mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
121 333 коммитов 615 Ветки 98 Теги 6 GiB
Граф коммитов

2827 Коммитов

Автор SHA1 Сообщение Дата
relyea%netscape.com 62acf06bc9 Remove external use of SEC_TraversePermCerts(). Bug 130968. 2003-03-05 01:04:33 +00:00
relyea%netscape.com 3db543d86d Bug 185245. including wtc's comments. 
Don't reference memory beyond the end the the data element when decoding a
SubjectEntry. Prevents crashes from corrupted Subject Entries.
 2003-03-05 01:02:03 +00:00
relyea%netscape.com c62f62ef69 Fix memory leaks. (roll fixes from 3.7 BRANCH). 2003-03-05 00:59:36 +00:00
relyea%netscape.com df524309b9 Incorporate wtc comment from bug 19061 (removal of commented code). 2003-03-04 23:11:09 +00:00
relyea%netscape.com b47c2269f6 bug 162976: make crl update atomic. Set up new Crl with a new Object ID which is different from the old one. 2003-03-04 22:36:27 +00:00
relyea%netscape.com a9f27f307f Bug 162976. Make CRL updates 'atomic' . Insert new CRL before deleting the 
old one.b
 2003-03-04 22:34:56 +00:00
relyea%netscape.com c339a0b104 Print all the certs for a given nickname, not just the first. 2003-03-04 22:32:24 +00:00
relyea%netscape.com 9024b2c79f Fix QA failures on tip (don't dereference through a NULL pointer). 2003-03-03 19:46:22 +00:00
wtc%netscape.com 8f947046b1 Bug 195127: 1. Enable DEBUG_SHVERIFY. 2. Added debug output to print the 
file name if PR_Open fails.
 2003-03-01 01:53:11 +00:00
relyea%netscape.com ed4ffe44f6 bug 19590 
RFE:Add ability to encode/decode NSSCMSRecipientInfo structures

r=javi,wtc
 2003-02-28 23:32:29 +00:00
ian.mcgreer%sun.com dd7d756307 bug 177556, signtool -l fails 
r=wtc
 2003-02-28 21:14:36 +00:00
ian.mcgreer%sun.com 4a82c09e70 bug 191757, InitOIDHash() not threadsafe 
r=relyea
 2003-02-28 21:13:20 +00:00
wtc%netscape.com 888f478faf Bug 195196: fixed a typo. 2003-02-27 14:49:30 +00:00
nelsonb%netscape.com f87129ad87 Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com 83101081ca Add missing dependency on error headers. 2003-02-26 23:52:40 +00:00
nelsonb%netscape.com 53f415bde5 Fix bug 194840. Get new random seed before each attempt to sign with DSA. 2003-02-25 23:45:23 +00:00
kirk.erickson%sun.com 58e6df6d02 Addresses bug 193378 modutil should print an error message, 
by printing error on SECMOD_DeleteInternalModule() failure.
 2003-02-25 02:09:11 +00:00
wtc%netscape.com 3d99d3f6a8 Bug 190537: build OS/2 DLLs using the map files to control symbol export. 
The patch is contributed by Javier Pedemonte <pedemont@us.ibm.com>.
Modified files: coreconf/OS2.mk coreconf/rules.mk nss/lib/ckfw/nssck.api
 2003-02-25 01:40:04 +00:00
wtc%netscape.com e82f9dbda9 Simplified the test for substrings. 2003-02-22 15:20:07 +00:00
nelsonb%netscape.com 15064057ce Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.
 2003-02-21 23:00:16 +00:00
wtc%netscape.com 08b98e2fe3 Bug 194309: cvs removed libpath.c because the freebl_GetLibraryFilePathname 
function has been replaced by the new NSPR 4.3 function
PR_GetLibraryFilePathname.
 2003-02-21 02:40:52 +00:00
wtc%netscape.com c049211d54 Bug 194309: replaced freebl_GetLibraryFilePathname by the new NSPR 4.3 
function PR_GetLibraryFilePathname.
Modified files: config.mk manifest.mn shvfy.c
 2003-02-21 00:41:24 +00:00
wtc%netscape.com 0cf4cab50e Bug 194222: Removed SECMOD_CallOnce. It is replaced by the new NSPR 4.3 
function PR_CallOnceWithArg.
Modified files: nss/nssinit.c pk11wrap/pk11cert.c pk11wrap/secmodi.h
 2003-02-20 16:58:57 +00:00
sonja.mirtitsch%sun.com 8f8e7357ec writing actual return of modutil to output.log, bug 193394 r=wtc 2003-02-20 00:52:40 +00:00
sonja.mirtitsch%sun.com cbe33c407b echoing modutil commandline to output.log, bug 193394 r=wtc 2003-02-19 23:26:52 +00:00
sonja.mirtitsch%sun.com 61cc07a65d switching the NSPR version to v4.3-beta1 2003-02-19 23:21:23 +00:00
jpierre%netscape.com 507f9b47a8 Patch for 193961 - incorporate Wan-Teh's feedback 2003-02-19 21:50:49 +00:00
jpierre%netscape.com 580265aeb3 Fix for bug 193691 . Make QuickDER return an error rather than assert if extraneous data is present in the buffer 2003-02-19 02:29:48 +00:00
thayes%netscape.com a74f0fa8b2 Bug 192639: Use utility functions for managing token passwords so that 
cmsutil will prompt for the value if it is not given on the command line.
r=nelsonb
 2003-02-19 00:39:39 +00:00
wtc%netscape.com 3294d2a320 Bug 193367: do not call PR_Now() in a loop. r=nelsonb. 2003-02-18 23:26:39 +00:00
ian.mcgreer%sun.com fbd8eb30c2 bug 174200, don't attempt to decode cert when destroying it, handle failure 
to decode cert serial number
r=nelsonb
 2003-02-18 20:53:14 +00:00
wtc%netscape.com 03d1089088 Add DHE algorithms to the list. (Merged relyea's checkin (rev. 1.3.2.1) 
from the NSS_3_7_BRANCH to the trunk.)
 2003-02-18 02:53:54 +00:00
wtc%netscape.com b485d030fd Bug 188856: it is not necessary to declare 'crv' in these blocks because it 
is already declared in the outer scope.
 2003-02-18 02:47:04 +00:00
wtc%netscape.com 629dd8c57a Bug 192617: export NSS_CMSRecipientInfo_Wrap/UnwrapBulkKey from the smime3 
shared library.
 2003-02-18 00:45:34 +00:00
wtc%netscape.com c766b3d808 Bug 193055: the "cat ${file} | while read ...do ... done" construct does 
not work under MKS Korn shell on Windows XP.  Replaced it by the equivalent
construct "while read ... do ... done < ${file}".
 2003-02-15 04:48:13 +00:00
relyea%netscape.com 4c4ce5586d Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).
 2003-02-15 01:21:25 +00:00
relyea%netscape.com 7737f1bf2b bug193367: Don't blindly copy all the certs from a given S/MIME message into the db. 2003-02-15 00:23:04 +00:00
sonja.mirtitsch%sun.com 6f1f50b42a bug 193394, change to check returncode of modutil after switching to 
fips mode, r=wtc
 2003-02-14 21:30:45 +00:00
wtc%netscape.com 42ae3a8e2c There should be no token after #endif. 2003-02-14 05:32:35 +00:00
kirk.erickson%sun.com 1fa1add016 Changed License: MPL to MPL/GPL. 2003-02-13 18:24:07 +00:00
relyea%netscape.com f9dd52a261 Turn off debugging output now that we have the tinderboxen working correctly. 2003-02-13 17:41:45 +00:00
kirk.erickson%sun.com 2b7de9c634 Added softokn3 library, and the new integrity check files. 2003-02-13 03:30:19 +00:00
wtc%netscape.com 4c2bfee832 Bug 193057: add WINNT5.1_* symlinks in mozilla/dist for Windows XP QA. 2003-02-13 01:45:01 +00:00
relyea%netscape.com 65978ca4e4 Turn off the mangle test for now. 2003-02-12 22:21:59 +00:00
kirk.erickson%sun.com d44a9d0be8 Removed extraneous ` from PRODUCT_VERSION. 2003-02-12 16:12:14 +00:00
relyea%netscape.com d104d1a923 Always free the key reference passed to us from the client 2003-02-10 22:36:45 +00:00
kirk.erickson%sun.com 390576ed9e Resolves bug 191221, by adding dynamic versioning for Solaris. 2003-02-10 18:18:52 +00:00
wtc%netscape.com ada7b251c4 Bug 131826: backed out the zlib 1.1.4 upgrade because the signtool tests 
failed.
Modified Files:
	README adler32.c compress.c crc32.c deflate.c deflate.h
	example.c gzio.c infblock.c infblock.h infcodes.c infcodes.h
	inffast.c inffast.h inflate.c inftrees.c inftrees.h infutil.c
	infutil.h minigzip.c trees.c uncompr.c zconf.h zlib.h zutil.c
	zutil.h
 2003-02-08 15:00:13 +00:00
wtc%netscape.com 22417a7df4 Bug 131826: checked in the README file of zlib 1.1.4. 2003-02-08 09:10:36 +00:00
wtc%netscape.com 305ac614c0 Bug 131826: upgraded to zlib 1.1.4. 
Modified Files:
	adler32.c compress.c crc32.c deflate.c deflate.h example.c
	gzio.c infblock.c infblock.h infcodes.c infcodes.h inffast.c
	inffast.h inflate.c inftrees.c inftrees.h infutil.c infutil.h
	minigzip.c trees.c uncompr.c zconf.h zlib.h zutil.c zutil.h
 2003-02-08 08:50:42 +00:00
wtc%netscape.com 80d543aa32 Bug 131826: added maketree.c from zlib 1.1.4. 2003-02-08 08:37:00 +00:00
wtc%netscape.com 9d38af738e Removed unused files stubs.c and zip_nodl.c. 2003-02-08 08:35:07 +00:00
wtc%netscape.com a301d47f42 Bug 131826: added new header files from zlib 1.1.4. 
Added Files: trees.h inffixed.h
 2003-02-08 08:30:11 +00:00
relyea%netscape.com ab77a6c23c Sigh, the QA scripts look for the word 'failed', but it's common that we 
can't open the shared library and isn't a real failure, so change the wording
 2003-02-08 01:52:37 +00:00
relyea%netscape.com 41a2236e7e Skip corruption test if someone has locked down the shared library on us. 2003-02-08 00:02:06 +00:00
wtc%netscape.com 5076009554 Exit with 1 rather than -1 on failure. Make sure the program exit with 1 
on all failures. Remove the symlink, if a file/symlink by that name already
exists, before creating it to avoid the EEXIST error.
 2003-02-07 23:41:15 +00:00
wtc%netscape.com d84be87533 Use <> around standard/system header files. This file does not need 
string.h, but it should include stdio.h because it uses fprintf and printf.
 2003-02-07 23:21:53 +00:00
nelsonb%netscape.com a39cc492bc Fix bug 190527. Properly extend buffer when data exceeds 512 bytes. 2003-02-07 23:09:35 +00:00
relyea%netscape.com 7903049797 Fix signed/unsigned display issue. 
Add more loggin information on errors (rev 1.3 added this but lost it's log).
 2003-02-07 23:05:07 +00:00
relyea%netscape.com d07389a152 *** empty log message *** 2003-02-07 23:02:43 +00:00
relyea%netscape.com 1c52cb2c3d Add test to see if the shlib was actually changed. 2003-02-07 21:13:10 +00:00
relyea%netscape.com e196a4143b Add Mangle logging... 2003-02-07 21:12:26 +00:00
relyea%netscape.com 267c0b8095 Add debugging information. Turn on tempararily to get debug info from tinderbox failures. 2003-02-07 19:22:42 +00:00
kirk.erickson%sun.com f0a7cc54bb Moved rules.mk include to the end. 2003-02-07 07:16:37 +00:00
nelsonb%netscape.com 140acf91e3 Move the implementation of the TLS Pseudo Random Function (PRF) from 
pkcs11c.c into a new file: tlsprf.c.
 2003-02-07 06:42:20 +00:00
nelsonb%netscape.com 1bea4fac99 Fix the dbtests test on Windows, when run in all.sh. 
The problem was that fips.sh created a file in . named dbtest, which was
actually some text output by a previous test.  This dbtest file prevented
the dbtest program from running.  The text file now has another name.
 2003-02-07 06:32:59 +00:00
kirk.erickson%sun.com a07280607f Resolves bug 189504 (Build Linux RPMS). 2003-02-07 05:56:15 +00:00
nelsonb%netscape.com 6a424428f3 MKS shell doesn't know about echor command. Does any shell? 2003-02-07 05:48:34 +00:00
nelsonb%netscape.com 63cbaffd59 Remove unreferenced local variables from functions. 2003-02-07 05:08:01 +00:00
wtc%netscape.com 3da1c11d28 Moved the definition of MD_LIB_RELEASE_FILES from manifest.mn to Makefile 
so that it is right next to the definition of CHECKLOC, which it uses.
 2003-02-06 22:37:37 +00:00
relyea%netscape.com f97a44db49 Clean up tests 
Suppress error messages which we were expecting because it causes the QA
scripts to report a QA failure.
 2003-02-06 19:06:39 +00:00
relyea%netscape.com 0022c47e93 Mangle will be changing the shared libraries, so it should link with them. 2003-02-06 18:18:42 +00:00
wtc%netscape.com d12037cd31 Bug 177387: Put the configuration/assignments before the rules in Makefile. 
Define MD_LIB_RELEASE_FILES in manifest.mn so that the *.chk files are
included in the mdbinary.jar files generated by the release target.
 2003-02-06 16:56:46 +00:00
relyea%netscape.com f61ba94871 Turn on FIPS test again. 2003-02-06 16:13:44 +00:00
relyea%netscape.com 4bb120679c Introduce shell variables for DLL_PREFIX and DLL_SUFFIX 2003-02-06 16:13:22 +00:00
wtc%netscape.com d7d81c7883 Support both ";" and ":" as PATH separators on Windows. MKS Korn shell 
uses ";" but Cygwin bash uses ":".
 2003-02-06 14:52:43 +00:00
wtc%netscape.com 5cc66223d8 Backed out the previous checkin because it doesn't work on Windows. 2003-02-06 05:33:33 +00:00
wtc%netscape.com 025206b16f Bug 177387: include the *.chk files in the mdbinary.jar files generated by 
the release makefile target.
Modified Files: lib/freebl/manifest.mn lib/softoken/manifest.mn
 2003-02-06 03:52:37 +00:00
relyea%netscape.com 9dbd723151 Remove mangle test until we can get the correct library name inside fips.sh for all platforms 2003-02-06 01:07:39 +00:00
relyea%netscape.com 7be71c5a0f Add check to 1) make sure we are in FIPS mode. and 2) to verify that we 
detect corrupted shared libraries while in FIPS mode.
 2003-02-06 00:50:00 +00:00
relyea%netscape.com 90be81e5ad The NSPR get shared lib interface requires the library name only, 
not a partial path to the library. This affects AIX.
 2003-02-06 00:49:09 +00:00
relyea%netscape.com f419ac9454 Try to load the new module before we've unloaded the old one. This now 
works in NSS, and it allows us to back out if the new one didn't load (because
FIPS could not verify the shared module for instance).
 2003-02-05 00:35:53 +00:00
relyea%netscape.com 0c754d450b Update db test to verify cert8 not cert7 2003-02-05 00:33:52 +00:00
relyea%netscape.com 87a6506c3f Surface the Err codes if we fail to shift to FIPS mode. 
Add new option to verify that we have shifted to FIPS mode.
 2003-02-05 00:31:15 +00:00
relyea%netscape.com 9091d5b06d 1) turn on mangle builds. 
2) better fix for the missing MAXPATHLEN missing define.
3) make room for the '\0' in the pathname.
 2003-02-05 00:29:35 +00:00
relyea%netscape.com d4c0391ff4 Fix LINUX breakage (define MAXPATHLEN if it wasn't defined the the standard 
system headers).
 2003-02-04 23:39:15 +00:00
relyea%netscape.com a0499c74ef Add code to handle symlinks. 
Add verbose output to print out hashes and signatures.
 2003-02-04 23:18:08 +00:00
relyea%netscape.com efdcf189a1 Add program which will mangle exactly 1 bit in a file. 2003-02-04 23:16:56 +00:00
relyea%netscape.com 75390fc662 Fix windows build breakage. 2003-02-04 19:03:11 +00:00
relyea%netscape.com 83e97a17cc Shell script to set up the path before running the signing tool 2003-02-03 21:06:57 +00:00
relyea%netscape.com 2d91037f77 Generate .chk file at build time when we build shlibsign 2003-02-03 21:06:18 +00:00
relyea%netscape.com 447f0c56f9 Check bug 188856 into the tip. 
1)return proper error code in more cases. 2) Fix bug in DH KeyPair Generation.

the essential part of this fix in pkcs11c.c where we add the CKA_NETSCAPE_DB
attribute on Diffie-Hellman key gen. I don't know why the code would have even
thought of working without this (unless we were testing with pregenerated
keys).

The rest of the fix is to surface more of the PKCS #11 error back up. There is
a separate bug to continue tracking the issue of lost PKCS #11 errors.
 2003-01-31 23:39:34 +00:00
nelsonb%netscape.com 3f08900d2f Fix an uninitialized variable. Bug 191396. 2003-01-31 22:26:56 +00:00
nelsonb%netscape.com 340366e2ff Fix crash in CERT_CheckKeyUsage caused by dereferencing a returned pointer 
without checkin it for NULL.
 2003-01-31 02:49:13 +00:00
nelsonb%netscape.com 9b5a756ce6 Fix bug 191396. Don't generate SEC_ERROR_LIBRARY_FAILURE unnecessarily 
while doing dsa signatures.
 2003-01-31 02:39:36 +00:00
relyea%netscape.com e7212afe42 FIPS library verifier. 2003-01-30 23:38:07 +00:00
relyea%netscape.com 691d3e25e1 FIPS library verifier 2003-01-30 23:36:37 +00:00
wtc%netscape.com 604f0ed9a1 Bug 191214: fixed the object leaks in signtool that prevented NSS_Shutdown 
from succeeding and added the NSS_Shutdown call back.  r=jpierre.
Modified Files: certgen.c sign.c signtool.c
 2003-01-30 23:11:13 +00:00
wtc%netscape.com 060a90105f Bug 177387: temporarily added freebl_GetLibraryFilePathname to libfreebl.a. 
This function has the same semantics as the NSPR 4.3 function
PR_GetLibraryFilePathname. This patch should be backed out when NSPR 4.3 is
released.
Modified Files: config.mk manifest.mn
Added Files: libpath.c
 2003-01-30 07:00:32 +00:00
jpierre%netscape.com 7f77163102 Fix for 190424 - don't query CKA_NETSCAPE_EMAIL attribute. r=wtc 2003-01-30 05:12:10 +00:00
jpierre%netscape.com da30938629 Fix for 190424 - don't query CKA_NETSCAPE_EMAIL attribute . r=wtc 2003-01-30 03:02:55 +00:00
jpierre%netscape.com 455618e1a1 Patch for memory leak . Bug 189976 . r=wtc 2003-01-30 02:59:35 +00:00
wtc%netscape.com 78b89796f5 Bug 191214: backed out the previous checkin until this bug (object leaks) 
is fixed.
 2003-01-30 01:50:31 +00:00
wtc%netscape.com dd7b545622 Bug 171263: signtool should call NSS_Shutdown before it exits. 2003-01-30 00:39:37 +00:00
relyea%netscape.com 510d42958f Move LIBJAR definitions around so that NT builds. 2003-01-29 23:37:10 +00:00
relyea%netscape.com 3a46194bdd 1) add vfyserv to the standard build. 
2) add tool to build shared library signature files for FIP's.

Code to verify requires NSPR changes before we can check it in.
 2003-01-28 18:53:22 +00:00
relyea%netscape.com 99d710be9c New header file to dump defines for managing signed FIPs libraries. 2003-01-28 18:50:02 +00:00
relyea%netscape.com 943c3bc77e Compile modutil with shared libraries. 2003-01-28 16:44:33 +00:00
relyea%netscape.com 6be85505ba Export functions needed for modutil to be compiled dynamically. 2003-01-28 16:41:46 +00:00
relyea%netscape.com d58c1ec22c Remove dead code and symbols from lib jar so that modutil can compile when 
linked with it.
 2003-01-28 16:39:32 +00:00
relyea%netscape.com 368b83f17c Sign 3 sets of changes are here: 
1) Provide accessor functions for the PK11_DefaultArray so that modutil
does not have to link statically to access it.

2) Try setting the attribute on an object before we go to the work of copying
it (Function Only used in Java).

3) Optimize searching for the more common types of attributes.
 2003-01-28 16:38:04 +00:00
wtc%netscape.com 228b3e52ed Bug 190396. 
Don't fail the search if the token returned an error that indicates that it
legitimately couldn't find a CRL
 2003-01-24 06:37:03 +00:00
relyea%netscape.com 998b101109 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 2003-01-23 22:02:37 +00:00
relyea%netscape.com 17117c5e23 Write changes back to the database when we correct incorrect user bit settings. 2003-01-23 19:38:53 +00:00
relyea%netscape.com f83c287af6 Set the size value when extracting a key 19011. 2003-01-23 17:30:15 +00:00
relyea%netscape.com 7d03017158 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.
 2003-01-23 17:27:34 +00:00
relyea%netscape.com 61a6011027 Fix bug 180824 Version 3.4 string hard coded in default token name. 2003-01-23 17:16:50 +00:00
ian.mcgreer%sun.com ae2e606e54 always use explicit serial numbers on generated certs, should fix QA failures on leia 2003-01-23 15:38:03 +00:00
jpierre%netscape.com f593a5bac0 Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb 2003-01-23 00:15:08 +00:00
wtc%netscape.com 8518277691 Bug 190112: PK11_ReadAttribute needs to call PK11_ExitSlotMonitor before 
we return because of allocation failure.
 2003-01-22 17:44:36 +00:00
wtc%netscape.com 0a514a798c Bug 189546: updated the comments to reflect what the new code does. 2003-01-22 06:24:53 +00:00
nelsonb%netscape.com 8a025005e9 Add OIDs for AES Key Wrap mechanism. 2003-01-22 04:35:54 +00:00
wtc%netscape.com b4f31cb711 Bug 189546: moved the switch statement for known key lengths to the 
beginning of PK11_GetKeyLength to work around a deadlock in nCipher
module if PK11_ExtractKeyValue is called.
 2003-01-22 03:55:21 +00:00
nelsonb%netscape.com 65a0422f22 Implement new AES Key Wrap mechanisms. Bug 167818. 2003-01-22 03:13:04 +00:00
wtc%netscape.com fdf8f4dc25 Bug 189345: we incorrectly assumed that a C_XxxFinal call to determine the 
length of the buffer would also terminate the active operation if the
buffer length is 0.  PKCS#11 says it doesn't, so we need to make the
additional C_XxxFinal call even if the buffer length is 0.  Allocate a
buffer from the heap if the stack buffer is too small and free the
heap-allocated buffer before we return from pk11_Finalize.  We can use the
stack buffer if count is equal to its size.
 2003-01-21 19:33:24 +00:00
relyea%netscape.com 65a9359e6e Bug 198364. Tokens keys do not own their handles. Don't let the key 
get destroyed when freed.
 2003-01-18 01:49:33 +00:00
nelsonb%netscape.com b39068212e When wrapping secret keys with an unpadded block cipher, null padd the keys 
as necessary, per the PKCS 11 spec.  Also, implement padding and unpadding
for single-part only ciphers.
 2003-01-17 05:50:08 +00:00
wtc%netscape.com 3cfd1da0cc Bug 145029: fixed compiler warnings (mostly "xxx might be used 
uninitialized").
 2003-01-17 02:49:11 +00:00
nelsonb%netscape.com 66dbe61852 One more fix for HPUX and Solaris. 2003-01-16 01:44:43 +00:00
jpierre%netscape.com bd1c6e2d6f Fix incorrect usage of QuickDER . See bug 160805 comment 16 2003-01-16 00:56:10 +00:00
nelsonb%netscape.com 52c0e7f513 Fix compilation error. This file is only compiled on 2 platforms. 2003-01-16 00:55:53 +00:00
nelsonb%netscape.com 191e2830e1 Switch from the old vendor-defined mechanism numbers to the new official 
PKCS 11 mechanism numbers.  These numbers will appear in v2.20.
 2003-01-16 00:43:58 +00:00
nelsonb%netscape.com 48e7307212 Enforce that softoken's mechanisms are used only with the PKCS 11 
functions that they're defined to work with.
 2003-01-16 00:28:05 +00:00
nelsonb%netscape.com b4debe71ef Complete the addition of AES Key Wrap to blapi in freebl. 2003-01-16 00:15:21 +00:00
nelsonb%netscape.com f8ffa9b2df Remove the implementation of CKM_KEY_WRAP_LYNKS from softoken. 2003-01-16 00:14:07 +00:00
nelsonb%netscape.com c74e098433 aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394 2003-01-14 22:16:04 +00:00
bishakhabanerjee%netscape.com f96d105632 Bug 171263 - NSS test apps to check return value of NSS_Shutdown 2003-01-14 01:03:21 +00:00
bishakhabanerjee%netscape.com 3f8b500ca5 Bug 171263 - NSS test apps shd check return value of NSS_Shutdown 2003-01-13 22:36:39 +00:00
relyea%netscape.com 6418dccb57 Check for Empty CRL list as well. 
Bug 164501.
 2003-01-10 19:09:46 +00:00
relyea%netscape.com 536df41f30 Declare PK11_TokenRefresh() 2003-01-10 17:53:01 +00:00
relyea%netscape.com 449530f503 Add the ability to generate certs with multiple DNS names. 2003-01-09 22:59:42 +00:00
relyea%netscape.com 5c9c0d249b Remember to include the global: tag 2003-01-09 18:44:26 +00:00
relyea%netscape.com e99b341301 backport NSS 3.7 fixes to the tip. 2003-01-09 18:15:11 +00:00
wtc%netscape.com 22b938bb47 Bug 186201: should handle a null 'environ' pointer, which can happen on 
Solaris if NSS is loaded with dlopen() by an executable linked with the
RTLD_GROUP flag.
 2003-01-09 04:34:31 +00:00
wtc%netscape.com ec08fd394a Bug 187629: do not refresh a CERTCertificate if the same instance of a 
cached cert is added to the collection.
 2003-01-09 04:29:01 +00:00
wtc%netscape.com 39a4a9cc69 Bug 186586: If at NSS shutdown there are still certs in the cert caches, 
cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later.  New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
 2003-01-08 21:58:29 +00:00
wtc%netscape.com cd80470fa2 Bug 186586: If at NSS shutdown there are still certs in the cert caches, 
cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later.  New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
Modified Files:
	base/errorval.c nss/nssinit.c pki/pki3hack.c pki/pki3hack.h
	pki/pkistore.c pki/pkistore.h pki/tdcache.c pki/trustdomain.c
	util/secerr.h
 2003-01-08 21:48:47 +00:00
wtc%netscape.com 209f994fd3 Need to call SSL_ClearSessionCache before calling NSS_Shutdown. 2003-01-08 21:40:52 +00:00
bishakhabanerjee%netscape.com c50dfa28ad checking return value of NSS_Shutdown. Bug 171263 2003-01-07 22:53:13 +00:00
bishakhabanerjee%netscape.com 1b239a8ed0 checking return value of NSS_Shutdown. Bug 171263 2003-01-07 22:31:36 +00:00
bishakhabanerjee%netscape.com 985e092196 new revision: 1.19; previous revision: 1.18 2003-01-07 22:29:54 +00:00
bishakhabanerjee%netscape.com 2430651225 set and exported NSS_STRICT_SHUTDOWN. Bug 171263 2003-01-07 22:10:10 +00:00
wtc%netscape.com 6eb33bd89e Bug 183612: added some comments. 2002-12-24 02:25:36 +00:00
wtc%netscape.com 158222292b Bug 183612: SECMOD_InitCallOnce() and SECMOD_CleanupCallOnce() should be 
declared and defined with an argument list of "(void)" instead of "()".
Modified Files: pk11cert.c secmodi.h
 2002-12-19 07:03:39 +00:00
wtc%netscape.com b5e025dea3 Bug 183612: renamed some new functions to be consistent with existing 
function names containing SubjectKey and PublicKey.  Moved internal
functions to private headers and use the lowercase cert_ prefix for the
internal functions for subject key ID mapping hash table. r=nelsonb.
 2002-12-19 00:26:34 +00:00
relyea%netscape.com 04963b62bb Bug 186058 2002-12-18 23:55:53 +00:00
wtc%netscape.com ee51cff828 Bug 183612: fixed the bug that 'extra' may be used uninitialized. r=javi. 2002-12-18 02:06:01 +00:00
wtc%netscape.com 8c5bcf00c1 Set NSS version to 3.8 Beta on the trunk. 2002-12-17 23:04:46 +00:00
wtc%netscape.com a67a4928f3 Export CERT_DestroyOCSPResponse in 3.7. Moved HASH_GetHashObjectByOidTag, 
HASH_GetHashTypeByOidTag, and SECITEM_ItemsAreEqual from 3.7 to 3.8.
 2002-12-17 23:02:53 +00:00
relyea%netscape.com 2602912c3d Make sure the session is protected over PKCS #11 calls. 2002-12-17 18:22:38 +00:00
wtc%netscape.com 1c4cebd09f Need to test for null pointers before destroying the lock and condition 
variable.  If NSS initialization fails, this lock and condition variable
may not get created.
 2002-12-17 02:47:46 +00:00
wtc%netscape.com 5a045514c6 I made a mistake in the previous checkin. certdb.h doesn't need to be 
included because the new function CERT_FindCertBySubjKeyID is declared in
cert.h.
 2002-12-17 02:08:51 +00:00
wtc%netscape.com 12860a5501 Bug 183612: added support for looking up a cert by subject key ID and 
creating a CMS recipient info from a subject key ID.  The patch was
contributed by Javi Delgadillo <javi@netscape.com>. r=relyea, wtc.
Modified Files:
	certdb/cert.h certdb/certdb.c certdb/certdb.h certdb/certv3.c
	certdb/stanpcertdb.c nss/nss.def nss/nssinit.c
	pk11wrap/pk11cert.c pk11wrap/pk11func.h pk11wrap/secmod.h
	pki/pki3hack.c smime/cms.h smime/cmslocal.h smime/cmspubkey.c
	smime/cmsrecinfo.c smime/cmssiginfo.c smime/cmst.h
	smime/smime.def
 2002-12-17 01:39:46 +00:00
relyea%netscape.com 3e6d515d45 Increment the tmpbuf pointer to the correct index point 2002-12-13 19:02:13 +00:00
wtc%netscape.com d212358f78 Bug 185074: open the files we just did a "chmod -w" on once to work around 
a Mac OS X NFS bug. Subsequent opens will see the file is readonly with no
delay.
 2002-12-13 02:06:34 +00:00
nelsonb%netscape.com 49ca4445ae Clean up command line options parsing and Usage message. 2002-12-13 01:25:45 +00:00
relyea%netscape.com 88da4209b7 Use correct sense of the timeout value. 2002-12-13 00:25:21 +00:00
nelsonb%netscape.com a4ffefd8be Support SHA256, SHA384, and SHA512 hashes in NSS. 2002-12-12 06:05:45 +00:00
relyea%netscape.com 15ce24e7da Don't break solaris or linux (add the ';') 2002-12-11 17:56:49 +00:00
relyea%netscape.com 986ee61360 Export new command to pull for token change events. 2002-12-11 17:53:20 +00:00
relyea%netscape.com 79fda8d95f Program to test smartcard removal and insertion detection. 2002-12-11 17:44:53 +00:00
relyea%netscape.com b3956b6cb3 Add token removal blocking function. 2002-12-11 17:43:24 +00:00
thayes%netscape.com 8d4be901b5 Bug 184557: Allow usage specified on command line (-u) to be used to validate 
certificates used for signing (-S option).  Also add special handling for
nickname "NONE" in the -Y option.  This specifies that no certificate and
encryption key preference should be included in the signature object.
 2002-12-11 01:44:37 +00:00
relyea%netscape.com abf1a9ae02 Sigh, this is what was breaking the Linux builds... incorrect initializer. 2002-12-10 18:09:16 +00:00
relyea%netscape.com 5a83c35578 Make SubjectAltEncode a public function. Fixes build breakage in Linux 2002-12-10 17:41:16 +00:00
relyea%netscape.com 1e02f10049 Add test cases for multiple email addresses in a single certificate. 2002-12-10 17:19:00 +00:00
relyea%netscape.com 7ba80c7f5c Add code to create multiple email addresses in a single cert. 2002-12-10 17:18:06 +00:00
relyea%netscape.com fa12d2382e Export the AltSubjectEncode function so our test programs can build certs 
with multiple email addresses.
 2002-12-10 17:15:15 +00:00
relyea%netscape.com 962c8ddfb3 Create profiles for all the email addresses in a certificate. 2002-12-10 17:14:17 +00:00
relyea%netscape.com 603a1de75c Fix padding value. 2002-12-06 19:11:57 +00:00
nelsonb%netscape.com aad3764409 Expunge dead code. 2002-12-05 22:16:22 +00:00
nelsonb%netscape.com 62b8516bb9 Don't compile the .c files in lib/pki1 on the trunk. These files are used 
only in Stan.
 2002-12-05 22:15:36 +00:00
wtc%netscape.com 5fa50f792d Bug 39494: added a check to prevent buffer overflow. r=mcgreer,nelsonb. 2002-12-04 23:41:49 +00:00
wtc%netscape.com 89bb676522 Fixed the build breakage of const unsigned char[] and unsigned char * 
mismatch on the Mac (compiler warnings on other platforms) by adding
(unsigned char *) typecasts.  r=relyea.  (Bug 183350)
 2002-12-04 00:28:56 +00:00
wtc%netscape.com 0def6ffdbe Bug 181878: fixed two more bugs in the new code to support multiple email 
addresses per certificate.  r=nelsonb.
 2002-11-27 01:28:03 +00:00
relyea%netscape.com c40360b6a9 More review changes, 
Fix incorrect return in pcertdb.c
 2002-11-26 22:14:56 +00:00
relyea%netscape.com 25a292272c Incorporate some of Nelson's review changes. 
Collapse all the profile data into an array for easier processing when printing out.
 2002-11-26 21:03:18 +00:00
relyea%netscape.com 7ee6bebcae Move mac build changes from 3.6 branch back to the trunk 2002-11-26 21:00:31 +00:00
wtc%netscape.com fd00621e5c Bug 180228: moved CERT_CRLCacheRefreshIssuer from the NSS_3.6.1 section to 
the NSS_3.7 section.
 2002-11-26 19:21:55 +00:00
relyea%netscape.com c296a3a69f Incorporate Terry's and Nelson's reviews. 2002-11-26 18:27:25 +00:00
nelsonb%netscape.com 4bdff07d6f Back out my last change. 2002-11-26 07:07:20 +00:00
nelsonb%netscape.com c4ae2fc1f4 Eliminate bug due to uninitialized variable index. Eliminate leak. 
Remove lots of warnings about signed/unsigned and assigning int to uchar.
 2002-11-26 05:58:51 +00:00
relyea%netscape.com 58543311f7 Bug 181878 allow multiple email addresses to point to a single subject record. 2002-11-26 00:13:54 +00:00
nelsonb%netscape.com b415060cf8 Put the nss 3.7 section after the nss 3.6.1 section. 2002-11-21 23:22:52 +00:00
ian.mcgreer%sun.com 72edde5172 bug 172247, don't allow import of duplicate issuer/serial certs 2002-11-21 20:43:15 +00:00
nelsonb%netscape.com e2809aa4e8 Add tests for sha256, sha384, and sha512. 2002-11-21 05:44:41 +00:00
nelsonb%netscape.com 6b8d4e688b Add test modes for sha256, sha384 and sha512. 
Fix the -c (restart) option for testing hashes.  It works with all hashes.
When the -d option is given along with the -i or -o filename option,
and the filename is not absolute, the filename is taken to be relative to
the the mode's test directory.
 2002-11-21 05:44:03 +00:00
nelsonb%netscape.com 924b265d37 Use the 32-bit code on Solaris x86 platforms, too. 2002-11-21 02:54:04 +00:00
nelsonb%netscape.com f8fead2f58 Add test cases from FIPS 180-2. 2002-11-21 02:26:50 +00:00
nelsonb%netscape.com c9be494de9 Back out revision 1.2, which was a workaround for a c preprocessor bug 
in a certain version of the c compiler for Dec/Compaq Alpha OSF1.
The file now requires one of these compilers on that platform:
Compaq C V6.3-132  or Compaq C V6.4-214 (dtk)
 2002-11-20 05:25:58 +00:00
nelsonb%netscape.com 6986b980f7 Optimization: change macros to do only 32-bit arithmetic on platforms 
with only 32-bit registers.
 2002-11-20 00:48:09 +00:00
jpierre%netscape.com e965a244ec Fix for bug 180894 - don't assert in ShutdownCRLCache() 2002-11-19 21:37:50 +00:00
kirk.erickson%sun.com b32a73f6fe Made 'solarispkg' copy pkg/solars to pkg/$(OBJDIR), and go there to 
build packages.  This addresses the problems Sonja reported which
resulted from building in the same tree nfs'd from multiple platforms
simultaneously.  Also removed -$(MACH) and ROOT-$OBJDIR changes that
failed to address this problem.
 2002-11-17 17:26:51 +00:00
nelsonb%netscape.com 0391c3a0ab Change all functions that create contexts for encryption to treat their 
input buffers as const.  Warning reduction.
 2002-11-16 06:09:58 +00:00
jpierre%netscape.com 071bcc8ef0 Fix again? 2002-11-16 05:05:17 +00:00
jpierre%netscape.com 2854b0f273 Fix build again ! 2002-11-16 04:27:39 +00:00
nelsonb%netscape.com c69f246d7a Recognize new SHAxxx OIDs. 2002-11-16 03:34:53 +00:00
jpierre%netscape.com a46a21ce98 Fix build 2002-11-16 03:32:40 +00:00
nelsonb%netscape.com d2a0920045 Correct softoken routines to work with new larger SHAxxx hashes. 2002-11-16 03:32:39 +00:00
nelsonb%netscape.com 5556b4b77f Correct HMAC code to work with new larger SHAxxx hashes. 2002-11-16 03:30:37 +00:00
nelsonb%netscape.com dd4c5651b8 Add new SHAxxx hash algorithms to tables of SECHashObjects. 2002-11-16 03:29:32 +00:00
nelsonb%netscape.com 0575c4bc91 Declare new vendor-defined mechanisms for SHA256, SHA384 and SHA512. 2002-11-16 03:25:01 +00:00
nelsonb%netscape.com eeb4bc7c50 Now that we have hashes larger than SHA1, 
#define HASH_LENGTH_MAX         SHA512_LENGTH
 2002-11-16 03:21:53 +00:00
nelsonb%netscape.com 6b4fae5a4a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com 9ee53c1fde Add "const" modifier to all fixed arrays used for keys or known text. 2002-11-16 01:00:44 +00:00
nelsonb%netscape.com 2d2f10ff75 Fix crash when formatting a cert with optional version not given. 2002-11-15 06:32:51 +00:00
jpierre%netscape.com d654882327 Patch for 180228 - export CRL cache flush API . r=wtc 2002-11-15 05:04:05 +00:00
nelsonb%netscape.com 4f733e25ac Make selfserv build for Darwin. 2002-11-14 23:33:24 +00:00
ian.mcgreer%sun.com 476282ab25 bug 39494, handle non-standard AVAs properly 
r=nelsonb
 2002-11-14 17:04:43 +00:00
relyea%netscape.com de6635b1b4 Adjust the time values so we have correct and consistant displays. 2002-11-11 22:01:57 +00:00
relyea%netscape.com c89a0a7444 Multi-access database race condition patches. These changes are already checked 
into NSS 3.6.1.
 2002-11-11 22:00:03 +00:00
kirk.erickson%sun.com 7b5d682d55 Made awk_pkginfo-$(MACH) machine dependent for Sonja's release build. 2002-11-11 20:44:55 +00:00
relyea%netscape.com 37feda0de1 Remove long dead code from util. triggered by bug 179038 2002-11-11 18:17:24 +00:00
jpierre%netscape.com cc471dc4ee Assert if the QuickDER decoder does not consume all the input 2002-11-09 01:56:01 +00:00
relyea%netscape.com df7578f751 Bug 176667: kaie authored the patch, ian/relyea reviewed it. 2002-11-08 19:10:54 +00:00
jpierre%netscape.com 3fe1f54335 Fix for 177798 . Improve handling of initialization / shutdown of the CRL cache using a static status variable 2002-11-07 00:02:31 +00:00
ian.mcgreer%sun.com 9ec0046baa bug 177366, clean up refcounting 
r=relyea
 2002-11-06 18:53:55 +00:00
nelsonb%netscape.com e1484b41c3 Workaround a c preprocessor bug on a certain 64-bit platform. Bug 178314. 2002-11-05 01:52:49 +00:00
nelsonb%netscape.com 6710514e32 Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 2002-11-05 00:25:20 +00:00
relyea%netscape.com 789fae9e28 !@#!$@! signtool thinks it knows how to verify if the certdb's are there and 
OK or not. Of course it doesn't.

bob
 2002-11-04 20:37:08 +00:00
relyea%netscape.com 9452f46ac8 db8 code part 1: 
1) Create new dbs with 32 k buffers.
   2) New dbs never store a single entry greater than 30 k (those are stored
using the blob code).
   3) NSS can run with either new or old dbs read only.
   4) If possible a new db is upgraded from and old db.
 2002-11-04 19:31:59 +00:00
nelsonb%netscape.com c2ff4f68a2 Add some processor and compiler dependent optimizations to SHA1. 2002-11-02 01:53:01 +00:00
nelsonb%netscape.com 2ff4c01664 Add SHA256 SHA512 and SHA384 hashes to freebl. 2002-11-02 01:51:44 +00:00
jpierre%netscape.com edd979ec33 Fix for bug 177798 - NULL pointers in ShutdownCRLCache to allow shutdown/restart 
of NSS.
 2002-11-02 00:07:48 +00:00
nelsonb%netscape.com 95badac2f4 Fix several problems related to error messages, including an attempt to 
print a null string pointer.
 2002-11-01 21:04:33 +00:00
nelsonb%netscape.com cea8a96338 Reformat text. Fix syntax error in first examples. 2002-11-01 21:03:24 +00:00
jpierre%netscape.com 9c6ca52dde Remove call to PL_ArenaFinish . This effectively shut down NSPR arenas and created problems when restarting NSS . r=relyea 2002-10-31 22:02:10 +00:00
jpierre%netscape.com f3907a7439 Fix for 177208 - unmark arena when DER decoding is successful 2002-10-31 01:54:13 +00:00
jpierre%netscape.com 8083074fbc Fix for bug 175115 . Remove incorrect check for CA cert expiration. Also fix CRL signature verification and clean up internal functions . r=mcgreer,relyea,nelsonb,wtc 2002-10-30 23:31:38 +00:00
relyea%netscape.com 5d8b5a40ce Fix build breakage. Some platforms do not like to assign unsigned char * to 
char * without a cast.
 2002-10-30 19:01:21 +00:00
relyea%netscape.com 4db4a5989a The Serial number needs to be the DEREncoded serial number, not the decoded 
Serial number.
 2002-10-30 17:22:06 +00:00
relyea%netscape.com c301258ee1 Check in new certdata file generated from certdata.txt 2002-10-30 17:20:59 +00:00
relyea%netscape.com 014936248b Allow the builtin's to accept old style serial numbers as well the the correct 
PKCS #11 serial numbers.
 2002-10-30 17:18:14 +00:00
relyea%netscape.com a8cddf9408 Make the Serial Numbers DER Wrapped rather than raw serial numbers. 
This is required by PKCS #11 and was causing some bugs in NSS 3.6.
 2002-10-30 17:09:28 +00:00
wtc%netscape.com 182f81490a Bug 177201: declare NSS_CMSEncoder_Cancel. 2002-10-30 01:31:01 +00:00
bishakhabanerjee%netscape.com 446c866598 creating the cmdtests.sh script - bug 144316 2002-10-30 00:20:10 +00:00
jpierre%netscape.com c4e2aa9127 Fix for bug 95311 - copy the DER input key to the arena, and free the arena upon decoding failure. 2002-10-29 23:47:31 +00:00
jpierre%netscape.com 31ce9957ca Use QuickDER to decode DER public key. Bug #95311 2002-10-29 22:52:31 +00:00
kirk.erickson%sun.com 46d92ed7fa Integrated bundle of changes that we're done on NSS_3_3_2_SUN_PKG_BRANCH. 
x86 support (separate prototype_sparc, prototype_i386)
	single updated copyright on common_files
	no pkgdepend in common_files
 2002-10-26 18:04:40 +00:00
nelsonb%netscape.com b1090ac99f Plug cert leak in NSS_SMIMESignerInfo_SaveSMIMEProfile. Bug 176799. 
Patch contributed by Kai Engert.
 2002-10-25 22:46:48 +00:00