Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
218,460 Commits 3,986 Branches 0 Tags
Commit Graph

500 Commits

Author SHA1 Message Date
wtc%google.com
f7f5728a6a Bug 838769 (second attempt): Disable the ECC cipher suites if we cannot 
send extensions, even if we support all the currently specified curves
(NSS_ECC_MORE_THAN_SUITE_B is set). r=agl,rrelyea.
Modified Files:
	ssl3con.c sslcon.c


git-svn-id: svn://10.0.0.236/trunk@264767 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-19 16:16:22 +00:00
wtc%google.com
e4d4cb3f24 Bug 838769: back out the previous checkin. tests/memleak/memleak.sh runs 
strsclnt with SSL2 enabled, so I need to fix that first.
Modified Files:
	ssl3con.c sslcon.c


git-svn-id: svn://10.0.0.236/trunk@264747 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-16 15:09:14 +00:00
wtc%google.com
a02af31053 Bug 838769: Disable the ECC cipher suites if we cannot send extensions, 
even if we support all the currently specified curves
(NSS_ECC_MORE_THAN_SUITE_B is set). r=agl,rrelyea.
Modified Files:
	ssl3con.c sslcon.c


git-svn-id: svn://10.0.0.236/trunk@264744 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 20:27:53 +00:00
kaie%kuix.de
6fe835fb35 Bug 811331 / Bug 360420, OCSP Stapling, TLS server side implementation; add ability to produce invalid OCSP responses for testing purposes, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264736 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:56:19 +00:00
kaie%kuix.de
7d2a505113 Bug 360420, OCSP Stapling, allow multiple status items, in an attempt to be prepared for future multi-stapling implementation. Introducing SECItemArray. r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264735 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:55:42 +00:00
kaie%kuix.de
a555bc1567 Overlapping fixes for Bug 554369 and Bug 360420. OCSP caching fixes by Adam Langley, r=kaie; Cache injection of OCSP stapling data inside default auth code, by me, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264733 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:53:24 +00:00
kaie%kuix.de
96ed6ee6a5 Bug 360420, OCSP Stapling, TLS client side implementation, based on work by Adam Langley, with tweaks from me and bsmith. r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264732 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-15 17:52:45 +00:00
wtc%google.com
8a751853e5 Bug 822365: Rename the hashAlg field of CK_NSS_MAC_CONSTANT_TIME_PARAMS to 
macAlg because it is a PKCS #11 MAC mechanism. r=rrelyea.
Modified Files:
	lib/softoken/sftkhmac.c lib/ssl/ssl3con.c lib/util/pkcs11n.h


git-svn-id: svn://10.0.0.236/trunk@264704 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-07 01:29:19 +00:00
wtc%google.com
ab90f378a9 Bug 822365: PKCS #11 naming convention and NSS coding style fixes for the 
constant-time CBC decoding code. r=rrelyea.
Modified Files:
	lib/freebl/hmacct.c lib/freebl/loader.c lib/freebl/md5.c
	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
	lib/softoken/sftkhmac.c lib/ssl/ssl3con.c lib/util/pkcs11n.h


git-svn-id: svn://10.0.0.236/trunk@264701 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-06 22:20:23 +00:00
wtc%google.com
8d05987658 Bug 822365: Fix the constant-time versions of HMAC-MD5 and SSLv3 MD5 MAC. 
Remove the workaround from ssl3_ComputeRecordMACConstantTime. The patch is
contributed by Adam Langley <agl@chromium.org>. r=rrelyea,wtc.
Modified Files:
	lib/freebl/hmacct.c lib/softoken/sftkhmac.c lib/ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@264696 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-06 02:02:38 +00:00
wtc%google.com
f7ff05a366 Bug 822365: Make CBC decoding constant time. This patch makes the decoding 
of SSLv3 and TLS CBC records constant time. Without this, a timing side
channel can be used to build a padding oracle and mount Vaudenay's attack.
The patch is contributed by Adam Langley <agl@chromium.org>.
r=rrelyea,ryan.sleevi.
Modified Files:
	lib/freebl/blapi.h lib/freebl/ldvector.c lib/freebl/loader.c
	lib/freebl/loader.h lib/freebl/manifest.mn lib/freebl/md5.c
	lib/freebl/rawhash.c lib/freebl/sha512.c lib/freebl/sha_fast.c
	lib/freebl/sha_fast.h lib/nss/nss.def lib/pk11wrap/pk11obj.c
	lib/pk11wrap/pk11pub.h lib/softoken/manifest.mn
	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
	lib/softoken/pkcs11i.h lib/ssl/ssl3con.c lib/util/hasht.h
	lib/util/pkcs11n.h
Added Files:
	lib/freebl/hmacct.c lib/freebl/hmacct.h
	lib/softoken/sftkhmac.c


git-svn-id: svn://10.0.0.236/trunk@264692 18797224-902f-48f8-a5cc-f745e15eee43
 2013-02-05 18:10:46 +00:00
bsmith%mozilla.com
bd1f61704c Bug 832005: Fix use of uninitialized variable when sending alert about missing certificate. Patch by mcmanus, r=bsmith 
git-svn-id: svn://10.0.0.236/trunk@264655 18797224-902f-48f8-a5cc-f745e15eee43
 2013-01-18 19:31:42 +00:00
ryan.sleevi%gmail.com
04bb52c2f6 Bug 813857: Make certificate trust flags thread safe. 
r=rrelyea


git-svn-id: svn://10.0.0.236/trunk@264626 18797224-902f-48f8-a5cc-f745e15eee43
 2013-01-07 04:11:52 +00:00
bsmith%mozilla.com
d794f26970 Initialize some DTLS state earlier to avoid the possibility of crashes, patch by Eric Rescorla, r=bsmith 
git-svn-id: svn://10.0.0.236/trunk@264580 18797224-902f-48f8-a5cc-f745e15eee43
 2012-12-20 20:29:36 +00:00
wtc%google.com
f73372dc78 Bug 811909: Reverse the sense of the ss->getClientAuthData test in 
ssl3_HandleCertificateRequest. r=sleevi.


git-svn-id: svn://10.0.0.236/trunk@264443 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-15 18:49:01 +00:00
wtc%google.com
b7d9ddd8e4 Bug 654611: Remove WinCE code from NSS. The patch is contributed by 
Ed Morley <bmo@edmorley.co.uk>. r=wtc.
Modified Files:
	mozilla/dbm/include/mcom_db.h mozilla/dbm/include/winfile.h
	mozilla/dbm/src/Makefile.in mozilla/dbm/src/mktemp.c
	mozilla/security/coreconf/Linux.mk
	mozilla/security/coreconf/WIN95.mk
	mozilla/security/coreconf/WINNT.mk
	mozilla/security/coreconf/config.mk
	mozilla/security/coreconf/rules.mk
	mozilla/security/nss/Makefile
	mozilla/security/nss/cmd/platlibs.mk
	mozilla/security/nss/cmd/certutil/keystuff.c
	mozilla/security/nss/cmd/lib/basicutil.c
	mozilla/security/nss/cmd/lib/config.mk
	mozilla/security/nss/cmd/lib/secpwd.c
	mozilla/security/nss/cmd/lib/secutil.c
	mozilla/security/nss/cmd/strsclnt/strsclnt.c
	mozilla/security/nss/lib/certhigh/ocsp.c
	mozilla/security/nss/lib/ckfw/Makefile
	mozilla/security/nss/lib/freebl/Makefile
	mozilla/security/nss/lib/freebl/arcfour.c
	mozilla/security/nss/lib/freebl/config.mk
	mozilla/security/nss/lib/freebl/win_rand.c
	mozilla/security/nss/lib/freebl/mpi/mpi.h
	mozilla/security/nss/lib/freebl/mpi/mpmontg.c
	mozilla/security/nss/lib/softoken/config.mk
	mozilla/security/nss/lib/softoken/sdb.c
	mozilla/security/nss/lib/softoken/legacydb/config.mk
	mozilla/security/nss/lib/ssl/sslimpl.h
	mozilla/security/nss/lib/ssl/sslnonce.c
	mozilla/security/nss/lib/ssl/sslsock.c
	mozilla/security/nss/lib/util/secder.h
	mozilla/security/nss/lib/util/secport.c
	mozilla/security/nss/lib/util/secport.h
	mozilla/security/nss/lib/util/utilmod.c
Removed Files:
	mozilla/security/coreconf/WINCE.mk
	mozilla/security/nss/cmd/lib/wincemain.c


git-svn-id: svn://10.0.0.236/trunk@264436 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-14 01:14:12 +00:00
wtc%google.com
bbfeaca264 Bug 810582: Only do SSL False Start with forward secret servers. The patch 
is contributed by Adam Langley <agl@chromium.org>. r=wtc,bsmith.


git-svn-id: svn://10.0.0.236/trunk@264420 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-13 01:30:09 +00:00
wtc%google.com
fbf313d226 Bug 745281: fix indentation problems introduced in rev. 1.27. 
git-svn-id: svn://10.0.0.236/trunk@264419 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-13 01:26:40 +00:00
wtc%google.com
12974d3866 Bug 810583: The TLS hello extension handlers for NPN should record the 
extension has been negotiated. The patch is contributed by Adam Langley
<agl@chromium.org>. r=wtc.


git-svn-id: svn://10.0.0.236/trunk@264417 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-10 13:06:15 +00:00
wtc%google.com
f071981d14 Bug 810579: Fix crash when an SSL key-log file couldn't be opened. The 
patch is contributed by Adam Langley <agl@chromium.org>. r=rsleevi,wtc.


git-svn-id: svn://10.0.0.236/trunk@264415 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-10 12:17:44 +00:00
wtc%google.com
ca36cfe680 Bug 716563 - a cosmetic fix of the MPL 2 header. 
git-svn-id: svn://10.0.0.236/trunk@264411 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-10 01:18:48 +00:00
wtc%google.com
b82c25a51f Remove an extraneous blank line. 
git-svn-id: svn://10.0.0.236/trunk@264410 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-10 01:15:08 +00:00
bsmith%mozilla.com
0bcdaabd38 Bug 797572: Export SRTP functions from libssl. Patch contributed by rjesup, r=bsmith 
git-svn-id: svn://10.0.0.236/trunk@264291 18797224-902f-48f8-a5cc-f745e15eee43
 2012-10-03 22:43:01 +00:00
wtc%google.com
8c71050332 Bug 734519: Stop the compression method search for loop when the target is 
seen. r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@264270 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-28 05:10:25 +00:00
wtc%google.com
e79fac955c Bug 783448: When renegotiating, continue to use the client_version used in 
the initial ClientHello to work around a Windows SChannel bug.
r=ryan.sleevi,bsmith.


git-svn-id: svn://10.0.0.236/trunk@264269 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-28 04:51:22 +00:00
wtc%google.com
812886d071 Bug 681065: ss->ssl3.hs.lastMessageFlight does not need to be allocated 
from the heap after bug 793033 is fixed. r=ekr.
Modified Files:
	dtlscon.c ssl3con.c sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@264267 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-28 01:46:45 +00:00
wtc%google.com
952b729d73 Bug 792681: Disable the export , DES, and RSA_FIPS cipher suites by 
default. Enable the non-ECC Triple DES and AES cipher suites by default.
Enable SSL_RSA_WITH_RC4_128_SHA and SSL_RSA_WITH_RC4_128_MD5 by default.
r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@264251 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-25 00:25:26 +00:00
wtc%google.com
1915e97b14 Bug 793033: Remove the strange sslSocket copying in ssl_FreeSocket. It 
breaks any pointer member that points to some other member. r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@264250 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-24 23:57:42 +00:00
wtc%google.com
7efcfbe561 Bug 542741: Change NSS_VersionCheck to not call PR_VersionCheck because 
system NSS packages are sometimes incorrectly built against an NSPR version
newer than the required NSPR version specified in the NSS package metainfo.
Modified Files:
	lib/ssl/ssl.h lib/nss/nss.h lib/nss/nssinit.c
	lib/smime/smime.h


git-svn-id: svn://10.0.0.236/trunk@264234 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-21 21:58:44 +00:00
wtc%google.com
b651899996 Bug 737178: Fix compiler warnings about signed/unsigned comparisons. r=ekr. 
Modified Files:
	ssl3ext.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@264232 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-21 00:28:05 +00:00
wtc%google.com
e34d846f91 Bug 681065: Replace hardcoded ssl_variant_stream with ss->protocolVariant. 
r=ekr.
Modified Files:
	ssl3con.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@264231 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-21 00:24:53 +00:00
wtc%google.com
6117329c60 Bug 774547: set the record layer version number of the initial ClientHello 
to at most { 3, 1 } (TLS 1.0) if we don't know what protocol version the
server supports. r=bsmith.
Modified Files:
	dtlscon.c ssl3con.c sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@264158 18797224-902f-48f8-a5cc-f745e15eee43
 2012-08-25 00:13:27 +00:00
wtc%google.com
e6f9c4714d Bug 766137: SSL_GetChannelInfo should use cwSpec instead of crSpec to 
support False Start.  r=bsmith.


git-svn-id: svn://10.0.0.236/trunk@264116 18797224-902f-48f8-a5cc-f745e15eee43
 2012-08-03 23:54:31 +00:00
emaldona%redhat.com
eef8f88fa4 Bug 745281 - Provide the option of disabling SSL PKCS #11 bypass at build time, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264089 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-30 00:47:36 +00:00
kaie%kuix.de
491e83be6b Bug 770057 - Fix remaining crashes when caching is off, contributed by Eric Rescorla, r=rrelyea 
git-svn-id: svn://10.0.0.236/trunk@264036 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-17 14:43:11 +00:00
wtc%google.com
20f531e00c Bug 507359: add SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION. Update the 
error message for SSL_ERROR_HANDSHAKE_NOT_COMPLETED.  r=bsmith,rrelyea.
Modified Files:
	SSLerrs.h sslerr.h sslinfo.c


git-svn-id: svn://10.0.0.236/trunk@264025 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-13 00:51:57 +00:00
gerv%gerv.net
b7de83473a Bug 754139 - update license to MPL 2. r=bsmith. 
git-svn-id: svn://10.0.0.236/trunk@264015 18797224-902f-48f8-a5cc-f745e15eee43
 2012-07-04 15:21:49 +00:00
wtc%google.com
92d5d06c81 Bug 681065: Rename DTLS_GetTimeout to DTLS_GetHandshakeTimeout. r=ekr. 
Modified Files:
	dtlscon.c ssl.def ssl.h


git-svn-id: svn://10.0.0.236/trunk@263966 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-19 21:56:10 +00:00
wtc%google.com
7ecfde73d0 Bug 764649: Always use the PORT_ZNew macro to create sslSessionID objects. 
r=emaldona.
Modified Files:
	sslcon.c sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@263947 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-14 19:04:59 +00:00
wtc%google.com
455441c0ab Bug 764649: Declare ssl_DupSocket as static because it is only used in 
sslsock.c.  r=emaldona.
Modified Files:
	sslimpl.h sslsock.c


git-svn-id: svn://10.0.0.236/trunk@263946 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-14 19:03:29 +00:00
rrelyea%redhat.com
528d2c4c19 Bug 475578 - Implement Extended DSA as defined in FIPS 186-3 (DSS) 
r wtc Patches 1 and 4 in the original bug (lib/softoken lib/freebl, and lib/ssl)


git-svn-id: svn://10.0.0.236/trunk@263930 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-12 16:39:03 +00:00
wtc%google.com
59a2cacd1c Bug 762763: Update the SSL trace message and the comment in the SSL key log 
file. The patch is contributed by Adam Langley <agl@chromium.org>.  r=wtc.


git-svn-id: svn://10.0.0.236/trunk@263929 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-12 00:29:34 +00:00
emaldona%redhat.com
aec522fd6a Bug 745281 - Provide the option of disabling SSL PKCS #11 bypass at build time, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@263927 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-11 02:38:30 +00:00
wtc%google.com
e12e542966 Bug 762763: Export SSL key logging in normal builds. Move SSL key logging 
out from behind the TRACE and DEBUG defines and add a new CLIENT_RANDOM
format to support ECDHE-RSA key agreement (and others). The patch is
contributed by Adam Langley <agl@chromium.org>.  r=wtc.
Modified Files:
	ssl3con.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@263919 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-08 02:59:44 +00:00
wtc%google.com
678de9d175 Bug 737178: Implement RFC 5764 (DTLS-SRTP). Add the SSL_SetSRTPCiphers and 
SSL_GetSRTPCipher functions.  The patch is contributed by Eric Rescorla
<ekr@rtfm.com>.  r=wtc,rsleevi.
Modified Files:
	ssl.h ssl3ext.c sslimpl.h sslproto.h sslsock.c sslt.h


git-svn-id: svn://10.0.0.236/trunk@263911 18797224-902f-48f8-a5cc-f745e15eee43
 2012-06-07 02:06:19 +00:00
wtc%google.com
3b82024c06 Bug 751793: NSS_FindCertKEAType and ssl_FindCertKEAType are the same. 
Remove nsskea.c and rename the ssl_FindCertKEAType function in sslsecur.c
to NSS_FindCertKEAType.  r=emaldona.
Modified Files:
	manifest.mn sslimpl.h sslsecur.c
Removed Files:
	nsskea.c


git-svn-id: svn://10.0.0.236/trunk@263854 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-24 20:34:51 +00:00
wtc%google.com
c27a55546b Bug 565047: Remove the unused IV members of ssl3SidKeys and 
SSLWrappedSymWrappingKey.  r=rrelyea.
Modified Files:
	sslimpl.h sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@263804 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-08 23:08:32 +00:00
wtc%google.com
afccbc5bc3 Bug 743097: Update stale comments for PK11_DefaultArray and 
ssl3_DecodeError.  r=emaldona.
Modified Files:
	lib/pk11wrap/pk11slot.c lib/ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@263796 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-08 00:24:08 +00:00
wtc%google.com
025fac7cf1 Bug 742162: Allow CertificateRequest to have an empty 
certificate_authorities list.  The patch is contributed by Eric Rescorla
<ekr@rtfm.com>.  r=wtc,bsmith,rrelyea.
Modified Files:
	ssl3con.c sslerr.h


git-svn-id: svn://10.0.0.236/trunk@263794 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-08 00:10:56 +00:00
emaldona%redhat.com
2352f8d9be Bug 750809 - Remove unwanted include of freebl-private ec.h from ssl3ecc.c, a=emaldona, r=wtc 
git-svn-id: svn://10.0.0.236/trunk@263776 18797224-902f-48f8-a5cc-f745e15eee43
 2012-05-01 20:15:48 +00:00