mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
Bug 1370890 - land NSS 825e5d444e99 UPGRADE_NSS_RELEASE, r=me
This commit is contained in:
Franziskus Kiefer
parent
f5cc030d01
commit
2e41bcc0ca
@ -1 +1 @@
|
||||
a1a6eb781dd4
|
||||
825e5d444e99
|
||||
|
||||
@ -22,6 +22,7 @@ blacklist=(
|
||||
"./lib/sqlite" \
|
||||
"./gtests/google_test" \
|
||||
"./.hg" \
|
||||
"./out" \
|
||||
)
|
||||
|
||||
top="$(dirname $0)/../.."
|
||||
|
||||
@ -13,6 +13,7 @@ apt_packages+=('curl')
|
||||
apt_packages+=('xz-utils')
|
||||
apt_packages+=('mercurial')
|
||||
apt_packages+=('git')
|
||||
apt_packages+=('locales')
|
||||
apt-get install -y --no-install-recommends ${apt_packages[@]}
|
||||
|
||||
# Download clang.
|
||||
|
||||
@ -25,10 +25,18 @@ function fromNow(hours) {
|
||||
}
|
||||
|
||||
function parseRoutes(routes) {
|
||||
return [
|
||||
let rv = [
|
||||
`tc-treeherder.v2.${process.env.TC_PROJECT}.${process.env.NSS_HEAD_REVISION}.${process.env.NSS_PUSHLOG_ID}`,
|
||||
...routes
|
||||
];
|
||||
|
||||
// Notify about failures (except on try).
|
||||
if (process.env.TC_PROJECT != "nss-try") {
|
||||
rv.push(`notify.email.${process.env.TC_OWNER}.on-failed`,
|
||||
`notify.email.${process.env.TC_OWNER}.on-exception`);
|
||||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
function parseFeatures(list) {
|
||||
|
||||
@ -17,14 +17,6 @@
|
||||
#include <conio.h>
|
||||
#endif
|
||||
|
||||
#if defined(__sun) && !defined(SVR4)
|
||||
extern int fclose(FILE *);
|
||||
extern int fprintf(FILE *, char *, ...);
|
||||
extern int isatty(int);
|
||||
extern char *sys_errlist[];
|
||||
#define strerror(errno) sys_errlist[errno]
|
||||
#endif
|
||||
|
||||
#include "nspr.h"
|
||||
#include "prtypes.h"
|
||||
#include "prtime.h"
|
||||
|
||||
@ -233,6 +233,9 @@ BufToHex(SECItem *outbuf)
|
||||
unsigned int i;
|
||||
|
||||
string = PORT_Alloc(len);
|
||||
if (!string) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ptr = string;
|
||||
for (i = 0; i < outbuf->len; i++) {
|
||||
|
||||
@ -10,4 +10,3 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
||||
@ -19,6 +19,10 @@ extern const struct PRIOMethods DummyMethodsForward;
|
||||
ScopedPRFileDesc DummyIOLayerMethods::CreateFD(PRDescIdentity id,
|
||||
DummyIOLayerMethods *methods) {
|
||||
ScopedPRFileDesc fd(PR_CreateIOLayerStub(id, &DummyMethodsForward));
|
||||
assert(fd);
|
||||
if (!fd) {
|
||||
return nullptr;
|
||||
}
|
||||
fd->secret = reinterpret_cast<PRFilePrivate *>(methods);
|
||||
return fd;
|
||||
}
|
||||
|
||||
@ -213,7 +213,7 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage)
|
||||
if (rv == SECFailure) {
|
||||
rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess
|
||||
: SECFailure;
|
||||
} else if (!(keyUsage.data[0] & usage)) {
|
||||
} else if (!keyUsage.data || !(keyUsage.data[0] & usage)) {
|
||||
PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID);
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
||||
@ -85,6 +85,11 @@ DH_GenParam(int primeLen, DHParams **params)
|
||||
CHECK_MPI_OK(mp_div_2(&psub1, &q));
|
||||
/* construct a generator from the prime. */
|
||||
ab = PORT_Alloc(primeLen);
|
||||
if (!ab) {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
rv = SECFailure;
|
||||
goto cleanup;
|
||||
}
|
||||
/* generate a candidate number a in p's field */
|
||||
CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(ab, primeLen));
|
||||
CHECK_MPI_OK(mp_read_unsigned_octets(&a, ab, primeLen));
|
||||
@ -114,14 +119,16 @@ cleanup:
|
||||
mp_clear(&h);
|
||||
mp_clear(&psub1);
|
||||
mp_clear(&test);
|
||||
if (ab)
|
||||
if (ab) {
|
||||
PORT_ZFree(ab, primeLen);
|
||||
}
|
||||
if (err) {
|
||||
MP_TO_SEC_ERROR(err);
|
||||
rv = SECFailure;
|
||||
}
|
||||
if (rv)
|
||||
if (rv != SECSuccess) {
|
||||
PORT_FreeArena(arena, PR_TRUE);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
||||
@ -321,7 +321,6 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
kiter = 0;
|
||||
max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
|
||||
do {
|
||||
prerr = 0;
|
||||
PORT_SetError(0);
|
||||
CHECK_SEC_OK(generate_prime(&p, primeLen));
|
||||
CHECK_SEC_OK(generate_prime(&q, primeLen));
|
||||
@ -348,8 +347,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
kiter++;
|
||||
/* loop until have primes */
|
||||
} while (prerr == SEC_ERROR_NEED_RANDOM && kiter < max_attempts);
|
||||
if (prerr)
|
||||
goto cleanup;
|
||||
|
||||
cleanup:
|
||||
mp_clear(&p);
|
||||
mp_clear(&q);
|
||||
|
||||
@ -290,10 +290,12 @@ MGF1(HASH_HashType hashAlg,
|
||||
const SECHashObject *hash;
|
||||
void *hashContext;
|
||||
unsigned char C[4];
|
||||
SECStatus rv = SECSuccess;
|
||||
|
||||
hash = HASH_GetRawHashObject(hashAlg);
|
||||
if (hash == NULL)
|
||||
if (hash == NULL) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
hashContext = (*hash->create)();
|
||||
rounds = (maskLen + hash->length - 1) / hash->length;
|
||||
@ -314,14 +316,19 @@ MGF1(HASH_HashType hashAlg,
|
||||
(*hash->end)(hashContext, tempHash, &digestLen, hash->length);
|
||||
} else { /* we're in the last round and need to cut the hash */
|
||||
temp = (unsigned char *)PORT_Alloc(hash->length);
|
||||
if (!temp) {
|
||||
rv = SECFailure;
|
||||
goto done;
|
||||
}
|
||||
(*hash->end)(hashContext, temp, &digestLen, hash->length);
|
||||
PORT_Memcpy(tempHash, temp, maskLen - counter * hash->length);
|
||||
PORT_Free(temp);
|
||||
}
|
||||
}
|
||||
(*hash->destroy)(hashContext, PR_TRUE);
|
||||
|
||||
return SECSuccess;
|
||||
done:
|
||||
(*hash->destroy)(hashContext, PR_TRUE);
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* XXX Doesn't set error code */
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
#include "prio.h"
|
||||
#include "blapi.h"
|
||||
#include "seccomon.h"
|
||||
#include "secerr.h"
|
||||
#include "stdio.h"
|
||||
#include "prmem.h"
|
||||
#include "hasht.h"
|
||||
@ -233,8 +234,12 @@ static char *
|
||||
mkCheckFileName(const char *libName)
|
||||
{
|
||||
int ln_len = PORT_Strlen(libName);
|
||||
char *output = PORT_Alloc(ln_len + sizeof(SGN_SUFFIX));
|
||||
int index = ln_len + 1 - sizeof("." SHLIB_SUFFIX);
|
||||
char *output = PORT_Alloc(ln_len + sizeof(SGN_SUFFIX));
|
||||
if (!output) {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((index > 0) &&
|
||||
(PORT_Strncmp(&libName[index],
|
||||
|
||||
@ -704,9 +704,11 @@ PRBool
|
||||
PK11_NeedPWInit()
|
||||
{
|
||||
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
|
||||
PRBool ret = PK11_NeedPWInitForSlot(slot);
|
||||
|
||||
PK11_FreeSlot(slot);
|
||||
PRBool ret = PR_FALSE;
|
||||
if (slot) {
|
||||
ret = PK11_NeedPWInitForSlot(slot);
|
||||
PK11_FreeSlot(slot);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@ -2028,6 +2028,9 @@ PK11_FindObjectsFromNickname(char *nickname, PK11SlotInfo **slotptr,
|
||||
if ((delimit = PORT_Strchr(nickname, ':')) != NULL) {
|
||||
int len = delimit - nickname;
|
||||
tokenName = (char *)PORT_Alloc(len + 1);
|
||||
if (!tokenName) {
|
||||
return CK_INVALID_HANDLE;
|
||||
}
|
||||
PORT_Memcpy(tokenName, nickname, len);
|
||||
tokenName[len] = 0;
|
||||
|
||||
|
||||
@ -2484,7 +2484,11 @@ PK11_RandomUpdate(void *data, size_t bytes)
|
||||
|
||||
if (!bestIsInternal) {
|
||||
/* do internal slot, too. */
|
||||
slot = PK11_GetInternalSlot(); /* can't fail */
|
||||
slot = PK11_GetInternalSlot();
|
||||
PORT_Assert(slot);
|
||||
if (!slot) {
|
||||
return SECFailure;
|
||||
}
|
||||
status = PK11_SeedRandom(slot, data, bytes);
|
||||
PK11_FreeSlot(slot);
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
#ifdef LINUX
|
||||
#include <pthread.h>
|
||||
#include <dlfcn.h>
|
||||
#define LIBAUDIT_NAME "libaudit.so.0"
|
||||
#define LIBAUDIT_NAME "libaudit.so.1"
|
||||
#ifndef AUDIT_CRYPTO_TEST_USER
|
||||
#define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */
|
||||
#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
|
||||
|
||||
@ -394,7 +394,7 @@ SSL_IMPORT SECStatus SSL_SignaturePrefGet(
|
||||
** can be set or retrieved using SSL_SignatureSchemePrefSet or
|
||||
** SSL_SignatureSchemePrefGet.
|
||||
*/
|
||||
SSL_IMPORT unsigned int SSL_SignatureMaxCount();
|
||||
SSL_IMPORT unsigned int SSL_SignatureMaxCount(void);
|
||||
|
||||
/*
|
||||
** Define custom priorities for EC and FF groups used in DH key exchange and EC
|
||||
|
||||
@ -13107,7 +13107,7 @@ SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms,
|
||||
}
|
||||
|
||||
unsigned int
|
||||
SSL_SignatureMaxCount()
|
||||
SSL_SignatureMaxCount(void)
|
||||
{
|
||||
return MAX_SIGNATURE_SCHEMES;
|
||||
}
|
||||
|
||||
@ -408,6 +408,10 @@ DecodePointer(void* dest,
|
||||
{
|
||||
const SEC_ASN1Template* ptrTemplate =
|
||||
SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE);
|
||||
if (!ptrTemplate) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
void* subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size);
|
||||
*(void**)((char*)dest + templateEntry->offset) = subdata;
|
||||
if (subdata) {
|
||||
|
||||
@ -699,6 +699,9 @@ NSS_PutEnv(const char *envVarName, const char *envValue)
|
||||
#endif
|
||||
|
||||
encoded = (char *)PORT_ZAlloc(strlen(envVarName) + 2 + strlen(envValue));
|
||||
if (!encoded) {
|
||||
return SECFailure;
|
||||
}
|
||||
strcpy(encoded, envVarName);
|
||||
strcat(encoded, "=");
|
||||
strcat(encoded, envValue);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user