type we expect before using it. r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@216773 18797224-902f-48f8-a5cc-f745e15eee43
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
by constant expressions. HP C compiler version B.11.11.08 generates
incorrect code silently if the initializers are non-constant expressions.
r=alexei.volkov,julien.pierre.
Modified files: cmd/crmftest/testcrmf.c lib/ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@200976 18797224-902f-48f8-a5cc-f745e15eee43
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths.
Removed the 'type' member from the VFYContextStr structure because that
info is in the 'key->keyType' field. Set error codes when functions
fail (return 0). r=nelsonb.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c
nss/nss.def ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@198781 18797224-902f-48f8-a5cc-f745e15eee43
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket. On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered. r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@194962 18797224-902f-48f8-a5cc-f745e15eee43
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
r=nelson r=thomas.
patch in bug + white space changes suggested by nelson.
git-svn-id: svn://10.0.0.236/trunk@192798 18797224-902f-48f8-a5cc-f745e15eee43
ECDSA signatures. Backed out a temporary workaround in
ECDSA_SignDigestWithSeed. Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
ssl/ssl3con.c
git-svn-id: svn://10.0.0.236/trunk@191542 18797224-902f-48f8-a5cc-f745e15eee43
from being negotiated by NSS servers. Necessary until the server side
of the _DHE_ cipher suites is fully implemented. r=Julien,Wan-Teh,Vipul
git-svn-id: svn://10.0.0.236/trunk@191364 18797224-902f-48f8-a5cc-f745e15eee43
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337
git-svn-id: svn://10.0.0.236/trunk@148646 18797224-902f-48f8-a5cc-f745e15eee43
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
git-svn-id: svn://10.0.0.236/trunk@148060 18797224-902f-48f8-a5cc-f745e15eee43
client auth and SSL3 client doesn't authenticate. The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.
git-svn-id: svn://10.0.0.236/trunk@143124 18797224-902f-48f8-a5cc-f745e15eee43
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
