Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-05 16:46:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
145,106 Commits 615 Branches 98 Tags 5.9 GiB
8521bea2ba
Commit Graph

3447 Commits

Author SHA1 Message Date
relyea%netscape.com
e715f98c50 Bugzilla Bug 252702 
NSS needs to handle better token insertion and removal.

Applied from patch to NSS 3.9
 2004-07-29 23:38:14 +00:00
jpierre%netscape.com
14456163f2 Fix for 249488 - root cert module requires locking functions in CK_C_INITIALIZE_ARGS . r=ian, sr=relyea 2004-07-29 22:51:00 +00:00
nelsonb%netscape.com
20e64eb7e5 Correct option parsing, and add missing error messages. 2004-07-28 21:10:07 +00:00
nelsonb%netscape.com
c55043fc52 Support GeneralizeTime in the CRMF library. Bug 219080. r=julien. 
Patch by nelson and julien.
 2004-07-27 05:06:02 +00:00
relyea%netscape.com
7e82fd4194 Bug 250687 
NSS Crashes or leaks Cert references if bad certs are passed up by PKCS #11 modules.
r=nelson
sr=ian
 2004-07-21 18:18:05 +00:00
relyea%netscape.com
57260fe853 Backing out pk11cert.c changes (not ready for checkin yet). (revert to 1.133) 2004-07-20 23:04:31 +00:00
relyea%netscape.com
950ffdabc7 Fix optimized builds (make tinderbox go green). 2004-07-20 23:02:04 +00:00
relyea%netscape.com
c5e993c9fd Missed function definition in previous checkin. 2004-07-19 22:37:48 +00:00
relyea%netscape.com
d0af60d089 refactor pk11util, splitting large single files down to a managable size. 
bug 246130. The new factor is:

pk11akey.c - asymetric keys constructed from pk11cert.c and pk11skey.c
pk11auth.c - authentication/password management factored from pk11slot.c
pk11cert.c - cert code with private key, crls and trust factored out.
pk11ctx.c -- pkcs11 context code, factored out of pk11skey.c
new pk11func.h -- for backward compatibility.
pk11mech.c - mechanism mapping code, factored mostly from pk11slot.c
pk11nobj.c - netscape objects (crls and trust), factored mostly from pk11cert.c
pk11obj.c - generic object support, factored from pk11skey.c pk11slot.c and
pk11cert.c
pk11priv.h -- private functions factored from pk11func.h
pk11pub.h -- public functions factored from pk11func.h
pk11skey.c - now only symetric key ops; private, public key ops, generic ops
and crypto contexs have been factored out.
pk11slot.c - still slot operations. Authentication, generic object ops,
mechanism mapping has been factored out.

This patch should only have refactoring, no new functions or other changes.
 2004-07-19 22:12:38 +00:00
nelsonb%netscape.com
371f19c6b9 Use the "c beautifier" (cb) to give this code a common K&R style with 
an indentation of 4.  Also rewrap a few strangely wrapped lines.
Bug 249330.
 2004-07-16 00:04:47 +00:00
nelsonb%netscape.com
2ed86b689a Apply review feedback to signtool sources. Add test case to QA tests. 
Bug 248751.
 2004-07-15 22:21:57 +00:00
nelsonb%netscape.com
07c4feeb45 Add -X option to produce signed XPI files for mozilla. Bug 248751. 
Path contributed by jeff klawiter <jeff@j-maxx.net>. r=nelson
 2004-07-15 00:01:50 +00:00
nelsonb%netscape.com
98afc62590 Allow subtemplates to have the SEC_ASN1_DYNAMIC flag without asserting. 
Bug 245429. Patch 4 of 5.  r=relyea.
 2004-07-13 06:02:54 +00:00
nelsonb%netscape.com
55aa7ccc43 Fix some casts. Wrap some long lines. Remove a bogus assert. 
Factor a function call out of the arguments of another function call,
which is mostly to make that code more easily debugged.
This is patch 3 of 5 for bug 245429. r=wtc.
 2004-07-13 05:52:24 +00:00
nelsonb%netscape.com
f7b4d4bbb7 Function sec_asn1e_write_contents was two functions combined into one, 
separated by one huge if-then-else.  They do different things and take
different arguments.  So, I split them into two separate functions:
sec_asn1e_write_contents and sec_asn1e_write_contents_from_buf
the latter of which takes a buf pointer and length argument.
The if statement that chooses between the two is now in the caller.
This is patch 2 of 5 for bug 245429.  r=wtc.
 2004-07-13 05:49:48 +00:00
nelsonb%netscape.com
f961aed641 rename "explicit" to "isExplicit" because MSVC6 thinks explicit is a c 
keyword.  rename "ignore_stream" to "disallowStreaming" because it
doesn't merely ignore.  rename "ignoresubstream" to "disallowStreaming"
for the same reason.  Patch 1 of 5 for bug 245429. sr=wtc.
 2004-07-13 05:44:47 +00:00
nelsonb%netscape.com
55151bc829 Greatly improve the output of the PKCS12 encoder. Adds output buffering 
to the output callback function that is called by the ASN.1 encoders,
and which feeds into the next PKCS7 encoder in the outward direction.
Bug 210179.  sr=relyea
 2004-07-13 05:31:34 +00:00
nelsonb%netscape.com
33f87dfef9 Ensure that the CRMF library always uses a non-null pool pointer when it 
calls the ASN1 Decoder.  This prevents leaks.  Bug 178898. r=relyea.
 2004-07-13 05:12:31 +00:00
wchang0222%aol.com
409574ee15 Bugzilla bug 248981: PKCS #11 modules that are based on older lib/ckfw (for 
example, the nssckbi module) save a pointer to the CK_C_INITIALIZE_ARGS
passed to them. So if we pass a pointer to the stack variable moduleArgs,
the pointer will point to a structure that has gone out of scope. To
prevent crashes in these broken modules, we continue to pass a pointer to
the global secmodLockFunctions whenever we can. r=relyea.
 2004-07-08 23:23:50 +00:00
wchang0222%aol.com
f3c6f7397f Bugzilla bug 249284: removed a duplicate declaration of 
CERT_DecodeDERCertificate. r=nelsonb. Thanks to Chris Newman
of Sun for the bug report.
 2004-07-07 00:48:53 +00:00
jpierre%netscape.com
4bfc6dca87 Fix for 248981 - make SECMOD_LoadPKCS11Module thread safe. r=relyea 2004-07-01 19:20:51 +00:00
nelsonb%netscape.com
e054aef7bf Output properly encoded PQGParams. r=wtc. Bug 247738. 2004-07-01 02:07:02 +00:00
jpierre%netscape.com
309d389ab8 Fix for 249310 - add option to disable SSL2 in selfserv . r=nelson 2004-07-01 02:06:31 +00:00
nelsonb%netscape.com
23b32f634b Treat non-repudiation-only certs as valid signature certs. 
Bug 240456.  r=wtc, sr=relyea.
 2004-07-01 00:26:00 +00:00
nelsonb%netscape.com
3bc297e56b Correct NSS to use the most specific, not most general CN attribute in 
a cert subject name.  Bug 197964.  r=wtc.
 2004-07-01 00:21:42 +00:00
nelsonb%netscape.com
1d3641f999 Follow the SSL2 specification more closely in accepting and rejecting 
SSL messages.  Previously NSS would reject some it should accept
and vice versa.  Bugscape bug 57121. r=wtc,julien
 2004-06-24 02:02:39 +00:00
nelsonb%netscape.com
35ab44f5ac Fix certutil's ability to read PQG files. Make certutil able to read 
the files produced by the command "makepqg -a".  Plug some memory leaks.
r=relyea,vipul  Bug 247739
 2004-06-23 22:23:00 +00:00
relyea%netscape.com
501db85dbc Bug 244914, 244907 r=nelsonb 
Add support for unprotected private keys without requiring authentication.
Add support to access application specific PKCS #11 objects through NSS.
 2004-06-21 23:01:53 +00:00
nelsonb%netscape.com
3b8151e40a Initialize the "type" member in the SECItems returned by 
PK11_PQG_ParamGetSeedLen so encoded values will be correct.
Bug 247737. r=relyea.
 2004-06-21 19:22:02 +00:00
saul.edwards%sun.com
172f3b4cbc Bug 245518: add RPATH to BUILD_SUN_PKG, add $ORIGIN to rpath 2004-06-19 06:09:03 +00:00
jpierre%netscape.com
a11c975bed Fix for 237934 - nss_InitLock not atomic. r=nelson 2004-06-19 03:21:39 +00:00
jpierre%netscape.com
65862c5e4f Wrap long lines 2004-06-18 02:03:30 +00:00
jpierre%netscape.com
e8c134e6c5 Restore comment that got removed accidentally. And fix typo in it. 2004-06-18 01:34:11 +00:00
jpierre%netscape.com
6aa648b89e Fix for 247406 . r=wchang0222,glen.beasley 2004-06-18 01:28:41 +00:00
jpierre%netscape.com
b03fe203f6 Fix for 178897 . QuickDER optimizations . r=nelsonb 2004-06-18 00:38:45 +00:00
jpierre%netscape.com
3f739f181e Backout part of the QuickDER changes from 178895 . r=relyea 2004-06-17 23:23:59 +00:00
nelsonb%netscape.com
44e789e395 Destroy cert references held inside the CMMFCertRepContent struct when 
that struct is being destroyed.  Plugs a cert reference leak.
Bug 245420.  r=wtc.
 2004-06-17 22:12:34 +00:00
wchang0222%aol.com
8cb927d373 Bugzilla bug 233320: pk11_OpenKeyDB should not return SECFailure (not a 
CK_RV value).  Removed two unnecessary assignment statements.  r=relyea.
 2004-06-11 22:25:13 +00:00
nelsonb%netscape.com
17e15e8590 Don't crash when CERT_DestroyCertificate is called with a cert with a 
null arena pointer.  Bug 245943. r=julien
 2004-06-09 07:47:51 +00:00
nelsonb%netscape.com
c89fea6d2e Fold function definition so editor can find it. 2004-06-09 02:22:38 +00:00
jpierre%netscape.com
909489401d Fix for 178895 - QuickDER optimizations. r=relyea 2004-06-05 00:50:32 +00:00
nelsonb%netscape.com
6edf60ce5c Make crmftest compile and run with NSS 3.10 shared libraries. 
Enhance the command line parsing to permit portions of the tests
to be individually selected.  The code still doesn't all run
to completion without errors, but it gets MUCH farther than before.
Bug 244329.
 2004-06-03 03:56:48 +00:00
nelsonb%netscape.com
45fbe7addd Fix an erroneous assertion. Clean up some other code. Bug 244929. 
r= jpierre, wtc.
 2004-06-03 03:41:07 +00:00
nelsonb%netscape.com
4bc475a605 Export symbols needed for crmftest. r=relyea. bug 244329. 2004-06-02 22:19:33 +00:00
jpierre%netscape.com
8f86eb3572 Fix for 244915 . resolve issues from previous patch 2004-06-02 01:56:43 +00:00
jpierre%netscape.com
6986ea78e8 Fix for 244915 - r=wtc, misterssl . Correctly build freebl on Solaris 10 2004-06-02 00:40:53 +00:00
bishakhabanerjee%netscape.com
4cb1108d34 chenged log names to better align them in summary, added SMIME test output 
to emailed log summary
 2004-05-27 22:09:03 +00:00
nelsonb%netscape.com
f2dedf230d a) adds the missing code to put stdin into binary mode. 
b) add the -i option to the usage message
c) builds addbuiltins with shared libs
   (includes "nssrenam.h" for some symbols)
d) build addbuiltins as part of the normal builds.
 2004-05-25 21:47:44 +00:00
jpierre%netscape.com
3c9a7eb176 Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris 2004-05-25 00:13:12 +00:00
nelsonb%netscape.com
ed9a466108 Fix crash when array member is used as variable. Bug 243655. r=relyea. 2004-05-22 01:24:22 +00:00
nelsonb%netscape.com
6481991845 Use "slop time" in nextUpdate validity check for CRLs. Bug 242146. 
r=julien.pierre
 2004-05-22 01:03:26 +00:00
nelsonb%netscape.com
81bf125709 Add missing license block. Wrap long lines. Bug 243580. r=relyea. 2004-05-22 00:56:46 +00:00
bishakhabanerjee%netscape.com
f7ffa7b7e8 script to run NISCC tests; cvs pull of NSS and does special build, runs SMIME 
and SSL tests, logs results to file, summarizes log results
 2004-05-20 00:56:40 +00:00
ian.mcgreer%sun.com
92584e19c6 certdata.c is checked in and shouldn't be ignored 2004-05-17 20:47:35 +00:00
ian.mcgreer%sun.com
be72ca16c5 bug 180268, reimplement ssl step-up for builtins 2004-05-17 20:08:38 +00:00
wchang0222%aol.com
081ede0ac7 Bugscape bug 57081: If the make variable NISCC_TEST is defined at build 
time, add -DNISCC_TEST to the compile command line.  The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
	cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
	lib/ssl/config.mk lib/ssl/manifest.mn
 2004-05-13 01:29:15 +00:00
relyea%netscape.com
5d4e32454a scripts for pk11util 2004-05-12 23:49:39 +00:00
ian.mcgreer%sun.com
1d3c78cf5a program for generating FIPS algorithm test results 2004-05-12 17:30:31 +00:00
jpierre%netscape.com
79af302c8e Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 2004-05-11 03:48:25 +00:00
jpierre%netscape.com
b97913e992 Fix for 240361 - crash in CERT_CheckValidTimes 2004-05-11 02:43:10 +00:00
jpierre%netscape.com
576e2a2776 Fix for 202979 . Resolve binary compatibility issue for CERT_ImportCerts . r=wtc, jpierre 2004-05-05 01:15:39 +00:00
relyea%netscape.com
1d997eb6cd Fix mechanism command. 2004-05-05 00:36:52 +00:00
wchang0222%aol.com
59319a778c Bugzilla bug 238914: declare namesRunningOffset as unsigned long to avoid 
overflow. Fixed a regression introduced by the previous checkin ('nss' is
allowed to be NULL).  Set slotStrings[i] to NULL after freeing to avoid
double-free. r=relyea,nelsonb.
 2004-04-30 23:41:44 +00:00
gerv%gerv.net
9bd361a285 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 2004-04-27 23:04:40 +00:00
gerv%gerv.net
3634d4d94b Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-25 15:03:26 +00:00
wchang0222%aol.com
76e3cc1538 Bugzilla bug 90906: removed unused variable 'size'. The patch is from 
Serge GAUTHERIE <gautheri@noos.fr>. r=wtc.
 2004-04-21 18:57:51 +00:00
nelsonb%netscape.com
542f76a15a Change ssl test scripts to invoke tstclnt with the server's FQDN. 
Necessary because of fix to bug 234058.
 2004-04-08 03:01:02 +00:00
nelsonb%netscape.com
abe92ad094 Remove code that attempted to compare simple host names in URLs with 
FQDNs in certificate host names.  This was insecure.  Bug 234058. r=wtc.
 2004-04-08 00:17:46 +00:00
relyea%netscape.com
e4ab49876e Fix missing indexes when fetching lengths (get tinderbox working again). 2004-04-07 19:00:08 +00:00
relyea%netscape.com
66be1e00e1 Bug 239827: Fix race condition in unwrap private key (if target key is symetric). 2004-04-07 01:18:46 +00:00
relyea%netscape.com
77bd494c63 Bug 238914. r=wchang sr=misterSSL 
Agressive checks on database data before we actually reference it. This
should prevent crashes because of invalid databases.
 2004-04-07 00:58:58 +00:00
wchang0222%aol.com
a032d5bd44 Bugzilla bug 238565: made the comment match the code. r=nelsonb. 2004-03-27 01:51:25 +00:00
wchang0222%aol.com
ec68ee33b1 Bugzilla bug 237934: in nss_InitLock, nss_InitMonitor, and 
NSSRWLock_AtomicCreate, we need to doublecheck the lock/monitor's pointer
after we acquired the spin lock.  r=nelsonb,jpierre.
Modified Files: nsslocks.c nssrwlk.c
 2004-03-27 01:08:15 +00:00
nelsonb%netscape.com
c0104f0a69 Correct the parsing of certain forms of GeneralName. Bug 233586. 
r=julien.pierre
 2004-03-26 01:15:33 +00:00
nelsonb%netscape.com
dade383614 Fix a regression introduced by rev 1.19, after NSS 3.9 was released. 
r=julien.pierre.  bugscape 56484.
 2004-03-23 03:29:56 +00:00
wchang0222%aol.com
8ebba422fc Bugzilla bug 237870: link the MinGW build with wsock32.dll (Winsock 1) 
instead of ws2_32.dll (Winsock 2).  Thanks to neil@parkwaycc.co.uk for the
patch.  r=wtc.
 2004-03-23 01:59:40 +00:00
relyea%netscape.com
d5abab03d4 Program to decrypt passwords inline from prefs files 2004-03-23 00:46:38 +00:00
relyea%netscape.com
70a5776e59 Fix arrays handling strings, and help 2004-03-13 02:44:26 +00:00
jpierre%netscape.com
b391292c65 Remove unused file 2004-03-11 10:03:24 +00:00
jpierre%netscape.com
9383b61a6e Fix for bug 143456 - add -P option for dbprefix to selfserv . r=MisterSSL 2004-03-10 02:47:13 +00:00
nelsonb%netscape.com
c4b2be519c Add conditionally compiled code for NISCC testing of NSS's SSL library. 
patch by Ian McGreer.  Bugscape bug 53322.
 2004-03-05 23:28:57 +00:00
bishakhabanerjee%netscape.com
195f404925 adding platform RH_Linux_7.3 2004-03-04 22:47:43 +00:00
bishakhabanerjee%netscape.com
fa54334072 adjusting the platform strings as the header file specifies 2004-03-04 20:16:36 +00:00
bishakhabanerjee%netscape.com
5f21e877ae removed old,unused platforms; and added newer used ones 2004-03-04 00:35:09 +00:00
jpierre%netscape.com
f1a9128ad1 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 2004-03-03 03:18:56 +00:00
nelsonb%netscape.com
a74bbe4b09 Detect NULL arguments to CERT_DecodeTrustString instead of crashing. 
Bug 235617. r=wtc.
 2004-02-26 00:05:29 +00:00
bishakhabanerjee%netscape.com
c93fcbd840 fix for Bugzilla bug 232481: removed a loop in smime.sh 2004-02-25 23:05:41 +00:00
bishakhabanerjee%netscape.com
c0e6a51ba4 added negative cert import function, changed relevant Policies tests accordingly 2004-02-25 22:34:25 +00:00
nelsonb%netscape.com
7debba55ce Import base64 encoded certificate files with old MAC line endings. 
Bug 221272. sr=wtc.
 2004-02-16 23:52:46 +00:00
wchang0222%aol.com
46de977590 Removed unused function _OS_SELECT for AIX. Thanks to Philip K. Warren 
<pkw@us.ibm.com> for reporting this.
 2004-02-13 03:13:04 +00:00
wchang0222%aol.com
d384e9659d Bugzilla bug 233048: 1. Support doing 64-bit Solaris SPARC builds using 
gcc.  2. Enable all.sh to work with gcc-compiled NSS tests which require
setting LD_LIBRARY_PATH to point to the directory where libgcc.so resides.
The patch is contributed by Vladim�r Marek <Vladimir.Marek@printsoft.cz>.
r=wtc,nelsonb.
Modified Files: coreconf/SunOS5.mk nss/tests/common/init.sh
 2004-02-13 02:47:53 +00:00
jpierre%netscape.com
42b100808b Fix strings in SECU_PrintError. bug 233493 2004-02-12 02:08:59 +00:00
wchang0222%aol.com
43586b3b97 Bugzilla bug 229297: fixed compiler warning "conversion from 'double' to 
'long', possible loss of data".  r=jpierre,relyea.
 2004-02-11 19:43:29 +00:00
wchang0222%aol.com
9d027a18fc Bugzilla bug 229293: fixed compiler warning "unary minus operator applied 
to unsigned type". r=relyea,jpierre.
 2004-02-11 19:37:18 +00:00
jpierre%netscape.com
2703a27453 Fix for bug 233605 . Check CRL entry extensions after partial decoding. Also add some new CRL decoding errors. r=nelsonb 2004-02-11 06:05:18 +00:00
jpierre%netscape.com
560beb63f1 Fix for 233493 . Corrections based on Wan-Teh's feedback. 2004-02-11 05:27:32 +00:00
jpierre%netscape.com
3f92bc7c25 Fix for 233118 . additional check for CRL signing usage. r=nelsonb 2004-02-11 05:25:01 +00:00
wchang0222%aol.com
f8b0c1845d Bugzilla bug 233321: fixed the problem with building utf8.c as a standalone 
test program.  Fixed byte-order issue on little-endian architecture.
r=nelsonb.
Modified Files: Makefile utf8.c
 2004-02-11 02:17:24 +00:00
bishakhabanerjee%netscape.com
829b7f1122 checking in 5 sections of Certificate Policies. Need to set 
NSS_NO_PKITS_POLICIES to run these five sections
 2004-02-11 01:31:43 +00:00
jpierre%netscape.com
13dcfd3e4c Fix for 233493 - fix symkeyutil build on OS/2. r=relyea 2004-02-10 23:48:37 +00:00
bishakhabanerjee%netscape.com
e9572b0dff removing dependency of a testcase on a previous testcase; i.e. each testcase 
now imports all the CRLs required for it, and then deletes them at the end
of the test
 2004-02-09 23:33:26 +00:00
wchang0222%aol.com
bab3c2af5e Bugzilla bug 233319: prepend, rather than append, the NSS lib and bin 
directories to PATH. r=relyea.
 2004-02-09 22:39:11 +00:00
nelsonb%netscape.com
c3a3521876 Enable a chain to validate when a perm cert has been issued by a 
temp cert.  Bug 233038. r=ian,relyea
 2004-02-07 07:17:31 +00:00
wchang0222%aol.com
bf2c5e5f16 Bugzilla bug 225808: 1. Use a 32-bit integer type for cert->nsCertType so 
that it can be safely passed to PR_AtomicSet on all platforms.  Note that
we still use an unsigned type to avoid introducing signed/unsigned compiler
warnings.  2. Added a (PRInt32 *) cast to eliminate a pre-existing
signed/unsigned warning.  r=nelsonb.
Modified Files: certdb.c certt.h
 2004-02-07 01:41:15 +00:00
wchang0222%aol.com
5c995a5d18 Bugzilla bug 233239: do not include cmd/zlib and cmd/lib headers and 
libraries in NSS binary releases.
Modified Files:
	lib/Makefile lib/manifest.mn makepqg/manifest.mn zlib/Makefile
	zlib/manifest.mn
 2004-02-07 00:26:02 +00:00
wchang0222%aol.com
91ad07e7f5 Bugzilla bug 123693: improved the fix for this bug. Maintain the 
consistency between the slot hash table and slot list when the
creation of a slot fails. r=relyea,nelsonb.
 2004-02-06 02:04:48 +00:00
wchang0222%aol.com
ce288b37c7 Bugzilla bug 233112: fixed a typo: "futuer" -> "future". Thanks to 
Heikki Toivonen <hjtoi-bugzilla@comcast.net> for the bug report.
 2004-02-05 05:56:54 +00:00
bishakhabanerjee%netscape.com
03643e5f7d added a few more missing $ for variable PKITSdb for more accurate log reporting 
also, minor optimization of crlImport and crlImportn script so that $crls does
not have to be specified on every line
 2004-02-04 20:04:14 +00:00
nelsonb%netscape.com
a00bb096af Fix numerous bugs in CERT_FindCertByKeyID. Bug 233019. r=jpierre 2004-02-04 08:54:06 +00:00
nelsonb%netscape.com
4fbee089ca Add a feature to disable all use of CRLs with an environment variable. 
Don't run most vfychain commands after crlutil fails to import the CRL,
when that is the expected result.
Remove one error that caused the HTML output to be invalid.
 2004-02-04 04:07:32 +00:00
nelsonb%netscape.com
c381ec2657 Put in missing $, so log output will show actual commands exeuted. 2004-02-04 02:23:40 +00:00
bishakhabanerjee%netscape.com
971bc18c70 correcting header of section 4.1, minor edits to make headers more definitive 2004-02-03 20:13:26 +00:00
nelsonb%netscape.com
3462419c4d Invoke crlImportn instead of crlImport in several places where a 
negative outcome is expected.  More work on this is needed.
crlImportN should return a value that tells us if it actually failed,
so that the script can decide whether or not to proceed with vfychain.
But this change makes the outcome more green, less red.
 2004-02-03 07:14:52 +00:00
nelsonb%netscape.com
bcc309b891 Honor key usage extensions, whether they're critical or not. 
Bug 232738. r=jpiperre.
 2004-02-03 07:10:04 +00:00
nelsonb%netscape.com
3f581fae9e Max crlutil return 0 or 1 correctly, depending on the success of the 
operation.  Bug 232937.  r=jpierre.
 2004-02-03 06:59:35 +00:00
nelsonb%netscape.com
0789875d7d Change script so that html output and logfile will be broken up into 
clearly defined and easy-to-find sections.
 2004-02-03 04:15:08 +00:00
nelsonb%netscape.com
abc134f1c0 Make output log file more readable by separating each test case. 2004-02-03 03:07:38 +00:00
bishakhabanerjee%netscape.com
3ed803969c fixed one typo 2004-02-03 01:27:47 +00:00
bishakhabanerjee%netscape.com
d95cb37ea2 checking with all latest revew comments addressed 2004-02-03 00:59:53 +00:00
nelsonb%netscape.com
3dcf7f696e When an attempt to initialize a slot fails, free up the resources 
right away, rather than waiting until NSS_Shutdown.  Bug 123693.
Second try.  r=relyea.
 2004-01-30 04:15:47 +00:00
nelsonb%netscape.com
df07bc6cf4 Back out rev 1.90. It breaks shlibsign. 2004-01-29 23:34:21 +00:00
nelsonb%netscape.com
371b9d618e Export SECOID_AddEntry. Bug 132942. r=wtc. 2004-01-29 22:51:55 +00:00
nelsonb%netscape.com
50f63ee713 Invoke SECU_RegisterDynamicOids() so that more OIDs will print out. 
Bug 132942.  a=wtc.
 2004-01-29 22:48:58 +00:00
nelsonb%netscape.com
792e8d1e9e Bug 132942. r=wtc 
Make the following enhancements to NSS's ASN.1 printing code:
- Print warning messages that are properly indendented.
- PrintAsHex notices when the buffer contains entirely printable characters, and is larger than an int, and prints it as text in that case.
- PrintRawString now indents the string, rather than always printing it on
a separate line.
- now prints decoded bit strings
- now prints BMP (UCS2) strings as strings (not as hex) when they contain only printable ASCII characters.
- now prints Universal (UCS4) Strings as strings (not hex) when they contain only printable ASCII characters.
- Decodes certain encoded data that was previously printed as hex.
- Generically decodes ASN.1 data, rather than merely printing an error, when the ASN.1 data doesn't fit a known template.
- properly handles all optional components of basic constraints extensions.
- Prints the names of the bits in the X509 Key Usage extension.
- Prints General Names.
- Print Auth Key ID extensions
- Print subject and issuer alt name extensions
- Print CRL distribution points extensions
- format and print name constraints extensions
- print Authority Information Access extensions
- Print optional X509v2 subject and issuer Unique ID bit strings
 2004-01-29 22:45:20 +00:00
nelsonb%netscape.com
a691eadad9 Change some comments and one variable as suggested in review comments. 
r=relyea,wtc.  Bug 124923.
 2004-01-29 21:57:41 +00:00
nelsonb%netscape.com
ea227986af Make SECOID_AddEntry be thread safe. Export it. Bug 124923. r=relyea. 2004-01-29 21:23:36 +00:00
nelsonb%netscape.com
ee55e2e256 Plug leaks. Bug 123693. r=wtc,relyea 2004-01-29 21:18:24 +00:00
jpierre%netscape.com
f5d7282963 Fix for 232377 - assertion in vfychain with DSA cert. r=wtc, nelsonb 2004-01-28 23:25:07 +00:00
nelsonb%netscape.com
6d506e4aea Export cert functions that decode extensions and traverse decoded 
extensions.  Bug 231881. r= relyea, wtc.
 2004-01-28 23:23:45 +00:00
nelsonb%netscape.com
978fc338e7 Change program return value to reflect test outcome. Bug 221737. r=wtc 2004-01-28 22:30:27 +00:00
wchang0222%aol.com
cdec2796b4 Bugzilla bug 232380: deleted CERT_FindExpiredIssuer, which is dead code. 
In cert_VerifyCertChain, make sure that subjectCert and issuerCert never
point to the same cert to prevent from destroying that cert twice.
r=jpierre,nelsonb.
Modified Files: certdb/cert.h certhigh/certvfy.c
 2004-01-28 21:51:10 +00:00
jgmyers%speakeasy.net
a8dcaab07f address review comments: bug 231659 2004-01-28 04:29:14 +00:00
jgmyers%speakeasy.net
c9010119e9 rewrite utf8 parser for strictness: bug 231659 r=MisterSSL 2004-01-28 03:48:43 +00:00
jpierre%netscape.com
a5aaee4048 Fix for 231051 - crlutil asserts after deleting CRL. r=wtc, nelsonb 2004-01-28 01:17:13 +00:00
relyea%netscape.com
78ce53de23 bug 231698: fix regression in reading SDR data in databases written on 64-bit platforms. 
r=MisterSSL
 2004-01-27 18:31:29 +00:00
jpierre%netscape.com
8c43abd07c Fix for 231051 - crlutil asserts after importing CRL. r=nelsonb, wtc 2004-01-27 00:02:16 +00:00
nelsonb%netscape.com
0df0cbe4cf Fix crashes that occur when optional policyQualifiers are not present. 
Bug 230951. r=kinmoz.
 2004-01-23 22:50:01 +00:00
wchang0222%aol.com
d3011eaa97 Bumped version to 1.50 (for NSS 3.10). 2004-01-23 22:15:39 +00:00
nelsonb%netscape.com
77a00800e8 RFC 3280 says Name Constraints do not apply to self-issued CA certs, 
including self-issued intermediate CA certs (so-called "roll-over" certs).
This fixes an NISCC test failure.  Bug 231030. r=wtc.
 2004-01-23 06:06:06 +00:00
nelsonb%netscape.com
61d56ab306 When a name attribute's value exceeds the maximum allowed length, display 
a truncated version of it, followed by ellipsis.  Bug 220855. r=wtc
 2004-01-22 23:45:30 +00:00
nelsonb%netscape.com
d45b087145 Add -a option for Base64 encoded ASCII input and output. 
The -i and -o options now understand "-" to mean stdin and stdout.
Usage is displayed when -? or no arguments are given.
Bug 231536. r=relyea.
 2004-01-22 22:08:59 +00:00
nelsonb%netscape.com
7709686c56 Correct NSS's key usage tests for certs with non-RSA public keys. 
Bug 221638. r=relyea.
 2004-01-22 22:04:54 +00:00
nelsonb%netscape.com
b99a74cbae Detect duplicate issuer name and serial number between two temp certs. 
Bug 230996. r=ian, relyea.
 2004-01-22 02:36:53 +00:00
nelsonb%netscape.com
1db7eb8535 Fix name constraints code to pass NIST PKITS test 38. r=wtc. Bug 231223. 2004-01-22 02:33:41 +00:00
nelsonb%netscape.com
ce75f8d873 Move an extern function declaration to the header file where it belongs. 
Bug 229212. r=relyea.
 2004-01-22 02:19:42 +00:00
nelsonb%netscape.com
b45bc04f3b Fix some erronous code that set SEC_ERROR_NO_MEMORY when there had been 
no memory failure.  r=relyea.  Bug 231566
 2004-01-22 02:17:26 +00:00
nelsonb%netscape.com
1a1c7cb409 Fix bug in cert path length validation. Bug 221644. r=jpierre 2004-01-21 05:32:18 +00:00
jpierre%netscape.com
f10a7a4ffd Support GeneralizedTime in NSS tools. bug 210530. r=wtc 2004-01-21 01:15:01 +00:00
nelsonb%netscape.com
14ff763caa Use the results from PK11_ProtectedAuthenticationPath(slot) in the 
password callback function.  Bug 229023. r=relyea.  verified by submittor.
 2004-01-21 00:18:59 +00:00
wchang0222%aol.com
5963bd156f Bugzilla bug 229299: fixed unused variable warning. r=nelsonb. 2004-01-20 22:57:40 +00:00
jgmyers%speakeasy.net
ffbdacaeb8 fix review comment: bug 53133 2004-01-20 19:57:17 +00:00
nelsonb%netscape.com
b35fce94e4 Make this code build on Windows as well as Unix. 2004-01-19 01:05:53 +00:00
nelsonb%netscape.com
0ec6f827c6 Fix two more incorrect cert names that caused erroneous test results. 
Bug 231221.
 2004-01-17 05:55:20 +00:00
nelsonb%netscape.com
d9ccd2ab6f Correct this script to more accurately report errors. Bug 231221. 2004-01-17 05:04:42 +00:00
nelsonb%netscape.com
d8dc4c1455 Detect absent isCA flags in basic constraints. Detect and reject negative 
or too large positive path length constraints in basic constraints.
Bug 221644. r=jpierre.
 2004-01-16 21:33:16 +00:00
nelsonb%netscape.com
5e140a71db Fix template for Cert policy extensions. Bug 230951, r=jpierre 2004-01-16 05:36:08 +00:00
nelsonb%netscape.com
ad4476ab50 Fix NSS parsing of Issuer Unique ID and Subject Unique ID fields in 
certificate.  Bug 216116. r=jpierre
 2004-01-16 02:11:44 +00:00
nelsonb%netscape.com
5dea4e12cf Add vfychain to list of NSS cmds being built nightly. r=wtc. Bug 231025 2004-01-16 02:03:08 +00:00
jgmyers%speakeasy.net
fb8076054e fix comment per review: bug 53133 2004-01-16 01:04:57 +00:00
wchang0222%aol.com
dd0e83eb66 Minor change after review of previous checkin. Bug 53133. 2004-01-15 22:34:26 +00:00
relyea%netscape.com
30bb314da7 Fix build problems on some platforms. 2004-01-15 16:27:02 +00:00
wchang0222%aol.com
617cabf1fa Set NSS version to 3.10 Beta. 2004-01-15 15:08:58 +00:00
jgmyers%speakeasy.net
a71fdf6c5c Convert T61String-labeled ISO-8859-1 to UTF-8: bug 53133 r=nelsonb a=wtc 2004-01-15 06:23:14 +00:00
nelsonb%netscape.com
65088fd320 Add 2 additional OIDs to the list of acceptable digestEncryptionAlgIDs, 
per RFC 3370. r=thayes.  Bug 230761.
 2004-01-14 22:20:44 +00:00
relyea%netscape.com
49152980bd Tool to manage pkcs 11 module tests. 2004-01-14 21:34:20 +00:00
nelsonb%netscape.com
0a29c7fe2b Fix double free introduced in rev 1.54. r=wtc. bug 230774. 
Bug occurs only in NSS utilities that import base64 encoded files, e.g.
with the -a option.
 2004-01-14 01:19:26 +00:00
wchang0222%aol.com
ab1b1d58f9 Bugzilla bug 229289: fixed an unused variable warning. r=relyea. 2004-01-13 01:59:41 +00:00
nelsonb%netscape.com
8dc069e8e4 Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2 
records that are too short.  Bugscape bug 54814
 2004-01-08 06:52:00 +00:00
jpierre%netscape.com
8a6338d551 Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
435bc1ad86 Set NSS version to 3.9. 2004-01-08 01:04:56 +00:00
jpierre%netscape.com
e7036921ca Rename PK11_FindSlotsByAliases to PK11_FindSlotsByNames 2004-01-07 23:12:01 +00:00
jpierre%netscape.com
70f0bbf00d Rename CERT_DecodeTimeChoice/CERT_EncodeTimeChoice to DER_DecodeTimeChoice/DER_EncodeTimeChoice 2004-01-07 23:07:24 +00:00
nelsonb%netscape.com
5d8bd61334 Fix crashes in NSS_CMSSignedData_GetDigestValue and 
NSS_CMSContentInfo_GetContent that occur when a detached signature is not
accompanied by the data on which the signature was computed. Bug 229242.
Make NSS_CMSContentInfo_GetInnerContent and NSS_CMSMessage_GetContent
more easily debugged, by storing the results returned by function calls
in automatic variables before using them in subsequent calls/switches.
 2004-01-07 00:09:17 +00:00
relyea%netscape.com
6a63299667 Bug 229193 
Patch by wtc revied by relyea & ian
 2003-12-31 23:19:26 +00:00
wchang0222%aol.com
144c518d7a Set NSS version to 3.9 Beta 6. 2003-12-24 06:22:49 +00:00
wchang0222%aol.com
1550e4ab3e Removed unused variable 'val'. 2003-12-23 21:40:52 +00:00
wchang0222%aol.com
0ea554f2f9 Fixed unused variable compiler warning about 'html'. Declare it inside 
the same ifdef with which it is used.
 2003-12-23 21:37:07 +00:00
wchang0222%aol.com
34519e6ab3 Removed unused variable 'rawSigLen'. 2003-12-23 21:24:01 +00:00
wchang0222%aol.com
11c67b98af Removed unused variable 'attribute'. 2003-12-23 21:21:39 +00:00
wchang0222%aol.com
60cf880826 Include "nsslocks.h" for nss_InitLock. 2003-12-23 02:09:55 +00:00
wchang0222%aol.com
5bfcd81514 Declare the argument to SECKEY_ECParamsToKeySize as const. 
Modified Files: seckey.c pk11skey.c
 2003-12-23 02:05:28 +00:00
wchang0222%aol.com
09584fb9f9 Return a value of the correct type. 2003-12-23 01:03:39 +00:00
wchang0222%aol.com
290a965230 Fixed a spelling error. 2003-12-23 00:52:06 +00:00
wchang0222%aol.com
0433b41c3b Moved ecl-curve.h from the EXPORTS to the PRIVATE_EXPORTS list. 2003-12-23 00:17:04 +00:00
wchang0222%aol.com
79387320b7 Renamed SECKEY_ECParams2KeySize as SECKEY_ECParamsToKeySize. Do not export 
this function from the nss3 shared library.
Modified Files: seckey.c pk11skey.c nss.def
 2003-12-22 23:36:40 +00:00
wchang0222%aol.com
7adfc17d1d Declare the 'input' argument to CERT_DecodeTimeChoice as 'const'. Removed 
an extraneous semicolon (;) after the SEC_ASN1_CHOOSER_IMPLEMENT macro.
Modified Files: secder.h sectime.c
 2003-12-22 23:33:39 +00:00
nelsonb%netscape.com
76bb8f646c Some further cleanup of p12d.c. Bugscape bug 52528. r=wtc. 2003-12-20 01:33:06 +00:00
wchang0222%aol.com
7905ca6b6f Set NSS version to 3.9 Beta 5. 2003-12-20 00:35:01 +00:00
wchang0222%aol.com
9ccb6b87c5 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
312061509b Impose new limits on RSA public key sizes. 8k bits for modulus, 
64 bits for public exponent.  This prevents certain attacks on SSL
servers.  Bugscape bug 54019.  r=wtc,relyea.
 2003-12-19 23:50:45 +00:00
wchang0222%aol.com
010acd81c1 PK11_MoveKey was renamed PK11_MoveSymKey. r=relyea. 
Modified Files: symkeyutil.c nss.def pk11func.h pk11skey.c
 2003-12-19 23:29:43 +00:00
relyea%netscape.com
6e767fb4eb Make database access to the key db thread safe. 2003-12-19 23:24:48 +00:00
relyea%netscape.com
8ec4937462 Add keydb lock type. keydb should be locked like the certdb. 2003-12-19 23:24:00 +00:00
wchang0222%aol.com
5014045f8c Backed out the previous checkin, which broke our S/MIME QA tests. 2003-12-19 22:54:20 +00:00
wchang0222%aol.com
fac46295ff Bugzilla bug 228624: we need to call STAN_ForceCERTCertificateUpdate if 
the cert's instances changed.  r=relyea.
 2003-12-19 22:33:12 +00:00
wchang0222%aol.com
64276531dd Bugscape bug 54627: made the fix for NSS_CMSSignedData_Encode_BeforeData 
the same as the code in NSS_CMSSignedData_Decode_BeforeData.  r=nelsonb.
 2003-12-19 22:08:12 +00:00
wchang0222%aol.com
deb29c8f1f Import NSPR 4.4.1. 2003-12-19 17:02:57 +00:00
wchang0222%aol.com
4a54a29151 Bugzilla bug 221133: fixed unused variable warning on some platforms. 
The patch is contributed by timeless@bemail.org.  r=wtc.
 2003-12-19 16:35:14 +00:00
nelsonb%netscape.com
70470925e0 Don't overwrite pointers to existing message digests if they've been 
precomputed.  Bugscape bug 54627.  r=wtc, jpierre.
 2003-12-19 03:58:28 +00:00
wchang0222%aol.com
8bfb2f97fd Set NSS version to 3.9 Beta 4. 2003-12-18 21:45:34 +00:00
wchang0222%aol.com
991ddf2ba6 Bugzilla bug 228624: made PK11_ListCertsInSlot reach into the Stan layer 
to obtain the correct nicknames of the cert instances (pk11cert.c).  Fixed
the bug that if a cert we want to add the the cache is already in the
cache, we should merge the instances of the cert before destroying the
duplicate cert (tdcache.c).  r=jpierre,relyea.
 2003-12-18 18:23:17 +00:00
wchang0222%aol.com
ec4dda5d19 Bugzilla bug 219982: removed an unused local variable. (The function call 
is needed for its side effect.)  Thanks to timeless@bemail.org and
Serge GAUTHERIE <gautheri@noos.fr> for the patch.  r=wtc.
 2003-12-17 22:43:25 +00:00
nelsonb%netscape.com
634bb98533 Allow NSS_CMSDigestContext objects to be created, even when there are 
no valid digest algorithm OIDs.  This allows "certs only" messages to
be decoded.  Bugzilla bug 228707. r=jpierre, wtc.
 2003-12-17 03:49:10 +00:00
wchang0222%aol.com
e3cda94421 Bugzilla bug 228618: fixed an incorrect use of realloc. Fixed an unused 
variable compiler warning.  r=jpierre.
 2003-12-16 04:24:57 +00:00
nelsonb%netscape.com
b41986df1b Fix S/MIME bugs that caused parallel arrays of digest OIDs and digest 
values to become out of sync.  Bugscape bug 54256. r=relyea.
Modified Files:	cmd/smimetools/cmsutil.c lib/smime/cmsdigest.c
 2003-12-12 23:55:06 +00:00
jpierre%netscape.com
3331d24ed7 Fix for 54061 . Return SEC_ERROR_INVALID_ARGS and remove assertions . r=wtc,misterssl 2003-12-12 21:42:02 +00:00
nelsonb%netscape.com
fff428a34a CERT_ImportCerts now returns SECFailure when NONE of the certs was succesfully imported. r=wtc. Bugscape bug 54311. 2003-12-06 06:52:53 +00:00
nelsonb%netscape.com
7ed9720eb2 __CERT_AddTempCertToPerm will now set error SEC_ERROR_ADDING_CERT 
when attempting to make a cert perm that is already permanent.
Bugzilla bug 227559. r=wtc
 2003-12-06 06:46:27 +00:00
nelsonb%netscape.com
87f5c7ded0 NSC_Finalize will now destroy 3 softoken free lists and one more 
global pointer.  Plugs some memory leaks.  Bugscape bug 54301. r=wtc
 2003-12-06 06:41:51 +00:00
nelsonb%netscape.com
2b4825491c Add new -k option to NSS QA test program cmsutil. By default, cmsutil 
will no longer add any decoded certs to the cert db file, which is
useful for reproducibility of results in QA scripts.
Bugscape bug 54293. r=relyea,jpierre,wtc
 2003-12-06 06:31:08 +00:00
wchang0222%aol.com
2483a508a7 Bugzilla bug 227296: fixed the bug that NSS_CMSAttribute_AddValue adds the 
address of a stack variable to the attr->values array.  Added a new
function SECITEM_ArenaDupItem.  r=nelsonb.
Modified Files:
	nss/nss.def util/secitem.c util/secitem.h smime/cmsarray.c
	smime/cmsattr.c
 2003-12-06 01:16:50 +00:00
nelsonb%netscape.com
265f6a9b37 Further simplification and improvement of the parsing of UTCTime 
and GeneralizedTime to avoid UMRs.  Bugscape bug 54198. r=wtc
 2003-12-05 04:53:28 +00:00
nelsonb%netscape.com
b87fc256c1 NSS_CMSContentInfo_Destroy() 
- The patch destroys the digest context member of the CMSContentInfo.
  It calls the previously unused function NSS_CMSDigestContext_Cancel
  to destroy the digest context.  Eliminates an object reference leak.
Bugscape bug 54208, r=relyea
 2003-12-04 00:39:24 +00:00
nelsonb%netscape.com
697b57f151 In functions NSS_CMSSignedData_Encode_AfterData and 
NSS_CMSSignedData_Decode_AfterData
  - These functions call NSS_CMSDigestContext_FinishMultiple, which
    always destroys the digest context, regardless of whether it returns
    SECSUccess or SECFailure.  So, change these functions to always NULL
    out the context pointer regardless of the returned value.
NSS_CMSSignedData_VerifySignerInfo()
  - Always call NSS_CMSSignerInfo_Verify() to set the verification status
    in the signerinfo object, even if some of the other arguments are NULL,
    or other failures have occurred, but avoid NULL pointer dereferences
    along the way.  Notice that this change is dependent on changes to
    NSS_CMSSignerInfo_Verify() (see below.)
NSS_CMSSignedData_SetDigests() - skip over missing digests.  Don't fail
    the function, and don't crash, if digest pointers are NULL.
Bugscape bug 54208, r=relyea
 2003-12-04 00:36:47 +00:00
nelsonb%netscape.com
8a0ca297e4 Functions NSS_CMSDigestedData_Encode_AfterData and 
NSS_CMSDigestedData_Decode_AfterData
- Since NSS_CMSDigestContext_FinishSingle always destroys the context,
  regardless of whether it returns SECSuccess or SECFailure, these
  functions have been changed to always NULL out the context pointer
  after calling NSS_CMSDigestContext_FinishSingle, regardless of the
  outcome.
Bugscape bug 54208, r=relyea
 2003-12-04 00:35:02 +00:00
nelsonb%netscape.com
d0960c05d3 There is a lot of "cleanup" in this file, wrapping source at 80 columns. 
The relevant fixes for this bug include:
NSS_CMSDigestContext_StartMultiple()
   - make sure that cmsdigcx->digcxs and cmsdigcx->digobjs are initialized.
   - at the "loser" label, be sure to free the digest context itself.
NSS_CMSDigestContext_Cancel()
   - after destroying all the objects, free the arrays of pointers to the
     objects, and the digest context itself.  Previously these items were
     leaked by this function.
NSS_CMSDigestContext_FinishMultiple()
   - ensure that this function ALWAYS destroys all the NSS digest objects,
     and doesn't stop destroying them if it encounters an error.  Note that
     this is a newer revision of an older patch for that problem.
   - always Free the arrays of pointers used in this object.
NSS_CMSDigestContext_FinishSingle()
   - simplify this code.
Bugscape bug 54208, r=relyea
 2003-12-04 00:32:18 +00:00
nelsonb%netscape.com
f6f1a0d2e4 NSS_CMSSignerInfo_Verify() 
- This function is changed to explicitly allow some of its input arguments
  to be NULL.  It will set the verification status in the CMSSignerInfo
  object accordingly.  Since this is the ONLY function that ever sets the
  verification status, it must be able to do so even when problems have
  occurred.
- lots of cleanup of this source code.
Bugscape bug 54208, r=relyea
 2003-12-04 00:29:31 +00:00
nelsonb%netscape.com
874fa3a93d Add null pointer checks to nss_cms_after_end and NSS_CMSEnvelopedData_Decode_AfterData. Bugscape bug 54061. r=wtc,relyea 
Lots of code "cleanup" (reformatting for 80 columns) in cmsdecode.c
 2003-12-04 00:14:24 +00:00
nelsonb%netscape.com
e4d53231f8 Avoid UMRs in dertime.c. Bugscape bug 54198. r=wtc. 2003-12-03 04:03:40 +00:00
jpierre%netscape.com
e6c9ba62d7 Fix for 54061 - null pointer check . r=nelsonb 2003-12-03 02:42:08 +00:00
wchang0222%aol.com
80462e9cb1 Bugscape bug 54021: in CERT_FindSubjectKeyIDExtension, if PORT_NewArena 
fails we should return SECFailure.  Document that the return values of
CERT_GetCommonName and NSS_CMSSignerInfo_GetSignerCommonName must be freed
with PORT_Free.  r=nelsonb.
Modified Files:
	certdb/alg1485.c certdb/cert.h certdb/certv3.c smime/cms.h
	smime/cmssiginfo.c
 2003-12-03 00:09:05 +00:00
jpierre%netscape.com
e5c708bb65 Prevent SMIME crash in the opaque signature test. bugscape 54061. r=nelsonb 2003-12-02 05:46:27 +00:00
jpierre%netscape.com
7eef555978 Fix for 54088 . Don't try to encode attributes with no value. r=wtc 2003-12-02 05:05:30 +00:00
nelsonb%netscape.com
02198fd686 Bound stan error stack at 16 error codes to limit growth. 
Bugscape bug 54021. r=wtc.
 2003-12-02 02:05:47 +00:00
wchang0222%aol.com
cb7164249f Reverted to NSPR 4.3 until Sun has NSPR 4.4.1 binary distributions. 2003-11-28 05:41:42 +00:00
nelsonb%netscape.com
785b886515 Detect invalid input buffer lengths, and return error instead of UMR> 
Bugscape bug 54021.  r=wchang0222
 2003-11-27 05:08:20 +00:00
nelsonb%netscape.com
13f3e6fa94 Fix leak in CERT_FindSubjectKeyIDExtension, and use the Quick DER 
decoder.  Bugscape bug 54021.  r=jpierre
 2003-11-27 05:06:20 +00:00
wchang0222%aol.com
1731be9206 Upgraded to NSPR 4.4.1. 2003-11-27 01:43:15 +00:00
nelsonb%netscape.com
931071736c Clean up some arithmetic used for UCS4. Detect when UCS2 and UCS4 
buffers have invalid lengths.  Bugscape bug 54021. r=whang0222, relyea
 2003-11-27 01:08:59 +00:00
wchang0222%aol.com
dcc1fa5880 Bugzilla bug 226861: removed NSS_CMSSignedData_GetDigestByAlgTag, which is 
a duplicate of NSS_CMSSignedData_GetDigestValue.  r=nelsonb.
Modified Files: cms.h cmssigdata.c
 2003-11-26 23:50:02 +00:00
nelsonb%netscape.com
1c7b6a8ea4 In NSS_CMSSignedData_VerifySignerInfo(), test all returned pointers 
for NULL before attempting to dereference them.
Bugscape bug 54057. r=wchang0222
 2003-11-26 22:02:38 +00:00
nelsonb%netscape.com
36fc65a627 Performance enhancement. Detect absurdly large modulae in public keys, 
and don't waste time on them.  Bugscape bug 54019. r=relyea.
 2003-11-26 06:26:31 +00:00
nelsonb%netscape.com
d596531040 Remove an unnecessary and incorrect assert call. 
Bugscape bug 54018. r=jpierre
 2003-11-26 06:16:01 +00:00
nelsonb%netscape.com
8cc8dfcdf3 This patch reduces the scope of many variables in cmsutil's decode function. It frees the signer's CN string after use. 
Bugscape bug 54021.  r=jpierre
 2003-11-25 23:26:39 +00:00
nelsonb%netscape.com
20abf0c0aa Don't invoke PKCS11 with an invalid handle. Bug 226285. 
r=relyea sr=wchang0222
 2003-11-21 22:10:56 +00:00
nelsonb%netscape.com
d3382c6ffe Remove an overreaching constraing on modulus length. Bug 226285. 
r=relyea  sr=wchang0222
 2003-11-21 22:09:27 +00:00
nelsonb%netscape.com
0fa7d0adc8 Implement new "batch mode" (see the -b option). Plug some leaks. 
Facilitates memory leak testing of the SMIME library.
This revision combines the patches for Bugzilla bug 225513 and
Bugscape bug 53775.  r = relyea and wchang0222
 2003-11-20 02:33:18 +00:00
nelsonb%netscape.com
52dffd46a8 Don't accept ASN.1 items whose length is 2GB or more. 
Bugscape bug 53875.  r=wchang0222 and r=relyea.
 2003-11-20 02:08:34 +00:00
nelsonb%netscape.com
67d78ccfb9 Dont attempt to allocate 2GB or more from an arenapool. 
Bugscape bug 53875. r=relyea.
 2003-11-20 02:06:16 +00:00
nelsonb%netscape.com
511a262edc Remove as assertion that is triggered by bad data input, but does not 
indicate a code flaw.  Bugscape bug 53875. r=relyea
 2003-11-20 02:04:07 +00:00
nelsonb%netscape.com
75ca774270 Be sure not to ask NSS to use an invalid PKCS11 mechanism. 
Bugscape bug 53875.  r=relyea.
 2003-11-20 02:00:04 +00:00
nelsonb%netscape.com
b79aed8a42 Plug a leak that occurs when code asks NSS to use an invalid PKCS11 
mechanism.  Bugscape bug 53875.  r=relyea
 2003-11-20 01:59:07 +00:00
nelsonb%netscape.com
eb21d36254 near total rewrite of PK11_ParamFromAlgid to eliminate leaks. 
Partial fix for Bugscape bug 53875.
 2003-11-19 03:23:41 +00:00
wchang0222%aol.com
c7610ca80e Bugzilla bug 222568: fixed a bug introduced in rev. 1.54. 2003-11-19 01:38:26 +00:00
wchang0222%aol.com
604c4a98c3 Turns out that we can use a space to separate directories in a vpath 
directive.  This works cross platform.
 2003-11-19 01:12:31 +00:00
nelsonb%netscape.com
069f394fa8 Fix bugs in the new implementation of URI name constraints. 
Bugzilla Bug 221616.
 2003-11-19 00:56:59 +00:00
wchang0222%aol.com
f2fe58e2e0 Removed the declaration and a comment about PK11_FreeSlotCerts, which was 
deleted in NSS 3.4.
Modified Files: pk11func.h pk11slot.c
 2003-11-19 00:14:04 +00:00
nelsonb%netscape.com
c4ce0736e8 Fix unnecessary assertion failures occuring in SMIME testing in 
debug builds only.  Partial fix for bugscape bug 53775. r=wchang0222
 2003-11-18 06:16:26 +00:00
wchang0222%aol.com
157dedc0c2 Most platforms use ':' as path separator, but OS/2 uses ';'. So we use 
vpath directivies that specify a single directory to avoid dealing with
path separator.
 2003-11-18 04:04:05 +00:00
wchang0222%aol.com
c48834ab7e Set NSS version to 3.9 Beta 3. 2003-11-18 00:57:26 +00:00
wchang0222%aol.com
9bc7ce19bb Removed an extraneous character (`) after #endif. 2003-11-15 16:16:33 +00:00
wchang0222%aol.com
3569f15993 Removed an extraneous comma (,) at the end of an enum type definition. 2003-11-15 16:15:01 +00:00
nelsonb%netscape.com
e9f81f8499 Detect empty emailAddr strings in CERTCertificate. Bugzilla bug 211540. 2003-11-15 00:15:28 +00:00
nelsonb%netscape.com
b904b47318 Detect empty emailAddr strings in CERTCertificates. Bugzilla bug 211540. 
Modified Files:
    cmd/dbck/dbck.c cmd/signtool/util.c lib/certdb/certdb.c
    lib/certdb/stanpcertdb.c lib/pkcs7/p7decode.c lib/pki/certificate.c
    lib/pki/pki3hack.c lib/smime/cmssiginfo.c lib/softoken/pkcs11u.c
 2003-11-15 00:10:01 +00:00
relyea%netscape.com
a157ed2b26 Fix windows breakage. 2003-11-14 18:06:50 +00:00
relyea%netscape.com
aa736fe5ed Add symkeyutil to the manifest file 2003-11-14 03:27:23 +00:00
relyea%netscape.com
4f0cd96574 New tool to manage fixed keys in the database. 2003-11-14 03:26:47 +00:00
relyea%netscape.com
12bf9a0f9f Changes for symkey support. 2003-11-14 03:25:52 +00:00
nelsonb%netscape.com
aa085e7956 Fix bugzilla bug 225301. r=jpierre. This patch does the following: 
1. Fixes the Usage message to document the command line options.
2. Changes the "decode" function to
   a) report an error on bad signatures, only when decoding the input file,
      not when decoding an ancillary "enveloped file".
   b) only output the contents of the "detached content" file (-c option)
      when that file's content was actually used in the computation.
3. Sundry other cleanup and added comments.
 2003-11-13 23:03:12 +00:00
wchang0222%aol.com
a5782dcab7 Fixed a comment error. r=relyea. 2003-11-13 16:21:46 +00:00
wchang0222%aol.com
4868d7e8c2 Bugzilla bug 225373: the return value of CERT_NameToAscii must be freed 
with PORT_Free.
Modified Files:
	cmd/lib/secutil.c cmd/selfserv/selfserv.c
	cmd/signver/pk7print.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c lib/certdb/cert.h
 2003-11-13 16:10:45 +00:00
nelsonb%netscape.com
d1e962a746 Workaround race. Reduce leaks. Not a real fix. Bugzilla bug 225525. 2003-11-13 03:41:32 +00:00
wchang0222%aol.com
dd7a8790e8 Added a comment to note a question I had while reviewing the code. 2003-11-12 23:25:33 +00:00
nelsonb%netscape.com
1b6811ad2b Eliminate some leaks in Stan cert code. 
Partial fix to bugscape bug 53573.
 2003-11-11 21:46:53 +00:00
nelsonb%netscape.com
019719d8a8 Eliminate a cert leak. Patch is Bob Relyea's. 
Parial fix for Bugscape bug 53573.
 2003-11-11 21:45:48 +00:00
jpierre%netscape.com
c8ebc52544 Fix crash in certutil if usage is omitted 2003-11-11 00:01:32 +00:00
relyea%netscape.com
14c8c093a3 Repair error case for DH code in previous patch. 2003-11-07 16:21:40 +00:00
relyea%netscape.com
8cac9b6d61 Verify Parameters from the user before passing it on to freebl. r=nelson 2003-11-07 03:38:59 +00:00
relyea%netscape.com
4af3118d62 Add defines for DH and RSA key limits 2003-11-07 03:36:33 +00:00
nelsonb%netscape.com
314acd2bb7 Correct the validity checks on certain ASN.1 objects, allowing some that 
were previous disallowed, and vice versa.  Bug 53339.
 2003-11-07 01:41:22 +00:00
nelsonb%netscape.com
87e5cbd19a Fix some bugs in the code that formats OIDs for printing. 
Bugscape bug 53334.
 2003-11-06 02:02:32 +00:00
nelsonb%netscape.com
390b635832 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.
 2003-11-05 06:22:57 +00:00
wchang0222%aol.com
d45bb29e40 Set NSS version to 3.9 Beta 2. 2003-11-04 05:52:51 +00:00
nelsonb%netscape.com
0feb5dfd5f Fix numerous errors (mostly off-by-1 errors) in the code that formats 
and prints certs and CRLs.  This code is common to certutil and pp.
Bug 222568  r=nicholson (for this portion).
 2003-11-04 02:16:42 +00:00
nelsonb%netscape.com
bc763436c5 Better cleanup. Plug leaks in pp. bug 222568. r=nicolson (this part). 2003-11-04 01:51:54 +00:00
nelsonb%netscape.com
374349f143 Rename get_oid_string to CERT_GetOidString and export it. Also, export 
CERT_DestroyOidSequence.  bug 222568.  r=jpierre (for this portion).
 2003-11-04 01:48:39 +00:00
wchang0222%aol.com
1cd3ab9050 Bugzilla bug 223624: fixed the compiler warning that case ecKey is not 
handled in the switch statement.  r=nelsonb.
 2003-11-01 05:17:16 +00:00
nelsonb%netscape.com
afd97d4f96 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com
522e0fe2b8 Enable generation of DES2 keys with mechanism CKM_DES2_KEY_GEN. Bug 201521 2003-10-31 02:33:16 +00:00
nelsonb%netscape.com
a973e0dc48 Correct the code that detects DES2 keys based on their lengths. Bug 201521 2003-10-30 22:31:09 +00:00
jpierre%netscape.com
1a37e6c822 Fix for 223494 - cmsutil signing does not work with hardware tokens. r=wtc, relyea 2003-10-28 02:34:15 +00:00
wchang0222%aol.com
2316ca4f0e Bugzilla bug 223624: declare pk11_FindAttrInTemplate before it is used. 
r=nelsonb.
 2003-10-25 14:10:11 +00:00
wchang0222%aol.com
d5bd3135a1 Bugzilla bug 223624: use PR_MAX to avoid redefining MAX, a macro commonly 
defined in system headers. r=nelsonb.
 2003-10-25 14:08:31 +00:00
wchang0222%aol.com
76cb52bad5 Bugzilla bug 223624: removed an extraneous format string for fprintf. 
r=nelsonb.
 2003-10-25 14:05:08 +00:00
wchang0222%aol.com
8cfbd7293c Bugzilla bug 223624: node->error is a 'long', so it should match a %ld 
format.  r=nelsonb.
 2003-10-25 14:01:43 +00:00
jpierre%netscape.com
4d26e30240 Initialize crlHandle . r=wtc 2003-10-25 00:41:14 +00:00
nelsonb%netscape.com
1ce0f542ee Require DES, DES2 and DES3 keys to have correct length in all cases. 
Expand DES2 keys to be DES3 keys when used with DES3 mechanisms.
Bug 201521.
 2003-10-25 00:12:34 +00:00
wchang0222%aol.com
4bab03c0f6 Bugzilla bug 173715: fixed a crash in OCSP. We incorrectly assumed that 
'addr' was the last IP address of the host when PR_EnumerateHostEnt
returned 0 and attempted to connect to 'addr', resulting in an assertion
failure in PR_Connect. The fix is to not use 'addr' when
PR_EnumerateHostEnt returns 0.  r=relyea.
 2003-10-24 17:17:37 +00:00
wchang0222%aol.com
e4c6ee1dbb Removed the nonexistent directory 'rngtest' from DIRS. 2003-10-24 06:22:58 +00:00
wchang0222%aol.com
6dac9765c9 Removed nonexistent directory "crypto" from DIRS. 2003-10-24 05:29:08 +00:00
wchang0222%aol.com
ee1dc4bffd Bugzilla bug 223427: added a note section so that the linker knows we're 
not executing off the stack.  This patch is received from Christopher
Blizzard of Red Hat <blizzard@redhat.com>.
 2003-10-24 04:47:23 +00:00
wchang0222%aol.com
4327068745 Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the 
previous checkin.
 2003-10-22 01:00:10 +00:00
bishakhabanerjee%netscape.com
b5a0a53d62 NIST PKITS tests:first checkin, without CRLS:bug 177398:six sections implemented 2003-10-21 21:35:04 +00:00
nelsonb%netscape.com
b6e5abc24b Add new -N option, which completely suppresses the initialization and use 
of the SSL server session ID cache.  Used to test the fix for bug 222726.
 2003-10-19 05:18:11 +00:00
nelsonb%netscape.com
0aaf7a10b3 Put the NSS 3.9 block back in ASCII sorting order, AGAIN. 2003-10-19 04:41:20 +00:00
nelsonb%netscape.com
9413aae7aa When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726
 2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
6436ed5ab3 Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
47dc9b03e8 SSL_ShutdownServerSessionIDCache no longer leaks the cache memory. 
Bug 222065. r=wchang0222
 2003-10-19 01:25:10 +00:00
relyea%netscape.com
e07da99055 221067 NSS needs to be able to create token symkeys from unwrap and derive. 2003-10-18 00:38:04 +00:00
nelsonb%netscape.com
02bc947b35 Detect buffer overruns caused by flawed application-supplied callbacks, 
and avoid crashing due to them.  Bugscape bug 52528. r=wchang
 2003-10-17 21:12:13 +00:00