1. 23 May, 2017 4 commits
  2. 21 Feb, 2017 1 commit
  3. 22 May, 2017 4 commits
  4. 17 May, 2017 1 commit
  5. 16 May, 2017 2 commits
  6. 19 May, 2017 1 commit
  7. 18 May, 2017 1 commit
  8. 09 May, 2017 1 commit
  9. 27 Sep, 2016 1 commit
  10. 18 Aug, 2016 1 commit
  11. 17 Aug, 2016 1 commit
  12. 15 Aug, 2016 1 commit
  13. 16 Aug, 2016 1 commit
  14. 17 Aug, 2016 2 commits
  15. 15 Aug, 2016 1 commit
  16. 16 Aug, 2016 1 commit
  17. 19 Aug, 2016 1 commit
  18. 17 Aug, 2016 1 commit
  19. 04 May, 2017 1 commit
  20. 03 May, 2017 1 commit
  21. 11 May, 2017 1 commit
  22. 12 May, 2017 1 commit
  23. 05 Apr, 2017 1 commit
  24. 30 Apr, 2017 1 commit
  25. 11 May, 2017 2 commits
    • J.C. Jones's avatar
      Bug 1342137 - Permit unknown dotted-decimal X500 Principals r=franziskus,ttaubert · e9be8de8
      J.C. Jones authored
      RFC 1485 permits principals with OIDs in either "1.2=Name" or "OID.1.2=Name"
      form. This patch permits such forms, for unknown OIDs.
      
      This patch adds disabled tests which should fail, but do not, and need further
      cleanup.
      
      Original patch courtesy of Miklos Vajna.
      
      Differential Revision: https://nss-review.dev.mozaws.net/D310
      
      --HG--
      extra : rebase_source : c6a736e2bbd0647c7fbae09157a0fb7d26ac6f2a
      e9be8de8
    • David Keeler's avatar
      Bug 1363932 - reduce locking overhead in sftk_searchObjectList r=franziskus · 477cca58
      David Keeler authored
      Summary:
      Before this patch, sftk_searchObjectList would acquire and release the
      SFTKSlot's objectLock once per bucket in the SFTKSlot's sessObjHashTable. This
      patch reduces the locking overhead by acquiring the lock once and then iterating
      over the entire table.
      
      This patch also removes the unused PRBool tokenOnly in NSC_FindObjectsInit (the
      only caller of sftk_searchObjectList). (Changeset b8f289456399 removed the code
      that modified tokenOnly. Unfortunately there doesn't appear to be a bug
      associated with that changeset, so we can't easily determine if that was
      intended. In any case, it's been this way for a decade, so if anything was
      broken by this, no one has noticed yet.)
      
      Reviewers: franziskus
      
      Reviewed By: franziskus
      
      Differential Revision: https://nss-review.dev.mozaws.net/D316
      
      --HG--
      extra : amend_source : b9454fd1fcd5fc587c41e7c39eb81d031730168e
      477cca58
  26. 10 May, 2017 4 commits
    • David Keeler's avatar
      Bug 1363569 - improve SQL queries in sdb_FindObjects* r=franziskus · 135560d2
      David Keeler authored
      Summary:
      When sqlite prepares statements, it appears to have an algorithm which is
      O(n * m), where n is the number of columns in the table and m is the number of
      columns selected in the query. Since the certificate database has about 115
      columns, when "SELECT * FROM ..." is used, it introduces significant overhead.
      Since sdb_FindObjects only uses the id column of the results of the query, the
      queries in sdb_FindObjectsInit can be changed to select only the id column
      rather than all of them.
      
      Reviewers: franziskus
      
      Reviewed By: franziskus
      
      Differential Revision: https://nss-review.dev.mozaws.net/D314
      
      --HG--
      extra : rebase_source : ed5bf33591d406b5dc062dc624a7d1bc3f018940
      extra : amend_source : aa310794fb10d253f4cd24c98799969e5ff9e98c
      135560d2
    • Mark Goodwin's avatar
      Bug 1339464 - Fix DH_GenParam, r=franziskus · ffa9d06d
      Mark Goodwin authored
      Summary: Fix DH_GenParam by repeating mpp_make_prime calls on failure
      
      Differential Revision: https://nss-review.dev.mozaws.net/D308
      
      --HG--
      extra : amend_source : 16c562e5b148bbe3290fbf1b2137ead2b7054176
      ffa9d06d
    • Kate McKinley's avatar
      Bug 1351314 - Add length check for SSL context for TLS 1.2 or prior, r=mt · 2c7d12ef
      Kate McKinley authored
      Summary:
      RFC 5705 requires that the context length passed to
      SSL_ExportKeyingMaterial be no longer than will fit in
      a 16-bit integer (uint16).
      
      Reviewers: franziskus, mt
      
      Reviewed By: mt
      
      Differential Revision: https://nss-review.dev.mozaws.net/D309
      
      --HG--
      extra : amend_source : 8c2ce106dcffcae9d8cc3dd9f0fcc811a68158bb
      2c7d12ef
    • David Keeler's avatar
      Bug 1334054 - fix CERT_FormatName output buffer length calculation r=franziskus · 22691690
      David Keeler authored
      Summary:
      Before this patch, CERT_FormatName attempted to account for the length of the
      additional formatting in its output buffer length, but added an insufficient
      amount (a fixed 128 bytes). This patch dynamically accounts for the additional
      space required by the formatting output (it can over-account in some cases, but
      this is unlikely to be a performance concern compared to the original
      implementation).
      
      Reviewers: franziskus
      
      Differential Revision: https://nss-review.dev.mozaws.net/D307
      
      --HG--
      rename : gtests/der_gtest/Makefile => gtests/certhigh_gtest/Makefile
      rename : gtests/der_gtest/der_gtest.gyp => gtests/certhigh_gtest/certhigh_gtest.gyp
      rename : gtests/der_gtest/manifest.mn => gtests/certhigh_gtest/manifest.mn
      extra : rebase_source : 1fb5cbf1c77018e6d7f9f9aed0f3d9a3b33f4909
      22691690
  27. 09 May, 2017 2 commits