nelson%bolyard.com
efdb126901
Fix broken optimized builds, caused by last checkin. Bug 236245.
2006-04-14 00:43:19 +00:00
nelson%bolyard.com
c4fb4fa280
Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
...
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
nelson%bolyard.com
1f32c2cf8f
Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul
2006-04-07 06:24:07 +00:00
nelson%bolyard.com
acfe04a6dd
Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert
...
has an ECDSA signature. bug 332350. r=vipul.gupta.
2006-04-06 04:40:49 +00:00
nelson%bolyard.com
fecbcf26d6
Define alerts and error codes for TLS Hello extensions. Bug 226271.
...
r=julien.pierre
2006-04-04 00:32:27 +00:00
rrelyea%redhat.com
f6290f423b
From Bug 331279.
...
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei
2006-03-30 21:07:22 +00:00
rrelyea%redhat.com
e13e6cc7f7
Bug 238051 Enable SSL session reuse for ECC cipher suites
...
r=nelson r=thomas.
patch in bug + white space changes suggested by nelson.
2006-03-22 19:18:30 +00:00
wtchang%redhat.com
de8be1e067
Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key
...
pair with only one key. r=nelson.bolyard.
2006-03-03 18:48:09 +00:00
wtchang%redhat.com
aed20ed068
Bugzilla bug 326482: removed incorrect comments. r=nelson.bolyard.
2006-03-03 18:45:54 +00:00
wtchang%redhat.com
b69eb504ce
Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of
...
ECDSA signatures. Backed out a temporary workaround in
ECDSA_SignDigestWithSeed. Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
ssl/ssl3con.c
2006-03-02 00:07:08 +00:00
wtchang%redhat.com
8696bd362e
Bugzilla Bug 326403: use "Mozilla Foundation" as the manufacturer or
...
producer of our shared libraries/DLLs. Removed the optional copyright
notices from our DLLs. r=relyea,jpierre.
Modified Files:
lib/ckfw/builtins/constants.c lib/ckfw/builtins/nssckbi.rc
lib/ckfw/capi/nsscapi.rc lib/ckfw/dbm/instance.c
lib/freebl/freebl.rc lib/nss/nss.rc lib/smime/smime.rc
lib/softoken/pkcs11.c lib/softoken/softokn.rc lib/ssl/ssl.rc
2006-03-01 19:44:36 +00:00
nelson%bolyard.com
56fc6fa166
Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre
2006-03-01 05:45:45 +00:00
nelson%bolyard.com
52395a4abb
Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites
...
from being negotiated by NSS servers. Necessary until the server side
of the _DHE_ cipher suites is fully implemented. r=Julien,Wan-Teh,Vipul
2006-02-28 04:20:23 +00:00
alexei.volkov.bugs%sun.com
e393d91fcb
[Bug 326963] Interoperability test with apache/mod_ssl: tstclnt
...
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n
2006-02-15 22:22:32 +00:00
rrelyea%redhat.com
1f4cae4de9
Bugzilla Bug 326482 NSS ECC performance problems.
...
Patch by Nelson, r=relyea.
Save the public key when we create the keypair so we can use it later.
2006-02-10 19:39:53 +00:00
nelsonb%netscape.com
ddca75b829
Set SSL2 and SSL3 timeout times properly for SSL server session cache.
...
Bug 223242. r=jullien.pierre
2006-01-28 02:21:31 +00:00
nelsonb%netscape.com
6f9e66cf05
Detect NULL server key pair pointer. Bug 321161. r=wtchang.
2006-01-20 17:40:21 +00:00
wtchang%redhat.com
d27a2d48d9
Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and
...
PR_EmulateSendFile added in NSPR 4.1. r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c
2006-01-18 23:06:57 +00:00
wtchang%redhat.com
fff23fc797
Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12
...
plus upcoming revisions. The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
tests/ssl/ssl.sh
2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
94fdf98965
Initialize slot pointer in ssl3_HandleServerHello. Bug 311590. r=wtchang
2005-11-18 01:25:20 +00:00
nelsonb%netscape.com
719073fb14
Restore binary compatilibity for old Fortezza cipher suites.
...
Bug 316640. r-glen.beasley
2005-11-18 01:21:22 +00:00
julien.pierre.bugs%sun.com
f0de63d8ed
Fix for 292156. Prevent crash in SSL session cache init if invalid arguments are passed. r=nelson
2005-11-11 02:45:59 +00:00
wtchang%redhat.com
4c003bfe53
Improved a comment. Suggested by Nelson Bolyard of Sun. r=wtc.
2005-11-08 22:00:46 +00:00
julien.pierre.bugs%sun.com
c3b3a7e2c1
Add dependency on freebl so ssl will rebuild if freebl has changed.
2005-10-19 01:04:16 +00:00
wtchang%redhat.com
e58492ea00
Bugzilla bug 311440: ssl3_ConsumeHandshakeVariable now longer returns a
...
SECItem pointing to memory allocated with PORT_Alloc, so we don't need to
use PORT_Free to free the SECItem's buffer. r=nelsonb.
2005-10-14 16:48:58 +00:00
nelsonb%netscape.com
ac626ee74e
Avoid NULL ptr deref. Bug 310260. patch by Glen.Beasley. r=nelson.
2005-09-28 07:55:37 +00:00
nelsonb%netscape.com
abc6a22d68
Eliminate environment variable SSLNOLOCKS, add environment variable
...
SSLFORCELOCKS. Make SSL_FDX option mutually exclusive with SSL_NOLOCKS
option. Bug 305147. r=rrelyea.
2005-09-23 01:04:32 +00:00
julien.pierre.bugs%sun.com
d42e92ad88
Fix hoarked build from previous checkin. Doh.
2005-09-16 21:28:20 +00:00
julien.pierre.bugs%sun.com
c56d3589f6
Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson
2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
9499265f5c
Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
...
Change existing callers to pass this argument. Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files: freebl/alghmac.c freebl/alghmac.h freebl/loader.c
freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
nelsonb%netscape.com
fdffe11308
Fix regression introduced in last checkin. If the caller disables the
...
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack. bug 305147. r=julien.pierre
2005-09-10 01:18:40 +00:00
nelsonb%netscape.com
4b56704437
Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS.
...
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
2005-09-09 03:02:16 +00:00
glen.beasley%sun.com
8ebcacd943
305984 update FIPS values for cipher suites file=sslinfo.c r=bob,sr=wtc
2005-09-06 17:15:32 +00:00
julien.pierre.bugs%sun.com
22ff330626
Fix AIX build problem
2005-08-18 23:37:31 +00:00
nelsonb%netscape.com
d391504d03
Remove fortezza code from libSSL and from the SSL test programs.
...
Stop building fortezza's special software token, and fortezza specific
test programs. Bug 239960. r=rrelyea.
Modified Files:
cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
lib/ssl/sslt.h
2005-08-16 03:42:26 +00:00
wtchang%redhat.com
252be2d441
Bugzilla Bug 288647: enable building NSS with an NSPR binary distribution.
...
Introduced NSPR_INCLUDE_DIR and NSPR_LIB_DIR make variables. Portions of
the patch were contributed by Chris Seawood <cls@seawood.org>. r=relyea.
Modified Files:
coreconf/OS2.mk coreconf/OpenVMS.mk coreconf/location.mk
nss/cmd/platlibs.mk nss/cmd/shlibsign/Makefile
nss/cmd/shlibsign/sign.cmd nss/cmd/shlibsign/sign.sh
nss/lib/ckfw/builtins/Makefile
nss/lib/fortcrypt/swfort/pkcs11/Makefile nss/lib/nss/config.mk
nss/lib/smime/config.mk nss/lib/softoken/config.mk
nss/lib/ssl/config.mk
2005-07-21 23:48:30 +00:00
wtchang%redhat.com
fafa59ce5f
Bugzilla Bug 298953: fixed a memory leak in sslBuffer_Grow if PORT_Realloc
...
fails. r=nelsonb.
2005-06-28 17:48:26 +00:00
nelsonb%netscape.com
7d6edc424d
Back out the preceeding fortezza removal patch, which was accidentally
...
applied to the trunk, not to the intended branch.
2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
17a1f014fd
Remove fortezza support from libSSL and related commands. Bug 239960.
...
ON PERFORMANCE_HACKS_BRANCH. r=rrelyea.
2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
095a0172f0
Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre.
...
Modified Files: sslimpl.h sslinfo.c sslsecur.c sslsock.c
2005-04-05 03:48:20 +00:00
nelsonb%netscape.com
d126b39b34
Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien
...
Instead, if SSL_NO_CACHE is not set, return an error code.
2005-03-09 05:20:44 +00:00
julien.pierre.bugs%sun.com
09e544676a
Fix for 269581 - cache the value of CKA_PRIVATE on private keys to avoid unnecessary C_GetAttributeValue . Also fix i
...
ncorrect logic in attribute tests. r=rrelyea,wtchang
2005-02-24 00:38:23 +00:00
wtchang%redhat.com
cf7f00183c
Bug 236613: fixed the fallout from the change to MPL/LGPL/GPL tri-license.
...
Our script for processing the *.def on the Mac cannot handle blank lines.
Modified Files: nssckbi.def nss.def smime.def softokn.def ssl.def
2005-02-23 19:25:39 +00:00
gerv%gerv.net
f45b5900c8
Bug 236613: change to MPL/LGPL/GPL tri-license.
2005-02-02 22:28:27 +00:00
julien.pierre.bugs%sun.com
99bef0be47
Fix for 273993 . SSL client cache grows with non-restartable sessions . r=saul,nelson
2004-12-17 02:01:35 +00:00
nelsonb%netscape.com
1d3641f999
Follow the SSL2 specification more closely in accepting and rejecting
...
SSL messages. Previously NSS would reject some it should accept
and vice versa. Bugscape bug 57121. r=wtc,julien
2004-06-24 02:02:39 +00:00
jpierre%netscape.com
a11c975bed
Fix for 237934 - nss_InitLock not atomic. r=nelson
2004-06-19 03:21:39 +00:00
jpierre%netscape.com
3c9a7eb176
Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris
2004-05-25 00:13:12 +00:00
wchang0222%aol.com
081ede0ac7
Bugscape bug 57081: If the make variable NISCC_TEST is defined at build
...
time, add -DNISCC_TEST to the compile command line. The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
lib/ssl/config.mk lib/ssl/manifest.mn
2004-05-13 01:29:15 +00:00
jpierre%netscape.com
79af302c8e
Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc
2004-05-11 03:48:25 +00:00