Speeds up public key operations. Path contributed by
Sheueling Chang Shantz <sheueling.chang@sun.com>,
Stephen Fung <stephen.fung@sun.com>, and
Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
store the slot pointer for the certificate *instance*. This slot pointer
is not necessarily cert->slot. Try to get the correct slot pointer for a
cert instance where possible. This patch helps us handle multiple
instances of the same cert better.
Modified Files:
PK11Finder.c pkcs11/PK11Cert.c pkcs11/PK11Cert.java
pkcs11/PK11InternalCert.java pkcs11/PK11InternalTokenCert.java
pkcs11/PK11Store.c pkcs11/PK11Token.c
pkcs11/PK11TokenCert.java pkcs11/pk11util.h
provider/java/security/JSSKeyStoreSpi.c ssl/SSLServerSocket.c
ssl/callbacks.c ssl/common.c ssl/jssl.h util/java_ids.h
returned by PK11_ListCerts. Instead of allocating them from the heap first
and copying to the arena, allocate them from the arena directly. r=jpierre
Modified Files: certhigh.c pk11cert.c pki3hack.h pki3hack.c
has changed to mean a different thing (the standard GCC meaning, rather
than Apple's earlier hacks). The patch is contributed by Brian Ryner
<bryner@brianryner.com>.
2. Specify the standard AIX libpath, otherwise the directories we pass to
the -L linker flags get added to the libpath. 3. Support building on AIX
5.2. The patch is contributed by Philip K. Warren <pkw@us.ibm.com>. r=wtc.
Modified Files: AIX.mk AIX4.2.mk AIX4.3.mk AIX5.1.mk
Added Files: AIX5.2.mk
during CryptoManager.initialize(), before we add JSS as a provider. The
KeyType class was failing to load properly, because its static initializers
force the class load of KeyWrapAlgorithm, whose signature needed to be
verified, which invoked JSS's signature provider, which accessed KeyType.
Basically, installing JSS as the default signature provider before its
classes have loaded creates a possibility of circular dependencies in class
initialization. The patch is due to Jamie Nicolson. r=wtc.
Modified Files: CryptoManager.java pkcs11/KeyType.java
The fix restores some old code that was removed as part of our
performance work (Bugzilla bug 145322). Thus, there may be a
slight performance hit, but obviously, we need to have correct
code first.
This is a part of the code I really don't like. To summarize,
there was a hack put in a long time ago to make sure that the
PKCS#11 session in which the SSL keys are generated was never
closed until the last key was deleted. This only worked by chance,
and if any part of the code was changed (as was the case here), this
unstable equilibrium would be lost. As with all hacks, it wasn't
really documented, so the problem escaped our notice. As a result of
putting the hack back in, we're going back to the horribly wasteful
operation of opening 4 sessions and immediately closing them. I intend
to have a proper solution in a later release.
counts. The reference count should not be read "naked". Instead, we
should simply use the return value of PR_AtomicDecrement for the result of
the decrement.
Modified Files: dev/devmod.c dev/devslot.c dev/devtoken.c pki/certificate.c
pki/pkibase.c
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.comsr=bzbarsky@mit.edumoa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
right way. The basename function that we were using only works when
$(OS_RELEASE) has exactly three components. The patch is contributed by
Ed Catmur <ed@catmur.co.uk>. r=wtc.
add an ok button which can be used to dismiss the window, inherit the ok/help buttons from the dialog
overlay.
Add spacing between the tree control and the edit / delete buttons underneath the tree control.
r=kaie
sr=sspitzer
DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we
should not obtain a slot reference because PK11_FindCrlByName already
obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot
reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
the adoption of session is not thread safe. This eliminates most of the
saving of sessions, but we must be correct first, and then optimize.
r=nicolson,nelsonb.
Modified Files: pk11func.h pk11skey.c
Change loops over RDNs and AVAs to detect NULL pointers.
Change list of attribute type "keywords" to match RFCs and internet
drafts.
Quote attribute values strings that contain adjacent embedded blanks.
Don't quote hex string values.
Always use hex string values when type OID is unrecognized.
because it is a private function. Change the interface for this
function so that it returns a SECStatus, unambiguously indicating the
success or failure of the name constraints test. The function no
longer takes a list of cert subject names, instead, it takes a list
of cert pointers, and optionally outputs one of those pointers when
an error occurs. This eliminates a cert reference leak.
time when the list of cert names is being built and builds a GeneralName
out of it, just as if the rfc822 name had come from a subject alt name
extension. This way, no special handling is needed of either directory
names or rfc822 names in the name constraints code. The special "phase 1"
loop in cert_CompareNameWithConstraints disappears compmletely. And all
the cases in the (former phase 2) loop can now simply assert that the
name's type matches the constraint's type exactly.
This patch also factors out the code that creates new CERTGeneralNames and
that copies a single CERTGeneralName into new separate functions. This
eliminates a lot of duplicated code whose correctness required lengthy
inspection. Now these primitive operations are centralized.
UTF-8 in all XUL files to make them to be genuinely encoded in UTF-8. All the
changes are in comments so that this shouldn't affect anything at run-time.
(r=hwaara)
statements that repeat code for every case. This patch factors out that
common code from the cases, making the switches much smaller and reducing
bloat.
and releases space in the arenas, so the arenas just grow and grow
until the test is completely over. This patch adds comments showing
where mark and release calls could (and probably should) be added.
It also changes CERT_CopyGeneralName to have only two exit paths,
two return statements, in preparation for the eventual use of mark and
release.
b) change all PORT_*Alloc calls that allocate new structs or arrays of
same to use the PORT_*New* macros instead.
c) ifdef out some dead functions that are rife with failure to detect
allocation failures.
to genname.h, and eliminate declarations from cert.h that were also
in genname.h. If we ever decide to make any of these functions public,
we can move their declarations back to cert.h.
Rewrite CERT_CompareAVA to compare the type OIDs first, and then if
the values are not of the same encoding, convert them before comparing.
Also, do comparisons of printableString encoding properly. Bug 208649.
