42f2f41bff
Fix for bug 335036 . NSS_Shutdown() does not check that NSS is initialized. r=nelson, alexei
2006-05-16 00:10:04 +00:00
5ea61ffe76
Fix for bug 337789 . PK11_FindKeyByAnyCert doe snot work if softoken is in FIPS140-2 mode. r=wtchang, rrelyea, nelson
2006-05-15 23:51:01 +00:00
6b1e6d3bf2
[Bug 336482] crash or hopefully deadcode [@ crmf_copy_poposigningkey]
...
because Pointer "destPopoSignKey" dereferenced before NULL check. r=nelson
2006-05-15 21:05:13 +00:00
5940997e85
Patch contributed by jonsmirl@yahoo.com
...
[Bug 337154] Coverity 321, dead code in mozilla/security/nss/lib/pk11wrap/pk11cert.c. r=wtchang
2006-05-15 20:58:10 +00:00
968bb1125f
Patch contributed by jonsmirl@yahoo.com
...
[Bug 337086] Coverity 446, dead code in mozilla/security/nss/lib/certhigh/ocsp.c. r=wtchang
2006-05-15 20:52:01 +00:00
7b49a9fc5a
Patch contributed by jonsmirl@yahoo.com
...
[Bug 337085] Coverity 447, dead code in mozilla/security/nss/lib/certhigh/ocsp.c
. r=wtchang
2006-05-15 20:44:46 +00:00
02307faea5
Patch contributed by timeless@bemail.org
...
[Bug 337025] Coverity 411, dead code in mozilla/security/nss/lib/certdb/stanpcertdb.c. r=nelson
2006-05-15 20:39:38 +00:00
b2eede4173
Patch contributed by timeless@bemail.org
...
[Bug 336992] crash [@ pk11_DoKeys] "arg" Pointer dereferenced before NULL check. r=nelson
2006-05-13 00:46:51 +00:00
39db992bd1
Patch contributed by timeless@bemail.org
...
[Bug 336972] OOM crash [@ PK11_ImportDERPrivateKeyInfoAndReturnKey] "pki" Pointer allocated by PORT_NewArena dereferenced without NULL check. r=nelson
2006-05-13 00:41:16 +00:00
4176224c5b
Patch contributed by timeless@bemail.org
...
[Bug 336466] oom crash [@ CERT_DecodeAuthKeyID]. r=nelson
2006-05-13 00:33:09 +00:00
0d612a798a
Patch contributed by jonsmirl@yahoo.com
...
[Bug 336935] Coverity 172, dead code in mozilla/security/nss/lib/softoken/keydb.c. r=nelson, r=alexei.volkov.bugs
2006-05-13 00:27:22 +00:00
a172cbe397
Fix for bug 336477. Memory leak in CERT_UncacheCRL . r=nelson
2006-05-13 00:27:12 +00:00
d76295c913
Patch contributed by jonsmirl@yahoo.com
...
[Bug 336932] Coverity 163, dead code in mozilla/security/nss/lib/ssl/ssl3con.c. r=nelson
2006-05-13 00:15:43 +00:00
73626f65a8
Patch contributed by timeless@bemail.org
...
[Bug 336481] oom crash [@ crmf_copy_cert_req_msg]
2006-05-13 00:03:12 +00:00
28a533ac47
Bug 337093. Remove dead code at label loser in function dbs_readBlob
...
Patch by Jon Smirl <jonsmirl@yahoo.com>, r=wtchang. Coverity bug
2006-05-12 23:37:58 +00:00
68093029ef
Bugzilla Bug 336934: removed ununsed variable ck_id. The patch is
...
contributed by Jon Smirl <jonsmirl@yahoo.com>. r=nelsonb,wtc.
2006-05-12 20:42:13 +00:00
4e43ea1d0a
Bugzilla Bug 336937: removed a test that is guaranteed to be true. The
...
patch is contributed by Jon Smirl <jonsmirl@yahoo.com>. r=nelsonb,wtc.
2006-05-12 20:33:47 +00:00
cddae0bdc9
Bugzilla bug 336938: removed a test that is guaranteed to be false. The
...
patch is contributed by Jon Smirl <jonsmirl@yahoo.com>. r=wtc.
2006-05-12 16:49:07 +00:00
321cb8386e
Bugzilla Bug 298506: Do not log the token name (so the declaration of
...
sftk_getDefTokName in pkcs11i.h and the previous change to sftk_SlotFromID
weren't necessary). Use Linux's audit subsystem if available. r=relyea.
Modified files: fipstokn.c pkcs11.c pkcs11i.h
2006-05-10 21:33:11 +00:00
90e7d73574
Bugzilla Bug 298522: implemented ECDSA power-up self-test. The patch was
...
written by Glen Beasley of Sun. r=wtc.
2006-05-08 18:20:28 +00:00
16146af129
Bugzilla Bug 333925: added a comment to paraphrase an obscure if statement.
2006-05-05 23:54:05 +00:00
580b97817e
Bugzilla Bug 333925: worked around AES test failures of code compiled by
...
Forte 6 update 2 by using the old optimization flags used in NSS 3.10.
r=relyea.
2006-05-05 23:39:29 +00:00
836e0c0b9c
Bugzilla Bug 334679: removed a duplicate line in ec_GF2m_validate_point.
...
r=douglas.stebila.
2006-05-05 23:08:50 +00:00
798e8d1bc1
Added/removed blank lines to eliminate the diffs between the trunk and the
...
NSS_3_11_BRANCH.
Modified files: pkcs11.c pkcs11c.c
2006-05-05 20:31:30 +00:00
01891a9574
Bugzilla Bug 298506: implemented FIPS 140-2 Security Level 2 audit
...
requirements. r=glen.beasley.
Modified Files:
fipstokn.c pkcs11.c pkcs11c.c pkcs11i.h softoken.h softoknt.h
2006-05-05 20:02:47 +00:00
ba58910b9e
Fix for bug 336335 . Plug leak of a temporary bignum in modular exponentiation . r=wtchang
2006-05-05 01:22:59 +00:00
1964aace2e
Fix for bug 336335 - memory leaks in ECC code. r=wtchang
2006-05-04 01:05:04 +00:00
d15ad02799
Fix for bug 335021. Add SEC_ASN1_CONSTRUCTED to S/MIME EKP template. r=relyea
2006-04-29 00:18:42 +00:00
5f24a2a77c
Attachment #215739 : Use SSE2 multiply instructions on intel processors. for bug #326482
...
r=nelson r=wtc
2006-04-28 17:06:22 +00:00
143f21193c
[Bug 334274] double free in CRMF_EncryptedKeyGetEncryptedValue. r=nelson
2006-04-27 22:09:28 +00:00
f5f5d893ff
[Bug 334326] DecodeV4DBCertEntry: Variable "(entry)->nickname" tracked as NULL was passed to a function that dereferences it. r=rrelyea
2006-04-27 18:35:24 +00:00
20919d892f
[Bug 334454] Variable "(key)->pkcs11Slot" tracked as NULL was passed to a function that dereferences it. [@ SECKEY_CopyPrivateKey - SSL_ConfigSecureServer]. r=nelson
2006-04-26 19:40:56 +00:00
49cb46e26c
[Bug 333389] sftk_NewAttribute should not crash when so is NULL [@ sftk_NewAttribute]. r=nelson
2006-04-26 19:18:00 +00:00
c353bf9e7b
[Bug 334522] pk12util crash in SEC_PKCS12DecoderValidateBags. r=nelson
2006-04-26 06:47:30 +00:00
b9c189458d
Disable AMD64 assembly optimizations. Bug 334057. r=nelson
2006-04-25 05:51:23 +00:00
f02321e973
Backout the last change, undoing the fix for bug 320336 and bug 333405.
2006-04-25 04:39:24 +00:00
7fc553fcf8
[Bug 334277] double free in [@ sftk_FreeAttribute - sftk_DeleteAttributeType]. r=relyea
2006-04-25 02:33:58 +00:00
97c78b7911
[Bug 334276] double free in [@ SECKEY_CopyPublicKey]. r=nelson
2006-04-25 02:23:52 +00:00
085b36691e
Bugzilla Bug 320336: SECITEM_AllocItem should return a NULL pointer if the
...
allocation of its 'data' buffer fails. r=nelson. This checkin fixed bug
333405 as a byproduct.
Modified files: secitem.c secitem.h
2006-04-24 22:50:13 +00:00
dbe80e7489
Remove call to printf in ecl/ecp_224.c Bug 334448. r=wtchang
2006-04-24 21:27:38 +00:00
1930ea6074
Put nss.def file sections in numeric order, and alphabetical order
...
within sections.
2006-04-24 05:08:04 +00:00
0c05899fa2
Bug 323350. sr=rrelyea. This patch makes 3 changes:
...
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
curves.
2) it corrects the creation and parsing of the Supported Curve extension to
conform with the lastest definition, by using 2 bytes to encode the list
length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
that is at least as strong as the "weakest link", is mutually supported
by client and server, and is the fastest for its size.
2006-04-23 00:17:18 +00:00
ff004c3373
Fix for bug 335039. Declare nssCKFWCRyptoOperation_UpdateCombo. r=wtchang
2006-04-22 05:30:18 +00:00
fc87dbb2fe
[Bug 334183] Double free on error because CERT_FindCertIssuer unexpectedly calls CERT_DestroyCertificate. r=alexei
2006-04-22 02:09:09 +00:00
76a9749ba0
Patch contributed by timeless@bemail.org
...
[Bug 334449] oom Crash in crmf_template_copy_secalg. r=nelson
2006-04-22 01:25:57 +00:00
d4f39e6449
Patch contributed by timeless@bemail.org
...
[Bug 334436] nsslowcert_UpdateSubjectEmailAddr doesn't consistently use emailAddrs as a guard of nemailAddrs guarding emailAddrs[0]. r=nelson
2006-04-22 01:19:41 +00:00
aea5eb0f12
Patch contributed by timeless@bemail.org
...
[Bug 334328] nsspkcs5_PKCS12PBE: Variable "A" tracked as NULL was dereferenced. r=nelson
2006-04-22 01:13:15 +00:00
86494ef39a
[Bug 334275] double free in [@ PK11_ListPublicKeysInSlot]. r=nelson
2006-04-22 01:08:17 +00:00
9c061b607a
[Bug 334273] double free in SECKEY_DecodeDERSubjectPublicKeyInfo. r=nelson
2006-04-22 01:03:18 +00:00
5f88dfbdaa
[Bug 334240] double free in nsslowkey_ConvertToPublicKey if SECITEM_CopyItem or SECITEM_CopyItem fail. r=nelson
2006-04-22 00:59:13 +00:00
8feb62dbd0
[Bug 334236] double free in PK11_ListPrivKeysInSlot if keys allocation fails. r=nelson
2006-04-22 00:55:29 +00:00
e8b0114d09
Bugzilla Bug 333932: fixed Solaris SPARC GCC build failures.
...
r=christophe.ravel
2006-04-22 00:13:29 +00:00
5f22914b4a
[Bug 334234] PK11_NewSlotInfo returns freed objects if lock allocations fail. r=nelson
2006-04-21 23:29:37 +00:00
6f1bd4dc40
Bugzilla Bug 334533: in getPQseed we always set the most significant bit of
...
SEED to 1 to make NIST CMVP's PQG parameter validation tool happy. In
PQG_ParamGenSeedLen we require the length of SEED be at least 20 bytes.
r=nelson.
2006-04-21 17:48:30 +00:00
37a7e6c417
Bugzilla Bug 298522: changed RSA modulus size to 1024 bits and added known
...
answer tests for RSA SHA1, SHA256, SHA384, and SHA512 signatures. The
patch is written by Glen Beasley. r=wtc.
2006-04-21 17:13:50 +00:00
d0604ba735
Bugzilla Bug 236245: Use a stack buffer for ec_params.data in
...
ssl3_SendECDHServerKeyExchange. r=nelson.
2006-04-21 16:19:48 +00:00
333657e660
Bugzilla Bug 334553: fixed the comments because mp_digit is actually 64-bit
...
(unsigned long or unsigned long long). r=nelson.
2006-04-21 16:13:02 +00:00
432ccc0173
Bugzilla Bug 326754: checked the change back in. We failed the NIST DSA
...
PQGGen test for some other reason (bug 334533).
2006-04-20 21:55:24 +00:00
fe04651c77
Bug 80092: SSL write indicates all data sent when some is buffered.
...
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
2006-04-20 08:46:34 +00:00
43a7c5e950
Fix buffer overflow regression. Bug 236245. sr=wtchang
2006-04-20 06:57:54 +00:00
b67f75bc05
Patch contributed by timeless@bemail.org
...
[Bug 334459] Variable "cipherName" tracked as NULL was passed to a
function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]. r=nelson
2006-04-20 00:20:45 +00:00
0f639ba66a
Patch contributed by timeless@bemail.org
...
[Bug 334446] oom Crash in nssCKFWFindObjects_Create. r=nelson
2006-04-20 00:03:33 +00:00
60674bc568
Patch contributed by timeless@bemail.org
...
[Bug 334443] oom Crash in nssCKFWSession_Create. r=nelson
2006-04-19 23:50:43 +00:00
3a8f586a3c
Patch contributed by timeless@bemail.org
...
[Bug 334438] oom Crash in ReadDBCertEntry. r=nelson
2006-04-19 23:43:10 +00:00
ff6fa1f51c
Patch contributed by timeless@bemail.org
...
[Bug 334442] Incorrect use of realloc oom Crash in secmod_ReadPermDB;r=nelson
2006-04-19 22:53:45 +00:00
c501854878
Patch contributed by nelson@bolyard.com.
...
[Bug 334327] pk11_CreateNewContextInSlot: Variable "(context)->key" tracked as NULL was passed to a function that dereferences it. r=alexei
2006-04-19 22:32:30 +00:00
fcca57e69e
Bugzilla bug 334553: use the ULL suffix with unsigned long long constants.
...
r=douglas.stebila.
Modified files: ecl/ecp_256.c mpi/mp_gf2m.c
2006-04-19 22:19:09 +00:00
2c62bf1d13
Bugzilla bug 334683: removed extraneous semicolons. r=alexei.volkov.
...
Modified files: cmd/certutil/certutil.c lib/pki/pkistore.h
2006-04-19 19:04:23 +00:00
0a3bf353d3
Bugzilla Bug 333917: the non-x86 code in at least the DES_CBCEn and
...
DES_EDE3CBCEn functions violates ANSI C's aliasing rules. So we compile
this file with strict aliasing rules turned off. r=nelsonb.
2006-04-18 17:33:56 +00:00
b39425fcfa
big cleanup of error codes returned by pkcs12 library.
...
No longer returns SEC_ERROR_NO_MEMORY for every possible error code.
Bug 321584. r=neil.williams
2006-04-14 18:34:44 +00:00
efdb126901
Fix broken optimized builds, caused by last checkin. Bug 236245.
2006-04-14 00:43:19 +00:00
c4fb4fa280
Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
...
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
b95ecf558f
Bugzilla Bug 330114: corrected the checks for the PKCS #1 v1.5 padding
...
string and the length of the data (hash). r=nelsonb,relyea.
2006-04-13 22:12:17 +00:00
c65c61b8c5
Implement new API for registering and deregistering shutdown callback functions.
...
Patch by Bob Relyea and Nelson Bolyard. r=rrelyea,nelson Bug 326482.
2006-04-08 05:11:55 +00:00
424fabe58a
Bug 333090: CKM_DH_PKCS_KEY_PAIR_GEN always fails. r=nelson, sr=rrelyea
...
Patch contributed by Andreas.Sterbenz@sun.com
2006-04-08 05:05:01 +00:00
1c0c7bbeb8
bug 331648, signed/unsigned bug submitting CRMF cert requests
...
r=rrelyea, sr=nelson
2006-04-07 11:41:18 +00:00
1f32c2cf8f
Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul
2006-04-07 06:24:07 +00:00
7ceb91038f
Fix for bug 311164 . Initialize stan cert store object early to fix a race condition. r=nelson
2006-04-07 05:49:04 +00:00
acfe04a6dd
Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert
...
has an ECDSA signature. bug 332350. r=vipul.gupta.
2006-04-06 04:40:49 +00:00
482dc1a71e
David Baron fix for valgrind report of UMR r=wtchang sr=Nelson
2006-04-04 01:01:51 +00:00
fecbcf26d6
Define alerts and error codes for TLS Hello extensions. Bug 226271.
...
r=julien.pierre
2006-04-04 00:32:27 +00:00
c152a5f5fa
Bug 332381 pk12util fails to import key/cert onto LunaSA HSM
...
r=nelson
2006-03-31 21:35:37 +00:00
41fd37565a
Bug 236613: change to MPL/LGPL/GPL tri-license.
2006-03-31 04:41:00 +00:00
2cef28020c
bug 309701 Softtoken C_CreateObject() should not require
...
CKA_NETSCAPE_DB attribute to be present
r=alexei
2006-03-31 00:38:48 +00:00
f6290f423b
From Bug 331279.
...
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei
2006-03-30 21:07:22 +00:00
209577ded2
331515: selfserv Bus error on 3DES ciphersuites; r=julien, sr=nelson
2006-03-29 07:23:40 +00:00
0224b3a860
318970 wtc fix for RSA fipstest using RSA_HashSign r=neilW sr= brelyea
2006-03-25 23:45:23 +00:00
c8e770c69d
Bug 321350 Implement optimized code for NIST Suite B elliptic curves
...
r=douglas r=vipul
2006-03-24 22:55:51 +00:00
a9beb655f0
Backout changes for bug 321350
...
Implement optimized code for NIST Suite B elliptic curves
Those changes broke the build on Solaris. r=Sheriff Nelson
2006-03-24 09:08:24 +00:00
e72ce470d4
321350 Implement optimized code for NIST Suite B elliptic curves
...
r=douglas.
2006-03-23 19:55:37 +00:00
e13e6cc7f7
Bug 238051 Enable SSL session reuse for ECC cipher suites
...
r=nelson r=thomas.
patch in bug + white space changes suggested by nelson.
2006-03-22 19:18:30 +00:00
2bfdfe5969
Updated previous patch with douglas's input. (still bug 323817
...
Truncation of hashes for ECDSA should be done at bit level, not octet level).
r= vipul r=douglas
2006-03-22 19:02:06 +00:00
01ef3de28a
Bug 273637 3 locks in softoken have unsafe initialization
...
r=alexi r=julien
2006-03-21 19:36:53 +00:00
dd7e2a2cf6
Correct bug entry:
...
25683 EC param parsing error not propagated correctly
r=andreas.
2006-03-21 19:33:52 +00:00
6a7da6374e
Backing out previous changes that invalid or incorrect log entries for this
...
patch.
2006-03-21 19:30:10 +00:00
e182cdf8e2
*** empty log message ***
2006-03-21 19:23:30 +00:00
c385e5088d
Bug 273637 3 locks in softoken have unsafe initialization
...
r=alexi r=julien
2006-03-21 02:28:48 +00:00
6c95b75b6a
Avoid stack overflow while generating primes. Bug 310145. r=wtchang
2006-03-19 05:09:30 +00:00
5f90fef71c
Bug 238051 Enable SSL session reuse for ECC cipher suites
...
r=nelson
2006-03-17 21:15:09 +00:00
14c38aa668
Bug 329072 client sometimes fails to authenticate despite having cert
...
r= nelson
2006-03-17 20:44:23 +00:00
9e18a1acf3
Bug 323817 Truncation of hashes for ECDSA should be done at bit level, not octet level
...
r=vipul.gupta@sun.com
2006-03-17 16:58:06 +00:00
11b860880e
Bugzilla Bug 326503 producing a ProofOfPossession signature on a EC CRMF fails
...
Use SEC_GetSignatureAlgorithmOidTag() to map to the signature oid.
r=wtc
2006-03-15 21:46:24 +00:00
2b42f9feb9
Bugzilla Bug 326503 producing a ProofOfPossession signature on a EC CRMF fails
...
patch makes SHA1 the default hashing for RSA rather than MD5.
patch by wtc r=rrelyea.
2006-03-15 21:42:21 +00:00
aab12ab3a8
bug 329058 mpmontg.c doesn't compile when MP_CHAR_STORE_SLOW is defined
...
r=wtc
2006-03-15 19:22:32 +00:00
c783f88c97
bug 329058 mpmontg.c doesn't compile when MP_CHAR_STORE_SLOW is defined
...
r=wtc
2006-03-15 19:13:12 +00:00
2996640c67
Bug 324448. Convert mpi_x86.asm to mpi_x86_asm.c for Win32 built with MSVC.
...
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
r=julien.pierre sr=nelson@bolyard.com
2006-03-10 06:48:46 +00:00
d42549b7ac
Bug 324448. Convert mpi_x86.asm to mpi_x86.c for Win32 built with MSVC.
...
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
2006-03-09 23:50:43 +00:00
41a9b174bd
Bug 324448. Convert mpi_x86.asm to mpi_x86.c for Win32 built with MSVC.
...
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
r=julien.pierre sr=nelson@bolyard.com
2006-03-09 23:46:45 +00:00
19a46702bf
Bug 329002. fix cert reference leak. r=alexei.volkov,rrelyea
2006-03-09 23:38:57 +00:00
a0ed51d33e
Bugzilla Bug 329575: ECPoint_mul should multiply a point by the group order
...
faithfully because this operation is required by the public key validation
algorithm. r=douglas.stebila,vipul.gupta.
2006-03-08 00:19:34 +00:00
d679dc6d35
Bugzilla Bug 320578: added a new function ec_GenerateRandomPrivateKey to
...
generate a random private key without bias using the algorithm of FIPS
186-2 Change Notice 1, and use it to generate EC private key d and ECDSA
ephemeral private key k. The patch is contributed by Douglas Stebila
<douglas@stebila.ca> and improved by me. r=douglas.stebila,vipul.gupta.
2006-03-06 23:48:39 +00:00
de8be1e067
Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key
...
pair with only one key. r=nelson.bolyard.
2006-03-03 18:48:09 +00:00
aed20ed068
Bugzilla bug 326482: removed incorrect comments. r=nelson.bolyard.
2006-03-03 18:45:54 +00:00
ac042bff56
Fix standalone mpi Makefile to build on OS/X. Bug 327405.
...
Patch contributed by Douglas Stebila <douglas@stebila.ca>
2006-03-03 04:21:56 +00:00
5e2ca73982
Bug 327677. Fix cert object reference leak. r=julien.pierre,nelson
...
Patch contributed by Alexei Volkov <alexei.volkov.bugs@sun.com>
2006-03-03 04:00:49 +00:00
57a3c7aa21
Bug 236613: change to MPL/LGPL/GPL tri-license.
2006-03-02 22:48:55 +00:00
b69eb504ce
Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of
...
ECDSA signatures. Backed out a temporary workaround in
ECDSA_SignDigestWithSeed. Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
ssl/ssl3con.c
2006-03-02 00:07:08 +00:00
8696bd362e
Bugzilla Bug 326403: use "Mozilla Foundation" as the manufacturer or
...
producer of our shared libraries/DLLs. Removed the optional copyright
notices from our DLLs. r=relyea,jpierre.
Modified Files:
lib/ckfw/builtins/constants.c lib/ckfw/builtins/nssckbi.rc
lib/ckfw/capi/nsscapi.rc lib/ckfw/dbm/instance.c
lib/freebl/freebl.rc lib/nss/nss.rc lib/smime/smime.rc
lib/softoken/pkcs11.c lib/softoken/softokn.rc lib/ssl/ssl.rc
2006-03-01 19:44:36 +00:00
f95ae18fe7
Remove mp_init/mp_clear calls (and potential mallocs,frees and zeros)
...
in tight loops for bug #326482
r=nelson
2006-03-01 17:09:17 +00:00
6a21aaef0e
bug 326482 Implement the derive sensitive only for those derivation functions that require it.
...
fixes a performance problem with ECDH.
r=wtchang, nelson.
2006-03-01 16:12:22 +00:00
340adcfbfa
Bug 327405. Correct EC keypair Generation. r=vipul.gupta,nelson.bolyard
...
Patch contributed by Douglas Stebila <douglas@stebila.ca>
2006-03-01 07:06:24 +00:00
56fc6fa166
Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre
2006-03-01 05:45:45 +00:00
7986d13c5b
Bugzilla Bug 327978: removed obsolete files, superseded by the ecl
...
directory. r=douglas.stebila.
Removed files: GF2m_ecl.c GF2m_ecl.h GFp_ecl.c GFp_ecl.h
2006-02-28 23:43:19 +00:00
a86941f281
Bug 326315. Warning Reduction. On TRUNK only. r=Julien.Pierre
2006-02-28 05:56:07 +00:00
74a0a6eea2
Bug 325683. EC param parsing error not propagated correctly.
...
Fix the cases that Andreas identified. Patch by Andreas.Sterbenz@sun.com
r=Julien,wtchang,nelson
2006-02-28 05:44:56 +00:00
4b1a1b7cb3
Bug 326690. Enable modutil to configure default slots for the
...
AES, SHA256 or SHA512 mechanisms. r=rrelyea,julien.pierre
2006-02-28 05:16:00 +00:00
52395a4abb
Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites
...
from being negotiated by NSS servers. Necessary until the server side
of the _DHE_ cipher suites is fully implemented. r=Julien,Wan-Teh,Vipul
2006-02-28 04:20:23 +00:00
7a0f0203c7
Bugzilla Bug 320038: checked in a better fix that allows us to write
...
EC domain parameters as hex strings with leading 00's. r=douglas.stebila
sr=relyea.
Modified files: softoken/ecdecode.c freebl/ecl/ecl-curve.h
2006-02-27 23:18:34 +00:00
178bda1252
Change NSS version to 3.12 Beta on the tip.
2006-02-22 21:22:54 +00:00
8c8a6af5ea
Bugzilla Bug 326754: the previous checkin made us fail the NIST DSA PQGGen
...
test for [mod = 768] only. Backed out the more likely culprit.
2006-02-22 02:12:09 +00:00
c449f54be3
Bugzilla Bug 327529: unnamed arguments (third and after) for CERT_CreateRDN
...
must have the correct CERTAVA * type because compilers can't do automatic
type conversions. r=nelsonb,jpierre.
Modified files: alg1485.c secname.c
2006-02-20 23:06:55 +00:00
0c104c2ece
Bugzilla Bug 327384: fixed an off-by-one error in the size of the 'genenc'
...
array. The patch is contributed by Andreas Sterbenz
<Andreas.Sterbenz@sun.com>. r=wtc,nelsonb
2006-02-16 22:33:13 +00:00
a4db2be2c9
Fix for bug 321765. Allow NSS to decode certs with unsupported critical extensions. r=wtchang,nelson,rrelyea.
2006-02-16 00:06:24 +00:00
e393d91fcb
[Bug 326963] Interoperability test with apache/mod_ssl: tstclnt
...
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n
2006-02-15 22:22:32 +00:00
c0887f9e1d
Bugzilla Bug 326754: fixed two minor bugs related to the h parameter in
...
PQG parameter generation. r=nelsonb,glen.beasley.
2006-02-14 03:04:57 +00:00
b19b5965a5
Bugzilla Bug 326144: need to zeroize a SECItem that contains a copy of the
...
secret key. r=relyea,jpierre.
2006-02-14 02:55:09 +00:00
cfe8a9f253
Bugzilla bug 326751: CKR_SIGNATURE_INVALID is a much better default error
...
code for NSC_VerifyRecover than CKR_DEVICE_ERROR is. r=relyea.
2006-02-11 02:03:25 +00:00
1f4cae4de9
Bugzilla Bug 326482 NSS ECC performance problems.
...
Patch by Nelson, r=relyea.
Save the public key when we create the keypair so we can use it later.
2006-02-10 19:39:53 +00:00
57d9010865
Bugzilla Bug 326482 NSS ECC performance problems.
...
r=nelsonb
Fix bug where ECC keys were not being copied on server startup
2006-02-10 18:54:58 +00:00
fd25589676
Bug 325657, r=Nelson,Wan-Teh, Unset ECL_USE_FP INT Solaris SPARC freebl
2006-02-10 04:38:05 +00:00
2cf33676b0
Bug 320187 NSC_WrapKey called with null output returns short length
...
r=nelsonb
2006-02-09 19:54:22 +00:00
2c3bfd1312
Bug 320583 Support for SHA256/384/512 with ECC signing
2006-02-08 06:14:31 +00:00
af4804d7ef
Fix for bug 326144 . softoken leaks in nsc_pbe_key_gen. r=nelson, rrelyea
2006-02-07 00:43:31 +00:00
58262b951b
Fix build bustage, change // comment to /* */
2006-02-03 20:22:52 +00:00
3aa755acfa
bug 152426, delegation of HTTP download for OCSP
...
r=julien.pierre, r=rrelyea
2006-02-03 18:14:49 +00:00
b8088299c2
Allow CKM_ECDSA_SHA1 to be multipart. Bug 325494.
...
Patch contributed by Andreas Sterbenz <Andreas.Sterbenz@sun.com>
r=nelsonb,relyea,wtc.
2006-02-02 07:21:56 +00:00
22c94ce3da
325305: minor memory leak in CERT_FindCertByNameString. r=wtc
2006-02-02 00:57:54 +00:00
c20388e588
Bugzilla Bug 318966: added two RNG functions FIPS186Change_GenerateX and
...
FIPS186Change_ReduceModQForDSA to blapi.h for the NIST RNG Validation
System. r=relyea,nelsonb.
Modified files: blapi.h ldvector.c loader.c loader.h prng_fips1861.c
2006-02-01 21:18:44 +00:00
3ebd845ca9
Bug 319619 "large" ECC private keys cannot be exported through PKCS #11
...
1) Change the export encrypted private key function to ask the token the wrap
size rather than trying to figure it out ourselves.
2) Fix the soften to correctly return the size.
r=wtc, nelsonb
2006-02-01 16:43:47 +00:00
b4358c2729
318970 RSA FIPS Alg Tests r=wan-teh, sr=bRelyea
2006-01-30 19:58:52 +00:00
ddca75b829
Set SSL2 and SSL3 timeout times properly for SSL server session cache.
...
Bug 223242. r=jullien.pierre
2006-01-28 02:21:31 +00:00
d2bce3f900
Bugzilla Bug 320589: temporary workaround for SEC_SignData ECDSA signature
...
generation bug introduced by the previous checkin.
2006-01-26 23:51:42 +00:00
55e2995224
Removed an extraneous semicolon after the last parameter in a function
...
declaration.
2006-01-26 23:21:39 +00:00
6f9d05f035
Remove unnecessary ISALIST test from sparc versions of freebl DSOs.
...
Bug 302658. r=jullien.pierre,wtchang
2006-01-22 08:43:57 +00:00
944db2b329
Don't use variables as structure initializers. Bug 274512. Fix build
...
on HPUX. r=julien.pierre,wtchang
2006-01-22 06:42:14 +00:00
06c2abf1fa
Detect certdb reference leaks at shutdown with assertions. Bug 324103.
...
r=rrelyea.
2006-01-22 06:36:36 +00:00
d6b2459e61
Bugzilla Bug 323977: use the "mapfile" (ld version script) on FreeBSD.
...
Build the freebl shared libraries with the -Bsymbolic flag for GNU ld.
r=nelsonb. Thanks to Glenn Randers-Pehrson <glennrp@imagemagick.org> for
reporting this bug and verifying these changes.
Modified files: coreconf/FreeBSD.mk nss/lib/freebl/Makefile
2006-01-21 02:33:33 +00:00
9633334de2
Plug a cert DB reference leak in softoken, related to trust objects.
...
Bug 324103, r=rrelyea
2006-01-21 02:23:42 +00:00
f116200e1d
Bugzilla Bug 320589: miscellaneous code cleanup: distinguish between the
...
length of the field size and the length of the base point order. Report
better error codes. In ECDSA_VerifyDigest, removed unnecessary local
variables and be lenient in the signature lengths we accept.
r=relyea,nelsonb
2006-01-21 02:14:46 +00:00
6f9e66cf05
Detect NULL server key pair pointer. Bug 321161. r=wtchang.
2006-01-20 17:40:21 +00:00
26731456ca
Bugzilla Bug 95323. Conditionally compile nsscapi.
...
r=julien
2006-01-19 19:55:28 +00:00
a3089c6a9d
Prevent crash when making new cert8.db from old cert5.db.
...
This is not the final solution, but it works.
Bug 320029. r=rrelyea,sr=julien.pierre. On TRUNK.
2006-01-19 02:16:30 +00:00
f32a4d3f27
Add new function nsslowcert_DecodeAnyDBEntry. Correct the union
...
certDBEntry by adding the missing members. Bug 323570. r=rrelyea.
2006-01-19 02:09:37 +00:00
446a084b09
Softoken will no longer generate excessive key material for some SSL3
...
cipher suites. Bug 274512. r=rrelyea.
2006-01-19 01:12:53 +00:00
d27a2d48d9
Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and
...
PR_EmulateSendFile added in NSPR 4.1. r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c
2006-01-18 23:06:57 +00:00
f822c8f7d0
NSS ECDSA can only sign SHA-1 bug 320583
...
r=nelson patch ammended to change SHA-1 to HASH per wtc comment.
2006-01-17 00:38:59 +00:00
143f08953f
Bugzilla Bug 320497: indicate that we don't need an executable stack.
...
r=wolfgang.rosenauer,jpierre.
Modified files: arcfour-amd64-gas.s mpi/mpi_amd64_gas.s
2006-01-13 17:33:10 +00:00
cdf90d5eb6
Bugzilla Bug 323079: when libsoftoken and libssl load the freebl library,
...
first try without resolving symlinks. If we fail to load the library and
the pathname is a symbolic link, resolve the symbolic link and try again.
r=jpierre. sr=relyea.
2006-01-12 23:46:31 +00:00
3b577f224d
Bugzilla Bug 317052: removed the obsolete file lib/base/whatnspr.c from
...
CVS. r=relyea.
Modified Files:
base.h error.c manifest.mn
Removed Files:
whatnspr.c
2005-12-19 17:53:28 +00:00
165d7b9185
Bugzilla Bug 272484: code cleanup. keythi.h: remove the unused type
...
definition of SEC_PKCS5KeyAndPassword. p12d.c: We only need to set
p12dcx->currentASafeP7Dcx to NULL if it isn't NULL. r=relyea.
Modified Files: cryptohi/keythi.h pkcs12/p12d.c
2005-12-19 17:46:30 +00:00
4961f4ed28
Mac fixes to ckfw.
2005-12-16 01:57:41 +00:00
ec7b991d91
Add support for the cryptoki crypto functions. This support is necessary for
...
capi and mackey. r=kaie
2005-12-16 00:48:02 +00:00
cfdbc102fe
Bugzilla Bug 320047: mp_to_unsigned/signed/fixlen_octets copies nothing to
...
the buffer if the mp_int is zero. r=nelsonb.
2005-12-14 02:18:35 +00:00
fff23fc797
Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12
...
plus upcoming revisions. The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
tests/ssl/ssl.sh
2005-12-14 01:49:40 +00:00
d1a203a963
Bugzilla Bug 320038: ecl/ecl-curve.h: removed unnecessary leading zero byte
...
in the base point orders of curves K-233 and K-409. ec.c: pad the private
key with leading zeros to the length of the base point order.
r=douglas.steblia.
2005-12-13 22:31:34 +00:00
4092a7d72e
Initialize mpi data using mpi macros, not static data bug 319252
...
r=douglas
2005-12-08 23:22:26 +00:00
77cb1d9d48
Bug 316925
...
Key export does not work on tokens with non-sensitive keys that can't wrap.
r=kaie
2005-11-24 00:40:14 +00:00
38154c250e
Bug 129303
...
NSS needs to expose interfaces to deal with multiple token sources of certs.
r=kaie
2005-11-23 23:56:38 +00:00
4b7f9f6804
Bug 129303 NSS needs to expose interfaces to deal with multiple token sources of certs
...
r=kaie
2005-11-23 23:54:15 +00:00
cdcebb8e7e
PKCS #11 module to supply Access to the Mac OS X Keychain.
2005-11-23 23:04:08 +00:00
b64584ad16
Fix bug in MP_ALIGN macro that always truncated pointers to 32-bits,
...
even on 64-bin platforms. Bug 298630. r=rrelyea.
2005-11-23 01:12:34 +00:00
2537abf9f5
Weave patch: bug 298630 r=nelson
2005-11-22 07:16:43 +00:00
ac287b2f5a
Begin building mpcpucache.c. On Sun Studio platforms, build from two
...
new .s files. Bug 298630. r=rrelyea.
2005-11-22 07:13:32 +00:00
0750e1e7ef
Turn NSS_BETA off for NSS 3.11 RC2.
...
r+ Julien Pierre.
2005-11-22 01:58:35 +00:00
dc5fae9e7c
Back to BETA flag on the trunk.
...
r+ Julien Pierre
2005-11-21 18:46:12 +00:00
46f08a0c89
Turn NSS_BETA to FALSE for NSS 3.11 RC.
...
r+: Julien Pierre.
2005-11-21 04:08:44 +00:00
94fdf98965
Initialize slot pointer in ssl3_HandleServerHello. Bug 311590. r=wtchang
2005-11-18 01:25:20 +00:00
719073fb14
Restore binary compatilibity for old Fortezza cipher suites.
...
Bug 316640. r-glen.beasley
2005-11-18 01:21:22 +00:00
a8e0c27896
Handle nicknames on certificates.
...
Fix bug where we weren't allocating enough space for wchar (wide, utf16, etc).
strings in ckcapi_UTF8ToWide().
2005-11-16 01:17:25 +00:00
77223c1981
fix for bug 316446 . -z defs option was included twice in linker line . r=nelson
2005-11-15 19:01:18 +00:00
af1573d374
Add r/w support. The Capi token can now:
...
Import certs and keys.
Delete certs and keys.
2005-11-15 00:13:58 +00:00
f82a46ec10
Fix for bug 316219. Don't build an import library on OS/2. r=wtchang
2005-11-14 00:13:41 +00:00
4f35393d59
Fix for bug 286685. rename SFTK symbols to SECMOD. r=rrelyea, nelson
2005-11-12 00:14:25 +00:00
c5d6929c9f
Fix for bug 286685. rename SFTK symbols to SECMOD. r=rrelyea, nelson
2005-11-11 23:36:33 +00:00
f0de63d8ed
Fix for 292156. Prevent crash in SSL session cache init if invalid arguments are passed. r=nelson
2005-11-11 02:45:59 +00:00
7e9a679a65
Resolve symlinks when loader freebl shared libs, and limit iterations to 20. r=wtchang
2005-11-10 02:18:22 +00:00
560f560f03
Bugzilla Bug 311432: renamed USE_FP_CODE as ECL_USE_FP. Do not set
...
ECL_USE_FP to 1 on Linux x86 to work around the bug. Moved a dependency
rule to the appropriate section of the makefile. r=nelsonb.
2005-11-08 22:03:17 +00:00
4c003bfe53
Improved a comment. Suggested by Nelson Bolyard of Sun. r=wtc.
2005-11-08 22:00:46 +00:00
ff785bd766
Bugzilla Bug 298522: added power-up self tests for HMAC SHA-384 and HMAC
...
SHA-512. The patch was written by Glen Beasley of Sun. r=wtc.
2005-11-07 19:05:45 +00:00
4029572119
Bugzilla bug 313196: include the minimal headers.
2005-11-07 19:00:58 +00:00
126f513f21
Bugzilla Bug 313196: checked in a header inclusion change that I missed in
...
the previous checkin.
2005-11-07 18:48:39 +00:00
1714be323f
Bugzilla Bug 313196: HMAC code should not use a fixed hash input block size
...
of 64 bytes, which is wrong for SHA-384 and SHA-512. This requires adding
the hash input block size to the SECHashObject structure. r=relyea,nelsonb
Modified Files:
cryptohi/hasht.h cryptohi/sechash.c freebl/alghmac.c
freebl/blapit.h freebl/rawhash.c
2005-11-07 18:44:21 +00:00
d576bf2833
Replaced the magic constant 20 by SHA1_LENGTH. Use sizeof(buffer) to
...
be more robust. r=nelsonb
2005-11-05 01:00:14 +00:00
ce75b22933
replace missing header files.
2005-11-04 23:44:19 +00:00
1ce181b01e
Bugzilla Bug 311958: Update the nssckbi versions for NSS 3.11. r=relyea.
2005-11-04 22:51:55 +00:00
799adefa45
Move ret_cr16.s from util to freebl. r=nelsonb
2005-11-04 04:11:04 +00:00
3597080dab
Initial CAPI PKCS #11 Module.
...
Needs the updated ckfw.
2005-11-04 02:05:04 +00:00
898c89fc45
Bugzilla Bug 298512: Ensure the seed and seed key input for RNG do not have
...
same value for FIPS 140-2. r=nelsonb.
2005-11-04 01:07:30 +00:00
da619f8dec
Fix for 314115 . Comments about QuickDER and classic ASN.1 decoders relating to SECItem.type field
2005-10-31 18:52:20 +00:00
3e221bfb46
Fix for 314115 - QuickDER modifies SECItem.type while decoding. r=wtchang
2005-10-31 18:34:42 +00:00
8e70cf6f2e
Bugzilla bug 298522: added power-up self tests for HMAC SHA-1 and HMAC
...
SHA-256. The patch is contributed by Glen Beasley of Sun. r=wtc.
2005-10-20 21:46:51 +00:00
c3b3a7e2c1
Add dependency on freebl so ssl will rebuild if freebl has changed.
2005-10-19 01:04:16 +00:00
4c37a26617
Add dependency on freebl so softoken will rebuild if freebl has changed.
2005-10-19 01:03:31 +00:00
e58492ea00
Bugzilla bug 311440: ssl3_ConsumeHandshakeVariable now longer returns a
...
SECItem pointing to memory allocated with PORT_Alloc, so we don't need to
use PORT_Free to free the SECItem's buffer. r=nelsonb.
2005-10-14 16:48:58 +00:00
b957c8d0a7
Bugzilla Bug 312202: checked in HP-UX IPF (Itanium) porting changes
...
contributed by Grace Lu of HP. Use the .so suffix for shared libraries
on HP-UX IPF. Support building on HP-UX B.11.23. r=wtc.
Modified Files:
coreconf/HP-UX.mk nss/lib/nss/nssinit.c
Added Files:
coreconf/HP-UXB.11.23.mk
2005-10-12 19:04:13 +00:00
2193d926c7
Bugzilla Bug 302998: disallow x=0,1 and k=0. r=nelsonb.
2005-10-12 00:48:25 +00:00
8657972540
CBug 290263, patch CERT_CreateCertificateRequest for doing extensions
...
r=bob
`VS: ----------------------------------------------------------------------
2005-10-12 00:10:17 +00:00
491b4ef092
Bugzilla Bug 304360: generate ECC key with private key value less than the
...
group order using a combination of ANSI X9.62 A.4.1 and FIPS 186-2 Change
Notice 1. Also changed structure of EC key generation functions to match
the scheme used in dsa.c. The patch is contributed by Douglas Stebila
<douglas@stebila.ca> of Sun Labs. r=wtc.
2005-10-06 23:16:20 +00:00
81299cbc68
Bugzilla Bug 257693: set the correct error code in EC_ValidatePublicKey.
...
Documented the return values of ECPoint_validate. Have the tests compare
the return value of ECPoint_validate with MP_NO for negative test cases.
r=doublas.stebila.
Modified Files:
ec.c ecl/ecl.h ecl/tests/ec2_test.c ecl/tests/ecp_test.c
2005-10-06 21:42:55 +00:00
d420dda744
Bugzilla bug 259135: fixed build breakage. In C, declarations must precede
...
code.
2005-10-05 22:03:14 +00:00
002c9cc505
Bugzilla bug 259135: minor comment fix.
2005-10-05 17:58:01 +00:00
814a61d561
259135 added SHA 256,384,512 and AES powerupself tests sr=Wan-Teh
2005-10-05 16:31:01 +00:00
b0d1e52691
Back out non-reviewed strictly white space change in pk11sdr.c
2005-10-04 01:11:01 +00:00
058312eaa6
Bugzilla bug 310518: map CKR_PIN_INVALID and CKR_PIN_LEN_RANGE to
...
SEC_ERROR_INVALID_PASSWORD instead of SEC_ERROR_BAD_PASSWORD. r=relyea.
2005-10-03 22:41:45 +00:00
5c3685a18e
Bug 272484 Certificate manager crashes [@ _PR_MD_ATOMIC_DECREMENT - PK11_FreeSymKey]
...
r=wtc [part 3 of 3]
2005-10-03 22:01:57 +00:00
0cefb4acd8
Bug 272484 Certificate manager crashes [@ _PR_MD_ATOMIC_DECREMENT - PK11_FreeSymKey]
...
r=wtc [part 2 of 3]
2005-10-03 22:00:22 +00:00
0223a07982
This change was not part of bug 272484 and has not been reviewed.
...
Back it out.
2005-10-03 21:58:24 +00:00
53f4189369
Bug 272484 Certificate manager crashes [@ _PR_MD_ATOMIC_DECREMENT - PK11_FreeSymKey]
...
The problem only happens if we try to import a key into a token which then fails
to import. The basic issue was a hack in the pkcs 7 code to support PKCS 12, A
special structure was used to replace the SymKey structure, and the code 'knew'
the special structure existed before it dealt with the symkey. The fix addes a
new capability to symkeys, where applications can attach application specific
data to the key structure. PKCS 12 uses this to attache the PBE information
for CMS. (part 1 of 3)
This patch also improves the key's reuse of sessions, so sessions are not thrashed
when SSL is used with them.
r=wtc
2005-10-03 21:55:29 +00:00
5d52123474
Bugzilla Bug 294106: removed an assertion that's no longer necessary.
...
Added buffer length error checking to back up an assertion. r=nelsonb.
2005-09-30 22:01:46 +00:00
bb7e1cb9f9
Bugzilla Bug 244922 ASN.1 encoder outputs trash for optional may-stream subtemplate
...
r=nelson (original patch by nelson, modifications by me).
2005-09-30 19:22:48 +00:00
b354997d97
Bug 119500 PKCS#11 CKF_PROTECTED_AUTHENTICATION_PATH token flag not supported
...
wtc's review r=wtc
2005-09-29 23:44:39 +00:00
5c38b2d572
Bugzilla Bug 294106: dsa.c: use const in the function prototype of
...
DSA_GenerateGlobalRandomBytes. prng_fips1861.c: implemented Algorithm 1
of FIPS 186-2 Change Notice 1 and increased the size (b) of the RNG's
seed-key from 160 bits to 256 bits. r=relyea,nelsonb.
2005-09-29 23:22:53 +00:00
f07ca5cfef
Bug 308887 CRMF request generation problem when using latest firefox
...
Add crmf tests to the test suite.
2005-09-29 21:36:42 +00:00
9c9cecb9d7
Bugzilla Bug 119500 PKCS#11 CKF_PROTECTED_AUTHENTICATION_PATH token flag not supported
...
r=nelson
This is only the NSS portion of this patch. The PSM portion will be checked in once the
NSS portion is mainlined to mozilla.
2005-09-29 21:00:58 +00:00
fc511c7607
Bug 271317, remove the old fortezza code
2005-09-29 18:09:11 +00:00
93e1f22027
Bugzilla Bug 298630 freebl needs a memory cache invariant RSA implementation.
...
r=nelson
2005-09-29 17:17:09 +00:00
665d2accd1
Bug 271317, remove the old fortezza code
2005-09-29 00:36:53 +00:00
8d4f93463a
Internal NSS defines shared between softoken and the rest of NSS, but not
...
exported.
added as part of bug 305697.
2005-09-28 23:52:59 +00:00
c4abacd281
Bug 305697 Softoken needs to give on the fly access to additional databases. Part 2, User interface
...
r=julien
2005-09-28 17:17:49 +00:00
e35607b9c4
bug 305697: open additional database on the fly in softoken. part1: softoken changes.
...
r=julien
2005-09-28 17:12:17 +00:00
ac626ee74e
Avoid NULL ptr deref. Bug 310260. patch by Glen.Beasley. r=nelson.
2005-09-28 07:55:37 +00:00
7b415783ba
Bug 303508, committing attachment 196965. r=nelson,saul
2005-09-23 02:15:03 +00:00
abc6a22d68
Eliminate environment variable SSLNOLOCKS, add environment variable
...
SSLFORCELOCKS. Make SSL_FDX option mutually exclusive with SSL_NOLOCKS
option. Bug 305147. r=rrelyea.
2005-09-23 01:04:32 +00:00
d05886f50d
Add version info to freebl shared libs for Windows and Unix. bub 303508.
...
Modified Files: config.mk ldvector.c manifest.mn
Added Files: freebl.rc freeblver.c r=wtc.
2005-09-21 03:01:49 +00:00
f12a0e5a63
Replace "fast" and "slow" with fpu and int in loader.c. Also add a
...
comment explaining ISA lists. r=wtc. bug 303508.
2005-09-21 02:53:25 +00:00
73f597f990
Bug 299197: added the comment for PK11_TokenKeyGen back. r=relyea.
2005-09-21 01:32:11 +00:00
ecdf90d92d
Bug 299197: fixed comments. r=relyea.
2005-09-21 01:31:37 +00:00
aa8a2c0490
Only call C_WaitForSlotEvent if the module is PKCS #11 v2.01 or later.
...
bug 196811 r=wtc sr=julien
2005-09-20 20:56:07 +00:00
13f41d4840
Bugzilla bug 303508: a more elegant way to decide when we need to prefix
...
LIBRARY_VERSION with '_'. r=nelsonb.
2005-09-16 23:18:01 +00:00
d42e92ad88
Fix hoarked build from previous checkin. Doh.
2005-09-16 21:28:20 +00:00
b427dc6efe
Bugzilla Bug 298517: when in FIPS mode, impose minimum password length and
...
quality to ensure a password guessing probability of less than 1 in
10,000,000, and impose a one second delay after failed login attempt to
allow at most 60 login attempts per minute. r=relyea,nelsonb.
Modified files: fipstokn.c pkcs11.c pkcs11i.h
2005-09-16 20:37:58 +00:00
c56d3589f6
Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson
2005-09-16 20:33:09 +00:00
2e75eae9d5
Bugzilla Bug 288728: handle invalid values of recipient identifier type.
...
r=jpierre,relyea.
2005-09-16 17:54:31 +00:00
019a13cbeb
Bugzilla Bug 288728: use a whitelist instead of a blacklist when checking
...
for invalid values of "type". r=jpierre,relyea.
2005-09-16 17:52:37 +00:00
dcad184fa4
Bugzilla Bug 303508: removed the underscore from the name of the "single"
...
freebl shared library (freebl_3.dll -> freebl3.dll). Do the recursive
child builds without changing directories. This fixed the BUILD_TREE build
problem. r=nelsonb,saul.edwards.
Modified files: Makefile freebl.def manifest.mn
2005-09-16 17:17:45 +00:00
65241f7ef4
Removed an unnecessary -L linker flag. r=nelsonb,saul.edwards.
2005-09-16 17:02:49 +00:00
3eac80068d
Bugzilla Bug 303508: code cleanup. r=nelsonb,jpierre.
2005-09-16 16:59:22 +00:00
9499265f5c
Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
...
Change existing callers to pass this argument. Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files: freebl/alghmac.c freebl/alghmac.h freebl/loader.c
freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
f889a99cbb
Bugzilla Bug 301554: Clear the 'present' flag if slot fails to refresh.
...
relyea wrote the patch. r=wtc,nelsonb.
2005-09-14 01:35:02 +00:00
fdffe11308
Fix regression introduced in last checkin. If the caller disables the
...
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack. bug 305147. r=julien.pierre
2005-09-10 01:18:40 +00:00
4b56704437
Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS.
...
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
2005-09-09 03:02:16 +00:00
1d31068271
Export function PK11_MapSignKeyType for use by libSSL. Bug 305147.
...
r=relyea.
Modified Files: nss/nss.def pk11wrap/pk11mech.c pk11wrap/pk11obj.c
pk11wrap/pk11pub.h pk11wrap/secmodi.h
2005-09-09 02:03:57 +00:00
4250ad5929
Bugzilla Bug 299197: define two bitflags for every PKCS #11 object
...
attribute with no exceptions. renamed PK11_ATTR_READONLY as
PK11_ATTR_UNMODIFIABLE. In pk11_OpFlagsToAttributes, backed out a change
I made before. Made pk11_AttrFlagsToAttributes table-driven. In
pk11_loadPrivKeyWithFlags, fixed the bug (always loading the public key as
a token object). Other code cleanups. r=relyea,nelsonb.
Modified files: pk11akey.c pk11obj.c pk11pub.h pk11skey.c secmodt.h
2005-09-07 18:23:35 +00:00
0194469cc5
Bug 303508: Add freebl shared libs that do 64-bit integer math. Bug 274984: softoken fails to load freebl in setuid programs. freebl becomes a shared library on all platforms. r=nelson
...
Modified Files:
coreconf/HP-UXB.11.mk coreconf/SunOS5.mk
nss/cmd/shlibsign/Makefile nss/cmd/shlibsign/manifest.mn
nss/lib/freebl/Makefile nss/lib/freebl/arcfour.c
nss/lib/freebl/blapi.h nss/lib/freebl/config.mk
nss/lib/freebl/ldvector.c nss/lib/freebl/loader.c
nss/lib/freebl/loader.h nss/lib/freebl/manifest.mn
Added Files:
nss/lib/freebl/freebl.def
2005-09-07 02:47:16 +00:00
8ebcacd943
305984 update FIPS values for cipher suites file=sslinfo.c r=bob,sr=wtc
2005-09-06 17:15:32 +00:00
132ddbe43e
Fix 306785 . Memory leaks in PQG_ParamGenSeedLen . r=nelson
2005-09-02 20:05:35 +00:00
db235ef59a
Bugzilla Bug 299197: added PK11AttrFlags and PK11_GenerateKeyPairWithFlags.
...
Modified PK11_TokenKeyGenWithFlags to take a PK11AttrFlags parameter.
PK11AttrFlags controls the values of commonly used PKCS #11 object
attributes that have Boolean values. r=relyea,nelsonb.
Modified Files:
nss/nss.def pk11wrap/pk11akey.c pk11wrap/pk11obj.c
pk11wrap/pk11pub.h pk11wrap/pk11skey.c pk11wrap/secmodi.h
pk11wrap/secmodt.h
2005-09-02 18:25:04 +00:00
184d7ab678
Bugzilla Bug 305835: removed NSS_ENABLE_ECC ifdefs under nss/lib except
...
nss/lib/{freebl,softoken,ssl}. r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/manifest.mn cryptohi/seckey.c
cryptohi/secsign.c freebl/ec.c pk11wrap/manifest.mn
pk11wrap/pk11akey.c pk11wrap/pk11cert.c pk11wrap/pk11mech.c
pk11wrap/pk11obj.c pk11wrap/pk11skey.c pkcs12/manifest.mn
pkcs12/p12d.c pkcs7/config.mk pkcs7/p7decode.c
pkcs7/p7encode.c smime/cmssiginfo.c smime/cmsutil.c
smime/config.mk
2005-09-02 01:24:57 +00:00
afccecc775
Bugzilla Bug 257693: code cleanup. 1. Change "X9.63" to "X9.62". 2. In
...
EC_ValidatePublicKey, set error codes and handle a NULL return from
ECGroup_fromName. 3. In the ECGroupStr structure, move the validate_point
field up. 4. In the test cases, if the tests that should fail, passed,
say so in the error messages. r=douglas@stebila.ca .
Modified Files:
blapi.h ec.c ecl/ecl-priv.h ecl/ecl.c ecl/ecl.h
ecl/tests/ec2_test.c ecl/tests/ecp_test.c
2005-08-27 01:09:22 +00:00
33f6464950
Bug 302416 NSS root cert module & fortezza should not be using NSPR static libraries
...
r=wtc
sr-julien
Side effects: Root cert module now works with CKF_OS_LOCKING_OK and not callbacks,
but does not work if CKF_OS_LOCKING_OK == 0 and callbacks are define.
2005-08-25 20:08:27 +00:00
d624f9129a
Bugzilla Bug 296410: further simplify the code by always referencing the
...
buffer using the same union member. r=relyea.
VFYContextCVS: ----------------------------------------------------------------------
2005-08-24 23:05:39 +00:00
22ff330626
Fix AIX build problem
2005-08-18 23:37:31 +00:00
6b5d842c09
Fix for bug 217024. add a function for comparing cert validity periods. r=wtchang
2005-08-17 02:04:12 +00:00
c3fa2091c5
Bug 303507: Add comba for MPI's multiply and square routines.
...
This code is currently for AMD 64 on both Linux and Solaris only.
2005-08-16 19:25:48 +00:00
d391504d03
Remove fortezza code from libSSL and from the SSL test programs.
...
Stop building fortezza's special software token, and fortezza specific
test programs. Bug 239960. r=rrelyea.
Modified Files:
cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
lib/ssl/sslt.h
2005-08-16 03:42:26 +00:00
3e2e9c754f
Bugzilla bug 296410: checked in a better fix than the previous checkin.
...
Also removed the unused, unexported function SEC_VerifyFile. r=nelsonb.
2005-08-16 01:57:51 +00:00
88fb7bee52
Bugzilla bug 296410: removed unused, unexported function SEC_SignFile.
...
r=nelsonb.
2005-08-16 01:52:17 +00:00
5e25df8763
Bugzilla Bug 298957: removed a comment. The code already does what the
...
comment asked for. r=relyea.
2005-08-15 21:34:42 +00:00
55197b5cfd
Bugzilla Bug 289530: fixed signed/unsigned comparison compiler warnings.
...
Fixed compilation errors of new ECC code added in the previous checkin.
r=nelsonb.
2005-08-15 21:23:39 +00:00
29e52be20d
Remove ^M from the tree version of mpcpucache.c
2005-08-15 19:00:17 +00:00
95723d010a
Bug 285932: Faster SHA1 implementation for AMD64: sha-fast-amd64-sun.s is
...
currently only for Solaris AMD 64 when using Sun studio compilers.
2005-08-15 16:55:22 +00:00
2577eb148c
Bugzilla bug 302286: fixed the bug that NSS misinterpreted the
...
CKA_PRIME_BITS attribute for DSA's p parameter. r=relyea.
Modified files: pk11wrap/pk11pqg.c softoken/pkcs11c.c
2005-08-13 00:09:26 +00:00
12ebc20147
Bugzilla Bug 302286: PQG_PBITS_TO_INDEX should reject p bits that are
...
less than 512 or greater than 1024. r=relyea.
2005-08-13 00:07:18 +00:00
0824c317a1
Bugzilla Bug 296410: enlarge the buffer size for message digest so that
...
we can generate and verify signatures that use SHA-512. r=relyea
Modified files: secsign.c secvfy.c
2005-08-12 23:50:19 +00:00
148653a358
Bugzilla bug 240554: we should pass the signature algorithm, not the
...
public key's algorithm, to VFY_VerifyData and VFY_VerifyDigest. Only
fixed this in cmssiginfo.c. In p7decode.c I just added comments saying
they should be fixed. r=relyea.
Modified files: lib/smime/cmssiginfo.c lib/pkcs7/p7decode.c
2005-08-12 23:26:38 +00:00
1a568d0852
Bugzilla bug 240554: set (better) error codes and removed an unreachable
...
break statement. r=relyea.
2005-08-12 23:24:22 +00:00
c0bd0e749a
Bugzilla bug 240554: fixed signed/unsigned comparison compiler warning.
...
r=relyea.
2005-08-12 23:22:28 +00:00
e09393045c
Bugzilla bug 292239: have the softoken report Cryptoki version 2.20.
...
r=relyea.
2005-08-12 23:14:22 +00:00
2d2b80688d
Bugzilla bug 292239: added a change missed in the previous checkin.
...
r=relyea.
2005-08-12 23:12:18 +00:00
684e5d1c2b
Correct mistyped version of wtc patch.
2005-08-12 22:19:19 +00:00
a584ef4a1d
Bug 292239 r wtc & julien
...
Merge PKCS #11 v2.20 header files
2005-08-12 18:58:47 +00:00
5ab7c1109c
Bug 303010 Certificate upgrade can drop S/MIME certificates
...
r=wtc.
Delay loading the S/MIME records on upgrade until the cert is loaded
2005-08-12 18:01:26 +00:00
0543618d9c
Bugzilla Bug 257693: actually implemented EC_ValidatePublicKey and added a
...
test case. The patch is contributed by Douglas Stebila
<douglas@stebila.ca>. r=wtc.
Modified Files:
ec.c ecl/ec2.h ecl/ec2_aff.c ecl/ecl-priv.h ecl/ecl.c
ecl/ecl.h ecl/ecp.h ecl/ecp_aff.c ecl/tests/ec2_test.c
ecl/tests/ecp_test.c
2005-08-12 00:59:19 +00:00
67ffaff684
Bugzilla Bug 298514: added a missing break statement and removed an unused
...
variable. r=jpierre.
2005-08-12 00:44:35 +00:00
9a026f7eba
Bugzilla Bug 240554: added ECDSA support in S/MIME. The patch is
...
contributed by Vipul Gupta <vipul.gupta@sun.com>. r=wtc.
Modified Files:
cryptohi/secsign.c pkcs7/config.mk pkcs7/p7decode.c
pkcs7/p7encode.c smime/cmssiginfo.c smime/cmsutil.c
smime/config.mk
2005-08-11 23:11:40 +00:00
0d980a5ea1
A faster c implementation of SHA1 for most platforms. Bug 285932.
...
r=wtchang Modified Files: prng_fips1861.c sha_fast.c sha_fast.h
2005-08-11 01:01:08 +00:00
9b7075b1d2
Bugzilla Bug 303116: fixed an off-by-one error in the size of the NAF
...
buffer. We access this buffer using indices from 0 to orderBitSize.
r=douglas.stebila.
2005-08-10 20:35:07 +00:00
24b5ce2c08
Bugzilla Bug 303116: fixed an off-by-one error when duplicating a string.
...
r=douglas.stebila.
2005-08-10 18:49:29 +00:00
19e9429f0d
Bugzilla Bug 303116: this file doesn't need to include <strings.h>, which
...
doesn't exist on Windows. r=relyea.
Bugzilla Bug 303130: fixed memory leak of mp_int in ECPoints_mul.
r=douglas.stebila.
2005-08-10 18:46:29 +00:00
c893021cd0
Address review comments. Add test after PORT_Assert. Bug 303334.
...
r=rrelyea,sr=wtchang
Modified Files: rijndael.c
2005-08-09 03:09:38 +00:00
julien.pierre.bugs%sun.com
alexei.volkov.bugs%sun.com
nelson%bolyard.com
wtchang%redhat.com
rrelyea%redhat.com
kaie%kuix.de
glen.beasley%sun.com
gerv%gerv.net
christophe.ravel.bugs%sun.com
neil.williams%sun.com
nelsonb%netscape.com
relyea%netscape.com
saul.edwards%sun.com