be6b3af321067fcbf30759250e037efdd9191eb6: Added tag JSS_4_4_3 for changeset a097934c3ad3 default tip
Endi S. Dewata <edewata@redhat.com> - Thu, 05 Apr 2018 22:41:48 +0200 - rev 2215
Push 85 by edewata@redhat.com at Thu, 05 Apr 2018 20:43:17 +0000
Added tag JSS_4_4_3 for changeset a097934c3ad3
a097934c3ad3775a262373e6769434bb75ef4815: Bug #583666 - JSS doesn't respect LDFLAGS JSS_4_4_3
Kacper Kowalik <xarthisius.kk@gmail.com> - Thu, 05 Apr 2018 18:34:08 +0200 - rev 2214
Push 84 by edewata@redhat.com at Thu, 05 Apr 2018 18:45:47 +0000
Bug #583666 - JSS doesn't respect LDFLAGS libjss4.so was linked without respecting LDFLAGS env variable https://bugzilla.mozilla.org/show_bug.cgi?id=583666
1d858c6d4626b625bb671426e6899d98c2f5bb2e: Bug# 386351 SignerInfo version, r=cfu
David Stutzman<david.konrad.stutzman@us.army.mil> - Tue, 16 Jan 2018 15:08:12 -0800 - rev 2213
Push 83 by cfu@redhat.com at Tue, 16 Jan 2018 23:32:19 +0000
Bug# 386351 SignerInfo version, r=cfu This patch fixes versioning of SignerInfo to match CMS spec. cfu for dstutzman
8746a3fc74785e2fd12f86d08a6886ed9160620e: Bug 589158 Add support for Java Security Standard Algorithm Names for EC Signature types
David Stutzman<david.konrad.stutzman@us.army.mil> - Thu, 11 Jan 2018 18:00:00 -0800 - rev 2212
Push 82 by cfu@redhat.com at Fri, 12 Jan 2018 02:11:06 +0000
Bug 589158 Add support for Java Security Standard Algorithm Names for EC Signature types This patch adds the aliases for Java Security Standard Algorithm Names for EC Signature types. cfu for dstutzman (reviewed by wtc)
9e2db7eee6652330723d935c2b900b9b09b1ab9d: Bug 1409867 - additional fix from dstutzman: allow signatures to be created correctly.
David Stutzman<david.konrad.stutzman@us.army.mil> - Thu, 11 Jan 2018 14:58:44 -0800 - rev 2211
Push 81 by cfu@redhat.com at Thu, 11 Jan 2018 23:03:00 +0000
Bug 1409867 - additional fix from dstutzman: allow signatures to be created correctly. cfu for dstutzman
ca2c2fcfaf207f87c3c69e493f2b30fd0a088e95: Fixed SocketBase.setClientCertNickname() exception handling.
"Endi S. Dewata" <edewata@redhat.com> - Sat, 28 Oct 2017 03:40:24 +0200 - rev 2210
Push 80 by edewata@redhat.com at Sat, 28 Oct 2017 01:40:41 +0000
Fixed SocketBase.setClientCertNickname() exception handling. Previously the SocketBase.setClientCertNickname() would catch the original exception and throw a SocketException instead. The original stack trace was lost since SocketException does not support chaining. The code has been modified to throw a RuntimeException instead and chain the original exception. This way the original stack trace can be preserved to help troubleshooting. https://bugzilla.mozilla.org/show_bug.cgi?id=1408057
837c79476110ecd4bf6b507faad50edb9eed7e7e: Reformatted SocketBase.java.
"Endi S. Dewata" <edewata@redhat.com> - Sat, 28 Oct 2017 03:40:19 +0200 - rev 2209
Push 80 by edewata@redhat.com at Sat, 28 Oct 2017 01:40:41 +0000
Reformatted SocketBase.java. The SocketBase.java has been auto-formatted using Eclipse to simplify further changes on the file. https://bugzilla.mozilla.org/show_bug.cgi?id=1408057
19a0e2146a929173757e6ccbb61a035ec9426f43: Added certificate nickname into ObjectNotFoundException message.
"Endi S. Dewata" <edewata@redhat.com> - Sat, 28 Oct 2017 03:38:39 +0200 - rev 2208
Push 79 by edewata@redhat.com at Sat, 28 Oct 2017 01:38:55 +0000
Added certificate nickname into ObjectNotFoundException message. The code that generates ObjectNotFoundException has been modified to include the certificate nickname to help troubleshooting. https://bugzilla.mozilla.org/show_bug.cgi?id=1408057
b1a3c3cc6b3584948d251d3bfcfe6630d8970db5: Bugzilla.mozilla 1409867 org.mozilla.jss.pkix.cms.SignerInfo incorrectly producing signatures (especially for EC)
David Stutzman david.konrad.stutzman@us.army.mil - Thu, 26 Oct 2017 16:59:06 -0700 - rev 2207
Push 78 by cfu@redhat.com at Fri, 27 Oct 2017 00:01:14 +0000
Bugzilla.mozilla 1409867 org.mozilla.jss.pkix.cms.SignerInfo incorrectly producing signatures (especially for EC) The patch fixes the OID that goes into the signatureAlgorithm field as well as passing the full signature algorithm to the Signature context to generate the signature using the proper algorithm. With this patch, if one passes SignatureAlgorithm.RSASignatureWithSHA256Digest in the constructor one will now get sha256WithRSAEncryption (1 2 840 113549 1 1 11) in the signatureAlgorithm field. cfu checking in for dstutzman
252c10f448971b7ae087bde259505abd5dc5a03a: Fix: Bug 1400884 - new JSS failures: HMAC Unwrap and KeyWrapping FIPSMODE.
Jack Magne <jmagne@redhat.com> - Thu, 28 Sep 2017 16:20:50 -0700 - rev 2206
Push 77 by edewata@redhat.com at Thu, 05 Oct 2017 20:11:41 +0000
Fix: Bug 1400884 - new JSS failures: HMAC Unwrap and KeyWrapping FIPSMODE.
3e9a5ae2149d04877dc19b117a8917c22854f8eb: Bug 1371147 PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails -
Fraser Tweedale<ftweedale@redhat.com> - Mon, 11 Sep 2017 17:24:22 -0700 - rev 2205
Push 76 by cfu@redhat.com at Tue, 12 Sep 2017 00:26:04 +0000
Bug 1371147 PK11Store.getEncryptedPrivateKeyInfo() segfault if export fails - patch jss-ftweedal-0011-Don-t-crash-if-PK11_ExportEncryptedPrivKeyInfo-retur.patch Subject: Don't crash if PK11_ExportEncryptedPrivKeyInfo returns NULL From: Fraser Tweedale <ftweedal@redhat.com> Content-Type: text/plain found patch at byte 239 message: Don't crash if PK11_ExportEncryptedPrivKeyInfo returns NULL PK11_ExportEncryptedPrivKeyInfo returning NULL is not being handled properly, causing segfault. Detect this condition and raise a TokenException instead. cfu for ftweedal
87dca07f7529463398734d1279bcfd7023a43d4c: Bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:56:04 -0700 - rev 2204
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
Bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0013-Improve-error-reporting.patch Subject: Improve error reporting From: Fraser Tweedale <ftweedal@redhat.com> Content-Type: text/plain found patch at byte 157 message: Improve error reporting cfu for ftweedal
b3b653faef8475ae03c670766429fd4dfab37a5e: bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:53:36 -0700 - rev 2203
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0012-2-Add-method-EncryptedPrivateKeyInfo.createPBES2.patch Subject: Add method EncryptedPrivateKeyInfo.createPBES2 From: Fraser Tweedale <ftweedal@redhat.com> Content-Type: text/plain found patch at byte 404 message: Add method EncryptedPrivateKeyInfo.createPBES2 The createPBE method does not support PBES2 (it is necessary to know the desired encrypted algorithm to derive the key and build the parameters data). Add the createPBES2 method, which uses PBKDF2 to derive the symmetric key and allows the caller to specify the encryption algorithm. cfu for ftweedal
0b8a6e84b6c736743f2184b2b858fda6be740544: Bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:50:21 -0700 - rev 2202
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
Bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0010-PK11Cipher-use-pad-mechanism-for-algorithms-that-use.patch Subject: PK11Cipher: use pad mechanism for algorithms that use padding From: Fraser Tweedale <ftweedal@redhat.com> message: PK11Cipher: use pad mechanism for algorithms that use padding The PK11Cipher implementation, when initialising a cipher context, uses JSS_getPK11MechFromAlg() to retrieve the PKCS #11 mechanism to use. When a JSS EncryptionAlgorithm uses a SEC_OID_TAG, this will return the non-padded mechanism. Then, if the size of the data is not a multiple of the cipher block size, a padding error occurs. When the EncryptionAlgorithm indicates that padding is to be used, call PK11_GetPadMechanism() on the result of JSS_getPK11MechFromAlg() to get the padding variant of the mechanism. cfu for ftweedal
d39e9b373798ea9d6ae7f35089b07143845b210e: Bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:32:32 -0700 - rev 2201
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
Bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0009-Update-AES-CBC-PAD-cipher-definitions.patch Subject: Update AES-CBC-PAD cipher definitions From: Fraser Tweedale <ftweedal@redhat.com> message: Update AES-CBC-PAD cipher definitions The AES_{128,192,256}_CBC_PAD EncryptionAlgorithm definitions declare the correct PKCS #11 cipher mechanism and padding, but do not declare the relevant OIDs. They are also unusable as target algorithms in PBE key generation because they declare a PK11_MECH instead of a SEC_OID_TAG. Update these algorithms definitions to declare a SEC_OID_TAG instead of a PK11_MECH (JSS_getOidTagFromAlg() will still return the correct mechanism) and declare the associated OIDs. cfu for ftweedal
890216599f21df4c6d07815604aaac526823a892: Bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:21:22 -0700 - rev 2200
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
Bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0008-PK11Cipher-improve-error-reporting.patch Subject: PK11Cipher: improve error reporting From: Fraser Tweedale <ftweedal@redhat.com> message: PK11Cipher: improve error reporting cfu for ftweedal
bada1409d2bb67cd92c3b7c292b8bb4ae6388513: Bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:15:29 -0700 - rev 2199
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
Bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0007-Support-the-CKK_GENERIC_SECRET-symmetric-key-type.patch Subject: Support the CKK_GENERIC_SECRET symmetric key type From: Fraser Tweedale <ftweedal@redhat.com> Content-Type: text/plain found patch at byte 873 message: Support the CKK_GENERIC_SECRET symmetric key type The NSS PBKDF2 generation produces a key with the CKK_GENERIC_SECRET key type. The underlying PKCS #11 object *does* record the intended encryption algorithm that was specified when generating the key via PK11_PBEKeyGen, but this information is not exposed via the PKCS #11 interface. When initialising a cipher, JSS checks the key type against the encryption algorithm and fails if they do not match, which is always the case with PBKDF2-derived keys. To work around this problem, properly record the key type for CKK_GENERIC_SECRET keys, and update the cipher initialisation key type check to always accept such keys. cfu for ftweedal
3629b598a9ce73e83c7896407e3ca820f6383750: Bug 1370778 PBE and padded block cipher enhancements and fixes -
Fraser Tweedale<ftweedale@redhat.com> - Fri, 08 Sep 2017 11:09:23 -0700 - rev 2198
Push 75 by cfu@redhat.com at Fri, 08 Sep 2017 18:57:57 +0000
Bug 1370778 PBE and padded block cipher enhancements and fixes - patch jss-ftweedal-0006-PBEKeyGenParams-allow-specifying-encryption-algorith.patch Allow specifying an target encryption algorithm in PBEKeyGenParams; if the PBE algorithm does not imply a particular cipher, this is needed to determine the size of the key to generate cfu for ftweedale
eec15518fd61f1d988c25b4de589555796f9e65f: unwrapping of HMAC-SHA1 secret keys using AES wrapping and unwrapping
Jack Magne <jmagne@redhat.com> - Fri, 01 Sep 2017 16:15:54 -0700 - rev 2197
Push 74 by cfu@redhat.com at Fri, 01 Sep 2017 23:27:09 +0000
unwrapping of HMAC-SHA1 secret keys using AES wrapping and unwrapping cfu on behalf of jmagne
17d1d7b740ca5777fbcf8ee817a2f26b9c93593a: Added tag JSS_4_4_20170501 for changeset 4ee5af07d6d8
Elio Maldonado <emaldona@redhat.com> - Mon, 01 May 2017 10:39:50 -0700 - rev 2196
Push 73 by emaldona@redhat.com at Mon, 01 May 2017 17:39:57 +0000
Added tag JSS_4_4_20170501 for changeset 4ee5af07d6d8
(0) -1000 -300 -100 -50 -20 tip