Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
176,320 Commits 3,986 Branches 0 Tags
Commit Graph

50 Commits

Author SHA1 Message Date
julien.pierre.bugs%sun.com
a030f3283d Fix for bug 115951 . Separate BL_Cleanup and BL_Unload . r=wtchang,nelson 
git-svn-id: svn://10.0.0.236/trunk@213017 18797224-902f-48f8-a5cc-f745e15eee43
 2006-10-02 21:17:59 +00:00
julien.pierre.bugs%sun.com
50720ed113 Fix for bug 115951 . Unload freebl dynamic library . Also fix tiny one-time leak of library name . r=nelson,wtchang 
git-svn-id: svn://10.0.0.236/trunk@212769 18797224-902f-48f8-a5cc-f745e15eee43
 2006-09-28 00:40:55 +00:00
nelson%bolyard.com
d201e5eca4 Correct the amount returned by ssl_Writev for short writes on non-blocking 
sockets.  Bug 338325. patch by Chris Newman <chris.newman@sun.com>
r=nelson


git-svn-id: svn://10.0.0.236/trunk@197897 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-18 01:10:21 +00:00
rrelyea%redhat.com
3df0eb0674 From Bug 331279. 
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei


git-svn-id: svn://10.0.0.236/trunk@193280 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-30 21:07:22 +00:00
wtchang%redhat.com
9a9352d0f2 Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and 
PR_EmulateSendFile added in NSPR 4.1.  r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c


git-svn-id: svn://10.0.0.236/trunk@187784 18797224-902f-48f8-a5cc-f745e15eee43
 2006-01-18 23:06:57 +00:00
wtchang%redhat.com
67e2b4967d Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12 
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh


git-svn-id: svn://10.0.0.236/trunk@186032 18797224-902f-48f8-a5cc-f745e15eee43
 2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
27841c7a9e Restore binary compatilibity for old Fortezza cipher suites. 
Bug 316640. r-glen.beasley


git-svn-id: svn://10.0.0.236/trunk@184876 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-18 01:21:22 +00:00
nelsonb%netscape.com
e5258a5137 Eliminate environment variable SSLNOLOCKS, add environment variable 
SSLFORCELOCKS. Make SSL_FDX option mutually exclusive with SSL_NOLOCKS
option.  Bug 305147. r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@180840 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-23 01:04:32 +00:00
julien.pierre.bugs%sun.com
b35f511ca1 Fix hoarked build from previous checkin. Doh. 
git-svn-id: svn://10.0.0.236/trunk@180439 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-16 21:28:20 +00:00
julien.pierre.bugs%sun.com
219677d209 Fix for bug 127960 . Add SSL force handshake APIs which take a timeout . r=nelson 
git-svn-id: svn://10.0.0.236/trunk@180433 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-16 20:33:09 +00:00
nelsonb%netscape.com
3a10973679 Fix regression introduced in last checkin. If the caller disables the 
use of locks while locks are in use, don't forget to unlock the locks
already locked on the stack.  bug 305147. r=julien.pierre


git-svn-id: svn://10.0.0.236/trunk@179937 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-10 01:18:40 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00
nelsonb%netscape.com
00749853c3 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h


git-svn-id: svn://10.0.0.236/trunk@177810 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
663db84c36 Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.


git-svn-id: svn://10.0.0.236/trunk@171823 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
b62572db42 Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@171820 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
0137ccc6f8 Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre. 
Modified Files:  sslimpl.h sslinfo.c sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@171630 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-05 03:48:20 +00:00
jpierre%netscape.com
bc5774d577 Fix for 242984 - crash with application having incomplete PRIOMethods. r=nelsonb,wtc 
git-svn-id: svn://10.0.0.236/trunk@156222 18797224-902f-48f8-a5cc-f745e15eee43
 2004-05-11 03:48:25 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
db2f1140de Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c


git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
a621affedc Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 
git-svn-id: svn://10.0.0.236/trunk@126906 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-09 21:53:17 +00:00
bishakhabanerjee%netscape.com
dbb33a4181 Checking in riceman+bmo@mail.rit.edu's patch for bug 133702 
git-svn-id: svn://10.0.0.236/trunk@126078 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 20:57:44 +00:00
nelsonb%netscape.com
a36887f58a Make libSSL build for WinCE. 
git-svn-id: svn://10.0.0.236/trunk@118061 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-04 00:14:12 +00:00
ian.mcgreer%sun.com
706f544f7a bug 132889, sense of boolean 'blocking' is reversed within the HANDLE_ERR macro of ssl_WriteV 
git-svn-id: svn://10.0.0.236/trunk@117239 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-22 22:48:02 +00:00
nelsonb%netscape.com
76f9a42d49 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket 
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.


git-svn-id: svn://10.0.0.236/trunk@115407 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
2b8a7de572 Change ssl_GetPeerInfo to no longer assume that an address is IPV6 if 
it's not IPv4.  Fixes a bug on systems that don't support IPV6, but
do support other address families.


git-svn-id: svn://10.0.0.236/trunk@115336 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 00:28:15 +00:00
wtc%netscape.com
52f5bfd019 Bugzilla bug 70217: ported NSS to BeOS. The patch is contributed by 
Christopher Seawood <seawood@netscape.com>.


git-svn-id: svn://10.0.0.236/trunk@115206 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-22 04:23:30 +00:00
relyea%netscape.com
dd1d27c432 Clean up compilier warnings on Solaris and Linux, most particularly: 
1) Implicit declaration of function.
2) Possibly unitialized variables.

These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.


git-svn-id: svn://10.0.0.236/trunk@109938 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-07 01:36:25 +00:00
nelsonb%netscape.com
5b7036cc69 Put better comments by the table of preconfigured policies. 
git-svn-id: svn://10.0.0.236/trunk@107058 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-02 04:00:27 +00:00
nelsonb%netscape.com
f978c68393 Add support to TLS for new 128-bit and 256-bit AES ciphersuites. 87021. 
git-svn-id: svn://10.0.0.236/trunk@103408 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-21 03:07:35 +00:00
nelsonb%netscape.com
c38ee88985 Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959. 
git-svn-id: svn://10.0.0.236/trunk@103057 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-18 01:59:21 +00:00
nelsonb%netscape.com
f13e723d49 Change PR_Writev so it will drive the handshake when len == 0. 
Patch by John G Myers.  Bug 87359.


git-svn-id: svn://10.0.0.236/trunk@97792 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-23 00:01:17 +00:00
nelsonb%netscape.com
7cb7d57775 Add a workaround for bug 80092. If the last write returned WOULDBLOCK 
and data is now buffered for sending and the application calls PR_Poll
to poll on read, poll on write also.  This way, if the socket becomes
writable, the application's read attempt will send (more of) the buffered
write data.


git-svn-id: svn://10.0.0.236/trunk@95409 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 20:44:35 +00:00
nelsonb%netscape.com
fca8e0742a Disable TCP Nagle delays on SSL sockets for NSS 3.3. Bug 67898. 
Modified Files:
	ssldef.c sslimpl.h sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@94297 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 23:12:34 +00:00
nelsonb%netscape.com
dca4d8204e Eliminate cause of assertion failure that occurs when SSL is not the top 
protocol on the socket's stack.


git-svn-id: svn://10.0.0.236/trunk@93184 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-26 21:53:11 +00:00
nelsonb%netscape.com
b2661ccb4d Implementation of 5 DHE ciphersuites, client side only. 
Contributed by Dr Stephen Henson <stephen.henson@gemplus.com>


git-svn-id: svn://10.0.0.236/trunk@91917 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-11 00:29:18 +00:00
nelsonb%netscape.com
c603a294b4 Reinterpret the READ and WRITE poll flags depending on the state of the 
socket and the SSL handshake.  Rename the badly named "connected" flag.
Bugzilla bugs 56924, 56926, 66706.
Modified Files:
    ssl3con.c sslauth.c sslcon.c ssldef.c sslgathr.c sslimpl.h
    sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@89723 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-16 23:26:06 +00:00
nelsonb%netscape.com
f48a3d214e Modify ssl_FindSocket() to set error PR_BAD_DESCRIPTOR_ERROR when it 
cannot find the SSL layer on the specified PRFileDesc. Ensure all
callers detect when ssl_FindSocket returns NULL and handle it properly.
Bug 68241. Reviewed by jgmyers and relyea.
Modified Files:
 	prelib.c sslauth.c sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@86651 18797224-902f-48f8-a5cc-f745e15eee43
 2001-02-09 02:11:31 +00:00
nelsonb%netscape.com
e00b59a1ac Make SSL API consistent in using SECStatus as return value for functions 
that return only values in that enumeration.  Bug 68097. R&A = relyea.
Modified Files:
 	lib/ssl/ssl.h lib/ssl/sslauth.c lib/ssl/sslsecur.c
 	lib/ssl/sslsnce.c lib/ssl/sslsock.c cmd/selfserv/selfserv.c
 	cmd/strsclnt/strsclnt.c


git-svn-id: svn://10.0.0.236/trunk@86642 18797224-902f-48f8-a5cc-f745e15eee43
 2001-02-09 00:32:14 +00:00
nelsonb%netscape.com
db6ff863fa When half-duplex applications (e.g. one thread per socket, doing alternate 
reading and writing) call PR_Send and PR_Recv with a non-infinite timeout
value, use that value for both underlying read and write operations.
Fixes bug 67402.  Reviewed by Wan-Teh.


git-svn-id: svn://10.0.0.236/trunk@86433 18797224-902f-48f8-a5cc-f745e15eee43
 2001-02-07 02:06:05 +00:00
nelsonb%netscape.com
870eb23c89 Coalesce the final Finished message in the SSL handshake and the first 
record of application data into a single write, when possible, to avoid
TCP's "Nagle" delays.  Fixes bug 67898.  r&a: wtc.  Modified Files:
	ssl3con.c sslimpl.h sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@86398 18797224-902f-48f8-a5cc-f745e15eee43
 2001-02-07 00:34:56 +00:00
nelsonb%netscape.com
8eaac606a9 Add implementation of SSL_RSA_WITH_RC4_128_SHA SSL3 cipher suite, 
which is not enabled by default.  Bug 59795.


git-svn-id: svn://10.0.0.236/trunk@84913 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-13 02:05:15 +00:00
nelsonb%netscape.com
b9b03fad76 Remove all vestiges of old pre-NSS socks client implementation from NSS. 
Bug 51471.


git-svn-id: svn://10.0.0.236/trunk@84912 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-13 01:52:59 +00:00
nelsonb%netscape.com
dbd95a18a1 Changes to deal with exporting data from Windows DLLs. 
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.


git-svn-id: svn://10.0.0.236/trunk@84403 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-05 01:38:26 +00:00
larryh%netscape.com
18549422d1 Bugzilla: 64132. NSS lock instrumentation 
git-svn-id: svn://10.0.0.236/trunk@84300 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-03 19:51:22 +00:00
jgmyers%netscape.com
ed7132b5a2 support IPv6 in ssl: bug 48657 r=nelsonb 
git-svn-id: svn://10.0.0.236/trunk@78892 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-12 20:15:44 +00:00
nelsonb%netscape.com
e7e7ab52c1 Stop using "reserved" fields of PRIOMethods by name. Fixes bug 52092. 
git-svn-id: svn://10.0.0.236/trunk@78790 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-11 22:37:12 +00:00
nelsonb%netscape.com
819d88d496 Create a new function, CERT_DupCertList(), and call it instead of calling 
CERT_CertChainFromCert in ssl_DupSocket().  This is MUCH faster.  This is
the first approximation of the right fix.  The next step is to consider
doing ref counting instead of actual duplication.  Fixes bug 51425 .


git-svn-id: svn://10.0.0.236/trunk@78596 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-09 06:08:46 +00:00
nelsonb%netscape.com
73f5156cca Fix the logic in client and server to detect version roll-back attack, 
rolling back from TLS (SSL 3.1) to SSL 3.0.  Provide a new SSL socket
option to disable roll-back detection in servers, since certain TLS
clients are doing it incorrectly.


git-svn-id: svn://10.0.0.236/trunk@70708 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-24 03:35:23 +00:00
relyea%netscape.com
a4d4d45374 Initial NSS Open Source checkin 
git-svn-id: svn://10.0.0.236/trunk@64788 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-31 20:13:40 +00:00