76d85c560b
Fix S/MIME bugs that caused parallel arrays of digest OIDs and digest
...
values to become out of sync. Bugscape bug 54256. r=relyea.
Modified Files: cmd/smimetools/cmsutil.c lib/smime/cmsdigest.c
2003-12-12 23:55:06 +00:00
2011673dcb
Fix for 54061 . Return SEC_ERROR_INVALID_ARGS and remove assertions . r=wtc,misterssl
2003-12-12 21:42:02 +00:00
d4d04655e1
CERT_ImportCerts now returns SECFailure when NONE of the certs was succesfully imported. r=wtc. Bugscape bug 54311.
2003-12-06 06:52:53 +00:00
e537bc9692
__CERT_AddTempCertToPerm will now set error SEC_ERROR_ADDING_CERT
...
when attempting to make a cert perm that is already permanent.
Bugzilla bug 227559. r=wtc
2003-12-06 06:46:27 +00:00
8704f98c04
NSC_Finalize will now destroy 3 softoken free lists and one more
...
global pointer. Plugs some memory leaks. Bugscape bug 54301. r=wtc
2003-12-06 06:41:51 +00:00
ec6dec704f
Add new -k option to NSS QA test program cmsutil. By default, cmsutil
...
will no longer add any decoded certs to the cert db file, which is
useful for reproducibility of results in QA scripts.
Bugscape bug 54293. r=relyea,jpierre,wtc
2003-12-06 06:31:08 +00:00
a0deea3e3a
Bugzilla bug 227296: fixed the bug that NSS_CMSAttribute_AddValue adds the
...
address of a stack variable to the attr->values array. Added a new
function SECITEM_ArenaDupItem. r=nelsonb.
Modified Files:
nss/nss.def util/secitem.c util/secitem.h smime/cmsarray.c
smime/cmsattr.c
2003-12-06 01:16:50 +00:00
0515e55abf
Further simplification and improvement of the parsing of UTCTime
...
and GeneralizedTime to avoid UMRs. Bugscape bug 54198. r=wtc
2003-12-05 04:53:28 +00:00
87fc420381
NSS_CMSContentInfo_Destroy()
...
- The patch destroys the digest context member of the CMSContentInfo.
It calls the previously unused function NSS_CMSDigestContext_Cancel
to destroy the digest context. Eliminates an object reference leak.
Bugscape bug 54208, r=relyea
2003-12-04 00:39:24 +00:00
288de30d7f
In functions NSS_CMSSignedData_Encode_AfterData and
...
NSS_CMSSignedData_Decode_AfterData
- These functions call NSS_CMSDigestContext_FinishMultiple, which
always destroys the digest context, regardless of whether it returns
SECSUccess or SECFailure. So, change these functions to always NULL
out the context pointer regardless of the returned value.
NSS_CMSSignedData_VerifySignerInfo()
- Always call NSS_CMSSignerInfo_Verify() to set the verification status
in the signerinfo object, even if some of the other arguments are NULL,
or other failures have occurred, but avoid NULL pointer dereferences
along the way. Notice that this change is dependent on changes to
NSS_CMSSignerInfo_Verify() (see below.)
NSS_CMSSignedData_SetDigests() - skip over missing digests. Don't fail
the function, and don't crash, if digest pointers are NULL.
Bugscape bug 54208, r=relyea
2003-12-04 00:36:47 +00:00
39b3925b9d
Functions NSS_CMSDigestedData_Encode_AfterData and
...
NSS_CMSDigestedData_Decode_AfterData
- Since NSS_CMSDigestContext_FinishSingle always destroys the context,
regardless of whether it returns SECSuccess or SECFailure, these
functions have been changed to always NULL out the context pointer
after calling NSS_CMSDigestContext_FinishSingle, regardless of the
outcome.
Bugscape bug 54208, r=relyea
2003-12-04 00:35:02 +00:00
a4b319833e
There is a lot of "cleanup" in this file, wrapping source at 80 columns.
...
The relevant fixes for this bug include:
NSS_CMSDigestContext_StartMultiple()
- make sure that cmsdigcx->digcxs and cmsdigcx->digobjs are initialized.
- at the "loser" label, be sure to free the digest context itself.
NSS_CMSDigestContext_Cancel()
- after destroying all the objects, free the arrays of pointers to the
objects, and the digest context itself. Previously these items were
leaked by this function.
NSS_CMSDigestContext_FinishMultiple()
- ensure that this function ALWAYS destroys all the NSS digest objects,
and doesn't stop destroying them if it encounters an error. Note that
this is a newer revision of an older patch for that problem.
- always Free the arrays of pointers used in this object.
NSS_CMSDigestContext_FinishSingle()
- simplify this code.
Bugscape bug 54208, r=relyea
2003-12-04 00:32:18 +00:00
87f679f22f
NSS_CMSSignerInfo_Verify()
...
- This function is changed to explicitly allow some of its input arguments
to be NULL. It will set the verification status in the CMSSignerInfo
object accordingly. Since this is the ONLY function that ever sets the
verification status, it must be able to do so even when problems have
occurred.
- lots of cleanup of this source code.
Bugscape bug 54208, r=relyea
2003-12-04 00:29:31 +00:00
595bef62f1
Add null pointer checks to nss_cms_after_end and NSS_CMSEnvelopedData_Decode_AfterData. Bugscape bug 54061. r=wtc,relyea
...
Lots of code "cleanup" (reformatting for 80 columns) in cmsdecode.c
2003-12-04 00:14:24 +00:00
4261b30e83
Avoid UMRs in dertime.c. Bugscape bug 54198. r=wtc.
2003-12-03 04:03:40 +00:00
1a4d392dcf
Fix for 54061 - null pointer check . r=nelsonb
2003-12-03 02:42:08 +00:00
8dfbb57876
Bugscape bug 54021: in CERT_FindSubjectKeyIDExtension, if PORT_NewArena
...
fails we should return SECFailure. Document that the return values of
CERT_GetCommonName and NSS_CMSSignerInfo_GetSignerCommonName must be freed
with PORT_Free. r=nelsonb.
Modified Files:
certdb/alg1485.c certdb/cert.h certdb/certv3.c smime/cms.h
smime/cmssiginfo.c
2003-12-03 00:09:05 +00:00
52158427da
Prevent SMIME crash in the opaque signature test. bugscape 54061. r=nelsonb
2003-12-02 05:46:27 +00:00
9383aa4e6e
Fix for 54088 . Don't try to encode attributes with no value. r=wtc
2003-12-02 05:05:30 +00:00
684a62349d
Bound stan error stack at 16 error codes to limit growth.
...
Bugscape bug 54021. r=wtc.
2003-12-02 02:05:47 +00:00
fb221f5058
Reverted to NSPR 4.3 until Sun has NSPR 4.4.1 binary distributions.
2003-11-28 05:41:42 +00:00
3831fe52a1
Detect invalid input buffer lengths, and return error instead of UMR>
...
Bugscape bug 54021. r=wchang0222
2003-11-27 05:08:20 +00:00
45d0142b79
Fix leak in CERT_FindSubjectKeyIDExtension, and use the Quick DER
...
decoder. Bugscape bug 54021. r=jpierre
2003-11-27 05:06:20 +00:00
26c03108b1
Upgraded to NSPR 4.4.1.
2003-11-27 01:43:15 +00:00
f2932f6e38
Clean up some arithmetic used for UCS4. Detect when UCS2 and UCS4
...
buffers have invalid lengths. Bugscape bug 54021. r=whang0222, relyea
2003-11-27 01:08:59 +00:00
25e490c787
Bugzilla bug 226861: removed NSS_CMSSignedData_GetDigestByAlgTag, which is
...
a duplicate of NSS_CMSSignedData_GetDigestValue. r=nelsonb.
Modified Files: cms.h cmssigdata.c
2003-11-26 23:50:02 +00:00
a0f6f0dea3
In NSS_CMSSignedData_VerifySignerInfo(), test all returned pointers
...
for NULL before attempting to dereference them.
Bugscape bug 54057. r=wchang0222
2003-11-26 22:02:38 +00:00
c8d02d5f8b
Performance enhancement. Detect absurdly large modulae in public keys,
...
and don't waste time on them. Bugscape bug 54019. r=relyea.
2003-11-26 06:26:31 +00:00
512f1560b2
Remove an unnecessary and incorrect assert call.
...
Bugscape bug 54018. r=jpierre
2003-11-26 06:16:01 +00:00
a458b641ae
This patch reduces the scope of many variables in cmsutil's decode function. It frees the signer's CN string after use.
...
Bugscape bug 54021. r=jpierre
2003-11-25 23:26:39 +00:00
50b6382c60
Don't invoke PKCS11 with an invalid handle. Bug 226285.
...
r=relyea sr=wchang0222
2003-11-21 22:10:56 +00:00
a7dd9b1bf2
Remove an overreaching constraing on modulus length. Bug 226285.
...
r=relyea sr=wchang0222
2003-11-21 22:09:27 +00:00
3188a9ceb1
Implement new "batch mode" (see the -b option). Plug some leaks.
...
Facilitates memory leak testing of the SMIME library.
This revision combines the patches for Bugzilla bug 225513 and
Bugscape bug 53775. r = relyea and wchang0222
2003-11-20 02:33:18 +00:00
f90a628dd9
Don't accept ASN.1 items whose length is 2GB or more.
...
Bugscape bug 53875. r=wchang0222 and r=relyea.
2003-11-20 02:08:34 +00:00
59a1ced121
Dont attempt to allocate 2GB or more from an arenapool.
...
Bugscape bug 53875. r=relyea.
2003-11-20 02:06:16 +00:00
e0674b83b2
Remove as assertion that is triggered by bad data input, but does not
...
indicate a code flaw. Bugscape bug 53875. r=relyea
2003-11-20 02:04:07 +00:00
726f43bce3
Be sure not to ask NSS to use an invalid PKCS11 mechanism.
...
Bugscape bug 53875. r=relyea.
2003-11-20 02:00:04 +00:00
446d11f275
Plug a leak that occurs when code asks NSS to use an invalid PKCS11
...
mechanism. Bugscape bug 53875. r=relyea
2003-11-20 01:59:07 +00:00
b2fe1655e5
near total rewrite of PK11_ParamFromAlgid to eliminate leaks.
...
Partial fix for Bugscape bug 53875.
2003-11-19 03:23:41 +00:00
873eed9a1b
Bugzilla bug 222568: fixed a bug introduced in rev. 1.54.
2003-11-19 01:38:26 +00:00
920e86ba81
Turns out that we can use a space to separate directories in a vpath
...
directive. This works cross platform.
2003-11-19 01:12:31 +00:00
3d05b2e562
Fix bugs in the new implementation of URI name constraints.
...
Bugzilla Bug 221616.
2003-11-19 00:56:59 +00:00
b10d68b98a
Removed the declaration and a comment about PK11_FreeSlotCerts, which was
...
deleted in NSS 3.4.
Modified Files: pk11func.h pk11slot.c
2003-11-19 00:14:04 +00:00
fff129fc2a
Fix unnecessary assertion failures occuring in SMIME testing in
...
debug builds only. Partial fix for bugscape bug 53775. r=wchang0222
2003-11-18 06:16:26 +00:00
b4d414ff1a
Most platforms use ':' as path separator, but OS/2 uses ';'. So we use
...
vpath directivies that specify a single directory to avoid dealing with
path separator.
2003-11-18 04:04:05 +00:00
c62571d17d
Set NSS version to 3.9 Beta 3.
2003-11-18 00:57:26 +00:00
3a0fc1c3c4
Removed an extraneous character (`) after #endif.
2003-11-15 16:16:33 +00:00
c31daf7e42
Removed an extraneous comma (,) at the end of an enum type definition.
2003-11-15 16:15:01 +00:00
c4fe475028
Detect empty emailAddr strings in CERTCertificate. Bugzilla bug 211540.
2003-11-15 00:15:28 +00:00
2bbf4a1e89
Detect empty emailAddr strings in CERTCertificates. Bugzilla bug 211540.
...
Modified Files:
cmd/dbck/dbck.c cmd/signtool/util.c lib/certdb/certdb.c
lib/certdb/stanpcertdb.c lib/pkcs7/p7decode.c lib/pki/certificate.c
lib/pki/pki3hack.c lib/smime/cmssiginfo.c lib/softoken/pkcs11u.c
2003-11-15 00:10:01 +00:00
8b98f3daad
Fix windows breakage.
2003-11-14 18:06:50 +00:00
9d169ea136
Add symkeyutil to the manifest file
2003-11-14 03:27:23 +00:00
6edd6fc183
New tool to manage fixed keys in the database.
2003-11-14 03:26:47 +00:00
c30b6976e6
Changes for symkey support.
2003-11-14 03:25:52 +00:00
e38d0f38ac
Fix bugzilla bug 225301. r=jpierre. This patch does the following:
...
1. Fixes the Usage message to document the command line options.
2. Changes the "decode" function to
a) report an error on bad signatures, only when decoding the input file,
not when decoding an ancillary "enveloped file".
b) only output the contents of the "detached content" file (-c option)
when that file's content was actually used in the computation.
3. Sundry other cleanup and added comments.
2003-11-13 23:03:12 +00:00
901d06bf68
Fixed a comment error. r=relyea.
2003-11-13 16:21:46 +00:00
e395b0a792
Bugzilla bug 225373: the return value of CERT_NameToAscii must be freed
...
with PORT_Free.
Modified Files:
cmd/lib/secutil.c cmd/selfserv/selfserv.c
cmd/signver/pk7print.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c lib/certdb/cert.h
2003-11-13 16:10:45 +00:00
698d18e57c
Workaround race. Reduce leaks. Not a real fix. Bugzilla bug 225525.
2003-11-13 03:41:32 +00:00
213fc9e160
Added a comment to note a question I had while reviewing the code.
2003-11-12 23:25:33 +00:00
077a1507e3
Eliminate some leaks in Stan cert code.
...
Partial fix to bugscape bug 53573.
2003-11-11 21:46:53 +00:00
22c35687f1
Eliminate a cert leak. Patch is Bob Relyea's.
...
Parial fix for Bugscape bug 53573.
2003-11-11 21:45:48 +00:00
bc4bdefabb
Fix crash in certutil if usage is omitted
2003-11-11 00:01:32 +00:00
b6b661b262
Repair error case for DH code in previous patch.
2003-11-07 16:21:40 +00:00
41cf12eef3
Verify Parameters from the user before passing it on to freebl. r=nelson
2003-11-07 03:38:59 +00:00
774ace3846
Add defines for DH and RSA key limits
2003-11-07 03:36:33 +00:00
b92041f55c
Correct the validity checks on certain ASN.1 objects, allowing some that
...
were previous disallowed, and vice versa. Bug 53339.
2003-11-07 01:41:22 +00:00
8f9e2674d3
Fix some bugs in the code that formats OIDs for printing.
...
Bugscape bug 53334.
2003-11-06 02:02:32 +00:00
b731d32dbb
Grow handshake message buffer once per message, not once per each message
...
segment received. Bugscape bug 53418.
2003-11-05 06:22:57 +00:00
c2d639aa9f
Set NSS version to 3.9 Beta 2.
2003-11-04 05:52:51 +00:00
cb4b243066
Fix numerous errors (mostly off-by-1 errors) in the code that formats
...
and prints certs and CRLs. This code is common to certutil and pp.
Bug 222568 r=nicholson (for this portion).
2003-11-04 02:16:42 +00:00
f0ab5a779e
Better cleanup. Plug leaks in pp. bug 222568. r=nicolson (this part).
2003-11-04 01:51:54 +00:00
3e23562169
Rename get_oid_string to CERT_GetOidString and export it. Also, export
...
CERT_DestroyOidSequence. bug 222568. r=jpierre (for this portion).
2003-11-04 01:48:39 +00:00
db80db9956
Bugzilla bug 223624: fixed the compiler warning that case ecKey is not
...
handled in the switch statement. r=nelsonb.
2003-11-01 05:17:16 +00:00
201c406020
Remove one unnecessary transition from the SSL3 state machine.
...
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
2003-10-31 07:01:05 +00:00
1ca2f7bff1
Enable generation of DES2 keys with mechanism CKM_DES2_KEY_GEN. Bug 201521
2003-10-31 02:33:16 +00:00
74bf975468
Correct the code that detects DES2 keys based on their lengths. Bug 201521
2003-10-30 22:31:09 +00:00
d20b923bd7
Fix for 223494 - cmsutil signing does not work with hardware tokens. r=wtc, relyea
2003-10-28 02:34:15 +00:00
624f671470
Bugzilla bug 223624: declare pk11_FindAttrInTemplate before it is used.
...
r=nelsonb.
2003-10-25 14:10:11 +00:00
c96d1ed9b5
Bugzilla bug 223624: use PR_MAX to avoid redefining MAX, a macro commonly
...
defined in system headers. r=nelsonb.
2003-10-25 14:08:31 +00:00
31dbf3bf9f
Bugzilla bug 223624: removed an extraneous format string for fprintf.
...
r=nelsonb.
2003-10-25 14:05:08 +00:00
ab5ecc5b5c
Bugzilla bug 223624: node->error is a 'long', so it should match a %ld
...
format. r=nelsonb.
2003-10-25 14:01:43 +00:00
ded6578ea5
Initialize crlHandle . r=wtc
2003-10-25 00:41:14 +00:00
95d6c3f26e
Require DES, DES2 and DES3 keys to have correct length in all cases.
...
Expand DES2 keys to be DES3 keys when used with DES3 mechanisms.
Bug 201521.
2003-10-25 00:12:34 +00:00
ec00f34485
Bugzilla bug 173715: fixed a crash in OCSP. We incorrectly assumed that
...
'addr' was the last IP address of the host when PR_EnumerateHostEnt
returned 0 and attempted to connect to 'addr', resulting in an assertion
failure in PR_Connect. The fix is to not use 'addr' when
PR_EnumerateHostEnt returns 0. r=relyea.
2003-10-24 17:17:37 +00:00
ba7cb76b6a
Removed the nonexistent directory 'rngtest' from DIRS.
2003-10-24 06:22:58 +00:00
7cba11a0bb
Removed nonexistent directory "crypto" from DIRS.
2003-10-24 05:29:08 +00:00
24e7c95246
Bugzilla bug 223427: added a note section so that the linker knows we're
...
not executing off the stack. This patch is received from Christopher
Blizzard of Red Hat <blizzard@redhat.com>.
2003-10-24 04:47:23 +00:00
2e23dc9849
Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the
...
previous checkin.
2003-10-22 01:00:10 +00:00
1a5bf9ea5d
NIST PKITS tests:first checkin, without CRLS:bug 177398:six sections implemented
2003-10-21 21:35:04 +00:00
38375e8faf
Add new -N option, which completely suppresses the initialization and use
...
of the SSL server session ID cache. Used to test the fix for bug 222726.
2003-10-19 05:18:11 +00:00
7b5ce7e5c8
Put the NSS 3.9 block back in ASCII sorting order, AGAIN.
2003-10-19 04:41:20 +00:00
9c532ab8ec
When the SSL_NO_CACHE option is set on an SSL server socket, don't touch
...
the server session cache AT ALL. Bug 222726
2003-10-19 01:55:50 +00:00
edd5736597
Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452.
2003-10-19 01:31:41 +00:00
f8af4da928
SSL_ShutdownServerSessionIDCache no longer leaks the cache memory.
...
Bug 222065. r=wchang0222
2003-10-19 01:25:10 +00:00
74ffbef42d
221067 NSS needs to be able to create token symkeys from unwrap and derive.
2003-10-18 00:38:04 +00:00
c78198ebda
Detect buffer overruns caused by flawed application-supplied callbacks,
...
and avoid crashing due to them. Bugscape bug 52528. r=wchang
2003-10-17 21:12:13 +00:00
3d25bd9959
Incorporate WTC's review comments..
2003-10-17 17:56:56 +00:00
e929b84d2a
missed SSL ECC test files in last checkin
2003-10-17 14:10:18 +00:00
0028f943d4
ECC code landing.
...
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
2019c55137
Put the NSS 3.9 block in ASCII sorting order.
2003-10-17 05:45:19 +00:00
7ef01f4ada
Bug 156770 When we do a file import and give a bad password we get wrong errors back
...
When we fail to decode based on a bad password, don't continue.
So once we've tried failed to decode a ANS.1 stream, don't continue collecting
more data.
On microsoft.pfx files, we would wind up decoding to the end of the encrypted
stream, then fail in the padding in PKCS #7 . This code bypasses this problem by
making sure we don't continue to try to decode data once we've hit a bad
password failure.
2003-10-16 23:49:15 +00:00
8968621f4c
Fix for bug 222180 . remove redundant code
2003-10-15 01:40:10 +00:00
1d1e003b2c
Fix for bug 222180 . Change to quick decoder . r=wtc
2003-10-15 01:34:22 +00:00
bb642e9de3
Eliminate redundant function declarations. Bug 208854. r=wchang0222
2003-10-14 17:44:33 +00:00
b80fd62f5d
Fix tinderbox breakage
2003-10-12 22:55:09 +00:00
55ecb1638f
Correctly handle a NULL moduleSpecList. Bug 220217.
2003-10-11 01:49:24 +00:00
c7195e7f01
This file has been dead code since NSS 3.4 released, if not sooner.
2003-10-11 01:10:51 +00:00
4b274eadf6
Fix for bug 221743 - incorrect certificate usage macro
2003-10-10 23:22:31 +00:00
6feb3bc391
Bug 191467
...
Multipart signing and verifying broken for several mechanisms in softoken
Reporter: Andreas.Sterbenz@sun.com (Andreas Sterbenz)
sr=nelsonb
2003-10-10 15:32:26 +00:00
da0e767ef3
Bug 203866
...
Make unloaded modules visible for administrative purposes.
sr=wtc r=nelson
2003-10-10 15:29:43 +00:00
d9ea331302
Bug 203866. Make unloaded modules visible for administrative purposes.
...
sr=wtc r=nelson
2003-10-10 15:26:23 +00:00
6c37cf315f
fix bug 203450
...
jarevil.c:345: warning: implicit declaration of function \
`__CERT_AddTempCertToPerm'
Obviously missing a declaration somewhere.
r=jpierr, wtc
2003-10-09 22:17:04 +00:00
8e693bd25b
Fix for bug 55898 - print name of certificate causing failure in certutil . r=wtc
2003-10-08 01:00:37 +00:00
297c871d38
Eliminate one of several redundant OID table lookups. Bug 207033.
2003-10-07 17:19:55 +00:00
da831f0be3
Eliminate unnecessary copying of CA names in HandleCertRequest.
...
Bug 204686.
2003-10-07 02:24:01 +00:00
b4001cf1b8
The "valid CA" trust flag now overrides other CA cert checks.
...
Works for SSL client as well as other usages. Bug 200225
2003-10-07 02:17:56 +00:00
0af05aaf1a
Export new function PK11_ExportEncryptedPrivKeyInfo. Bug 207033.
2003-10-07 01:29:32 +00:00
7c3772d3d7
Create new function SECKEYEncryptedPrivateKeyInfo which is just like
...
SECKEYEncryptedPrivateKeyInfo except that it identifies the private
key by a private key pointer, rather than by a certificate. Bug 207033.
2003-10-07 01:26:38 +00:00
adf3bd4810
Make tstclnt work with IPv6 addresses. Bug 161610.
2003-10-06 23:50:11 +00:00
4bb3ccc8bd
Check for presence of secmod.db file prior to acting on it, for all
...
cases except "multiaccess:". Bug 220217. r=relyea
2003-10-06 23:33:03 +00:00
96a4f8926a
Detect Zero length certs and zero length CA names. Bug 204686.
...
Also, eliminate unnecessary copying of incoming certs.
2003-10-03 02:01:18 +00:00
470c7c30c0
Bug 220963: need to handle the possibility that symKey may be NULL before
...
dereferencing it.
2003-10-01 23:01:46 +00:00
64c44a50f4
Fix for bug 141882 - convert email query keys to lowercase when searching . r=wtc
2003-09-30 02:33:40 +00:00
58d2922f0d
Fix for bug 94413 - OCSP needs more fine tuned error messages. r=wtc
2003-09-30 01:18:55 +00:00
fd6bfd34f5
Move a brace so vi will find the beginning of the function.
2003-09-27 01:45:35 +00:00
7a8c91801a
Fix for bug 219539 - support GeneralizedTime in NSS tools
2003-09-27 00:01:45 +00:00
b220af50ec
Fix for bug 219539 - support GeneralizedTime in NSS tools
2003-09-26 06:18:40 +00:00
2fb81c5b8c
Don't use windowed exponentiation for small public exponents.
...
Speeds up public key operations. Path contributed by
Sheueling Chang Shantz <sheueling.chang@sun.com>,
Stephen Fung <stephen.fung@sun.com>, and
Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
2003-09-26 02:15:12 +00:00
9aa0859dc2
Correct an inaccurate log message.
2003-09-25 21:40:02 +00:00
53b39d4951
Fix typo
2003-09-25 00:25:06 +00:00
f633274323
Fix usage message to list all commands. Also, fix a few lines of
...
code that did not follow the file's convention for indentation.
Bug 203870.
2003-09-24 21:49:49 +00:00
84a7421314
Fix bug 204549. Properly handle memory allocation failures.
2003-09-23 20:47:43 +00:00
ea9c7b9cf1
Bugzilla bug 204549: find_objects_by_template was not setting *statusOpt
...
before one return statement. r=nelsonb.
2003-09-23 20:34:15 +00:00
3ecdf5b682
Correctly compute certificate fingerprints. Bug 220016.
2003-09-23 02:05:47 +00:00
cacf90504b
Fix for 215182 - certutil prints incorrect nickname. r=wtc
2003-09-23 00:10:54 +00:00
ff0ab0d5e6
Bugzilla bug 219713: fixed build bustage on all Unix platforms. We need
...
to export CERT_TimeChoiceTemplate as data for Unix.
2003-09-19 18:00:48 +00:00
c1f8a20c18
Fix for 219082 - support GeneralizedTime in PKCS#7 signatures. r=nelsonb, sr=wtc
2003-09-19 04:16:19 +00:00
41dfa35b34
Fix for 219524 - support GeneralizedTime in S/MIME v3 signatures. r=wtc, sr=nelsonb
2003-09-19 04:14:50 +00:00
c54ab44432
Fix for bug 143334 : add support for GeneralizedTime in certificates and CRLs. r=wtc,nelsonb
2003-09-19 04:08:51 +00:00
06f53aa46d
Fix for 215214 - make certutil show all instances of certs . r=wtc
2003-09-18 02:00:32 +00:00
fca2dd1924
The isOnList function is now unused.
2003-09-18 01:28:52 +00:00
81af9c614e
Fix for bug 215186 - add missing options to PK11_ListCerts . r=wtc
2003-09-18 00:22:18 +00:00
2d02a55087
Add comment in the header for PK11_FindSlotsByAliases
2003-09-12 22:11:31 +00:00
78933c07aa
Bugzilla bug 215152: removed redundant pointer tests. Use
...
SEC_ERROR_LIBRARY_FAILURE for NSS internal errors.
2003-09-12 20:01:56 +00:00
00bfcc6ae5
Bugzilla bug 217247: improved the memory leak fix for the appData nicknames
...
returned by PK11_ListCerts. Instead of allocating them from the heap first
and copying to the arena, allocate them from the arena directly. r=jpierre
Modified Files: certhigh.c pk11cert.c pki3hack.h pki3hack.c
2003-09-12 19:38:04 +00:00
3e12ba21f2
Bugzilla bug 214535: fixed a recursive dead lock on cache->lock. We must
...
not call nssSlot_IsTokenPresent while cache->lock is locked because
that function may call nssToken_Remove, which locks cache->lock. r=mcgreer
2003-09-12 19:17:15 +00:00
c629bfb394
Bugzilla bug 208971: remove obsolete Mac CFM build files from NSS.
2003-09-11 00:04:38 +00:00
160d767599
Bugzilla bug 208971: removed obsolete Mac CFM build files from NSS.
2003-09-11 00:01:07 +00:00
c71f55bb2a
Fix for 215152 - better error handling
2003-09-10 01:33:25 +00:00
24dbc103c8
Fix for bug 215152 . Improve error handling in PK11_FindSlotsByAliases
2003-09-10 01:31:54 +00:00
cc713fc8d3
Further enhance the verbose debugging command line option in tstclnt
...
for the case where client auth is requested by the server. It will
now report the name of the cert sent to the server, or "send no cert".
2003-09-09 20:22:54 +00:00
683c3f9505
Prevent crash if certlist is NULL
2003-09-09 00:54:20 +00:00
20a95ddfde
Fix bug 214307 - add certutil batch mode . r=wtc
2003-09-08 23:30:29 +00:00
51bd14780b
Add PORT_Strpbrk macro
2003-09-08 23:29:14 +00:00
842a5d79c8
Fix for bug 72291 . resolve memory leak on nicknames . r=relyea
2003-09-05 00:15:52 +00:00
891e05f8b0
Remove erroneous assertions
2003-09-03 23:52:01 +00:00
b4b593cf0a
Fix for bug 215152 . Export PK11_FindSlotsByAliases. r=relyea
2003-09-03 22:55:10 +00:00
610ac28a42
Add PK11_FindSlotsByAliases function . r=relyea
2003-09-03 22:48:20 +00:00
609557163f
Fix for 216701 - verify CRLs with cert verification date rather than CRL lastupdate date
2003-08-30 01:07:21 +00:00
90064ce7fc
Bugzilla bug 214674: made the Linux implementation of sslMutex really work.
...
They were no-ops in multiprocess mode before. The patch is Nelson
Bolyard's. r=wtc.
2003-08-28 22:23:59 +00:00
2990fa08b0
Fix for 214201. remove unused variable
2003-08-27 01:47:57 +00:00
a9cb356856
Bugzilla bug 72291: have PK11_ListCerts return all the cert instances on
...
tokens. The patch is Julien Pierre's, with changes by Wan-Teh Chang.
Modified Files: pk11wrap/pk11cert.c pki/pki3hack.c pki/pki3hack.h
2003-08-25 19:18:02 +00:00
b3edbc2128
Bugzilla bug 209827: disable optimization to work around what appears to
...
be a VACPP optimizer bug.
2003-08-22 22:34:07 +00:00
59256190ce
Fix for bug 216944 - CERT_VerifyCertificate optimizations issues . r= wtc
2003-08-22 18:47:07 +00:00
be4ed5debc
Fix from Ian to address Bugzilla bug 202179.
...
The fix restores some old code that was removed as part of our
performance work (Bugzilla bug 145322). Thus, there may be a
slight performance hit, but obviously, we need to have correct
code first.
This is a part of the code I really don't like. To summarize,
there was a hack put in a long time ago to make sure that the
PKCS#11 session in which the SSL keys are generated was never
closed until the last key was deleted. This only worked by chance,
and if any part of the code was changed (as was the case here), this
unstable equilibrium would be lost. As with all hacks, it wasn't
really documented, so the problem escaped our notice. As a result of
putting the hack back in, we're going back to the horribly wasteful
operation of opening 4 sessions and immediately closing them. I intend
to have a proper solution in a later release.
2003-08-12 18:21:55 +00:00
655056191f
Deleted useless local variable 'arena' in cert_ImportCAChain.
2003-08-08 23:15:50 +00:00
13f5b9e4ff
Bugzilla bug 214695: fixed incorrect use of PR_AtomicDecrement on reference
...
counts. The reference count should not be read "naked". Instead, we
should simply use the return value of PR_AtomicDecrement for the result of
the decrement.
Modified Files: dev/devmod.c dev/devslot.c dev/devtoken.c pki/certificate.c
pki/pkibase.c
2003-08-01 02:02:47 +00:00
5da7e31f4d
Fix bug 213084. Detect when cert in signature cannot be imported.
...
Detect NULL pointer, don't crash.
2003-07-31 00:16:27 +00:00
9b590c4f17
Bug 213903: removing unused variables 'delold', 'save', 'entry'
2003-07-28 22:55:16 +00:00
52a39ca16f
Bug 213902 : removing unused variable "next" in "cert_DecodeNameConstraintSubTree"
2003-07-28 21:53:16 +00:00
c771349946
Allow freebl to build correctly under MS VC++ .net 2003 . sr=nelsonb
2003-07-22 02:04:57 +00:00
a08188e177
Bugzilla bug 213158: fixed the misspelling of "attach". The patch is
...
contributed by Pierre Chanial <chanial@noos.fr>.
Modified Files: pk11slot.c secmodt.h
2003-07-19 20:49:35 +00:00
8a8acecae0
Backed out Bob Relyea's workaround for the deadlock in rev. 1.15. The
...
correct fix is in rev. 1.36 of tdcache.c (see Bugzilla bug 212112).
2003-07-11 21:52:04 +00:00
d8bfc7ae2c
Restore sslreq.txt to text form, where it will have different line
...
endings on unix, than on windows or on Mac.
2003-07-11 04:14:24 +00:00
a7db0ece51
Test with the new file sslreq.dat rather than the old file sslreq.txt.
2003-07-11 04:05:12 +00:00
d5d6b8ccc7
This is sslreq.txt with a different file name, to clearly show that
...
this file is to be treated as a binary file, not as text.
2003-07-11 03:55:55 +00:00
bd92e280fe
Bug 212112: we don't need to lock td->cache->lock while calling
...
STAN_ForceCERTCertificateUpdate. This fixed a recursive deadlock.
r=mcgreer.
2003-07-10 01:24:17 +00:00
634e667950
Change cert_GetCertificateEmailAddresses to return NULL rather than
...
a pointer to an empty string when a cert has no email addresses.
Partial fix for bug 211540. Modified certdb/alg1485.c
2003-07-09 04:14:23 +00:00
9b53efa290
Bug 212004: in CERT_IsUserCert we should test for a null cert->trust and
...
treat it as no trust. r=nelsonb.
2003-07-09 04:12:16 +00:00
77b1d5b56e
Export SEC_DupCRL and declare it in certdb.h. Bug 208194.
...
Modified Files: nss/nss.def certdb/certdb.h
2003-07-09 04:00:48 +00:00
60aaf7bbf5
Bug 211384: fixed the bug that importing a CRL that already exists in the
...
DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we
should not obtain a slot reference because PK11_FindCrlByName already
obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot
reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
2003-07-08 18:41:28 +00:00
f6802aac5b
patch to correct false failure reporting - bug 167825
2003-07-03 17:50:18 +00:00
a206d21cd7
Add missing declaration of NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate
2003-07-03 07:04:30 +00:00
edb69e7969
Fix bug 211049. Another issue with empty pointer lists from group
...
decodings. Patch by Wan-Teh Chang <wtc@netscape.com>.
2003-07-01 01:16:57 +00:00
8c68d71e97
Change the function definitions in dev so that the ctags program will
...
produce valid tags from these sources.
2003-07-01 00:32:22 +00:00
b71485c4fe
Bug 210660: backed out the main change in the fix for bug 145322 because
...
the adoption of session is not thread safe. This eliminates most of the
saving of sessions, but we must be correct first, and then optimize.
r=nicolson,nelsonb.
Modified Files: pk11func.h pk11skey.c
2003-06-27 22:28:50 +00:00
66b6198a4f
Fix several bugs reported in bug 210707.
...
Change loops over RDNs and AVAs to detect NULL pointers.
Change list of attribute type "keywords" to match RFCs and internet
drafts.
Quote attribute values strings that contain adjacent embedded blanks.
Don't quote hex string values.
Always use hex string values when type OID is unrecognized.
2003-06-27 00:33:05 +00:00
a3501517f5
Move the declaration for CERT_CompareNameSpace from cert.h to genname.h
...
because it is a private function. Change the interface for this
function so that it returns a SECStatus, unambiguously indicating the
success or failure of the name constraints test. The function no
longer takes a list of cert subject names, instead, it takes a list
of cert pointers, and optionally outputs one of those pointers when
an error occurs. This eliminates a cert reference leak.
2003-06-26 01:56:34 +00:00
b54a7e669d
This patch extracts rfc822 names from a cert's distinguished name at the
...
time when the list of cert names is being built and builds a GeneralName
out of it, just as if the rfc822 name had come from a subject alt name
extension. This way, no special handling is needed of either directory
names or rfc822 names in the name constraints code. The special "phase 1"
loop in cert_CompareNameWithConstraints disappears compmletely. And all
the cases in the (former phase 2) loop can now simply assert that the
name's type matches the constraint's type exactly.
This patch also factors out the code that creates new CERTGeneralNames and
that copies a single CERTGeneralName into new separate functions. This
eliminates a lot of duplicated code whose correctness required lengthy
inspection. Now these primitive operations are centralized.
2003-06-26 01:25:10 +00:00
195925a071
enabling log scraping in header instead
2003-06-25 21:57:21 +00:00
7361de7ee8
enabling log scraping in header instead, where RESULTDIRURL gets created
2003-06-25 21:56:19 +00:00
0d74efc36a
removed new variable for Win platform - extra - don't need
2003-06-25 21:39:54 +00:00
2ff0613d68
fix URL for Windows platform
2003-06-25 20:43:18 +00:00
e886704557
taking out un-needed stuff
2003-06-25 17:39:38 +00:00
02c8289ae0
Shorten the clickable text portion of RESULTDIRURL.
2003-06-25 04:23:34 +00:00
21cb365b1b
enabling log scraping
2003-06-25 00:55:13 +00:00
854c25c27f
Whitespace cleanup. This patch causes numerous lines that were wider
...
than 80 columns to be folded according to NSS coding conventions.
This patch does not fix any run-time error.
2003-06-23 23:15:33 +00:00
0eb7881d00
CERT_EncodeGeneralName and CERT_DecodeGeneralName contain large switch
...
statements that repeat code for every case. This patch factors out that
common code from the cases, making the switches much smaller and reducing
bloat.
2003-06-21 08:10:07 +00:00
c40a094aad
Cleanup CERT_GetGeneralNameByType so that it detects when it has
...
encountered a general name of a type that it doesn't recognize, and
so that it properly casts the return value to be of the right type.
2003-06-21 07:07:47 +00:00
c45b36fd03
The general name code uses arenas, which is good, but it never marks
...
and releases space in the arenas, so the arenas just grow and grow
until the test is completely over. This patch adds comments showing
where mark and release calls could (and probably should) be added.
It also changes CERT_CopyGeneralName to have only two exit paths,
two return statements, in preparation for the eventual use of mark and
release.
2003-06-21 06:44:43 +00:00
f97a7f6cd8
a) Add more missing null pointer tests that I discovered. Bug 208649.
...
b) change all PORT_*Alloc calls that allocate new structs or arrays of
same to use the PORT_*New* macros instead.
c) ifdef out some dead functions that are rife with failure to detect
allocation failures.
2003-06-21 05:23:07 +00:00
87bcdd00c7
Fix deadlock bugscape 46733
2003-06-20 23:34:46 +00:00
20c2ba3f7f
sigh, another time
2003-06-20 23:24:11 +00:00
2f8ca931b2
one more time, trying to make link clickable
2003-06-20 18:36:57 +00:00
c46e246f05
Declare src argument to SEC_ASN1DecodeItem to be const.
2003-06-20 01:52:19 +00:00
6e7873e60b
echo out RESULTDIRURL; r=wtc
2003-06-19 23:04:25 +00:00
2350158b22
made RESULTDIRURL clickable link; r=wtc
2003-06-19 23:03:59 +00:00
3d80fd68c8
Carry Wan-Teh's fix for bug 208996 forward to trunk.
2003-06-19 03:48:19 +00:00
1b8ef33451
Fix numerous more potential NULL pointer deref crashes. Bug 208038
2003-06-19 01:08:53 +00:00
c10a03ec6a
checking in version 1.60 with additional space
2003-06-18 19:13:11 +00:00
7fe19d8d55
backing out my recent changes - some platforms showing tests failed
2003-06-18 08:13:07 +00:00
ffece90162
had to put in netscape specific unix base dir as well
2003-06-18 07:11:15 +00:00
42f215d88f
put URL specific stuff inside nscp specific loop
2003-06-18 06:02:28 +00:00
4e4909c4db
Further refinements to the Name Constraints checking logic, to make it
...
more compliant with RFC 3280. Bug 208047.
2003-06-18 04:32:44 +00:00
1674961d5e
Move declarations of NSS private functions for general names from cert.h
...
to genname.h, and eliminate declarations from cert.h that were also
in genname.h. If we ever decide to make any of these functions public,
we can move their declarations back to cert.h.
2003-06-18 00:38:12 +00:00
b7d5426a55
Make CERT_DecodeAVAValue take const inputs and detect NULL pointers.
...
Rewrite CERT_CompareAVA to compare the type OIDs first, and then if
the values are not of the same encoding, convert them before comparing.
Also, do comparisons of printableString encoding properly. Bug 208649.
2003-06-17 23:44:14 +00:00
8770abe071
modified header to print link of resultsdir to browser log
2003-06-17 21:21:33 +00:00
0d1f5df277
const. Got it? Const!
2003-06-11 23:12:38 +00:00
2b945570e0
Harden SECITEM_CompareItem against NULL pointers.
2003-06-07 03:05:49 +00:00
24f3d87aec
Rewrite of cert_CompareNameWithConstraints and the static functions it
...
calls, to make it conform with RFC 3280. Bug 208047.
2003-06-06 09:12:21 +00:00
42c05f5adf
Rewrite SECITEM_ItemsAreEqual to be faster when item lengths are not
...
equal and to not crash if an item contains a NULL data pointer.
2003-06-06 04:51:26 +00:00
67066de273
Add new OIDs for directory name attribute types. Bug 207711.
2003-06-06 04:48:45 +00:00
d88e22d7a7
Augment and centralize the list of known cert name attribute types.
...
Bug 207711.
2003-06-06 01:17:04 +00:00
ea8360788d
Eliminate more NULL pointer dereferences. Bug 207740.
2003-06-05 04:59:38 +00:00
a37c36f1a7
Bug 208343: removed two Baltimore root certificates.
...
Modified Files: certdata.c certdata.txt
2003-06-05 00:53:27 +00:00
81e3889b8f
PORT_Alloc and PORT_ZAlloc always allocate at least one byte, even if
...
the caller requests zero bytes. This patch makes PORT_ArenaAlloc
and PORT_ArenaZAlloc do the same.
2003-06-03 23:24:31 +00:00
9ea284e156
bug 156256, removed unused Stan files with long names
2003-06-03 20:59:15 +00:00
6a94e6afc1
Bug 207379: added instructions for removing a builtin root CA cert from
...
NSS.
2003-06-02 23:16:51 +00:00
3deaa56778
Back out rev 1.27, which turned verbose mode on by default for debugging
...
QA test script failures that only occurred on tinderbox machines.
bug 207313 is now fixed.
2003-06-02 20:39:48 +00:00
712fea2e39
Bug 204555: Eliminated other potential crashes in code related to
...
certificate names. r=wtc. (The patch is Nelson's.)
2003-06-02 18:10:43 +00:00
bf31f92133
This patch does two things, one large and one small. Bug 207313.
...
1, It uses two new symbols SSOCK_FD and STDIN_FD instead of 0 and 1 to
reference members of the poll set array. I just could never remember whether
pollset[0] was the socket or was stdin. Now I don't have to remember.
This changes a lot of lines, but is very simple.
2. It implementa a new flag clientSpeaksFirst, set with the -f option.
The only effect of this flag is whether the value of
pollset[SSOCK_FD].in_flags is initially zero (if true) or PR_POLL_READ (if false). Note that pollset[SSOCK_FD].in_flags is set to PR_POLL_READ after
each succesful write to the socket.
2003-06-01 03:01:39 +00:00
34fcdc2566
Bug 206926: Added the makefile rule to export PRIVATE_EXPORTS headers.
2003-05-31 00:12:18 +00:00
bebd4ac34e
Bug 206926: 1. Undo the changes to secrng.h, pqgutil.h, swfutl.c,
...
unix_rand.c, and win_rand.c. 2. Make secrng.h and pqgutil.h private.
3. Public header pk11pqg.h can't include private header pqgutil.h.
4. Many files don't need to include secrng.h. A few don't need to include
pqgutil.h. 5. Remove duplicate declarations of PQG_DestroyParams and
PQG_DestroyVerify from blapi.h.
2003-05-30 23:31:32 +00:00
072b028b11
Eliminate TCP connection reset errors that occur when server requires
...
client auth and SSL3 client doesn't authenticate. The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
c7f2b76a30
Resolves bug 206971 - selfserv should OptimizeSpeed (use NSS_Initialize).
...
Both selfserv and strsclnt no longer OptimizeSpace. Moved SECMOD_DB
defines from nssinit.c to nss.h, make it availble for public use with
NSS_Initialize().
2003-05-30 17:25:13 +00:00
2ede35f2c3
Back out rev 1.28 to test some hypotheses about bug 207313.
2003-05-30 10:06:29 +00:00
01d479d131
Correct all the tests in which the server requires client auth, but the
...
client does not supply it, so that the client actually will NOT supply
it. Previously, the client was supplying client auth in all these tests,
and the https requests were completing succesfully, when they should have
been failing. Bug 207398.
2003-05-30 05:40:40 +00:00
772d71205a
Change the SSL3 stress test to disable TLS, so that it will actually
...
test SSL3. Uses the new -T option recently added to strsclnt.
2003-05-30 05:38:12 +00:00
c8b735a8c3
Add -3 and -T options, with same meaning as in tstclnt and selfserv,
...
disabling SSL3 and TLS respectively. With this change, the QA stress
tests that say they're testing SSL3 or TLS can finally test what they
claim they are testing.
2003-05-30 05:35:52 +00:00
4b13346f0d
Bugzilla 207379: removed the certificate "ValiCert OCSP Responder".
...
Bumped version to 1.40 (for NSS 3.9). r=relyea.
Modified Files: certdata.c certdata.txt nssckbi.h
2003-05-29 14:26:16 +00:00
8576f4ea62
Correctly copy RDNs with empty AVA lists. Partial fix for bug 204555.
2003-05-28 21:18:09 +00:00
ba98042a1a
Adding Darwin 6.5 platform
2003-05-28 17:28:36 +00:00
1e2859edec
Fix this file to be proper http request syntax. Note: file is now a
...
binary file to assure identical line endings on all platforms.
2003-05-28 02:18:27 +00:00
92993f0ad4
All diagnostic output goes to stderr, not stdout. This change facilitates
...
investigation of bug 207313.
2003-05-28 02:11:17 +00:00
2a87d0d523
Bug 206926: certcgi.c should not include blapi.h. Use the PK11_PQG_
...
functions instead.
2003-05-28 00:47:47 +00:00
710239c9ca
Bug 206934: use __declspec instead of _declspec. __declspec is the
...
documented form and the only form accepted by the MinGW compiler. The
patch is contributed by Christopher Seawood <seawood@netscape.com>. r=wtc.
2003-05-28 00:07:36 +00:00
a5136af537
Checked in more temporary debugging code for the strange QA failure on
...
Windows.
2003-05-25 19:19:28 +00:00
f85e9f91a8
Enabled verbose mode temporarily for debugging a strange QA failure on
...
Windows.
2003-05-25 04:16:03 +00:00
dd3c7fb4fe
Bug 206926: now that secrng.h and pqgutil.h include blapit.h instead of
...
blapi.h, some files that include secrng.h or pqgutil.h need to include
blapi.h directly.
Modified Files: certcgi.c swfutl.c unix_rand.c win_rand.c
2003-05-25 01:21:27 +00:00
3f9a09add1
Fix bugs experienced with oddly constructed general names.
...
Partially fixes bug 204555. r=wtc a=sspitzer
2003-05-24 06:27:35 +00:00
nelsonb%netscape.com
jpierre%netscape.com
wchang0222%aol.com
relyea%netscape.com
bishakhabanerjee%netscape.com
ian.mcgreer%sun.com
wtc%netscape.com
kirk.erickson%sun.com