relyea%netscape.com
62acf06bc9
Remove external use of SEC_TraversePermCerts(). Bug 130968.
2003-03-05 01:04:33 +00:00
relyea%netscape.com
3db543d86d
Bug 185245. including wtc's comments.
...
Don't reference memory beyond the end the the data element when decoding a
SubjectEntry. Prevents crashes from corrupted Subject Entries.
2003-03-05 01:02:03 +00:00
relyea%netscape.com
c62f62ef69
Fix memory leaks. (roll fixes from 3.7 BRANCH).
2003-03-05 00:59:36 +00:00
relyea%netscape.com
df524309b9
Incorporate wtc comment from bug 19061 (removal of commented code).
2003-03-04 23:11:09 +00:00
relyea%netscape.com
b47c2269f6
bug 162976: make crl update atomic. Set up new Crl with a new Object ID which is different from the old one.
2003-03-04 22:36:27 +00:00
relyea%netscape.com
a9f27f307f
Bug 162976. Make CRL updates 'atomic' . Insert new CRL before deleting the
...
old one.b
2003-03-04 22:34:56 +00:00
relyea%netscape.com
c339a0b104
Print all the certs for a given nickname, not just the first.
2003-03-04 22:32:24 +00:00
relyea%netscape.com
9024b2c79f
Fix QA failures on tip (don't dereference through a NULL pointer).
2003-03-03 19:46:22 +00:00
wtc%netscape.com
8f947046b1
Bug 195127: 1. Enable DEBUG_SHVERIFY. 2. Added debug output to print the
...
file name if PR_Open fails.
2003-03-01 01:53:11 +00:00
relyea%netscape.com
ed4ffe44f6
bug 19590
...
RFE:Add ability to encode/decode NSSCMSRecipientInfo structures
r=javi,wtc
2003-02-28 23:32:29 +00:00
ian.mcgreer%sun.com
dd7d756307
bug 177556, signtool -l fails
...
r=wtc
2003-02-28 21:14:36 +00:00
ian.mcgreer%sun.com
4a82c09e70
bug 191757, InitOIDHash() not threadsafe
...
r=relyea
2003-02-28 21:13:20 +00:00
wtc%netscape.com
888f478faf
Bug 195196: fixed a typo.
2003-02-27 14:49:30 +00:00
nelsonb%netscape.com
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
83101081ca
Add missing dependency on error headers.
2003-02-26 23:52:40 +00:00
nelsonb%netscape.com
53f415bde5
Fix bug 194840. Get new random seed before each attempt to sign with DSA.
2003-02-25 23:45:23 +00:00
kirk.erickson%sun.com
58e6df6d02
Addresses bug 193378 modutil should print an error message,
...
by printing error on SECMOD_DeleteInternalModule() failure.
2003-02-25 02:09:11 +00:00
wtc%netscape.com
3d99d3f6a8
Bug 190537: build OS/2 DLLs using the map files to control symbol export.
...
The patch is contributed by Javier Pedemonte <pedemont@us.ibm.com>.
Modified files: coreconf/OS2.mk coreconf/rules.mk nss/lib/ckfw/nssck.api
2003-02-25 01:40:04 +00:00
wtc%netscape.com
e82f9dbda9
Simplified the test for substrings.
2003-02-22 15:20:07 +00:00
nelsonb%netscape.com
15064057ce
Fix bug 160207. Make TLS implementation resistant to timing attacks on
...
CBC block mode cipher suites in TLS. See bug for details.
2003-02-21 23:00:16 +00:00
wtc%netscape.com
08b98e2fe3
Bug 194309: cvs removed libpath.c because the freebl_GetLibraryFilePathname
...
function has been replaced by the new NSPR 4.3 function
PR_GetLibraryFilePathname.
2003-02-21 02:40:52 +00:00
wtc%netscape.com
c049211d54
Bug 194309: replaced freebl_GetLibraryFilePathname by the new NSPR 4.3
...
function PR_GetLibraryFilePathname.
Modified files: config.mk manifest.mn shvfy.c
2003-02-21 00:41:24 +00:00
wtc%netscape.com
0cf4cab50e
Bug 194222: Removed SECMOD_CallOnce. It is replaced by the new NSPR 4.3
...
function PR_CallOnceWithArg.
Modified files: nss/nssinit.c pk11wrap/pk11cert.c pk11wrap/secmodi.h
2003-02-20 16:58:57 +00:00
sonja.mirtitsch%sun.com
8f8e7357ec
writing actual return of modutil to output.log, bug 193394 r=wtc
2003-02-20 00:52:40 +00:00
sonja.mirtitsch%sun.com
cbe33c407b
echoing modutil commandline to output.log, bug 193394 r=wtc
2003-02-19 23:26:52 +00:00
sonja.mirtitsch%sun.com
61cc07a65d
switching the NSPR version to v4.3-beta1
2003-02-19 23:21:23 +00:00
jpierre%netscape.com
507f9b47a8
Patch for 193961 - incorporate Wan-Teh's feedback
2003-02-19 21:50:49 +00:00
jpierre%netscape.com
580265aeb3
Fix for bug 193691 . Make QuickDER return an error rather than assert if extraneous data is present in the buffer
2003-02-19 02:29:48 +00:00
thayes%netscape.com
a74f0fa8b2
Bug 192639: Use utility functions for managing token passwords so that
...
cmsutil will prompt for the value if it is not given on the command line.
r=nelsonb
2003-02-19 00:39:39 +00:00
wtc%netscape.com
3294d2a320
Bug 193367: do not call PR_Now() in a loop. r=nelsonb.
2003-02-18 23:26:39 +00:00
ian.mcgreer%sun.com
fbd8eb30c2
bug 174200, don't attempt to decode cert when destroying it, handle failure
...
to decode cert serial number
r=nelsonb
2003-02-18 20:53:14 +00:00
wtc%netscape.com
03d1089088
Add DHE algorithms to the list. (Merged relyea's checkin (rev. 1.3.2.1)
...
from the NSS_3_7_BRANCH to the trunk.)
2003-02-18 02:53:54 +00:00
wtc%netscape.com
b485d030fd
Bug 188856: it is not necessary to declare 'crv' in these blocks because it
...
is already declared in the outer scope.
2003-02-18 02:47:04 +00:00
wtc%netscape.com
629dd8c57a
Bug 192617: export NSS_CMSRecipientInfo_Wrap/UnwrapBulkKey from the smime3
...
shared library.
2003-02-18 00:45:34 +00:00
wtc%netscape.com
c766b3d808
Bug 193055: the "cat ${file} | while read ...do ... done" construct does
...
not work under MKS Korn shell on Windows XP. Replaced it by the equivalent
construct "while read ... do ... done < ${file}".
2003-02-15 04:48:13 +00:00
relyea%netscape.com
4c4ce5586d
Bug 167756. Address Nelson's review comments. remove socket specific latency
...
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
relyea%netscape.com
7737f1bf2b
bug193367: Don't blindly copy all the certs from a given S/MIME message into the db.
2003-02-15 00:23:04 +00:00
sonja.mirtitsch%sun.com
6f1f50b42a
bug 193394, change to check returncode of modutil after switching to
...
fips mode, r=wtc
2003-02-14 21:30:45 +00:00
wtc%netscape.com
42ae3a8e2c
There should be no token after #endif.
2003-02-14 05:32:35 +00:00
kirk.erickson%sun.com
1fa1add016
Changed License: MPL to MPL/GPL.
2003-02-13 18:24:07 +00:00
relyea%netscape.com
f9dd52a261
Turn off debugging output now that we have the tinderboxen working correctly.
2003-02-13 17:41:45 +00:00
kirk.erickson%sun.com
2b7de9c634
Added softokn3 library, and the new integrity check files.
2003-02-13 03:30:19 +00:00
wtc%netscape.com
4c2bfee832
Bug 193057: add WINNT5.1_* symlinks in mozilla/dist for Windows XP QA.
2003-02-13 01:45:01 +00:00
relyea%netscape.com
65978ca4e4
Turn off the mangle test for now.
2003-02-12 22:21:59 +00:00
kirk.erickson%sun.com
d44a9d0be8
Removed extraneous ` from PRODUCT_VERSION.
2003-02-12 16:12:14 +00:00
relyea%netscape.com
d104d1a923
Always free the key reference passed to us from the client
2003-02-10 22:36:45 +00:00
kirk.erickson%sun.com
390576ed9e
Resolves bug 191221, by adding dynamic versioning for Solaris.
2003-02-10 18:18:52 +00:00
wtc%netscape.com
ada7b251c4
Bug 131826: backed out the zlib 1.1.4 upgrade because the signtool tests
...
failed.
Modified Files:
README adler32.c compress.c crc32.c deflate.c deflate.h
example.c gzio.c infblock.c infblock.h infcodes.c infcodes.h
inffast.c inffast.h inflate.c inftrees.c inftrees.h infutil.c
infutil.h minigzip.c trees.c uncompr.c zconf.h zlib.h zutil.c
zutil.h
2003-02-08 15:00:13 +00:00
wtc%netscape.com
22417a7df4
Bug 131826: checked in the README file of zlib 1.1.4.
2003-02-08 09:10:36 +00:00
wtc%netscape.com
305ac614c0
Bug 131826: upgraded to zlib 1.1.4.
...
Modified Files:
adler32.c compress.c crc32.c deflate.c deflate.h example.c
gzio.c infblock.c infblock.h infcodes.c infcodes.h inffast.c
inffast.h inflate.c inftrees.c inftrees.h infutil.c infutil.h
minigzip.c trees.c uncompr.c zconf.h zlib.h zutil.c zutil.h
2003-02-08 08:50:42 +00:00
wtc%netscape.com
80d543aa32
Bug 131826: added maketree.c from zlib 1.1.4.
2003-02-08 08:37:00 +00:00
wtc%netscape.com
9d38af738e
Removed unused files stubs.c and zip_nodl.c.
2003-02-08 08:35:07 +00:00
wtc%netscape.com
a301d47f42
Bug 131826: added new header files from zlib 1.1.4.
...
Added Files: trees.h inffixed.h
2003-02-08 08:30:11 +00:00
relyea%netscape.com
ab77a6c23c
Sigh, the QA scripts look for the word 'failed', but it's common that we
...
can't open the shared library and isn't a real failure, so change the wording
2003-02-08 01:52:37 +00:00
relyea%netscape.com
41a2236e7e
Skip corruption test if someone has locked down the shared library on us.
2003-02-08 00:02:06 +00:00
wtc%netscape.com
5076009554
Exit with 1 rather than -1 on failure. Make sure the program exit with 1
...
on all failures. Remove the symlink, if a file/symlink by that name already
exists, before creating it to avoid the EEXIST error.
2003-02-07 23:41:15 +00:00
wtc%netscape.com
d84be87533
Use <> around standard/system header files. This file does not need
...
string.h, but it should include stdio.h because it uses fprintf and printf.
2003-02-07 23:21:53 +00:00
nelsonb%netscape.com
a39cc492bc
Fix bug 190527. Properly extend buffer when data exceeds 512 bytes.
2003-02-07 23:09:35 +00:00
relyea%netscape.com
7903049797
Fix signed/unsigned display issue.
...
Add more loggin information on errors (rev 1.3 added this but lost it's log).
2003-02-07 23:05:07 +00:00
relyea%netscape.com
d07389a152
*** empty log message ***
2003-02-07 23:02:43 +00:00
relyea%netscape.com
1c52cb2c3d
Add test to see if the shlib was actually changed.
2003-02-07 21:13:10 +00:00
relyea%netscape.com
e196a4143b
Add Mangle logging...
2003-02-07 21:12:26 +00:00
relyea%netscape.com
267c0b8095
Add debugging information. Turn on tempararily to get debug info from tinderbox failures.
2003-02-07 19:22:42 +00:00
kirk.erickson%sun.com
f0a7cc54bb
Moved rules.mk include to the end.
2003-02-07 07:16:37 +00:00
nelsonb%netscape.com
140acf91e3
Move the implementation of the TLS Pseudo Random Function (PRF) from
...
pkcs11c.c into a new file: tlsprf.c.
2003-02-07 06:42:20 +00:00
nelsonb%netscape.com
1bea4fac99
Fix the dbtests test on Windows, when run in all.sh.
...
The problem was that fips.sh created a file in . named dbtest, which was
actually some text output by a previous test. This dbtest file prevented
the dbtest program from running. The text file now has another name.
2003-02-07 06:32:59 +00:00
kirk.erickson%sun.com
a07280607f
Resolves bug 189504 (Build Linux RPMS).
2003-02-07 05:56:15 +00:00
nelsonb%netscape.com
6a424428f3
MKS shell doesn't know about echor command. Does any shell?
2003-02-07 05:48:34 +00:00
nelsonb%netscape.com
63cbaffd59
Remove unreferenced local variables from functions.
2003-02-07 05:08:01 +00:00
wtc%netscape.com
3da1c11d28
Moved the definition of MD_LIB_RELEASE_FILES from manifest.mn to Makefile
...
so that it is right next to the definition of CHECKLOC, which it uses.
2003-02-06 22:37:37 +00:00
relyea%netscape.com
f97a44db49
Clean up tests
...
Suppress error messages which we were expecting because it causes the QA
scripts to report a QA failure.
2003-02-06 19:06:39 +00:00
relyea%netscape.com
0022c47e93
Mangle will be changing the shared libraries, so it should link with them.
2003-02-06 18:18:42 +00:00
wtc%netscape.com
d12037cd31
Bug 177387: Put the configuration/assignments before the rules in Makefile.
...
Define MD_LIB_RELEASE_FILES in manifest.mn so that the *.chk files are
included in the mdbinary.jar files generated by the release target.
2003-02-06 16:56:46 +00:00
relyea%netscape.com
f61ba94871
Turn on FIPS test again.
2003-02-06 16:13:44 +00:00
relyea%netscape.com
4bb120679c
Introduce shell variables for DLL_PREFIX and DLL_SUFFIX
2003-02-06 16:13:22 +00:00
wtc%netscape.com
d7d81c7883
Support both ";" and ":" as PATH separators on Windows. MKS Korn shell
...
uses ";" but Cygwin bash uses ":".
2003-02-06 14:52:43 +00:00
wtc%netscape.com
5cc66223d8
Backed out the previous checkin because it doesn't work on Windows.
2003-02-06 05:33:33 +00:00
wtc%netscape.com
025206b16f
Bug 177387: include the *.chk files in the mdbinary.jar files generated by
...
the release makefile target.
Modified Files: lib/freebl/manifest.mn lib/softoken/manifest.mn
2003-02-06 03:52:37 +00:00
relyea%netscape.com
9dbd723151
Remove mangle test until we can get the correct library name inside fips.sh for all platforms
2003-02-06 01:07:39 +00:00
relyea%netscape.com
7be71c5a0f
Add check to 1) make sure we are in FIPS mode. and 2) to verify that we
...
detect corrupted shared libraries while in FIPS mode.
2003-02-06 00:50:00 +00:00
relyea%netscape.com
90be81e5ad
The NSPR get shared lib interface requires the library name only,
...
not a partial path to the library. This affects AIX.
2003-02-06 00:49:09 +00:00
relyea%netscape.com
f419ac9454
Try to load the new module before we've unloaded the old one. This now
...
works in NSS, and it allows us to back out if the new one didn't load (because
FIPS could not verify the shared module for instance).
2003-02-05 00:35:53 +00:00
relyea%netscape.com
0c754d450b
Update db test to verify cert8 not cert7
2003-02-05 00:33:52 +00:00
relyea%netscape.com
87a6506c3f
Surface the Err codes if we fail to shift to FIPS mode.
...
Add new option to verify that we have shifted to FIPS mode.
2003-02-05 00:31:15 +00:00
relyea%netscape.com
9091d5b06d
1) turn on mangle builds.
...
2) better fix for the missing MAXPATHLEN missing define.
3) make room for the '\0' in the pathname.
2003-02-05 00:29:35 +00:00
relyea%netscape.com
d4c0391ff4
Fix LINUX breakage (define MAXPATHLEN if it wasn't defined the the standard
...
system headers).
2003-02-04 23:39:15 +00:00
relyea%netscape.com
a0499c74ef
Add code to handle symlinks.
...
Add verbose output to print out hashes and signatures.
2003-02-04 23:18:08 +00:00
relyea%netscape.com
efdcf189a1
Add program which will mangle exactly 1 bit in a file.
2003-02-04 23:16:56 +00:00
relyea%netscape.com
75390fc662
Fix windows build breakage.
2003-02-04 19:03:11 +00:00
relyea%netscape.com
83e97a17cc
Shell script to set up the path before running the signing tool
2003-02-03 21:06:57 +00:00
relyea%netscape.com
2d91037f77
Generate .chk file at build time when we build shlibsign
2003-02-03 21:06:18 +00:00
relyea%netscape.com
447f0c56f9
Check bug 188856 into the tip.
...
1)return proper error code in more cases. 2) Fix bug in DH KeyPair Generation.
the essential part of this fix in pkcs11c.c where we add the CKA_NETSCAPE_DB
attribute on Diffie-Hellman key gen. I don't know why the code would have even
thought of working without this (unless we were testing with pregenerated
keys).
The rest of the fix is to surface more of the PKCS #11 error back up. There is
a separate bug to continue tracking the issue of lost PKCS #11 errors.
2003-01-31 23:39:34 +00:00
nelsonb%netscape.com
3f08900d2f
Fix an uninitialized variable. Bug 191396.
2003-01-31 22:26:56 +00:00
nelsonb%netscape.com
340366e2ff
Fix crash in CERT_CheckKeyUsage caused by dereferencing a returned pointer
...
without checkin it for NULL.
2003-01-31 02:49:13 +00:00
nelsonb%netscape.com
9b5a756ce6
Fix bug 191396. Don't generate SEC_ERROR_LIBRARY_FAILURE unnecessarily
...
while doing dsa signatures.
2003-01-31 02:39:36 +00:00
relyea%netscape.com
e7212afe42
FIPS library verifier.
2003-01-30 23:38:07 +00:00
relyea%netscape.com
691d3e25e1
FIPS library verifier
2003-01-30 23:36:37 +00:00
wtc%netscape.com
604f0ed9a1
Bug 191214: fixed the object leaks in signtool that prevented NSS_Shutdown
...
from succeeding and added the NSS_Shutdown call back. r=jpierre.
Modified Files: certgen.c sign.c signtool.c
2003-01-30 23:11:13 +00:00
wtc%netscape.com
060a90105f
Bug 177387: temporarily added freebl_GetLibraryFilePathname to libfreebl.a.
...
This function has the same semantics as the NSPR 4.3 function
PR_GetLibraryFilePathname. This patch should be backed out when NSPR 4.3 is
released.
Modified Files: config.mk manifest.mn
Added Files: libpath.c
2003-01-30 07:00:32 +00:00
jpierre%netscape.com
7f77163102
Fix for 190424 - don't query CKA_NETSCAPE_EMAIL attribute. r=wtc
2003-01-30 05:12:10 +00:00
jpierre%netscape.com
da30938629
Fix for 190424 - don't query CKA_NETSCAPE_EMAIL attribute . r=wtc
2003-01-30 03:02:55 +00:00
jpierre%netscape.com
455618e1a1
Patch for memory leak . Bug 189976 . r=wtc
2003-01-30 02:59:35 +00:00
wtc%netscape.com
78b89796f5
Bug 191214: backed out the previous checkin until this bug (object leaks)
...
is fixed.
2003-01-30 01:50:31 +00:00
wtc%netscape.com
dd7b545622
Bug 171263: signtool should call NSS_Shutdown before it exits.
2003-01-30 00:39:37 +00:00
relyea%netscape.com
510d42958f
Move LIBJAR definitions around so that NT builds.
2003-01-29 23:37:10 +00:00
relyea%netscape.com
3a46194bdd
1) add vfyserv to the standard build.
...
2) add tool to build shared library signature files for FIP's.
Code to verify requires NSPR changes before we can check it in.
2003-01-28 18:53:22 +00:00
relyea%netscape.com
99d710be9c
New header file to dump defines for managing signed FIPs libraries.
2003-01-28 18:50:02 +00:00
relyea%netscape.com
943c3bc77e
Compile modutil with shared libraries.
2003-01-28 16:44:33 +00:00
relyea%netscape.com
6be85505ba
Export functions needed for modutil to be compiled dynamically.
2003-01-28 16:41:46 +00:00
relyea%netscape.com
d58c1ec22c
Remove dead code and symbols from lib jar so that modutil can compile when
...
linked with it.
2003-01-28 16:39:32 +00:00
relyea%netscape.com
368b83f17c
Sign 3 sets of changes are here:
...
1) Provide accessor functions for the PK11_DefaultArray so that modutil
does not have to link statically to access it.
2) Try setting the attribute on an object before we go to the work of copying
it (Function Only used in Java).
3) Optimize searching for the more common types of attributes.
2003-01-28 16:38:04 +00:00
wtc%netscape.com
228b3e52ed
Bug 190396.
...
Don't fail the search if the token returned an error that indicates that it
legitimately couldn't find a CRL
2003-01-24 06:37:03 +00:00
relyea%netscape.com
998b101109
Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure.
2003-01-23 22:02:37 +00:00
relyea%netscape.com
17117c5e23
Write changes back to the database when we correct incorrect user bit settings.
2003-01-23 19:38:53 +00:00
relyea%netscape.com
f83c287af6
Set the size value when extracting a key 19011.
2003-01-23 17:30:15 +00:00
relyea%netscape.com
7d03017158
Check for token removal before continuing SSL sessions which have client auth
...
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
relyea%netscape.com
61a6011027
Fix bug 180824 Version 3.4 string hard coded in default token name.
2003-01-23 17:16:50 +00:00
ian.mcgreer%sun.com
ae2e606e54
always use explicit serial numbers on generated certs, should fix QA failures on leia
2003-01-23 15:38:03 +00:00
jpierre%netscape.com
f593a5bac0
Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb
2003-01-23 00:15:08 +00:00
wtc%netscape.com
8518277691
Bug 190112: PK11_ReadAttribute needs to call PK11_ExitSlotMonitor before
...
we return because of allocation failure.
2003-01-22 17:44:36 +00:00
wtc%netscape.com
0a514a798c
Bug 189546: updated the comments to reflect what the new code does.
2003-01-22 06:24:53 +00:00
nelsonb%netscape.com
8a025005e9
Add OIDs for AES Key Wrap mechanism.
2003-01-22 04:35:54 +00:00
wtc%netscape.com
b4f31cb711
Bug 189546: moved the switch statement for known key lengths to the
...
beginning of PK11_GetKeyLength to work around a deadlock in nCipher
module if PK11_ExtractKeyValue is called.
2003-01-22 03:55:21 +00:00
nelsonb%netscape.com
65a0422f22
Implement new AES Key Wrap mechanisms. Bug 167818.
2003-01-22 03:13:04 +00:00
wtc%netscape.com
fdf8f4dc25
Bug 189345: we incorrectly assumed that a C_XxxFinal call to determine the
...
length of the buffer would also terminate the active operation if the
buffer length is 0. PKCS#11 says it doesn't, so we need to make the
additional C_XxxFinal call even if the buffer length is 0. Allocate a
buffer from the heap if the stack buffer is too small and free the
heap-allocated buffer before we return from pk11_Finalize. We can use the
stack buffer if count is equal to its size.
2003-01-21 19:33:24 +00:00
relyea%netscape.com
65a9359e6e
Bug 198364. Tokens keys do not own their handles. Don't let the key
...
get destroyed when freed.
2003-01-18 01:49:33 +00:00
nelsonb%netscape.com
b39068212e
When wrapping secret keys with an unpadded block cipher, null padd the keys
...
as necessary, per the PKCS 11 spec. Also, implement padding and unpadding
for single-part only ciphers.
2003-01-17 05:50:08 +00:00
wtc%netscape.com
3cfd1da0cc
Bug 145029: fixed compiler warnings (mostly "xxx might be used
...
uninitialized").
2003-01-17 02:49:11 +00:00
nelsonb%netscape.com
66dbe61852
One more fix for HPUX and Solaris.
2003-01-16 01:44:43 +00:00
jpierre%netscape.com
bd1c6e2d6f
Fix incorrect usage of QuickDER . See bug 160805 comment 16
2003-01-16 00:56:10 +00:00
nelsonb%netscape.com
52c0e7f513
Fix compilation error. This file is only compiled on 2 platforms.
2003-01-16 00:55:53 +00:00
nelsonb%netscape.com
191e2830e1
Switch from the old vendor-defined mechanism numbers to the new official
...
PKCS 11 mechanism numbers. These numbers will appear in v2.20.
2003-01-16 00:43:58 +00:00
nelsonb%netscape.com
48e7307212
Enforce that softoken's mechanisms are used only with the PKCS 11
...
functions that they're defined to work with.
2003-01-16 00:28:05 +00:00
nelsonb%netscape.com
b4debe71ef
Complete the addition of AES Key Wrap to blapi in freebl.
2003-01-16 00:15:21 +00:00
nelsonb%netscape.com
f8ffa9b2df
Remove the implementation of CKM_KEY_WRAP_LYNKS from softoken.
2003-01-16 00:14:07 +00:00
nelsonb%netscape.com
c74e098433
aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394
2003-01-14 22:16:04 +00:00
bishakhabanerjee%netscape.com
f96d105632
Bug 171263 - NSS test apps to check return value of NSS_Shutdown
2003-01-14 01:03:21 +00:00
bishakhabanerjee%netscape.com
3f8b500ca5
Bug 171263 - NSS test apps shd check return value of NSS_Shutdown
2003-01-13 22:36:39 +00:00
relyea%netscape.com
6418dccb57
Check for Empty CRL list as well.
...
Bug 164501.
2003-01-10 19:09:46 +00:00
relyea%netscape.com
536df41f30
Declare PK11_TokenRefresh()
2003-01-10 17:53:01 +00:00
relyea%netscape.com
449530f503
Add the ability to generate certs with multiple DNS names.
2003-01-09 22:59:42 +00:00
relyea%netscape.com
5c9c0d249b
Remember to include the global: tag
2003-01-09 18:44:26 +00:00
relyea%netscape.com
e99b341301
backport NSS 3.7 fixes to the tip.
2003-01-09 18:15:11 +00:00
wtc%netscape.com
22b938bb47
Bug 186201: should handle a null 'environ' pointer, which can happen on
...
Solaris if NSS is loaded with dlopen() by an executable linked with the
RTLD_GROUP flag.
2003-01-09 04:34:31 +00:00
wtc%netscape.com
ec08fd394a
Bug 187629: do not refresh a CERTCertificate if the same instance of a
...
cached cert is added to the collection.
2003-01-09 04:29:01 +00:00
wtc%netscape.com
39a4a9cc69
Bug 186586: If at NSS shutdown there are still certs in the cert caches,
...
cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later. New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
2003-01-08 21:58:29 +00:00
wtc%netscape.com
cd80470fa2
Bug 186586: If at NSS shutdown there are still certs in the cert caches,
...
cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later. New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
Modified Files:
base/errorval.c nss/nssinit.c pki/pki3hack.c pki/pki3hack.h
pki/pkistore.c pki/pkistore.h pki/tdcache.c pki/trustdomain.c
util/secerr.h
2003-01-08 21:48:47 +00:00
wtc%netscape.com
209f994fd3
Need to call SSL_ClearSessionCache before calling NSS_Shutdown.
2003-01-08 21:40:52 +00:00
bishakhabanerjee%netscape.com
c50dfa28ad
checking return value of NSS_Shutdown. Bug 171263
2003-01-07 22:53:13 +00:00
bishakhabanerjee%netscape.com
1b239a8ed0
checking return value of NSS_Shutdown. Bug 171263
2003-01-07 22:31:36 +00:00
bishakhabanerjee%netscape.com
985e092196
new revision: 1.19; previous revision: 1.18
2003-01-07 22:29:54 +00:00
bishakhabanerjee%netscape.com
2430651225
set and exported NSS_STRICT_SHUTDOWN. Bug 171263
2003-01-07 22:10:10 +00:00
wtc%netscape.com
6eb33bd89e
Bug 183612: added some comments.
2002-12-24 02:25:36 +00:00
wtc%netscape.com
158222292b
Bug 183612: SECMOD_InitCallOnce() and SECMOD_CleanupCallOnce() should be
...
declared and defined with an argument list of "(void)" instead of "()".
Modified Files: pk11cert.c secmodi.h
2002-12-19 07:03:39 +00:00
wtc%netscape.com
b5e025dea3
Bug 183612: renamed some new functions to be consistent with existing
...
function names containing SubjectKey and PublicKey. Moved internal
functions to private headers and use the lowercase cert_ prefix for the
internal functions for subject key ID mapping hash table. r=nelsonb.
2002-12-19 00:26:34 +00:00
relyea%netscape.com
04963b62bb
Bug 186058
2002-12-18 23:55:53 +00:00
wtc%netscape.com
ee51cff828
Bug 183612: fixed the bug that 'extra' may be used uninitialized. r=javi.
2002-12-18 02:06:01 +00:00
wtc%netscape.com
8c5bcf00c1
Set NSS version to 3.8 Beta on the trunk.
2002-12-17 23:04:46 +00:00
wtc%netscape.com
a67a4928f3
Export CERT_DestroyOCSPResponse in 3.7. Moved HASH_GetHashObjectByOidTag,
...
HASH_GetHashTypeByOidTag, and SECITEM_ItemsAreEqual from 3.7 to 3.8.
2002-12-17 23:02:53 +00:00
relyea%netscape.com
2602912c3d
Make sure the session is protected over PKCS #11 calls.
2002-12-17 18:22:38 +00:00
wtc%netscape.com
1c4cebd09f
Need to test for null pointers before destroying the lock and condition
...
variable. If NSS initialization fails, this lock and condition variable
may not get created.
2002-12-17 02:47:46 +00:00
wtc%netscape.com
5a045514c6
I made a mistake in the previous checkin. certdb.h doesn't need to be
...
included because the new function CERT_FindCertBySubjKeyID is declared in
cert.h.
2002-12-17 02:08:51 +00:00
wtc%netscape.com
12860a5501
Bug 183612: added support for looking up a cert by subject key ID and
...
creating a CMS recipient info from a subject key ID. The patch was
contributed by Javi Delgadillo <javi@netscape.com>. r=relyea, wtc.
Modified Files:
certdb/cert.h certdb/certdb.c certdb/certdb.h certdb/certv3.c
certdb/stanpcertdb.c nss/nss.def nss/nssinit.c
pk11wrap/pk11cert.c pk11wrap/pk11func.h pk11wrap/secmod.h
pki/pki3hack.c smime/cms.h smime/cmslocal.h smime/cmspubkey.c
smime/cmsrecinfo.c smime/cmssiginfo.c smime/cmst.h
smime/smime.def
2002-12-17 01:39:46 +00:00
relyea%netscape.com
3e6d515d45
Increment the tmpbuf pointer to the correct index point
2002-12-13 19:02:13 +00:00
wtc%netscape.com
d212358f78
Bug 185074: open the files we just did a "chmod -w" on once to work around
...
a Mac OS X NFS bug. Subsequent opens will see the file is readonly with no
delay.
2002-12-13 02:06:34 +00:00
nelsonb%netscape.com
49ca4445ae
Clean up command line options parsing and Usage message.
2002-12-13 01:25:45 +00:00
relyea%netscape.com
88da4209b7
Use correct sense of the timeout value.
2002-12-13 00:25:21 +00:00
nelsonb%netscape.com
a4ffefd8be
Support SHA256, SHA384, and SHA512 hashes in NSS.
2002-12-12 06:05:45 +00:00
relyea%netscape.com
15ce24e7da
Don't break solaris or linux (add the ';')
2002-12-11 17:56:49 +00:00
relyea%netscape.com
986ee61360
Export new command to pull for token change events.
2002-12-11 17:53:20 +00:00
relyea%netscape.com
79fda8d95f
Program to test smartcard removal and insertion detection.
2002-12-11 17:44:53 +00:00
relyea%netscape.com
b3956b6cb3
Add token removal blocking function.
2002-12-11 17:43:24 +00:00
thayes%netscape.com
8d4be901b5
Bug 184557: Allow usage specified on command line (-u) to be used to validate
...
certificates used for signing (-S option). Also add special handling for
nickname "NONE" in the -Y option. This specifies that no certificate and
encryption key preference should be included in the signature object.
2002-12-11 01:44:37 +00:00
relyea%netscape.com
abf1a9ae02
Sigh, this is what was breaking the Linux builds... incorrect initializer.
2002-12-10 18:09:16 +00:00
relyea%netscape.com
5a83c35578
Make SubjectAltEncode a public function. Fixes build breakage in Linux
2002-12-10 17:41:16 +00:00
relyea%netscape.com
1e02f10049
Add test cases for multiple email addresses in a single certificate.
2002-12-10 17:19:00 +00:00
relyea%netscape.com
7ba80c7f5c
Add code to create multiple email addresses in a single cert.
2002-12-10 17:18:06 +00:00
relyea%netscape.com
fa12d2382e
Export the AltSubjectEncode function so our test programs can build certs
...
with multiple email addresses.
2002-12-10 17:15:15 +00:00
relyea%netscape.com
962c8ddfb3
Create profiles for all the email addresses in a certificate.
2002-12-10 17:14:17 +00:00
relyea%netscape.com
603a1de75c
Fix padding value.
2002-12-06 19:11:57 +00:00
nelsonb%netscape.com
aad3764409
Expunge dead code.
2002-12-05 22:16:22 +00:00
nelsonb%netscape.com
62b8516bb9
Don't compile the .c files in lib/pki1 on the trunk. These files are used
...
only in Stan.
2002-12-05 22:15:36 +00:00
wtc%netscape.com
5fa50f792d
Bug 39494: added a check to prevent buffer overflow. r=mcgreer,nelsonb.
2002-12-04 23:41:49 +00:00
wtc%netscape.com
89bb676522
Fixed the build breakage of const unsigned char[] and unsigned char *
...
mismatch on the Mac (compiler warnings on other platforms) by adding
(unsigned char *) typecasts. r=relyea. (Bug 183350)
2002-12-04 00:28:56 +00:00
wtc%netscape.com
0def6ffdbe
Bug 181878: fixed two more bugs in the new code to support multiple email
...
addresses per certificate. r=nelsonb.
2002-11-27 01:28:03 +00:00
relyea%netscape.com
c40360b6a9
More review changes,
...
Fix incorrect return in pcertdb.c
2002-11-26 22:14:56 +00:00
relyea%netscape.com
25a292272c
Incorporate some of Nelson's review changes.
...
Collapse all the profile data into an array for easier processing when printing out.
2002-11-26 21:03:18 +00:00
relyea%netscape.com
7ee6bebcae
Move mac build changes from 3.6 branch back to the trunk
2002-11-26 21:00:31 +00:00
wtc%netscape.com
fd00621e5c
Bug 180228: moved CERT_CRLCacheRefreshIssuer from the NSS_3.6.1 section to
...
the NSS_3.7 section.
2002-11-26 19:21:55 +00:00
relyea%netscape.com
c296a3a69f
Incorporate Terry's and Nelson's reviews.
2002-11-26 18:27:25 +00:00
nelsonb%netscape.com
4bdff07d6f
Back out my last change.
2002-11-26 07:07:20 +00:00
nelsonb%netscape.com
c4ae2fc1f4
Eliminate bug due to uninitialized variable index. Eliminate leak.
...
Remove lots of warnings about signed/unsigned and assigning int to uchar.
2002-11-26 05:58:51 +00:00
relyea%netscape.com
58543311f7
Bug 181878 allow multiple email addresses to point to a single subject record.
2002-11-26 00:13:54 +00:00
nelsonb%netscape.com
b415060cf8
Put the nss 3.7 section after the nss 3.6.1 section.
2002-11-21 23:22:52 +00:00
ian.mcgreer%sun.com
72edde5172
bug 172247, don't allow import of duplicate issuer/serial certs
2002-11-21 20:43:15 +00:00
nelsonb%netscape.com
e2809aa4e8
Add tests for sha256, sha384, and sha512.
2002-11-21 05:44:41 +00:00
nelsonb%netscape.com
6b8d4e688b
Add test modes for sha256, sha384 and sha512.
...
Fix the -c (restart) option for testing hashes. It works with all hashes.
When the -d option is given along with the -i or -o filename option,
and the filename is not absolute, the filename is taken to be relative to
the the mode's test directory.
2002-11-21 05:44:03 +00:00
nelsonb%netscape.com
924b265d37
Use the 32-bit code on Solaris x86 platforms, too.
2002-11-21 02:54:04 +00:00
nelsonb%netscape.com
f8fead2f58
Add test cases from FIPS 180-2.
2002-11-21 02:26:50 +00:00
nelsonb%netscape.com
c9be494de9
Back out revision 1.2, which was a workaround for a c preprocessor bug
...
in a certain version of the c compiler for Dec/Compaq Alpha OSF1.
The file now requires one of these compilers on that platform:
Compaq C V6.3-132 or Compaq C V6.4-214 (dtk)
2002-11-20 05:25:58 +00:00
nelsonb%netscape.com
6986b980f7
Optimization: change macros to do only 32-bit arithmetic on platforms
...
with only 32-bit registers.
2002-11-20 00:48:09 +00:00
jpierre%netscape.com
e965a244ec
Fix for bug 180894 - don't assert in ShutdownCRLCache()
2002-11-19 21:37:50 +00:00
kirk.erickson%sun.com
b32a73f6fe
Made 'solarispkg' copy pkg/solars to pkg/$(OBJDIR), and go there to
...
build packages. This addresses the problems Sonja reported which
resulted from building in the same tree nfs'd from multiple platforms
simultaneously. Also removed -$(MACH) and ROOT-$OBJDIR changes that
failed to address this problem.
2002-11-17 17:26:51 +00:00
nelsonb%netscape.com
0391c3a0ab
Change all functions that create contexts for encryption to treat their
...
input buffers as const. Warning reduction.
2002-11-16 06:09:58 +00:00
jpierre%netscape.com
071bcc8ef0
Fix again?
2002-11-16 05:05:17 +00:00
jpierre%netscape.com
2854b0f273
Fix build again !
2002-11-16 04:27:39 +00:00
nelsonb%netscape.com
c69f246d7a
Recognize new SHAxxx OIDs.
2002-11-16 03:34:53 +00:00
jpierre%netscape.com
a46a21ce98
Fix build
2002-11-16 03:32:40 +00:00
nelsonb%netscape.com
d2a0920045
Correct softoken routines to work with new larger SHAxxx hashes.
2002-11-16 03:32:39 +00:00
nelsonb%netscape.com
5556b4b77f
Correct HMAC code to work with new larger SHAxxx hashes.
2002-11-16 03:30:37 +00:00
nelsonb%netscape.com
dd4c5651b8
Add new SHAxxx hash algorithms to tables of SECHashObjects.
2002-11-16 03:29:32 +00:00
nelsonb%netscape.com
0575c4bc91
Declare new vendor-defined mechanisms for SHA256, SHA384 and SHA512.
2002-11-16 03:25:01 +00:00
nelsonb%netscape.com
eeb4bc7c50
Now that we have hashes larger than SHA1,
...
#define HASH_LENGTH_MAX SHA512_LENGTH
2002-11-16 03:21:53 +00:00
nelsonb%netscape.com
6b4fae5a4a
Don't reject a cert request with an empty list of CA cert names.
...
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
9ee53c1fde
Add "const" modifier to all fixed arrays used for keys or known text.
2002-11-16 01:00:44 +00:00
nelsonb%netscape.com
2d2f10ff75
Fix crash when formatting a cert with optional version not given.
2002-11-15 06:32:51 +00:00
jpierre%netscape.com
d654882327
Patch for 180228 - export CRL cache flush API . r=wtc
2002-11-15 05:04:05 +00:00
nelsonb%netscape.com
4f733e25ac
Make selfserv build for Darwin.
2002-11-14 23:33:24 +00:00
ian.mcgreer%sun.com
476282ab25
bug 39494, handle non-standard AVAs properly
...
r=nelsonb
2002-11-14 17:04:43 +00:00
relyea%netscape.com
de6635b1b4
Adjust the time values so we have correct and consistant displays.
2002-11-11 22:01:57 +00:00
relyea%netscape.com
c89a0a7444
Multi-access database race condition patches. These changes are already checked
...
into NSS 3.6.1.
2002-11-11 22:00:03 +00:00
kirk.erickson%sun.com
7b5d682d55
Made awk_pkginfo-$(MACH) machine dependent for Sonja's release build.
2002-11-11 20:44:55 +00:00
relyea%netscape.com
37feda0de1
Remove long dead code from util. triggered by bug 179038
2002-11-11 18:17:24 +00:00
jpierre%netscape.com
cc471dc4ee
Assert if the QuickDER decoder does not consume all the input
2002-11-09 01:56:01 +00:00
relyea%netscape.com
df7578f751
Bug 176667: kaie authored the patch, ian/relyea reviewed it.
2002-11-08 19:10:54 +00:00
jpierre%netscape.com
3fe1f54335
Fix for 177798 . Improve handling of initialization / shutdown of the CRL cache using a static status variable
2002-11-07 00:02:31 +00:00
ian.mcgreer%sun.com
9ec0046baa
bug 177366, clean up refcounting
...
r=relyea
2002-11-06 18:53:55 +00:00
nelsonb%netscape.com
e1484b41c3
Workaround a c preprocessor bug on a certain 64-bit platform. Bug 178314.
2002-11-05 01:52:49 +00:00
nelsonb%netscape.com
6710514e32
Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342.
2002-11-05 00:25:20 +00:00
relyea%netscape.com
789fae9e28
!@#!$@! signtool thinks it knows how to verify if the certdb's are there and
...
OK or not. Of course it doesn't.
bob
2002-11-04 20:37:08 +00:00
relyea%netscape.com
9452f46ac8
db8 code part 1:
...
1) Create new dbs with 32 k buffers.
2) New dbs never store a single entry greater than 30 k (those are stored
using the blob code).
3) NSS can run with either new or old dbs read only.
4) If possible a new db is upgraded from and old db.
2002-11-04 19:31:59 +00:00
nelsonb%netscape.com
c2ff4f68a2
Add some processor and compiler dependent optimizations to SHA1.
2002-11-02 01:53:01 +00:00
nelsonb%netscape.com
2ff4c01664
Add SHA256 SHA512 and SHA384 hashes to freebl.
2002-11-02 01:51:44 +00:00
jpierre%netscape.com
edd979ec33
Fix for bug 177798 - NULL pointers in ShutdownCRLCache to allow shutdown/restart
...
of NSS.
2002-11-02 00:07:48 +00:00
nelsonb%netscape.com
95badac2f4
Fix several problems related to error messages, including an attempt to
...
print a null string pointer.
2002-11-01 21:04:33 +00:00
nelsonb%netscape.com
cea8a96338
Reformat text. Fix syntax error in first examples.
2002-11-01 21:03:24 +00:00
jpierre%netscape.com
9c6ca52dde
Remove call to PL_ArenaFinish . This effectively shut down NSPR arenas and created problems when restarting NSS . r=relyea
2002-10-31 22:02:10 +00:00
jpierre%netscape.com
f3907a7439
Fix for 177208 - unmark arena when DER decoding is successful
2002-10-31 01:54:13 +00:00
jpierre%netscape.com
8083074fbc
Fix for bug 175115 . Remove incorrect check for CA cert expiration. Also fix CRL signature verification and clean up internal functions . r=mcgreer,relyea,nelsonb,wtc
2002-10-30 23:31:38 +00:00
relyea%netscape.com
5d8b5a40ce
Fix build breakage. Some platforms do not like to assign unsigned char * to
...
char * without a cast.
2002-10-30 19:01:21 +00:00
relyea%netscape.com
4db4a5989a
The Serial number needs to be the DEREncoded serial number, not the decoded
...
Serial number.
2002-10-30 17:22:06 +00:00
relyea%netscape.com
c301258ee1
Check in new certdata file generated from certdata.txt
2002-10-30 17:20:59 +00:00
relyea%netscape.com
014936248b
Allow the builtin's to accept old style serial numbers as well the the correct
...
PKCS #11 serial numbers.
2002-10-30 17:18:14 +00:00
relyea%netscape.com
a8cddf9408
Make the Serial Numbers DER Wrapped rather than raw serial numbers.
...
This is required by PKCS #11 and was causing some bugs in NSS 3.6.
2002-10-30 17:09:28 +00:00
wtc%netscape.com
182f81490a
Bug 177201: declare NSS_CMSEncoder_Cancel.
2002-10-30 01:31:01 +00:00
bishakhabanerjee%netscape.com
446c866598
creating the cmdtests.sh script - bug 144316
2002-10-30 00:20:10 +00:00
jpierre%netscape.com
c4e2aa9127
Fix for bug 95311 - copy the DER input key to the arena, and free the arena upon decoding failure.
2002-10-29 23:47:31 +00:00
jpierre%netscape.com
31ce9957ca
Use QuickDER to decode DER public key. Bug #95311
2002-10-29 22:52:31 +00:00
kirk.erickson%sun.com
46d92ed7fa
Integrated bundle of changes that we're done on NSS_3_3_2_SUN_PKG_BRANCH.
...
x86 support (separate prototype_sparc, prototype_i386)
single updated copyright on common_files
no pkgdepend in common_files
2002-10-26 18:04:40 +00:00
nelsonb%netscape.com
b1090ac99f
Plug cert leak in NSS_SMIMESignerInfo_SaveSMIMEProfile. Bug 176799.
...
Patch contributed by Kai Engert.
2002-10-25 22:46:48 +00:00