Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
217,104 Commits 3,986 Branches 0 Tags
Commit Graph

186 Commits

Author SHA1 Message Date
nelson%bolyard.com
bafb7f6292 Implement TLS Hello extensions for ECC. Bug 236245. r=rrelyea. 
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h


git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-13 23:08:18 +00:00
nelson%bolyard.com
d362c8829d Implement generic support for TLS Hello Extensions. Bug 226271. r=vipul 
git-svn-id: svn://10.0.0.236/trunk@193802 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-07 06:24:07 +00:00
nelson%bolyard.com
a27efac04e Don't negotiate an ECDH_RSA cipher suite when the server's only ECDH cert 
has an ECDSA signature.  bug 332350. r=vipul.gupta.


git-svn-id: svn://10.0.0.236/trunk@193659 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-06 04:40:49 +00:00
rrelyea%redhat.com
ca7ccce0f9 Bug 238051 Enable SSL session reuse for ECC cipher suites 
r=nelson r=thomas.

patch in bug + white space changes suggested by nelson.


git-svn-id: svn://10.0.0.236/trunk@192798 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-22 19:18:30 +00:00
wtchang%redhat.com
538e541701 Bugzilla bug 326482: code cleanup: ssl3_NewKeyPair should not create a key 
pair with only one key. r=nelson.bolyard.


git-svn-id: svn://10.0.0.236/trunk@191707 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-03 18:48:09 +00:00
wtchang%redhat.com
0106d5446d Bugzilla Bug 320589: fixed PK11_SignatureLen to return the exact length of 
ECDSA signatures.  Backed out a temporary workaround in
ECDSA_SignDigestWithSeed.  Made other changes related to signature lengths.
r=relyea,nelson.bolyard.
Modified Files:
	cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secsign.c
	freebl/ec.c pk11wrap/pk11obj.c pk11wrap/pk11pub.h
	ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@191542 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-02 00:07:08 +00:00
nelson%bolyard.com
0b3fed0e68 Bug 328262. Increment ssl3 statistics counters atomicly. r=wtchang,julien.pierre 
git-svn-id: svn://10.0.0.236/trunk@191464 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-01 05:49:27 +00:00
nelson%bolyard.com
d827ad7877 Bug 327105. Reintroduce an old bug that prevents _DHE_ cipher suites 
from being negotiated by NSS servers.  Necessary until the server side
of the _DHE_ cipher suites is fully implemented.  r=Julien,Wan-Teh,Vipul


git-svn-id: svn://10.0.0.236/trunk@191364 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-28 04:20:23 +00:00
alexei.volkov.bugs%sun.com
5b6736aa0f [Bug 326963] Interoperability test with apache/mod_ssl: tstclnt 
produces: assertion failure: secmod_PrivateModuleCount == 0; r=nelson, sr=julie
n


git-svn-id: svn://10.0.0.236/trunk@190145 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-15 22:22:32 +00:00
wtchang%redhat.com
67e2b4967d Bugzilla Bug 236245: Updated NSS to "ECC Cipher Suites for TLS" draft 12 
plus upcoming revisions.  The patch is contributed by Douglas Stebila
of Sun Labs <douglas@stebila.ca>. r=wtc.
Modified Files:
	cmd/selfserv/selfserv.c cmd/strsclnt/strsclnt.c
	cmd/tstclnt/tstclnt.c cmd/vfyserv/vfyserv.c lib/ssl/ssl3con.c
	lib/ssl/ssl3ecc.c lib/ssl/ssl3prot.h lib/ssl/sslenum.c
	lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
	lib/ssl/sslsock.c tests/ssl/ecssl.sh tests/ssl/ecsslauth.txt
	tests/ssl/ecsslcov.txt tests/ssl/ecsslstress.txt
	tests/ssl/ssl.sh


git-svn-id: svn://10.0.0.236/trunk@186032 18797224-902f-48f8-a5cc-f745e15eee43
 2005-12-14 01:49:40 +00:00
nelsonb%netscape.com
5ee8d93e1b Initialize slot pointer in ssl3_HandleServerHello. Bug 311590. r=wtchang 
git-svn-id: svn://10.0.0.236/trunk@184877 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-18 01:25:20 +00:00
nelsonb%netscape.com
848ac6f433 Avoid NULL ptr deref. Bug 310260. patch by Glen.Beasley. r=nelson. 
git-svn-id: svn://10.0.0.236/trunk@181117 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-28 07:55:37 +00:00
nelsonb%netscape.com
5a588d70f0 Plug leaks in SSL bypass code. Add freeit argument to HMAC_Destroy function. 
Change existing callers to pass this argument.  Call HMAC_Destroy from SSL.
Bug 305147. r=Julien.Pierre
Modified Files:  freebl/alghmac.c freebl/alghmac.h freebl/loader.c
  freebl/loader.h freebl/tlsprfalg.c softoken/lowpbe.c softoken/pkcs11c.c
  ssl/ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@180173 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:12:50 +00:00
nelsonb%netscape.com
66cf75f421 Implement two new SSL socket options: SSL_BYPASS_PKCS11 and SSL_NO_LOCKS. 
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c.  derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
    ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
    ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
    ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c


git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 03:02:16 +00:00
nelsonb%netscape.com
00749853c3 Remove fortezza code from libSSL and from the SSL test programs. 
Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h


git-svn-id: svn://10.0.0.236/trunk@177810 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-16 03:42:26 +00:00
nelsonb%netscape.com
663db84c36 Back out the preceeding fortezza removal patch, which was accidentally 
applied to the trunk, not to the intended branch.


git-svn-id: svn://10.0.0.236/trunk@171823 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 21:35:45 +00:00
nelsonb%netscape.com
b62572db42 Remove fortezza support from libSSL and related commands. Bug 239960. 
ON PERFORMANCE_HACKS_BRANCH.  r=rrelyea.


git-svn-id: svn://10.0.0.236/trunk@171820 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-06 19:43:19 +00:00
nelsonb%netscape.com
07cab5177e Do not crash if Server SID cache is uninitialized. Bug 237724 r=Julien 
Instead, if SSL_NO_CACHE is not set, return an error code.


git-svn-id: svn://10.0.0.236/trunk@170428 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-09 05:20:44 +00:00
jpierre%netscape.com
8385c4f9e2 Fix for 237934 - nss_InitLock not atomic. r=nelson 
git-svn-id: svn://10.0.0.236/trunk@158176 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-19 03:21:39 +00:00
gerv%gerv.net
62b0f34e77 Bug 236613: change to MPL/LGPL/GPL tri-license. Restore Id: lines. 
git-svn-id: svn://10.0.0.236/trunk@155606 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-27 23:04:40 +00:00
gerv%gerv.net
43cb9e1492 Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155484 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 15:03:26 +00:00
nelsonb%netscape.com
6f48d14853 Add conditionally compiled code for NISCC testing of NSS's SSL library. 
patch by Ian McGreer.  Bugscape bug 53322.


git-svn-id: svn://10.0.0.236/trunk@153596 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-05 23:28:57 +00:00
jpierre%netscape.com
cabec54b89 Fix for 235874 - crash in PK11_DigestKey . r=wtc, nelsonb 
git-svn-id: svn://10.0.0.236/trunk@153448 18797224-902f-48f8-a5cc-f745e15eee43
 2004-03-03 03:18:56 +00:00
jpierre%netscape.com
9af88d0f5a Rename PK11_PubDeriveExtended to PK11_PubDeriveWithKDF 
git-svn-id: svn://10.0.0.236/trunk@151008 18797224-902f-48f8-a5cc-f745e15eee43
 2004-01-08 01:37:46 +00:00
wchang0222%aol.com
0fd2842063 Made wincx the last argument of PK11_PubDeriveExtended. r=relyea. 
Modified Files: pk11func.h pk11skey.c ssl3con.c


git-svn-id: svn://10.0.0.236/trunk@150552 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 23:54:29 +00:00
nelsonb%netscape.com
478d713628 Grow handshake message buffer once per message, not once per each message 
segment received.  Bugscape bug 53418.


git-svn-id: svn://10.0.0.236/trunk@148858 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-05 06:22:57 +00:00
nelsonb%netscape.com
517ef7b660 Remove one unnecessary transition from the SSL3 state machine. 
Reduce the number of reallocations of the SSL3 handshake message buffer.
Bugscape bugs 53287 and 53337


git-svn-id: svn://10.0.0.236/trunk@148646 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-31 07:01:05 +00:00
nelsonb%netscape.com
68ca5e8448 When the SSL_NO_CACHE option is set on an SSL server socket, don't touch 
the server session cache AT ALL.  Bug 222726


git-svn-id: svn://10.0.0.236/trunk@148119 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-19 01:55:50 +00:00
ian.mcgreer%sun.com
decc84df49 ECC code landing. 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs


git-svn-id: svn://10.0.0.236/trunk@148060 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-17 13:45:42 +00:00
nelsonb%netscape.com
9911b56b4d Eliminate unnecessary copying of CA names in HandleCertRequest. 
Bug 204686.


git-svn-id: svn://10.0.0.236/trunk@147660 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-07 02:24:01 +00:00
nelsonb%netscape.com
d544fa46d4 Detect Zero length certs and zero length CA names. Bug 204686. 
Also, eliminate unnecessary copying of incoming certs.


git-svn-id: svn://10.0.0.236/trunk@147524 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-03 02:01:18 +00:00
nelsonb%netscape.com
e14edef9e3 Eliminate TCP connection reset errors that occur when server requires 
client auth and SSL3 client doesn't authenticate.  The fix is to coalesce
the SSL3 no_certificate alert record with the following records (e.g.
client_key_exchange handshake, change_cipher_spec and finished handshake).
Fix bugs 207313 and 118668.


git-svn-id: svn://10.0.0.236/trunk@143124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-30 23:22:39 +00:00
jpierre%netscape.com
5f94baad22 Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb 
git-svn-id: svn://10.0.0.236/trunk@141286 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 02:04:24 +00:00
nelsonb%netscape.com
faa5b981f5 Changes to enable ECC over characteristic 2^m fields. 
Contribution from Vipul Gupta <Vipul.Gupta@Sun.COM>
Modified Files:
 nss/cmd/strsclnt/strsclnt.c nss/lib/cryptohi/seckey.c
 nss/lib/freebl/blapit.h nss/lib/freebl/ec.c
 nss/lib/freebl/manifest.mn nss/lib/freebl/mpi/Makefile
 nss/lib/softoken/ecdecode.c nss/lib/softoken/pkcs11.c
 nss/lib/ssl/ssl3con.c nss/lib/util/secoid.c
 nss/lib/util/secoidt.h


git-svn-id: svn://10.0.0.236/trunk@140430 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-29 00:18:30 +00:00
wtc%netscape.com
ede99124e6 Bug 199082: checked in Nelson's patch, which 
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
   returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
	cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
	lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
	lib/ssl/sslimpl.h lib/ssl/sslsnce.c


git-svn-id: svn://10.0.0.236/trunk@140305 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-26 00:31:13 +00:00
relyea%netscape.com
f06f3410eb Make indention style consistant with SSL's usage, not softoken/pk11 usage. 
git-svn-id: svn://10.0.0.236/trunk@139387 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-13 16:36:43 +00:00
relyea%netscape.com
baad4775cd Allow for tokens that don't require login. bug 197082 
git-svn-id: svn://10.0.0.236/trunk@139334 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 19:22:32 +00:00
nelsonb%netscape.com
db2f1140de Add support for Elliptic Curve Cryptography. Bug 195135. 
Modified Files:
 	cmd/lib/SECerrs.h cmd/selfserv/selfserv.c
 	cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h
 	lib/cryptohi/keythi.h lib/cryptohi/seckey.c
 	lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h
 	lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c
 	lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def
 	lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c
 	lib/softoken/lowkeyti.h lib/softoken/manifest.mn
 	lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
 	lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
 	lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h
 	lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c
 	lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h
 	lib/util/secoid.c lib/util/secoidt.h
Added Files:
 	lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c
 	lib/freebl/ec.h lib/softoken/ecdecode.c


git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-27 01:31:38 +00:00
nelsonb%netscape.com
3c19bbc924 Fix bug 160207. Make TLS implementation resistant to timing attacks on 
CBC block mode cipher suites in TLS.  See bug for details.


git-svn-id: svn://10.0.0.236/trunk@138124 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-21 23:00:16 +00:00
relyea%netscape.com
39cd897ff6 Bug 167756. Address Nelson's review comments. remove socket specific latency 
in favor of a slot specific latency test (already done by pk11wrap code).


git-svn-id: svn://10.0.0.236/trunk@137837 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-15 01:21:25 +00:00
relyea%netscape.com
09be8d3cd2 Bug 167756. Clean up previous patch: add lastState field, and set the SSL Error on failure. 
git-svn-id: svn://10.0.0.236/trunk@136911 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 22:02:37 +00:00
relyea%netscape.com
00bc37d763 Check for token removal before continuing SSL sessions which have client auth 
with certs associated with that token. bug 167756.


git-svn-id: svn://10.0.0.236/trunk@136893 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-23 17:27:34 +00:00
nelsonb%netscape.com
bca9f97d3a Don't reject a cert request with an empty list of CA cert names. 
Don't crash with an empty CA name list.


git-svn-id: svn://10.0.0.236/trunk@133943 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-16 03:19:48 +00:00
nelsonb%netscape.com
827c334f1c Fix missing strings that cause crash in SSL_SecurityStatus(). Bug 178342. 
git-svn-id: svn://10.0.0.236/trunk@132968 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-05 00:25:20 +00:00
wtc%netscape.com
cbc1167df3 Bug 127740: added a comment to explain the thread yield in 
ssl3_SendApplicationData.


git-svn-id: svn://10.0.0.236/trunk@130809 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-30 20:51:05 +00:00
jpierre%netscape.com
9b0237c574 Fix compiler warnings 
git-svn-id: svn://10.0.0.236/trunk@129024 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 01:48:46 +00:00
nelsonb%netscape.com
a621affedc Support the TLS_RSA_WITH_NULL_SHA cipher suite. Bug 161529. 
git-svn-id: svn://10.0.0.236/trunk@126906 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-09 21:53:17 +00:00
nelsonb%netscape.com
3b1e2d7136 Fix bug 160207 by changing the error alerts we send for failed decryption. 
git-svn-id: svn://10.0.0.236/trunk@126681 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-07 20:01:51 +00:00
relyea%netscape.com
424861117d Initialize type field to clear off purify warnings. 
git-svn-id: svn://10.0.0.236/trunk@124041 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-25 23:00:59 +00:00
nelsonb%netscape.com
9b6375ccb6 Fix bug 135261. Create symbolic names for the values 2 and 3 for the 
SSL_REQUIRE_CERTIFICATE option.  Value 2 has always been the default.
New Value 3 is appropriate for servers that want to re-request, but
still not require, client-auth from a client with whom an SSL session
is already established.


git-svn-id: svn://10.0.0.236/trunk@123859 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-22 01:40:32 +00:00