Граф коммитов

4451 Коммитов

Автор SHA1 Сообщение Дата
relyea%netscape.com 46ee0eea31 bug 162976: make crl update atomic. Set up new Crl with a new Object ID which is different from the old one. 2003-03-04 22:36:27 +00:00
relyea%netscape.com 72f513f7ef Bug 162976. Make CRL updates 'atomic' . Insert new CRL before deleting the
old one.b
2003-03-04 22:34:56 +00:00
relyea%netscape.com df2b3f1e6e Print all the certs for a given nickname, not just the first. 2003-03-04 22:32:24 +00:00
relyea%netscape.com be7d152cb3 Fix QA failures on tip (don't dereference through a NULL pointer). 2003-03-03 19:46:22 +00:00
wtc%netscape.com ac86d72617 Bug 195127: 1. Enable DEBUG_SHVERIFY. 2. Added debug output to print the
file name if PR_Open fails.
2003-03-01 01:53:11 +00:00
relyea%netscape.com 26e539e088 bug 19590
RFE:Add ability to encode/decode NSSCMSRecipientInfo structures

r=javi,wtc
2003-02-28 23:32:29 +00:00
ian.mcgreer%sun.com 64a832e0e7 bug 177556, signtool -l fails
r=wtc
2003-02-28 21:14:36 +00:00
ian.mcgreer%sun.com cccb7a3f68 bug 191757, InitOIDHash() not threadsafe
r=relyea
2003-02-28 21:13:20 +00:00
bolian.yin%sun.com 67a96671aa Bug 194821, Page Info: add access keys for _H_elp button, and _V_iew in Security tab
r=db48x, sr=jaggernaut, patch by jessie.li@sun.com.
2003-02-28 11:20:20 +00:00
wtc%netscape.com d31cd6e89d Bug 195196: fixed a typo. 2003-02-27 14:49:30 +00:00
nelsonb%netscape.com 42fae25f24 Add support for Elliptic Curve Cryptography. Bug 195135.
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
kairo%kairo.at 11348f5311 bug 194924 - localeVersion update for 1.4a, r=rchen, sr=blizzard 2003-02-27 00:05:44 +00:00
nelsonb%netscape.com 66f7b8cddb Add missing dependency on error headers. 2003-02-26 23:52:40 +00:00
nelsonb%netscape.com e7a02a41a4 Fix bug 194840. Get new random seed before each attempt to sign with DSA. 2003-02-25 23:45:23 +00:00
kirk.erickson%sun.com 1fb9fd4cdd Addresses bug 193378 modutil should print an error message,
by printing error on SECMOD_DeleteInternalModule() failure.
2003-02-25 02:09:11 +00:00
wtc%netscape.com 6d5833f249 Bug 190537: build OS/2 DLLs using the map files to control symbol export.
The patch is contributed by Javier Pedemonte <pedemont@us.ibm.com>.
Modified files: coreconf/OS2.mk coreconf/rules.mk nss/lib/ckfw/nssck.api
2003-02-25 01:40:04 +00:00
pete.zha%sun.com 29f051b1d6 bug=193068
Missing accesskeys in preference dialogs
r=timeless sr=jaggernaut@netscape.com
2003-02-24 07:59:17 +00:00
robin.lu%sun.com 0203ef6893 fixed bug 149841 It should NOT be possible to open cert manager twice at the same time. r=kaie sr=alecf 2003-02-24 07:07:13 +00:00
wtc%netscape.com 0bff47a153 Simplified the test for substrings. 2003-02-22 15:20:07 +00:00
varga%netscape.com 0d0ab083d9 Fix for bug 192365. Remove extraneous seltype="multiple" attributes of <tree>s in xul.
r=varga, sr=jag, patch by Daniel Crisman <bugzilla@w.d6.org>
2003-02-22 11:48:19 +00:00
mscott%netscape.com 105486968a ACK this wasn't meant for the trunk. File wasn't tagged properly. Sorry. backing out. 2003-02-22 02:35:31 +00:00
mscott%netscape.com 47ae6e0aab hide ftp channel when building minotaur 2003-02-22 02:22:51 +00:00
nelsonb%netscape.com 95525c28a1 Fix bug 160207. Make TLS implementation resistant to timing attacks on
CBC block mode cipher suites in TLS.  See bug for details.
2003-02-21 23:00:16 +00:00
wtc%netscape.com d97151bee3 Bug 194309: cvs removed libpath.c because the freebl_GetLibraryFilePathname
function has been replaced by the new NSPR 4.3 function
PR_GetLibraryFilePathname.
2003-02-21 02:40:52 +00:00
wtc%netscape.com c6ada6f97b Bug 194309: replaced freebl_GetLibraryFilePathname by the new NSPR 4.3
function PR_GetLibraryFilePathname.
Modified files: config.mk manifest.mn shvfy.c
2003-02-21 00:41:24 +00:00
mkaply%us.ibm.com 176876e10c OS/2 bustage - PR_CALLBACK 2003-02-20 19:09:43 +00:00
wtc%netscape.com 1d3e993c7a Bug 194222: Removed SECMOD_CallOnce. It is replaced by the new NSPR 4.3
function PR_CallOnceWithArg.
Modified files: nss/nssinit.c pk11wrap/pk11cert.c pk11wrap/secmodi.h
2003-02-20 16:58:57 +00:00
wtc%netscape.com b7882c433d Bug 118832: do not include NSS private header files. "genname.h" is simply
not needed.  "crmfi.h" can be avoided by using the public function
CRMF_EncodeCertReqMessages.  r=kaie. sr=bryner. a=asa for mozilla 1.3.
Modified Files: Makefile.in nsCrypto.cpp nsNSSIOLayer.cpp
2003-02-20 14:56:10 +00:00
sonja.mirtitsch%sun.com 57ec96bba5 writing actual return of modutil to output.log, bug 193394 r=wtc 2003-02-20 00:52:40 +00:00
kaie%netscape.com 1f21ec5ceb b=173369 Migrating NSS databases from the "CFM" build to the "mach-o" build
r=javi sr=peterv a=asa
2003-02-20 00:19:45 +00:00
sonja.mirtitsch%sun.com a79dc7f765 echoing modutil commandline to output.log, bug 193394 r=wtc 2003-02-19 23:26:52 +00:00
sonja.mirtitsch%sun.com 1945c33989 switching the NSPR version to v4.3-beta1 2003-02-19 23:21:23 +00:00
jpierre%netscape.com 4c5cf50f52 Patch for 193961 - incorporate Wan-Teh's feedback 2003-02-19 21:50:49 +00:00
wtc%netscape.com c210ab5523 Bug 190960: added the DHE ciphersuites back because the underlying NSS bug
(bug 188856) that broke them has been fixed. r=kaie. sr=bryner. a=asa for
mozilla1.3.
Modified Files:
	netwerk/base/public/security-prefs.js
	security/manager/pki/resources/content/ssl3tlsciphers2.xul
	security/manager/pki/resources/locale/en-US/pref-ssl.dtd
	security/manager/ssl/src/nsNSSComponent.cpp
2003-02-19 15:08:50 +00:00
jpierre%netscape.com cc0db2005f Fix for bug 193691 . Make QuickDER return an error rather than assert if extraneous data is present in the buffer 2003-02-19 02:29:48 +00:00
thayes%netscape.com 1f3f0e69ef Bug 192639: Use utility functions for managing token passwords so that
cmsutil will prompt for the value if it is not given on the command line.
r=nelsonb
2003-02-19 00:39:39 +00:00
wtc%netscape.com 3d0a1f67b4 Bug 193367: do not call PR_Now() in a loop. r=nelsonb. 2003-02-18 23:26:39 +00:00
ian.mcgreer%sun.com d84324a740 bug 174200, don't attempt to decode cert when destroying it, handle failure
to decode cert serial number
r=nelsonb
2003-02-18 20:53:14 +00:00
wtc%netscape.com a44277fff4 Add DHE algorithms to the list. (Merged relyea's checkin (rev. 1.3.2.1)
from the NSS_3_7_BRANCH to the trunk.)
2003-02-18 02:53:54 +00:00
wtc%netscape.com 442aeeb97a Bug 188856: it is not necessary to declare 'crv' in these blocks because it
is already declared in the outer scope.
2003-02-18 02:47:04 +00:00
wtc%netscape.com 60391f57be Bug 192617: export NSS_CMSRecipientInfo_Wrap/UnwrapBulkKey from the smime3
shared library.
2003-02-18 00:45:34 +00:00
wtc%netscape.com 91857ca5bd Bug 134967: handle spaces and hyphens in $(USERNAME). Convert them to
underscores.  r=seawood@netscape.com.
2003-02-15 20:39:01 +00:00
wtc%netscape.com 43ac537225 Bug 193055: the "cat ${file} | while read ...do ... done" construct does
not work under MKS Korn shell on Windows XP.  Replaced it by the equivalent
construct "while read ... do ... done < ${file}".
2003-02-15 04:48:13 +00:00
relyea%netscape.com b13bd23954 Bug 167756. Address Nelson's review comments. remove socket specific latency
in favor of a slot specific latency test (already done by pk11wrap code).
2003-02-15 01:21:25 +00:00
relyea%netscape.com ff5dbf2eed bug193367: Don't blindly copy all the certs from a given S/MIME message into the db. 2003-02-15 00:23:04 +00:00
sonja.mirtitsch%sun.com bf0426a4ab bug 193394, change to check returncode of modutil after switching to
fips mode, r=wtc
2003-02-14 21:30:45 +00:00
wtc%netscape.com 74b8cae5f0 There should be no token after #endif. 2003-02-14 05:32:35 +00:00
kirk.erickson%sun.com 5c579360c2 Changed License: MPL to MPL/GPL. 2003-02-13 18:24:07 +00:00
relyea%netscape.com 69ce67aba4 Turn off debugging output now that we have the tinderboxen working correctly. 2003-02-13 17:41:45 +00:00
kirk.erickson%sun.com 2908f09255 Added softokn3 library, and the new integrity check files. 2003-02-13 03:30:19 +00:00
wtc%netscape.com 973801b199 Bug 193057: add WINNT5.1_* symlinks in mozilla/dist for Windows XP QA. 2003-02-13 01:45:01 +00:00
relyea%netscape.com 6270df5573 Turn off the mangle test for now. 2003-02-12 22:21:59 +00:00
kirk.erickson%sun.com f1af545d36 Removed extraneous ` from PRODUCT_VERSION. 2003-02-12 16:12:14 +00:00
wtc%netscape.com 684c1663ec Bug 107976: allow CC to be overridden (with the full pathname of the C
compiler) on the make command line.
Modified files: AIX.mk ruleset.mk
2003-02-11 01:15:36 +00:00
relyea%netscape.com 2d128d88e2 Always free the key reference passed to us from the client 2003-02-10 22:36:45 +00:00
kirk.erickson%sun.com 9d79e728d1 Resolves bug 191221, by adding dynamic versioning for Solaris. 2003-02-10 18:18:52 +00:00
wtc%netscape.com 165f568bae Bug 131826: backed out the zlib 1.1.4 upgrade because the signtool tests
failed.
Modified Files:
	README adler32.c compress.c crc32.c deflate.c deflate.h
	example.c gzio.c infblock.c infblock.h infcodes.c infcodes.h
	inffast.c inffast.h inflate.c inftrees.c inftrees.h infutil.c
	infutil.h minigzip.c trees.c uncompr.c zconf.h zlib.h zutil.c
	zutil.h
2003-02-08 15:00:13 +00:00
wtc%netscape.com 6edc864d6e Bug 131826: checked in the README file of zlib 1.1.4. 2003-02-08 09:10:36 +00:00
wtc%netscape.com 7d4ad3fc60 Bug 131826: upgraded to zlib 1.1.4.
Modified Files:
	adler32.c compress.c crc32.c deflate.c deflate.h example.c
	gzio.c infblock.c infblock.h infcodes.c infcodes.h inffast.c
	inffast.h inflate.c inftrees.c inftrees.h infutil.c infutil.h
	minigzip.c trees.c uncompr.c zconf.h zlib.h zutil.c zutil.h
2003-02-08 08:50:42 +00:00
wtc%netscape.com 899b4b00c5 Bug 131826: added maketree.c from zlib 1.1.4. 2003-02-08 08:37:00 +00:00
wtc%netscape.com 51a2c07941 Removed unused files stubs.c and zip_nodl.c. 2003-02-08 08:35:07 +00:00
wtc%netscape.com 23f47b2e4d Bug 131826: added new header files from zlib 1.1.4.
Added Files: trees.h inffixed.h
2003-02-08 08:30:11 +00:00
relyea%netscape.com dae21534d8 Sigh, the QA scripts look for the word 'failed', but it's common that we
can't open the shared library and isn't a real failure, so change the wording
2003-02-08 01:52:37 +00:00
relyea%netscape.com c40beead4c Skip corruption test if someone has locked down the shared library on us. 2003-02-08 00:02:06 +00:00
wtc%netscape.com 34372e7cee Exit with 1 rather than -1 on failure. Make sure the program exit with 1
on all failures. Remove the symlink, if a file/symlink by that name already
exists, before creating it to avoid the EEXIST error.
2003-02-07 23:41:15 +00:00
wtc%netscape.com 8d38bb626b Use <> around standard/system header files. This file does not need
string.h, but it should include stdio.h because it uses fprintf and printf.
2003-02-07 23:21:53 +00:00
nelsonb%netscape.com 923827d462 Fix bug 190527. Properly extend buffer when data exceeds 512 bytes. 2003-02-07 23:09:35 +00:00
relyea%netscape.com d3fd98806e Fix signed/unsigned display issue.
Add more loggin information on errors (rev 1.3 added this but lost it's log).
2003-02-07 23:05:07 +00:00
relyea%netscape.com bcafc7572b *** empty log message *** 2003-02-07 23:02:43 +00:00
relyea%netscape.com 4dd6b2da64 Add test to see if the shlib was actually changed. 2003-02-07 21:13:10 +00:00
relyea%netscape.com aa9dafae78 Add Mangle logging... 2003-02-07 21:12:26 +00:00
relyea%netscape.com 70e3aa6345 Add debugging information. Turn on tempararily to get debug info from tinderbox failures. 2003-02-07 19:22:42 +00:00
kirk.erickson%sun.com 03a251009f Moved rules.mk include to the end. 2003-02-07 07:16:37 +00:00
wtc%netscape.com e1fe9f07a3 Set the default compiler to cc. 2003-02-07 06:57:57 +00:00
nelsonb%netscape.com 645cb762cb Move the implementation of the TLS Pseudo Random Function (PRF) from
pkcs11c.c into a new file: tlsprf.c.
2003-02-07 06:42:20 +00:00
nelsonb%netscape.com f9133aa19e Fix the dbtests test on Windows, when run in all.sh.
The problem was that fips.sh created a file in . named dbtest, which was
actually some text output by a previous test.  This dbtest file prevented
the dbtest program from running.  The text file now has another name.
2003-02-07 06:32:59 +00:00
kirk.erickson%sun.com edc53c0499 Resolves bug 189504 (Build Linux RPMS). 2003-02-07 05:56:15 +00:00
nelsonb%netscape.com d6bf23b21d MKS shell doesn't know about echor command. Does any shell? 2003-02-07 05:48:34 +00:00
nelsonb%netscape.com e7ff335e8c Remove unreferenced local variables from functions. 2003-02-07 05:08:01 +00:00
wtc%netscape.com 5376fc6d82 Moved the definition of MD_LIB_RELEASE_FILES from manifest.mn to Makefile
so that it is right next to the definition of CHECKLOC, which it uses.
2003-02-06 22:37:37 +00:00
relyea%netscape.com 929ac59217 Clean up tests
Suppress error messages which we were expecting because it causes the QA
scripts to report a QA failure.
2003-02-06 19:06:39 +00:00
relyea%netscape.com 6b8ac1fb4b Mangle will be changing the shared libraries, so it should link with them. 2003-02-06 18:18:42 +00:00
wtc%netscape.com 7870b01f6d Bug 177387: Put the configuration/assignments before the rules in Makefile.
Define MD_LIB_RELEASE_FILES in manifest.mn so that the *.chk files are
included in the mdbinary.jar files generated by the release target.
2003-02-06 16:56:46 +00:00
relyea%netscape.com 6d2419f541 Turn on FIPS test again. 2003-02-06 16:13:44 +00:00
relyea%netscape.com d32d519e9e Introduce shell variables for DLL_PREFIX and DLL_SUFFIX 2003-02-06 16:13:22 +00:00
wtc%netscape.com edb8b5fe44 Support both ";" and ":" as PATH separators on Windows. MKS Korn shell
uses ";" but Cygwin bash uses ":".
2003-02-06 14:52:43 +00:00
wtc%netscape.com 82345876f3 Backed out the previous checkin because it doesn't work on Windows. 2003-02-06 05:33:33 +00:00
wtc%netscape.com 2574db9f16 Bug 188441: compile with -D_USE_BIG_FDS on HP-UX. This ensures that fd_set
is large enough for 60,000 file descriptors.
2003-02-06 04:43:03 +00:00
wtc%netscape.com 92c86ec530 Bug 177387: include the *.chk files in the mdbinary.jar files generated by
the release makefile target.
Modified Files: lib/freebl/manifest.mn lib/softoken/manifest.mn
2003-02-06 03:52:37 +00:00
relyea%netscape.com c611d55441 Remove mangle test until we can get the correct library name inside fips.sh for all platforms 2003-02-06 01:07:39 +00:00
relyea%netscape.com 8bc877fcf9 Add check to 1) make sure we are in FIPS mode. and 2) to verify that we
detect corrupted shared libraries while in FIPS mode.
2003-02-06 00:50:00 +00:00
relyea%netscape.com d25559ff9f The NSPR get shared lib interface requires the library name only,
not a partial path to the library. This affects AIX.
2003-02-06 00:49:09 +00:00
relyea%netscape.com c613b5df3c Try to load the new module before we've unloaded the old one. This now
works in NSS, and it allows us to back out if the new one didn't load (because
FIPS could not verify the shared module for instance).
2003-02-05 00:35:53 +00:00
relyea%netscape.com 9eb1dbcff9 Update db test to verify cert8 not cert7 2003-02-05 00:33:52 +00:00
relyea%netscape.com bc5d891538 Surface the Err codes if we fail to shift to FIPS mode.
Add new option to verify that we have shifted to FIPS mode.
2003-02-05 00:31:15 +00:00
relyea%netscape.com b8ee14395c 1) turn on mangle builds.
2) better fix for the missing MAXPATHLEN missing define.
3) make room for the '\0' in the pathname.
2003-02-05 00:29:35 +00:00
relyea%netscape.com 1ed41d69c9 Fix LINUX breakage (define MAXPATHLEN if it wasn't defined the the standard
system headers).
2003-02-04 23:39:15 +00:00
relyea%netscape.com c5679652a6 Add code to handle symlinks.
Add verbose output to print out hashes and signatures.
2003-02-04 23:18:08 +00:00
relyea%netscape.com b66f562dec Add program which will mangle exactly 1 bit in a file. 2003-02-04 23:16:56 +00:00
relyea%netscape.com 883af5be6e Fix windows build breakage. 2003-02-04 19:03:11 +00:00
kaie%netscape.com a7bcf48918 b=191301 Crash if I cancel "Choose token" dialog on Cert import
r=javi sr=darin a=dbaron
2003-02-04 01:37:23 +00:00
relyea%netscape.com 2cf013ba38 Shell script to set up the path before running the signing tool 2003-02-03 21:06:57 +00:00
relyea%netscape.com cb166d81a7 Generate .chk file at build time when we build shlibsign 2003-02-03 21:06:18 +00:00
relyea%netscape.com ab6d0dea43 Check bug 188856 into the tip.
1)return proper error code in more cases. 2) Fix bug in DH KeyPair Generation.

the essential part of this fix in pkcs11c.c where we add the CKA_NETSCAPE_DB
attribute on Diffie-Hellman key gen. I don't know why the code would have even
thought of working without this (unless we were testing with pregenerated
keys).

The rest of the fix is to surface more of the PKCS #11 error back up. There is
a separate bug to continue tracking the issue of lost PKCS #11 errors.
2003-01-31 23:39:34 +00:00
kaie%netscape.com 8fdd6beaad b=189974 Profile Switching fails after JavaScript based cert import
PSM portion of fix
r=javi sr=darin a=asa
2003-01-31 22:33:49 +00:00
nelsonb%netscape.com 7874d8d788 Fix an uninitialized variable. Bug 191396. 2003-01-31 22:26:56 +00:00
nelsonb%netscape.com 91b818b389 Fix crash in CERT_CheckKeyUsage caused by dereferencing a returned pointer
without checkin it for NULL.
2003-01-31 02:49:13 +00:00
nelsonb%netscape.com 04c74fc4ac Fix bug 191396. Don't generate SEC_ERROR_LIBRARY_FAILURE unnecessarily
while doing dsa signatures.
2003-01-31 02:39:36 +00:00
relyea%netscape.com 2d71279799 FIPS library verifier. 2003-01-30 23:38:07 +00:00
relyea%netscape.com bd68779b0c FIPS library verifier 2003-01-30 23:36:37 +00:00
wtc%netscape.com 751c48b5e5 Bug 191214: fixed the object leaks in signtool that prevented NSS_Shutdown
from succeeding and added the NSS_Shutdown call back.  r=jpierre.
Modified Files: certgen.c sign.c signtool.c
2003-01-30 23:11:13 +00:00
wtc%netscape.com 5f51d20223 Bug 177387: temporarily added freebl_GetLibraryFilePathname to libfreebl.a.
This function has the same semantics as the NSPR 4.3 function
PR_GetLibraryFilePathname. This patch should be backed out when NSPR 4.3 is
released.
Modified Files: config.mk manifest.mn
Added Files: libpath.c
2003-01-30 07:00:32 +00:00
jpierre%netscape.com 4efd6d4409 Fix for 190424 - don't query CKA_NETSCAPE_EMAIL attribute. r=wtc 2003-01-30 05:12:10 +00:00
jpierre%netscape.com e3c369562b Fix for 190424 - don't query CKA_NETSCAPE_EMAIL attribute . r=wtc 2003-01-30 03:02:55 +00:00
jpierre%netscape.com 468dc9f9ab Patch for memory leak . Bug 189976 . r=wtc 2003-01-30 02:59:35 +00:00
wtc%netscape.com fedddcffe2 Bug 191214: backed out the previous checkin until this bug (object leaks)
is fixed.
2003-01-30 01:50:31 +00:00
wtc%netscape.com 4dbc437731 Bug 171263: signtool should call NSS_Shutdown before it exits. 2003-01-30 00:39:37 +00:00
relyea%netscape.com 3788b0eeec Move LIBJAR definitions around so that NT builds. 2003-01-29 23:37:10 +00:00
kaie%netscape.com 69c368b1a9 b=165301 False mixed content (encrypted page with unencrypted information) Security Warning
r=javi sr=darin a=asa
2003-01-29 03:52:01 +00:00
relyea%netscape.com 807a5de681 1) add vfyserv to the standard build.
2) add tool to build shared library signature files for FIP's.

Code to verify requires NSPR changes before we can check it in.
2003-01-28 18:53:22 +00:00
relyea%netscape.com fa9c0d1f91 New header file to dump defines for managing signed FIPs libraries. 2003-01-28 18:50:02 +00:00
relyea%netscape.com 97ee121321 Compile modutil with shared libraries. 2003-01-28 16:44:33 +00:00
relyea%netscape.com ca368d8e94 Export functions needed for modutil to be compiled dynamically. 2003-01-28 16:41:46 +00:00
relyea%netscape.com 2a6c459c18 Remove dead code and symbols from lib jar so that modutil can compile when
linked with it.
2003-01-28 16:39:32 +00:00
relyea%netscape.com 88f5c92825 Sign 3 sets of changes are here:
1) Provide accessor functions for the PK11_DefaultArray so that modutil
does not have to link statically to access it.

2) Try setting the attribute on an object before we go to the work of copying
it (Function Only used in Java).

3) Optimize searching for the more common types of attributes.
2003-01-28 16:38:04 +00:00
kaie%netscape.com 6b9785edcd b=190640 Remove the DHE ciphersuites until they work
r=javi sr=bryner a=asa
2003-01-28 15:06:29 +00:00
kaie%netscape.com 64cd67a3d0 b=190394 "website certified by an unknown authority" - nssckbi not found breaks PKI trust
r=dougt sr=darin a=asa
2003-01-27 23:53:02 +00:00
wtc%netscape.com 6d046ab3c2 Bug 90010: added support for parisc64. I received this patch from
Christopher Blizzard <blizzard@mozilla.org>.
2003-01-27 22:36:06 +00:00
wtc%netscape.com d4ac75f3a6 Bug 190396.
Don't fail the search if the token returned an error that indicates that it
legitimately couldn't find a CRL
2003-01-24 06:37:03 +00:00
relyea%netscape.com 04df2266d3 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 2003-01-23 22:02:37 +00:00
relyea%netscape.com 797a5bc51c Write changes back to the database when we correct incorrect user bit settings. 2003-01-23 19:38:53 +00:00
relyea%netscape.com 48191e6dde Set the size value when extracting a key 19011. 2003-01-23 17:30:15 +00:00
relyea%netscape.com c5e06bef79 Check for token removal before continuing SSL sessions which have client auth
with certs associated with that token. bug 167756.
2003-01-23 17:27:34 +00:00
relyea%netscape.com a54ce85446 Fix bug 180824 Version 3.4 string hard coded in default token name. 2003-01-23 17:16:50 +00:00
wtc%netscape.com 722dc7dcf5 Bug 90010: added support for Linux for s390 and s390x. The patch is
contributed by Gerhard Tonn <GerhardTonn@swol.de>.
2003-01-23 17:16:32 +00:00
ian.mcgreer%sun.com c05c7c3f1e always use explicit serial numbers on generated certs, should fix QA failures on leia 2003-01-23 15:38:03 +00:00
jpierre%netscape.com d68a388386 Fix for bug #126930 - make SSL_ConfigServreSessionIDCache work on OS/2 by not using shared memory in single process mode. r=nelsonb 2003-01-23 00:15:08 +00:00
wtc%netscape.com dcfc314ddc Bug 190112: PK11_ReadAttribute needs to call PK11_ExitSlotMonitor before
we return because of allocation failure.
2003-01-22 17:44:36 +00:00
wtc%netscape.com ba247cd419 Bug 189546: updated the comments to reflect what the new code does. 2003-01-22 06:24:53 +00:00
timeless%mozdev.org e87b036988 Bug 179798 cookie confirm dialog no longer works in embedding (doesn't call nsIPrompt service)
patch by mvl@exedo.nl r=dwitte sr=darin
2003-01-22 05:52:33 +00:00
nelsonb%netscape.com e5ea957b6e Add OIDs for AES Key Wrap mechanism. 2003-01-22 04:35:54 +00:00
wtc%netscape.com ddc27a6bbf Bug 189546: moved the switch statement for known key lengths to the
beginning of PK11_GetKeyLength to work around a deadlock in nCipher
module if PK11_ExtractKeyValue is called.
2003-01-22 03:55:21 +00:00
kaie%netscape.com 153d01add8 b=188363 Bad error messages when server uses an invalid cert (-8054)
r=nelsonb sr=blizzard
2003-01-22 03:41:35 +00:00
nelsonb%netscape.com 2770ec645e Implement new AES Key Wrap mechanisms. Bug 167818. 2003-01-22 03:13:04 +00:00
wtc%netscape.com f20a97ef6a Bug 189345: we incorrectly assumed that a C_XxxFinal call to determine the
length of the buffer would also terminate the active operation if the
buffer length is 0.  PKCS#11 says it doesn't, so we need to make the
additional C_XxxFinal call even if the buffer length is 0.  Allocate a
buffer from the heap if the stack buffer is too small and free the
heap-allocated buffer before we return from pk11_Finalize.  We can use the
stack buffer if count is equal to its size.
2003-01-21 19:33:24 +00:00
seawood%netscape.com a4b8644bc9 I always forget to change both the declaration & the definition.
Thanks to bird@anduin.net for the patch.
Fixing OS/2 bustage.
2003-01-19 06:43:19 +00:00
seawood%netscape.com 6e4b727afc Callback functions must be defined as such.
Fixing OS/2 bustage.
2003-01-19 02:43:13 +00:00
kaie%netscape.com 499c2e67f7 b=189205 Implement early shutdown of NSS resources
r=javi sr=darin
2003-01-18 14:03:00 +00:00
relyea%netscape.com 402a4a6710 Bug 198364. Tokens keys do not own their handles. Don't let the key
get destroyed when freed.
2003-01-18 01:49:33 +00:00
nelsonb%netscape.com 48e8c13dcd When wrapping secret keys with an unpadded block cipher, null padd the keys
as necessary, per the PKCS 11 spec.  Also, implement padding and unpadding
for single-part only ciphers.
2003-01-17 05:50:08 +00:00
wtc%netscape.com 12a72288a3 Bug 145029: fixed compiler warnings (mostly "xxx might be used
uninitialized").
2003-01-17 02:49:11 +00:00
nelsonb%netscape.com 3c2c7f33bb One more fix for HPUX and Solaris. 2003-01-16 01:44:43 +00:00
jpierre%netscape.com 8796ef7732 Fix incorrect usage of QuickDER . See bug 160805 comment 16 2003-01-16 00:56:10 +00:00
nelsonb%netscape.com 5c71d8774b Fix compilation error. This file is only compiled on 2 platforms. 2003-01-16 00:55:53 +00:00
nelsonb%netscape.com a234db694e Switch from the old vendor-defined mechanism numbers to the new official
PKCS 11 mechanism numbers.  These numbers will appear in v2.20.
2003-01-16 00:43:58 +00:00
nelsonb%netscape.com fc19041388 Enforce that softoken's mechanisms are used only with the PKCS 11
functions that they're defined to work with.
2003-01-16 00:28:05 +00:00
nelsonb%netscape.com 472aaf52b9 Complete the addition of AES Key Wrap to blapi in freebl. 2003-01-16 00:15:21 +00:00
nelsonb%netscape.com 1a0e61f69a Remove the implementation of CKM_KEY_WRAP_LYNKS from softoken. 2003-01-16 00:14:07 +00:00
nelsonb%netscape.com 8d818d5064 aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394 2003-01-14 22:16:04 +00:00
glen.beasley%sun.com 3810215899 solaris pkg version 2003-01-14 20:26:36 +00:00
bishakhabanerjee%netscape.com 1403d269af Bug 171263 - NSS test apps to check return value of NSS_Shutdown 2003-01-14 01:03:21 +00:00
bishakhabanerjee%netscape.com 45ba9d6985 Bug 171263 - NSS test apps shd check return value of NSS_Shutdown 2003-01-13 22:36:39 +00:00
glen.beasley%sun.com 0a41355aa2 solaris pkging support 2003-01-13 20:35:36 +00:00
glen.beasley%sun.com b765908949 solaris pkg support 2003-01-13 19:44:21 +00:00
glen.beasley%sun.com 1b2cfef182 Solaris pkg support 2003-01-13 19:43:15 +00:00
relyea%netscape.com 3f15ddacc5 Check for Empty CRL list as well.
Bug 164501.
2003-01-10 19:09:46 +00:00
relyea%netscape.com 0c506b280f Declare PK11_TokenRefresh() 2003-01-10 17:53:01 +00:00
relyea%netscape.com ab1f73ddf5 Add the ability to generate certs with multiple DNS names. 2003-01-09 22:59:42 +00:00
glen.beasley%sun.com 3300c59b7d Solaris pkg copyright 2003-01-09 22:53:13 +00:00
relyea%netscape.com 1544ed637e Remember to include the global: tag 2003-01-09 18:44:26 +00:00
relyea%netscape.com b2f0cd3e28 backport NSS 3.7 fixes to the tip. 2003-01-09 18:15:11 +00:00
wtc%netscape.com 570a9e5387 Bug 186201: should handle a null 'environ' pointer, which can happen on
Solaris if NSS is loaded with dlopen() by an executable linked with the
RTLD_GROUP flag.
2003-01-09 04:34:31 +00:00
wtc%netscape.com c1b180a77c Bug 187629: do not refresh a CERTCertificate if the same instance of a
cached cert is added to the collection.
2003-01-09 04:29:01 +00:00
dbaron%dbaron.org f2cd5e3e66 Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it is no longer needed. r=timeless sr=jag 2003-01-08 23:19:20 +00:00
dbaron%dbaron.org 3da694f7ae Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it is no longer needed. r=timeless sr=jag 2003-01-08 22:45:23 +00:00
wtc%netscape.com 27fc2706ca Bug 186586: If at NSS shutdown there are still certs in the cert caches,
cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later.  New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
2003-01-08 21:58:29 +00:00
wtc%netscape.com 3e2a98c878 Bug 186586: If at NSS shutdown there are still certs in the cert caches,
cause NSS shutdown and the next NSS initialization to fail but do not
destroy the cert caches (and the crypto context and trust domain containing
them) to avoid a crash if the NSS client destroys the certs later.  New
error codes needed to be added to indicate the failure of NSS shutdown and
NSS initialization due to this cause.
Modified Files:
	base/errorval.c nss/nssinit.c pki/pki3hack.c pki/pki3hack.h
	pki/pkistore.c pki/pkistore.h pki/tdcache.c pki/trustdomain.c
	util/secerr.h
2003-01-08 21:48:47 +00:00
wtc%netscape.com 388899d82d Need to call SSL_ClearSessionCache before calling NSS_Shutdown. 2003-01-08 21:40:52 +00:00
bishakhabanerjee%netscape.com b09495bd63 checking return value of NSS_Shutdown. Bug 171263 2003-01-07 22:53:13 +00:00
bishakhabanerjee%netscape.com 53f2c2caf6 checking return value of NSS_Shutdown. Bug 171263 2003-01-07 22:31:36 +00:00
bishakhabanerjee%netscape.com 36e8d3c8c6 new revision: 1.19; previous revision: 1.18 2003-01-07 22:29:54 +00:00
bishakhabanerjee%netscape.com cfca3d09e1 set and exported NSS_STRICT_SHUTDOWN. Bug 171263 2003-01-07 22:10:10 +00:00
kaie%netscape.com 233f20dbed b=184940 Enable additional SSL ciphers, add configuration UI
r=javi sr=jaggernaut
2003-01-07 00:58:24 +00:00
kaie%netscape.com 3c02966450 b=177260 Fix known leaks in PSM, track blocking PSM UI, track open SSL sockets
r=javi sr=darin
2003-01-06 22:23:49 +00:00
kairo%kairo.at a7555a91fe change all localeVersion strings, as well as brand.dtd/region.dtd to 1.3b; bug 185698, r=tao, sr=blizzard 2003-01-03 19:57:47 +00:00
dbaron%fas.harvard.edu 0a31e6afb5 Change my email address from dbaron@fas.harvard.edu to dbaron@dbaron.org. Comment changes only. 2003-01-01 23:53:20 +00:00
nicolson%netscape.com 5d7f9a2a14 Upgrade version from 3.2 to 3.3.
Uncomment MessageDigest implementations (doh!).
2003-01-01 02:58:22 +00:00
nicolson%netscape.com 6162fa3b3d Add DigestTest to all.pl.
Make DigestTest and SigTest return nonzero error code on failure.
2003-01-01 02:57:50 +00:00
seawood%netscape.com cd1497a3ab Add hack upon dependency hack to Avoid constant NSS rebuilds when pulling from CVS. 2002-12-28 05:50:17 +00:00
seawood%netscape.com 4588fb970a Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
wtc%netscape.com b75e4a55f8 Bug 183612: added some comments. 2002-12-24 02:25:36 +00:00
wtc%netscape.com 71527c989a Bug 183612: SECMOD_InitCallOnce() and SECMOD_CleanupCallOnce() should be
declared and defined with an argument list of "(void)" instead of "()".
Modified Files: pk11cert.c secmodi.h
2002-12-19 07:03:39 +00:00
nicolson%netscape.com a46f58f6b3 Fix 186097: ProofOfPossession.encode() has paranoid assertion. 2002-12-19 02:31:38 +00:00
wtc%netscape.com 587dca7fd1 Bug 183612: renamed some new functions to be consistent with existing
function names containing SubjectKey and PublicKey.  Moved internal
functions to private headers and use the lowercase cert_ prefix for the
internal functions for subject key ID mapping hash table. r=nelsonb.
2002-12-19 00:26:34 +00:00
relyea%netscape.com 67dbcd1b25 Bug 186058 2002-12-18 23:55:53 +00:00
nicolson%netscape.com 1a0dc15ee3 Partial fix for 184754: assertion violation in get_token_certs_for_cache.
Don't assert if we fail to lookup the cert we just imported. It could
be a bug in the PKCS #11 driver. Instead, throw an exception.
2002-12-18 23:14:48 +00:00
kaie%netscape.com 0b56a2ae45 Temporary fix for bug 182803.
While this masks the reported crashes, this is nothing more than a workaround patch.
As long as this patch is in place, any attempt to do profile switching at run time will fail.
We need real fixes for bug 181230 and 177260.
r=javi sr=darin
2002-12-18 12:50:35 +00:00
wtc%netscape.com 24e76ce1c2 Bug 183612: fixed the bug that 'extra' may be used uninitialized. r=javi. 2002-12-18 02:06:01 +00:00
wtc%netscape.com c37a82ab51 Set NSS version to 3.8 Beta on the trunk. 2002-12-17 23:04:46 +00:00
wtc%netscape.com 42182a9d9e Export CERT_DestroyOCSPResponse in 3.7. Moved HASH_GetHashObjectByOidTag,
HASH_GetHashTypeByOidTag, and SECITEM_ItemsAreEqual from 3.7 to 3.8.
2002-12-17 23:02:53 +00:00
relyea%netscape.com 8ab634d5b8 Make sure the session is protected over PKCS #11 calls. 2002-12-17 18:22:38 +00:00
wtc%netscape.com 59393fce3e Need to test for null pointers before destroying the lock and condition
variable.  If NSS initialization fails, this lock and condition variable
may not get created.
2002-12-17 02:47:46 +00:00
wtc%netscape.com cc65e89c5e I made a mistake in the previous checkin. certdb.h doesn't need to be
included because the new function CERT_FindCertBySubjKeyID is declared in
cert.h.
2002-12-17 02:08:51 +00:00
wtc%netscape.com 0d2d65efb2 Bug 183612: added support for looking up a cert by subject key ID and
creating a CMS recipient info from a subject key ID.  The patch was
contributed by Javi Delgadillo <javi@netscape.com>. r=relyea, wtc.
Modified Files:
	certdb/cert.h certdb/certdb.c certdb/certdb.h certdb/certv3.c
	certdb/stanpcertdb.c nss/nss.def nss/nssinit.c
	pk11wrap/pk11cert.c pk11wrap/pk11func.h pk11wrap/secmod.h
	pki/pki3hack.c smime/cms.h smime/cmslocal.h smime/cmspubkey.c
	smime/cmsrecinfo.c smime/cmssiginfo.c smime/cmst.h
	smime/smime.def
2002-12-17 01:39:46 +00:00
dougt%netscape.com 9ed66e1abc Allow caller to obtain cert. r=mstoltz, javi. sr=dveditz, b=179016 2002-12-13 22:26:43 +00:00
kaie%netscape.com 6fc801b267 b=182258 Give separate signature validity and sender address mismatch feedback
r=javi sr=bienvenu
2002-12-13 20:47:32 +00:00
relyea%netscape.com cd008946a6 Increment the tmpbuf pointer to the correct index point 2002-12-13 19:02:13 +00:00
nicolson%netscape.com f3f2064030 Fix 180827: Update version strings for JSS 3.3. 2002-12-13 06:12:30 +00:00
wtc%netscape.com 31af94e751 Bug 185074: open the files we just did a "chmod -w" on once to work around
a Mac OS X NFS bug. Subsequent opens will see the file is readonly with no
delay.
2002-12-13 02:06:34 +00:00
nelsonb%netscape.com 1942331c4e Clean up command line options parsing and Usage message. 2002-12-13 01:25:45 +00:00
relyea%netscape.com f37146e332 Use correct sense of the timeout value. 2002-12-13 00:25:21 +00:00
nelsonb%netscape.com d442ab6107 Support SHA256, SHA384, and SHA512 hashes in NSS. 2002-12-12 06:05:45 +00:00
relyea%netscape.com b96f690161 Don't break solaris or linux (add the ';') 2002-12-11 17:56:49 +00:00
relyea%netscape.com 3fbd2fdc4d Export new command to pull for token change events. 2002-12-11 17:53:20 +00:00
relyea%netscape.com 0a024139f7 Program to test smartcard removal and insertion detection. 2002-12-11 17:44:53 +00:00
relyea%netscape.com 2c6c4ceeae Add token removal blocking function. 2002-12-11 17:43:24 +00:00
thayes%netscape.com b815bf47be Bug 184557: Allow usage specified on command line (-u) to be used to validate
certificates used for signing (-S option).  Also add special handling for
nickname "NONE" in the -Y option.  This specifies that no certificate and
encryption key preference should be included in the signature object.
2002-12-11 01:44:37 +00:00
wtc%netscape.com 177487f4d0 Bug 180294: moved the OpenVMS build from the POSIX subsystem to native
VMS (GNV).  The patch is contributed by Colin Blakes <colin@theblakes.com>.
Modified files: OpenVMS.mk config.mk rules.mk nsinstall/nsinstall.c
2002-12-10 20:27:45 +00:00
relyea%netscape.com 7f3a67f9d9 Sigh, this is what was breaking the Linux builds... incorrect initializer. 2002-12-10 18:09:16 +00:00
relyea%netscape.com 52f2bf446b Make SubjectAltEncode a public function. Fixes build breakage in Linux 2002-12-10 17:41:16 +00:00
relyea%netscape.com cc608e2484 Add test cases for multiple email addresses in a single certificate. 2002-12-10 17:19:00 +00:00
relyea%netscape.com 4ffa798d64 Add code to create multiple email addresses in a single cert. 2002-12-10 17:18:06 +00:00
relyea%netscape.com 1e2ce4d929 Export the AltSubjectEncode function so our test programs can build certs
with multiple email addresses.
2002-12-10 17:15:15 +00:00
relyea%netscape.com 35158986f8 Create profiles for all the email addresses in a certificate. 2002-12-10 17:14:17 +00:00
relyea%netscape.com 5eec52b558 Fix padding value. 2002-12-06 19:11:57 +00:00
nelsonb%netscape.com 5f8ba2e198 Expunge dead code. 2002-12-05 22:16:22 +00:00
nelsonb%netscape.com 8bd068d9de Don't compile the .c files in lib/pki1 on the trunk. These files are used
only in Stan.
2002-12-05 22:15:36 +00:00
wtc%netscape.com 88fc40da69 Bug 39494: added a check to prevent buffer overflow. r=mcgreer,nelsonb. 2002-12-04 23:41:49 +00:00
wtc%netscape.com 74b384630f Fixed the build breakage of const unsigned char[] and unsigned char *
mismatch on the Mac (compiler warnings on other platforms) by adding
(unsigned char *) typecasts.  r=relyea.  (Bug 183350)
2002-12-04 00:28:56 +00:00
kaie%netscape.com 7fd5ae87db b=182158 JavaScript error when pressing Ok in "Cert already exists" dialog - setWindowName is not defined
r=kaie sr=alecf
2002-12-03 15:27:27 +00:00
wtc%netscape.com 27f7537130 Bug 181913: disable the makefile rule for .s for OS/2 so that .asm files
are used when there are same-named .s files in the same directory.  The
patch is contributed by Javier Pedemonte <pedemont@us.ibm.com>.
2002-12-02 22:57:21 +00:00
kaie%netscape.com 210417ee19 b=115294 Support S/Mime signing only configuration / relax certificate configuration requirements
r=javi sr=sspitzer
2002-11-28 18:31:03 +00:00
wtc%netscape.com dcf06adbf8 Bug 181878: fixed two more bugs in the new code to support multiple email
addresses per certificate.  r=nelsonb.
2002-11-27 01:28:03 +00:00
wtc%netscape.com f0d3f33fc5 Bug 182086: on Mac OS X, ranlib needs to be rerun after static libraries
are moved.
2002-11-26 23:05:56 +00:00
relyea%netscape.com 7415bef4e9 More review changes,
Fix incorrect return in pcertdb.c
2002-11-26 22:14:56 +00:00
relyea%netscape.com 510f05d5ec Incorporate some of Nelson's review changes.
Collapse all the profile data into an array for easier processing when printing out.
2002-11-26 21:03:18 +00:00
relyea%netscape.com 88fc8a45eb Move mac build changes from 3.6 branch back to the trunk 2002-11-26 21:00:31 +00:00
wtc%netscape.com 87867e38a5 Bug 180228: moved CERT_CRLCacheRefreshIssuer from the NSS_3.6.1 section to
the NSS_3.7 section.
2002-11-26 19:21:55 +00:00
relyea%netscape.com f8616133e5 Incorporate Terry's and Nelson's reviews. 2002-11-26 18:27:25 +00:00
nelsonb%netscape.com 45f8bf2425 Back out my last change. 2002-11-26 07:07:20 +00:00
nelsonb%netscape.com 6f7aad8486 Eliminate bug due to uninitialized variable index. Eliminate leak.
Remove lots of warnings about signed/unsigned and assigning int to uchar.
2002-11-26 05:58:51 +00:00
relyea%netscape.com 6a88119773 Bug 181878 allow multiple email addresses to point to a single subject record. 2002-11-26 00:13:54 +00:00
nelsonb%netscape.com 15355f6f00 Put the nss 3.7 section after the nss 3.6.1 section. 2002-11-21 23:22:52 +00:00
ian.mcgreer%sun.com dc9b4b2415 bug 172247, don't allow import of duplicate issuer/serial certs 2002-11-21 20:43:15 +00:00
nelsonb%netscape.com 1707fa2738 Add tests for sha256, sha384, and sha512. 2002-11-21 05:44:41 +00:00
nelsonb%netscape.com f1eeafdf46 Add test modes for sha256, sha384 and sha512.
Fix the -c (restart) option for testing hashes.  It works with all hashes.
When the -d option is given along with the -i or -o filename option,
and the filename is not absolute, the filename is taken to be relative to
the the mode's test directory.
2002-11-21 05:44:03 +00:00
nelsonb%netscape.com 34fe8ef195 Use the 32-bit code on Solaris x86 platforms, too. 2002-11-21 02:54:04 +00:00
nelsonb%netscape.com 14ddb41e02 Add test cases from FIPS 180-2. 2002-11-21 02:26:50 +00:00
nelsonb%netscape.com db4bc48d65 Back out revision 1.2, which was a workaround for a c preprocessor bug
in a certain version of the c compiler for Dec/Compaq Alpha OSF1.
The file now requires one of these compilers on that platform:
Compaq C V6.3-132  or Compaq C V6.4-214 (dtk)
2002-11-20 05:25:58 +00:00
nelsonb%netscape.com b9eda3bb3e Optimization: change macros to do only 32-bit arithmetic on platforms
with only 32-bit registers.
2002-11-20 00:48:09 +00:00
jpierre%netscape.com b30a666577 Fix for bug 180894 - don't assert in ShutdownCRLCache() 2002-11-19 21:37:50 +00:00
nicolson%netscape.com 18c1b06a60 Fix 180396: javax.crypto.Cipher wrapping does not work with RSA algorithm.
Support RSA as a wrapping/unwrapping algorithm.
2002-11-19 00:41:09 +00:00
nicolson%netscape.com dc7f89d956 Throw InvalidKeyException instead of InvalidAlgorithmParameterException,
because the latter may get thrown away by our caller, but the former will
not be.
2002-11-19 00:39:43 +00:00
nicolson%netscape.com c9a373cf69 Change silly switch statement to an if statement. 2002-11-19 00:31:10 +00:00
nicolson%netscape.com 2039d8bfc6 Make NotExtractableException take a String argument to its constructor. 2002-11-19 00:30:43 +00:00
kirk.erickson%sun.com 0c2290fea7 Made 'solarispkg' copy pkg/solars to pkg/$(OBJDIR), and go there to
build packages.  This addresses the problems Sonja reported which
resulted from building in the same tree nfs'd from multiple platforms
simultaneously.  Also removed -$(MACH) and ROOT-$OBJDIR changes that
failed to address this problem.
2002-11-17 17:26:51 +00:00
timeless%mozdev.org 7875f468ed Bug 58221 don't use strlen to check if a string is of length 0
patch by aaronl@vitelus.com r=timeless sr=bz
2002-11-17 05:16:49 +00:00
cbiesinger%web.de 1e0c16a749 patch by abecevello@sympatico.ca r=rangansen,me sr=roc+moz
fix some spelling errors
2002-11-16 20:44:32 +00:00
nelsonb%netscape.com 71faf153cf Change all functions that create contexts for encryption to treat their
input buffers as const.  Warning reduction.
2002-11-16 06:09:58 +00:00
jpierre%netscape.com 5956bc8bc3 Fix again? 2002-11-16 05:05:17 +00:00
jpierre%netscape.com eb0bdd665f Fix build again ! 2002-11-16 04:27:39 +00:00
nelsonb%netscape.com d94a05f7d5 Recognize new SHAxxx OIDs. 2002-11-16 03:34:53 +00:00
jpierre%netscape.com 443590936a Fix build 2002-11-16 03:32:40 +00:00
nelsonb%netscape.com b3a9787176 Correct softoken routines to work with new larger SHAxxx hashes. 2002-11-16 03:32:39 +00:00
nelsonb%netscape.com 9d71a03c06 Correct HMAC code to work with new larger SHAxxx hashes. 2002-11-16 03:30:37 +00:00
nelsonb%netscape.com f8c8c1c0c3 Add new SHAxxx hash algorithms to tables of SECHashObjects. 2002-11-16 03:29:32 +00:00
nelsonb%netscape.com bd2c63cb6d Declare new vendor-defined mechanisms for SHA256, SHA384 and SHA512. 2002-11-16 03:25:01 +00:00
nelsonb%netscape.com b1cb2c9cfd Now that we have hashes larger than SHA1,
#define HASH_LENGTH_MAX         SHA512_LENGTH
2002-11-16 03:21:53 +00:00
nelsonb%netscape.com af4639ae92 Don't reject a cert request with an empty list of CA cert names.
Don't crash with an empty CA name list.
2002-11-16 03:19:48 +00:00
nelsonb%netscape.com 3ee18753f6 Add "const" modifier to all fixed arrays used for keys or known text. 2002-11-16 01:00:44 +00:00
nelsonb%netscape.com 48dace80e4 Fix crash when formatting a cert with optional version not given. 2002-11-15 06:32:51 +00:00
jpierre%netscape.com 0203577bab Patch for 180228 - export CRL cache flush API . r=wtc 2002-11-15 05:04:05 +00:00
nelsonb%netscape.com 0dba5a0882 Make selfserv build for Darwin. 2002-11-14 23:33:24 +00:00
ian.mcgreer%sun.com 3e3b24225a bug 39494, handle non-standard AVAs properly
r=nelsonb
2002-11-14 17:04:43 +00:00
kaie%netscape.com 11e4a80cf5 b=168450 Cleanup some PSM code and add JavaDoc documentation to all freeze candidates
r=javi sr=alecf
2002-11-14 00:50:02 +00:00
relyea%netscape.com 1945b7684e Adjust the time values so we have correct and consistant displays. 2002-11-11 22:01:57 +00:00
relyea%netscape.com faebb28e1e Multi-access database race condition patches. These changes are already checked
into NSS 3.6.1.
2002-11-11 22:00:03 +00:00
kirk.erickson%sun.com 2cff9b4e29 Made awk_pkginfo-$(MACH) machine dependent for Sonja's release build. 2002-11-11 20:44:55 +00:00
relyea%netscape.com 33b32fcae3 Remove long dead code from util. triggered by bug 179038 2002-11-11 18:17:24 +00:00
jpierre%netscape.com ec1c48a069 Assert if the QuickDER decoder does not consume all the input 2002-11-09 01:56:01 +00:00
relyea%netscape.com c651ab3821 Bug 176667: kaie authored the patch, ian/relyea reviewed it. 2002-11-08 19:10:54 +00:00
nicolson%netscape.com b008376057 default doesProduceOutput to true for compatibility. 2002-11-08 02:24:20 +00:00
nicolson%netscape.com 2a0afd7964 Add isExtensionPresent and getExtension. 2002-11-08 00:40:26 +00:00
glen.beasley%sun.com a4596115af removes sun provider and set passwords 2002-11-07 22:49:26 +00:00
glen.beasley%sun.com 90e4e6c683 move removeSunProvider after JSS JCE provider is loaded 2002-11-07 03:33:04 +00:00
jpierre%netscape.com f9e36ad6fc Fix for 177798 . Improve handling of initialization / shutdown of the CRL cache using a static status variable 2002-11-07 00:02:31 +00:00
ian.mcgreer%sun.com b158d2ec1c bug 177366, clean up refcounting
r=relyea
2002-11-06 18:53:55 +00:00
nicolson%netscape.com 4095e4165d Add license header to new file. 2002-11-06 03:24:39 +00:00
nicolson%netscape.com 65418ae140 Add TestSDR, to test the new SecretDecoderRing.
In all.pl, always set the CLASSPATH to be the signed JSS JAR file, so
that we can use the JCE (javax.crypto.*) interface.
2002-11-06 03:22:10 +00:00
nicolson%netscape.com 7d68fcdc8a Correctly detect a missing key. 2002-11-06 03:20:53 +00:00
nicolson%netscape.com 376e771586 Improve InvalidBERException.
Add feature of SEQUENCE.OF_Template whereby elements need not produce
any output. This is for dealing with very large SEQUENCEs, such as
large CRLs, where the list should be processed in some way, but not made
into an ASN1 object hierarchy.
2002-11-06 02:00:55 +00:00
kaie%netscape.com 3315b57c76 b=166655 ERROR -12227 / Extend the list of TLS intolerance error codes
r=javi sr=jag a=blizzard
2002-11-05 14:49:52 +00:00
nelsonb%netscape.com 9eabbe6063 Workaround a c preprocessor bug on a certain 64-bit platform. Bug 178314. 2002-11-05 01:52:49 +00:00
nelsonb%netscape.com 3efeebefc6 Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 2002-11-05 00:25:20 +00:00
relyea%netscape.com 1e9a50c7f3 !@#!$@! signtool thinks it knows how to verify if the certdb's are there and
OK or not. Of course it doesn't.

bob
2002-11-04 20:37:08 +00:00
relyea%netscape.com 1cacdab8cb db8 code part 1:
1) Create new dbs with 32 k buffers.
   2) New dbs never store a single entry greater than 30 k (those are stored
using the blob code).
   3) NSS can run with either new or old dbs read only.
   4) If possible a new db is upgraded from and old db.
2002-11-04 19:31:59 +00:00
nelsonb%netscape.com 6d09fce4d9 Add some processor and compiler dependent optimizations to SHA1. 2002-11-02 01:53:01 +00:00
nelsonb%netscape.com 2683429fa3 Add SHA256 SHA512 and SHA384 hashes to freebl. 2002-11-02 01:51:44 +00:00
jpierre%netscape.com e18a2330bd Fix for bug 177798 - NULL pointers in ShutdownCRLCache to allow shutdown/restart
of NSS.
2002-11-02 00:07:48 +00:00
nelsonb%netscape.com 8d635de722 Fix several problems related to error messages, including an attempt to
print a null string pointer.
2002-11-01 21:04:33 +00:00
nelsonb%netscape.com 5172f581a5 Reformat text. Fix syntax error in first examples. 2002-11-01 21:03:24 +00:00
jpierre%netscape.com 042d6deac1 Remove call to PL_ArenaFinish . This effectively shut down NSPR arenas and created problems when restarting NSS . r=relyea 2002-10-31 22:02:10 +00:00
jpierre%netscape.com 5a01280dd3 Fix for 177208 - unmark arena when DER decoding is successful 2002-10-31 01:54:13 +00:00
jpierre%netscape.com 7a45a11c75 Fix for bug 175115 . Remove incorrect check for CA cert expiration. Also fix CRL signature verification and clean up internal functions . r=mcgreer,relyea,nelsonb,wtc 2002-10-30 23:31:38 +00:00
relyea%netscape.com 0bab9cc714 Fix build breakage. Some platforms do not like to assign unsigned char * to
char * without a cast.
2002-10-30 19:01:21 +00:00
relyea%netscape.com 1981d33467 The Serial number needs to be the DEREncoded serial number, not the decoded
Serial number.
2002-10-30 17:22:06 +00:00
relyea%netscape.com 4304e22d73 Check in new certdata file generated from certdata.txt 2002-10-30 17:20:59 +00:00
relyea%netscape.com 4e8bc74d53 Allow the builtin's to accept old style serial numbers as well the the correct
PKCS #11 serial numbers.
2002-10-30 17:18:14 +00:00
relyea%netscape.com fc6cba0405 Make the Serial Numbers DER Wrapped rather than raw serial numbers.
This is required by PKCS #11 and was causing some bugs in NSS 3.6.
2002-10-30 17:09:28 +00:00
wtc%netscape.com c9df2cbab2 Bug 174143: Removed the obsolete platform.mk file. Do not allow overriding
of PLATFORM by the environment because PLATFORM is a common environment
variable.
2002-10-30 15:50:59 +00:00
kairo%kairo.at 0978ac7de5 Bug 175853, Update localeVersion strings for 1.2 final - and do it correctly, r=jbetak, sr=bzbarsky, a=blizzard 2002-10-30 12:41:38 +00:00
wtc%netscape.com df8d78acf0 Bug 177201: declare NSS_CMSEncoder_Cancel. 2002-10-30 01:31:01 +00:00
bishakhabanerjee%netscape.com 92a8c5d62b creating the cmdtests.sh script - bug 144316 2002-10-30 00:20:10 +00:00
jpierre%netscape.com 9dd99a1133 Fix for bug 95311 - copy the DER input key to the arena, and free the arena upon decoding failure. 2002-10-29 23:47:31 +00:00
jpierre%netscape.com 275880efb1 Use QuickDER to decode DER public key. Bug #95311 2002-10-29 22:52:31 +00:00
kirk.erickson%sun.com 1b8eab1507 Integrated bundle of changes that we're done on NSS_3_3_2_SUN_PKG_BRANCH.
x86 support (separate prototype_sparc, prototype_i386)
	single updated copyright on common_files
	no pkgdepend in common_files
2002-10-26 18:04:40 +00:00
nelsonb%netscape.com ca964e366b Plug cert leak in NSS_SMIMESignerInfo_SaveSMIMEProfile. Bug 176799.
Patch contributed by Kai Engert.
2002-10-25 22:46:48 +00:00
nelsonb%netscape.com 071477a1c8 Add new function CERT_VerifySignedDataWithPublicKey containing common code
factored from existing functions CERT_VerifySignedDataWithPubKeyInfo and
CERT_VerifySignedData.  Bug 174193.
2002-10-25 03:21:24 +00:00
jpierre%netscape.com eb47211db1 Fix for 169038 - bump builtins library version to 1.20 on the tip 2002-10-25 00:17:37 +00:00
nelsonb%netscape.com 43194fe941 Add -v option, which prints email addresses in certs. This excersizes
the new functions for extracting email addresses from certs.  Bug 152986.
2002-10-24 01:40:40 +00:00
bishakhabanerjee%netscape.com 18c8cb54aa commented out unchecked in tests 2002-10-24 00:19:53 +00:00
jpierre%netscape.com 1f25ac6059 Fix comment formatting style 2002-10-23 23:41:02 +00:00
jpierre%netscape.com 7d2f24403c Fix for bug 95311 - replace assertion with comments 2002-10-23 23:18:17 +00:00
relyea%netscape.com 9e75e1c8d8 Make sure the array is big enough to handle all the cases. 2002-10-23 22:51:10 +00:00
nelsonb%netscape.com 8bacf2ad20 Include certi.h to resolve invocation of undeclared function. 2002-10-23 22:00:48 +00:00
nelsonb%netscape.com b7a054c16f Add 2 new functions to NSS, so an application can get a list of all
email addresses in a cert.  Bug 152986.
Modified Files: lib/nss/nss.def lib/certdb/alg1485.c lib/certdb/cert.h
                lib/certdb/certdb.c lib/certdb/certi.h
2002-10-23 20:50:51 +00:00
wtc%netscape.com b368ead682 The version of the builtin root certs module is now specified in nssckbi.h. 2002-10-23 19:04:22 +00:00
jpierre%netscape.com c27e2ab55d Up library number for TC roots - bug #169038 2002-10-23 01:38:57 +00:00
ian.mcgreer%sun.com 754a241906 bug 174634, fix handling of authorityCertIssuer in chain construction 2002-10-22 14:43:08 +00:00
nicolson%netscape.com 57d337308c update version strings. 2002-10-18 23:59:01 +00:00
jpierre%netscape.com 21bacd94cc Fix for bug 175167 - SEC_QuickDERDecodeItem should fre memory upon failure. r=wtc 2002-10-18 22:32:34 +00:00
nelsonb%netscape.com 5935c31c0a Verify the self-signed signature on PKCS 10 cert requests before honoring
them.  Bug 174193.
2002-10-18 21:58:24 +00:00
kaie%netscape.com a46ed1b240 b=101847 keygen does not work if Master Pwd is set to "Everytime it is needed"
r=javi sr=jag a=asa
2002-10-18 13:49:58 +00:00
bishakhabanerjee%netscape.com d11498b3ae changed error string to reflect error better: 162714 2002-10-18 00:13:03 +00:00
nelsonb%netscape.com 82695dfe41 New utility to test cert chain verification using certs in files. 2002-10-17 22:24:35 +00:00
nelsonb%netscape.com 28afcbb82d Change instructions for entering a new token password to say "should"
instead of "must".  Bug 174135.
2002-10-17 02:06:31 +00:00
nelsonb%netscape.com faa1dd67ec Use unsigned ints for serial numbers. Bug 173872.
Add missing line break to cert requests.  Bug 174659.
Remove unused variables, and #ifndef NSPR20 code.
2002-10-17 01:41:14 +00:00
nicolson%netscape.com ec09156712 The new SecretDecoderRing. 2002-10-17 00:33:42 +00:00
nicolson%netscape.com 862752acd6 Generate a permanent key pair, since KeyStore isn't working yet. 2002-10-17 00:32:48 +00:00
nicolson%netscape.com 2ee91189c8 remove print statements. 2002-10-17 00:07:50 +00:00
nicolson%netscape.com a311a1c035 Forget KeyStore, it is still very broken. 2002-10-17 00:07:29 +00:00
nicolson%netscape.com 44b1e8461e More little hacks, but it still doesn't work right. 2002-10-17 00:07:08 +00:00
nicolson%netscape.com 81756146a2 Fix an implementation detail. 2002-10-17 00:05:53 +00:00
kaie%netscape.com f012271e37 b=163605 Use of blocking I/O for SSL in PSM stalls network activity
r=javi sr=darin a=asa
2002-10-16 22:20:42 +00:00
leaf%mozilla.org aeba91a83f update localeVersion for 1.2b, a=asa 2002-10-16 17:51:38 +00:00
nelsonb%netscape.com 7f85560c28 Use the new quick DER decoder to decode Certificate requests, because
it does it correctly.  Fix some memory leaks in print code.
Print OCTET strings and bits strings better.
2002-10-16 05:34:54 +00:00
nelsonb%netscape.com ebd0b8920b Eliminate a crash in pp formatting cert requests. Bug 174188.
When asking for a new password and the two values don't match, ask for
both again.  Bug 174133.
2002-10-16 01:40:22 +00:00
nelsonb%netscape.com 7f6f169d11 Fix DER_GetInteger. Bug 174644. 2002-10-16 01:36:10 +00:00
relyea%netscape.com 840166d8cb Make grammar, punctuation, capitalization, and content changes suggested by
nelson.
2002-10-15 00:56:23 +00:00
kaie%netscape.com ac52336656 b=169185 remove call to non-existant function
r=rangansen sr=jag a=asa
2002-10-14 17:57:58 +00:00