chrisk%netscape.com
3902194f5b
Added some comments and asserts
2000-06-21 18:12:02 +00:00
chrisk%netscape.com
92a3672caa
Oops - fixed the fix. The prototype now correctly unpacks into a
...
DHPublicKey structure.
2000-06-21 00:04:38 +00:00
chrisk%netscape.com
a83d527722
Fix OID for DC AVAs - the root OID in RFC2247 is not different from
...
the root OID in RFC1274 - so the one we had was WRONG.
I don't know where it came from.
2000-06-20 16:31:31 +00:00
chrisk%netscape.com
390a6f1dec
Add code for generation of SMIMEProfile and SMIMEKeyEncryptionPreference
2000-06-20 16:28:59 +00:00
chrisk%netscape.com
23cd2f3659
First feeble attempt at fixing the problem that our definition of
...
Diffie-Hellman key parameters does not encompass all the optional
fields defined in RFC2459, section 7.3.2 (namely j and validationParams).
I added comments reminding us of the fact that PQGParams need to be
extended to hold these, and fixed the ASN1 prototype from its previous
totally broken status to one that decodes prime, subPrime and base
correctly, and skips the rest.
This avoids failure in public key extraction (which is part of verification)
with DH certs.
2000-06-20 16:22:36 +00:00
chrisk%netscape.com
3550ea9e23
Fix problem where DH certs were always rejected when verifying them
...
for EMail encryption.
A Diffie-Hellman key needs to be tested for KU_KEY_AGREEMENT, not
KU_KEY_ENCIPHERMENT.
2000-06-20 16:15:32 +00:00
chrisk%netscape.com
568524e3be
Fixed bug in sequence printing code: array counter was overshooting by one
2000-06-20 14:35:17 +00:00
chrisk%netscape.com
c8e8241728
Fix bug in decoder:
...
When encoding indefinitely & encountering an optional field at the end of
a sequence, right after an IMPLICIT or POINTER template, the decoder
was not propagating the optionalness and the end-of-contents condition
correctly as it hits the end-of-contents octets instead of the optional
field. This is because IMPLICIT and POINTER push TWO states to look
for the next tag, not just one.
(The first state is "afterImplicit" or "afterPointer", the second one
starts with "beforeIdentifier" as usual).
This finally makes decoding envelopedData messages in cmsutil work.
2000-06-20 13:24:01 +00:00
thayes%netscape.com
4cd82c9914
Fix double free of item value that is in an arena.
2000-06-16 23:26:16 +00:00
mcgreer%netscape.com
5c4d045072
attempt to add token support for listing certs & keys
2000-06-16 00:38:44 +00:00
mcgreer%netscape.com
1a4bf955be
more cleanup on cert listing
2000-06-16 00:36:43 +00:00
chrisk%netscape.com
9f56a873d3
Add generation of SMIMECapabilities
2000-06-14 23:17:52 +00:00
chrisk%netscape.com
fa197d9014
canonicalization step adds CRs to LFs only of there are no CRs present.
2000-06-14 23:15:06 +00:00
chrisk%netscape.com
9cbdb3d252
Make example 5.7 of ietf-smime-examples draft decode correctly
...
(we still cannot look up certs by SubjectKeyID, so it won't verify)
2000-06-14 23:12:48 +00:00
beard%netscape.com
32dc89c957
(not part of build) added mozilla/security/nss/lib/smime to access paths.
2000-06-14 03:16:41 +00:00
chrisk%netscape.com
f7113ab1b2
Merge smimetk_branch to tip...
2000-06-13 21:56:37 +00:00
relyea%netscape.com
d43393b11b
reuse old key structures on a given token rather than building it up and
...
tearing it down every time.
2000-06-13 21:37:28 +00:00
relyea%netscape.com
78671954d3
Reuse old Object structures rather than build and free them every time.
2000-06-13 21:34:52 +00:00
chrisk%netscape.com
67e0b44687
Fix DSA / BLAPI interface by creating stub functions that have the
...
correct signature for being called via context->update or context->verify.
2000-06-12 23:43:42 +00:00
mcgreer%netscape.com
dd3dd4e3e1
added roots.
2000-06-12 22:39:02 +00:00
chrisk%netscape.com
091d437eca
Sorted output for certutil -L
2000-06-12 22:25:40 +00:00
thayes%netscape.com
8d09de22cf
Fix cleanup code in Decrypt to check for NULL pointers
2000-06-12 20:19:39 +00:00
thayes%netscape.com
d562a12ca9
Add permanent (token) key for supporting Secret Decoder Ring (SDR)
...
Bug 26085
2000-06-10 19:00:45 +00:00
nelsonb%netscape.com
9d2744f5ce
Carry forward fix from NSS 2.8 for servers that don't do ssl2.
2000-06-06 20:32:18 +00:00
mcgreer%netscape.com
12b3563350
iterate context creation for all ciphers when doing performance tests.
2000-06-02 23:09:13 +00:00
mcgreer%netscape.com
8afb3c69cf
fork content version between ns-branded builds and mozilla builds.
2000-06-02 22:35:29 +00:00
mcgreer%netscape.com
0307d81230
Allow for building with internal roots.
2000-06-02 18:37:53 +00:00
mcgreer%netscape.com
883e025f3d
Allow for building with internal root certs.
2000-06-02 18:37:14 +00:00
mcgreer%netscape.com
10d32a14b9
more performance testing
...
* timing of context creation for ciphers
* provide system information
2000-06-02 01:40:29 +00:00
thayes%netscape.com
b2aa68c6fe
Use PK11 fixed key lookup to locate the key value. Fix ENCRYPT/DECRYPT bug in
...
SDR_Decrypt.
2000-05-31 23:06:02 +00:00
relyea%netscape.com
d6dd1b2540
Return to using the thread safe version. The non-thread safe version can double free memory
2000-05-31 22:37:17 +00:00
relyea%netscape.com
2900921f0d
Fix bug which would have bypassed mac checking in TLS
2000-05-31 22:36:02 +00:00
relyea%netscape.com
30767104df
Set up code that allows you to run only some of the SSL tests in a single run.
2000-05-31 22:35:00 +00:00
relyea%netscape.com
5243fc1acd
Fix Environment variable overrides.
2000-05-31 22:34:07 +00:00
mcgreer%netscape.com
e771f6a310
fix static array (found with solaris 2.7 build)
2000-05-31 22:17:47 +00:00
thayes%netscape.com
bbed546e6b
Initial version of header for SDR wrappers
2000-05-27 03:31:51 +00:00
nelsonb%netscape.com
51de4ce7a6
Fix build on NT. Correct link order in PKCS11 directory.
2000-05-27 01:30:29 +00:00
nelsonb%netscape.com
211a572ab0
Add new implementation of the algorithm from RFC 2268. Fix some comments.
2000-05-27 01:29:35 +00:00
mcgreer%netscape.com
23966b8923
fix up file handling.
2000-05-26 23:19:17 +00:00
mcgreer%netscape.com
308ca1e370
break off mode list when next option is reached
2000-05-26 23:09:09 +00:00
mcgreer%netscape.com
9fdfa1ad70
fix dsa self-test
2000-05-26 23:05:05 +00:00
mcgreer%netscape.com
746aedde1f
* allow a directory for tests to be specified
...
* separate pqg generation for dsa test
* fix dsa self-test
2000-05-26 23:04:47 +00:00
thayes%netscape.com
27d1adc752
Initial version of the PK11 wrappers for SDR. This version uses a fixed key id (0)
...
and and 3DES key value.
2000-05-26 22:24:01 +00:00
mcgreer%netscape.com
d5c80d5666
self-test
2000-05-26 07:53:38 +00:00
mcgreer%netscape.com
0b167f4b76
self-test
2000-05-26 07:48:19 +00:00
mcgreer%netscape.com
8fef6c639b
Fix up the hashes to only use one mode. Add self-test capability to bltest (test each of the BLAPI functions). DSA self-test not working at this time.
2000-05-26 07:41:22 +00:00
mcgreer%netscape.com
6a074fdf4a
Allow any build to use moz_import rule. mozilla dbm uses different lib name, so copy it over.
2000-05-25 23:10:35 +00:00
nelsonb%netscape.com
bdcd27c9cb
Use the -g keysize value, instead of DES_KEY_LENGTH, for all crypto
...
algorithms except DES and 3DES.
2000-05-25 22:42:23 +00:00
nelsonb%netscape.com
34ae72b37f
Simplify and speed up client cache expiration detection.
2000-05-24 19:28:27 +00:00
nelsonb%netscape.com
a57f63746a
Correct the implementation of the options for disabling SSL2, SSL3 and TLS.
...
Add a new -R option to selfserv, which disables detection of rollback from
TLS to SSL3.0. This is necessary for testing with broken TLS clients.
2000-05-24 03:44:50 +00:00
nelsonb%netscape.com
0ea2ec3f99
Fix the logic in client and server to detect version roll-back attack,
...
rolling back from TLS (SSL 3.1) to SSL 3.0. Provide a new SSL socket
option to disable roll-back detection in servers, since certain TLS
clients are doing it incorrectly.
2000-05-24 03:35:23 +00:00
nelsonb%netscape.com
d14a82cbb8
Changes in support of corrected TLS rollback detection.
2000-05-24 03:31:44 +00:00
nelsonb%netscape.com
a113e9ad8a
Fix a transcription error that caused a crash.
2000-05-24 02:22:18 +00:00
mcgreer%netscape.com
1f8008ee85
Added calls for BSAFE 5.0
2000-05-23 22:15:25 +00:00
mcgreer%netscape.com
5d1cd52439
break a long rsa message into key-sized blocks for testing.
2000-05-23 20:01:31 +00:00
chrisk%netscape.com
cc9a75cd14
Added RFC2630 OID values:
...
SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = id-alg-ESDH
SEC_OID_CMS_3DES_KEY_WRAP = id-alg-CMS3DESwrap
SEC_OID_CMS_RC2_KEY_WRAP = id-alg-CMSRC2wrap
2000-05-22 15:28:22 +00:00
chrisk%netscape.com
8a40c748ac
Added SEC_ASN1DecodeInteger function
2000-05-22 15:24:20 +00:00
mcgreer%netscape.com
ebf9115175
hash performance functions now look the same as the other ciphers. add a zerobuffer option to avoid creating random buffers when performance testing.
2000-05-19 22:50:48 +00:00
nelsonb%netscape.com
7e2567dffc
Performance enhancement. Takes only 70% as long as previous version.
2000-05-19 22:14:38 +00:00
mcgreer%netscape.com
be99cf056a
fix up the mode arrays.
2000-05-19 21:02:05 +00:00
mcgreer%netscape.com
2e902ef580
work on making test program more usable.
...
* added usage
* chaining modes and stream ciphers reset contexts when doing multiple iterations for performance testing
2000-05-19 20:34:05 +00:00
nelsonb%netscape.com
5875fc4cc5
Add support for sha1. Add repetition count argument to -p.
2000-05-19 18:35:53 +00:00
nelsonb%netscape.com
b486d9d3d5
Fix sha_fast for 64-bit solaris and 64-bit Alpha.
2000-05-19 02:10:33 +00:00
mcgreer%netscape.com
bd476fcdc8
very rudimentary test code for regression tests of BLAPI.
2000-05-18 22:59:42 +00:00
mcgreer%netscape.com
5ca43c9e50
Changing MIN's and MAX's to PR_MIN, PR_MAX
2000-05-18 15:32:18 +00:00
mcgreer%netscape.com
1d3f68dd7e
Changing all MIN's and MAX's to PR_MIN, PR_MAX
2000-05-18 15:30:12 +00:00
mcgreer%netscape.com
aba66a5214
changing all MIN's and MAX's to PR_MIN, PR_MAX (MIN and MAX were defined in dbm).
2000-05-18 15:28:43 +00:00
nelsonb%netscape.com
db1c7e8b35
Changes to ssl_EmulateSendFile suggested by Wan-Teh.
...
See http://bugzilla.mozilla.org/show_bug.cgi?id=39011
2000-05-18 01:32:53 +00:00
roeber%netscape.com
7f2818aa4e
Applying ancient patch to dump out extended key usage extensions
2000-05-18 01:02:40 +00:00
nelsonb%netscape.com
401cd644f6
In ssl3_GenerateSessionKeys() ensure params secitem always points to valid
...
CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure. Bugzilla bug 39682.
2000-05-18 00:41:38 +00:00
mcgreer%netscape.com
b5b10b72a8
allow import of NSPR and DBM from mozilla when building with BSAFE.
2000-05-17 23:19:18 +00:00
dougt%netscape.com
d50bfdd577
Mac tweeks.
2000-05-17 22:59:40 +00:00
roeber%netscape.com
4c7240ff19
Detect at runtime when we're running with NSPR 1 and switch the thread-private-data calls accordingly. This lets our pkcs#11 modules be loaded into Communicator.
2000-05-17 20:19:24 +00:00
roeber%netscape.com
bbe222523a
If a database has not been given a label, return the filename so Communicator has *something* to show
2000-05-17 18:28:13 +00:00
mcgreer%netscape.com
40616e7038
fix some compiler warnings
2000-05-17 17:31:20 +00:00
mcgreer%netscape.com
1d9865e6d7
including md2 and md5 implementations in MOZILLA_SECURITY_BUILD
2000-05-16 23:05:47 +00:00
mcgreer%netscape.com
978cc868ef
Performance enhancements for md5 implementation.
...
+ unroll a loop in md5_compress
+ remove a superfluous variable
2000-05-16 18:18:39 +00:00
relyea%netscape.com
3d81202616
Add a mini-framework to allow us to test NSS releases without using tet.
2000-05-16 17:50:52 +00:00
relyea%netscape.com
984310dddf
Change the attribute allocation scheme to a fixed array in the object.
2000-05-16 17:40:22 +00:00
relyea%netscape.com
0430e9e67e
Add SSL and TLS to the slotlist search functions
2000-05-16 17:37:10 +00:00
relyea%netscape.com
a46662c0d0
1) performance changes.
...
a) do C_Decrypt in the handUnwrap case on it's own session so we don't
single thread through the code.
b) reuse the session created for the symKey when importing the key from data.
2) robustness changes.
a) try different ways of getting the signature length if non-complient
tokens don't present the modulus to us.
b) Recover from state buffers changing sizes on us in the middle of
GetOperationState().
2000-05-16 17:36:24 +00:00
relyea%netscape.com
9da670d592
Only output caching if we turn tracing on.
2000-05-16 17:28:31 +00:00
relyea%netscape.com
edb6ec0cf5
Add TLS and SSL flags to modutil.
...
Allow the Default flag to work specifically on a slot.
2000-05-16 17:27:29 +00:00
relyea%netscape.com
673272c023
1) add code to allow selfserv to reuse existing listen ports when they are 'just haning around' (allows our test suits to run when starting and stopping the server all the time).
...
2) flush out any server output so it doesn't get lost from out test suites
2000-05-16 17:25:42 +00:00
roeber%netscape.com
3cb835685f
sync the database after writes
2000-05-16 01:55:20 +00:00
roeber%netscape.com
4c6e020a10
Properly deregister shadow objects of session objects
2000-05-16 01:54:46 +00:00
mcgreer%netscape.com
97c5e2820b
In BSAFE build, libfreebl.a has symbols needed by libbsafe.a (memory management).
2000-05-16 00:18:51 +00:00
mcgreer%netscape.com
36eabb038c
reordered libraries for builds
2000-05-15 22:59:12 +00:00
roeber%netscape.com
4b1bc871db
Store object contents in network byte order, for database portability
2000-05-15 20:59:11 +00:00
roeber%netscape.com
84d6e244cd
Use the public (cap-NSS) mutex calls, not the private ones
2000-05-15 20:58:19 +00:00
dougt%netscape.com
23147eed0c
Updating project to build with standalone nlsLayer.
2000-05-15 20:56:30 +00:00
mcgreer%netscape.com
6342624688
Changed DestroyContext functions so that freeit means free everything or free nothing, not just the context pointer.
2000-05-15 20:54:35 +00:00
roeber%netscape.com
d46ea0e2c3
First checkin of database module
2000-05-15 20:39:58 +00:00
mcgreer%netscape.com
50cdc7829c
Add condition for BSAFE build.
2000-05-12 23:37:36 +00:00
mcgreer%netscape.com
0d6b5ee3a6
Initial checkin of implementations of MD2 and MD5. An empty definition of Diffie-Hellman to allow for building, more later. Changes to Makefile for building with BSAFE.
2000-05-12 23:35:06 +00:00
dougt%netscape.com
4759075517
Changes make project use static crypto lib.
2000-05-12 18:55:31 +00:00
dougt%netscape.com
7dc028cf1e
Minor changes to fix mac build bustages.
2000-05-12 18:43:28 +00:00
roeber%netscape.com
6416a1bd38
Adding CK_USHORT back in, for pedantic tests' sake
2000-05-09 18:57:58 +00:00
roeber%netscape.com
21d2b28567
Backing out accidental (recursive) commit
2000-05-09 18:35:24 +00:00
roeber%netscape.com
28dc429127
Added ckmd.h to private exports list
2000-05-09 18:31:16 +00:00
nelsonb%netscape.com
e65d9f2223
Small optimization for RSA Server Key exchange message. Uses fewer PK11_
...
calls to do the job. Also, plug one mem leak in Fortezza code.
2000-05-08 23:55:05 +00:00
roeber%netscape.com
93ef5fd122
Initial checkin of an simple module-excercise program
2000-05-08 23:19:45 +00:00
nelsonb%netscape.com
64d442182a
Several fixes. Builds on WIN32. Prints Usage when invalid syntax.
2000-05-08 23:13:10 +00:00
mcgreer%netscape.com
48ae0ebe61
change to comment text
2000-05-05 00:50:38 +00:00
mcgreer%netscape.com
3e2a298606
Code to provide hooks to RSA's BSAFE licensed code.
2000-05-04 21:58:18 +00:00
ddrinan%netscape.com
3a05765647
Remove special import for Solaris 2.5.1
2000-05-04 21:48:43 +00:00
mwelch%netscape.com
6556ee4eaf
Adding Mac files, primarily as placeholders
2000-04-28 09:14:36 +00:00
roeber%netscape.com
739f76548f
Getting session objects working.
2000-04-20 03:14:47 +00:00
roeber%netscape.com
93897a83fe
Wait a minute, I was right the first time: I don't need to worry about
...
endianness, that's a display problem.
2000-04-19 22:07:09 +00:00
roeber%netscape.com
db07e9f9cf
Multiple changes to get the cryptoki framework and builtin-object
...
module working: 1) C_GetFunctionList is always present; 2) fwObject
and fwSession now remember their handles on behalf of the fwInstance;
3) fwSessions are created before mdSessions, so the mdSession can
use the fwSession's arena; 4) finished implementing findObjects;
5) builtin constants are in network byte order; 6) libnssckbi.so
knows about and can pull in its dependencies (e.g. libnssckfw.so,
libnssb.so, and NSPR).
2000-04-19 21:32:38 +00:00
roeber%netscape.com
c71276e88d
I missed a couple usages of nssUTF8_Size when its signature changed.
...
Also made a pedantic check #ifdef PEDANTIC.
2000-04-19 21:24:57 +00:00
roeber%netscape.com
c7ce07669f
Free from the beginning of the real block pointer, not the user's pointer.
2000-04-19 21:23:13 +00:00
nelsonb%netscape.com
967ed46e9f
This file was not the source authorized by Paul Kocher of Cryptography
...
Research Inc for release on Mozilla. It has been replaced by sha_fast.c.
2000-04-07 02:24:57 +00:00
nelsonb%netscape.com
81f283c678
Switch freebl to use the sha1 sources authorized by Paul Kocher of
...
Cryptography Research Inc.
2000-04-07 02:22:47 +00:00
nelsonb%netscape.com
2554f98616
Make additional performance improvements, especially for big endian CPUs.
2000-04-07 01:14:06 +00:00
nelsonb%netscape.com
25f97cee57
Detect failure of NSS_Init.
2000-04-06 23:02:44 +00:00
repka%netscape.com
9501e89926
Put "btoa" back into the built directories, since the underlying code
...
is now available in nss/lib.
2000-04-06 22:45:50 +00:00
repka%netscape.com
6f4b665973
Build new base64 encoder implementation.
2000-04-06 22:41:21 +00:00
repka%netscape.com
80689ecb46
Removed BTOA_ConvertItemToAscii (now defined in nssb64e.c, using new
...
base64 encoder implementation).
2000-04-06 22:38:27 +00:00
nelsonb%netscape.com
082f19af2f
Convert to BLAPI interface. Make very minor optimizations.
2000-04-06 06:07:37 +00:00
nelsonb%netscape.com
6ad931fad9
Check in original SHA implementation sources on behalf of Paul Kocher Cryptography Research, Inc. paul@cryptography.com
2000-04-06 02:48:30 +00:00
repka%netscape.com
355556a555
Fixed some typos and inconsistencies.
2000-04-06 00:42:49 +00:00
repka%netscape.com
97cb8bcf38
First cut at replacement for base64 encoder.
2000-04-06 00:39:49 +00:00
repka%netscape.com
73b70ac5a7
- Added an error check and comment complementary to thayes's previous change
...
(same as I had already made in my version, but he beat me to checking it in).
- Some miscellaneous clean-up (typos, really).
2000-04-06 00:38:12 +00:00
thayes%netscape.com
48f0c9789e
Initialize SECItem values in ATOB_ routines to avoid PR_Assert for previously
...
allocated data buffers in the NSS versions of these routines.
2000-04-06 00:26:24 +00:00
thayes%netscape.com
915877263f
Change handling of hash table for OSCP hashes to delete both hash key and
...
associated value in the hashtable "free entry" routine. Fixes a memory leak.
(Re Netscape bug: 390117)
2000-04-06 00:24:43 +00:00
repka%netscape.com
f852f35853
Add a trailing CRLF; the encoder doesn't.
2000-04-06 00:15:54 +00:00
nelsonb%netscape.com
8499f9c677
Change definition of $FILES. Don't include contents of CVS subdirectory.
2000-04-05 01:11:53 +00:00
relyea%netscape.com
a3332a7b7f
Make the stub sytem work for WIN NT as well as other unix platforms:
...
1) fix compile issue in the stub maci.c file (change dllimports to dllexports).
2) build a dll with matching lib to make the symbols all work.
2000-04-04 23:49:50 +00:00
roeber%netscape.com
ce5fd5acf0
Added a comment to the PORT character-conversion routines about
...
network byte order.
2000-04-04 18:27:34 +00:00
roeber%netscape.com
0f208ea997
Make the conversion routines handle network byte order, not host byte order.
2000-04-04 02:36:46 +00:00
relyea%netscape.com
0633919690
Use NSINSTALL instead of symbolic links so crypto works on NT builds as well.
2000-04-03 22:28:49 +00:00
roeber%netscape.com
f59f634fdf
typo I missed from last may
2000-04-03 21:58:53 +00:00
roeber%netscape.com
78c1cb10f0
the license boilerplate whompage induced a compile-blocking typo
2000-04-03 21:58:34 +00:00
relyea%netscape.com
cf7b7608db
Update makefiles so NT will build. (and other platforms that don't have symbolic links)
2000-04-03 21:41:33 +00:00
mcgreer%netscape.com
84d9905156
Initial checkin of sslstrength/ssltelnet source.
2000-04-03 20:31:05 +00:00
mcgreer%netscape.com
dbe48be092
Initial checkin of signver source.
2000-04-03 20:24:02 +00:00
mcgreer%netscape.com
8c34a18c15
Initial checkin of signver source.
2000-04-03 20:15:57 +00:00
mcgreer%netscape.com
1f7ca7b2cb
Initial checkin of signtool source.
2000-04-03 19:08:51 +00:00
mcgreer%netscape.com
725d3b78b6
Initial checkin of pk12util source.
2000-04-03 18:56:53 +00:00
relyea%netscape.com
6836d54003
Remove modutil until we can fix a build problem.
2000-03-31 20:59:58 +00:00
relyea%netscape.com
5ff98f3f5a
Adjust jzlib.h acquired for zlib.h to it builds in the .jar file.
...
Add define in manistet to make it work.
2000-03-31 20:56:10 +00:00
relyea%netscape.com
a86f4bbdb8
remove an incorrectly checked in file
2000-03-31 20:50:44 +00:00
relyea%netscape.com
477a06c7b1
Create the Security link correctly.
2000-03-31 20:48:55 +00:00
relyea%netscape.com
9fd7059a19
Initial NSS Open Source checkin
2000-03-31 20:13:40 +00:00
relyea%netscape.com
8c4b7edd1d
Initial NSS Open Source Checkin
2000-03-31 19:16:26 +00:00
relyea%netscape.com
3302748a42
Initial NSS Open source checkin
2000-03-31 19:14:40 +00:00