-04-20 00:20:45 +00:00
0f639ba66a
Patch contributed by timeless@bemail.org
...
[Bug 334446] oom Crash in nssCKFWFindObjects_Create. r=nelson
2006-04-20 00:03:33 +00:00
60674bc568
Patch contributed by timeless@bemail.org
...
[Bug 334443] oom Crash in nssCKFWSession_Create. r=nelson
2006-04-19 23:50:43 +00:00
3a8f586a3c
Patch contributed by timeless@bemail.org
...
[Bug 334438] oom Crash in ReadDBCertEntry. r=nelson
2006-04-19 23:43:10 +00:00
ff6fa1f51c
Patch contributed by timeless@bemail.org
...
[Bug 334442] Incorrect use of realloc oom Crash in secmod_ReadPermDB;r=nelson
2006-04-19 22:53:45 +00:00
c501854878
Patch contributed by nelson@bolyard.com.
...
[Bug 334327] pk11_CreateNewContextInSlot: Variable "(context)->key" tracked as NULL was passed to a function that dereferences it. r=alexei
2006-04-19 22:32:30 +00:00
fcca57e69e
Bugzilla bug 334553: use the ULL suffix with unsigned long long constants.
...
r=douglas.stebila.
Modified files: ecl/ecp_256.c mpi/mp_gf2m.c
2006-04-19 22:19:09 +00:00
2c62bf1d13
Bugzilla bug 334683: removed extraneous semicolons. r=alexei.volkov.
...
Modified files: cmd/certutil/certutil.c lib/pki/pkistore.h
2006-04-19 19:04:23 +00:00
b41066e368
Fix for bug 331413. Don't set SO_LINGER in the Win95 build to workaround NSPR bug 332348. r=wtchang
2006-04-18 22:56:44 +00:00
0a3bf353d3
Bugzilla Bug 333917: the non-x86 code in at least the DES_CBCEn and
...
DES_EDE3CBCEn functions violates ANSI C's aliasing rules. So we compile
this file with strict aliasing rules turned off. r=nelsonb.
2006-04-18 17:33:56 +00:00
fa09229848
Don't add 3 to the user-supplied number of validity months. Bug 333679.
...
r=neil.williams
2006-04-15 01:00:11 +00:00
8eb43e8ec2
Fix for bug 262375 . Add clobber_dbm and clobber_nspr targets, as well as nss_clean_all . r=nelson
2006-04-14 22:48:31 +00:00
b39425fcfa
big cleanup of error codes returned by pkcs12 library.
...
No longer returns SEC_ERROR_NO_MEMORY for every possible error code.
Bug 321584. r=neil.williams
2006-04-14 18:34:44 +00:00
efdb126901
Fix broken optimized builds, caused by last checkin. Bug 236245.
2006-04-14 00:43:19 +00:00
c4fb4fa280
Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
...
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
1cfdf61890
Add and use new -2 option for strsclnt to disable SSL2 compatible client
...
hellos, so we can stress test TLS hello extensions. Bug 333559.
r=julien.pierre,rrelyea
2006-04-13 22:43:31 +00:00
b95ecf558f
Bugzilla Bug 330114: corrected the checks for the PKCS #1 v1.5 padding
...
string and the length of the data (hash). r=nelsonb,relyea.
2006-04-13 22:12:17 +00:00
6493a984f5
Fix for 333657 . Increase maximum RSA key size to 8192 bits in freebl. r=nelson
2006-04-12 05:37:52 +00:00
258c59ba66
[Bug 332272] add core detection functionality to all.sh; r=nelson
2006-04-12 01:14:27 +00:00
90d708c409
Bugzilla Bug 331413: assert that the worker threads empty the jobQ before
...
they terminate. Fix a socket leak when the SSL_ImportFD call in
handle_connection fails. r=nelson.bolyard.
2006-04-11 21:12:28 +00:00
c65c61b8c5
Implement new API for registering and deregistering shutdown callback functions.
...
Patch by Bob Relyea and Nelson Bolyard. r=rrelyea,nelson Bug 326482.
2006-04-08 05:11:55 +00:00
424fabe58a
Bug 333090: CKM_DH_PKCS_KEY_PAIR_GEN always fails. r=nelson, sr=rrelyea
...
Patch contributed by Andreas.Sterbenz@sun.com
2006-04-08 05:05:01 +00:00
bbd7fa2247
WORKAROUND: disable all the ECDH_RSA cipher suites tests, since all those
...
tests require a cert with an EC public key and an RSA signature, and the
test scripts do not presently generate such a cert.
This workaround can be backed out when the real fix is available.
Bug 332222. r=neil.williams
2006-04-08 04:28:32 +00:00
1c0c7bbeb8
bug 331648, signed/unsigned bug submitting CRMF cert requests
...
r=rrelyea, sr=nelson
2006-04-07 11:41:18 +00:00
1f32c2cf8f
Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul
2006-04-07 06:24:07 +00:00
7ceb91038f
Fix for bug 311164 . Initialize stan cert store object early to fix a race condition. r=nelson
2006-04-07 05:49:04 +00:00
b532759c4f
Fix for bug 315793 . Make shlibsign run in the OBJDIR rather than the source directory . r=nelson
2006-04-06 06:22:02 +00:00
7c86f12851
Fix for bug 315798 . run bltest and rsaperf from source directories in the QA . r=nelson
2006-04-06 06:19:41 +00:00
acfe04a6dd
Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert
...
has an ECDSA signature. bug 332350. r=vipul.gupta.
2006-04-06 04:40:49 +00:00
51b246188b
Partial fix for bug 332348 . Add PR_POLL_EXCEPT to a PR_Poll . Allows tstclnt to wake up if server goes away. r=wtchang
2006-04-06 01:49:03 +00:00
53b9b7ff2f
Fix shell script error that caused undetected QA failures. Bug 311931.
...
r=nelson.bolyard,alexei.volkov
2006-04-05 19:35:47 +00:00
779a0beabf
Add new -i (ignore errors) command line option to strsclnt. Strsclnt now
...
stops soon after the first error unless the -i option is given.
Strsclnt and tstclnt now look for an environment variable named
NSS_DEBUG_TIMEOUT, and if present, its value is used as a timeout time
for all socket IO operations. Bug 332348. r=julien.pierre.
2006-04-04 07:31:46 +00:00
edbca07369
Eliminate duplicated header files in cmd/SSLsample. Bug 332633.
...
r=julien.pierre
Modified Files: SSLsample/client.mn SSLsample/server.mn lib/manifest.mn
Removed Files: SSLsample/NSPRerrs.h SSLsample/SECerrs.h SSLsample/SSLerrs.h
2006-04-04 01:56:27 +00:00
482dc1a71e
David Baron fix for valgrind report of UMR r=wtchang sr=Nelson
2006-04-04 01:01:51 +00:00
fecbcf26d6
Define alerts and error codes for TLS Hello extensions. Bug 226271.
...
r=julien.pierre
2006-04-04 00:32:27 +00:00
c152a5f5fa
Bug 332381 pk12util fails to import key/cert onto LunaSA HSM
...
r=nelson
2006-03-31 21:35:37 +00:00
41fd37565a
Bug 236613: change to MPL/LGPL/GPL tri-license.
2006-03-31 04:41:00 +00:00
2cef28020c
bug 309701 Softtoken C_CreateObject() should not require
...
CKA_NETSCAPE_DB attribute to be present
r=alexei
2006-03-31 00:38:48 +00:00
f6290f423b
From Bug 331279.
...
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei
2006-03-30 21:07:22 +00:00
39ee00370d
Fix for 330068 . Be more verbose in strsclnt error cases
2006-03-29 22:35:44 +00:00
209577ded2
331515: selfserv Bus error on 3DES ciphersuites; r=julien, sr=nelson
2006-03-29 07:23:40 +00:00
b6762d713e
Remove comment in ssl.sh that messes execution. Part of fix for bug 331413.
2006-03-29 06:54:56 +00:00
01fe9ff1bf
Fix for bug 330068 . Increment counter variable atomically. Be more verbose. r=nelson
2006-03-29 05:05:09 +00:00
bd3cb7e1ef
Partial fix for bug 331413 . Allow selfserv to be tested for reference leaks. r=nelson
2006-03-29 05:03:10 +00:00
0224b3a860
318970 wtc fix for RSA fipstest using RSA_HashSign r=neilW sr= brelyea
2006-03-25 23:45:23 +00:00
c8e770c69d
Bug 321350 Implement optimized code for NIST Suite B elliptic curves
...
r=douglas r=vipul
2006-03-24 22:55:51 +00:00
a9beb655f0
Backout changes for bug 321350
...
Implement optimized code for NIST Suite B elliptic curves
Those changes broke the build on Solaris. r=Sheriff Nelson
2006-03-24 09:08:24 +00:00
e72ce470d4
321350 Implement optimized code for NIST Suite B elliptic curves
...
r=douglas.
2006-03-23 19:55:37 +00:00
e13e6cc7f7
Bug 238051 Enable SSL session reuse for ECC cipher suites
...
r=nelson r=thomas.
patch in bug + white space changes suggested by nelson.
2006-03-22 19:18:30 +00:00
2bfdfe5969
Updated previous patch with douglas's input. (still bug 323817
...
Truncation of hashes for ECDSA should be done at bit level, not octet level).
r= vipul r=douglas
2006-03-22 19:02:06 +00:00
01ef3de28a
Bug 273637 3 locks in softoken have unsafe initialization
...
r=alexi r=julien
2006-03-21 19:36:53 +00:00
dd7e2a2cf6
Correct bug entry:
...
25683 EC param parsing error not propagated correctly
r=andreas.
2006-03-21 19:33:52 +00:00
6a7da6374e
Backing out previous changes that invalid or incorrect log entries for this
...
patch.
2006-03-21 19:30:10 +00:00
e182cdf8e2
*** empty log message ***
2006-03-21 19:23:30 +00:00
c385e5088d
Bug 273637 3 locks in softoken have unsafe initialization
...
r=alexi r=julien
2006-03-21 02:28:48 +00:00
6c95b75b6a
Avoid stack overflow while generating primes. Bug 310145. r=wtchang
2006-03-19 05:09:30 +00:00
5f90fef71c
Bug 238051 Enable SSL session reuse for ECC cipher suites
...
r=nelson
2006-03-17 21:15:09 +00:00
14c38aa668
Bug 329072 client sometimes fails to authenticate despite having cert
...
r= nelson
2006-03-17 20:44:23 +00:00
9e18a1acf3
Bug 323817 Truncation of hashes for ECDSA should be done at bit level, not octet level
...
r=vipul.gupta@sun.com
2006-03-17 16:58:06 +00:00
11b860880e
Bugzilla Bug 326503 producing a ProofOfPossession signature on a EC CRMF fails
...
Use SEC_GetSignatureAlgorithmOidTag() to map to the signature oid.
r=wtc
2006-03-15 21:46:24 +00:00
2b42f9feb9
Bugzilla Bug 326503 producing a ProofOfPossession signature on a EC CRMF fails
...
patch makes SHA1 the default hashing for RSA rather than MD5.
patch by wtc r=rrelyea.
2006-03-15 21:42:21 +00:00
aab12ab3a8
bug 329058 mpmontg.c doesn't compile when MP_CHAR_STORE_SLOW is defined
...
r=wtc
2006-03-15 19:22:32 +00:00
c783f88c97
bug 329058 mpmontg.c doesn't compile when MP_CHAR_STORE_SLOW is defined
...
r=wtc
2006-03-15 19:13:12 +00:00
2996640c67
Bug 324448. Convert mpi_x86.asm to mpi_x86_asm.c for Win32 built with MSVC.
...
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
r=julien.pierre sr=nelson@bolyard.com
2006-03-10 06:48:46 +00:00
d42549b7ac
Bug 324448. Convert mpi_x86.asm to mpi_x86.c for Win32 built with MSVC.
...
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
2006-03-09 23:50:43 +00:00
41a9b174bd
Bug 324448. Convert mpi_x86.asm to mpi_x86.c for Win32 built with MSVC.
...
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
r=julien.pierre sr=nelson@bolyard.com
2006-03-09 23:46:45 +00:00
19a46702bf
Bug 329002. fix cert reference leak. r=alexei.volkov,rrelyea
2006-03-09 23:38:57 +00:00
3203ada5f3
Bugzilla 324887: merge ECC and non-ECC QA test scripts.
...
Add return code and error message for ssl_stress and ssl_cov.
r=vipul, sr=nelson.
2006-03-08 00:47:28 +00:00
a0ed51d33e
Bugzilla Bug 329575: ECPoint_mul should multiply a point by the group order
...
faithfully because this operation is required by the public key validation
algorithm. r=douglas.stebila,vipul.gupta.
2006-03-08 00:19:34 +00:00
d679dc6d35
Bugzilla Bug 320578: added a new function ec_GenerateRandomPrivateKey to
...
generate a random private key without bias using the algorithm of FIPS
186-2 Change Notice 1, and use it to generate EC private key d and ECDSA
ephemeral private key k. The patch is contributed by Douglas Stebila
<douglas@stebila.ca> and improved by me. r=douglas.stebila,vipul.gupta.
2006-03-06 23:48:39 +00:00
85a72075f3
Bugzilla Bug 324887: The previous checkin introduced a comment bug. A
...
comment line must begin with exactly one '#' character followed by white
space.
2006-03-03 22:10:30 +00:00
f1ca8f1fd1
Bugzilla Bug 324887: merged ECC and non-ECC QA test scripts and removed
...
ECC QA test scripts. The patch is written by Vipul Gupta and Christophe
Ravel of Sun. r=wtc,nelsonb,jpierre
Modified Files:
cert/cert.sh smime/smime.sh ssl/ssl.sh ssl/sslauth.txt
ssl/sslcov.txt ssl/sslstress.txt tools/tools.sh
Removed Files:
fixtests.sh cert/eccert.sh smime/ecsmime.sh ssl/ecssl.sh
ssl/ecsslauth.txt ssl/ecsslcov.txt ssl/ecsslstress.txt
tools/ectools.sh
2006-03-03 20:06:03 +00:00
de8be1e067
Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key
...
pair with only one key. r=nelson.bolyard.
2006-03-03 18:48:09 +00:00
aed20ed068
Bugzilla bug 326482: removed incorrect comments. r=nelson.bolyard.
2006-03-03 18:45:54 +00:00
ac042bff56
Fix standalone mpi Makefile to build on OS/X. Bug 327405.
...
Patch contributed by Douglas Stebila <douglas@stebila.ca>
2006-03-03 04:21:56 +00:00
5e2ca73982
Bug 327677. Fix cert object reference leak. r=julien.pierre,nelson
...
Patch contributed by Alexei Volkov <alexei.volkov.bugs@sun.com>
2006-03-03 04:00:49 +00:00
57a3c7aa21
Bug 236613: change to MPL/LGPL/GPL tri-license.
2006-03-02 22:48:55 +00:00
b69eb504ce
Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of
...
ECDSA signatures. Backed out a temporary workaround in
ECDSA_SignDigestWithSeed. Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
ssl/ssl3con.c
2006-03-02 00:07:08 +00:00
8696bd362e
Bugzilla Bug 326403: use "Mozilla Foundation" as the manufacturer or
...
producer of our shared libraries/DLLs. Removed the optional copyright
notices from our DLLs. r=relyea,jpierre.
Modified Files:
lib/ckfw/builtins/constants.c lib/ckfw/builtins/nssckbi.rc
lib/ckfw/capi/nsscapi.rc lib/ckfw/dbm/instance.c
lib/freebl/freebl.rc lib/nss/nss.rc lib/smime/smime.rc
lib/softoken/pkcs11.c lib/softoken/softokn.rc lib/ssl/ssl.rc
2006-03-01 19:44:36 +00:00
f95ae18fe7
Remove mp_init/mp_clear calls (and potential mallocs,frees and zeros)
...
in tight loops for bug #326482
r=nelson
2006-03-01 17:09:17 +00:00
6a21aaef0e
bug 326482 Implement the derive sensitive only for those derivation functions that require it.
...
fixes a performance problem with ECDH.
r=wtchang, nelson.
2006-03-01 16:12:22 +00:00
340adcfbfa
Bug 327405. Correct EC keypair Generation. r=vipul.gupta,nelson.bolyard
...
Patch contributed by Douglas Stebila <douglas@stebila.ca>
2006-03-01 07:06:24 +00:00
56fc6fa166
Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre
2006-03-01 05:45:45 +00:00
7986d13c5b
Bugzilla Bug 327978: removed obsolete files, superseded by the ecl
...
directory. r=douglas.stebila.
Removed files: GF2m_ecl.c GF2m_ecl.h GFp_ecl.c GFp_ecl.h
2006-02-28 23:43:19 +00:00
a86941f281
Bug 326315. Warning Reduction. On TRUNK only. r=Julien.Pierre
2006-02-28 05:56:07 +00:00
74a0a6eea2
Bug 325683. EC param parsing error not propagated correctly.
...
Fix the cases that Andreas identified. Patch by Andreas.Sterbenz@sun.com
r=Julien,wtchang,nelson
2006-02-28 05:44:56 +00:00
4b1a1b7cb3
Bug 326690. Enable modutil to configure default slots for the
...
AES, SHA256 or SHA512 mechanisms. r=rrelyea,julien.pierre
2006-02-28 05:16:00 +00:00
52395a4abb
Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites
...
from being negotiated by NSS servers. Necessary until the server side
of the _DHE_ cipher suites is fully implemented. r=Julien,Wan-Teh,Vipul
2006-02-28 04:20:23 +00:00
7a0f0203c7
Bugzilla Bug 320038: checked in a better fix that allows us to write
...
EC domain parameters as hex strings with leading 00's. r=douglas.stebila
sr=relyea.
Modified files: softoken/ecdecode.c freebl/ecl/ecl-curve.h
2006-02-27 23:18:34 +00:00
6c376850a1
Bugzilla Bug 328228: fixed the typo "secp169k1". The patch is contributed
...
by jyri <jyri.virkki@sun.com>. r=wtc,vipul.gupta.
Modified files: bltest/blapitest.c certutil/certutil.c
2006-02-22 22:15:57 +00:00
178bda1252
Change NSS version to 3.12 Beta on the tip.
2006-02-22 21:22:54 +00:00
8c8a6af5ea
Bugzilla Bug 326754: the previous checkin made us fail the NIST DSA PQGGen
...
test for [mod = 768] only. Backed out the more likely culprit.
2006-02-22 02:12:09 +00:00
c449f54be3
Bugzilla Bug 327529: unnamed arguments (third and after) for CERT_CreateRDN
...
must have the correct CERTAVA * type because compilers can't do automatic
type conversions. r=nelsonb,jpierre.
Modified files: alg1485.c secname.c
2006-02-20 23:06:55 +00:00
97a5c30a94
Renamed DSA_TEST_SEED_BYTES to PQG_TEST_SEED_BYTES.
2006-02-18 02:39:12 +00:00
0c104c2ece
Bugzilla Bug 327384: fixed an off-by-one error in the size of the 'genenc'
...
array. The patch is contributed by Andreas Sterbenz
<Andreas.Sterbenz@sun.com>. r=wtc,nelsonb
2006-02-16 22:33:13 +00:00
1dd17278e7
fix by wan-teh for RSA siggen tests r=glen
2006-02-16 01:50:55 +00:00
6e65720ba6
Bugzilla Bug 318967: use 160-bit SEED when generating DSA domain parameters
...
(PQG). Removed unused keySizeIndex variables. Handle the return value and
result output parameter of PQG_VerifyParams separately. Pad H with leading
0's when printing. r=glen.beasley.
2006-02-16 01:28:35 +00:00
a4db2be2c9
Fix for bug 321765. Allow NSS to decode certs with unsupported critical extensions. r=wtchang,nelson,rrelyea.
2006-02-16 00:06:24 +00:00
e393d91fcb
[Bug 326963] Interoperability test with apache/mod_ssl: tstclnt
...
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n
2006-02-15 22:22:32 +00:00
ac55eec5a2
Bugzilla Bug 318962: fixed signed/unsigned comparison warnings by MSVC.
...
r=glen.beasley.
2006-02-15 19:14:09 +00:00
4b0281cf28
Bugzilla Bug 318968: more ECDSA test cleanup. Do not zeroize when freezing
...
ECParams' arenas. Use EC_CopyParams to copy ECParams to an EC public key
and allocate the public key's value from the same arena. r=glen.beasley.
2006-02-15 19:06:51 +00:00
c0887f9e1d
Bugzilla Bug 326754: fixed two minor bugs related to the h parameter in
...
PQG parameter generation. r=nelsonb,glen.beasley.
2006-02-14 03:04:57 +00:00
b19b5965a5
Bugzilla Bug 326144: need to zeroize a SECItem that contains a copy of the
...
secret key. r=relyea,jpierre.
2006-02-14 02:55:09 +00:00
cfe8a9f253
Bugzilla bug 326751: CKR_SIGNATURE_INVALID is a much better default error
...
code for NSC_VerifyRecover than CKR_DEVICE_ERROR is. r=relyea.
2006-02-11 02:03:25 +00:00
7f3ba76b70
318970 RSA sigver test fix r=wan-teh
2006-02-10 23:27:38 +00:00
1f4cae4de9
Bugzilla Bug 326482 NSS ECC performance problems.
...
Patch by Nelson, r=relyea.
Save the public key when we create the keypair so we can use it later.
2006-02-10 19:39:53 +00:00
57d9010865
Bugzilla Bug 326482 NSS ECC performance problems.
...
r=nelsonb
Fix bug where ECC keys were not being copied on server startup
2006-02-10 18:54:58 +00:00
fd25589676
Bug 325657, r=Nelson,Wan-Teh, Unset ECL_USE_FP INT Solaris SPARC freebl
2006-02-10 04:38:05 +00:00
2cf33676b0
Bug 320187 NSC_WrapKey called with null output returns short length
...
r=nelsonb
2006-02-09 19:54:22 +00:00
8719a5f375
Bug #325682 , Adds -Wl,-rpath to link step for Linux distributions
...
r=Nelson, sr=Wan-Teh
2006-02-09 00:12:17 +00:00
2c3bfd1312
Bug 320583 Support for SHA256/384/512 with ECC signing
2006-02-08 06:14:31 +00:00
af4804d7ef
Fix for bug 326144 . softoken leaks in nsc_pbe_key_gen. r=nelson, rrelyea
2006-02-07 00:43:31 +00:00
eb3a64e821
Bugzilla Bug 318967: fixed compiler warnings, most of which were char *
...
and unsigned char * mismatches. r=glen.beasley.
2006-02-04 06:39:44 +00:00
58262b951b
Fix build bustage, change // comment to /* */
2006-02-03 20:22:52 +00:00
3aa755acfa
bug 152426, delegation of HTTP download for OCSP
...
r=julien.pierre, r=rrelyea
2006-02-03 18:14:49 +00:00
d55302f3a8
bug 245518 r=nelson, fix for p12 files encoded with null PWs
2006-02-02 20:26:03 +00:00
564cb27d28
Work around bug 292285: don't encode x400 addresses, don't print CRL contents
...
r=julien.pierre
2006-02-02 07:56:19 +00:00
b8088299c2
Allow CKM_ECDSA_SHA1 to be multipart. Bug 325494.
...
Patch contributed by Andreas Sterbenz <Andreas.Sterbenz@sun.com>
r=nelsonb,relyea,wtc.
2006-02-02 07:21:56 +00:00
ff1923a307
[Bug 325307] infinite loop in SECU_FindCrlIssuer. r=julien
2006-02-02 02:45:02 +00:00
fa47026f19
[Bug 324878] crlutil -L outputs false CRL names. r=julien
2006-02-02 02:35:07 +00:00
22c94ce3da
325305: minor memory leak in CERT_FindCertByNameString. r=wtc
2006-02-02 00:57:54 +00:00
db3d31ac92
Bugzilla Bug 318966: implemented the tests for the NIST RNG Validation
...
System. r=glen.beasley.
Modified file: fipstest.c
Added file: rng.sh
2006-02-01 21:28:25 +00:00
c20388e588
Bugzilla Bug 318966: added two RNG functions FIPS186Change_GenerateX and
...
FIPS186Change_ReduceModQForDSA to blapi.h for the NIST RNG Validation
System. r=relyea,nelsonb.
Modified files: blapi.h ldvector.c loader.c loader.h prng_fips1861.c
2006-02-01 21:18:44 +00:00
3ebd845ca9
Bug 319619 "large" ECC private keys cannot be exported through PKCS #11
...
1) Change the export encrypted private key function to ask the token the wrap
size rather than trying to figure it out ourselves.
2) Fix the soften to correctly return the size.
r=wtc, nelsonb
2006-02-01 16:43:47 +00:00
decb139ec2
318970 RSA FIPS tests r=wan-teh sr=bobRelyea
2006-01-31 00:49:40 +00:00
46b88044bc
318970 RSA FIPS tests r=wan-teh sr=bobRelyea
2006-01-31 00:49:02 +00:00
b4358c2729
318970 RSA FIPS Alg Tests r=wan-teh, sr=bRelyea
2006-01-30 19:58:52 +00:00
2071d2bc7b
Fix broken build, caused by c++ style comment in c code.
2006-01-28 02:38:07 +00:00
ddca75b829
Set SSL2 and SSL3 timeout times properly for SSL server session cache.
...
Bug 223242. r=jullien.pierre
2006-01-28 02:21:31 +00:00
bb11f0b846
328967 DSA FIPS tests r=Wan-Teh
2006-01-27 18:53:07 +00:00
b1f1c414d0
Removed a blank line that broke the ssl_stress function in ecssl.sh, which
...
cannot handle blank lines.
2006-01-27 18:44:13 +00:00
d2bce3f900
Bugzilla Bug 320589: temporary workaround for SEC_SignData ECDSA signature
...
generation bug introduced by the previous checkin.
2006-01-26 23:51:42 +00:00
55e2995224
Removed an extraneous semicolon after the last parameter in a function
...
declaration.
2006-01-26 23:21:39 +00:00
6f9d05f035
Remove unnecessary ISALIST test from sparc versions of freebl DSOs.
...
Bug 302658. r=jullien.pierre,wtchang
2006-01-22 08:43:57 +00:00
6a41641124
Make dbck Debug mode work with Softoken. Bug 323570. r=rrelyea.
2006-01-22 06:54:34 +00:00
944db2b329
Don't use variables as structure initializers. Bug 274512. Fix build
...
on HPUX. r=julien.pierre,wtchang
2006-01-22 06:42:14 +00:00
06c2abf1fa
Detect certdb reference leaks at shutdown with assertions. Bug 324103.
...
r=rrelyea.
2006-01-22 06:36:36 +00:00
d6b2459e61
Bugzilla Bug 323977: use the "mapfile" (ld version script) on FreeBSD.
...
Build the freebl shared libraries with the -Bsymbolic flag for GNU ld.
r=nelsonb. Thanks to Glenn Randers-Pehrson <glennrp@imagemagick.org> for
reporting this bug and verifying these changes.
Modified files: coreconf/FreeBSD.mk nss/lib/freebl/Makefile
2006-01-21 02:33:33 +00:00
9633334de2
Plug a cert DB reference leak in softoken, related to trust objects.
...
Bug 324103, r=rrelyea
2006-01-21 02:23:42 +00:00
f116200e1d
Bugzilla Bug 320589: miscellaneous code cleanup: distinguish between the
...
length of the field size and the length of the base point order. Report
better error codes. In ECDSA_VerifyDigest, removed unnecessary local
variables and be lenient in the signature lengths we accept.
r=relyea,nelsonb
2006-01-21 02:14:46 +00:00
1477ed4b30
Fix for bug 317856 . uninitialized variable correction. r=wtchang
2006-01-20 22:55:15 +00:00
6f9e66cf05
Detect NULL server key pair pointer. Bug 321161. r=wtchang.
2006-01-20 17:40:21 +00:00
91408cf272
Fix for bug 317856 . compiler warnings in strsclnt
2006-01-20 00:43:23 +00:00
26731456ca
Bugzilla Bug 95323. Conditionally compile nsscapi.
...
r=julien
2006-01-19 19:55:28 +00:00
58862edcbf
change QA test order to be bottom-up. Bug 309412. r=jullien.pierre
2006-01-19 11:59:56 +00:00
e521b0a741
Back out last change, which broke the build.
2006-01-19 02:34:12 +00:00
a3089c6a9d
Prevent crash when making new cert8.db from old cert5.db.
...
This is not the final solution, but it works.
Bug 320029. r=rrelyea,sr=julien.pierre. On TRUNK.
2006-01-19 02:16:30 +00:00
f32a4d3f27
Add new function nsslowcert_DecodeAnyDBEntry. Correct the union
...
certDBEntry by adding the missing members. Bug 323570. r=rrelyea.
2006-01-19 02:09:37 +00:00
446a084b09
Softoken will no longer generate excessive key material for some SSL3
...
cipher suites. Bug 274512. r=rrelyea.
2006-01-19 01:12:53 +00:00
d27a2d48d9
Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and
...
PR_EmulateSendFile added in NSPR 4.1. r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c
2006-01-18 23:06:57 +00:00
0e9451eaef
Fix for bug 319495 . Clean up Makefiles for command-line tools. r=nelson
2006-01-18 22:44:39 +00:00
ce5e5d7682
Bugzilla Bug 323379: need to set ADDON_PATH for libsoftokn3.so to load
...
libfreebl3.so as an add-on on BeOS. Thanks to Doug Shelton
<doug@sheltonfamily.org>for reporting the bug and verifying the fix.
r=christophe.ravel.
2006-01-18 20:56:28 +00:00
f822c8f7d0
NSS ECDSA can only sign SHA-1 bug 320583
...
r=nelson patch ammended to change SHA-1 to HASH per wtc comment.
2006-01-17 00:38:59 +00:00
143f08953f
Bugzilla Bug 320497: indicate that we don't need an executable stack.
...
r=wolfgang.rosenauer,jpierre.
Modified files: arcfour-amd64-gas.s mpi/mpi_amd64_gas.s
2006-01-13 17:33:10 +00:00
909bcd2da3
HP and AIX cert extension tests failure fix.
2006-01-13 07:59:31 +00:00
cdf90d5eb6
Bugzilla Bug 323079: when libsoftoken and libssl load the freebl library,
...
first try without resolving symlinks. If we fail to load the library and
the pathname is a symbolic link, resolve the symbolic link and try again.
r=jpierre. sr=relyea.
2006-01-12 23:46:31 +00:00
d5a3092f79
cert extension test for 53229: certutil should not use gets(). julien:review+
2006-01-12 01:09:03 +00:00
0d90a194f0
Bugzilla Bug 318968: fixed the build error with NSS_ENABLE_ECC unset.
...
Modified files: Makefile fipstest.c
2006-01-05 21:49:05 +00:00
fb899e04af
Fix the build busted by checkin for bug 318968
2005-12-23 03:14:36 +00:00
d8c1021594
Bugzilla Bug 318968: added FIPS ECDSA algorithm test. r=glen.beasley.
...
Modified file: fipstest.c
Added file: ecdsa.sh
2005-12-22 22:22:17 +00:00
e681f06b4a
Bugzilla Bug 318962: combined a PORT_Realloc and a memset call into an
...
equivalent PORT_ZAlloc call. r=glen.beasley.
2005-12-22 22:19:03 +00:00
cb01eaf34d
Bugzilla bug 318962: it is legal for PORT_Realloc(oldptr, 0) to return
...
NULL, so that shouldn't be treated as a memory allocation failure.
2005-12-22 01:39:17 +00:00
784abb2c93
318958 fixing c++/java comment to C
2005-12-21 00:29:44 +00:00
03bbc006b5
318958 fixing Monte Carlo test r=Wan-Teh
2005-12-21 00:13:52 +00:00
3ce12eeea4
318962 buffer fix for SHA Monte Carlo tests r=wan-teh
2005-12-20 18:20:50 +00:00
3b577f224d
Bugzilla Bug 317052: removed the obsolete file lib/base/whatnspr.c from
...
CVS. r=relyea.
Modified Files:
base.h error.c manifest.mn
Removed Files:
whatnspr.c
2005-12-19 17:53:28 +00:00
165d7b9185
Bugzilla Bug 272484: code cleanup. keythi.h: remove the unused type
...
definition of SEC_PKCS5KeyAndPassword. p12d.c: We only need to set
p12dcx->currentASafeP7Dcx to NULL if it isn't NULL. r=relyea.
Modified Files: cryptohi/keythi.h pkcs12/p12d.c
2005-12-19 17:46:30 +00:00
8888626b36
Fix build. Remove c++ style declaration of loop control variables.
2005-12-17 01:03:12 +00:00
f39056f8e1
318964 implement HMAC algorithm tests for FIPS 140-2 validation r=Wan-teh
2005-12-16 16:57:49 +00:00
4961f4ed28
Mac fixes to ckfw.
2005-12-16 01:57:41 +00:00
ec7b991d91
Add support for the cryptoki crypto functions. This support is necessary for
...
capi and mackey. r=kaie
2005-12-16 00:48:02 +00:00
db00345d74
318962 Added FIPS 140-2 SHA tests and removed FIPS 140-1 SHA tests r=wan-teh
2005-12-15 18:50:52 +00:00
e14803c6ab
318962 Added FIPS 140-2 SHA tests and removed FIPS 140-1 SHA tests r=wan-teh
2005-12-15 18:47:20 +00:00
cfdbc102fe
Bugzilla Bug 320047: mp_to_unsigned/signed/fixlen_octets copies nothing to
...
the buffer if the mp_int is zero. r=nelsonb.
2005-12-14 02:18:35 +00:00
fff23fc797
Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12
...
plus upcoming revisions. The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
tests/ssl/ssl.sh
2005-12-14 01:49:40 +00:00
ae4c8fde88
318958 removal of DES and Triple DES 140-1 code r=wan-teh
2005-12-14 01:19:11 +00:00
d1a203a963
Bugzilla Bug 320038: ecl/ecl-curve.h: removed unnecessary leading zero byte
...
in the base point orders of curves K-233 and K-409. ec.c: pad the private
key with leading zeros to the length of the base point order.
r=douglas.steblia.
2005-12-13 22:31:34 +00:00
b6c6d7d561
318958 TDEA algorithm tests for FIPS 140-2
2005-12-09 16:55:53 +00:00
4092a7d72e
Initialize mpi data using mpi macros, not static data bug 319252
...
r=douglas
2005-12-08 23:22:26 +00:00
8939047c97
305028: make pretty print utility print hex data in case when data type was not recognized; rw+nelson
2005-12-05 23:09:38 +00:00
77cb1d9d48
Bug 316925
...
Key export does not work on tokens with non-sensitive keys that can't wrap.
r=kaie
2005-11-24 00:40:14 +00:00
38154c250e
Bug 129303
...
NSS needs to expose interfaces to deal with multiple token sources of certs.
r=kaie
2005-11-23 23:56:38 +00:00
4b7f9f6804
Bug 129303 NSS needs to expose interfaces to deal with multiple token sources of certs
...
r=kaie
2005-11-23 23:54:15 +00:00
cdcebb8e7e
PKCS #11 module to supply Access to the Mac OS X Keychain.
2005-11-23 23:04:08 +00:00
b64584ad16
Fix bug in MP_ALIGN macro that always truncated pointers to 32-bits,
...
even on 64-bin platforms. Bug 298630. r=rrelyea.
2005-11-23 01:12:34 +00:00
2537abf9f5
Weave patch: bug 298630 r=nelson
2005-11-22 07:16:43 +00:00
ac287b2f5a
Begin building mpcpucache.c. On Sun Studio platforms, build from two
...
new .s files. Bug 298630. r=rrelyea.
2005-11-22 07:13:32 +00:00
0750e1e7ef
Turn NSS_BETA off for NSS 3.11 RC2.
...
r+ Julien Pierre.
2005-11-22 01:58:35 +00:00
dc5fae9e7c
Back to BETA flag on the trunk.
...
r+ Julien Pierre
2005-11-21 18:46:12 +00:00
46f08a0c89
Turn NSS_BETA to FALSE for NSS 3.11 RC.
...
r+: Julien Pierre.
2005-11-21 04:08:44 +00:00
wtchang%redhat.com
alexei.volkov.bugs%sun.com
rrelyea%redhat.com
nelson%bolyard.com
julien.pierre.bugs%sun.com
kaie%kuix.de
glen.beasley%sun.com
gerv%gerv.net
christophe.ravel.bugs%sun.com
neil.williams%sun.com
nelsonb%netscape.com
relyea%netscape.com