Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
210,942 Commits 3,986 Branches 0 Tags
Commit Graph

116 Commits

Author SHA1 Message Date
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
6f48d14853 Add conditionally compiled code for NISCC testing of NSS's SSL library. 
patch by Ian McGreer.  Bugscape bug 53322.


git-svn-id: svn://10.0.0.236/trunk@153596 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-05 23:28:57 +00:00
jpierre%netscape.com
cabec54b89 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 
git-svn-id: svn://10.0.0.236/trunk@153448 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-03 03:18:56 +00:00
jpierre%netscape.com
9af88d0f5a Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 
git-svn-id: svn://10.0.0.236/trunk@151008 18797224-902f-48f8-a5cc-f745e15eee43
 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
0fd2842063 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@150552 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
478d713628 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.


git-svn-id: svn://10.0.0.236/trunk@148858 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
517ef7b660 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337


git-svn-id: svn://10.0.0.236/trunk@148646 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com
68ca5e8448 When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726


git-svn-id: svn://10.0.0.236/trunk@148119 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:55:50 +00:00
ian.mcgreer%sun.com
decc84df49 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs


git-svn-id: svn://10.0.0.236/trunk@148060 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
9911b56b4d Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.


git-svn-id: svn://10.0.0.236/trunk@147660 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
d544fa46d4 Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.


git-svn-id: svn://10.0.0.236/trunk@147524 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-03 02:01:18 +00:00
nelsonb%netscape.com
e14edef9e3 Eliminate TCP connection reset errors that occur when server requires 
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.


git-svn-id: svn://10.0.0.236/trunk@143124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-30 23:22:39 +00:00
jpierre%netscape.com
5f94baad22 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 
git-svn-id: svn://10.0.0.236/trunk@141286 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 02:04:24 +00:00
nelsonb%netscape.com
faa5b981f5 Changes to enable ECC over characteristic 2^m fields. 
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h


git-svn-id: svn://10.0.0.236/trunk@140430 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-29 00:18:30 +00:00
wtc%netscape.com
ede99124e6 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-26 00:31:13 +00:00
relyea%netscape.com
f06f3410eb Make indention style consistant with SSL's usage, not softoken/pk11 usage. 
git-svn-id: svn://10.0.0.236/trunk@139387 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-13 16:36:43 +00:00
relyea%netscape.com
baad4775cd Allow for tokens that don't require login. bug 197082 
git-svn-id: svn://10.0.0.236/trunk@139334 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
db2f1140de Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c


git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
3c19bbc924 Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.


git-svn-id: svn://10.0.0.236/trunk@138124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-21 23:00:16 +00:00
relyea%netscape.com
39cd897ff6 Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).


git-svn-id: svn://10.0.0.236/trunk@137837 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-15 01:21:25 +00:00
relyea%netscape.com
09be8d3cd2 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 
git-svn-id: svn://10.0.0.236/trunk@136911 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 22:02:37 +00:00
relyea%netscape.com
00bc37d763 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.


git-svn-id: svn://10.0.0.236/trunk@136893 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 17:27:34 +00:00
nelsonb%netscape.com
bca9f97d3a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.


git-svn-id: svn://10.0.0.236/trunk@133943 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
827c334f1c Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 
git-svn-id: svn://10.0.0.236/trunk@132968 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-05 00:25:20 +00:00
wtc%netscape.com
cbc1167df3 Bug 127740: added a comment to explain the thread yield in 
ssl3_SendApplicationData.


git-svn-id: svn://10.0.0.236/trunk@130809 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-30 20:51:05 +00:00
jpierre%netscape.com
9b0237c574 Fix compiler warnings 
git-svn-id: svn://10.0.0.236/trunk@129024 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 01:48:46 +00:00
nelsonb%netscape.com
a621affedc Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 
git-svn-id: svn://10.0.0.236/trunk@126906 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3b1e2d7136 Fix bug 160207 by changing the error alerts we send for failed decryption. 
git-svn-id: svn://10.0.0.236/trunk@126681 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-07 20:01:51 +00:00
relyea%netscape.com
424861117d Initialize type field to clear off purify warnings. 
git-svn-id: svn://10.0.0.236/trunk@124041 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
9b6375ccb6 Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.


git-svn-id: svn://10.0.0.236/trunk@123859 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-22 01:40:32 +00:00
ian.mcgreer%sun.com
d5ba19e9d7 bug 145322, reduce the number of PKCS#11 sessions used in SSL connections, implement new function PK11_SaveContextAlloc 
r=relyea


git-svn-id: svn://10.0.0.236/trunk@123592 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-19 15:21:37 +00:00
nelsonb%netscape.com
76f9a42d49 1. the sslSecurityInfo and sslGather structs are now part of the sslSocket 
rather than being pointed to by the sslSocket.  This reduces the number
of malloc/free calls, and greatly reduces pointer fetches, and null
pointer checks.  sslGather and sslSecurityInfo are separately initialized.
2. SSL_ResetHandshake no longer deallocates and reallocates the sslSecurityInfo and all its subcomponents.
3. Many places that formerly did not check for memory allocation failures
now do check, and do the right thing when allocation failed.


git-svn-id: svn://10.0.0.236/trunk@115407 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-27 04:40:17 +00:00
nelsonb%netscape.com
a9cd5beaa8 Plug one of the leaks reported in bugzilla bug 123081 
git-svn-id: svn://10.0.0.236/trunk@113642 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-04 23:15:11 +00:00
jpierre%netscape.com
9acaca40ca Fix 114787 - ssl_recv crashes in client. bogus assert. reviewed by nelson 
git-svn-id: svn://10.0.0.236/trunk@110399 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-12 21:44:04 +00:00
relyea%netscape.com
dd1d27c432 Clean up compilier warnings on Solaris and Linux, most particularly: 
1) Implicit declaration of function.
2) Possibly unitialized variables.

These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.


git-svn-id: svn://10.0.0.236/trunk@109938 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-07 01:36:25 +00:00
nelsonb%netscape.com
7e4958958b Add localCert field to sid cache entry so SSL_LocalCertificate can 
remember the certs it sent back when it established the SSL session.
Bug 78959.  Also, hold on the certs in the received cert chain until
the SSL connection is complete.  This makes it easier for applications
to look at the entire cert chain after the handshake is over without
having to write their own custom authCert callbacks.  It is backwards
compatible with older NSS SSL applications, but may use more memory.


git-svn-id: svn://10.0.0.236/trunk@107729 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-09 05:39:36 +00:00
nelsonb%netscape.com
076553af57 Implement new function SSL_LocalCertificate(). Bug 78959. 
git-svn-id: svn://10.0.0.236/trunk@107638 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-08 02:15:38 +00:00
relyea%netscape.com
162c530b16 Land BOB_WORK_BRANCH unto the tip. 
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.


git-svn-id: svn://10.0.0.236/trunk@107628 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-08 00:15:51 +00:00
nelsonb%netscape.com
b91f3120f1 Reimplement SSL_GetChannelInfo. Add new function SSL_GetCipherSuiteInfo(). 
Also, implement new ciphersuite preference order.  Bug 78959.


git-svn-id: svn://10.0.0.236/trunk@107060 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-02 04:24:28 +00:00
nelsonb%netscape.com
845d4b22d8 Fix bug 107619. The new DHE_ ciphersuites were enabled by default. 
Now they are disabled by default, for compatibility with NSS 2.0.


git-svn-id: svn://10.0.0.236/trunk@106706 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-30 21:09:47 +00:00
nelsonb%netscape.com
f978c68393 Add support to TLS for new 128-bit and 256-bit AES ciphersuites. 87021. 
git-svn-id: svn://10.0.0.236/trunk@103408 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-21 03:07:35 +00:00
relyea%netscape.com
2938d8768c Remove dependancy on direct calls inside softoken. 
git-svn-id: svn://10.0.0.236/trunk@103342 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-20 21:26:40 +00:00
nelsonb%netscape.com
c38ee88985 Implement new function SSL_GetChannelInfo(). Bugzilla bug 78959. 
git-svn-id: svn://10.0.0.236/trunk@103057 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-18 01:59:21 +00:00
wtc%netscape.com
8790f9d8ae Bugzilla bug 94685: deleted the unreferenced label 'no_wrapped_key'. 
git-svn-id: svn://10.0.0.236/trunk@101654 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-22 23:15:45 +00:00
javi%netscape.com
102f8d04c2 Check to make sure we're still logged into a slot when trying 
to re-use a client-auth session.


git-svn-id: svn://10.0.0.236/trunk@101649 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-22 22:50:26 +00:00
nelsonb%netscape.com
eb9c042167 Fix bug 68869. Don't ignore TLS no certificate messages when the server 
requires client auth.  Work around bug in NT TCP stack by only shutting
down the socket for SEND (not for BOTH) after sending a bad_certificate
alert.  This avoids bogus CONNECTION_RESET_BY_PEER errors at the client.


git-svn-id: svn://10.0.0.236/trunk@97079 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-13 21:14:54 +00:00
nelsonb%netscape.com
50cb1eea79 Fix bug that caused version number to be wrong in SSL3 client hellos 
when restarting an SSL3 (not TLS) session.  (no bug number)


git-svn-id: svn://10.0.0.236/trunk@96372 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-05 00:26:37 +00:00
nelsonb%netscape.com
b2661ccb4d Implementation of 5 DHE ciphersuites, client side only. 
Contributed by Dr Stephen Henson <stephen.henson@gemplus.com>


git-svn-id: svn://10.0.0.236/trunk@91917 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-11 00:29:18 +00:00
nelsonb%netscape.com
5b276cd67e Fix a couple of memory leaks that occur in rare error paths. 
git-svn-id: svn://10.0.0.236/trunk@90938 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-31 02:49:59 +00:00
nelsonb%netscape.com
c603a294b4 Reinterpret the READ and WRITE poll flags depending on the state of the 
socket and the SSL handshake.  Rename the badly named "connected" flag.
Bugzilla bugs 56924, 56926, 66706.
Modified Files:
    ssl3con.c sslauth.c sslcon.c ssldef.c sslgathr.c sslimpl.h
    sslsecur.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@89723 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-16 23:26:06 +00:00