Commit Graph

3447 Commits

Author SHA1 Message Date
chrisk%netscape.com
3902194f5b Added some comments and asserts 2000-06-21 18:12:02 +00:00
chrisk%netscape.com
92a3672caa Oops - fixed the fix. The prototype now correctly unpacks into a
DHPublicKey structure.
2000-06-21 00:04:38 +00:00
chrisk%netscape.com
a83d527722 Fix OID for DC AVAs - the root OID in RFC2247 is not different from
the root OID in RFC1274 - so the one we had was WRONG.
I don't know where it came from.
2000-06-20 16:31:31 +00:00
chrisk%netscape.com
390a6f1dec Add code for generation of SMIMEProfile and SMIMEKeyEncryptionPreference 2000-06-20 16:28:59 +00:00
chrisk%netscape.com
23cd2f3659 First feeble attempt at fixing the problem that our definition of
Diffie-Hellman key parameters does not encompass all the optional
fields defined in RFC2459, section 7.3.2 (namely j and validationParams).

I added comments reminding us of the fact that PQGParams need to be
extended to hold these, and fixed the ASN1 prototype from its previous
totally broken status to one that decodes prime, subPrime and base
correctly, and skips the rest.

This avoids failure in public key extraction (which is part of verification)
with DH certs.
2000-06-20 16:22:36 +00:00
chrisk%netscape.com
3550ea9e23 Fix problem where DH certs were always rejected when verifying them
for EMail encryption.
A Diffie-Hellman key needs to be tested for KU_KEY_AGREEMENT, not
KU_KEY_ENCIPHERMENT.
2000-06-20 16:15:32 +00:00
chrisk%netscape.com
568524e3be Fixed bug in sequence printing code: array counter was overshooting by one 2000-06-20 14:35:17 +00:00
chrisk%netscape.com
c8e8241728 Fix bug in decoder:
When encoding indefinitely & encountering an optional field at the end of
a sequence, right after an IMPLICIT or POINTER template, the decoder
was not propagating the optionalness and the end-of-contents condition
correctly as it hits the end-of-contents octets instead of the optional
field. This is because IMPLICIT and POINTER push TWO states to look
for the next tag, not just one.
(The first state is "afterImplicit" or "afterPointer", the second one
starts with "beforeIdentifier" as usual).
This finally makes decoding envelopedData messages in cmsutil work.
2000-06-20 13:24:01 +00:00
thayes%netscape.com
4cd82c9914 Fix double free of item value that is in an arena. 2000-06-16 23:26:16 +00:00
mcgreer%netscape.com
5c4d045072 attempt to add token support for listing certs & keys 2000-06-16 00:38:44 +00:00
mcgreer%netscape.com
1a4bf955be more cleanup on cert listing 2000-06-16 00:36:43 +00:00
chrisk%netscape.com
9f56a873d3 Add generation of SMIMECapabilities 2000-06-14 23:17:52 +00:00
chrisk%netscape.com
fa197d9014 canonicalization step adds CRs to LFs only of there are no CRs present. 2000-06-14 23:15:06 +00:00
chrisk%netscape.com
9cbdb3d252 Make example 5.7 of ietf-smime-examples draft decode correctly
(we still cannot look up certs by SubjectKeyID, so it won't verify)
2000-06-14 23:12:48 +00:00
beard%netscape.com
32dc89c957 (not part of build) added mozilla/security/nss/lib/smime to access paths. 2000-06-14 03:16:41 +00:00
chrisk%netscape.com
f7113ab1b2 Merge smimetk_branch to tip... 2000-06-13 21:56:37 +00:00
relyea%netscape.com
d43393b11b reuse old key structures on a given token rather than building it up and
tearing it down every time.
2000-06-13 21:37:28 +00:00
relyea%netscape.com
78671954d3 Reuse old Object structures rather than build and free them every time. 2000-06-13 21:34:52 +00:00
chrisk%netscape.com
67e0b44687 Fix DSA / BLAPI interface by creating stub functions that have the
correct signature for being called via context->update or context->verify.
2000-06-12 23:43:42 +00:00
mcgreer%netscape.com
dd3dd4e3e1 added roots. 2000-06-12 22:39:02 +00:00
chrisk%netscape.com
091d437eca Sorted output for certutil -L 2000-06-12 22:25:40 +00:00
thayes%netscape.com
8d09de22cf Fix cleanup code in Decrypt to check for NULL pointers 2000-06-12 20:19:39 +00:00
thayes%netscape.com
d562a12ca9 Add permanent (token) key for supporting Secret Decoder Ring (SDR)
Bug 26085
2000-06-10 19:00:45 +00:00
nelsonb%netscape.com
9d2744f5ce Carry forward fix from NSS 2.8 for servers that don't do ssl2. 2000-06-06 20:32:18 +00:00
mcgreer%netscape.com
12b3563350 iterate context creation for all ciphers when doing performance tests. 2000-06-02 23:09:13 +00:00
mcgreer%netscape.com
8afb3c69cf fork content version between ns-branded builds and mozilla builds. 2000-06-02 22:35:29 +00:00
mcgreer%netscape.com
0307d81230 Allow for building with internal roots. 2000-06-02 18:37:53 +00:00
mcgreer%netscape.com
883e025f3d Allow for building with internal root certs. 2000-06-02 18:37:14 +00:00
mcgreer%netscape.com
10d32a14b9 more performance testing
* timing of context creation for ciphers
* provide system information
2000-06-02 01:40:29 +00:00
thayes%netscape.com
b2aa68c6fe Use PK11 fixed key lookup to locate the key value. Fix ENCRYPT/DECRYPT bug in
SDR_Decrypt.
2000-05-31 23:06:02 +00:00
relyea%netscape.com
d6dd1b2540 Return to using the thread safe version. The non-thread safe version can double free memory 2000-05-31 22:37:17 +00:00
relyea%netscape.com
2900921f0d Fix bug which would have bypassed mac checking in TLS 2000-05-31 22:36:02 +00:00
relyea%netscape.com
30767104df Set up code that allows you to run only some of the SSL tests in a single run. 2000-05-31 22:35:00 +00:00
relyea%netscape.com
5243fc1acd Fix Environment variable overrides. 2000-05-31 22:34:07 +00:00
mcgreer%netscape.com
e771f6a310 fix static array (found with solaris 2.7 build) 2000-05-31 22:17:47 +00:00
thayes%netscape.com
bbed546e6b Initial version of header for SDR wrappers 2000-05-27 03:31:51 +00:00
nelsonb%netscape.com
51de4ce7a6 Fix build on NT. Correct link order in PKCS11 directory. 2000-05-27 01:30:29 +00:00
nelsonb%netscape.com
211a572ab0 Add new implementation of the algorithm from RFC 2268. Fix some comments. 2000-05-27 01:29:35 +00:00
mcgreer%netscape.com
23966b8923 fix up file handling. 2000-05-26 23:19:17 +00:00
mcgreer%netscape.com
308ca1e370 break off mode list when next option is reached 2000-05-26 23:09:09 +00:00
mcgreer%netscape.com
9fdfa1ad70 fix dsa self-test 2000-05-26 23:05:05 +00:00
mcgreer%netscape.com
746aedde1f * allow a directory for tests to be specified
* separate pqg generation for dsa test
* fix dsa self-test
2000-05-26 23:04:47 +00:00
thayes%netscape.com
27d1adc752 Initial version of the PK11 wrappers for SDR. This version uses a fixed key id (0)
and and 3DES key value.
2000-05-26 22:24:01 +00:00
mcgreer%netscape.com
d5c80d5666 self-test 2000-05-26 07:53:38 +00:00
mcgreer%netscape.com
0b167f4b76 self-test 2000-05-26 07:48:19 +00:00
mcgreer%netscape.com
8fef6c639b Fix up the hashes to only use one mode. Add self-test capability to bltest (test each of the BLAPI functions). DSA self-test not working at this time. 2000-05-26 07:41:22 +00:00
mcgreer%netscape.com
6a074fdf4a Allow any build to use moz_import rule. mozilla dbm uses different lib name, so copy it over. 2000-05-25 23:10:35 +00:00
nelsonb%netscape.com
bdcd27c9cb Use the -g keysize value, instead of DES_KEY_LENGTH, for all crypto
algorithms except DES and 3DES.
2000-05-25 22:42:23 +00:00
nelsonb%netscape.com
34ae72b37f Simplify and speed up client cache expiration detection. 2000-05-24 19:28:27 +00:00
nelsonb%netscape.com
a57f63746a Correct the implementation of the options for disabling SSL2, SSL3 and TLS.
Add a new -R option to selfserv, which disables detection of rollback from
TLS to SSL3.0.  This is necessary for testing with broken TLS clients.
2000-05-24 03:44:50 +00:00
nelsonb%netscape.com
0ea2ec3f99 Fix the logic in client and server to detect version roll-back attack,
rolling back from TLS (SSL 3.1) to SSL 3.0.  Provide a new SSL socket
option to disable roll-back detection in servers, since certain TLS
clients are doing it incorrectly.
2000-05-24 03:35:23 +00:00
nelsonb%netscape.com
d14a82cbb8 Changes in support of corrected TLS rollback detection. 2000-05-24 03:31:44 +00:00
nelsonb%netscape.com
a113e9ad8a Fix a transcription error that caused a crash. 2000-05-24 02:22:18 +00:00
mcgreer%netscape.com
1f8008ee85 Added calls for BSAFE 5.0 2000-05-23 22:15:25 +00:00
mcgreer%netscape.com
5d1cd52439 break a long rsa message into key-sized blocks for testing. 2000-05-23 20:01:31 +00:00
chrisk%netscape.com
cc9a75cd14 Added RFC2630 OID values:
SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = id-alg-ESDH
SEC_OID_CMS_3DES_KEY_WRAP                   = id-alg-CMS3DESwrap
SEC_OID_CMS_RC2_KEY_WRAP                    = id-alg-CMSRC2wrap
2000-05-22 15:28:22 +00:00
chrisk%netscape.com
8a40c748ac Added SEC_ASN1DecodeInteger function 2000-05-22 15:24:20 +00:00
mcgreer%netscape.com
ebf9115175 hash performance functions now look the same as the other ciphers. add a zerobuffer option to avoid creating random buffers when performance testing. 2000-05-19 22:50:48 +00:00
nelsonb%netscape.com
7e2567dffc Performance enhancement. Takes only 70% as long as previous version. 2000-05-19 22:14:38 +00:00
mcgreer%netscape.com
be99cf056a fix up the mode arrays. 2000-05-19 21:02:05 +00:00
mcgreer%netscape.com
2e902ef580 work on making test program more usable.
* added usage
* chaining modes and stream ciphers reset contexts when doing multiple iterations for performance testing
2000-05-19 20:34:05 +00:00
nelsonb%netscape.com
5875fc4cc5 Add support for sha1. Add repetition count argument to -p. 2000-05-19 18:35:53 +00:00
nelsonb%netscape.com
b486d9d3d5 Fix sha_fast for 64-bit solaris and 64-bit Alpha. 2000-05-19 02:10:33 +00:00
mcgreer%netscape.com
bd476fcdc8 very rudimentary test code for regression tests of BLAPI. 2000-05-18 22:59:42 +00:00
mcgreer%netscape.com
5ca43c9e50 Changing MIN's and MAX's to PR_MIN, PR_MAX 2000-05-18 15:32:18 +00:00
mcgreer%netscape.com
1d3f68dd7e Changing all MIN's and MAX's to PR_MIN, PR_MAX 2000-05-18 15:30:12 +00:00
mcgreer%netscape.com
aba66a5214 changing all MIN's and MAX's to PR_MIN, PR_MAX (MIN and MAX were defined in dbm). 2000-05-18 15:28:43 +00:00
nelsonb%netscape.com
db1c7e8b35 Changes to ssl_EmulateSendFile suggested by Wan-Teh.
See http://bugzilla.mozilla.org/show_bug.cgi?id=39011
2000-05-18 01:32:53 +00:00
roeber%netscape.com
7f2818aa4e Applying ancient patch to dump out extended key usage extensions 2000-05-18 01:02:40 +00:00
nelsonb%netscape.com
401cd644f6 In ssl3_GenerateSessionKeys() ensure params secitem always points to valid
CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure.  Bugzilla bug 39682.
2000-05-18 00:41:38 +00:00
mcgreer%netscape.com
b5b10b72a8 allow import of NSPR and DBM from mozilla when building with BSAFE. 2000-05-17 23:19:18 +00:00
dougt%netscape.com
d50bfdd577 Mac tweeks. 2000-05-17 22:59:40 +00:00
roeber%netscape.com
4c7240ff19 Detect at runtime when we're running with NSPR 1 and switch the thread-private-data calls accordingly. This lets our pkcs#11 modules be loaded into Communicator. 2000-05-17 20:19:24 +00:00
roeber%netscape.com
bbe222523a If a database has not been given a label, return the filename so Communicator has *something* to show 2000-05-17 18:28:13 +00:00
mcgreer%netscape.com
40616e7038 fix some compiler warnings 2000-05-17 17:31:20 +00:00
mcgreer%netscape.com
1d9865e6d7 including md2 and md5 implementations in MOZILLA_SECURITY_BUILD 2000-05-16 23:05:47 +00:00
mcgreer%netscape.com
978cc868ef Performance enhancements for md5 implementation.
+ unroll a loop in md5_compress
+ remove a superfluous variable
2000-05-16 18:18:39 +00:00
relyea%netscape.com
3d81202616 Add a mini-framework to allow us to test NSS releases without using tet. 2000-05-16 17:50:52 +00:00
relyea%netscape.com
984310dddf Change the attribute allocation scheme to a fixed array in the object. 2000-05-16 17:40:22 +00:00
relyea%netscape.com
0430e9e67e Add SSL and TLS to the slotlist search functions 2000-05-16 17:37:10 +00:00
relyea%netscape.com
a46662c0d0 1) performance changes.
a) do C_Decrypt in the handUnwrap case on it's own session so we don't
 single thread through the code.
	b) reuse the session created for the symKey when importing the key from data.

2) robustness changes.
	a) try different ways of getting the signature length if non-complient
 tokens don't present the modulus to us.
	b) Recover from state buffers changing sizes on us in the middle of
GetOperationState().
2000-05-16 17:36:24 +00:00
relyea%netscape.com
9da670d592 Only output caching if we turn tracing on. 2000-05-16 17:28:31 +00:00
relyea%netscape.com
edb6ec0cf5 Add TLS and SSL flags to modutil.
Allow the Default flag to work specifically on a slot.
2000-05-16 17:27:29 +00:00
relyea%netscape.com
673272c023 1) add code to allow selfserv to reuse existing listen ports when they are 'just haning around' (allows our test suits to run when starting and stopping the server all the time).
2) flush out any server output so it doesn't get lost from out test suites
2000-05-16 17:25:42 +00:00
roeber%netscape.com
3cb835685f sync the database after writes 2000-05-16 01:55:20 +00:00
roeber%netscape.com
4c6e020a10 Properly deregister shadow objects of session objects 2000-05-16 01:54:46 +00:00
mcgreer%netscape.com
97c5e2820b In BSAFE build, libfreebl.a has symbols needed by libbsafe.a (memory management). 2000-05-16 00:18:51 +00:00
mcgreer%netscape.com
36eabb038c reordered libraries for builds 2000-05-15 22:59:12 +00:00
roeber%netscape.com
4b1bc871db Store object contents in network byte order, for database portability 2000-05-15 20:59:11 +00:00
roeber%netscape.com
84d6e244cd Use the public (cap-NSS) mutex calls, not the private ones 2000-05-15 20:58:19 +00:00
dougt%netscape.com
23147eed0c Updating project to build with standalone nlsLayer. 2000-05-15 20:56:30 +00:00
mcgreer%netscape.com
6342624688 Changed DestroyContext functions so that freeit means free everything or free nothing, not just the context pointer. 2000-05-15 20:54:35 +00:00
roeber%netscape.com
d46ea0e2c3 First checkin of database module 2000-05-15 20:39:58 +00:00
mcgreer%netscape.com
50cdc7829c Add condition for BSAFE build. 2000-05-12 23:37:36 +00:00
mcgreer%netscape.com
0d6b5ee3a6 Initial checkin of implementations of MD2 and MD5. An empty definition of Diffie-Hellman to allow for building, more later. Changes to Makefile for building with BSAFE. 2000-05-12 23:35:06 +00:00
dougt%netscape.com
4759075517 Changes make project use static crypto lib. 2000-05-12 18:55:31 +00:00
dougt%netscape.com
7dc028cf1e Minor changes to fix mac build bustages. 2000-05-12 18:43:28 +00:00
roeber%netscape.com
6416a1bd38 Adding CK_USHORT back in, for pedantic tests' sake 2000-05-09 18:57:58 +00:00
roeber%netscape.com
21d2b28567 Backing out accidental (recursive) commit 2000-05-09 18:35:24 +00:00
roeber%netscape.com
28dc429127 Added ckmd.h to private exports list 2000-05-09 18:31:16 +00:00
nelsonb%netscape.com
e65d9f2223 Small optimization for RSA Server Key exchange message. Uses fewer PK11_
calls to do the job. Also, plug one mem leak in Fortezza code.
2000-05-08 23:55:05 +00:00
roeber%netscape.com
93ef5fd122 Initial checkin of an simple module-excercise program 2000-05-08 23:19:45 +00:00
nelsonb%netscape.com
64d442182a Several fixes. Builds on WIN32. Prints Usage when invalid syntax. 2000-05-08 23:13:10 +00:00
mcgreer%netscape.com
48ae0ebe61 change to comment text 2000-05-05 00:50:38 +00:00
mcgreer%netscape.com
3e2a298606 Code to provide hooks to RSA's BSAFE licensed code. 2000-05-04 21:58:18 +00:00
ddrinan%netscape.com
3a05765647 Remove special import for Solaris 2.5.1 2000-05-04 21:48:43 +00:00
mwelch%netscape.com
6556ee4eaf Adding Mac files, primarily as placeholders 2000-04-28 09:14:36 +00:00
roeber%netscape.com
739f76548f Getting session objects working. 2000-04-20 03:14:47 +00:00
roeber%netscape.com
93897a83fe Wait a minute, I was right the first time: I don't need to worry about
endianness, that's a display problem.
2000-04-19 22:07:09 +00:00
roeber%netscape.com
db07e9f9cf Multiple changes to get the cryptoki framework and builtin-object
module working:  1) C_GetFunctionList is always present; 2) fwObject
and fwSession now remember their handles on behalf of the fwInstance;
3) fwSessions are created before mdSessions, so the mdSession can
use the fwSession's arena; 4) finished implementing findObjects;
5) builtin constants are in network byte order; 6) libnssckbi.so
knows about and can pull in its dependencies (e.g. libnssckfw.so,
libnssb.so, and NSPR).
2000-04-19 21:32:38 +00:00
roeber%netscape.com
c71276e88d I missed a couple usages of nssUTF8_Size when its signature changed.
Also made a pedantic check #ifdef PEDANTIC.
2000-04-19 21:24:57 +00:00
roeber%netscape.com
c7ce07669f Free from the beginning of the real block pointer, not the user's pointer. 2000-04-19 21:23:13 +00:00
nelsonb%netscape.com
967ed46e9f This file was not the source authorized by Paul Kocher of Cryptography
Research Inc for release on Mozilla.  It has been replaced by sha_fast.c.
2000-04-07 02:24:57 +00:00
nelsonb%netscape.com
81f283c678 Switch freebl to use the sha1 sources authorized by Paul Kocher of
Cryptography Research Inc.
2000-04-07 02:22:47 +00:00
nelsonb%netscape.com
2554f98616 Make additional performance improvements, especially for big endian CPUs. 2000-04-07 01:14:06 +00:00
nelsonb%netscape.com
25f97cee57 Detect failure of NSS_Init. 2000-04-06 23:02:44 +00:00
repka%netscape.com
9501e89926 Put "btoa" back into the built directories, since the underlying code
is now available in nss/lib.
2000-04-06 22:45:50 +00:00
repka%netscape.com
6f4b665973 Build new base64 encoder implementation. 2000-04-06 22:41:21 +00:00
repka%netscape.com
80689ecb46 Removed BTOA_ConvertItemToAscii (now defined in nssb64e.c, using new
base64 encoder implementation).
2000-04-06 22:38:27 +00:00
nelsonb%netscape.com
082f19af2f Convert to BLAPI interface. Make very minor optimizations. 2000-04-06 06:07:37 +00:00
nelsonb%netscape.com
6ad931fad9 Check in original SHA implementation sources on behalf of Paul Kocher Cryptography Research, Inc. paul@cryptography.com 2000-04-06 02:48:30 +00:00
repka%netscape.com
355556a555 Fixed some typos and inconsistencies. 2000-04-06 00:42:49 +00:00
repka%netscape.com
97cb8bcf38 First cut at replacement for base64 encoder. 2000-04-06 00:39:49 +00:00
repka%netscape.com
73b70ac5a7 - Added an error check and comment complementary to thayes's previous change
(same as I had already made in my version, but he beat me to checking it in).
- Some miscellaneous clean-up (typos, really).
2000-04-06 00:38:12 +00:00
thayes%netscape.com
48f0c9789e Initialize SECItem values in ATOB_ routines to avoid PR_Assert for previously
allocated data buffers in the NSS versions of these routines.
2000-04-06 00:26:24 +00:00
thayes%netscape.com
915877263f Change handling of hash table for OSCP hashes to delete both hash key and
associated value in the hashtable "free entry" routine.  Fixes a memory leak.
(Re Netscape bug: 390117)
2000-04-06 00:24:43 +00:00
repka%netscape.com
f852f35853 Add a trailing CRLF; the encoder doesn't. 2000-04-06 00:15:54 +00:00
nelsonb%netscape.com
8499f9c677 Change definition of $FILES. Don't include contents of CVS subdirectory. 2000-04-05 01:11:53 +00:00
relyea%netscape.com
a3332a7b7f Make the stub sytem work for WIN NT as well as other unix platforms:
1) fix compile issue in the stub maci.c file (change dllimports to dllexports).
	2) build a dll with matching lib to make the symbols all work.
2000-04-04 23:49:50 +00:00
roeber%netscape.com
ce5fd5acf0 Added a comment to the PORT character-conversion routines about
network byte order.
2000-04-04 18:27:34 +00:00
roeber%netscape.com
0f208ea997 Make the conversion routines handle network byte order, not host byte order. 2000-04-04 02:36:46 +00:00
relyea%netscape.com
0633919690 Use NSINSTALL instead of symbolic links so crypto works on NT builds as well. 2000-04-03 22:28:49 +00:00
roeber%netscape.com
f59f634fdf typo I missed from last may 2000-04-03 21:58:53 +00:00
roeber%netscape.com
78c1cb10f0 the license boilerplate whompage induced a compile-blocking typo 2000-04-03 21:58:34 +00:00
relyea%netscape.com
cf7b7608db Update makefiles so NT will build. (and other platforms that don't have symbolic links) 2000-04-03 21:41:33 +00:00
mcgreer%netscape.com
84d9905156 Initial checkin of sslstrength/ssltelnet source. 2000-04-03 20:31:05 +00:00
mcgreer%netscape.com
dbe48be092 Initial checkin of signver source. 2000-04-03 20:24:02 +00:00
mcgreer%netscape.com
8c34a18c15 Initial checkin of signver source. 2000-04-03 20:15:57 +00:00
mcgreer%netscape.com
1f7ca7b2cb Initial checkin of signtool source. 2000-04-03 19:08:51 +00:00
mcgreer%netscape.com
725d3b78b6 Initial checkin of pk12util source. 2000-04-03 18:56:53 +00:00
relyea%netscape.com
6836d54003 Remove modutil until we can fix a build problem. 2000-03-31 20:59:58 +00:00
relyea%netscape.com
5ff98f3f5a Adjust jzlib.h acquired for zlib.h to it builds in the .jar file.
Add define in manistet to make it work.
2000-03-31 20:56:10 +00:00
relyea%netscape.com
a86f4bbdb8 remove an incorrectly checked in file 2000-03-31 20:50:44 +00:00
relyea%netscape.com
477a06c7b1 Create the Security link correctly. 2000-03-31 20:48:55 +00:00
relyea%netscape.com
9fd7059a19 Initial NSS Open Source checkin 2000-03-31 20:13:40 +00:00
relyea%netscape.com
8c4b7edd1d Initial NSS Open Source Checkin 2000-03-31 19:16:26 +00:00
relyea%netscape.com
3302748a42 Initial NSS Open source checkin 2000-03-31 19:14:40 +00:00