Commit Graph

193 Commits

Author SHA1 Message Date
julien.pierre.bugs%sun.com
c56d3589f6 Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson 2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
9499265f5c Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
Change existing callers to pass this argument.  Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files:  freebl/alghmac.c freebl/alghmac.h freebl/loader.c
  freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
  ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
nelsonb%netscape.com
fdffe11308 Fix regression introduced in last checkin. If the caller disables the
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack.  bug 305147. r=julien.pierre
2005-09-10 01:18:40 +00:00
nelsonb%netscape.com
4b56704437 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS.
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
2005-09-09 03:02:16 +00:00
glen.beasley%sun.com
8ebcacd943 305984 update FIPS values for cipher suites file=sslinfo.c r=bob,sr=wtc 2005-09-06 17:15:32 +00:00
julien.pierre.bugs%sun.com
22ff330626 Fix AIX build problem 2005-08-18 23:37:31 +00:00
nelsonb%netscape.com
d391504d03 Remove fortezza code from libSSL and from the SSL test programs.
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h
2005-08-16 03:42:26 +00:00
wtchang%redhat.com
252be2d441 Bugzilla Bug 288647: enable building NSS with an NSPR binary distribution.
Introduced NSPR_INCLUDE_DIR and NSPR_LIB_DIR make variables. Portions of
the patch were contributed by Chris Seawood <cls@seawood.org>. r=relyea.
Modified Files:
	coreconf/OS2.mk coreconf/OpenVMS.mk coreconf/location.mk
	nss/cmd/platlibs.mk nss/cmd/shlibsign/Makefile
	nss/cmd/shlibsign/sign.cmd nss/cmd/shlibsign/sign.sh
	nss/lib/ckfw/builtins/Makefile
	nss/lib/fortcrypt/swfort/pkcs11/Makefile nss/lib/nss/config.mk
	nss/lib/smime/config.mk nss/lib/softoken/config.mk
	nss/lib/ssl/config.mk
2005-07-21 23:48:30 +00:00
wtchang%redhat.com
fafa59ce5f Bugzilla Bug 298953: fixed a memory leak in sslBuffer_Grow if PORT_Realloc
fails. r=nelsonb.
2005-06-28 17:48:26 +00:00
nelsonb%netscape.com
7d6edc424d Back out the preceeding fortezza removal patch, which was accidentally
applied to the trunk, not to the intended branch.
2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
17a1f014fd Remove fortezza support from libSSL and related commands. Bug 239960.
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.
2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
095a0172f0 Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre.
Modified Files:  sslimpl.h sslinfo.c sslsecur.c sslsock.c
2005-04-05 03:48:20 +00:00
nelsonb%netscape.com
d126b39b34 Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien
Instead, if SSL_NO_CACHE is not set, return an error code.
2005-03-09 05:20:44 +00:00
julien.pierre.bugs%sun.com
09e544676a Fix for 269581 - cache the value of CKA_PRIVATE on private keys to avoid unnecessary C_GetAttributeValue . Also fix i
ncorrect logic in attribute tests. r=rrelyea,wtchang
2005-02-24 00:38:23 +00:00
wtchang%redhat.com
cf7f00183c Bug 236613: fixed the fallout from the change to MPL/LGPL/GPL tri-license.
Our script for processing the *.def on the Mac cannot handle blank lines.
Modified Files: nssckbi.def nss.def smime.def softokn.def ssl.def
2005-02-23 19:25:39 +00:00
gerv%gerv.net
f45b5900c8 Bug 236613: change to MPL/LGPL/GPL tri-license. 2005-02-02 22:28:27 +00:00
julien.pierre.bugs%sun.com
99bef0be47 Fix for 273993 . SSL client cache grows with non-restartable sessions . r=saul,nelson 2004-12-17 02:01:35 +00:00
nelsonb%netscape.com
1d3641f999 Follow the SSL2 specification more closely in accepting and rejecting
SSL messages.  Previously NSS would reject some it should accept
and vice versa.  Bugscape bug 57121. r=wtc,julien
2004-06-24 02:02:39 +00:00
jpierre%netscape.com
a11c975bed Fix for 237934 - nss_InitLock not atomic. r=nelson 2004-06-19 03:21:39 +00:00
jpierre%netscape.com
3c9a7eb176 Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris 2004-05-25 00:13:12 +00:00
wchang0222%aol.com
081ede0ac7 Bugscape bug 57081: If the make variable NISCC_TEST is defined at build
time, add -DNISCC_TEST to the compile command line.  The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
	cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
	lib/ssl/config.mk lib/ssl/manifest.mn
2004-05-13 01:29:15 +00:00
jpierre%netscape.com
79af302c8e Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 2004-05-11 03:48:25 +00:00
gerv%gerv.net
9bd361a285 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 2004-04-27 23:04:40 +00:00
gerv%gerv.net
3634d4d94b Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
c4b2be519c Add conditionally compiled code for NISCC testing of NSS's SSL library.
patch by Ian McGreer.  Bugscape bug 53322.
2004-03-05 23:28:57 +00:00
jpierre%netscape.com
f1a9128ad1 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 2004-03-03 03:18:56 +00:00
nelsonb%netscape.com
8dc069e8e4 Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2
records that are too short.  Bugscape bug 54814
2004-01-08 06:52:00 +00:00
jpierre%netscape.com
8a6338d551 Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
9ccb6b87c5 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea.
Modified Files: pk11func.h pk11skey.c ssl3con.c
2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
390b635832 Grow handshake message buffer once per message, not once per each message
segment received.  Bugscape bug 53418.
2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
afd97d4f96 Remove one unnecessary transition from the SSL3 state machine.
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
2003-10-31 07:01:05 +00:00
wchang0222%aol.com
4327068745 Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the
previous checkin.
2003-10-22 01:00:10 +00:00
nelsonb%netscape.com
9413aae7aa When the SSL_NO_CACHE option is set on an SSL server socket, don't touch
the server session cache AT ALL.  Bug 222726
2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
6436ed5ab3 Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
47dc9b03e8 SSL_ShutdownServerSessionIDCache no longer leaks the cache memory.
Bug 222065. r=wchang0222
2003-10-19 01:25:10 +00:00
ian.mcgreer%sun.com
5c2c5888f9 ECC code landing.
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
8464dc0bb6 Eliminate unnecessary copying of CA names in HandleCertRequest.
Bug 204686.
2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
96f28b4691 Detect Zero length certs and zero length CA names. Bug 204686.
Also, eliminate unnecessary copying of incoming certs.
2003-10-03 02:01:18 +00:00
wtc%netscape.com
4f4355b894 Bugzilla bug 214674: made the Linux implementation of sslMutex really work.
They were no-ops in multiprocess mode before.  The patch is Nelson
Bolyard's.  r=wtc.
2003-08-28 22:23:59 +00:00
nelsonb%netscape.com
cc8d6b1b9f Eliminate TCP connection reset errors that occur when server requires
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
wtc%netscape.com
213a402f9d Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org).
2003-04-20 04:23:37 +00:00
jpierre%netscape.com
3609f97d06 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 2003-04-17 02:03:39 +00:00
jpierre%netscape.com
d07c7a50f5 Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc 2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
3f52ba47c1 Changes to enable ECC over characteristic 2^m fields.
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
29640f53f9 Add missing return statement. 2003-03-27 03:07:47 +00:00
wtc%netscape.com
a98f4c0628 Bug 199082: checked in Nelson's patch, which
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2 Make indention style consistant with SSL's usage, not softoken/pk11 usage. 2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62 Allow for tokens that don't require login. bug 197082 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87 Add support for Elliptic Curve Cryptography. Bug 195135.
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce Fix bug 160207. Make TLS implementation resistant to timing attacks on
CBC block mode cipher suites in TLS.  See bug for details.
2003-02-21 23:00:16 +00:00