Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
159,114 Commits 3,986 Branches 0 Tags
Commit Graph

84 Commits

Author SHA1 Message Date
nelson%bolyard.com
a27efac04e Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert 
has an ECDSA signature.  bug 332350. r=vipul.gupta.


git-svn-id: svn://10.0.0.236/trunk@193659 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-06 04:40:49 +00:00
rrelyea%redhat.com
ca7ccce0f9 Bug 238051 Enable SSL session reuse for ECC cipher suites 
r=nelson r=thomas.

patch in bug + white space changes suggested by nelson.


git-svn-id: svn://10.0.0.236/trunk@192798 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-22 19:18:30 +00:00
wtchang%redhat.com
538e541701 Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key 
pair with only one key. r=nelson.bolyard.


git-svn-id: svn://10.0.0.236/trunk@191707 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-03 18:48:09 +00:00
wtchang%redhat.com
0106d5446d Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of 
ECDSA signatures.  Backed out a temporary workaround in
ECDSA_SignDigestWithSeed.  Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
	cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
	freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
	ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@191542 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-02 00:07:08 +00:00
nelson%bolyard.com
0b3fed0e68 Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre 
git-svn-id: svn://10.0.0.236/trunk@191464 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-01 05:49:27 +00:00
nelson%bolyard.com
d827ad7877 Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites 
from being negotiated by NSS servers.  Necessary until the server side
of the _DHE_ cipher suites is fully implemented.  r=Julien,Wan-Teh,Vipul


git-svn-id: svn://10.0.0.236/trunk@191364 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-28 04:20:23 +00:00
alexei.volkov.bugs%sun.com
5b6736aa0f [Bug 326963] Interoperability test with apache/mod_ssl: tstclnt 
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n


git-svn-id: svn://10.0.0.236/trunk@190145 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-15 22:22:32 +00:00
wtchang%redhat.com
67e2b4967d Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12 
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh


git-svn-id: svn://10.0.0.236/trunk@186032 18797224-902f-48f8-a5cc-f745e15eee43
 2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
5ee8d93e1b Initialize slot pointer in ssl3_HandleServerHello. Bug 311590. r=wtchang 
git-svn-id: svn://10.0.0.236/trunk@184877 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-18 01:25:20 +00:00
nelsonb%netscape.com
848ac6f433 Avoid NULL ptr deref. Bug 310260. patch by Glen.Beasley. r=nelson. 
git-svn-id: svn://10.0.0.236/trunk@181117 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-28 07:55:37 +00:00
nelsonb%netscape.com
5a588d70f0 Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function. 
Change existing callers to pass this argument.  Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files:  freebl/alghmac.c freebl/alghmac.h freebl/loader.c
  freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
  ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@180173 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:12:50 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00
nelsonb%netscape.com
00749853c3 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h


git-svn-id: svn://10.0.0.236/trunk@177810 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
663db84c36 Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.


git-svn-id: svn://10.0.0.236/trunk@171823 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
b62572db42 Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@171820 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
07cab5177e Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien 
Instead, if SSL_NO_CACHE is not set, return an error code.


git-svn-id: svn://10.0.0.236/trunk@170428 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-09 05:20:44 +00:00
jpierre%netscape.com
8385c4f9e2 Fix for 237934 - nss_InitLock not atomic. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@158176 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-19 03:21:39 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
6f48d14853 Add conditionally compiled code for NISCC testing of NSS's SSL library. 
patch by Ian McGreer.  Bugscape bug 53322.


git-svn-id: svn://10.0.0.236/trunk@153596 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-05 23:28:57 +00:00
jpierre%netscape.com
cabec54b89 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 
git-svn-id: svn://10.0.0.236/trunk@153448 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-03 03:18:56 +00:00
jpierre%netscape.com
9af88d0f5a Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 
git-svn-id: svn://10.0.0.236/trunk@151008 18797224-902f-48f8-a5cc-f745e15eee43
 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
0fd2842063 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@150552 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
478d713628 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.


git-svn-id: svn://10.0.0.236/trunk@148858 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
517ef7b660 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337


git-svn-id: svn://10.0.0.236/trunk@148646 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com
68ca5e8448 When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726


git-svn-id: svn://10.0.0.236/trunk@148119 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:55:50 +00:00
ian.mcgreer%sun.com
decc84df49 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs


git-svn-id: svn://10.0.0.236/trunk@148060 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
9911b56b4d Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.


git-svn-id: svn://10.0.0.236/trunk@147660 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
d544fa46d4 Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.


git-svn-id: svn://10.0.0.236/trunk@147524 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-03 02:01:18 +00:00
nelsonb%netscape.com
e14edef9e3 Eliminate TCP connection reset errors that occur when server requires 
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.


git-svn-id: svn://10.0.0.236/trunk@143124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-30 23:22:39 +00:00
jpierre%netscape.com
5f94baad22 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 
git-svn-id: svn://10.0.0.236/trunk@141286 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 02:04:24 +00:00
nelsonb%netscape.com
faa5b981f5 Changes to enable ECC over characteristic 2^m fields. 
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h


git-svn-id: svn://10.0.0.236/trunk@140430 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-29 00:18:30 +00:00
wtc%netscape.com
ede99124e6 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-26 00:31:13 +00:00
relyea%netscape.com
f06f3410eb Make indention style consistant with SSL's usage, not softoken/pk11 usage. 
git-svn-id: svn://10.0.0.236/trunk@139387 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-13 16:36:43 +00:00
relyea%netscape.com
baad4775cd Allow for tokens that don't require login. bug 197082 
git-svn-id: svn://10.0.0.236/trunk@139334 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
db2f1140de Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c


git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
3c19bbc924 Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.


git-svn-id: svn://10.0.0.236/trunk@138124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-21 23:00:16 +00:00
relyea%netscape.com
39cd897ff6 Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).


git-svn-id: svn://10.0.0.236/trunk@137837 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-15 01:21:25 +00:00
relyea%netscape.com
09be8d3cd2 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 
git-svn-id: svn://10.0.0.236/trunk@136911 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 22:02:37 +00:00
relyea%netscape.com
00bc37d763 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.


git-svn-id: svn://10.0.0.236/trunk@136893 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 17:27:34 +00:00
nelsonb%netscape.com
bca9f97d3a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.


git-svn-id: svn://10.0.0.236/trunk@133943 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
827c334f1c Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 
git-svn-id: svn://10.0.0.236/trunk@132968 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-05 00:25:20 +00:00
wtc%netscape.com
cbc1167df3 Bug 127740: added a comment to explain the thread yield in 
ssl3_SendApplicationData.


git-svn-id: svn://10.0.0.236/trunk@130809 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-30 20:51:05 +00:00
jpierre%netscape.com
9b0237c574 Fix compiler warnings 
git-svn-id: svn://10.0.0.236/trunk@129024 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 01:48:46 +00:00
nelsonb%netscape.com
a621affedc Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 
git-svn-id: svn://10.0.0.236/trunk@126906 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3b1e2d7136 Fix bug 160207 by changing the error alerts we send for failed decryption. 
git-svn-id: svn://10.0.0.236/trunk@126681 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-07 20:01:51 +00:00
relyea%netscape.com
424861117d Initialize type field to clear off purify warnings. 
git-svn-id: svn://10.0.0.236/trunk@124041 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
9b6375ccb6 Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.


git-svn-id: svn://10.0.0.236/trunk@123859 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-22 01:40:32 +00:00
ian.mcgreer%sun.com
d5ba19e9d7 bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc 
r=relyea


git-svn-id: svn://10.0.0.236/trunk@123592 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-19 15:21:37 +00:00
nelsonb%netscape.com
76f9a42d49 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket 
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.


git-svn-id: svn://10.0.0.236/trunk@115407 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-27 04:40:17 +00:00