Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-04-18 05:51:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
115,714 Commits 618 Branches 98 Tags
Commit Graph

49 Commits

Author SHA1 Message Date
nelsonb%netscape.com
f87129ad87 Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
15064057ce Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.
 2003-02-21 23:00:16 +00:00
relyea%netscape.com
4c4ce5586d Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).
 2003-02-15 01:21:25 +00:00
relyea%netscape.com
998b101109 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 2003-01-23 22:02:37 +00:00
relyea%netscape.com
7d03017158 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.
 2003-01-23 17:27:34 +00:00
nelsonb%netscape.com
6b4fae5a4a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
6710514e32 Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 2002-11-05 00:25:20 +00:00
wtc%netscape.com
d7b153e145 Bug 127740: added a comment to explain the thread yield in 
ssl3_SendApplicationData.
 2002-09-30 20:51:05 +00:00
jpierre%netscape.com
78ade1e7f9 Fix compiler warnings 2002-09-07 01:48:46 +00:00
nelsonb%netscape.com
644319e67f Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3843ef99c0 Fix bug 160207 by changing the error alerts we send for failed decryption. 2002-08-07 20:01:51 +00:00
relyea%netscape.com
43480112f3 Initialize type field to clear off purify warnings. 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
071fe9ae9c Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.
 2002-06-22 01:40:32 +00:00
ian.mcgreer%sun.com
607f12501a bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc 
r=relyea
 2002-06-19 15:21:37 +00:00
nelsonb%netscape.com
681ff24ca9 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket 
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.
 2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
494eb9ffcc Plug one of the leaks reported in bugzilla bug 123081 2002-02-04 23:15:11 +00:00
jpierre%netscape.com
4b50e9da08 Fix 114787 - ssl_recv crashes in client. bogus assert. reviewed by nelson 2001-12-12 21:44:04 +00:00
relyea%netscape.com
75f3b7599d Clean up compilier warnings on Solaris and Linux, most particularly: 
1) Implicit declaration of function.
2) Possibly unitialized variables.

These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.
 2001-12-07 01:36:25 +00:00
nelsonb%netscape.com
6d66aee5ea Add localCert field to sid cache entry so SSL_LocalCertificate can 
remember the certs it sent back when it established the SSL session.
Bug 78959.  Also, hold on the certs in the received cert chain until
the SSL connection is complete.  This makes it easier for applications
to look at the entire cert chain after the handshake is over without
having to write their own custom authCert callbacks.  It is backwards
compatible with older NSS SSL applications, but may use more memory.
 2001-11-09 05:39:36 +00:00
nelsonb%netscape.com
d2f7dcc16c Implement new function SSL_LocalCertificate(). Bug 78959. 2001-11-08 02:15:38 +00:00
relyea%netscape.com
e27189dd1d Land BOB_WORK_BRANCH unto the tip. 
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
 2001-11-08 00:15:51 +00:00
nelsonb%netscape.com
9740e66d2f Reimplement SSL_GetChannelInfo. Add new function SSL_GetCipherSuiteInfo(). 
Also, implement new ciphersuite preference order.  Bug 78959.
 2001-11-02 04:24:28 +00:00
nelsonb%netscape.com
874e400e1a Fix bug 107619. The new DHE_ ciphersuites were enabled by default. 
Now they are disabled by default, for compatibility with NSS 2.0.
 2001-10-30 21:09:47 +00:00
nelsonb%netscape.com
a2bae99930 Add support to TLS for new 128-bit and 256-bit AES ciphersuites. 87021. 2001-09-21 03:07:35 +00:00
relyea%netscape.com
d62c65c9a6 Remove dependancy on direct calls inside softoken. 2001-09-20 21:26:40 +00:00
nelsonb%netscape.com
0e45538807 Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959. 2001-09-18 01:59:21 +00:00
wtc%netscape.com
4ba020ddd2 Bugzilla bug 94685: deleted the unreferenced label 'no_wrapped_key'. 2001-08-22 23:15:45 +00:00
javi%netscape.com
86f0b37c13 Check to make sure we're still logged into a slot when trying 
to re-use a client-auth session.
 2001-08-22 22:50:26 +00:00
nelsonb%netscape.com
5b19a40e9e Fix bug 68869. Don't ignore TLS no certificate messages when the server 
requires client auth.  Work around bug in NT TCP stack by only shutting
down the socket for SEND (not for BOTH) after sending a bad_certificate
alert.  This avoids bogus CONNECTION_RESET_BY_PEER errors at the client.
 2001-06-13 21:14:54 +00:00
nelsonb%netscape.com
6bfd47f3e1 Fix bug that caused version number to be wrong in SSL3 client hellos 
when restarting an SSL3 (not TLS) session.  (no bug number)
 2001-06-05 00:26:37 +00:00
nelsonb%netscape.com
f8e2a2a948 Implementation of 5 DHE ciphersuites, client side only. 
Contributed by Dr Stephen Henson <stephen.henson@gemplus.com>
 2001-04-11 00:29:18 +00:00
nelsonb%netscape.com
661c26b99c Fix a couple of memory leaks that occur in rare error paths. 2001-03-31 02:49:59 +00:00
nelsonb%netscape.com
46c15355d3 Reinterpret the READ and WRITE poll flags depending on the state of the 
socket and the SSL handshake.  Rename the badly named "connected" flag.
Bugzilla bugs 56924, 56926, 66706.
Modified Files:
    ssl3con.c sslauth.c sslcon.c ssldef.c sslgathr.c sslimpl.h
    sslsecur.c sslsock.c
 2001-03-16 23:26:06 +00:00
nelsonb%netscape.com
4207bb1bdb Coalesce the final Finished message in the SSL handshake and the first 
record of application data into a single write, when possible, to avoid
TCP's "Nagle" delays.  Fixes bug 67898.  r&a: wtc.  Modified Files:
	ssl3con.c sslimpl.h sslsecur.c sslsock.c
 2001-02-07 00:34:56 +00:00
wtc%netscape.com
104ac36a8d Bugzilla bug #66367: rename the internal NSS functions that we have to 
export from the NSS shared library.  Reviewed by Bob Relyea.
Modified Files:
	nss/lib/certdb/certdb.c nss/lib/certdb/pcertdb.c
	nss/lib/nss/Makefile nss/lib/nss/manifest.mn
	nss/lib/nss/nss.def nss/lib/pk11wrap/pk11skey.c
	nss/lib/pkcs12/p12d.c nss/lib/pkcs12/p12e.c
	nss/lib/pkcs12/p12local.c nss/lib/pkcs7/certread.c
	nss/lib/pkcs7/p7decode.c nss/lib/pkcs7/p7encode.c
	nss/lib/smime/cmsutil.c nss/lib/softoken/secpkcs5.c
	nss/lib/ssl/ssl3con.c nss/lib/ssl/sslcon.c
	nss/lib/ssl/sslnonce.c nss/lib/ssl/sslsnce.c
	nss/lib/util/nsslocks.c
Added Files:
	nss/lib/nss/nssrenam.h
 2001-01-30 21:02:28 +00:00
nelsonb%netscape.com
edc48f136d Send SSL 3.x alert records when a version mismatch occurs. 
Use the other party's version number to decide which alert to send.
Bug 65142.  R&A: relyea.
 2001-01-13 02:32:39 +00:00
nelsonb%netscape.com
14c87961d5 Add implementation of SSL_RSA_WITH_RC4_128_SHA SSL3 cipher suite, 
which is not enabled by default.  Bug 59795.
 2001-01-13 02:05:15 +00:00
nelsonb%netscape.com
1311ab52d4 Changes to deal with exporting data from Windows DLLs. 
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.
 2001-01-05 01:38:26 +00:00
larryh%netscape.com
351f30a205 Bugzilla: 64132. NSS lock instrumentation 2001-01-03 19:51:22 +00:00
nelsonb%netscape.com
686aa7a151 Release the SpecRead Lock before returning in an error path. 
This bug was found while reading code looking for a different bug.
 2000-11-10 01:36:26 +00:00
nelsonb%netscape.com
4df4541965 Remove duplicate PORT_Free call. Fix bug 52633. 2000-09-14 20:25:26 +00:00
jgmyers%netscape.com
51e59fccb4 support IPv6 in ssl: bug 48657 r=nelsonb 2000-09-12 20:15:44 +00:00
nelsonb%netscape.com
6449cf0e9f Emulate an SSL3 client more closely after a server negotiates down to 3.0. 2000-08-08 22:54:02 +00:00
nelsonb%netscape.com
0ea2ec3f99 Fix the logic in client and server to detect version roll-back attack, 
rolling back from TLS (SSL 3.1) to SSL 3.0.  Provide a new SSL socket
option to disable roll-back detection in servers, since certain TLS
clients are doing it incorrectly.
 2000-05-24 03:35:23 +00:00
mcgreer%netscape.com
5ca43c9e50 Changing MIN's and MAX's to PR_MIN, PR_MAX 2000-05-18 15:32:18 +00:00
nelsonb%netscape.com
401cd644f6 In ssl3_GenerateSessionKeys() ensure params secitem always points to valid 
CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure.  Bugzilla bug 39682.
 2000-05-18 00:41:38 +00:00
dougt%netscape.com
7dc028cf1e Minor changes to fix mac build bustages. 2000-05-12 18:43:28 +00:00
nelsonb%netscape.com
e65d9f2223 Small optimization for RSA Server Key exchange message. Uses fewer PK11_ 
calls to do the job. Also, plug one mem leak in Fortezza code.
 2000-05-08 23:55:05 +00:00
relyea%netscape.com
9fd7059a19 Initial NSS Open Source checkin 2000-03-31 20:13:40 +00:00