mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
131 899 коммитов 40 Ветки 136 Теги 1,1 GiB
Граф коммитов

3193 Коммитов

Автор SHA1 Сообщение Дата
nelsonb%netscape.com dde3b2789c Detect absent isCA flags in basic constraints. Detect and reject negative 
or too large positive path length constraints in basic constraints.
Bug 221644. r=jpierre.
 2004-01-16 21:33:16 +00:00
nelsonb%netscape.com 187f146641 Fix template for Cert policy extensions. Bug 230951, r=jpierre 2004-01-16 05:36:08 +00:00
nelsonb%netscape.com f0ce21ebbf Fix NSS parsing of Issuer Unique ID and Subject Unique ID fields in 
certificate.  Bug 216116. r=jpierre
 2004-01-16 02:11:44 +00:00
nelsonb%netscape.com baa193b610 Add vfychain to list of NSS cmds being built nightly. r=wtc. Bug 231025 2004-01-16 02:03:08 +00:00
jgmyers%speakeasy.net 3180f3e51c fix comment per review: bug 53133 2004-01-16 01:04:57 +00:00
wchang0222%aol.com e99fda1edc Minor change after review of previous checkin. Bug 53133. 2004-01-15 22:34:26 +00:00
relyea%netscape.com 0d7b150a77 Fix build problems on some platforms. 2004-01-15 16:27:02 +00:00
wchang0222%aol.com 3104e67dcf Set NSS version to 3.10 Beta. 2004-01-15 15:08:58 +00:00
jgmyers%speakeasy.net b08688fb89 Convert T61String-labeled ISO-8859-1 to UTF-8: bug 53133 r=nelsonb a=wtc 2004-01-15 06:23:14 +00:00
nelsonb%netscape.com 84fa42598b Add 2 additional OIDs to the list of acceptable digestEncryptionAlgIDs, 
per RFC 3370. r=thayes.  Bug 230761.
 2004-01-14 22:20:44 +00:00
relyea%netscape.com 760edf0053 Tool to manage pkcs 11 module tests. 2004-01-14 21:34:20 +00:00
nelsonb%netscape.com b3ec77edc5 Fix double free introduced in rev 1.54. r=wtc. bug 230774. 
Bug occurs only in NSS utilities that import base64 encoded files, e.g.
with the -a option.
 2004-01-14 01:19:26 +00:00
wchang0222%aol.com 7f0e9e3c69 Bugzilla bug 229289: fixed an unused variable warning. r=relyea. 2004-01-13 01:59:41 +00:00
nelsonb%netscape.com 11aea91a5a Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2 
records that are too short.  Bugscape bug 54814
 2004-01-08 06:52:00 +00:00
jpierre%netscape.com ff24f13dc1 Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 2004-01-08 01:37:46 +00:00
wchang0222%aol.com c477412c15 Set NSS version to 3.9. 2004-01-08 01:04:56 +00:00
jpierre%netscape.com 64e1c653c2 Rename PK11_FindSlotsByAliases to PK11_FindSlotsByNames 2004-01-07 23:12:01 +00:00
jpierre%netscape.com cec1dc097b Rename CERT_DecodeTimeChoice/CERT_EncodeTimeChoice to DER_DecodeTimeChoice/DER_EncodeTimeChoice 2004-01-07 23:07:24 +00:00
nelsonb%netscape.com aa9d288d07 Fix crashes in NSS_CMSSignedData_GetDigestValue and 
NSS_CMSContentInfo_GetContent that occur when a detached signature is not
accompanied by the data on which the signature was computed. Bug 229242.
Make NSS_CMSContentInfo_GetInnerContent and NSS_CMSMessage_GetContent
more easily debugged, by storing the results returned by function calls
in automatic variables before using them in subsequent calls/switches.
 2004-01-07 00:09:17 +00:00
relyea%netscape.com 0e78bb5436 Bug 229193 
Patch by wtc revied by relyea & ian
 2003-12-31 23:19:26 +00:00
wchang0222%aol.com f03919eea5 Set NSS version to 3.9 Beta 6. 2003-12-24 06:22:49 +00:00
wchang0222%aol.com 21dc9e9b04 Removed unused variable 'val'. 2003-12-23 21:40:52 +00:00
wchang0222%aol.com 3de8b3b578 Fixed unused variable compiler warning about 'html'. Declare it inside 
the same ifdef with which it is used.
 2003-12-23 21:37:07 +00:00
wchang0222%aol.com a0b0269ff5 Removed unused variable 'rawSigLen'. 2003-12-23 21:24:01 +00:00
wchang0222%aol.com eddbc41fde Removed unused variable 'attribute'. 2003-12-23 21:21:39 +00:00
wchang0222%aol.com f157b4204b Include "nsslocks.h" for nss_InitLock. 2003-12-23 02:09:55 +00:00
wchang0222%aol.com f7f1d072bd Declare the argument to SECKEY_ECParamsToKeySize as const. 
Modified Files: seckey.c pk11skey.c
 2003-12-23 02:05:28 +00:00
wchang0222%aol.com 66c670fbbf Return a value of the correct type. 2003-12-23 01:03:39 +00:00
wchang0222%aol.com d4eb24316c Fixed a spelling error. 2003-12-23 00:52:06 +00:00
wchang0222%aol.com 4219037f37 Moved ecl-curve.h from the EXPORTS to the PRIVATE_EXPORTS list. 2003-12-23 00:17:04 +00:00
wchang0222%aol.com 756f7aff67 Renamed SECKEY_ECParams2KeySize as SECKEY_ECParamsToKeySize. Do not export 
this function from the nss3 shared library.
Modified Files: seckey.c pk11skey.c nss.def
 2003-12-22 23:36:40 +00:00
wchang0222%aol.com 770fccd41b Declare the 'input' argument to CERT_DecodeTimeChoice as 'const'. Removed 
an extraneous semicolon (;) after the SEC_ASN1_CHOOSER_IMPLEMENT macro.
Modified Files: secder.h sectime.c
 2003-12-22 23:33:39 +00:00
nelsonb%netscape.com 6a7ea65c54 Some further cleanup of p12d.c. Bugscape bug 52528. r=wtc. 2003-12-20 01:33:06 +00:00
wchang0222%aol.com d176a987be Set NSS version to 3.9 Beta 5. 2003-12-20 00:35:01 +00:00
wchang0222%aol.com 5532bc074d Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com f1bf35b807 Impose new limits on RSA public key sizes. 8k bits for modulus, 
64 bits for public exponent.  This prevents certain attacks on SSL
servers.  Bugscape bug 54019.  r=wtc,relyea.
 2003-12-19 23:50:45 +00:00
wchang0222%aol.com ae22e439e8 PK11_MoveKey was renamed PK11_MoveSymKey. r=relyea. 
Modified Files: symkeyutil.c nss.def pk11func.h pk11skey.c
 2003-12-19 23:29:43 +00:00
relyea%netscape.com 49dcbf8eda Make database access to the key db thread safe. 2003-12-19 23:24:48 +00:00
relyea%netscape.com 77fe7fa8fa Add keydb lock type. keydb should be locked like the certdb. 2003-12-19 23:24:00 +00:00
wchang0222%aol.com 52de07bb40 Backed out the previous checkin, which broke our S/MIME QA tests. 2003-12-19 22:54:20 +00:00
wchang0222%aol.com b650fd4b68 Bugzilla bug 228624: we need to call STAN_ForceCERTCertificateUpdate if 
the cert's instances changed.  r=relyea.
 2003-12-19 22:33:12 +00:00
wchang0222%aol.com 9305af43fc Bugscape bug 54627: made the fix for NSS_CMSSignedData_Encode_BeforeData 
the same as the code in NSS_CMSSignedData_Decode_BeforeData.  r=nelsonb.
 2003-12-19 22:08:12 +00:00
wchang0222%aol.com b8d2b1f69e Import NSPR 4.4.1. 2003-12-19 17:02:57 +00:00
wchang0222%aol.com 1138321adf Bugzilla bug 221133: fixed unused variable warning on some platforms. 
The patch is contributed by timeless@bemail.org.  r=wtc.
 2003-12-19 16:35:14 +00:00
nelsonb%netscape.com c6bdd51adf Don't overwrite pointers to existing message digests if they've been 
precomputed.  Bugscape bug 54627.  r=wtc, jpierre.
 2003-12-19 03:58:28 +00:00
wchang0222%aol.com 81fde151dc Set NSS version to 3.9 Beta 4. 2003-12-18 21:45:34 +00:00
wchang0222%aol.com 89e653ae9d Bugzilla bug 228624: made PK11_ListCertsInSlot reach into the Stan layer 
to obtain the correct nicknames of the cert instances (pk11cert.c).  Fixed
the bug that if a cert we want to add the the cache is already in the
cache, we should merge the instances of the cert before destroying the
duplicate cert (tdcache.c).  r=jpierre,relyea.
 2003-12-18 18:23:17 +00:00
wchang0222%aol.com 1752cbbaed Bugzilla bug 219982: removed an unused local variable. (The function call 
is needed for its side effect.)  Thanks to timeless@bemail.org and
Serge GAUTHERIE <gautheri@noos.fr> for the patch.  r=wtc.
 2003-12-17 22:43:25 +00:00
nelsonb%netscape.com ab2738ede9 Allow NSS_CMSDigestContext objects to be created, even when there are 
no valid digest algorithm OIDs.  This allows "certs only" messages to
be decoded.  Bugzilla bug 228707. r=jpierre, wtc.
 2003-12-17 03:49:10 +00:00
wchang0222%aol.com 704e59f314 Bugzilla bug 228618: fixed an incorrect use of realloc. Fixed an unused 
variable compiler warning.  r=jpierre.
 2003-12-16 04:24:57 +00:00
nelsonb%netscape.com 76d85c560b Fix S/MIME bugs that caused parallel arrays of digest OIDs and digest 
values to become out of sync.  Bugscape bug 54256. r=relyea.
Modified Files:	cmd/smimetools/cmsutil.c lib/smime/cmsdigest.c
 2003-12-12 23:55:06 +00:00
jpierre%netscape.com 2011673dcb Fix for 54061 . Return SEC_ERROR_INVALID_ARGS and remove assertions . r=wtc,misterssl 2003-12-12 21:42:02 +00:00
nelsonb%netscape.com d4d04655e1 CERT_ImportCerts now returns SECFailure when NONE of the certs was succesfully imported. r=wtc. Bugscape bug 54311. 2003-12-06 06:52:53 +00:00
nelsonb%netscape.com e537bc9692 __CERT_AddTempCertToPerm will now set error SEC_ERROR_ADDING_CERT 
when attempting to make a cert perm that is already permanent.
Bugzilla bug 227559. r=wtc
 2003-12-06 06:46:27 +00:00
nelsonb%netscape.com 8704f98c04 NSC_Finalize will now destroy 3 softoken free lists and one more 
global pointer.  Plugs some memory leaks.  Bugscape bug 54301. r=wtc
 2003-12-06 06:41:51 +00:00
nelsonb%netscape.com ec6dec704f Add new -k option to NSS QA test program cmsutil. By default, cmsutil 
will no longer add any decoded certs to the cert db file, which is
useful for reproducibility of results in QA scripts.
Bugscape bug 54293. r=relyea,jpierre,wtc
 2003-12-06 06:31:08 +00:00
wchang0222%aol.com a0deea3e3a Bugzilla bug 227296: fixed the bug that NSS_CMSAttribute_AddValue adds the 
address of a stack variable to the attr->values array.  Added a new
function SECITEM_ArenaDupItem.  r=nelsonb.
Modified Files:
	nss/nss.def util/secitem.c util/secitem.h smime/cmsarray.c
	smime/cmsattr.c
 2003-12-06 01:16:50 +00:00
nelsonb%netscape.com 0515e55abf Further simplification and improvement of the parsing of UTCTime 
and GeneralizedTime to avoid UMRs.  Bugscape bug 54198. r=wtc
 2003-12-05 04:53:28 +00:00
nelsonb%netscape.com 87fc420381 NSS_CMSContentInfo_Destroy() 
- The patch destroys the digest context member of the CMSContentInfo.
  It calls the previously unused function NSS_CMSDigestContext_Cancel
  to destroy the digest context.  Eliminates an object reference leak.
Bugscape bug 54208, r=relyea
 2003-12-04 00:39:24 +00:00
nelsonb%netscape.com 288de30d7f In functions NSS_CMSSignedData_Encode_AfterData and 
NSS_CMSSignedData_Decode_AfterData
  - These functions call NSS_CMSDigestContext_FinishMultiple, which
    always destroys the digest context, regardless of whether it returns
    SECSUccess or SECFailure.  So, change these functions to always NULL
    out the context pointer regardless of the returned value.
NSS_CMSSignedData_VerifySignerInfo()
  - Always call NSS_CMSSignerInfo_Verify() to set the verification status
    in the signerinfo object, even if some of the other arguments are NULL,
    or other failures have occurred, but avoid NULL pointer dereferences
    along the way.  Notice that this change is dependent on changes to
    NSS_CMSSignerInfo_Verify() (see below.)
NSS_CMSSignedData_SetDigests() - skip over missing digests.  Don't fail
    the function, and don't crash, if digest pointers are NULL.
Bugscape bug 54208, r=relyea
 2003-12-04 00:36:47 +00:00
nelsonb%netscape.com 39b3925b9d Functions NSS_CMSDigestedData_Encode_AfterData and 
NSS_CMSDigestedData_Decode_AfterData
- Since NSS_CMSDigestContext_FinishSingle always destroys the context,
  regardless of whether it returns SECSuccess or SECFailure, these
  functions have been changed to always NULL out the context pointer
  after calling NSS_CMSDigestContext_FinishSingle, regardless of the
  outcome.
Bugscape bug 54208, r=relyea
 2003-12-04 00:35:02 +00:00
nelsonb%netscape.com a4b319833e There is a lot of "cleanup" in this file, wrapping source at 80 columns. 
The relevant fixes for this bug include:
NSS_CMSDigestContext_StartMultiple()
   - make sure that cmsdigcx->digcxs and cmsdigcx->digobjs are initialized.
   - at the "loser" label, be sure to free the digest context itself.
NSS_CMSDigestContext_Cancel()
   - after destroying all the objects, free the arrays of pointers to the
     objects, and the digest context itself.  Previously these items were
     leaked by this function.
NSS_CMSDigestContext_FinishMultiple()
   - ensure that this function ALWAYS destroys all the NSS digest objects,
     and doesn't stop destroying them if it encounters an error.  Note that
     this is a newer revision of an older patch for that problem.
   - always Free the arrays of pointers used in this object.
NSS_CMSDigestContext_FinishSingle()
   - simplify this code.
Bugscape bug 54208, r=relyea
 2003-12-04 00:32:18 +00:00
nelsonb%netscape.com 87f679f22f NSS_CMSSignerInfo_Verify() 
- This function is changed to explicitly allow some of its input arguments
  to be NULL.  It will set the verification status in the CMSSignerInfo
  object accordingly.  Since this is the ONLY function that ever sets the
  verification status, it must be able to do so even when problems have
  occurred.
- lots of cleanup of this source code.
Bugscape bug 54208, r=relyea
 2003-12-04 00:29:31 +00:00
nelsonb%netscape.com 595bef62f1 Add null pointer checks to nss_cms_after_end and NSS_CMSEnvelopedData_Decode_AfterData. Bugscape bug 54061. r=wtc,relyea 
Lots of code "cleanup" (reformatting for 80 columns) in cmsdecode.c
 2003-12-04 00:14:24 +00:00
nelsonb%netscape.com 4261b30e83 Avoid UMRs in dertime.c. Bugscape bug 54198. r=wtc. 2003-12-03 04:03:40 +00:00
jpierre%netscape.com 1a4d392dcf Fix for 54061 - null pointer check . r=nelsonb 2003-12-03 02:42:08 +00:00
wchang0222%aol.com 8dfbb57876 Bugscape bug 54021: in CERT_FindSubjectKeyIDExtension, if PORT_NewArena 
fails we should return SECFailure.  Document that the return values of
CERT_GetCommonName and NSS_CMSSignerInfo_GetSignerCommonName must be freed
with PORT_Free.  r=nelsonb.
Modified Files:
	certdb/alg1485.c certdb/cert.h certdb/certv3.c smime/cms.h
	smime/cmssiginfo.c
 2003-12-03 00:09:05 +00:00
jpierre%netscape.com 52158427da Prevent SMIME crash in the opaque signature test. bugscape 54061. r=nelsonb 2003-12-02 05:46:27 +00:00
jpierre%netscape.com 9383aa4e6e Fix for 54088 . Don't try to encode attributes with no value. r=wtc 2003-12-02 05:05:30 +00:00
nelsonb%netscape.com 684a62349d Bound stan error stack at 16 error codes to limit growth. 
Bugscape bug 54021. r=wtc.
 2003-12-02 02:05:47 +00:00
wchang0222%aol.com fb221f5058 Reverted to NSPR 4.3 until Sun has NSPR 4.4.1 binary distributions. 2003-11-28 05:41:42 +00:00
nelsonb%netscape.com 3831fe52a1 Detect invalid input buffer lengths, and return error instead of UMR> 
Bugscape bug 54021.  r=wchang0222
 2003-11-27 05:08:20 +00:00
nelsonb%netscape.com 45d0142b79 Fix leak in CERT_FindSubjectKeyIDExtension, and use the Quick DER 
decoder.  Bugscape bug 54021.  r=jpierre
 2003-11-27 05:06:20 +00:00
wchang0222%aol.com 26c03108b1 Upgraded to NSPR 4.4.1. 2003-11-27 01:43:15 +00:00
nelsonb%netscape.com f2932f6e38 Clean up some arithmetic used for UCS4. Detect when UCS2 and UCS4 
buffers have invalid lengths.  Bugscape bug 54021. r=whang0222, relyea
 2003-11-27 01:08:59 +00:00
wchang0222%aol.com 25e490c787 Bugzilla bug 226861: removed NSS_CMSSignedData_GetDigestByAlgTag, which is 
a duplicate of NSS_CMSSignedData_GetDigestValue.  r=nelsonb.
Modified Files: cms.h cmssigdata.c
 2003-11-26 23:50:02 +00:00
nelsonb%netscape.com a0f6f0dea3 In NSS_CMSSignedData_VerifySignerInfo(), test all returned pointers 
for NULL before attempting to dereference them.
Bugscape bug 54057. r=wchang0222
 2003-11-26 22:02:38 +00:00
nelsonb%netscape.com c8d02d5f8b Performance enhancement. Detect absurdly large modulae in public keys, 
and don't waste time on them.  Bugscape bug 54019. r=relyea.
 2003-11-26 06:26:31 +00:00
nelsonb%netscape.com 512f1560b2 Remove an unnecessary and incorrect assert call. 
Bugscape bug 54018. r=jpierre
 2003-11-26 06:16:01 +00:00
nelsonb%netscape.com a458b641ae This patch reduces the scope of many variables in cmsutil's decode function. It frees the signer's CN string after use. 
Bugscape bug 54021.  r=jpierre
 2003-11-25 23:26:39 +00:00
nelsonb%netscape.com 50b6382c60 Don't invoke PKCS11 with an invalid handle. Bug 226285. 
r=relyea sr=wchang0222
 2003-11-21 22:10:56 +00:00
nelsonb%netscape.com a7dd9b1bf2 Remove an overreaching constraing on modulus length. Bug 226285. 
r=relyea  sr=wchang0222
 2003-11-21 22:09:27 +00:00
nelsonb%netscape.com 3188a9ceb1 Implement new "batch mode" (see the -b option). Plug some leaks. 
Facilitates memory leak testing of the SMIME library.
This revision combines the patches for Bugzilla bug 225513 and
Bugscape bug 53775.  r = relyea and wchang0222
 2003-11-20 02:33:18 +00:00
nelsonb%netscape.com f90a628dd9 Don't accept ASN.1 items whose length is 2GB or more. 
Bugscape bug 53875.  r=wchang0222 and r=relyea.
 2003-11-20 02:08:34 +00:00
nelsonb%netscape.com 59a1ced121 Dont attempt to allocate 2GB or more from an arenapool. 
Bugscape bug 53875. r=relyea.
 2003-11-20 02:06:16 +00:00
nelsonb%netscape.com e0674b83b2 Remove as assertion that is triggered by bad data input, but does not 
indicate a code flaw.  Bugscape bug 53875. r=relyea
 2003-11-20 02:04:07 +00:00
nelsonb%netscape.com 726f43bce3 Be sure not to ask NSS to use an invalid PKCS11 mechanism. 
Bugscape bug 53875.  r=relyea.
 2003-11-20 02:00:04 +00:00
nelsonb%netscape.com 446d11f275 Plug a leak that occurs when code asks NSS to use an invalid PKCS11 
mechanism.  Bugscape bug 53875.  r=relyea
 2003-11-20 01:59:07 +00:00
nelsonb%netscape.com b2fe1655e5 near total rewrite of PK11_ParamFromAlgid to eliminate leaks. 
Partial fix for Bugscape bug 53875.
 2003-11-19 03:23:41 +00:00
wchang0222%aol.com 873eed9a1b Bugzilla bug 222568: fixed a bug introduced in rev. 1.54. 2003-11-19 01:38:26 +00:00
wchang0222%aol.com 920e86ba81 Turns out that we can use a space to separate directories in a vpath 
directive.  This works cross platform.
 2003-11-19 01:12:31 +00:00
nelsonb%netscape.com 3d05b2e562 Fix bugs in the new implementation of URI name constraints. 
Bugzilla Bug 221616.
 2003-11-19 00:56:59 +00:00
wchang0222%aol.com b10d68b98a Removed the declaration and a comment about PK11_FreeSlotCerts, which was 
deleted in NSS 3.4.
Modified Files: pk11func.h pk11slot.c
 2003-11-19 00:14:04 +00:00
nelsonb%netscape.com fff129fc2a Fix unnecessary assertion failures occuring in SMIME testing in 
debug builds only.  Partial fix for bugscape bug 53775. r=wchang0222
 2003-11-18 06:16:26 +00:00
wchang0222%aol.com b4d414ff1a Most platforms use ':' as path separator, but OS/2 uses ';'. So we use 
vpath directivies that specify a single directory to avoid dealing with
path separator.
 2003-11-18 04:04:05 +00:00
wchang0222%aol.com c62571d17d Set NSS version to 3.9 Beta 3. 2003-11-18 00:57:26 +00:00
wchang0222%aol.com 3a0fc1c3c4 Removed an extraneous character (`) after #endif. 2003-11-15 16:16:33 +00:00
wchang0222%aol.com c31daf7e42 Removed an extraneous comma (,) at the end of an enum type definition. 2003-11-15 16:15:01 +00:00
nelsonb%netscape.com c4fe475028 Detect empty emailAddr strings in CERTCertificate. Bugzilla bug 211540. 2003-11-15 00:15:28 +00:00
nelsonb%netscape.com 2bbf4a1e89 Detect empty emailAddr strings in CERTCertificates. Bugzilla bug 211540. 
Modified Files:
    cmd/dbck/dbck.c cmd/signtool/util.c lib/certdb/certdb.c
    lib/certdb/stanpcertdb.c lib/pkcs7/p7decode.c lib/pki/certificate.c
    lib/pki/pki3hack.c lib/smime/cmssiginfo.c lib/softoken/pkcs11u.c
 2003-11-15 00:10:01 +00:00
relyea%netscape.com 8b98f3daad Fix windows breakage. 2003-11-14 18:06:50 +00:00
relyea%netscape.com 9d169ea136 Add symkeyutil to the manifest file 2003-11-14 03:27:23 +00:00
relyea%netscape.com 6edd6fc183 New tool to manage fixed keys in the database. 2003-11-14 03:26:47 +00:00
relyea%netscape.com c30b6976e6 Changes for symkey support. 2003-11-14 03:25:52 +00:00
nelsonb%netscape.com e38d0f38ac Fix bugzilla bug 225301. r=jpierre. This patch does the following: 
1. Fixes the Usage message to document the command line options.
2. Changes the "decode" function to
   a) report an error on bad signatures, only when decoding the input file,
      not when decoding an ancillary "enveloped file".
   b) only output the contents of the "detached content" file (-c option)
      when that file's content was actually used in the computation.
3. Sundry other cleanup and added comments.
 2003-11-13 23:03:12 +00:00
wchang0222%aol.com 901d06bf68 Fixed a comment error. r=relyea. 2003-11-13 16:21:46 +00:00
wchang0222%aol.com e395b0a792 Bugzilla bug 225373: the return value of CERT_NameToAscii must be freed 
with PORT_Free.
Modified Files:
	cmd/lib/secutil.c cmd/selfserv/selfserv.c
	cmd/signver/pk7print.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c lib/certdb/cert.h
 2003-11-13 16:10:45 +00:00
nelsonb%netscape.com 698d18e57c Workaround race. Reduce leaks. Not a real fix. Bugzilla bug 225525. 2003-11-13 03:41:32 +00:00
wchang0222%aol.com 213fc9e160 Added a comment to note a question I had while reviewing the code. 2003-11-12 23:25:33 +00:00
nelsonb%netscape.com 077a1507e3 Eliminate some leaks in Stan cert code. 
Partial fix to bugscape bug 53573.
 2003-11-11 21:46:53 +00:00
nelsonb%netscape.com 22c35687f1 Eliminate a cert leak. Patch is Bob Relyea's. 
Parial fix for Bugscape bug 53573.
 2003-11-11 21:45:48 +00:00
jpierre%netscape.com bc4bdefabb Fix crash in certutil if usage is omitted 2003-11-11 00:01:32 +00:00
relyea%netscape.com b6b661b262 Repair error case for DH code in previous patch. 2003-11-07 16:21:40 +00:00
relyea%netscape.com 41cf12eef3 Verify Parameters from the user before passing it on to freebl. r=nelson 2003-11-07 03:38:59 +00:00
relyea%netscape.com 774ace3846 Add defines for DH and RSA key limits 2003-11-07 03:36:33 +00:00
nelsonb%netscape.com b92041f55c Correct the validity checks on certain ASN.1 objects, allowing some that 
were previous disallowed, and vice versa.  Bug 53339.
 2003-11-07 01:41:22 +00:00
nelsonb%netscape.com 8f9e2674d3 Fix some bugs in the code that formats OIDs for printing. 
Bugscape bug 53334.
 2003-11-06 02:02:32 +00:00
nelsonb%netscape.com b731d32dbb Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.
 2003-11-05 06:22:57 +00:00
wchang0222%aol.com c2d639aa9f Set NSS version to 3.9 Beta 2. 2003-11-04 05:52:51 +00:00
nelsonb%netscape.com cb4b243066 Fix numerous errors (mostly off-by-1 errors) in the code that formats 
and prints certs and CRLs.  This code is common to certutil and pp.
Bug 222568  r=nicholson (for this portion).
 2003-11-04 02:16:42 +00:00
nelsonb%netscape.com f0ab5a779e Better cleanup. Plug leaks in pp. bug 222568. r=nicolson (this part). 2003-11-04 01:51:54 +00:00
nelsonb%netscape.com 3e23562169 Rename get_oid_string to CERT_GetOidString and export it. Also, export 
CERT_DestroyOidSequence.  bug 222568.  r=jpierre (for this portion).
 2003-11-04 01:48:39 +00:00
wchang0222%aol.com db80db9956 Bugzilla bug 223624: fixed the compiler warning that case ecKey is not 
handled in the switch statement.  r=nelsonb.
 2003-11-01 05:17:16 +00:00
nelsonb%netscape.com 201c406020 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com 1ca2f7bff1 Enable generation of DES2 keys with mechanism CKM_DES2_KEY_GEN. Bug 201521 2003-10-31 02:33:16 +00:00
nelsonb%netscape.com 74bf975468 Correct the code that detects DES2 keys based on their lengths. Bug 201521 2003-10-30 22:31:09 +00:00
jpierre%netscape.com d20b923bd7 Fix for 223494 - cmsutil signing does not work with hardware tokens. r=wtc, relyea 2003-10-28 02:34:15 +00:00
wchang0222%aol.com 624f671470 Bugzilla bug 223624: declare pk11_FindAttrInTemplate before it is used. 
r=nelsonb.
 2003-10-25 14:10:11 +00:00
wchang0222%aol.com c96d1ed9b5 Bugzilla bug 223624: use PR_MAX to avoid redefining MAX, a macro commonly 
defined in system headers. r=nelsonb.
 2003-10-25 14:08:31 +00:00
wchang0222%aol.com 31dbf3bf9f Bugzilla bug 223624: removed an extraneous format string for fprintf. 
r=nelsonb.
 2003-10-25 14:05:08 +00:00
wchang0222%aol.com ab5ecc5b5c Bugzilla bug 223624: node->error is a 'long', so it should match a %ld 
format.  r=nelsonb.
 2003-10-25 14:01:43 +00:00
jpierre%netscape.com ded6578ea5 Initialize crlHandle . r=wtc 2003-10-25 00:41:14 +00:00
nelsonb%netscape.com 95d6c3f26e Require DES, DES2 and DES3 keys to have correct length in all cases. 
Expand DES2 keys to be DES3 keys when used with DES3 mechanisms.
Bug 201521.
 2003-10-25 00:12:34 +00:00
wchang0222%aol.com ec00f34485 Bugzilla bug 173715: fixed a crash in OCSP. We incorrectly assumed that 
'addr' was the last IP address of the host when PR_EnumerateHostEnt
returned 0 and attempted to connect to 'addr', resulting in an assertion
failure in PR_Connect. The fix is to not use 'addr' when
PR_EnumerateHostEnt returns 0.  r=relyea.
 2003-10-24 17:17:37 +00:00
wchang0222%aol.com ba7cb76b6a Removed the nonexistent directory 'rngtest' from DIRS. 2003-10-24 06:22:58 +00:00
wchang0222%aol.com 7cba11a0bb Removed nonexistent directory "crypto" from DIRS. 2003-10-24 05:29:08 +00:00
wchang0222%aol.com 24e7c95246 Bugzilla bug 223427: added a note section so that the linker knows we're 
not executing off the stack.  This patch is received from Christopher
Blizzard of Red Hat <blizzard@redhat.com>.
 2003-10-24 04:47:23 +00:00
wchang0222%aol.com 2e23dc9849 Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the 
previous checkin.
 2003-10-22 01:00:10 +00:00
bishakhabanerjee%netscape.com 1a5bf9ea5d NIST PKITS tests:first checkin, without CRLS:bug 177398:six sections implemented 2003-10-21 21:35:04 +00:00
nelsonb%netscape.com 38375e8faf Add new -N option, which completely suppresses the initialization and use 
of the SSL server session ID cache.  Used to test the fix for bug 222726.
 2003-10-19 05:18:11 +00:00
nelsonb%netscape.com 7b5ce7e5c8 Put the NSS 3.9 block back in ASCII sorting order, AGAIN. 2003-10-19 04:41:20 +00:00
nelsonb%netscape.com 9c532ab8ec When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726
 2003-10-19 01:55:50 +00:00
nelsonb%netscape.com edd5736597 Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 2003-10-19 01:31:41 +00:00
nelsonb%netscape.com f8af4da928 SSL_ShutdownServerSessionIDCache no longer leaks the cache memory. 
Bug 222065. r=wchang0222
 2003-10-19 01:25:10 +00:00
relyea%netscape.com 74ffbef42d 221067 NSS needs to be able to create token symkeys from unwrap and derive. 2003-10-18 00:38:04 +00:00
nelsonb%netscape.com c78198ebda Detect buffer overruns caused by flawed application-supplied callbacks, 
and avoid crashing due to them.  Bugscape bug 52528. r=wchang
 2003-10-17 21:12:13 +00:00
relyea%netscape.com 3d25bd9959 Incorporate WTC's review comments.. 2003-10-17 17:56:56 +00:00
ian.mcgreer%sun.com e929b84d2a missed SSL ECC test files in last checkin 2003-10-17 14:10:18 +00:00
ian.mcgreer%sun.com 0028f943d4 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com 2019c55137 Put the NSS 3.9 block in ASCII sorting order. 2003-10-17 05:45:19 +00:00
relyea%netscape.com 7ef01f4ada Bug 156770 When we do a file import and give a bad password we get wrong errors back 
When we fail to decode based on a bad password, don't continue.

So once we've tried failed to decode a ANS.1 stream, don't continue collecting
more data.

On microsoft.pfx files, we would wind up decoding to the end of the encrypted
stream, then fail in the padding in PKCS #7. This code bypasses this problem by
making sure we don't continue to try to decode data once we've hit a bad
password failure.
 2003-10-16 23:49:15 +00:00
jpierre%netscape.com 8968621f4c Fix for bug 222180 . remove redundant code 2003-10-15 01:40:10 +00:00
jpierre%netscape.com 1d1e003b2c Fix for bug 222180 . Change to quick decoder . r=wtc 2003-10-15 01:34:22 +00:00
nelsonb%netscape.com bb642e9de3 Eliminate redundant function declarations. Bug 208854. r=wchang0222 2003-10-14 17:44:33 +00:00
relyea%netscape.com b80fd62f5d Fix tinderbox breakage 2003-10-12 22:55:09 +00:00
nelsonb%netscape.com 55ecb1638f Correctly handle a NULL moduleSpecList. Bug 220217. 2003-10-11 01:49:24 +00:00
nelsonb%netscape.com c7195e7f01 This file has been dead code since NSS 3.4 released, if not sooner. 2003-10-11 01:10:51 +00:00
jpierre%netscape.com 4b274eadf6 Fix for bug 221743 - incorrect certificate usage macro 2003-10-10 23:22:31 +00:00
relyea%netscape.com 6feb3bc391 Bug 191467 
Multipart signing and verifying broken for several mechanisms in softoken
Reporter:   	Andreas.Sterbenz@sun.com (Andreas Sterbenz)
sr=nelsonb
 2003-10-10 15:32:26 +00:00
relyea%netscape.com da0e767ef3 Bug 203866 
Make unloaded modules visible for administrative purposes.
sr=wtc r=nelson
 2003-10-10 15:29:43 +00:00
relyea%netscape.com d9ea331302 Bug 203866. Make unloaded modules visible for administrative purposes. 
sr=wtc r=nelson
 2003-10-10 15:26:23 +00:00
relyea%netscape.com 6c37cf315f fix bug 203450 
jarevil.c:345: warning: implicit declaration of function \
  `__CERT_AddTempCertToPerm'

Obviously missing a declaration somewhere.

r=jpierr, wtc
 2003-10-09 22:17:04 +00:00
jpierre%netscape.com 8e693bd25b Fix for bug 55898 - print name of certificate causing failure in certutil . r=wtc 2003-10-08 01:00:37 +00:00
nelsonb%netscape.com 297c871d38 Eliminate one of several redundant OID table lookups. Bug 207033. 2003-10-07 17:19:55 +00:00
nelsonb%netscape.com da831f0be3 Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com b4001cf1b8 The "valid CA" trust flag now overrides other CA cert checks. 
Works for SSL client as well as other usages.  Bug 200225
 2003-10-07 02:17:56 +00:00
nelsonb%netscape.com 0af05aaf1a Export new function PK11_ExportEncryptedPrivKeyInfo. Bug 207033. 2003-10-07 01:29:32 +00:00
nelsonb%netscape.com 7c3772d3d7 Create new function SECKEYEncryptedPrivateKeyInfo which is just like 
SECKEYEncryptedPrivateKeyInfo except that it identifies the private
key by a private key pointer, rather than by a certificate. Bug 207033.
 2003-10-07 01:26:38 +00:00
nelsonb%netscape.com adf3bd4810 Make tstclnt work with IPv6 addresses. Bug 161610. 2003-10-06 23:50:11 +00:00
nelsonb%netscape.com 4bb3ccc8bd Check for presence of secmod.db file prior to acting on it, for all 
cases except "multiaccess:".  Bug 220217. r=relyea
 2003-10-06 23:33:03 +00:00
nelsonb%netscape.com 96a4f8926a Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.
 2003-10-03 02:01:18 +00:00
wtc%netscape.com 470c7c30c0 Bug 220963: need to handle the possibility that symKey may be NULL before 
dereferencing it.
 2003-10-01 23:01:46 +00:00
jpierre%netscape.com 64c44a50f4 Fix for bug 141882 - convert email query keys to lowercase when searching . r=wtc 2003-09-30 02:33:40 +00:00
jpierre%netscape.com 58d2922f0d Fix for bug 94413 - OCSP needs more fine tuned error messages. r=wtc 2003-09-30 01:18:55 +00:00
nelsonb%netscape.com fd6bfd34f5 Move a brace so vi will find the beginning of the function. 2003-09-27 01:45:35 +00:00
jpierre%netscape.com 7a8c91801a Fix for bug 219539 - support GeneralizedTime in NSS tools 2003-09-27 00:01:45 +00:00
jpierre%netscape.com b220af50ec Fix for bug 219539 - support GeneralizedTime in NSS tools 2003-09-26 06:18:40 +00:00
nelsonb%netscape.com 2fb81c5b8c Don't use windowed exponentiation for small public exponents. 
Speeds up public key operations.  Path contributed by
    Sheueling Chang Shantz <sheueling.chang@sun.com>,
    Stephen Fung <stephen.fung@sun.com>, and
    Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
 2003-09-26 02:15:12 +00:00
nelsonb%netscape.com 9aa0859dc2 Correct an inaccurate log message. 2003-09-25 21:40:02 +00:00
jpierre%netscape.com 53b39d4951 Fix typo 2003-09-25 00:25:06 +00:00
nelsonb%netscape.com f633274323 Fix usage message to list all commands. Also, fix a few lines of 
code that did not follow the file's convention for indentation.
Bug 203870.
 2003-09-24 21:49:49 +00:00
nelsonb%netscape.com 84a7421314 Fix bug 204549. Properly handle memory allocation failures. 2003-09-23 20:47:43 +00:00
wtc%netscape.com ea9c7b9cf1 Bugzilla bug 204549: find_objects_by_template was not setting *statusOpt 
before one return statement.  r=nelsonb.
 2003-09-23 20:34:15 +00:00
nelsonb%netscape.com 3ecdf5b682 Correctly compute certificate fingerprints. Bug 220016. 2003-09-23 02:05:47 +00:00
jpierre%netscape.com cacf90504b Fix for 215182 - certutil prints incorrect nickname. r=wtc 2003-09-23 00:10:54 +00:00
wtc%netscape.com ff0ab0d5e6 Bugzilla bug 219713: fixed build bustage on all Unix platforms. We need 
to export CERT_TimeChoiceTemplate as data for Unix.
 2003-09-19 18:00:48 +00:00
jpierre%netscape.com c1f8a20c18 Fix for 219082 - support GeneralizedTime in PKCS#7 signatures. r=nelsonb, sr=wtc 2003-09-19 04:16:19 +00:00
jpierre%netscape.com 41dfa35b34 Fix for 219524 - support GeneralizedTime in S/MIME v3 signatures. r=wtc, sr=nelsonb 2003-09-19 04:14:50 +00:00
jpierre%netscape.com c54ab44432 Fix for bug 143334 : add support for GeneralizedTime in certificates and CRLs. r=wtc,nelsonb 2003-09-19 04:08:51 +00:00
jpierre%netscape.com 06f53aa46d Fix for 215214 - make certutil show all instances of certs . r=wtc 2003-09-18 02:00:32 +00:00
wtc%netscape.com fca2dd1924 The isOnList function is now unused. 2003-09-18 01:28:52 +00:00
jpierre%netscape.com 81af9c614e Fix for bug 215186 - add missing options to PK11_ListCerts . r=wtc 2003-09-18 00:22:18 +00:00
jpierre%netscape.com 2d02a55087 Add comment in the header for PK11_FindSlotsByAliases 2003-09-12 22:11:31 +00:00
wtc%netscape.com 78933c07aa Bugzilla bug 215152: removed redundant pointer tests. Use 
SEC_ERROR_LIBRARY_FAILURE for NSS internal errors.
 2003-09-12 20:01:56 +00:00
wtc%netscape.com 00bfcc6ae5 Bugzilla bug 217247: improved the memory leak fix for the appData nicknames 
returned by PK11_ListCerts.  Instead of allocating them from the heap first
and copying to the arena, allocate them from the arena directly.  r=jpierre
Modified Files: certhigh.c pk11cert.c pki3hack.h pki3hack.c
 2003-09-12 19:38:04 +00:00
wtc%netscape.com 3e12ba21f2 Bugzilla bug 214535: fixed a recursive dead lock on cache->lock. We must 
not call nssSlot_IsTokenPresent while cache->lock is locked because
that function may call nssToken_Remove, which locks cache->lock.  r=mcgreer
 2003-09-12 19:17:15 +00:00
wtc%netscape.com c629bfb394 Bugzilla bug 208971: remove obsolete Mac CFM build files from NSS. 2003-09-11 00:04:38 +00:00
wtc%netscape.com 160d767599 Bugzilla bug 208971: removed obsolete Mac CFM build files from NSS. 2003-09-11 00:01:07 +00:00
jpierre%netscape.com c71f55bb2a Fix for 215152 - better error handling 2003-09-10 01:33:25 +00:00
jpierre%netscape.com 24dbc103c8 Fix for bug 215152 . Improve error handling in PK11_FindSlotsByAliases 2003-09-10 01:31:54 +00:00