Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-06 09:05:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
139,400 Commits 615 Branches 98 Tags 5.9 GiB
d501f3ab57
Commit Graph

2186 Commits

Author SHA1 Message Date
jgmyers%speakeasy.net
a8dcaab07f address review comments: bug 231659 2004-01-28 04:29:14 +00:00
jgmyers%speakeasy.net
c9010119e9 rewrite utf8 parser for strictness: bug 231659 r=MisterSSL 2004-01-28 03:48:43 +00:00
relyea%netscape.com
78ce53de23 bug 231698: fix regression in reading SDR data in databases written on 64-bit platforms. 
r=MisterSSL
 2004-01-27 18:31:29 +00:00
jpierre%netscape.com
8c43abd07c Fix for 231051 - crlutil asserts after importing CRL. r=nelsonb, wtc 2004-01-27 00:02:16 +00:00
nelsonb%netscape.com
0df0cbe4cf Fix crashes that occur when optional policyQualifiers are not present. 
Bug 230951. r=kinmoz.
 2004-01-23 22:50:01 +00:00
wchang0222%aol.com
d3011eaa97 Bumped version to 1.50 (for NSS 3.10). 2004-01-23 22:15:39 +00:00
nelsonb%netscape.com
77a00800e8 RFC 3280 says Name Constraints do not apply to self-issued CA certs, 
including self-issued intermediate CA certs (so-called "roll-over" certs).
This fixes an NISCC test failure.  Bug 231030. r=wtc.
 2004-01-23 06:06:06 +00:00
nelsonb%netscape.com
61d56ab306 When a name attribute's value exceeds the maximum allowed length, display 
a truncated version of it, followed by ellipsis.  Bug 220855. r=wtc
 2004-01-22 23:45:30 +00:00
nelsonb%netscape.com
7709686c56 Correct NSS's key usage tests for certs with non-RSA public keys. 
Bug 221638. r=relyea.
 2004-01-22 22:04:54 +00:00
nelsonb%netscape.com
b99a74cbae Detect duplicate issuer name and serial number between two temp certs. 
Bug 230996. r=ian, relyea.
 2004-01-22 02:36:53 +00:00
nelsonb%netscape.com
1db7eb8535 Fix name constraints code to pass NIST PKITS test 38. r=wtc. Bug 231223. 2004-01-22 02:33:41 +00:00
nelsonb%netscape.com
ce75f8d873 Move an extern function declaration to the header file where it belongs. 
Bug 229212. r=relyea.
 2004-01-22 02:19:42 +00:00
nelsonb%netscape.com
1a1c7cb409 Fix bug in cert path length validation. Bug 221644. r=jpierre 2004-01-21 05:32:18 +00:00
wchang0222%aol.com
5963bd156f Bugzilla bug 229299: fixed unused variable warning. r=nelsonb. 2004-01-20 22:57:40 +00:00
jgmyers%speakeasy.net
ffbdacaeb8 fix review comment: bug 53133 2004-01-20 19:57:17 +00:00
nelsonb%netscape.com
d8dc4c1455 Detect absent isCA flags in basic constraints. Detect and reject negative 
or too large positive path length constraints in basic constraints.
Bug 221644. r=jpierre.
 2004-01-16 21:33:16 +00:00
nelsonb%netscape.com
5e140a71db Fix template for Cert policy extensions. Bug 230951, r=jpierre 2004-01-16 05:36:08 +00:00
nelsonb%netscape.com
ad4476ab50 Fix NSS parsing of Issuer Unique ID and Subject Unique ID fields in 
certificate.  Bug 216116. r=jpierre
 2004-01-16 02:11:44 +00:00
jgmyers%speakeasy.net
fb8076054e fix comment per review: bug 53133 2004-01-16 01:04:57 +00:00
wchang0222%aol.com
dd0e83eb66 Minor change after review of previous checkin. Bug 53133. 2004-01-15 22:34:26 +00:00
relyea%netscape.com
30bb314da7 Fix build problems on some platforms. 2004-01-15 16:27:02 +00:00
wchang0222%aol.com
617cabf1fa Set NSS version to 3.10 Beta. 2004-01-15 15:08:58 +00:00
jgmyers%speakeasy.net
a71fdf6c5c Convert T61String-labeled ISO-8859-1 to UTF-8: bug 53133 r=nelsonb a=wtc 2004-01-15 06:23:14 +00:00
nelsonb%netscape.com
65088fd320 Add 2 additional OIDs to the list of acceptable digestEncryptionAlgIDs, 
per RFC 3370. r=thayes.  Bug 230761.
 2004-01-14 22:20:44 +00:00
wchang0222%aol.com
ab1b1d58f9 Bugzilla bug 229289: fixed an unused variable warning. r=relyea. 2004-01-13 01:59:41 +00:00
nelsonb%netscape.com
8dc069e8e4 Overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report SSL2 
records that are too short.  Bugscape bug 54814
 2004-01-08 06:52:00 +00:00
jpierre%netscape.com
8a6338d551 Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
435bc1ad86 Set NSS version to 3.9. 2004-01-08 01:04:56 +00:00
jpierre%netscape.com
e7036921ca Rename PK11_FindSlotsByAliases to PK11_FindSlotsByNames 2004-01-07 23:12:01 +00:00
jpierre%netscape.com
70f0bbf00d Rename CERT_DecodeTimeChoice/CERT_EncodeTimeChoice to DER_DecodeTimeChoice/DER_EncodeTimeChoice 2004-01-07 23:07:24 +00:00
nelsonb%netscape.com
5d8bd61334 Fix crashes in NSS_CMSSignedData_GetDigestValue and 
NSS_CMSContentInfo_GetContent that occur when a detached signature is not
accompanied by the data on which the signature was computed. Bug 229242.
Make NSS_CMSContentInfo_GetInnerContent and NSS_CMSMessage_GetContent
more easily debugged, by storing the results returned by function calls
in automatic variables before using them in subsequent calls/switches.
 2004-01-07 00:09:17 +00:00
relyea%netscape.com
6a63299667 Bug 229193 
Patch by wtc revied by relyea & ian
 2003-12-31 23:19:26 +00:00
wchang0222%aol.com
144c518d7a Set NSS version to 3.9 Beta 6. 2003-12-24 06:22:49 +00:00
wchang0222%aol.com
0ea554f2f9 Fixed unused variable compiler warning about 'html'. Declare it inside 
the same ifdef with which it is used.
 2003-12-23 21:37:07 +00:00
wchang0222%aol.com
34519e6ab3 Removed unused variable 'rawSigLen'. 2003-12-23 21:24:01 +00:00
wchang0222%aol.com
11c67b98af Removed unused variable 'attribute'. 2003-12-23 21:21:39 +00:00
wchang0222%aol.com
60cf880826 Include "nsslocks.h" for nss_InitLock. 2003-12-23 02:09:55 +00:00
wchang0222%aol.com
5bfcd81514 Declare the argument to SECKEY_ECParamsToKeySize as const. 
Modified Files: seckey.c pk11skey.c
 2003-12-23 02:05:28 +00:00
wchang0222%aol.com
09584fb9f9 Return a value of the correct type. 2003-12-23 01:03:39 +00:00
wchang0222%aol.com
290a965230 Fixed a spelling error. 2003-12-23 00:52:06 +00:00
wchang0222%aol.com
0433b41c3b Moved ecl-curve.h from the EXPORTS to the PRIVATE_EXPORTS list. 2003-12-23 00:17:04 +00:00
wchang0222%aol.com
79387320b7 Renamed SECKEY_ECParams2KeySize as SECKEY_ECParamsToKeySize. Do not export 
this function from the nss3 shared library.
Modified Files: seckey.c pk11skey.c nss.def
 2003-12-22 23:36:40 +00:00
wchang0222%aol.com
7adfc17d1d Declare the 'input' argument to CERT_DecodeTimeChoice as 'const'. Removed 
an extraneous semicolon (;) after the SEC_ASN1_CHOOSER_IMPLEMENT macro.
Modified Files: secder.h sectime.c
 2003-12-22 23:33:39 +00:00
nelsonb%netscape.com
76bb8f646c Some further cleanup of p12d.c. Bugscape bug 52528. r=wtc. 2003-12-20 01:33:06 +00:00
wchang0222%aol.com
7905ca6b6f Set NSS version to 3.9 Beta 5. 2003-12-20 00:35:01 +00:00
wchang0222%aol.com
9ccb6b87c5 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
312061509b Impose new limits on RSA public key sizes. 8k bits for modulus, 
64 bits for public exponent.  This prevents certain attacks on SSL
servers.  Bugscape bug 54019.  r=wtc,relyea.
 2003-12-19 23:50:45 +00:00
wchang0222%aol.com
010acd81c1 PK11_MoveKey was renamed PK11_MoveSymKey. r=relyea. 
Modified Files: symkeyutil.c nss.def pk11func.h pk11skey.c
 2003-12-19 23:29:43 +00:00
relyea%netscape.com
6e767fb4eb Make database access to the key db thread safe. 2003-12-19 23:24:48 +00:00
relyea%netscape.com
8ec4937462 Add keydb lock type. keydb should be locked like the certdb. 2003-12-19 23:24:00 +00:00
wchang0222%aol.com
5014045f8c Backed out the previous checkin, which broke our S/MIME QA tests. 2003-12-19 22:54:20 +00:00
wchang0222%aol.com
fac46295ff Bugzilla bug 228624: we need to call STAN_ForceCERTCertificateUpdate if 
the cert's instances changed.  r=relyea.
 2003-12-19 22:33:12 +00:00
wchang0222%aol.com
64276531dd Bugscape bug 54627: made the fix for NSS_CMSSignedData_Encode_BeforeData 
the same as the code in NSS_CMSSignedData_Decode_BeforeData.  r=nelsonb.
 2003-12-19 22:08:12 +00:00
wchang0222%aol.com
4a54a29151 Bugzilla bug 221133: fixed unused variable warning on some platforms. 
The patch is contributed by timeless@bemail.org.  r=wtc.
 2003-12-19 16:35:14 +00:00
nelsonb%netscape.com
70470925e0 Don't overwrite pointers to existing message digests if they've been 
precomputed.  Bugscape bug 54627.  r=wtc, jpierre.
 2003-12-19 03:58:28 +00:00
wchang0222%aol.com
8bfb2f97fd Set NSS version to 3.9 Beta 4. 2003-12-18 21:45:34 +00:00
wchang0222%aol.com
991ddf2ba6 Bugzilla bug 228624: made PK11_ListCertsInSlot reach into the Stan layer 
to obtain the correct nicknames of the cert instances (pk11cert.c).  Fixed
the bug that if a cert we want to add the the cache is already in the
cache, we should merge the instances of the cert before destroying the
duplicate cert (tdcache.c).  r=jpierre,relyea.
 2003-12-18 18:23:17 +00:00
wchang0222%aol.com
ec4dda5d19 Bugzilla bug 219982: removed an unused local variable. (The function call 
is needed for its side effect.)  Thanks to timeless@bemail.org and
Serge GAUTHERIE <gautheri@noos.fr> for the patch.  r=wtc.
 2003-12-17 22:43:25 +00:00
nelsonb%netscape.com
634bb98533 Allow NSS_CMSDigestContext objects to be created, even when there are 
no valid digest algorithm OIDs.  This allows "certs only" messages to
be decoded.  Bugzilla bug 228707. r=jpierre, wtc.
 2003-12-17 03:49:10 +00:00
wchang0222%aol.com
e3cda94421 Bugzilla bug 228618: fixed an incorrect use of realloc. Fixed an unused 
variable compiler warning.  r=jpierre.
 2003-12-16 04:24:57 +00:00
nelsonb%netscape.com
b41986df1b Fix S/MIME bugs that caused parallel arrays of digest OIDs and digest 
values to become out of sync.  Bugscape bug 54256. r=relyea.
Modified Files:	cmd/smimetools/cmsutil.c lib/smime/cmsdigest.c
 2003-12-12 23:55:06 +00:00
jpierre%netscape.com
3331d24ed7 Fix for 54061 . Return SEC_ERROR_INVALID_ARGS and remove assertions . r=wtc,misterssl 2003-12-12 21:42:02 +00:00
nelsonb%netscape.com
fff428a34a CERT_ImportCerts now returns SECFailure when NONE of the certs was succesfully imported. r=wtc. Bugscape bug 54311. 2003-12-06 06:52:53 +00:00
nelsonb%netscape.com
7ed9720eb2 __CERT_AddTempCertToPerm will now set error SEC_ERROR_ADDING_CERT 
when attempting to make a cert perm that is already permanent.
Bugzilla bug 227559. r=wtc
 2003-12-06 06:46:27 +00:00
nelsonb%netscape.com
87f5c7ded0 NSC_Finalize will now destroy 3 softoken free lists and one more 
global pointer.  Plugs some memory leaks.  Bugscape bug 54301. r=wtc
 2003-12-06 06:41:51 +00:00
wchang0222%aol.com
2483a508a7 Bugzilla bug 227296: fixed the bug that NSS_CMSAttribute_AddValue adds the 
address of a stack variable to the attr->values array.  Added a new
function SECITEM_ArenaDupItem.  r=nelsonb.
Modified Files:
	nss/nss.def util/secitem.c util/secitem.h smime/cmsarray.c
	smime/cmsattr.c
 2003-12-06 01:16:50 +00:00
nelsonb%netscape.com
265f6a9b37 Further simplification and improvement of the parsing of UTCTime 
and GeneralizedTime to avoid UMRs.  Bugscape bug 54198. r=wtc
 2003-12-05 04:53:28 +00:00
nelsonb%netscape.com
b87fc256c1 NSS_CMSContentInfo_Destroy() 
- The patch destroys the digest context member of the CMSContentInfo.
  It calls the previously unused function NSS_CMSDigestContext_Cancel
  to destroy the digest context.  Eliminates an object reference leak.
Bugscape bug 54208, r=relyea
 2003-12-04 00:39:24 +00:00
nelsonb%netscape.com
697b57f151 In functions NSS_CMSSignedData_Encode_AfterData and 
NSS_CMSSignedData_Decode_AfterData
  - These functions call NSS_CMSDigestContext_FinishMultiple, which
    always destroys the digest context, regardless of whether it returns
    SECSUccess or SECFailure.  So, change these functions to always NULL
    out the context pointer regardless of the returned value.
NSS_CMSSignedData_VerifySignerInfo()
  - Always call NSS_CMSSignerInfo_Verify() to set the verification status
    in the signerinfo object, even if some of the other arguments are NULL,
    or other failures have occurred, but avoid NULL pointer dereferences
    along the way.  Notice that this change is dependent on changes to
    NSS_CMSSignerInfo_Verify() (see below.)
NSS_CMSSignedData_SetDigests() - skip over missing digests.  Don't fail
    the function, and don't crash, if digest pointers are NULL.
Bugscape bug 54208, r=relyea
 2003-12-04 00:36:47 +00:00
nelsonb%netscape.com
8a0ca297e4 Functions NSS_CMSDigestedData_Encode_AfterData and 
NSS_CMSDigestedData_Decode_AfterData
- Since NSS_CMSDigestContext_FinishSingle always destroys the context,
  regardless of whether it returns SECSuccess or SECFailure, these
  functions have been changed to always NULL out the context pointer
  after calling NSS_CMSDigestContext_FinishSingle, regardless of the
  outcome.
Bugscape bug 54208, r=relyea
 2003-12-04 00:35:02 +00:00
nelsonb%netscape.com
d0960c05d3 There is a lot of "cleanup" in this file, wrapping source at 80 columns. 
The relevant fixes for this bug include:
NSS_CMSDigestContext_StartMultiple()
   - make sure that cmsdigcx->digcxs and cmsdigcx->digobjs are initialized.
   - at the "loser" label, be sure to free the digest context itself.
NSS_CMSDigestContext_Cancel()
   - after destroying all the objects, free the arrays of pointers to the
     objects, and the digest context itself.  Previously these items were
     leaked by this function.
NSS_CMSDigestContext_FinishMultiple()
   - ensure that this function ALWAYS destroys all the NSS digest objects,
     and doesn't stop destroying them if it encounters an error.  Note that
     this is a newer revision of an older patch for that problem.
   - always Free the arrays of pointers used in this object.
NSS_CMSDigestContext_FinishSingle()
   - simplify this code.
Bugscape bug 54208, r=relyea
 2003-12-04 00:32:18 +00:00
nelsonb%netscape.com
f6f1a0d2e4 NSS_CMSSignerInfo_Verify() 
- This function is changed to explicitly allow some of its input arguments
  to be NULL.  It will set the verification status in the CMSSignerInfo
  object accordingly.  Since this is the ONLY function that ever sets the
  verification status, it must be able to do so even when problems have
  occurred.
- lots of cleanup of this source code.
Bugscape bug 54208, r=relyea
 2003-12-04 00:29:31 +00:00
nelsonb%netscape.com
874fa3a93d Add null pointer checks to nss_cms_after_end and NSS_CMSEnvelopedData_Decode_AfterData. Bugscape bug 54061. r=wtc,relyea 
Lots of code "cleanup" (reformatting for 80 columns) in cmsdecode.c
 2003-12-04 00:14:24 +00:00
nelsonb%netscape.com
e4d53231f8 Avoid UMRs in dertime.c. Bugscape bug 54198. r=wtc. 2003-12-03 04:03:40 +00:00
jpierre%netscape.com
e6c9ba62d7 Fix for 54061 - null pointer check . r=nelsonb 2003-12-03 02:42:08 +00:00
wchang0222%aol.com
80462e9cb1 Bugscape bug 54021: in CERT_FindSubjectKeyIDExtension, if PORT_NewArena 
fails we should return SECFailure.  Document that the return values of
CERT_GetCommonName and NSS_CMSSignerInfo_GetSignerCommonName must be freed
with PORT_Free.  r=nelsonb.
Modified Files:
	certdb/alg1485.c certdb/cert.h certdb/certv3.c smime/cms.h
	smime/cmssiginfo.c
 2003-12-03 00:09:05 +00:00
jpierre%netscape.com
e5c708bb65 Prevent SMIME crash in the opaque signature test. bugscape 54061. r=nelsonb 2003-12-02 05:46:27 +00:00
jpierre%netscape.com
7eef555978 Fix for 54088 . Don't try to encode attributes with no value. r=wtc 2003-12-02 05:05:30 +00:00
nelsonb%netscape.com
02198fd686 Bound stan error stack at 16 error codes to limit growth. 
Bugscape bug 54021. r=wtc.
 2003-12-02 02:05:47 +00:00
nelsonb%netscape.com
785b886515 Detect invalid input buffer lengths, and return error instead of UMR> 
Bugscape bug 54021.  r=wchang0222
 2003-11-27 05:08:20 +00:00
nelsonb%netscape.com
13f3e6fa94 Fix leak in CERT_FindSubjectKeyIDExtension, and use the Quick DER 
decoder.  Bugscape bug 54021.  r=jpierre
 2003-11-27 05:06:20 +00:00
nelsonb%netscape.com
931071736c Clean up some arithmetic used for UCS4. Detect when UCS2 and UCS4 
buffers have invalid lengths.  Bugscape bug 54021. r=whang0222, relyea
 2003-11-27 01:08:59 +00:00
wchang0222%aol.com
dcc1fa5880 Bugzilla bug 226861: removed NSS_CMSSignedData_GetDigestByAlgTag, which is 
a duplicate of NSS_CMSSignedData_GetDigestValue.  r=nelsonb.
Modified Files: cms.h cmssigdata.c
 2003-11-26 23:50:02 +00:00
nelsonb%netscape.com
1c7b6a8ea4 In NSS_CMSSignedData_VerifySignerInfo(), test all returned pointers 
for NULL before attempting to dereference them.
Bugscape bug 54057. r=wchang0222
 2003-11-26 22:02:38 +00:00
nelsonb%netscape.com
36fc65a627 Performance enhancement. Detect absurdly large modulae in public keys, 
and don't waste time on them.  Bugscape bug 54019. r=relyea.
 2003-11-26 06:26:31 +00:00
nelsonb%netscape.com
d596531040 Remove an unnecessary and incorrect assert call. 
Bugscape bug 54018. r=jpierre
 2003-11-26 06:16:01 +00:00
nelsonb%netscape.com
20abf0c0aa Don't invoke PKCS11 with an invalid handle. Bug 226285. 
r=relyea sr=wchang0222
 2003-11-21 22:10:56 +00:00
nelsonb%netscape.com
d3382c6ffe Remove an overreaching constraing on modulus length. Bug 226285. 
r=relyea  sr=wchang0222
 2003-11-21 22:09:27 +00:00
nelsonb%netscape.com
52dffd46a8 Don't accept ASN.1 items whose length is 2GB or more. 
Bugscape bug 53875.  r=wchang0222 and r=relyea.
 2003-11-20 02:08:34 +00:00
nelsonb%netscape.com
67d78ccfb9 Dont attempt to allocate 2GB or more from an arenapool. 
Bugscape bug 53875. r=relyea.
 2003-11-20 02:06:16 +00:00
nelsonb%netscape.com
511a262edc Remove as assertion that is triggered by bad data input, but does not 
indicate a code flaw.  Bugscape bug 53875. r=relyea
 2003-11-20 02:04:07 +00:00
nelsonb%netscape.com
75ca774270 Be sure not to ask NSS to use an invalid PKCS11 mechanism. 
Bugscape bug 53875.  r=relyea.
 2003-11-20 02:00:04 +00:00
nelsonb%netscape.com
b79aed8a42 Plug a leak that occurs when code asks NSS to use an invalid PKCS11 
mechanism.  Bugscape bug 53875.  r=relyea
 2003-11-20 01:59:07 +00:00
nelsonb%netscape.com
eb21d36254 near total rewrite of PK11_ParamFromAlgid to eliminate leaks. 
Partial fix for Bugscape bug 53875.
 2003-11-19 03:23:41 +00:00
wchang0222%aol.com
604c4a98c3 Turns out that we can use a space to separate directories in a vpath 
directive.  This works cross platform.
 2003-11-19 01:12:31 +00:00
nelsonb%netscape.com
069f394fa8 Fix bugs in the new implementation of URI name constraints. 
Bugzilla Bug 221616.
 2003-11-19 00:56:59 +00:00
wchang0222%aol.com
f2fe58e2e0 Removed the declaration and a comment about PK11_FreeSlotCerts, which was 
deleted in NSS 3.4.
Modified Files: pk11func.h pk11slot.c
 2003-11-19 00:14:04 +00:00
nelsonb%netscape.com
c4ce0736e8 Fix unnecessary assertion failures occuring in SMIME testing in 
debug builds only.  Partial fix for bugscape bug 53775. r=wchang0222
 2003-11-18 06:16:26 +00:00
wchang0222%aol.com
157dedc0c2 Most platforms use ':' as path separator, but OS/2 uses ';'. So we use 
vpath directivies that specify a single directory to avoid dealing with
path separator.
 2003-11-18 04:04:05 +00:00
wchang0222%aol.com
c48834ab7e Set NSS version to 3.9 Beta 3. 2003-11-18 00:57:26 +00:00
wchang0222%aol.com
9bc7ce19bb Removed an extraneous character (`) after #endif. 2003-11-15 16:16:33 +00:00
nelsonb%netscape.com
e9f81f8499 Detect empty emailAddr strings in CERTCertificate. Bugzilla bug 211540. 2003-11-15 00:15:28 +00:00
nelsonb%netscape.com
b904b47318 Detect empty emailAddr strings in CERTCertificates. Bugzilla bug 211540. 
Modified Files:
    cmd/dbck/dbck.c cmd/signtool/util.c lib/certdb/certdb.c
    lib/certdb/stanpcertdb.c lib/pkcs7/p7decode.c lib/pki/certificate.c
    lib/pki/pki3hack.c lib/smime/cmssiginfo.c lib/softoken/pkcs11u.c
 2003-11-15 00:10:01 +00:00
relyea%netscape.com
12bf9a0f9f Changes for symkey support. 2003-11-14 03:25:52 +00:00
wchang0222%aol.com
a5782dcab7 Fixed a comment error. r=relyea. 2003-11-13 16:21:46 +00:00
wchang0222%aol.com
4868d7e8c2 Bugzilla bug 225373: the return value of CERT_NameToAscii must be freed 
with PORT_Free.
Modified Files:
	cmd/lib/secutil.c cmd/selfserv/selfserv.c
	cmd/signver/pk7print.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c lib/certdb/cert.h
 2003-11-13 16:10:45 +00:00
nelsonb%netscape.com
d1e962a746 Workaround race. Reduce leaks. Not a real fix. Bugzilla bug 225525. 2003-11-13 03:41:32 +00:00
nelsonb%netscape.com
1b6811ad2b Eliminate some leaks in Stan cert code. 
Partial fix to bugscape bug 53573.
 2003-11-11 21:46:53 +00:00
nelsonb%netscape.com
019719d8a8 Eliminate a cert leak. Patch is Bob Relyea's. 
Parial fix for Bugscape bug 53573.
 2003-11-11 21:45:48 +00:00
relyea%netscape.com
14c8c093a3 Repair error case for DH code in previous patch. 2003-11-07 16:21:40 +00:00
relyea%netscape.com
8cac9b6d61 Verify Parameters from the user before passing it on to freebl. r=nelson 2003-11-07 03:38:59 +00:00
relyea%netscape.com
4af3118d62 Add defines for DH and RSA key limits 2003-11-07 03:36:33 +00:00
nelsonb%netscape.com
314acd2bb7 Correct the validity checks on certain ASN.1 objects, allowing some that 
were previous disallowed, and vice versa.  Bug 53339.
 2003-11-07 01:41:22 +00:00
nelsonb%netscape.com
87e5cbd19a Fix some bugs in the code that formats OIDs for printing. 
Bugscape bug 53334.
 2003-11-06 02:02:32 +00:00
nelsonb%netscape.com
390b635832 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.
 2003-11-05 06:22:57 +00:00
wchang0222%aol.com
d45bb29e40 Set NSS version to 3.9 Beta 2. 2003-11-04 05:52:51 +00:00
nelsonb%netscape.com
374349f143 Rename get_oid_string to CERT_GetOidString and export it. Also, export 
CERT_DestroyOidSequence.  bug 222568.  r=jpierre (for this portion).
 2003-11-04 01:48:39 +00:00
wchang0222%aol.com
1cd3ab9050 Bugzilla bug 223624: fixed the compiler warning that case ecKey is not 
handled in the switch statement.  r=nelsonb.
 2003-11-01 05:17:16 +00:00
nelsonb%netscape.com
afd97d4f96 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com
522e0fe2b8 Enable generation of DES2 keys with mechanism CKM_DES2_KEY_GEN. Bug 201521 2003-10-31 02:33:16 +00:00
nelsonb%netscape.com
a973e0dc48 Correct the code that detects DES2 keys based on their lengths. Bug 201521 2003-10-30 22:31:09 +00:00
wchang0222%aol.com
2316ca4f0e Bugzilla bug 223624: declare pk11_FindAttrInTemplate before it is used. 
r=nelsonb.
 2003-10-25 14:10:11 +00:00
wchang0222%aol.com
d5bd3135a1 Bugzilla bug 223624: use PR_MAX to avoid redefining MAX, a macro commonly 
defined in system headers. r=nelsonb.
 2003-10-25 14:08:31 +00:00
jpierre%netscape.com
4d26e30240 Initialize crlHandle . r=wtc 2003-10-25 00:41:14 +00:00
nelsonb%netscape.com
1ce0f542ee Require DES, DES2 and DES3 keys to have correct length in all cases. 
Expand DES2 keys to be DES3 keys when used with DES3 mechanisms.
Bug 201521.
 2003-10-25 00:12:34 +00:00
wchang0222%aol.com
4bab03c0f6 Bugzilla bug 173715: fixed a crash in OCSP. We incorrectly assumed that 
'addr' was the last IP address of the host when PR_EnumerateHostEnt
returned 0 and attempted to connect to 'addr', resulting in an assertion
failure in PR_Connect. The fix is to not use 'addr' when
PR_EnumerateHostEnt returns 0.  r=relyea.
 2003-10-24 17:17:37 +00:00
wchang0222%aol.com
6dac9765c9 Removed nonexistent directory "crypto" from DIRS. 2003-10-24 05:29:08 +00:00
wchang0222%aol.com
ee1dc4bffd Bugzilla bug 223427: added a note section so that the linker knows we're 
not executing off the stack.  This patch is received from Christopher
Blizzard of Red Hat <blizzard@redhat.com>.
 2003-10-24 04:47:23 +00:00
wchang0222%aol.com
4327068745 Bugzilla bug 222065: fixed a bug (inside #ifdef WINNT) introduced in the 
previous checkin.
 2003-10-22 01:00:10 +00:00
nelsonb%netscape.com
0aaf7a10b3 Put the NSS 3.9 block back in ASCII sorting order, AGAIN. 2003-10-19 04:41:20 +00:00
nelsonb%netscape.com
9413aae7aa When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726
 2003-10-19 01:55:50 +00:00
nelsonb%netscape.com
6436ed5ab3 Declare SSL_NO_STEP_DOWN option. Partial fix to bug 148452. 2003-10-19 01:31:41 +00:00
nelsonb%netscape.com
47dc9b03e8 SSL_ShutdownServerSessionIDCache no longer leaks the cache memory. 
Bug 222065. r=wchang0222
 2003-10-19 01:25:10 +00:00
relyea%netscape.com
e07da99055 221067 NSS needs to be able to create token symkeys from unwrap and derive. 2003-10-18 00:38:04 +00:00
nelsonb%netscape.com
02bc947b35 Detect buffer overruns caused by flawed application-supplied callbacks, 
and avoid crashing due to them.  Bugscape bug 52528. r=wchang
 2003-10-17 21:12:13 +00:00
relyea%netscape.com
5eeaac60fc Incorporate WTC's review comments.. 2003-10-17 17:56:56 +00:00
ian.mcgreer%sun.com
5c2c5888f9 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
525a14b3ed Put the NSS 3.9 block in ASCII sorting order. 2003-10-17 05:45:19 +00:00
relyea%netscape.com
952d217499 Bug 156770 When we do a file import and give a bad password we get wrong errors back 
When we fail to decode based on a bad password, don't continue.

So once we've tried failed to decode a ANS.1 stream, don't continue collecting
more data.

On microsoft.pfx files, we would wind up decoding to the end of the encrypted
stream, then fail in the padding in PKCS #7. This code bypasses this problem by
making sure we don't continue to try to decode data once we've hit a bad
password failure.
 2003-10-16 23:49:15 +00:00
nelsonb%netscape.com
5251bce355 Eliminate redundant function declarations. Bug 208854. r=wchang0222 2003-10-14 17:44:33 +00:00
relyea%netscape.com
be2e372c47 Fix tinderbox breakage 2003-10-12 22:55:09 +00:00
nelsonb%netscape.com
886718db18 Correctly handle a NULL moduleSpecList. Bug 220217. 2003-10-11 01:49:24 +00:00
jpierre%netscape.com
f2e03876cf Fix for bug 221743 - incorrect certificate usage macro 2003-10-10 23:22:31 +00:00
relyea%netscape.com
40c2250bfc Bug 191467 
Multipart signing and verifying broken for several mechanisms in softoken
Reporter:   	Andreas.Sterbenz@sun.com (Andreas Sterbenz)
sr=nelsonb
 2003-10-10 15:32:26 +00:00
relyea%netscape.com
df0d80f9a5 Bug 203866 
Make unloaded modules visible for administrative purposes.
sr=wtc r=nelson
 2003-10-10 15:29:43 +00:00
relyea%netscape.com
e64bfbce5e Bug 203866. Make unloaded modules visible for administrative purposes. 
sr=wtc r=nelson
 2003-10-10 15:26:23 +00:00
relyea%netscape.com
115f203647 fix bug 203450 
jarevil.c:345: warning: implicit declaration of function \
  `__CERT_AddTempCertToPerm'

Obviously missing a declaration somewhere.

r=jpierr, wtc
 2003-10-09 22:17:04 +00:00
nelsonb%netscape.com
810ec798b2 Eliminate one of several redundant OID table lookups. Bug 207033. 2003-10-07 17:19:55 +00:00
nelsonb%netscape.com
8464dc0bb6 Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
655adbd496 The "valid CA" trust flag now overrides other CA cert checks. 
Works for SSL client as well as other usages.  Bug 200225
 2003-10-07 02:17:56 +00:00
nelsonb%netscape.com
0cd1f0b182 Export new function PK11_ExportEncryptedPrivKeyInfo. Bug 207033. 2003-10-07 01:29:32 +00:00
nelsonb%netscape.com
a1a6a4697c Create new function SECKEYEncryptedPrivateKeyInfo which is just like 
SECKEYEncryptedPrivateKeyInfo except that it identifies the private
key by a private key pointer, rather than by a certificate. Bug 207033.
 2003-10-07 01:26:38 +00:00
nelsonb%netscape.com
96f28b4691 Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.
 2003-10-03 02:01:18 +00:00
wtc%netscape.com
9bb8114b44 Bug 220963: need to handle the possibility that symKey may be NULL before 
dereferencing it.
 2003-10-01 23:01:46 +00:00
jpierre%netscape.com
60c78ee111 Fix for bug 141882 - convert email query keys to lowercase when searching . r=wtc 2003-09-30 02:33:40 +00:00
jpierre%netscape.com
347ed6b99f Fix for bug 94413 - OCSP needs more fine tuned error messages. r=wtc 2003-09-30 01:18:55 +00:00
nelsonb%netscape.com
4b6b1fdf59 Move a brace so vi will find the beginning of the function. 2003-09-27 01:45:35 +00:00
nelsonb%netscape.com
3ec40f0ab7 Don't use windowed exponentiation for small public exponents. 
Speeds up public key operations.  Path contributed by
    Sheueling Chang Shantz <sheueling.chang@sun.com>,
    Stephen Fung <stephen.fung@sun.com>, and
    Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
 2003-09-26 02:15:12 +00:00
jpierre%netscape.com
ec42f9469e Fix typo 2003-09-25 00:25:06 +00:00
nelsonb%netscape.com
b1d1bb21fa Fix bug 204549. Properly handle memory allocation failures. 2003-09-23 20:47:43 +00:00
wtc%netscape.com
3a76d91edd Bugzilla bug 204549: find_objects_by_template was not setting *statusOpt 
before one return statement.  r=nelsonb.
 2003-09-23 20:34:15 +00:00
wtc%netscape.com
95dc921cc9 Bugzilla bug 219713: fixed build bustage on all Unix platforms. We need 
to export CERT_TimeChoiceTemplate as data for Unix.
 2003-09-19 18:00:48 +00:00
jpierre%netscape.com
1b89629c4e Fix for 219082 - support GeneralizedTime in PKCS#7 signatures. r=nelsonb, sr=wtc 2003-09-19 04:16:19 +00:00
jpierre%netscape.com
a1dfac9b48 Fix for 219524 - support GeneralizedTime in S/MIME v3 signatures. r=wtc, sr=nelsonb 2003-09-19 04:14:50 +00:00
jpierre%netscape.com
7d744437c3 Fix for bug 143334 : add support for GeneralizedTime in certificates and CRLs. r=wtc,nelsonb 2003-09-19 04:08:51 +00:00
wtc%netscape.com
b58d136a9c The isOnList function is now unused. 2003-09-18 01:28:52 +00:00
jpierre%netscape.com
81db50ddf4 Fix for bug 215186 - add missing options to PK11_ListCerts . r=wtc 2003-09-18 00:22:18 +00:00
jpierre%netscape.com
58f736296d Add comment in the header for PK11_FindSlotsByAliases 2003-09-12 22:11:31 +00:00
wtc%netscape.com
eb363f3753 Bugzilla bug 215152: removed redundant pointer tests. Use 
SEC_ERROR_LIBRARY_FAILURE for NSS internal errors.
 2003-09-12 20:01:56 +00:00
wtc%netscape.com
f56dde49b6 Bugzilla bug 217247: improved the memory leak fix for the appData nicknames 
returned by PK11_ListCerts.  Instead of allocating them from the heap first
and copying to the arena, allocate them from the arena directly.  r=jpierre
Modified Files: certhigh.c pk11cert.c pki3hack.h pki3hack.c
 2003-09-12 19:38:04 +00:00
wtc%netscape.com
ecf1666d78 Bugzilla bug 214535: fixed a recursive dead lock on cache->lock. We must 
not call nssSlot_IsTokenPresent while cache->lock is locked because
that function may call nssToken_Remove, which locks cache->lock.  r=mcgreer
 2003-09-12 19:17:15 +00:00
wtc%netscape.com
ab28bc253c Bugzilla bug 208971: removed obsolete Mac CFM build files from NSS. 2003-09-11 00:01:07 +00:00
jpierre%netscape.com
763808f28e Fix for 215152 - better error handling 2003-09-10 01:33:25 +00:00
jpierre%netscape.com
568a561eeb Fix for bug 215152 . Improve error handling in PK11_FindSlotsByAliases 2003-09-10 01:31:54 +00:00
jpierre%netscape.com
ff3aebe85f Add PORT_Strpbrk macro 2003-09-08 23:29:14 +00:00
jpierre%netscape.com
f886a5b696 Fix for bug 72291 . resolve memory leak on nicknames . r=relyea 2003-09-05 00:15:52 +00:00
jpierre%netscape.com
61d58e111a Remove erroneous assertions 2003-09-03 23:52:01 +00:00
jpierre%netscape.com
3bc888cc5f Fix for bug 215152 . Export PK11_FindSlotsByAliases. r=relyea 2003-09-03 22:55:10 +00:00
jpierre%netscape.com
509dede7ea Add PK11_FindSlotsByAliases function . r=relyea 2003-09-03 22:48:20 +00:00
jpierre%netscape.com
4ee83fcf13 Fix for 216701 - verify CRLs with cert verification date rather than CRL lastupdate date 2003-08-30 01:07:21 +00:00
wtc%netscape.com
4f4355b894 Bugzilla bug 214674: made the Linux implementation of sslMutex really work. 
They were no-ops in multiprocess mode before.  The patch is Nelson
Bolyard's.  r=wtc.
 2003-08-28 22:23:59 +00:00
jpierre%netscape.com
9260c97765 Fix for 214201. remove unused variable 2003-08-27 01:47:57 +00:00
wtc%netscape.com
b881a9a0c6 Bugzilla bug 72291: have PK11_ListCerts return all the cert instances on 
tokens.  The patch is Julien Pierre's, with changes by Wan-Teh Chang.
Modified Files: pk11wrap/pk11cert.c pki/pki3hack.c pki/pki3hack.h
 2003-08-25 19:18:02 +00:00
wtc%netscape.com
408be85418 Bugzilla bug 209827: disable optimization to work around what appears to 
be a VACPP optimizer bug.
 2003-08-22 22:34:07 +00:00
jpierre%netscape.com
ad699539d3 Fix for bug 216944 - CERT_VerifyCertificate optimizations issues . r= wtc 2003-08-22 18:47:07 +00:00
wtc%netscape.com
4520771cc7 Fix from Ian to address Bugzilla bug 202179. 
The fix restores some old code that was removed as part of our
performance work (Bugzilla bug 145322).  Thus, there may be a
slight performance hit, but obviously, we need to have correct
code first.

This is a part of the code I really don't like.  To summarize,
there was a hack put in a long time ago to make sure that the
PKCS#11 session in which the SSL keys are generated was never
closed until the last key was deleted.  This only worked by chance,
and if any part of the code was changed (as was the case here), this
unstable equilibrium would be lost.  As with all hacks, it wasn't
really documented, so the problem escaped our notice.  As a result of
putting the hack back in, we're going back to the horribly wasteful
operation of opening 4 sessions and immediately closing them.  I intend
to have a proper solution in a later release.
 2003-08-12 18:21:55 +00:00
wtc%netscape.com
5d4cb72997 Deleted useless local variable 'arena' in cert_ImportCAChain. 2003-08-08 23:15:50 +00:00
wtc%netscape.com
f4184b8ca1 Bugzilla bug 214695: fixed incorrect use of PR_AtomicDecrement on reference 
counts.  The reference count should not be read "naked".  Instead, we
should simply use the return value of PR_AtomicDecrement for the result of
the decrement.
Modified Files: dev/devmod.c dev/devslot.c dev/devtoken.c pki/certificate.c
pki/pkibase.c
 2003-08-01 02:02:47 +00:00
nelsonb%netscape.com
e7297b0a76 Fix bug 213084. Detect when cert in signature cannot be imported. 
Detect NULL pointer, don't crash.
 2003-07-31 00:16:27 +00:00
bishakhabanerjee%netscape.com
670906f939 Bug 213903: removing unused variables 'delold', 'save', 'entry' 2003-07-28 22:55:16 +00:00
bishakhabanerjee%netscape.com
0a15715c3b Bug 213902 : removing unused variable "next" in "cert_DecodeNameConstraintSubTree" 2003-07-28 21:53:16 +00:00
jpierre%netscape.com
ca7885b3d5 Allow freebl to build correctly under MS VC++ .net 2003 . sr=nelsonb 2003-07-22 02:04:57 +00:00
wtc%netscape.com
c5f5509f3f Bugzilla bug 213158: fixed the misspelling of "attach". The patch is 
contributed by Pierre Chanial <chanial@noos.fr>.
Modified Files: pk11slot.c secmodt.h
 2003-07-19 20:49:35 +00:00
wtc%netscape.com
40490b50de Backed out Bob Relyea's workaround for the deadlock in rev. 1.15. The 
correct fix is in rev. 1.36 of tdcache.c (see Bugzilla bug 212112).
 2003-07-11 21:52:04 +00:00
wtc%netscape.com
788ad0837b Bug 212112: we don't need to lock td->cache->lock while calling 
STAN_ForceCERTCertificateUpdate.  This fixed a recursive deadlock.
r=mcgreer.
 2003-07-10 01:24:17 +00:00
nelsonb%netscape.com
0545cae9b8 Change cert_GetCertificateEmailAddresses to return NULL rather than 
a pointer to an empty string when a cert has no email addresses.
Partial fix for bug 211540.  Modified certdb/alg1485.c
 2003-07-09 04:14:23 +00:00
wtc%netscape.com
04e80d83ca Bug 212004: in CERT_IsUserCert we should test for a null cert->trust and 
treat it as no trust.  r=nelsonb.
 2003-07-09 04:12:16 +00:00
nelsonb%netscape.com
6228d8c075 Export SEC_DupCRL and declare it in certdb.h. Bug 208194. 
Modified Files:	nss/nss.def certdb/certdb.h
 2003-07-09 04:00:48 +00:00
wtc%netscape.com
485a88c60e Bug 211384: fixed the bug that importing a CRL that already exists in the 
DB causes NSS_Shutdown to fail.  Two files were changed.  1. crl.c: we
should not obtain a slot reference because PK11_FindCrlByName already
obtained a slot reference.  2. pk11cert.c: cleaned up code and fixed a slot
reference leak if the SECITEM_AllocItem call fails.  r=nelsonb.
 2003-07-08 18:41:28 +00:00
nelsonb%netscape.com
c93f000588 Add missing declaration of NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate 2003-07-03 07:04:30 +00:00