Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
183,234 Commits 3,986 Branches 0 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
wtchang%redhat.com
1cb5d3ccbb Bugzilla Bug 363073: verify that the peer's ephemeral public key is the 
type we expect before using it.  r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@216773 18797224-902f-48f8-a5cc-f745e15eee43
 2006-12-08 22:37:29 +00:00
wtchang%redhat.com
cb167e11ec Bug 332350: fixed a typo in the comment. 
git-svn-id: svn://10.0.0.236/trunk@216614 18797224-902f-48f8-a5cc-f745e15eee43
 2006-12-06 23:00:17 +00:00
wtchang%redhat.com
a26a68193b Bugzilla Bug 342795: the call-once functions need to store the error code 
on failure so that the error code can be retrieved later. r=nelsonb and
alexei.volkov.


git-svn-id: svn://10.0.0.236/trunk@216601 18797224-902f-48f8-a5cc-f745e15eee43
 2006-12-06 21:50:40 +00:00
nelson%bolyard.com
505b7efaff Curve-limited clients must not negotiate ECC ciphersuites unless they send the supported curve extension. This means that when they are nogotiating SSL 3.0 
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-19 01:42:58 +00:00
julien.pierre.bugs%sun.com
e5e8902b02 Fix for bug 341708 . Have client send alert if it detects an invalid server key exchange. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@201142 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-28 21:15:04 +00:00
rrelyea%redhat.com
6d69aa1d29 bug 335748 ECC support for Mozilla. r=wtc 
git-svn-id: svn://10.0.0.236/trunk@200694 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-23 17:01:38 +00:00
nelson%bolyard.com
862dbdbc05 Promote the use of curve secp192r1 for client auth, since it is faster 
than most.  Bug 332350.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@197974 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-19 04:01:30 +00:00
nelson%bolyard.com
0cfc8e8fb2 Bug 323350. sr=rrelyea. This patch makes 3 changes: 
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
   curves.
2) it corrects the creation and parsing of the Supported Curve extension to
   conform with the lastest definition, by using 2 bytes to encode the list
   length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
   that is at least as strong as the "weakest link", is mutually supported
   by client and server, and is the fastest for its size.


git-svn-id: svn://10.0.0.236/trunk@195173 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-23 00:17:18 +00:00
wtchang%redhat.com
acc744e9ea Bugzilla Bug 236245: Use a stack buffer for ec_params.data in 
ssl3_SendECDHServerKeyExchange. r=nelson.


git-svn-id: svn://10.0.0.236/trunk@195065 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-21 16:19:48 +00:00
nelson%bolyard.com
f31b5a729a Fix buffer overflow regression. Bug 236245. sr=wtchang 
git-svn-id: svn://10.0.0.236/trunk@194956 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-20 06:57:54 +00:00
nelson%bolyard.com
782997f209 Fix broken optimized builds, caused by last checkin. Bug 236245. 
git-svn-id: svn://10.0.0.236/trunk@194370 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-14 00:43:19 +00:00
nelson%bolyard.com
bafb7f6292 Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea. 
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-13 23:08:18 +00:00
nelson%bolyard.com
d362c8829d Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul 
git-svn-id: svn://10.0.0.236/trunk@193802 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-07 06:24:07 +00:00
nelson%bolyard.com
a27efac04e Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert 
has an ECDSA signature.  bug 332350. r=vipul.gupta.


git-svn-id: svn://10.0.0.236/trunk@193659 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-06 04:40:49 +00:00
wtchang%redhat.com
67e2b4967d Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12 
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh


git-svn-id: svn://10.0.0.236/trunk@186032 18797224-902f-48f8-a5cc-f745e15eee43
 2005-12-14 01:49:40 +00:00
wtchang%redhat.com
e202386881 Bugzilla bug 311440: ssl3_ConsumeHandshakeVariable now longer returns a 
SECItem pointing to memory allocated with PORT_Alloc, so we don't need to
use PORT_Free to free the SECItem's buffer.  r=nelsonb.


git-svn-id: svn://10.0.0.236/trunk@182253 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-14 16:48:58 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00