julien.pierre.bugs%sun.com
c56d3589f6
Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson
2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
9499265f5c
Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
...
Change existing callers to pass this argument. Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files: freebl/alghmac.c freebl/alghmac.h freebl/loader.c
freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
nelsonb%netscape.com
fdffe11308
Fix regression introduced in last checkin. If the caller disables the
...
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack. bug 305147. r=julien.pierre
2005-09-10 01:18:40 +00:00
nelsonb%netscape.com
4b56704437
Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS.
...
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
2005-09-09 03:02:16 +00:00
glen.beasley%sun.com
8ebcacd943
305984 update FIPS values for cipher suites file=sslinfo.c r=bob,sr=wtc
2005-09-06 17:15:32 +00:00
julien.pierre.bugs%sun.com
22ff330626
Fix AIX build problem
2005-08-18 23:37:31 +00:00
nelsonb%netscape.com
d391504d03
Remove fortezza code from libSSL and from the SSL test programs.
...
Stop building fortezza's special software token, and fortezza specific
test programs. Bug 239960. r=rrelyea.
Modified Files:
cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
lib/ssl/sslt.h
2005-08-16 03:42:26 +00:00
wtchang%redhat.com
252be2d441
Bugzilla Bug 288647: enable building NSS with an NSPR binary distribution.
...
Introduced NSPR_INCLUDE_DIR and NSPR_LIB_DIR make variables. Portions of
the patch were contributed by Chris Seawood <cls@seawood.org>. r=relyea.
Modified Files:
coreconf/OS2.mk coreconf/OpenVMS.mk coreconf/location.mk
nss/cmd/platlibs.mk nss/cmd/shlibsign/Makefile
nss/cmd/shlibsign/sign.cmd nss/cmd/shlibsign/sign.sh
nss/lib/ckfw/builtins/Makefile
nss/lib/fortcrypt/swfort/pkcs11/Makefile nss/lib/nss/config.mk
nss/lib/smime/config.mk nss/lib/softoken/config.mk
nss/lib/ssl/config.mk
2005-07-21 23:48:30 +00:00
wtchang%redhat.com
fafa59ce5f
Bugzilla Bug 298953: fixed a memory leak in sslBuffer_Grow if PORT_Realloc
...
fails. r=nelsonb.
2005-06-28 17:48:26 +00:00
nelsonb%netscape.com
7d6edc424d
Back out the preceeding fortezza removal patch, which was accidentally
...
applied to the trunk, not to the intended branch.
2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
17a1f014fd
Remove fortezza support from libSSL and related commands. Bug 239960.
...
ON PERFORMANCE_HACKS_BRANCH. r=rrelyea.
2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
095a0172f0
Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre.
...
Modified Files: sslimpl.h sslinfo.c sslsecur.c sslsock.c
2005-04-05 03:48:20 +00:00
nelsonb%netscape.com
d126b39b34
Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien
...
Instead, if SSL_NO_CACHE is not set, return an error code.
2005-03-09 05:20:44 +00:00
julien.pierre.bugs%sun.com
09e544676a
Fix for 269581 - cache the value of CKA_PRIVATE on private keys to avoid unnecessary C_GetAttributeValue . Also fix i
...
ncorrect logic in attribute tests. r=rrelyea,wtchang
2005-02-24 00:38:23 +00:00
wtchang%redhat.com
cf7f00183c
Bug 236613: fixed the fallout from the change to MPL/LGPL/GPL tri-license.
...
Our script for processing the *.def on the Mac cannot handle blank lines.
Modified Files: nssckbi.def nss.def smime.def softokn.def ssl.def
2005-02-23 19:25:39 +00:00
gerv%gerv.net
f45b5900c8
Bug 236613: change to MPL/LGPL/GPL tri-license.
2005-02-02 22:28:27 +00:00
julien.pierre.bugs%sun.com
99bef0be47
Fix for 273993 . SSL client cache grows with non-restartable sessions . r=saul,nelson
2004-12-17 02:01:35 +00:00
nelsonb%netscape.com
1d3641f999
Follow the SSL2 specification more closely in accepting and rejecting
...
SSL messages. Previously NSS would reject some it should accept
and vice versa. Bugscape bug 57121. r=wtc,julien
2004-06-24 02:02:39 +00:00
jpierre%netscape.com
a11c975bed
Fix for 237934 - nss_InitLock not atomic. r=nelson
2004-06-19 03:21:39 +00:00
jpierre%netscape.com
3c9a7eb176
Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris
2004-05-25 00:13:12 +00:00
wchang0222%aol.com
081ede0ac7
Bugscape bug 57081: If the make variable NISCC_TEST is defined at build
...
time, add -DNISCC_TEST to the compile command line. The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
lib/ssl/config.mk lib/ssl/manifest.mn
2004-05-13 01:29:15 +00:00
jpierre%netscape.com
79af302c8e
Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc
2004-05-11 03:48:25 +00:00
gerv%gerv.net
9bd361a285
Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines.
2004-04-27 23:04:40 +00:00
gerv%gerv.net
3634d4d94b
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
c4b2be519c
Add conditionally compiled code for NISCC testing of NSS's SSL library.
...
patch by Ian McGreer. Bugscape bug 53322.
2004-03-05 23:28:57 +00:00
jpierre%netscape.com
f1a9128ad1
Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb
2004-03-03 03:18:56 +00:00
nelsonb%netscape.com
8dc069e8e4
Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2
...
records that are too short. Bugscape bug 54814
2004-01-08 06:52:00 +00:00
jpierre%netscape.com
8a6338d551
Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF
2004-01-08 01:37:46 +00:00
wchang0222%aol.com
9ccb6b87c5
Made wincx the last argument of PK11_PubDeriveExtended. r=relyea.
...
Modified Files: pk11func.h pk11skey.c ssl3con.c
2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
390b635832
Grow handshake message buffer once per message, not once per each message
...
segment received. Bugscape bug 53418.
2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
afd97d4f96
Remove one unnecessary transition from the SSL3 state machine.
...
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
2003-10-31 07:01:05 +00:00
wchang0222%aol.com
4327068745
Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the
...
previous checkin.
2003-10-22 01:00:10 +00:00
nelsonb%netscape.com
9413aae7aa
When the SSL_NO_CACHE option is set on an SSL server socket, don't touch
...
the server session cache AT ALL. Bug 222726
2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
6436ed5ab3
Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452.
2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
47dc9b03e8
SSL_ShutdownServerSessionIDCache no longer leaks the cache memory.
...
Bug 222065. r=wchang0222
2003-10-19 01:25:10 +00:00
ian.mcgreer%sun.com
5c2c5888f9
ECC code landing.
...
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
8464dc0bb6
Eliminate unnecessary copying of CA names in HandleCertRequest.
...
Bug 204686.
2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
96f28b4691
Detect Zero length certs and zero length CA names. Bug 204686.
...
Also, eliminate unnecessary copying of incoming certs.
2003-10-03 02:01:18 +00:00
wtc%netscape.com
4f4355b894
Bugzilla bug 214674: made the Linux implementation of sslMutex really work.
...
They were no-ops in multiprocess mode before. The patch is Nelson
Bolyard's. r=wtc.
2003-08-28 22:23:59 +00:00
nelsonb%netscape.com
cc8d6b1b9f
Eliminate TCP connection reset errors that occur when server requires
...
client auth and SSL3 client doesn't authenticate. The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
2003-05-30 23:22:39 +00:00
wtc%netscape.com
213a402f9d
Bug 134113: make NSS build on Win32 using GCC (MinGW). The patch
...
(attachment 121068) is contributed by Chris Seawood (cls@seawood.org ).
2003-04-20 04:23:37 +00:00
jpierre%netscape.com
3609f97d06
Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb
2003-04-17 02:03:39 +00:00
jpierre%netscape.com
d07c7a50f5
Fix for 201259 . Make the default client auth callback NSS_GetClientAuthData work with dual-key certs. r=nelsonb, sr=wtc
2003-04-09 22:23:10 +00:00
nelsonb%netscape.com
3f52ba47c1
Changes to enable ECC over characteristic 2^m fields.
...
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
nss/lib/util/secoidt.h
2003-03-29 00:18:30 +00:00
nelsonb%netscape.com
29640f53f9
Add missing return statement.
2003-03-27 03:07:47 +00:00
wtc%netscape.com
a98f4c0628
Bug 199082: checked in Nelson's patch, which
...
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
2003-03-26 00:31:13 +00:00
relyea%netscape.com
abfd3a64f2
Make indention style consistant with SSL's usage, not softoken/pk11 usage.
2003-03-13 16:36:43 +00:00
relyea%netscape.com
d9b9435a62
Allow for tokens that don't require login. bug 197082
2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
f87129ad87
Add support for Elliptic Curve Cryptography. Bug 195135.
...
Modified Files:
cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
lib/cryptohi/keythi.h lib/cryptohi/seckey.c
lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
lib/softoken/lowkeyti.h lib/softoken/manifest.mn
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
lib/util/secoid.c lib/util/secoidt.h
Added Files:
lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
lib/freebl/ec.h lib/softoken/ecdecode.c
2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce
Fix bug 160207. Make TLS implementation resistant to timing attacks on
...
CBC block mode cipher suites in TLS. See bug for details.
2003-02-21 23:00:16 +00:00