Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bug 822365: Document the <Hash>_EndRaw functions. Fix a typo in the commentNSS_3_14_3_RTMNSS_3_14_3_RC0 | wtc%google.com | 2013-02-14 | 1 | -4/+40 |
| | | | | for SHA1_EndRaw (16 -> 20). r=agl. | ||||
* | prepare version numbers for 3.14.3 RTM | kaie%kuix.de | 2013-02-14 | 3 | -6/+6 |
| | |||||
* | Bug 840714 - certutil -a does not produce ASCII output, r=bsmith | emaldona%redhat.com | 2013-02-13 | 1 | -1/+1 |
| | |||||
* | Bug 822365: Document the constant-time MAC mechanisms. The patch is | wtc%google.com | 2013-02-12 | 1 | -1/+23 |
| | | | | contributed by Adam Langley <agl@chromium.org>. r=wtc. | ||||
* | Bug 822365: change the include guard macro to match the file name. | wtc%google.com | 2013-02-11 | 1 | -2/+2 |
| | |||||
* | Bug 839109 - Fix TLS version in NSS tests, patch by Wan-Teh Chang, r=kaieNSS_3_14_3_BETA1 | kaie%kuix.de | 2013-02-07 | 1 | -1/+1 |
| | |||||
* | Bug 822365: Rename the hashAlg field of CK_NSS_MAC_CONSTANT_TIME_PARAMS to | wtc%google.com | 2013-02-07 | 3 | -13/+23 |
| | | | | | | macAlg because it is a PKCS #11 MAC mechanism. r=rrelyea. Modified Files: lib/softoken/sftkhmac.c lib/ssl/ssl3con.c lib/util/pkcs11n.h | ||||
* | Bug 822365: Remove a redundant null pointer check in the | wtc%google.com | 2013-02-07 | 1 | -2/+0 |
| | | | | CKM_NSS_HMAC_CONSTANT_TIME case in NSC_SignInit. r=rrelyea. | ||||
* | Bug 822365: Fix a typo ("my" -> "may"). r=rrelyea. | wtc%google.com | 2013-02-07 | 1 | -2/+2 |
| | |||||
* | Bug 822365: PKCS #11 naming convention and NSS coding style fixes for the | wtc%google.com | 2013-02-06 | 8 | -93/+134 |
| | | | | | | | | constant-time CBC decoding code. r=rrelyea. Modified Files: lib/freebl/hmacct.c lib/freebl/loader.c lib/freebl/md5.c lib/softoken/pkcs11.c lib/softoken/pkcs11c.c lib/softoken/sftkhmac.c lib/ssl/ssl3con.c lib/util/pkcs11n.h | ||||
* | Bug 822365, Fix ppc64 endianness bug, patch by wtc, r=kaie | kaie%kuix.de | 2013-02-06 | 1 | -8/+8 |
| | |||||
* | Bug 822365, Fix compilation error on OSX PowerPC 32bit, TBR=wtc | kaie%kuix.de | 2013-02-06 | 1 | -0/+3 |
| | |||||
* | Bug 822365: do not shift an unsigned int for more than 32 bits. TBR=agl | wtc%google.com | 2013-02-06 | 1 | -1/+1 |
| | |||||
* | Bug 822365: the version for PK11_SignWithSymKey should be NSS_3.14.3. | wtc%google.com | 2013-02-06 | 1 | -1/+1 |
| | |||||
* | Bug 822365: Fix the constant-time versions of HMAC-MD5 and SSLv3 MD5 MAC. | wtc%google.com | 2013-02-06 | 3 | -9/+11 |
| | | | | | | | Remove the workaround from ssl3_ComputeRecordMACConstantTime. The patch is contributed by Adam Langley <agl@chromium.org>. r=rrelyea,wtc. Modified Files: lib/freebl/hmacct.c lib/softoken/sftkhmac.c lib/ssl/ssl3con.c | ||||
* | Bug 822365: SHA512_EndRaw and SHA256_EndRaw need a local variable named t1 | wtc%google.com | 2013-02-06 | 1 | -1/+9 |
| | | | | | for the BYTESWAP4 and BYTESWAP8 macros in certain build configurations. TBR=kaie. | ||||
* | Bug 822365: the SHA_HTONL macro (used by the SHA_STORE_RESULT macro) needs | wtc%google.com | 2013-02-05 | 1 | -1/+4 |
| | | | | | a local variable named 'tmp' in some build configurations. Undefine 'tmp' as 'lenB' at the end of SHA1_End. r=kaie. | ||||
* | Bug 822365: declare variables at the beginning of a block to fix MSVC | wtc%google.com | 2013-02-05 | 1 | -2/+2 |
| | | | | compilation errors. r=kaie. | ||||
* | Bug 822365: Make CBC decoding constant time. This patch makes the decoding | wtc%google.com | 2013-02-05 | 23 | -89/+1332 |
| | | | | | | | | | | | | | | | | | | | of SSLv3 and TLS CBC records constant time. Without this, a timing side channel can be used to build a padding oracle and mount Vaudenay's attack. The patch is contributed by Adam Langley <agl@chromium.org>. r=rrelyea,ryan.sleevi. Modified Files: lib/freebl/blapi.h lib/freebl/ldvector.c lib/freebl/loader.c lib/freebl/loader.h lib/freebl/manifest.mn lib/freebl/md5.c lib/freebl/rawhash.c lib/freebl/sha512.c lib/freebl/sha_fast.c lib/freebl/sha_fast.h lib/nss/nss.def lib/pk11wrap/pk11obj.c lib/pk11wrap/pk11pub.h lib/softoken/manifest.mn lib/softoken/pkcs11.c lib/softoken/pkcs11c.c lib/softoken/pkcs11i.h lib/ssl/ssl3con.c lib/util/hasht.h lib/util/pkcs11n.h Added Files: lib/freebl/hmacct.c lib/freebl/hmacct.h lib/softoken/sftkhmac.c | ||||
* | Bug 158747: Add support for RSA-OAEP to softoken, but do not enable it yet, | ryan.sleevi%gmail.com | 2013-02-05 | 5 | -237/+528 |
| | | | | pending unit tests. r=wtc | ||||
* | Bug 837799 - Allow building of NSS against older sqlite, r=wtc | kaie%kuix.de | 2013-02-04 | 1 | -0/+5 |
| | |||||
* | Bug 836562: Use Horner's rule to calculate the elliptic curve polynomial in | wtc%google.com | 2013-02-01 | 1 | -4/+3 |
| | | | | ec_GFp_validate_point. r=agl. | ||||
* | Setting version to 3.14.3 Beta | kaie%kuix.de | 2013-01-31 | 3 | -9/+9 |
| | |||||
* | Set version to NSS 3.14.2 RTMNSS_3_14_2_RTM | kaie%kuix.de | 2013-01-31 | 3 | -6/+6 |
| | |||||
* | Update/Add license headers. | rrelyea%redhat.com | 2013-01-31 | 3 | -1/+28 |
| | |||||
* | Bug 835293: on Linux x86_64, don't use the assembler flag -march=opteron | wtc%google.com | 2013-01-31 | 1 | -1/+1 |
| | | | | | because some of the instructions in intel-gcm.s (such as vmovdqu, vpshufb, vpclmulqdq, vpxor) are not supported on opteron. r=kaie. | ||||
* | Bug 835486, Provide documentation for NSS tools (both as HTML and Unix-style ↵ | kaie%kuix.de | 2013-01-30 | 14 | -0/+5335 |
| | | | | | | | man-pages format). Documentation has been authored by Deon Lackey and Elio Maldonado. r=kaie for the code related to this checkin and for adding this work-in-progress documentation in general r=emaldona for approving to get this added to NSS | ||||
* | Bug 805604: use target-specific variable values to add an extra compiler or | wtc%google.com | 2013-01-30 | 1 | -19/+14 |
| | | | | assembler flag to just one source file. r=kaie. | ||||
* | Bug 805604 and bug 835050: don't use Clang's integrated assembler becauseNSS_3_14_2_BETA3 | wtc%google.com | 2013-01-27 | 1 | -0/+8 |
| | | | | | it cannot handle how intel-gcm.s uses the .set directive to refer to registers by symbolic names. r=kaie. | ||||
* | Bug 373108 Test cases for CTS and GCM | rrelyea%redhat.com | 2013-01-25 | 112 | -13/+1345 |
| | |||||
* | Bug 373108 Fix a double free on the error patch. | rrelyea%redhat.com | 2013-01-25 | 1 | -3/+7 |
| | | | | r=rsleevi | ||||
* | Bug 833857, fix ocspclnt crash regression, r=wtcNSS_3_14_2_BETA2 | kaie%kuix.de | 2013-01-23 | 3 | -7/+15 |
| | |||||
* | Bug 833857: Revert the change to ocspResponse_other in rev. 1.9 because | wtc%google.com | 2013-01-23 | 1 | -2/+2 |
| | | | | | some code in ocspclnt.c (the responseStatusNames array and an assertion) depends on the value of ocspResponse_other. r=kaie. | ||||
* | Bug 833052: Add three more SHA256 cipher suites to ssltap. r=emaldona. | wtc%google.com | 2013-01-23 | 1 | -0/+3 |
| | |||||
* | Bug 629816: Changes to CERT_DecodeCertPackage: remove the support for | wtc%google.com | 2013-01-23 | 1 | -20/+30 |
| | | | | | "netscape wrapped DER cert" and check input length before reading. The patch is written by Bob Relyea <rrelyea@redhat.com>. r=wtc. | ||||
* | Bug 832005: Fix use of uninitialized variable when sending alert about ↵ | bsmith%mozilla.com | 2013-01-18 | 1 | -1/+3 |
| | | | | missing certificate. Patch by mcmanus, r=bsmith | ||||
* | Bug 578561 - sdb_getTempDir returns NULL, use SQLITE_FCNTL_TEMPFILENAME, ↵ | kaie%kuix.de | 2013-01-16 | 1 | -4/+47 |
| | | | | r=rrelyea | ||||
* | Bug 818275 - Avoid unnecessary allocations in sdb_measureAccess, r=rrelyea | kaie%kuix.de | 2013-01-16 | 1 | -9/+47 |
| | |||||
* | Bug 805604 - Efficient AES-GCM implementation that uses Intel's AES and ↵ | rrelyea%redhat.com | 2013-01-15 | 6 | -7/+1678 |
| | | | | | | PCLMULQDQ instructions (AES-NI) and the Advanced Vector Extension (AVX) architecture. patch by Shay Gueron, review by rrelyea. | ||||
* | Bug 820651: Fix comparisons of unsigned variable < 0. r=rrelyea. | wtc%google.com | 2013-01-10 | 3 | -5/+7 |
| | | | | | | Modified Files: lib/freebl/arcfour.c lib/freebl/desblapi.c lib/pk11wrap/pk11merge.c | ||||
* | Bug 828066: Don't use -I/usr/dt/include -I/usr/openwin/include on Solaris. | wtc%google.com | 2013-01-10 | 1 | -2/+0 |
| | | | | r=rrelyea. | ||||
* | Bug 772144, add a comment to the bustage fix, requested by relyea | kaie%kuix.de | 2013-01-09 | 1 | -0/+3 |
| | |||||
* | Bug 772144, fix Windows testing bustage (stuck forever, because kill ↵ | kaie%kuix.de | 2013-01-09 | 1 | -1/+4 |
| | | | | httpserv fails, preventing main job from exiting) | ||||
* | Bug 772144, bustage fix for older make | kaie%kuix.de | 2013-01-08 | 1 | -2/+4 |
| | |||||
* | Bug 772144 - Run the NSS test suite on ARM/Android, Patch by rrelyea/kaie, ↵ | kaie%kuix.de | 2013-01-08 | 16 | -52/+281 |
| | | | | r=kaie/rrelyea | ||||
* | Bug 826627 - NSS cert tests fail, beause Android doesn't have /tmp ↵ | kaie%kuix.de | 2013-01-07 | 1 | -2/+2 |
| | | | | directory, TBR=relyea, a=bustage | ||||
* | Bug 813857: Make certificate trust flags thread safe. | ryan.sleevi%gmail.com | 2013-01-07 | 10 | -76/+98 |
| | | | | r=rrelyea | ||||
* | BUG 816853: Add support for trusting the union of explicit trust anchors and | ryan.sleevi%gmail.com | 2013-01-07 | 12 | -12/+285 |
|\ | | | | | | | | | the trust DB. r=rrelyea | ||||
| * | fixup commit for tag 'NSS_3_14_CKBI_1_93_RTM'NSS_3_14_CKBI_1_93_RTM | cvs2hg | 2012-12-29 | 2306 | -882463/+0 |
|/ | |||||
* | Bug 825022. Patch by bsmith/kaie. r=kaie/kwilson/bsmith | kaie%kuix.de | 2012-12-29 | 2 | -167/+70 |
| |