| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
but something went out of wack. Back this change out of the tip
|
| |
|
|
|
|
|
|
|
|
|
|
| |
r=nss-reviewers,mt
shlibsign hasn't been used since bug 1620158. I'm not sure modutil was
ever actually used, but it was related included in relation to the .chk
signatures too, which we don't produce anymore.
Differential Revision: https://phabricator.services.mozilla.com/D159827
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D157990
|
|
|
|
|
|
| |
r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D139790
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. This patch adds a new command, validation, which dumps the validation
objects ina given token. It defaults to the softoken.
2. It sets up the infrastructure to allow creation at init time of token
specific objects (like validation objects and profile objects) by:
2a. factoring out the code to get the next available object handle to a
new function call sftk_getNextHandle().
2b. The object freelists are now initialized before SFTK_SlotInit, so that
SFTK_SlotInit can initialize these new token objects.
2c. A new staticly defined session is created to hand these object on.
2c1. sftk_NewSession and sftk_FreeSession has the initialization and
clearing functions factored out from the actual space freeing clearing
so they can be used on this staticly allocated session. (NOTE: NSS has
two ways it handles this internally: use of Init/New Clear/Free
functions as in this patch, or the use of a bool called 'FreeIt' added
to the original function. There is no technical reason for why I used
Init/New other than I didn't have to go change all the places the
currently call them. These are internal private functions, so it's ok
to change their signatures.
2c2. The static sessions are initialized on freed when the slot is
created and destroyed.
3. For fips slot the validation object is created. The version number is
selected at compile time with a build time environment variable. If no
version number is provided, a default version number (related to the NSS
version) is selected as well as the string 'unvalidated'.
4. The NSS spefic defines for Validation objects are defined in the NSS vendor
space (until PKCS #11 v3.2 comes out with the official values).
Differential Revision: https://phabricator.services.mozilla.com/D124951
|
|
|
|
|
|
| |
Added check for required fields
Differential Revision: https://phabricator.services.mozilla.com/D119046
|
|
|
|
|
|
|
|
| |
Some of our servers could cause random failures when trying to generate many key pairs from multiple threads. This is caused because some threads would starve long enough for them to give up on getting a begin transaction on sqlite. sqlite only allows one transaction at a time.
Also, there were some bugs in error handling of the broken transaction case where NSS would try to cancel a transation after the begin failed (most cases were correct, but one case in particular was problematic).
Differential Revision: https://phabricator.services.mozilla.com/D120032
|
|
|
|
|
|
| |
r=kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D98154
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds a mock PKCS #11 module from Firefox and add basic tests around it.
This is needed for proper testing of PKCS #11 v3.0 profile objects (D45669).
Reviewers: rrelyea
Reviewed By: rrelyea
Subscribers: reviewbot
Bug #: 1577803
Differential Revision: https://phabricator.services.mozilla.com/D47060
|
|
|
|
|
|
|
|
|
| |
and updated support commands. r=jcj,kjacobs,mt
Added two new fields do scheduled distrust of CAs in nssckbi/builtins.
Also, created a testlib to validate these fields with gtests.
Differential Revision: https://phabricator.services.mozilla.com/D36597
|
| |
|
|
|
|
|
|
| |
Solaris SPARC r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D30628
|
|
|
|
|
|
| |
--static), remove Test builds from taskcluster since we exercise pk11_gtest and mpi_gtests in non-static builds already. r=mt,jcj
Differential Revision: https://phabricator.services.mozilla.com/D30998
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D30138
|
|
|
|
|
|
|
|
|
|
| |
cross-compilation and gcc-4.8 support. r=jcj
Updated gyp files to add -msse2 GCC option, iff the compiler is gcc and target is x64 or ia32.
Root cause for the 4.8 failure is a gcc bug where the "#pragma GCC target("sse2")" option used in gcm.h doesn't work when compiling C++ code, as the gtests do.
Differential Revision: https://phabricator.services.mozilla.com/D29886
|
| |
|
|
|
|
|
|
| |
cross-compilation. r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D29581
|
|
|
|
| |
which wasn't the reviewed patch. r=jcj
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D17014
|
|
|
|
| |
build cmsutil. r=jcj
|
|
|
|
| |
Bustage in m-c due to unexported symbols for cmsutil.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
We check if $HOME/.pki and $HOME/.pki/nssdb exist; if they do, then we use
this path. Otherwise, use ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb
Test Plan:
Create dummy empty dir and set HOME to it. Then, check if getUserDb returns:
1. $HOME/.pki/nssdb when this path exists;
2. $HOME/.local/share/pki/nssdb when $HOME/.pki/nssdb does not and XDG_DATA_HOME is not defined;
3. $XDG_DATA_HOME/pki/nssdb when $HOME/.pki/nssdb does not exist and XDG_DATA_HOME is defined.
Reviewers: mt
Reviewed By: mt
Bug #: 818686
Differential Revision: https://phabricator.services.mozilla.com/D14007
|
|
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D2719
Differential Revision: https://phabricator.services.mozilla.com/D2720
Differential Revision: https://phabricator.services.mozilla.com/D2861
|
|
|
|
| |
for errors, r=rrelyea
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code.
Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox.
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1424663
Differential Revision: https://phabricator.services.mozilla.com/D467
|
| |
|
|
|
|
| |
non-leaking PK11_CreateManagedGenericObject() API, early patch reviewed by Martin Thomson, r=kaie
|
|
|
|
| |
This series adds high level API to sign and verify RSA-PSS signatures on certificates and utilizes them in tools.
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D362
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D348
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Two issues prevented PK11_ResetToken from working properly:
1. The backing DB tables would be dropped and never recreated, preventing
future operations from working.
2. The needLogin property of the SFTKSlot would not be updated properly,
preventing PK11_InitPin (and thus other operations) from succeeding.
Reviewers: ttaubert, franziskus
Reviewed By: ttaubert, franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D382
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D350
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=franziskus,ttaubert
RFC 1485 permits principals with OIDs in either "1.2=Name" or "OID.1.2=Name"
form. This patch permits such forms, for unknown OIDs.
This patch adds disabled tests which should fail, but do not, and need further
cleanup.
Original patch courtesy of Miklos Vajna.
Differential Revision: https://nss-review.dev.mozaws.net/D310
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Before this patch, CERT_FormatName attempted to account for the length of the
additional formatting in its output buffer length, but added an insufficient
amount (a fixed 128 bytes). This patch dynamically accounts for the additional
space required by the formatting output (it can over-account in some cases, but
this is unlikely to be a performance concern compared to the original
implementation).
Reviewers: franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D307
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D237
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D170
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D161
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D84
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D146
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D68
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
manifests r=franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D52
* * *
fixup
From ab8763469977a338a61d610ed69ef045244630f3 Mon Sep 17 00:00:00 2001
|
| |
|