Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
175,304 Commits 3,986 Branches 0 Tags
Commit Graph

247 Commits

Author SHA1 Message Date
wtchang%redhat.com
8f2df656bf Bugzilla Bug 359484: made the fix for bug 341707 work for the SSL2 client 
hello case. r=nelsonb,alexei.volkov


git-svn-id: svn://10.0.0.236/trunk@215245 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-14 01:09:54 +00:00
alexei.volkov.bugs%sun.com
5f7cf266e5 353888: klockwork IDs for ssl3con.c. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@213367 18797224-902f-48f8-a5cc-f745e15eee43
 2006-10-09 22:26:44 +00:00
julien.pierre.bugs%sun.com
a030f3283d Fix for bug 115951 . Separate BL_Cleanup and BL_Unload . r=wtchang,nelson 
git-svn-id: svn://10.0.0.236/trunk@213017 18797224-902f-48f8-a5cc-f745e15eee43
 2006-10-02 21:17:59 +00:00
julien.pierre.bugs%sun.com
50720ed113 Fix for bug 115951 . Unload freebl dynamic library . Also fix tiny one-time leak of library name . r=nelson,wtchang 
git-svn-id: svn://10.0.0.236/trunk@212769 18797224-902f-48f8-a5cc-f745e15eee43
 2006-09-28 00:40:55 +00:00
nelson%bolyard.com
bf090012bf Also trace the DH(E) PMS. bug 349966. r=julien.pierre, wtchang 
git-svn-id: svn://10.0.0.236/trunk@209074 18797224-902f-48f8-a5cc-f745e15eee43
 2006-09-02 18:53:54 +00:00
nelson%bolyard.com
5bc47a3fed re-enable SSLTRACE for keys and (pre)master secrets. Bug 349966. r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@208358 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-24 22:10:03 +00:00
nelson%bolyard.com
3c8ae7422c Correct ifdefs so that non-ECC builds will continue to build correctly. 
r=wtchang  bug 341707.


git-svn-id: svn://10.0.0.236/trunk@203201 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-20 00:17:23 +00:00
nelson%bolyard.com
505b7efaff Curve-limited clients must not negotiate ECC ciphersuites unless they send the supported curve extension. This means that when they are nogotiating SSL 3.0 
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-19 01:42:58 +00:00
alexei.volkov.bugs%sun.com
5761fab072 334459: Variable "(cache)->sharedCache" tracked as NULL was passed to a function that dereferences it. [@ CloseCache - InitCache]. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@202258 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-17 22:15:10 +00:00
alexei.volkov.bugs%sun.com
b1e4bcb35a 341291: Coverity 689 - potential NULL ptr crash in ssl3_SendCertificate. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@202256 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-17 22:08:03 +00:00
julien.pierre.bugs%sun.com
e5e8902b02 Fix for bug 341708 . Have client send alert if it detects an invalid server key exchange. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@201142 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-28 21:15:04 +00:00
wtchang%redhat.com
e82461ec07 Bugzilla Bug 338798: in C89, local struct variables can only be initialized 
by constant expressions.  HP C compiler version B.11.11.08 generates
incorrect code silently if the initializers are non-constant expressions.
r=alexei.volkov,julien.pierre.
Modified files: cmd/crmftest/testcrmf.c lib/ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@200976 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-26 23:32:19 +00:00
rrelyea%redhat.com
6d69aa1d29 bug 335748 ECC support for Mozilla. r=wtc 
git-svn-id: svn://10.0.0.236/trunk@200694 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-23 17:01:38 +00:00
nelson%bolyard.com
343dadeb70 Remove dead code. Coverity 506. r=nelson,wtchang. Bug 337027. 
Patch by Jon Smirl <jonsmirl@yahoo.com>


git-svn-id: svn://10.0.0.236/trunk@199434 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-07 18:40:57 +00:00
nelson%bolyard.com
3eda74cd5d Fix bug 337104 and bug 337105. Don't crash if we run out of memory 
in ssl2_ConstructCipherSpecs().  r=Alexei.Volkov  Coverity 442 & 443.


git-svn-id: svn://10.0.0.236/trunk@199429 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-07 17:53:19 +00:00
wtchang%redhat.com
9d60721908 Bugzilla bug 338599: added new function SECKEY_SignatureLen and use it 
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths.
Removed the 'type' member from the VFYContextStr structure because that
info is in the 'key->keyType' field.  Set error codes when functions
fail (return 0). r=nelsonb.
Modified Files:
	cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c
	nss/nss.def ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@198781 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-31 23:54:52 +00:00
nelson%bolyard.com
862dbdbc05 Promote the use of curve secp192r1 for client auth, since it is faster 
than most.  Bug 332350.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@197974 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-19 04:01:30 +00:00
nelson%bolyard.com
d41e92d455 Fix several Coverity bugs. Bug 336982. NULL ptr check after ptr deref'ed. 
Bug 337080.  Dead code.  r=alexei.volkov


git-svn-id: svn://10.0.0.236/trunk@197950 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-18 20:41:21 +00:00
nelson%bolyard.com
d201e5eca4 Correct the amount returned by ssl_Writev for short writes on non-blocking 
sockets.  Bug 338325. patch by Chris Newman <chris.newman@sun.com>
r=nelson


git-svn-id: svn://10.0.0.236/trunk@197897 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-18 01:10:21 +00:00
wtchang%redhat.com
2beeda3cec Bug 305835: Remove NSS_ENABLE_ECC ifdefs in libssl. r=wtc,nelsonb 
git-svn-id: svn://10.0.0.236/trunk@196622 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-16 01:14:43 +00:00
alexei.volkov.bugs%sun.com
ea68cbd9e6 Patch contributed by jonsmirl@yahoo.com 
[Bug 336932] Coverity 163, dead code in mozilla/security/nss/lib/ssl/ssl3con.c. r=nelson


git-svn-id: svn://10.0.0.236/trunk@196440 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-13 00:15:43 +00:00
nelson%bolyard.com
0cfc8e8fb2 Bug 323350. sr=rrelyea. This patch makes 3 changes: 
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
   curves.
2) it corrects the creation and parsing of the Supported Curve extension to
   conform with the lastest definition, by using 2 bytes to encode the list
   length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
   that is at least as strong as the "weakest link", is mutually supported
   by client and server, and is the fastest for its size.


git-svn-id: svn://10.0.0.236/trunk@195173 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-23 00:17:18 +00:00
wtchang%redhat.com
acc744e9ea Bugzilla Bug 236245: Use a stack buffer for ec_params.data in 
ssl3_SendECDHServerKeyExchange. r=nelson.


git-svn-id: svn://10.0.0.236/trunk@195065 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-21 16:19:48 +00:00
nelson%bolyard.com
c74c0d6ec1 Bug 80092: SSL write indicates all data sent when some is buffered. 
SSL now follows NSPR socket semantics and never returns a short write
count on a blocking socket.  On a blocking socket, it returns either
the full count or -1 (with an error code set).
For non-blocking sockets, SSL no longer returns a full write count
when some of the data remains buffered in the SSL record layer.
Instead it returns a number is that always at least 1 byte short of a
full write count, so that the caller will  keep retrying until it is done.
SSL makes sure that the first byte sent by the caller in the retry
matches the last byte previously buffered.  r=rrelyea.
Modified Files: ssl3con.c sslcon.c ssldef.c sslimpl.h sslsecur.c


git-svn-id: svn://10.0.0.236/trunk@194962 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-20 08:46:34 +00:00
nelson%bolyard.com
f31b5a729a Fix buffer overflow regression. Bug 236245. sr=wtchang 
git-svn-id: svn://10.0.0.236/trunk@194956 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-20 06:57:54 +00:00
alexei.volkov.bugs%sun.com
b2c388de76 Patch contributed by timeless@bemail.org 
[Bug 334459] Variable "cipherName" tracked as NULL was passed to a
 function that dereferences it. [@ PORT_Strdup - SSL_SecurityStatus]. r=nelson


git-svn-id: svn://10.0.0.236/trunk@194743 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-20 00:22:58 +00:00
nelson%bolyard.com
782997f209 Fix broken optimized builds, caused by last checkin. Bug 236245. 
git-svn-id: svn://10.0.0.236/trunk@194370 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-14 00:43:19 +00:00
nelson%bolyard.com
bafb7f6292 Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea. 
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-13 23:08:18 +00:00
nelson%bolyard.com
d362c8829d Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul 
git-svn-id: svn://10.0.0.236/trunk@193802 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-07 06:24:07 +00:00
nelson%bolyard.com
a27efac04e Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert 
has an ECDSA signature.  bug 332350. r=vipul.gupta.


git-svn-id: svn://10.0.0.236/trunk@193659 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-06 04:40:49 +00:00
nelson%bolyard.com
cfbcd913d7 Define alerts and error codes for TLS Hello extensions. Bug 226271. 
r=julien.pierre


git-svn-id: svn://10.0.0.236/trunk@193468 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-04 00:32:27 +00:00
rrelyea%redhat.com
3df0eb0674 From Bug 331279. 
Free ECDHE Ephemeral key. Fixes server-side leak.
r=julien r=alexei


git-svn-id: svn://10.0.0.236/trunk@193280 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-30 21:07:22 +00:00
rrelyea%redhat.com
ca7ccce0f9 Bug 238051 Enable SSL session reuse for ECC cipher suites 
r=nelson r=thomas.

patch in bug + white space changes suggested by nelson.


git-svn-id: svn://10.0.0.236/trunk@192798 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-22 19:18:30 +00:00
wtchang%redhat.com
538e541701 Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key 
pair with only one key. r=nelson.bolyard.


git-svn-id: svn://10.0.0.236/trunk@191707 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-03 18:48:09 +00:00
wtchang%redhat.com
72043e97f0 Bugzilla bug 326482: removed incorrect comments. r=nelson.bolyard. 
git-svn-id: svn://10.0.0.236/trunk@191706 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-03 18:45:54 +00:00
wtchang%redhat.com
0106d5446d Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of 
ECDSA signatures.  Backed out a temporary workaround in
ECDSA_SignDigestWithSeed.  Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
	cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
	freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
	ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@191542 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-02 00:07:08 +00:00
wtchang%redhat.com
00618619a6 Bugzilla Bug 326403: use "Mozilla Foundation" as the manufacturer or 
producer of our shared libraries/DLLs.  Removed the optional copyright
notices from our DLLs. r=relyea,jpierre.
Modified Files:
	lib/ckfw/builtins/constants.c lib/ckfw/builtins/nssckbi.rc
	lib/ckfw/capi/nsscapi.rc lib/ckfw/dbm/instance.c
	lib/freebl/freebl.rc lib/nss/nss.rc lib/smime/smime.rc
	lib/softoken/pkcs11.c lib/softoken/softokn.rc lib/ssl/ssl.rc


git-svn-id: svn://10.0.0.236/trunk@191511 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-01 19:44:36 +00:00
nelson%bolyard.com
0b3fed0e68 Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre 
git-svn-id: svn://10.0.0.236/trunk@191464 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-01 05:49:27 +00:00
nelson%bolyard.com
d827ad7877 Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites 
from being negotiated by NSS servers.  Necessary until the server side
of the _DHE_ cipher suites is fully implemented.  r=Julien,Wan-Teh,Vipul


git-svn-id: svn://10.0.0.236/trunk@191364 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-28 04:20:23 +00:00
alexei.volkov.bugs%sun.com
5b6736aa0f [Bug 326963] Interoperability test with apache/mod_ssl: tstclnt 
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n


git-svn-id: svn://10.0.0.236/trunk@190145 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-15 22:22:32 +00:00
rrelyea%redhat.com
99fa932ed0 Bugzilla Bug 326482 NSS ECC performance problems. 
Patch by Nelson, r=relyea.

Save the public key when we create the keypair so we can use it later.


git-svn-id: svn://10.0.0.236/trunk@189566 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-10 19:39:53 +00:00
nelsonb%netscape.com
5f09451b56 Set SSL2 and SSL3 timeout times properly for SSL server session cache. 
Bug 223242. r=jullien.pierre


git-svn-id: svn://10.0.0.236/trunk@188382 18797224-902f-48f8-a5cc-f745e15eee43
 2006-01-28 02:21:31 +00:00
nelsonb%netscape.com
d6b69e6906 Detect NULL server key pair pointer. Bug 321161. r=wtchang. 
git-svn-id: svn://10.0.0.236/trunk@187904 18797224-902f-48f8-a5cc-f745e15eee43
 2006-01-20 17:40:21 +00:00
wtchang%redhat.com
9a9352d0f2 Bugzilla Bug 318217: use the new NSPR functions PR_EmulateAcceptRead and 
PR_EmulateSendFile added in NSPR 4.1.  r=nelsonb.
Modified files: manifest.mn sslimpl.h sslsock.c
Removed file: emulate.c


git-svn-id: svn://10.0.0.236/trunk@187784 18797224-902f-48f8-a5cc-f745e15eee43
 2006-01-18 23:06:57 +00:00
wtchang%redhat.com
67e2b4967d Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12 
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh


git-svn-id: svn://10.0.0.236/trunk@186032 18797224-902f-48f8-a5cc-f745e15eee43
 2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
5ee8d93e1b Initialize slot pointer in ssl3_HandleServerHello. Bug 311590. r=wtchang 
git-svn-id: svn://10.0.0.236/trunk@184877 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-18 01:25:20 +00:00
nelsonb%netscape.com
27841c7a9e Restore binary compatilibity for old Fortezza cipher suites. 
Bug 316640. r-glen.beasley


git-svn-id: svn://10.0.0.236/trunk@184876 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-18 01:21:22 +00:00
julien.pierre.bugs%sun.com
8f4becb003 Fix for 292156. Prevent crash in SSL session cache init if invalid arguments are passed. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@184446 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-11 02:45:59 +00:00
wtchang%redhat.com
4244eba8b0 Improved a comment. Suggested by Nelson Bolyard of Sun. r=wtc. 
git-svn-id: svn://10.0.0.236/trunk@184318 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-08 22:00:46 +00:00
julien.pierre.bugs%sun.com
5f414362eb Add dependency on freebl so ssl will rebuild if freebl has changed. 
git-svn-id: svn://10.0.0.236/trunk@182514 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-19 01:04:16 +00:00