Commit Graph

221 Commits

Author SHA1 Message Date
nelson%bolyard.com
efdb126901 Fix broken optimized builds, caused by last checkin. Bug 236245. 2006-04-14 00:43:19 +00:00
nelson%bolyard.com
c4fb4fa280 Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea.
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
2006-04-13 23:08:18 +00:00
nelson%bolyard.com
1f32c2cf8f Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul 2006-04-07 06:24:07 +00:00
nelson%bolyard.com
acfe04a6dd Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert
has an ECDSA signature.  bug 332350. r=vipul.gupta.
2006-04-06 04:40:49 +00:00
nelson%bolyard.com
fecbcf26d6 Define alerts and error codes for TLS Hello extensions. Bug 226271.
r=julien.pierre
2006-04-04 00:32:27 +00:00
rrelyea%redhat.com
f6290f423b From Bug 331279.
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei
2006-03-30 21:07:22 +00:00
rrelyea%redhat.com
e13e6cc7f7 Bug 238051 Enable SSL session reuse for ECC cipher suites
r=nelson r=thomas.

patch in bug + white space changes suggested by nelson.
2006-03-22 19:18:30 +00:00
wtchang%redhat.com
de8be1e067 Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key
pair with only one key. r=nelson.bolyard.
2006-03-03 18:48:09 +00:00
wtchang%redhat.com
aed20ed068 Bugzilla bug 326482: removed incorrect comments. r=nelson.bolyard. 2006-03-03 18:45:54 +00:00
wtchang%redhat.com
b69eb504ce Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of
ECDSA signatures.  Backed out a temporary workaround in
ECDSA_SignDigestWithSeed.  Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
	cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
	freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
	ssl/ssl3con.c
2006-03-02 00:07:08 +00:00
wtchang%redhat.com
8696bd362e Bugzilla Bug 326403: use "Mozilla Foundation" as the manufacturer or
producer of our shared libraries/DLLs.  Removed the optional copyright
notices from our DLLs. r=relyea,jpierre.
Modified Files:
	lib/ckfw/builtins/constants.c lib/ckfw/builtins/nssckbi.rc
	lib/ckfw/capi/nsscapi.rc lib/ckfw/dbm/instance.c
	lib/freebl/freebl.rc lib/nss/nss.rc lib/smime/smime.rc
	lib/softoken/pkcs11.c lib/softoken/softokn.rc lib/ssl/ssl.rc
2006-03-01 19:44:36 +00:00
nelson%bolyard.com
56fc6fa166 Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre 2006-03-01 05:45:45 +00:00
nelson%bolyard.com
52395a4abb Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites
from being negotiated by NSS servers.  Necessary until the server side
of the _DHE_ cipher suites is fully implemented.  r=Julien,Wan-Teh,Vipul
2006-02-28 04:20:23 +00:00
alexei.volkov.bugs%sun.com
e393d91fcb [Bug 326963] Interoperability test with apache/mod_ssl: tstclnt
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n
2006-02-15 22:22:32 +00:00
rrelyea%redhat.com
1f4cae4de9 Bugzilla Bug 326482 NSS ECC performance problems.
Patch by Nelson, r=relyea.

Save the public key when we create the keypair so we can use it later.
2006-02-10 19:39:53 +00:00
nelsonb%netscape.com
ddca75b829 Set SSL2 and SSL3 timeout times properly for SSL server session cache.
Bug 223242. r=jullien.pierre
2006-01-28 02:21:31 +00:00
nelsonb%netscape.com
6f9e66cf05 Detect NULL server key pair pointer. Bug 321161. r=wtchang. 2006-01-20 17:40:21 +00:00
wtchang%redhat.com
d27a2d48d9 Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and
PR_EmulateSendFile added in NSPR 4.1.  r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c
2006-01-18 23:06:57 +00:00
wtchang%redhat.com
fff23fc797 Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh
2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
94fdf98965 Initialize slot pointer in ssl3_HandleServerHello. Bug 311590. r=wtchang 2005-11-18 01:25:20 +00:00
nelsonb%netscape.com
719073fb14 Restore binary compatilibity for old Fortezza cipher suites.
Bug 316640. r-glen.beasley
2005-11-18 01:21:22 +00:00
julien.pierre.bugs%sun.com
f0de63d8ed Fix for 292156. Prevent crash in SSL session cache init if invalid arguments are passed. r=nelson 2005-11-11 02:45:59 +00:00
wtchang%redhat.com
4c003bfe53 Improved a comment. Suggested by Nelson Bolyard of Sun. r=wtc. 2005-11-08 22:00:46 +00:00
julien.pierre.bugs%sun.com
c3b3a7e2c1 Add dependency on freebl so ssl will rebuild if freebl has changed. 2005-10-19 01:04:16 +00:00
wtchang%redhat.com
e58492ea00 Bugzilla bug 311440: ssl3_ConsumeHandshakeVariable now longer returns a
SECItem pointing to memory allocated with PORT_Alloc, so we don't need to
use PORT_Free to free the SECItem's buffer.  r=nelsonb.
2005-10-14 16:48:58 +00:00
nelsonb%netscape.com
ac626ee74e Avoid NULL ptr deref. Bug 310260. patch by Glen.Beasley. r=nelson. 2005-09-28 07:55:37 +00:00
nelsonb%netscape.com
abc6a22d68 Eliminate environment variable SSLNOLOCKS, add environment variable
SSLFORCELOCKS. Make SSL_FDX option mutually exclusive with SSL_NOLOCKS
option.  Bug 305147. r=rrelyea.
2005-09-23 01:04:32 +00:00
julien.pierre.bugs%sun.com
d42e92ad88 Fix hoarked build from previous checkin. Doh. 2005-09-16 21:28:20 +00:00
julien.pierre.bugs%sun.com
c56d3589f6 Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson 2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
9499265f5c Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function.
Change existing callers to pass this argument.  Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files:  freebl/alghmac.c freebl/alghmac.h freebl/loader.c
  freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
  ssl/ssl3con.c
2005-09-14 04:12:50 +00:00
nelsonb%netscape.com
fdffe11308 Fix regression introduced in last checkin. If the caller disables the
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack.  bug 305147. r=julien.pierre
2005-09-10 01:18:40 +00:00
nelsonb%netscape.com
4b56704437 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS.
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
2005-09-09 03:02:16 +00:00
glen.beasley%sun.com
8ebcacd943 305984 update FIPS values for cipher suites file=sslinfo.c r=bob,sr=wtc 2005-09-06 17:15:32 +00:00
julien.pierre.bugs%sun.com
22ff330626 Fix AIX build problem 2005-08-18 23:37:31 +00:00
nelsonb%netscape.com
d391504d03 Remove fortezza code from libSSL and from the SSL test programs.
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h
2005-08-16 03:42:26 +00:00
wtchang%redhat.com
252be2d441 Bugzilla Bug 288647: enable building NSS with an NSPR binary distribution.
Introduced NSPR_INCLUDE_DIR and NSPR_LIB_DIR make variables. Portions of
the patch were contributed by Chris Seawood <cls@seawood.org>. r=relyea.
Modified Files:
	coreconf/OS2.mk coreconf/OpenVMS.mk coreconf/location.mk
	nss/cmd/platlibs.mk nss/cmd/shlibsign/Makefile
	nss/cmd/shlibsign/sign.cmd nss/cmd/shlibsign/sign.sh
	nss/lib/ckfw/builtins/Makefile
	nss/lib/fortcrypt/swfort/pkcs11/Makefile nss/lib/nss/config.mk
	nss/lib/smime/config.mk nss/lib/softoken/config.mk
	nss/lib/ssl/config.mk
2005-07-21 23:48:30 +00:00
wtchang%redhat.com
fafa59ce5f Bugzilla Bug 298953: fixed a memory leak in sslBuffer_Grow if PORT_Realloc
fails. r=nelsonb.
2005-06-28 17:48:26 +00:00
nelsonb%netscape.com
7d6edc424d Back out the preceeding fortezza removal patch, which was accidentally
applied to the trunk, not to the intended branch.
2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
17a1f014fd Remove fortezza support from libSSL and related commands. Bug 239960.
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.
2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
095a0172f0 Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre.
Modified Files:  sslimpl.h sslinfo.c sslsecur.c sslsock.c
2005-04-05 03:48:20 +00:00
nelsonb%netscape.com
d126b39b34 Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien
Instead, if SSL_NO_CACHE is not set, return an error code.
2005-03-09 05:20:44 +00:00
julien.pierre.bugs%sun.com
09e544676a Fix for 269581 - cache the value of CKA_PRIVATE on private keys to avoid unnecessary C_GetAttributeValue . Also fix i
ncorrect logic in attribute tests. r=rrelyea,wtchang
2005-02-24 00:38:23 +00:00
wtchang%redhat.com
cf7f00183c Bug 236613: fixed the fallout from the change to MPL/LGPL/GPL tri-license.
Our script for processing the *.def on the Mac cannot handle blank lines.
Modified Files: nssckbi.def nss.def smime.def softokn.def ssl.def
2005-02-23 19:25:39 +00:00
gerv%gerv.net
f45b5900c8 Bug 236613: change to MPL/LGPL/GPL tri-license. 2005-02-02 22:28:27 +00:00
julien.pierre.bugs%sun.com
99bef0be47 Fix for 273993 . SSL client cache grows with non-restartable sessions . r=saul,nelson 2004-12-17 02:01:35 +00:00
nelsonb%netscape.com
1d3641f999 Follow the SSL2 specification more closely in accepting and rejecting
SSL messages.  Previously NSS would reject some it should accept
and vice versa.  Bugscape bug 57121. r=wtc,julien
2004-06-24 02:02:39 +00:00
jpierre%netscape.com
a11c975bed Fix for 237934 - nss_InitLock not atomic. r=nelson 2004-06-19 03:21:39 +00:00
jpierre%netscape.com
3c9a7eb176 Fix for 244095 - link NSS libraries with -R $ORIGIN on Solaris 2004-05-25 00:13:12 +00:00
wchang0222%aol.com
081ede0ac7 Bugscape bug 57081: If the make variable NISCC_TEST is defined at build
time, add -DNISCC_TEST to the compile command line.  The NISCC_TEST macro
enables special code that's conditionally compiled for NISCC testing.
Modified Files:
	cmd/smimetools/Makefile cmd/smimetools/cmsutil.c
	lib/ssl/config.mk lib/ssl/manifest.mn
2004-05-13 01:29:15 +00:00
jpierre%netscape.com
79af302c8e Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 2004-05-11 03:48:25 +00:00