Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
218,460 Commits 3,986 Branches 0 Tags
Commit Graph

656 Commits

Author SHA1 Message Date
wtc%google.com
f7ff05a366 Bug 822365: Make CBC decoding constant time. This patch makes the decoding 
of SSLv3 and TLS CBC records constant time. Without this, a timing side
channel can be used to build a padding oracle and mount Vaudenay's attack.
The patch is contributed by Adam Langley <agl@chromium.org>.
r=rrelyea,ryan.sleevi.
Modified Files:
	lib/freebl/blapi.h lib/freebl/ldvector.c lib/freebl/loader.c
	lib/freebl/loader.h lib/freebl/manifest.mn lib/freebl/md5.c
	lib/freebl/rawhash.c lib/freebl/sha512.c lib/freebl/sha_fast.c
	lib/freebl/sha_fast.h lib/nss/nss.def lib/pk11wrap/pk11obj.c
	lib/pk11wrap/pk11pub.h lib/softoken/manifest.mn
	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
	lib/softoken/pkcs11i.h lib/ssl/ssl3con.c lib/util/hasht.h
	lib/util/pkcs11n.h
Added Files:
	lib/freebl/hmacct.c lib/freebl/hmacct.h
	lib/softoken/sftkhmac.c


git-svn-id: svn://10.0.0.236/trunk@264692 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-05 18:10:46 +00:00
wtc%google.com
c76cb3fd06 Bug 820651: Fix comparisons of unsigned variable < 0. r=rrelyea. 
Modified Files:
	lib/freebl/arcfour.c lib/freebl/desblapi.c
	lib/pk11wrap/pk11merge.c


git-svn-id: svn://10.0.0.236/trunk@264636 18797224-902f-48f8-a5cc-f745e15eee43
 2013-01-10 15:24:03 +00:00
ryan.sleevi%gmail.com
04bb52c2f6 Bug 813857: Make certificate trust flags thread safe. 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@264626 18797224-902f-48f8-a5cc-f745e15eee43
 2013-01-07 04:11:52 +00:00
emaldona%redhat.com
499ad60f58 Bug 815528 - pk11util.c should not include pkcs11ni.h, r=:bsmith 
git-svn-id: svn://10.0.0.236/trunk@264491 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-28 01:47:17 +00:00
bsmith%mozilla.com
708394ff05 Bug 808218: Update more NSS declarations to have const parameters, r=rrelyea, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@264488 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-27 22:48:09 +00:00
kaie%kuix.de
84c2f811ec Bug 357025, additional patch to fix locking and session authentication, contributed by Robert Relyea, r=kaie 
git-svn-id: svn://10.0.0.236/trunk@264448 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-16 13:02:39 +00:00
ryan.sleevi%gmail.com
0cde057de2 BUG 802429: Respect cipherOrder when evaluating which module to use to perform operations. 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@264447 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-16 03:41:20 +00:00
kaie%kuix.de
ba3a1c9da5 Bug 802900 - Removed the unused variables in pk11_TokenKeyGenWithFlagsAndKeyType, patch by Wan-Teh Chang, r=me 
git-svn-id: svn://10.0.0.236/trunk@264362 18797224-902f-48f8-a5cc-f745e15eee43
 2012-10-19 20:21:20 +00:00
wtc%google.com
b8ee059d55 Bug 588269: SECMOD_CloseUserDB should properly close the user DB, and it 
should be possible to later re-add that same user DB as a new slot. The
patch is contributed by Ryan Sleevi <ryan.sleevi@gmail.com> of Google.
r=rrelyea,wtc.
Modified Files:
	cmd/tests/manifest.mn lib/pk11wrap/pk11util.c
	lib/softoken/pkcs11.c
Added Files:
	cmd/tests/secmodtest.c


git-svn-id: svn://10.0.0.236/trunk@264140 18797224-902f-48f8-a5cc-f745e15eee43
 2012-08-14 02:11:47 +00:00
kaie%kuix.de
d89aa1cfbf Bug 676114 - pk11_PubDeriveECKeyWithKDF does not work with some smart cards, patch by David Cooper, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264108 18797224-902f-48f8-a5cc-f745e15eee43
 2012-08-02 20:45:32 +00:00
rrelyea%redhat.com
fe99a56387 Include missing file from previous check. 
Fix tinderbox breakage.


git-svn-id: svn://10.0.0.236/trunk@264006 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-29 20:56:44 +00:00
rrelyea%redhat.com
94a9ff7be1 Bug 613496 - NSS softtoken ECC support is incomplete when used with other PKCS#11 modules 
Original patch by David Cooper. reviewed and modified by relyea.
modifications reviewd by David Cooper.


git-svn-id: svn://10.0.0.236/trunk@264005 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-29 17:46:25 +00:00
rrelyea%redhat.com
8809acb18a Bug 753116 - softoken needs to split out common components to util 
r=elio


git-svn-id: svn://10.0.0.236/trunk@263989 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-26 22:27:33 +00:00
rrelyea%redhat.com
6ac8edb3d9 Bug 475578 - Implement Extended DSA as defined in FIPS 186-3 (DSS) 
r = wtc
patch 5 of 7


git-svn-id: svn://10.0.0.236/trunk@263981 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-25 21:48:41 +00:00
rrelyea%redhat.com
5e92211d71 Bug 475578 - Implement Extended DSA as defined in FIPS 186-3 
patch 4 of 7
r=wtc


git-svn-id: svn://10.0.0.236/trunk@263980 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-25 17:30:17 +00:00
wtc%google.com
9fb932a454 Bug 613507: Add a CKA_CLASS attribute of CKO_CERTIFICATE to the search 
template in PK11_FindObjectForCert so that it won't force a PKCS #11 module
to search every object on the token.  Fix a similar bug in
PK11_GetLowLevelKeyIDForCert.  The patch is contributed by Doug Engert
<deengert@anl.gov>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@263829 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-17 02:18:41 +00:00
kaie%kuix.de
d36a15f6a9 Bug 357025, Support the new key object attributes in PKCS #11 v2.20, in particular CKA_ALWAYS_AUTHENTICATE, patch contributed by Doug Engert based on work by Honza Bambas, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263823 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-16 12:34:20 +00:00
wtc%google.com
afccbc5bc3 Bug 743097: Update stale comments for PK11_DefaultArray and 
ssl3_DecodeError.  r=emaldona.
Modified Files:
	lib/pk11wrap/pk11slot.c lib/ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@263796 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-08 00:24:08 +00:00
kaie%kuix.de
b1068ace2f Bug 591640 - CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE ignore non-empty shared data, patch contributed by David Cooper, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263752 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-26 02:25:10 +00:00
gerv%gerv.net
f465fa7d7e Bug 716563 - update license to MPL 2. r=rrelyea. 
git-svn-id: svn://10.0.0.236/trunk@263750 18797224-902f-48f8-a5cc-f745e15eee43
 2012-04-25 14:50:19 +00:00
wtc%google.com
5a039f56ce Bug 738161: Fix "does't" and "beause" spelling. The patch is contributed 
by Pallani Kumaran <pallanikumaran@gmail.com>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@263602 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-23 05:04:56 +00:00
kaie%kuix.de
a42f8798a1 Bug 671069, signed/unsigned warnings in pk11wrap, patch by Brian Smith, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263585 18797224-902f-48f8-a5cc-f745e15eee43
 2012-03-19 21:44:54 +00:00
emaldona%redhat.com
586915812b Bug 715666 - premature unloading of softoken crashes libcurl, contributed by Kamil Dudka, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@263269 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-13 17:11:12 +00:00
emaldona%redhat.com
ae845d5a77 Bug 682885 - Move EC point compression options macros to a public header, r=rrelyea,wtc 
git-svn-id: svn://10.0.0.236/trunk@263267 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-13 16:53:17 +00:00
wtc%google.com
410b73ad33 Bug 211546: add PK11_ImportEncryptedPrivateKeyInfoAndReturnKey. Make 
PK11_ImportEncryptedPrivateKeyInfo fail with SEC_ERROR_INVALID_ARGS if
isPerm is false.  r=bsmith.
Modified Files:
	lib/nss/nss.def lib/pk11wrap/pk11akey.c lib/pk11wrap/pk11pub.h


git-svn-id: svn://10.0.0.236/trunk@263052 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-05 23:44:52 +00:00
wtc%google.com
eb480c28ad Bug 647706: add SHA-224 support to more functions, in particular to 
support SHA-224 certificates.  Portions of this patch are contributed
by Hanno Boeck <hanno@hboeck.de>.  r=wtc,emaldona.
Modified Files:
	cmd/lib/secutil.c lib/cryptohi/seckey.c lib/cryptohi/secsign.c
	lib/cryptohi/secvfy.c lib/pk11wrap/pk11mech.c
	lib/pk11wrap/pk11slot.c lib/pkcs12/p12local.c
	lib/softoken/rsawrapr.c lib/ssl/ssl3ecc.c lib/util/secalgid.c


git-svn-id: svn://10.0.0.236/trunk@263002 18797224-902f-48f8-a5cc-f745e15eee43
 2011-10-22 14:35:44 +00:00
rrelyea%redhat.com
43c2723e77 Bug 515663 - Improper setting of CKA_DERIVE attribute during PKCS #12 import 
r=emaldona@redhat.com


git-svn-id: svn://10.0.0.236/trunk@262937 18797224-902f-48f8-a5cc-f745e15eee43
 2011-09-30 19:46:31 +00:00
wtc%google.com
0b61963566 Bug 675325: Add "const" to the inDerCert parameter of 
PK11_FindCertFromDERCertItem.  r=emaldona.


git-svn-id: svn://10.0.0.236/trunk@262552 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-29 23:10:20 +00:00
wtc%google.com
0d44d5c9f4 Bug 617565: Prevent buffer overflow in PK11_DeriveWithTemplate and 
pk11_AnyUnwrapKey template handling.  The patch is written by Brian Smith
<bsmith@mozilla.com>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@262537 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-26 16:02:07 +00:00
wtc%google.com
36b79015b2 Bug 668397: remove support for Fortezza certificates and keys from 
lib/certdb, lib/certhigh, and lib/cryptohi.  The bug was reported by
Tavis Ormandy <taviso@sdf.lonestar.org>.  The patch was written by
Brian Smith <bsmith@mozilla.com>.  r=rrelyea,wtc.
Modified Files:
	lib/certdb/cert.h lib/certdb/certdb.c lib/certdb/crl.c
	lib/certhigh/certvfy.c lib/cryptohi/keyhi.h
	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
	lib/cryptohi/secsign.c lib/pk11wrap/pk11cert.c


git-svn-id: svn://10.0.0.236/trunk@262519 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-24 13:48:13 +00:00
wtc%google.com
5a3f87134a Bug 671787: Remove an unnecessary PORT_Strdup call (for the argument to a 
PR_LoadLibrary call) in secmod_LoadPKCS11Module.  r=emaldona.


git-svn-id: svn://10.0.0.236/trunk@262492 18797224-902f-48f8-a5cc-f745e15eee43
 2011-07-15 15:03:43 +00:00
rrelyea%redhat.com
b58e695147 Bug 642503 - Generic blacklisting mechanism for bogus certs 
Patch 1: rename (see comment 20).
r=emaldona


git-svn-id: svn://10.0.0.236/trunk@262180 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-13 00:10:27 +00:00
rrelyea%redhat.com
198b24d02c Fix tinderbox from patch to Bug 595988 - NSS trusts CAs it shouldn't (trusts system db over user db) 
patch by rrrelyea
r=elmaldona.

 * The NSS trusts patch causes explicit internal tokens to be set in almost all cases. When we switch to FIPS mode we need to reset those explicit internal tokens.


git-svn-id: svn://10.0.0.236/trunk@261908 18797224-902f-48f8-a5cc-f745e15eee43
 2011-02-09 23:49:55 +00:00
nelson%bolyard.com
96b47c1239 Bug 592489: populate NSS's hash table of SubjectKeyID to token object. 
Patch contributed by Kaspar Brand <mozbugzilla@velox.ch>, r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@261871 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-29 22:17:20 +00:00
rrelyea%redhat.com
d1982de3ec Bug 595988 - NSS trusts CAs it shouldn't (trusts system db over user db) 
incorporate wtc's review comments


git-svn-id: svn://10.0.0.236/trunk@261842 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-27 01:40:58 +00:00
rrelyea%redhat.com
02475ae857 fix overrided comment to be the correct overridden. 
git-svn-id: svn://10.0.0.236/trunk@261838 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-26 00:58:20 +00:00
rrelyea%redhat.com
76528cb2b1 Fix trust regression introduced in the contextinit patch. 
r=emaldona


git-svn-id: svn://10.0.0.236/trunk@261835 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-25 23:55:05 +00:00
wtc%google.com
1776b2d762 Bug 625491: Make pk11load.o depend on debug_module.c. r=rrelyea. 
git-svn-id: svn://10.0.0.236/trunk@261787 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-21 23:58:11 +00:00
wtc%google.com
f889ea49a6 Bug 625491: print CK_ULONG attributes as an integer. Change 
CKA_SUB_PRIME_BITS to CKA_SUBPRIME_BITS.  Fix an incorrect fall-through in
the cases CKA_ISSUER/CKA_SUBJECT.  r=rrelyea,nelson.


git-svn-id: svn://10.0.0.236/trunk@261773 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-19 19:24:24 +00:00
nelson%bolyard.com
bd5c005a07 Bug 587419: listCertsCallback leaks CERT_DupCertificate(cert) when CERT_AddCertToListTailWithData fails 
Patch contributed by Timeless <timeless@mozdev.org>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@261759 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-15 20:49:15 +00:00
nelson%bolyard.com
8b44da4130 Bug 587421: PK11_PBEKeyGen leaks param because it checks type too late 
Patch contributed by Bob Relyea <rrelyea@redhat.com>, r=nelson


git-svn-id: svn://10.0.0.236/trunk@261758 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-15 20:10:13 +00:00
nelson%bolyard.com
acfe00abce Bug 577268 Correct misspellings of parameter and function in NSS source code 
Patch contributed by Michael Kohler [:michaelkohler] michaelkohler@linux.com
r=nelson


git-svn-id: svn://10.0.0.236/trunk@261755 18797224-902f-48f8-a5cc-f745e15eee43
 2011-01-15 19:47:13 +00:00
kaie%kuix.de
67b9ca13f8 Bug 617492, Add PK11_KeyGenWithTemplate function to pk11wrap (for Firefox Sync) 
Patch contributed by Brian Smith, r=rrelyea, r=wtc


git-svn-id: svn://10.0.0.236/trunk@261638 18797224-902f-48f8-a5cc-f745e15eee43
 2010-12-09 10:03:46 +00:00
rrelyea%redhat.com
27fb805764 Bug 609076 - Expose a PKCS#11 interface for J-PAKE in Softoken 
patch by bsmith
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@261625 18797224-902f-48f8-a5cc-f745e15eee43
 2010-12-04 19:10:46 +00:00
kaie%kuix.de
9c8f8161c1 Bug 596215, NSS should provide a way to find ALL valid certs for an email address 
Patch contributed by Juergen Brauckmann, r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@261577 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-18 18:22:54 +00:00
rrelyea%redhat.com
2b7ed02723 Bug 610843 - Need way to recover softoken in child after fork() 
r=wtc


git-svn-id: svn://10.0.0.236/trunk@261572 18797224-902f-48f8-a5cc-f745e15eee43
 2010-11-16 22:07:44 +00:00
rrelyea%redhat.com
42b7fbdcaa Bug 587428 - coverity issue submitted by timeless 
r=elio


git-svn-id: svn://10.0.0.236/trunk@261494 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-29 23:06:41 +00:00
wtc%google.com
b8e2518399 Bug 602754: Fix "a the" in comments. The patch is contributed by 
Edmund Wong <ewong@pw-wspx.org>.  r=wtc.
Modified Files:
	cmd/symkeyutil/symkey.man lib/jar/jarver.c
	lib/pk11wrap/pk11akey.c lib/pk11wrap/pk11pbe.c
	lib/smime/smime.h lib/softoken/legacydb/lowkeyi.h


git-svn-id: svn://10.0.0.236/trunk@261374 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-11 19:30:10 +00:00
rrelyea%redhat.com
89270aa72c coverity memory leak 
found by timeless
patch by timeless
r= rrelyea
Bug 587422


git-svn-id: svn://10.0.0.236/trunk@261191 18797224-902f-48f8-a5cc-f745e15eee43
 2010-09-09 21:25:05 +00:00
rrelyea%redhat.com
2c2d87932e Coverity identified memory leaks in error paths. 
identified by timeless.
patches by timeless.
r=rrelyea
bugs 587404 587405 587409 587386 587387


git-svn-id: svn://10.0.0.236/trunk@261190 18797224-902f-48f8-a5cc-f745e15eee43
 2010-09-09 21:14:24 +00:00