Commit Graph

3838 Commits

Author SHA1 Message Date
julien.pierre.bugs%sun.com
8eb43e8ec2 Fix for bug 262375 . Add clobber_dbm and clobber_nspr targets, as well as nss_clean_all . r=nelson 2006-04-14 22:48:31 +00:00
nelson%bolyard.com
b39425fcfa big cleanup of error codes returned by pkcs12 library.
No longer returns SEC_ERROR_NO_MEMORY for every possible error code.
Bug 321584. r=neil.williams
2006-04-14 18:34:44 +00:00
nelson%bolyard.com
efdb126901 Fix broken optimized builds, caused by last checkin. Bug 236245. 2006-04-14 00:43:19 +00:00
nelson%bolyard.com
c4fb4fa280 Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
nelson%bolyard.com
1cfdf61890 Add and use new -2 option for strsclnt to disable SSL2 compatible client
hellos, so we can stress test TLS hello extensions.  Bug 333559.
r=julien.pierre,rrelyea
2006-04-13 22:43:31 +00:00
wtchang%redhat.com
b95ecf558f Bugzilla Bug 330114: corrected the checks for the PKCS #1 v1.5 padding
string and the length of the data (hash). r=nelsonb,relyea.
2006-04-13 22:12:17 +00:00
julien.pierre.bugs%sun.com
6493a984f5 Fix for 333657 . Increase maximum RSA key size to 8192 bits in freebl. r=nelson 2006-04-12 05:37:52 +00:00
alexei.volkov.bugs%sun.com
258c59ba66 [Bug 332272] add core detection functionality to all.sh; r=nelson 2006-04-12 01:14:27 +00:00
wtchang%redhat.com
90d708c409 Bugzilla Bug 331413: assert that the worker threads empty the jobQ before
they terminate.  Fix a socket leak when the SSL_ImportFD call in
handle_connection fails. r=nelson.bolyard.
2006-04-11 21:12:28 +00:00
nelson%bolyard.com
c65c61b8c5 Implement new API for registering and deregistering shutdown callback functions.
Patch by Bob Relyea and Nelson Bolyard. r=rrelyea,nelson  Bug 326482.
2006-04-08 05:11:55 +00:00
nelson%bolyard.com
424fabe58a Bug 333090: CKM_DH_PKCS_KEY_PAIR_GEN always fails. r=nelson, sr=rrelyea
Patch contributed by Andreas.Sterbenz@sun.com
2006-04-08 05:05:01 +00:00
nelson%bolyard.com
bbd7fa2247 WORKAROUND: disable all the ECDH_RSA cipher suites tests, since all those
tests require a cert with an EC public key and an RSA signature, and the
test scripts do not presently generate such a cert.
This workaround can be backed out when the real fix is available.
Bug 332222. r=neil.williams
2006-04-08 04:28:32 +00:00
kaie%kuix.de
1c0c7bbeb8 bug 331648, signed/unsigned bug submitting CRMF cert requests
r=rrelyea, sr=nelson
2006-04-07 11:41:18 +00:00
nelson%bolyard.com
1f32c2cf8f Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul 2006-04-07 06:24:07 +00:00
julien.pierre.bugs%sun.com
7ceb91038f Fix for bug 311164 . Initialize stan cert store object early to fix a race condition. r=nelson 2006-04-07 05:49:04 +00:00
julien.pierre.bugs%sun.com
b532759c4f Fix for bug 315793 . Make shlibsign run in the OBJDIR rather than the source directory . r=nelson 2006-04-06 06:22:02 +00:00
julien.pierre.bugs%sun.com
7c86f12851 Fix for bug 315798 . run bltest and rsaperf from source directories in the QA . r=nelson 2006-04-06 06:19:41 +00:00
nelson%bolyard.com
acfe04a6dd Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert
has an ECDSA signature.  bug 332350. r=vipul.gupta.
2006-04-06 04:40:49 +00:00
julien.pierre.bugs%sun.com
51b246188b Partial fix for bug 332348 . Add PR_POLL_EXCEPT to a PR_Poll . Allows tstclnt to wake up if server goes away. r=wtchang 2006-04-06 01:49:03 +00:00
nelson%bolyard.com
53b9b7ff2f Fix shell script error that caused undetected QA failures. Bug 311931.
r=nelson.bolyard,alexei.volkov
2006-04-05 19:35:47 +00:00
nelson%bolyard.com
779a0beabf Add new -i (ignore errors) command line option to strsclnt. Strsclnt now
stops soon after the first error unless the -i option is given.
Strsclnt and tstclnt now look for an environment variable named
NSS_DEBUG_TIMEOUT, and if present, its value is used as a timeout time
for all socket IO operations.  Bug 332348. r=julien.pierre.
2006-04-04 07:31:46 +00:00
nelson%bolyard.com
edbca07369 Eliminate duplicated header files in cmd/SSLsample. Bug 332633.
r=julien.pierre
Modified Files: SSLsample/client.mn SSLsample/server.mn lib/manifest.mn
Removed Files:  SSLsample/NSPRerrs.h SSLsample/SECerrs.h SSLsample/SSLerrs.h
2006-04-04 01:56:27 +00:00
glen.beasley%sun.com
482dc1a71e David Baron fix for valgrind report of UMR r=wtchang sr=Nelson 2006-04-04 01:01:51 +00:00
nelson%bolyard.com
fecbcf26d6 Define alerts and error codes for TLS Hello extensions. Bug 226271.
r=julien.pierre
2006-04-04 00:32:27 +00:00
rrelyea%redhat.com
c152a5f5fa Bug 332381 pk12util fails to import key/cert onto LunaSA HSM
r=nelson
2006-03-31 21:35:37 +00:00
gerv%gerv.net
41fd37565a Bug 236613: change to MPL/LGPL/GPL tri-license. 2006-03-31 04:41:00 +00:00
rrelyea%redhat.com
2cef28020c bug 309701 Softtoken C_CreateObject() should not require
CKA_NETSCAPE_DB attribute to be present

r=alexei
2006-03-31 00:38:48 +00:00
rrelyea%redhat.com
f6290f423b From Bug 331279.
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei
2006-03-30 21:07:22 +00:00
julien.pierre.bugs%sun.com
39ee00370d Fix for 330068 . Be more verbose in strsclnt error cases 2006-03-29 22:35:44 +00:00
alexei.volkov.bugs%sun.com
209577ded2 331515: selfserv Bus error on 3DES ciphersuites; r=julien, sr=nelson 2006-03-29 07:23:40 +00:00
julien.pierre.bugs%sun.com
b6762d713e Remove comment in ssl.sh that messes execution. Part of fix for bug 331413. 2006-03-29 06:54:56 +00:00
julien.pierre.bugs%sun.com
01fe9ff1bf Fix for bug 330068 . Increment counter variable atomically. Be more verbose. r=nelson 2006-03-29 05:05:09 +00:00
julien.pierre.bugs%sun.com
bd3cb7e1ef Partial fix for bug 331413 . Allow selfserv to be tested for reference leaks. r=nelson 2006-03-29 05:03:10 +00:00
glen.beasley%sun.com
0224b3a860 318970 wtc fix for RSA fipstest using RSA_HashSign r=neilW sr= brelyea 2006-03-25 23:45:23 +00:00
rrelyea%redhat.com
c8e770c69d Bug 321350 Implement optimized code for NIST Suite B elliptic curves
r=douglas r=vipul
2006-03-24 22:55:51 +00:00
nelson%bolyard.com
a9beb655f0 Backout changes for bug 321350
Implement optimized code for NIST Suite B elliptic curves
Those changes broke the build on Solaris.  r=Sheriff Nelson
2006-03-24 09:08:24 +00:00
rrelyea%redhat.com
e72ce470d4 321350 Implement optimized code for NIST Suite B elliptic curves
r=douglas.
2006-03-23 19:55:37 +00:00
rrelyea%redhat.com
e13e6cc7f7 Bug 238051 Enable SSL session reuse for ECC cipher suites
r=nelson r=thomas.

patch in bug + white space changes suggested by nelson.
2006-03-22 19:18:30 +00:00
rrelyea%redhat.com
2bfdfe5969 Updated previous patch with douglas's input. (still bug 323817
Truncation of hashes for ECDSA should be done at bit level, not octet level).
r= vipul r=douglas
2006-03-22 19:02:06 +00:00
rrelyea%redhat.com
01ef3de28a Bug 273637 3 locks in softoken have unsafe initialization
r=alexi r=julien
2006-03-21 19:36:53 +00:00
rrelyea%redhat.com
dd7e2a2cf6 Correct bug entry:
25683 EC param parsing error not propagated correctly
r=andreas.
2006-03-21 19:33:52 +00:00
rrelyea%redhat.com
6a7da6374e Backing out previous changes that invalid or incorrect log entries for this
patch.
2006-03-21 19:30:10 +00:00
rrelyea%redhat.com
e182cdf8e2 *** empty log message *** 2006-03-21 19:23:30 +00:00
rrelyea%redhat.com
c385e5088d Bug 273637 3 locks in softoken have unsafe initialization
r=alexi r=julien
2006-03-21 02:28:48 +00:00
nelson%bolyard.com
6c95b75b6a Avoid stack overflow while generating primes. Bug 310145. r=wtchang 2006-03-19 05:09:30 +00:00
rrelyea%redhat.com
5f90fef71c Bug 238051 Enable SSL session reuse for ECC cipher suites
r=nelson
2006-03-17 21:15:09 +00:00
rrelyea%redhat.com
14c38aa668 Bug 329072 client sometimes fails to authenticate despite having cert
r= nelson
2006-03-17 20:44:23 +00:00
rrelyea%redhat.com
9e18a1acf3 Bug 323817 Truncation of hashes for ECDSA should be done at bit level, not octet level
r=vipul.gupta@sun.com
2006-03-17 16:58:06 +00:00
rrelyea%redhat.com
11b860880e Bugzilla Bug 326503 producing a ProofOfPossession signature on a EC CRMF fails
Use SEC_GetSignatureAlgorithmOidTag() to map to the signature oid.
r=wtc
2006-03-15 21:46:24 +00:00
rrelyea%redhat.com
2b42f9feb9 Bugzilla Bug 326503 producing a ProofOfPossession signature on a EC CRMF fails
patch makes SHA1 the default hashing for RSA rather than MD5.
patch by wtc r=rrelyea.
2006-03-15 21:42:21 +00:00
rrelyea%redhat.com
aab12ab3a8 bug 329058 mpmontg.c doesn't compile when MP_CHAR_STORE_SLOW is defined
r=wtc
2006-03-15 19:22:32 +00:00
rrelyea%redhat.com
c783f88c97 bug 329058 mpmontg.c doesn't compile when MP_CHAR_STORE_SLOW is defined
r=wtc
2006-03-15 19:13:12 +00:00
nelson%bolyard.com
2996640c67 Bug 324448. Convert mpi_x86.asm to mpi_x86_asm.c for Win32 built with MSVC.
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
r=julien.pierre sr=nelson@bolyard.com
2006-03-10 06:48:46 +00:00
nelson%bolyard.com
d42549b7ac Bug 324448. Convert mpi_x86.asm to mpi_x86.c for Win32 built with MSVC.
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
2006-03-09 23:50:43 +00:00
nelson%bolyard.com
41a9b174bd Bug 324448. Convert mpi_x86.asm to mpi_x86.c for Win32 built with MSVC.
Patch contributed by Benjamin Smedberg <benjamin@smedbergs.us>
r=julien.pierre  sr=nelson@bolyard.com
2006-03-09 23:46:45 +00:00
nelson%bolyard.com
19a46702bf Bug 329002. fix cert reference leak. r=alexei.volkov,rrelyea 2006-03-09 23:38:57 +00:00
christophe.ravel.bugs%sun.com
3203ada5f3 Bugzilla 324887: merge ECC and non-ECC QA test scripts.
Add return code and error message for ssl_stress and ssl_cov.
r=vipul, sr=nelson.
2006-03-08 00:47:28 +00:00
wtchang%redhat.com
a0ed51d33e Bugzilla Bug 329575: ECPoint_mul should multiply a point by the group order
faithfully because this operation is required by the public key validation
algorithm.  r=douglas.stebila,vipul.gupta.
2006-03-08 00:19:34 +00:00
wtchang%redhat.com
d679dc6d35 Bugzilla Bug 320578: added a new function ec_GenerateRandomPrivateKey to
generate a random private key without bias using the algorithm of FIPS
186-2 Change Notice 1, and use it to generate EC private key d and ECDSA
ephemeral private key k.  The patch is contributed by Douglas Stebila
<douglas@stebila.ca> and improved by me. r=douglas.stebila,vipul.gupta.
2006-03-06 23:48:39 +00:00
wtchang%redhat.com
85a72075f3 Bugzilla Bug 324887: The previous checkin introduced a comment bug. A
comment line must begin with exactly one '#' character followed by white
space.
2006-03-03 22:10:30 +00:00
wtchang%redhat.com
f1ca8f1fd1 Bugzilla Bug 324887: merged ECC and non-ECC QA test scripts and removed
ECC QA test scripts.  The patch is written by Vipul Gupta and Christophe
Ravel of Sun. r=wtc,nelsonb,jpierre
Modified Files:
	cert/cert.sh smime/smime.sh ssl/ssl.sh ssl/sslauth.txt
	ssl/sslcov.txt ssl/sslstress.txt tools/tools.sh
Removed Files:
	fixtests.sh cert/eccert.sh smime/ecsmime.sh ssl/ecssl.sh
	ssl/ecsslauth.txt ssl/ecsslcov.txt ssl/ecsslstress.txt
	tools/ectools.sh
2006-03-03 20:06:03 +00:00
wtchang%redhat.com
de8be1e067 Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key
pair with only one key. r=nelson.bolyard.
2006-03-03 18:48:09 +00:00
wtchang%redhat.com
aed20ed068 Bugzilla bug 326482: removed incorrect comments. r=nelson.bolyard. 2006-03-03 18:45:54 +00:00
nelson%bolyard.com
ac042bff56 Fix standalone mpi Makefile to build on OS/X. Bug 327405.
Patch contributed by Douglas Stebila <douglas@stebila.ca>
2006-03-03 04:21:56 +00:00
nelson%bolyard.com
5e2ca73982 Bug 327677. Fix cert object reference leak. r=julien.pierre,nelson
Patch contributed by Alexei Volkov <alexei.volkov.bugs@sun.com>
2006-03-03 04:00:49 +00:00
wtchang%redhat.com
57a3c7aa21 Bug 236613: change to MPL/LGPL/GPL tri-license. 2006-03-02 22:48:55 +00:00
wtchang%redhat.com
b69eb504ce Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of
ECDSA signatures.  Backed out a temporary workaround in
ECDSA_SignDigestWithSeed.  Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
	cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
	freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
	ssl/ssl3con.c
2006-03-02 00:07:08 +00:00
wtchang%redhat.com
8696bd362e Bugzilla Bug 326403: use "Mozilla Foundation" as the manufacturer or
producer of our shared libraries/DLLs.  Removed the optional copyright
notices from our DLLs. r=relyea,jpierre.
Modified Files:
	lib/ckfw/builtins/constants.c lib/ckfw/builtins/nssckbi.rc
	lib/ckfw/capi/nsscapi.rc lib/ckfw/dbm/instance.c
	lib/freebl/freebl.rc lib/nss/nss.rc lib/smime/smime.rc
	lib/softoken/pkcs11.c lib/softoken/softokn.rc lib/ssl/ssl.rc
2006-03-01 19:44:36 +00:00
rrelyea%redhat.com
f95ae18fe7 Remove mp_init/mp_clear calls (and potential mallocs,frees and zeros)
in tight loops for bug #326482

r=nelson
2006-03-01 17:09:17 +00:00
rrelyea%redhat.com
6a21aaef0e bug 326482 Implement the derive sensitive only for those derivation functions that require it.
fixes a performance problem with ECDH.

r=wtchang, nelson.
2006-03-01 16:12:22 +00:00
nelson%bolyard.com
340adcfbfa Bug 327405. Correct EC keypair Generation. r=vipul.gupta,nelson.bolyard
Patch contributed by Douglas Stebila <douglas@stebila.ca>
2006-03-01 07:06:24 +00:00
nelson%bolyard.com
56fc6fa166 Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre 2006-03-01 05:45:45 +00:00
wtchang%redhat.com
7986d13c5b Bugzilla Bug 327978: removed obsolete files, superseded by the ecl
directory.  r=douglas.stebila.
Removed files: GF2m_ecl.c GF2m_ecl.h GFp_ecl.c GFp_ecl.h
2006-02-28 23:43:19 +00:00
nelson%bolyard.com
a86941f281 Bug 326315. Warning Reduction. On TRUNK only. r=Julien.Pierre 2006-02-28 05:56:07 +00:00
nelson%bolyard.com
74a0a6eea2 Bug 325683. EC param parsing error not propagated correctly.
Fix the cases that Andreas identified.  Patch by Andreas.Sterbenz@sun.com
r=Julien,wtchang,nelson
2006-02-28 05:44:56 +00:00
nelson%bolyard.com
4b1a1b7cb3 Bug 326690. Enable modutil to configure default slots for the
AES, SHA256 or SHA512 mechanisms.  r=rrelyea,julien.pierre
2006-02-28 05:16:00 +00:00
nelson%bolyard.com
52395a4abb Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites
from being negotiated by NSS servers.  Necessary until the server side
of the _DHE_ cipher suites is fully implemented.  r=Julien,Wan-Teh,Vipul
2006-02-28 04:20:23 +00:00
wtchang%redhat.com
7a0f0203c7 Bugzilla Bug 320038: checked in a better fix that allows us to write
EC domain parameters as hex strings with leading 00's. r=douglas.stebila
sr=relyea.
Modified files: softoken/ecdecode.c freebl/ecl/ecl-curve.h
2006-02-27 23:18:34 +00:00
wtchang%redhat.com
6c376850a1 Bugzilla Bug 328228: fixed the typo "secp169k1". The patch is contributed
by jyri <jyri.virkki@sun.com>. r=wtc,vipul.gupta.
Modified files: bltest/blapitest.c certutil/certutil.c
2006-02-22 22:15:57 +00:00
christophe.ravel.bugs%sun.com
178bda1252 Change NSS version to 3.12 Beta on the tip. 2006-02-22 21:22:54 +00:00
wtchang%redhat.com
8c8a6af5ea Bugzilla Bug 326754: the previous checkin made us fail the NIST DSA PQGGen
test for [mod = 768] only.  Backed out the more likely culprit.
2006-02-22 02:12:09 +00:00
wtchang%redhat.com
c449f54be3 Bugzilla Bug 327529: unnamed arguments (third and after) for CERT_CreateRDN
must have the correct CERTAVA * type because compilers can't do automatic
type conversions. r=nelsonb,jpierre.
Modified files: alg1485.c secname.c
2006-02-20 23:06:55 +00:00
wtchang%redhat.com
97a5c30a94 Renamed DSA_TEST_SEED_BYTES to PQG_TEST_SEED_BYTES. 2006-02-18 02:39:12 +00:00
wtchang%redhat.com
0c104c2ece Bugzilla Bug 327384: fixed an off-by-one error in the size of the 'genenc'
array.  The patch is contributed by Andreas Sterbenz
<Andreas.Sterbenz@sun.com>. r=wtc,nelsonb
2006-02-16 22:33:13 +00:00
glen.beasley%sun.com
1dd17278e7 fix by wan-teh for RSA siggen tests r=glen 2006-02-16 01:50:55 +00:00
wtchang%redhat.com
6e65720ba6 Bugzilla Bug 318967: use 160-bit SEED when generating DSA domain parameters
(PQG).  Removed unused keySizeIndex variables. Handle the return value and
result output parameter of PQG_VerifyParams separately. Pad H with leading
0's when printing. r=glen.beasley.
2006-02-16 01:28:35 +00:00
julien.pierre.bugs%sun.com
a4db2be2c9 Fix for bug 321765. Allow NSS to decode certs with unsupported critical extensions. r=wtchang,nelson,rrelyea. 2006-02-16 00:06:24 +00:00
alexei.volkov.bugs%sun.com
e393d91fcb [Bug 326963] Interoperability test with apache/mod_ssl: tstclnt
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n
2006-02-15 22:22:32 +00:00
wtchang%redhat.com
ac55eec5a2 Bugzilla Bug 318962: fixed signed/unsigned comparison warnings by MSVC.
r=glen.beasley.
2006-02-15 19:14:09 +00:00
wtchang%redhat.com
4b0281cf28 Bugzilla Bug 318968: more ECDSA test cleanup. Do not zeroize when freezing
ECParams' arenas.  Use EC_CopyParams to copy ECParams to an EC public key
and allocate the public key's value from the same arena. r=glen.beasley.
2006-02-15 19:06:51 +00:00
wtchang%redhat.com
c0887f9e1d Bugzilla Bug 326754: fixed two minor bugs related to the h parameter in
PQG parameter generation. r=nelsonb,glen.beasley.
2006-02-14 03:04:57 +00:00
wtchang%redhat.com
b19b5965a5 Bugzilla Bug 326144: need to zeroize a SECItem that contains a copy of the
secret key. r=relyea,jpierre.
2006-02-14 02:55:09 +00:00
wtchang%redhat.com
cfe8a9f253 Bugzilla bug 326751: CKR_SIGNATURE_INVALID is a much better default error
code for NSC_VerifyRecover than CKR_DEVICE_ERROR is. r=relyea.
2006-02-11 02:03:25 +00:00
glen.beasley%sun.com
7f3ba76b70 318970 RSA sigver test fix r=wan-teh 2006-02-10 23:27:38 +00:00
rrelyea%redhat.com
1f4cae4de9 Bugzilla Bug 326482 NSS ECC performance problems.
Patch by Nelson, r=relyea.

Save the public key when we create the keypair so we can use it later.
2006-02-10 19:39:53 +00:00
rrelyea%redhat.com
57d9010865 Bugzilla Bug 326482 NSS ECC performance problems.
r=nelsonb
Fix bug where ECC keys were not being copied on server startup
2006-02-10 18:54:58 +00:00
neil.williams%sun.com
fd25589676 Bug 325657, r=Nelson,Wan-Teh, Unset ECL_USE_FP INT Solaris SPARC freebl 2006-02-10 04:38:05 +00:00
rrelyea%redhat.com
2cf33676b0 Bug 320187 NSC_WrapKey called with null output returns short length
r=nelsonb
2006-02-09 19:54:22 +00:00
neil.williams%sun.com
8719a5f375 Bug #325682, Adds -Wl,-rpath to link step for Linux distributions
r=Nelson, sr=Wan-Teh
2006-02-09 00:12:17 +00:00
rrelyea%redhat.com
2c3bfd1312 Bug 320583 Support for SHA256/384/512 with ECC signing 2006-02-08 06:14:31 +00:00