Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-03 04:27:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 823705: Update NSS in Gecko to NSS 3.14.2 beta 1 (NSS_3_14_2_BETA1), r=me, a=wtc

Browse Source 
--HG--
extra : rebase_source : ae5ec41dab45b5a2c84a8f29acb3c3d6c85aa1f6
This commit is contained in:
Brian Smith 2012-12-20 14:04:14 -08:00
parent 96d0c35bc4
commit 9866453c7a
61 changed files with 47545 additions and 19661 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.in
View File

@ -3995,7 +3995,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
_USE_SYSTEM_NSS=1 )
if test -n "$_USE_SYSTEM_NSS"; then
AM_PATH_NSS(3.14.1, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
AM_PATH_NSS(3.14.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
if test -n "$MOZ_NATIVE_NSS"; then

2
security/coreconf/SunOS5.10.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.10)

2
security/coreconf/SunOS5.10_i86pc.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(USE_64),1)

2
security/coreconf/SunOS5.11.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.11)

2
security/coreconf/SunOS5.11_i86pc.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(USE_64),1)

8
security/coreconf/SunOS5.3.mk
View File

@ -1,8 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS =
include $(CORE_DEPTH)/coreconf/SunOS5.mk

8
security/coreconf/SunOS5.4.mk
View File

@ -1,8 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS =
include $(CORE_DEPTH)/coreconf/SunOS5.mk

37
security/coreconf/SunOS5.4_i86pc.mk
View File

@ -1,37 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
include $(CORE_DEPTH)/coreconf/UNIX.mk
DEFAULT_COMPILER = cc
ifdef NS_USE_GCC
CC = gcc
OS_CFLAGS += -Wall -Wno-format -Wno-switch
CCC = g++
CCC += -Wall -Wno-format
ASFLAGS += -x assembler-with-cpp
OS_CFLAGS += $(NOMD_OS_CFLAGS)
ifdef USE_MDUPDATE
OS_CFLAGS += -MDupdate $(DEPENDENCIES)
endif
else
CC = cc
CCC = CC
ASFLAGS += -Wa,-P
OS_CFLAGS += $(NOMD_OS_CFLAGS)
endif
CPU_ARCH = x86
MKSHLIB = $(LD)
MKSHLIB += $(DSO_LDOPTS)
NOSUCHFILE = /solx86-rm-f-sucks
RANLIB = echo
# for purify
NOMD_OS_CFLAGS += -DSVR4 -DSYSV -D_REENTRANT -DSOLARIS -D__svr4__ -Di386
DSO_LDOPTS += -G

14
security/coreconf/SunOS5.5.1.mk
View File

@ -1,14 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.5.1)
OS_DEFINES += -DSOLARIS2_5
endif
OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc

16
security/coreconf/SunOS5.5.1_i86pc.mk
View File

@ -1,16 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
CPU_ARCH = x86
ARCHFLAG =
OS_DEFINES += -Di386
ifeq ($(OS_RELEASE),5.5.1_i86pc)
OS_DEFINES += -DSOLARIS2_5
endif

12
security/coreconf/SunOS5.5.mk
View File

@ -1,12 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.5)
OS_DEFINES += -DSOLARIS2_5
endif

14
security/coreconf/SunOS5.6.mk
View File

@ -1,14 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.6)
OS_DEFINES += -DSOLARIS2_6
endif
OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc

16
security/coreconf/SunOS5.6_i86pc.mk
View File

@ -1,16 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
CPU_ARCH = x86
ARCHFLAG =
OS_DEFINES += -Di386
ifeq ($(OS_RELEASE),5.6_i86pc)
OS_DEFINES += -DSOLARIS2_6
endif

14
security/coreconf/SunOS5.7.mk
View File

@ -1,14 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.7)
OS_DEFINES += -DSOLARIS2_7
endif
OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc

18
security/coreconf/SunOS5.7_i86pc.mk
View File

@ -1,18 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
CPU_ARCH = x86
ARCHFLAG =
OS_DEFINES += -Di386
ifeq ($(OS_RELEASE),5.7_i86pc)
OS_DEFINES += -DSOLARIS2_7
endif
OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc

2
security/coreconf/SunOS5.8.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.8)

2
security/coreconf/SunOS5.8_i86pc.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
CPU_ARCH = x86

2
security/coreconf/SunOS5.9.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS += -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
ifeq ($(OS_RELEASE),5.9)

2
security/coreconf/SunOS5.9_i86pc.mk
View File

@ -3,8 +3,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SOL_CFLAGS = -D_SVID_GETTOD
include $(CORE_DEPTH)/coreconf/SunOS5.mk
CPU_ARCH = x86

1
security/coreconf/coreconf.dep
View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

2
security/nss/TAG-INFO
View File

@ -1 +1 @@
NSS_3_14_1_RC0
NSS_3_14_2_BETA1

2
security/nss/TAG-INFO-CKBI
View File

@ -1 +1 @@
NSS_3_14_1_RC0
NSS_3_14_2_BETA1

1
security/nss/cmd/certcgi/ca_form.html
View File

@ -167,6 +167,7 @@
<input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
<input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
<input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
<input type="checkbox" name="extKeyUsage-msTrustListSign"> Microsoft Trust List Signing</P>
</tr>
<tr>
<td>

5
security/nss/cmd/certcgi/certcgi.c
View File

@ -819,6 +819,11 @@ AddExtKeyUsage(void *extHandle, Pair *data)
if( SECSuccess != rv ) goto loser;
}
if( find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE) ) {
rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
if( SECSuccess != rv ) goto loser;
}
if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
if( SECSuccess != rv ) goto loser;

1
security/nss/cmd/certcgi/stnd_ext_form.html
View File

@ -34,6 +34,7 @@
<input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
<input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
<input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
<input type="checkbox" name="extKeyUsage-msTrustListSign"> Microsoft Trust List Signing</P>
</tr>
<tr>
<td>

5
security/nss/cmd/certutil/certext.c
View File

@ -483,6 +483,7 @@ extKeyUsageKeyWordArray[] = { "serverAuth",
"timeStamp",
"ocspResponder",
"stepUp",
"msTrustListSigning",
NULL};
static SECStatus
@ -511,6 +512,7 @@ AddExtKeyUsage (void *extHandle, const char *userSuppliedValue)
"\t\t4 - Timestamp\n"
"\t\t5 - OCSP Responder\n"
"\t\t6 - Step-up\n"
"\t\t7 - Microsoft Trust List Signing\n"
"\t\tOther to finish\n",
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK(SECFailure);
@ -554,6 +556,9 @@ AddExtKeyUsage (void *extHandle, const char *userSuppliedValue)
case 6:
rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
break;
case 7:
rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
break;
default:
goto endloop;
}

289
security/nss/cmd/certutil/certutil.c
View File

@ -47,25 +47,19 @@
char *progName;
static CERTCertificateRequest *
GetCertRequest(PRFileDesc *inFile, PRBool ascii)
GetCertRequest(const SECItem *reqDER)
{
CERTCertificateRequest *certReq = NULL;
CERTSignedData signedData;
PRArenaPool *arena = NULL;
SECItem reqDER;
SECStatus rv;
reqDER.data = NULL;
do {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
GEN_BREAK (SECFailure);
}
rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii);
if (rv) {
break;
}
certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc
(arena, sizeof(CERTCertificateRequest));
if (!certReq) {
@ -78,7 +72,7 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
*/
PORT_Memset(&signedData, 0, sizeof(signedData));
rv = SEC_ASN1DecodeItem(arena, &signedData,
SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER);
SEC_ASN1_GET(CERT_SignedDataTemplate), reqDER);
if (rv) {
break;
}
@ -91,10 +85,6 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
&certReq->subjectPublicKeyInfo, NULL /* wincx */);
} while (0);
if (reqDER.data) {
SECITEM_FreeItem(&reqDER, PR_FALSE);
}
if (rv) {
SECU_PrintError(progName, "bad certificate request\n");
if (arena) {
@ -108,26 +98,17 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
static SECStatus
AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata)
const SECItem *certDER, PRBool emailcert, void *pwdata)
{
CERTCertTrust *trust = NULL;
CERTCertificate *cert = NULL;
SECItem certDER;
SECStatus rv;
certDER.data = NULL;
do {
/* Read in the entire file specified with the -i argument */
rv = SECU_ReadDERFromFile(&certDER, inFile, ascii);
if (rv != SECSuccess) {
SECU_PrintError(progName, "unable to read input file");
break;
}
/* Read in an ASCII cert and return a CERTCertificate */
cert = CERT_DecodeCertFromPackage((char *)certDER.data, certDER.len);
cert = CERT_DecodeCertFromPackage((char *)certDER->data, certDER->len);
if (!cert) {
SECU_PrintError(progName, "could not obtain certificate from file");
SECU_PrintError(progName, "could not decode certificate");
GEN_BREAK(SECFailure);
}
@ -193,7 +174,6 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
CERT_DestroyCertificate (cert);
PORT_Free(trust);
PORT_Free(certDER.data);
return rv;
}
@ -203,17 +183,16 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii,
const char *emailAddrs, const char *dnsNames,
certutilExtnList extnList,
PRFileDesc *outFile)
/*out*/ SECItem *result)
{
CERTSubjectPublicKeyInfo *spki;
CERTCertificateRequest *cr;
SECItem *encoding;
SECOidTag signAlgTag;
SECItem result;
SECStatus rv;
PRArenaPool *arena;
PRInt32 numBytes;
void *extHandle;
SECItem signedReq = { siBuffer, NULL, 0 };
/* Create info about public key */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
@ -266,8 +245,9 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
SECU_PrintError(progName, "unknown Key or Hash type");
return SECFailure;
}
rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len,
privk, signAlgTag);
rv = SEC_DerSignData(arena, &signedReq, encoding->data, encoding->len,
privk, signAlgTag);
if (rv) {
PORT_FreeArena (arena, PR_FALSE);
SECU_PrintError(progName, "signing of data failed");
@ -277,14 +257,12 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
/* Encode request in specified format */
if (ascii) {
char *obuf;
char *name, *email, *org, *state, *country;
SECItem *it;
int total;
char *header, *name, *email, *org, *state, *country;
it = &result;
obuf = BTOA_ConvertItemToAscii(it);
total = PL_strlen(obuf);
obuf = BTOA_ConvertItemToAscii(&signedReq);
if (!obuf) {
goto oom;
}
name = CERT_GetCommonName(subject);
if (!name) {
@ -310,14 +288,16 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
if (!country)
country = PORT_Strdup("(not specified)");
PR_fprintf(outFile,
"\nCertificate request generated by Netscape certutil\n");
PR_fprintf(outFile, "Phone: %s\n\n", phone);
PR_fprintf(outFile, "Common Name: %s\n", name);
PR_fprintf(outFile, "Email: %s\n", email);
PR_fprintf(outFile, "Organization: %s\n", org);
PR_fprintf(outFile, "State: %s\n", state);
PR_fprintf(outFile, "Country: %s\n\n", country);
header = PR_smprintf(
"\nCertificate request generated by Netscape certutil\n"
"Phone: %s\n\n"
"Common Name: %s\n"
"Email: %s\n"
"Organization: %s\n"
"State: %s\n"
"Country: %s\n\n"
"%s\n",
phone, name, email, org, state, country, NS_CERTREQ_HEADER);
PORT_Free(name);
PORT_Free(email);
@ -325,25 +305,36 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
PORT_Free(state);
PORT_Free(country);
PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER);
numBytes = PR_Write(outFile, obuf, total);
PORT_Free(obuf);
if (numBytes != total) {
PORT_FreeArena (arena, PR_FALSE);
SECU_PrintError(progName, "write error");
return SECFailure;
if (header) {
char * trailer = PR_smprintf("\n%s\n", NS_CERTREQ_TRAILER);
if (trailer) {
PRUint32 headerLen = PL_strlen(header);
PRUint32 obufLen = PL_strlen(obuf);
PRUint32 trailerLen = PL_strlen(trailer);
SECITEM_AllocItem(NULL, result,
headerLen + obufLen + trailerLen);
if (!result->data) {
PORT_Memcpy(result->data, header, headerLen);
PORT_Memcpy(result->data + headerLen, obuf, obufLen);
PORT_Memcpy(result->data + headerLen + obufLen,
trailer, trailerLen);
}
PR_smprintf_free(trailer);
}
PR_smprintf_free(header);
}
PR_fprintf(outFile, "\n%s\n", NS_CERTREQ_TRAILER);
} else {
numBytes = PR_Write(outFile, result.data, result.len);
if (numBytes != (int)result.len) {
PORT_FreeArena (arena, PR_FALSE);
SECU_PrintSystemError(progName, "write error");
return SECFailure;
}
(void) SECITEM_CopyItem(NULL, result, &signedReq);
}
if (!result->data) {
oom: SECU_PrintError(progName, "out of memory");
PORT_SetError(SEC_ERROR_NO_MEMORY);
rv = SECFailure;
}
PORT_FreeArena (arena, PR_FALSE);
return SECSuccess;
return rv;
}
static SECStatus
@ -1143,7 +1134,7 @@ static void luC(enum usage_level ul, const char *command)
"%-20s Create extended key usage extension. Possible keywords:\n"
"%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n"
"%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n"
"%-20s \"stepUp\", \"critical\"\n",
"%-20s \"stepUp\", \"msTrustListSign\", \"critical\"\n",
" -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
FPS "%-20s Create an email subject alt name extension\n",
" -7 emailAddrs");
@ -1700,13 +1691,12 @@ MakeV1Cert( CERTCertDBHandle * handle,
return(cert);
}
static SECItem *
static SECStatus
SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
SECOidTag hashAlgTag,
SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg)
{
SECItem der;
SECItem *result = NULL;
SECKEYPrivateKey *caPrivateKey = NULL;
SECStatus rv;
PRArenaPool *arena;
@ -1718,14 +1708,14 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
if( (CERTCertificate *)NULL == issuer ) {
SECU_PrintError(progName, "unable to find issuer with nickname %s",
issuerNickName);
return (SECItem *)NULL;
return SECFailure;
}
privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
CERT_DestroyCertificate(issuer);
if (caPrivateKey == NULL) {
SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
return NULL;
return SECFailure;
}
}
@ -1734,6 +1724,7 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag);
if (algID == SEC_OID_UNKNOWN) {
fprintf(stderr, "Unknown key or hash type for issuer.");
rv = SECFailure;
goto done;
}
@ -1753,29 +1744,22 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
SEC_ASN1_GET(CERT_CertificateTemplate));
if (!dummy) {
fprintf (stderr, "Could not encode certificate.\n");
rv = SECFailure;
goto done;
}
result = (SECItem *) PORT_ArenaZAlloc (arena, sizeof (SECItem));
if (result == NULL) {
fprintf (stderr, "Could not allocate item for certificate data.\n");
goto done;
}
rv = SEC_DerSignData(arena, result, der.data, der.len, privKey, algID);
rv = SEC_DerSignData(arena, &cert->derCert, der.data, der.len, privKey, algID);
if (rv != SECSuccess) {
fprintf (stderr, "Could not sign encoded certificate data.\n");
/* result allocated out of the arena, it will be freed
* when the arena is freed */
result = NULL;
goto done;
}
cert->derCert = *result;
done:
if (caPrivateKey) {
SECKEY_DestroyPrivateKey(caPrivateKey);
}
return result;
return rv;
}
static SECStatus
@ -1783,8 +1767,7 @@ CreateCert(
CERTCertDBHandle *handle,
PK11SlotInfo *slot,
char * issuerNickName,
PRFileDesc *inFile,
PRFileDesc *outFile,
const SECItem * certReqDER,
SECKEYPrivateKey **selfsignprivkey,
void *pwarg,
SECOidTag hashAlgTag,
@ -1793,22 +1776,20 @@ CreateCert(
int validityMonths,
const char *emailAddrs,
const char *dnsNames,
PRBool ascii,
PRBool ascii,
PRBool selfsign,
certutilExtnList extnList)
certutilExtnList extnList,
SECItem * certDER)
{
void * extHandle;
SECItem * certDER;
CERTCertificate *subjectCert = NULL;
CERTCertificateRequest *certReq = NULL;
SECStatus rv = SECSuccess;
SECItem reqDER;
CERTCertExtension **CRexts;
reqDER.data = NULL;
do {
/* Create a certrequest object from the input cert request der */
certReq = GetCertRequest(inFile, ascii);
certReq = GetCertRequest(certReqDER);
if (certReq == NULL) {
GEN_BREAK (SECFailure)
}
@ -1856,19 +1837,33 @@ CreateCert(
}
}
certDER = SignCert(handle, subjectCert, selfsign, hashAlgTag,
*selfsignprivkey, issuerNickName,pwarg);
rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
*selfsignprivkey, issuerNickName, pwarg);
if (rv != SECSuccess)
break;
if (certDER) {
if (ascii) {
PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER,
BTOA_DataToAscii(certDER->data, certDER->len),
NS_CERT_TRAILER);
} else {
PR_Write(outFile, certDER->data, certDER->len);
}
rv = SECFailure;
if (ascii) {
char * asciiDER = BTOA_DataToAscii(subjectCert->derCert.data,
subjectCert->derCert.len);
if (asciiDER) {
char * wrapped = PR_smprintf("%s\n%s\n%s\n",
NS_CERT_HEADER,
asciiDER,
NS_CERT_TRAILER);
if (wrapped) {
PRUint32 wrappedLen = PL_strlen(wrapped);
if (SECITEM_AllocItem(NULL, certDER, wrappedLen)) {
PORT_Memcpy(certDER->data, wrapped, wrappedLen);
rv = SECSuccess;
}
PR_smprintf_free(wrapped);
}
PORT_Free(asciiDER);
}
} else {
rv = SECITEM_CopyItem(NULL, certDER, &subjectCert->derCert);
}
} while (0);
CERT_DestroyCertificateRequest (certReq);
CERT_DestroyCertificate (subjectCert);
@ -2179,9 +2174,9 @@ certutil_main(int argc, char **argv, PRBool initialize)
PK11SlotInfo *slot = NULL;
CERTName * subject = 0;
PRFileDesc *inFile = PR_STDIN;
PRFileDesc *outFile = NULL;
char * certfile = "tempcert";
char * certreqfile = "tempcertreq";
PRFileDesc *outFile = PR_STDOUT;
SECItem certReqDER = { siBuffer, NULL, 0 };
SECItem certDER = { siBuffer, NULL, 0 };
char * slotname = "internal";
char * certPrefix = "";
char * sourceDir = "";
@ -2573,19 +2568,6 @@ certutil_main(int argc, char **argv, PRBool initialize)
return 255;
}
/* -S open outFile, temporary file for cert request. */
if (certutil.commands[cmd_CreateAndAddCert].activated) {
outFile = PR_Open(certreqfile,
PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660);
if (!outFile) {
PR_fprintf(PR_STDERR,
"%s -o: unable to open \"%s\" for writing (%ld, %ld)\n",
progName, certreqfile,
PR_GetError(), PR_GetOSError());
return 255;
}
}
/* Open the input file. */
if (certutil.options[opt_InputFile].activated) {
inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0);
@ -2599,7 +2581,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
}
/* Open the output file. */
if (certutil.options[opt_OutputFile].activated && !outFile) {
if (certutil.options[opt_OutputFile].activated) {
outFile = PR_Open(certutil.options[opt_OutputFile].arg,
PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660);
if (!outFile) {
@ -2649,9 +2631,6 @@ certutil_main(int argc, char **argv, PRBool initialize)
else if (slotname != NULL)
slot = PK11_FindSlotByName(slotname);
if ( !slot && (certutil.commands[cmd_NewDBs].activated ||
certutil.commands[cmd_ModifyCertTrust].activated ||
certutil.commands[cmd_ChangePassword].activated ||
@ -2806,7 +2785,7 @@ merge_fail:
rv = ListCerts(certHandle, name, email, slot,
certutil.options[opt_BinaryDER].activated,
certutil.options[opt_ASCIIForIO].activated,
(outFile) ? outFile : PR_STDOUT, &pwdata);
outFile, &pwdata);
goto shutdown;
}
if (certutil.commands[cmd_DumpChain].activated) {
@ -3006,6 +2985,18 @@ merge_fail:
certutil_extns[ext_inhibitAnyPolicy].activated =
certutil.options[opt_AddInhibAnyExt].activated;
}
/* -A -C or -E Read inFile */
if (certutil.commands[cmd_CreateNewCert].activated ||
certutil.commands[cmd_AddCert].activated ||
certutil.commands[cmd_AddEmailCert].activated) {
PRBool isCreate = certutil.commands[cmd_CreateNewCert].activated;
rv = SECU_ReadDERFromFile(isCreate ? &certReqDER : &certDER, inFile,
certutil.options[opt_ASCIIForIO].activated);
if (rv)
goto shutdown;
}
/*
* Certificate request
*/
@ -3018,7 +3009,7 @@ merge_fail:
certutil.options[opt_ExtendedEmailAddrs].arg,
certutil.options[opt_ExtendedDNSNames].arg,
certutil_extns,
outFile ? outFile : PR_STDOUT);
&certReqDER);
if (rv)
goto shutdown;
privkey->wincx = &pwdata;
@ -3036,31 +3027,14 @@ merge_fail:
static certutilExtnList nullextnlist = {{PR_FALSE, NULL}};
rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
certutil.options[opt_PhoneNumber].arg,
certutil.options[opt_ASCIIForIO].activated,
PR_FALSE, /* do not BASE64-encode regardless of -a option */
NULL,
NULL,
nullextnlist,
outFile ? outFile : PR_STDOUT);
&certReqDER);
if (rv)
goto shutdown;
privkey->wincx = &pwdata;
PR_Close(outFile);
outFile = NULL;
inFile = PR_Open(certreqfile, PR_RDONLY, 0);
if (!inFile) {
PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
certreqfile, PR_GetError(), PR_GetOSError());
rv = SECFailure;
goto shutdown;
}
outFile = PR_Open(certfile,
PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660);
if (!outFile) {
PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
certfile, PR_GetError(), PR_GetOSError());
rv = SECFailure;
goto shutdown;
}
}
/* Create a certificate (-C or -S). */
@ -3068,13 +3042,15 @@ merge_fail:
certutil.commands[cmd_CreateNewCert].activated) {
rv = CreateCert(certHandle, slot,
certutil.options[opt_IssuerName].arg,
inFile, outFile, &privkey, &pwdata, hashAlgTag,
&certReqDER, &privkey, &pwdata, hashAlgTag,
serialNumber, warpmonths, validityMonths,
certutil.options[opt_ExtendedEmailAddrs].arg,
certutil.options[opt_ExtendedDNSNames].arg,
certutil.options[opt_ASCIIForIO].activated,
certutil.options[opt_ASCIIForIO].activated &&
certutil.commands[cmd_CreateNewCert].activated,
certutil.options[opt_SelfSign].activated,
certutil_extns);
certutil_extns,
&certDER);
if (rv)
goto shutdown;
}
@ -3083,38 +3059,26 @@ merge_fail:
* Adding a cert to the database (or slot)
*/
if (certutil.commands[cmd_CreateAndAddCert].activated) {
PORT_Assert(inFile != PR_STDIN);
PR_Close(inFile);
PR_Close(outFile);
outFile = NULL;
inFile = PR_Open(certfile, PR_RDONLY, 0);
if (!inFile) {
PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
certfile, PR_GetError(), PR_GetOSError());
rv = SECFailure;
goto shutdown;
}
}
/* -A -E or -S Add the cert to the DB */
if (certutil.commands[cmd_CreateAndAddCert].activated ||
certutil.commands[cmd_AddCert].activated ||
certutil.commands[cmd_AddEmailCert].activated) {
rv = AddCert(slot, certHandle, name,
certutil.options[opt_Trust].arg,
inFile,
certutil.options[opt_ASCIIForIO].activated,
&certDER,
certutil.commands[cmd_AddEmailCert].activated,&pwdata);
if (rv)
goto shutdown;
}
if (certutil.commands[cmd_CreateAndAddCert].activated) {
PORT_Assert(inFile != PR_STDIN);
PR_Close(inFile);
PR_Delete(certfile);
PR_Delete(certreqfile);
if (certutil.commands[cmd_CertReq].activated ||
certutil.commands[cmd_CreateNewCert].activated) {
SECItem * item = certutil.commands[cmd_CertReq].activated ? &certReqDER
: &certDER;
PRInt32 written = PR_Write(outFile, item->data, item->len);
if (written < 0 || (PRUint32) written != item->len) {
rv = SECFailure;
}
}
shutdown:
@ -3133,9 +3097,14 @@ shutdown:
if (name) {
PL_strfree(name);
}
if (outFile) {
if (inFile && inFile != PR_STDIN) {
PR_Close(inFile);
}
if (outFile && outFile != PR_STDOUT) {
PR_Close(outFile);
}
SECITEM_FreeItem(&certReqDER, PR_FALSE);
SECITEM_FreeItem(&certDER, PR_FALSE);
if (pwdata.data && pwdata.source == PW_PLAINTEXT) {
/* Allocated by a PL_strdup call in SECU_GetModulePassword. */
PL_strfree(pwdata.data);

2
security/nss/cmd/lib/basicutil.c
View File

@ -37,7 +37,7 @@ SECU_EnableWrap(PRBool enable)
}
PRBool
SECU_GetWrapEnabled()
SECU_GetWrapEnabled(void)
{
return wrapEnabled;
}

11
security/nss/cmd/lib/moreoids.c
View File

@ -127,6 +127,17 @@ static const SECOidData oids[] = {
static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]);
/* Fetch and register an oid if it hasn't been done already */
void
SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src)
{
if (*data == SEC_OID_UNKNOWN) {
/* AddEntry does the right thing if someone else has already
* added the oid. (that is return that oid tag) */
*data = SECOID_AddEntry(src);
}
}
SECStatus
SECU_RegisterDynamicOids(void)
{

4
security/nss/cmd/lib/secutil.c
View File

@ -1086,7 +1086,7 @@ typedef struct secuPBEParamsStr {
SECAlgorithmID kdfAlg;
} secuPBEParams;
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate);
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
/* SECOID_PKCS5_PBKDF2 */
const SEC_ASN1Template secuKDF2Params[] =
@ -3614,8 +3614,8 @@ SECU_ParseSSLVersionRangeString(const char *input,
colonPos = strchr(input, ':');
if (!colonPos) {
return SECFailure;
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
colonIndex = colonPos - input;

5
security/nss/cmd/lib/secutil.h
View File

@ -136,7 +136,7 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
extern PRBool SECU_GetWrapEnabled();
extern PRBool SECU_GetWrapEnabled(void);
extern void SECU_EnableWrap(PRBool enable);
/* revalidate the cert and print information about cert verification
@ -293,6 +293,9 @@ extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
extern char *SECU_SECModDBName(void);
/* Fetch and register an oid if it hasn't been done already */
extern void SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src);
extern SECStatus SECU_RegisterDynamicOids(void);
/* Identifies hash algorithm tag by its string representation. */

2
security/nss/cmd/lowhashtest/lowhashtest.c
View File

@ -398,8 +398,6 @@ Usage(char *progName)
int main(int argc, char **argv)
{
PLOptState *optstate;
PLOptStatus status;
NSSLOWInitContext *initCtx;
int rv = 0; /* counts the number of failures */

3
security/nss/cmd/pwdecrypt/pwdecrypt.c
View File

@ -5,7 +5,7 @@
/*
* Test program for SDR (Secret Decoder Ring) functions.
*
* $Id: pwdecrypt.c,v 1.8 2012/03/20 14:47:16 gerv%gerv.net Exp $
* $Id: pwdecrypt.c,v 1.9 2012/12/12 19:25:36 wtc%google.com Exp $
*/
#include "nspr.h"
@ -137,7 +137,6 @@ doDecrypt(char * dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata)
SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen);
SECStatus rv;
int err;
unsigned int i;
SECItem result = { siBuffer, NULL, 0 };
if ((decoded == NULL) || (decoded->len == 0)) {

14
security/nss/lib/certhigh/ocsp.c
View File

@ -6,7 +6,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
* $Id: ocsp.c,v 1.74.2.1 2012/12/12 16:38:39 wtc%google.com Exp $
* $Id: ocsp.c,v 1.76 2012/12/12 19:29:40 wtc%google.com Exp $
*/
#include "prerror.h"
@ -156,7 +156,7 @@ ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time);
#define NSS_HAVE_GETENV 1
#endif
static PRBool wantOcspTrace()
static PRBool wantOcspTrace(void)
{
static PRBool firstTime = PR_TRUE;
static PRBool wantTrace = PR_FALSE;
@ -504,7 +504,7 @@ ocsp_MakeCacheEntryMostRecent(OCSPCacheData *cache, OCSPCacheItem *new_most_rece
}
static PRBool
ocsp_IsCacheDisabled()
ocsp_IsCacheDisabled(void)
{
/*
* maxCacheEntries == 0 means unlimited cache entries
@ -592,7 +592,7 @@ ocsp_CheckCacheSize(OCSPCacheData *cache)
}
SECStatus
CERT_ClearOCSPCache()
CERT_ClearOCSPCache(void)
{
OCSP_TRACE(("OCSP CERT_ClearOCSPCache\n"));
PR_EnterMonitor(OCSP_Global.monitor);
@ -953,7 +953,7 @@ SECStatus OCSP_ShutdownGlobal(void)
* A return value of NULL means:
* The application did not register it's own HTTP client.
*/
const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient()
const SEC_HttpClientFcn *SEC_GetRegisteredHttpClient(void)
{
const SEC_HttpClientFcn *retval;
@ -1940,7 +1940,7 @@ loser:
}
static CERTOCSPRequest *
ocsp_prepareEmptyOCSPRequest()
ocsp_prepareEmptyOCSPRequest(void)
{
PRArenaPool *arena = NULL;
CERTOCSPRequest *request = NULL;
@ -4686,7 +4686,7 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID,
}
PRBool
ocsp_FetchingFailureIsVerificationFailure()
ocsp_FetchingFailureIsVerificationFailure(void)
{
PRBool isFailure;

2
security/nss/lib/certhigh/ocsp.h
View File

@ -5,7 +5,7 @@
/*
* Interface to the OCSP implementation.
*
* $Id: ocsp.h,v 1.23.2.1 2012/12/12 16:38:39 wtc%google.com Exp $
* $Id: ocsp.h,v 1.24 2012/12/12 16:03:44 wtc%google.com Exp $
*/
#ifndef _OCSP_H_

4
security/nss/lib/certhigh/ocspi.h
View File

@ -4,7 +4,7 @@
/*
* ocspi.h - NSS internal interfaces to OCSP code
*
* $Id: ocspi.h,v 1.12 2012/04/25 14:49:27 gerv%gerv.net Exp $
* $Id: ocspi.h,v 1.13 2012/12/12 19:29:40 wtc%google.com Exp $
*/
#ifndef _OCSPI_H_
@ -135,6 +135,6 @@ ocsp_GetResponderLocation(CERTCertDBHandle *handle,
* revoked cert status.
*/
PRBool
ocsp_FetchingFailureIsVerificationFailure();
ocsp_FetchingFailureIsVerificationFailure(void);
#endif /* _OCSPI_H_ */

2
security/nss/lib/certhigh/ocspt.h
View File

@ -5,7 +5,7 @@
/*
* Public header for exported OCSP types.
*
* $Id: ocspt.h,v 1.11.2.1 2012/12/12 16:38:39 wtc%google.com Exp $
* $Id: ocspt.h,v 1.12 2012/12/12 16:03:44 wtc%google.com Exp $
*/
#ifndef _OCSPT_H_

2
security/nss/lib/certhigh/ocspti.h
View File

@ -5,7 +5,7 @@
/*
* Private header defining OCSP types.
*
* $Id: ocspti.h,v 1.8.2.1 2012/12/12 16:38:39 wtc%google.com Exp $
* $Id: ocspti.h,v 1.9 2012/12/12 16:03:44 wtc%google.com Exp $
*/
#ifndef _OCSPTI_H_

4
security/nss/lib/freebl/drbg.c
View File

@ -1,7 +1,7 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: drbg.c,v 1.11 2012/06/28 17:55:05 rrelyea%redhat.com Exp $ */
/* $Id: drbg.c,v 1.12 2012/12/12 19:22:39 wtc%google.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -470,7 +470,7 @@ RNG_RNGInit(void)
/* Allow only one call to initialize the context */
PR_CallOnce(&coRNGInit, rng_init);
/* Make sure there is a context */
return (globalrng != NULL) ? PR_SUCCESS : PR_FAILURE;
return (globalrng != NULL) ? SECSuccess : SECFailure;
}
/*

6
security/nss/lib/freebl/loader.c
View File

@ -4,7 +4,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: loader.c,v 1.57 2012/06/28 17:55:05 rrelyea%redhat.com Exp $ */
/* $Id: loader.c,v 1.58 2012/12/13 22:47:15 wtc%google.com Exp $ */
#include "loader.h"
#include "prmem.h"
@ -1851,10 +1851,10 @@ PQG_ParamGenV2( unsigned int L, unsigned int N, unsigned int seedBytes,
return (vector->p_PQG_ParamGenV2)(L, N, seedBytes, pParams, pVfy);
}
PRBool
SECStatus
PRNGTEST_RunHealthTests(void)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return PR_FALSE;
return SECFailure;
return vector->p_PRNGTEST_RunHealthTests();
}

4
security/nss/lib/freebl/pqg.c
View File

@ -5,7 +5,7 @@
/*
* PQG parameter generation/verification. Based on FIPS 186-3.
*
* $Id: pqg.c,v 1.25 2012/10/11 00:18:23 rrelyea%redhat.com Exp $
* $Id: pqg.c,v 1.26 2012/12/13 22:47:15 wtc%google.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -260,7 +260,7 @@ PQG_GetHashType(const PQGParams *params)
if (params == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
return HASH_AlgNULL;
}
L = PQG_GetLength(&params->prime)*BITS_PER_BYTE;

9
security/nss/lib/freebl/unix_rand.c
View File

@ -193,11 +193,6 @@ GiveSystemInfo(void)
#if defined(__sun)
#if defined(__svr4) || defined(SVR4)
#include <sys/systeminfo.h>
#include <sys/times.h>
#include <wait.h>
int gettimeofday(struct timeval *);
int gethostname(char *, int);
#define getdtablesize() sysconf(_SC_OPEN_MAX)
@ -672,11 +667,7 @@ size_t RNG_GetNoise(void *buf, size_t maxbytes)
n = GetHighResClock(buf, maxbytes);
maxbytes -= n;
#if defined(__sun) && (defined(_svr4) || defined(SVR4)) || defined(sony)
(void)gettimeofday(&tv);
#else
(void)gettimeofday(&tv, 0);
#endif
c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec));
n += c;
maxbytes -= c;

8
security/nss/lib/nss/nss.h
View File

@ -4,7 +4,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: nss.h,v 1.100.2.1 2012/12/13 19:11:46 wtc%google.com Exp $ */
/* $Id: nss.h,v 1.101 2012/12/10 23:39:39 wtc%google.com Exp $ */
#ifndef __nss_h_
#define __nss_h_
@ -34,12 +34,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.14.1.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.14.2.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 14
#define NSS_VPATCH 1
#define NSS_VPATCH 2
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

3
security/nss/lib/pkcs7/p7decode.c
View File

@ -5,7 +5,7 @@
/*
* PKCS7 decoding, verification.
*
* $Id: p7decode.c,v 1.30 2012/11/27 22:48:08 bsmith%mozilla.com Exp $
* $Id: p7decode.c,v 1.31 2012/12/12 19:25:36 wtc%google.com Exp $
*/
#include "p7local.h"
@ -407,7 +407,6 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
PK11SymKey *bulkkey = NULL;
SECOidTag keyalgtag, bulkalgtag, encalgtag;
PK11SlotInfo *slot = NULL;
int bulkLength = 0;
if (recipientinfos == NULL || recipientinfos[0] == NULL) {
p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT;

4
security/nss/lib/pki/pki3hack.c
View File

@ -3,7 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.109 $ $Date: 2012/07/27 21:41:52 $";
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.110 $ $Date: 2012/12/12 19:22:40 $";
#endif /* DEBUG */
/*
@ -1092,7 +1092,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
nssPKIObject *pkiob;
if (c == NULL) {
return SECFailure;
return PR_FAILURE;
}
oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc);
if (oldTrust) {

6
security/nss/lib/smime/cmsasn1.c
View File

@ -5,7 +5,7 @@
/*
* CMS ASN.1 templates
*
* $Id: cmsasn1.c,v 1.11 2012/04/25 14:50:08 gerv%gerv.net Exp $
* $Id: cmsasn1.c,v 1.12 2012/12/13 22:46:04 wtc%google.com Exp $
*/
#include "cmslocal.h"
@ -453,13 +453,13 @@ const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[] = {
NSSCMSEncapsulatedContentInfoTemplate },
};
SEC_ASN1_CHOOSER_IMPLEMENT(NSSCMSGenericWrapperDataTemplate);
SEC_ASN1_CHOOSER_IMPLEMENT(NSSCMSGenericWrapperDataTemplate)
const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[] = {
{ SEC_ASN1_POINTER, 0, NSSCMSGenericWrapperDataTemplate }
};
SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate);
SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate)
/* -----------------------------------------------------------------------------
*

4
security/nss/lib/softoken/legacydb/pcertdb.c
View File

@ -5,7 +5,7 @@
/*
* Permanent Certificate database handling code
*
* $Id: pcertdb.c,v 1.13 2012/04/25 14:50:11 gerv%gerv.net Exp $
* $Id: pcertdb.c,v 1.14 2012/12/12 19:25:36 wtc%google.com Exp $
*/
#include "lowkeyti.h"
#include "pcert.h"
@ -4954,7 +4954,7 @@ DestroyCertificate(NSSLOWCERTCertificate *cert, PRBool lockdb)
refCount = --cert->referenceCount;
nsslowcert_UnlockCertRefCount(cert);
if ( ( refCount == 0 ) ) {
if ( refCount == 0 ) {
certDBEntryCert *entry = cert->dbEntry;
if ( entry ) {

38
security/nss/lib/softoken/pkcs11c.c
View File

@ -1173,7 +1173,6 @@ CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
if (context->padDataLength > 0) {
*pulLastPartLen = context->padDataLength;
}
rv = SECSuccess;
goto finish;
}
@ -1184,13 +1183,26 @@ CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
* buffer!!! */
rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
maxout, context->padBuf, context->blockSize);
if (rv == SECSuccess) {
if (rv != SECSuccess) {
crv = sftk_MapDecryptError(PORT_GetError());
} else {
unsigned int padSize =
(unsigned int) pLastPart[context->blockSize-1];
if ((padSize > context->blockSize) || (padSize == 0)) {
rv = SECFailure;
crv = CKR_ENCRYPTED_DATA_INVALID;
} else {
*pulLastPartLen = outlen - padSize;
unsigned int i;
unsigned int badPadding = 0; /* used as a boolean */
for (i = 0; i < padSize; i++) {
badPadding |=
(unsigned int) pLastPart[context->blockSize-1-i] ^
padSize;
}
if (badPadding) {
crv = CKR_ENCRYPTED_DATA_INVALID;
} else {
*pulLastPartLen = outlen - padSize;
}
}
}
}
@ -1199,7 +1211,7 @@ CK_RV NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
sftk_TerminateOp( session, SFTK_DECRYPT, context );
finish:
sftk_FreeSession(session);
return (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
return crv;
}
/* NSC_Decrypt decrypts encrypted data in a single part. */
@ -1249,11 +1261,21 @@ CK_RV NSC_Decrypt(CK_SESSION_HANDLE hSession,
/* XXX need to do MUCH better error mapping than this. */
crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
if (rv == SECSuccess && context->doPad) {
CK_ULONG padding = pData[outlen - 1];
unsigned int padding = pData[outlen - 1];
if (padding > context->blockSize || !padding) {
crv = CKR_ENCRYPTED_DATA_INVALID;
} else
outlen -= padding;
} else {
unsigned int i;
unsigned int badPadding = 0; /* used as a boolean */
for (i = 0; i < padding; i++) {
badPadding |= (unsigned int) pData[outlen - 1 - i] ^ padding;
}
if (badPadding) {
crv = CKR_ENCRYPTED_DATA_INVALID;
} else {
outlen -= padding;
}
}
}
*pulDataLen = (CK_ULONG) outlen;
sftk_TerminateOp( session, SFTK_DECRYPT, context );

147
security/nss/lib/softoken/sdb.c
View File

@ -30,8 +30,11 @@
#include "prenv.h"
#include "prsystem.h" /* for PR_GetDirectorySeparator() */
#include "sys/stat.h"
#if defined (_WIN32)
#if defined(_WIN32)
#include <io.h>
#include <windows.h>
#elif defined(XP_UNIX)
#include <unistd.h>
#endif
#ifdef SQLITE_UNSAFE_THREADS
@ -187,106 +190,68 @@ sdb_done(int err, int *count)
}
/*
*
* strdup limited to 'n' bytes. (Note: len of file is assumed to be >= len)
*
* We don't have a PORT_ version of this function,
* I suspect it's only normally available in glib,
* find out where sqlite stores the temp tables. We do this by replicating
* the logic from sqlite.
*/
#if defined(_WIN32)
static char *
sdb_strndup(const char *file, int len)
sdb_getTempDir(void)
{
char *result = PORT_Alloc(len+1);
/* sqlite uses sqlite3_temp_directory if it is not NULL. We don't have
* access to sqlite3_temp_directory because it is not exported from
* sqlite3.dll. Assume sqlite3_win32_set_directory isn't called and
* sqlite3_temp_directory is NULL.
*/
char path[MAX_PATH];
DWORD rv;
size_t len;
if (result == NULL) {
return result;
}
PORT_Memcpy(result, file, len);
result[len] = 0;
return result;
rv = GetTempPathA(MAX_PATH, path);
if (rv > MAX_PATH || rv == 0)
return NULL;
len = strlen(path);
if (len == 0)
return NULL;
/* The returned string ends with a backslash, for example, "C:\TEMP\". */
if (path[len - 1] == '\\')
path[len - 1] = '\0';
return PORT_Strdup(path);
}
/*
* call back from sqlite3_exec("Pragma database_list"). Looks for the
* temp directory, then return the file the temp directory is stored
* at. */
static int
sdb_getTempDirCallback(void *arg, int columnCount, char **cval, char **cname)
{
int i;
int found = 0;
char *file = NULL;
char *end, *dir;
char dirsep;
/* we've already found the temp directory, don't look at any more records*/
if (*(char **)arg) {
return SQLITE_OK;
}
/* look at the columns to see if this record is the temp database,
* and does it say where it is stored */
for (i=0; i < columnCount; i++) {
if (PORT_Strcmp(cname[i],"name") == 0) {
if (PORT_Strcmp(cval[i], "temp") == 0) {
found++;
continue;
}
}
if (PORT_Strcmp(cname[i],"file") == 0) {
if (cval[i] && (*cval[i] != 0)) {
file = cval[i];
}
}
}
/* if we couldn't find it, ask for the next record */
if (!found || !file) {
return SQLITE_OK;
}
/* drop of the database file name and just return the directory */
dirsep = PR_GetDirectorySeparator();
end = PORT_Strrchr(file, dirsep);
if (!end) {
return SQLITE_OK;
}
dir = sdb_strndup(file, end-file);
*(char **)arg = dir;
return SQLITE_OK;
}
/*
* find out where sqlite stores the temp tables. We do this by creating
* a temp table, then looking for the database name that sqlite3 creates.
*/
#elif defined(XP_UNIX)
static char *
sdb_getTempDir(sqlite3 *sqlDB)
sdb_getTempDir(void)
{
char *tempDir = NULL;
int sqlerr;
const char *azDirs[] = {
NULL,
NULL,
"/var/tmp",
"/usr/tmp",
"/tmp",
NULL /* List terminator */
};
unsigned int i;
struct stat buf;
const char *zDir = NULL;
/* create a temporary table */
sqlerr = sqlite3_exec(sqlDB, "CREATE TEMPORARY TABLE myTemp (id)",
NULL, 0, NULL);
if (sqlerr != SQLITE_OK) {
return NULL;
azDirs[0] = sqlite3_temp_directory;
azDirs[1] = getenv("TMPDIR");
for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
zDir = azDirs[i];
if (zDir == NULL) continue;
if (stat(zDir, &buf)) continue;
if (!S_ISDIR(buf.st_mode)) continue;
if (access(zDir, 07)) continue;
break;
}
/* look for through the database list for the temp directory */
sqlerr = sqlite3_exec(sqlDB, "PRAGMA database_list",
sdb_getTempDirCallback, &tempDir, NULL);
/* drop the temp table we created */
sqlite3_exec(sqlDB, "DROP TABLE myTemp", NULL, 0, NULL);
if (sqlerr != SQLITE_OK) {
return NULL;
}
return tempDir;
if (zDir == NULL)
return NULL;
return PORT_Strdup(zDir);
}
#else
#error "sdb_getTempDir not implemented"
#endif
/*
* Map SQL_LITE errors to PKCS #11 errors as best we can.
@ -1827,7 +1792,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
* is to check for the existance of a local file compared to the same
* check in the temp directory. If the temp directory is faster, cache
* the database there. */
tempDir = sdb_getTempDir(sqlDB);
tempDir = sdb_getTempDir();
if (tempDir) {
tempOps = sdb_measureAccess(tempDir);
PORT_Free(tempDir);

6
security/nss/lib/softoken/softkver.h
View File

@ -25,11 +25,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.14.1.0" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.14.2.0" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 14
#define SOFTOKEN_VPATCH 1
#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#define SOFTOKEN_BETA PR_TRUE
#endif /* _SOFTKVER_H_ */

5
security/nss/lib/sqlite/README
View File

@ -1,6 +1,3 @@
This is SQLite 3.6.22.
This is SQLite 3.7.14.1.
Local changes:
1. Allow System V one-argument version of gettimeofday when compiled with
-D_SVID_GETTOD on Solaris. See CVS revision 1.6.

10
security/nss/lib/sqlite/config.mk
View File

@ -34,4 +34,14 @@ ifeq ($(OS_TARGET),Darwin)
# to the linker.) Apple builds the system libsqlite3.dylib with these
# version numbers, so we use the same to be compatible.
DARWIN_DYLIB_VERSIONS = -compatibility_version 9 -current_version 9.6
# The SQLite code that uses the Apple zone allocator calls
# OSAtomicCompareAndSwapPtrBarrier, which is only available on Mac OS X 10.5
# (Darwin 9.0) and later. Define SQLITE_WITHOUT_ZONEMALLOC to disable
# that code for older versions of Mac OS X. See bug 820374.
DARWIN_VER_MAJOR := $(shell uname -r | cut -f1 -d.)
DARWIN_LT_9 := $(shell [ $(DARWIN_VER_MAJOR) -lt 9 ] && echo true)
ifeq ($(DARWIN_LT_9),true)
OS_CFLAGS += -DSQLITE_WITHOUT_ZONEMALLOC
endif
endif # Darwin

3
security/nss/lib/sqlite/sqlite.def
View File

@ -74,6 +74,7 @@ sqlite3_errmsg16;
sqlite3_exec;
sqlite3_expired;
sqlite3_extended_result_codes;
sqlite3_file_control;
sqlite3_finalize;
sqlite3_free;
sqlite3_free_table;
@ -119,6 +120,7 @@ sqlite3_set_auxdata;
sqlite3_sleep;
sqlite3_snprintf;
sqlite3_step;
;;sqlite3_temp_directory DATA ;
sqlite3_thread_cleanup;
sqlite3_total_changes;
sqlite3_trace;
@ -139,6 +141,7 @@ sqlite3_value_text16le;
sqlite3_value_type;
sqlite3_version;
sqlite3_vmprintf;
sqlite3_wal_checkpoint;
;+ local:
;+ *;
;+};

63769
security/nss/lib/sqlite/sqlite3.c
View File

File diff suppressed because it is too large Load Diff

2516
security/nss/lib/sqlite/sqlite3.h
View File

File diff suppressed because it is too large Load Diff

3
security/nss/lib/ssl/sslsock.c
View File

@ -6,7 +6,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: sslsock.c,v 1.98 2012/11/14 01:14:12 wtc%google.com Exp $ */
/* $Id: sslsock.c,v 1.99 2012/12/20 20:29:36 bsmith%mozilla.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@ -2904,6 +2904,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
ssl_ChooseOps(ss);
ssl2_InitSocketPolicy(ss);
ssl3_InitSocketPolicy(ss);
PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
if (makeLocks) {
status = ssl_MakeLocks(ss);

6
security/nss/lib/util/nssutil.h
View File

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.14.1.0"
#define NSSUTIL_VERSION "3.14.2.0 Beta"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 14
#define NSSUTIL_VPATCH 1
#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
#define NSSUTIL_BETA PR_TRUE
SEC_BEGIN_PROTOS

15
security/nss/lib/util/secoid.c
View File

@ -3,6 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "secoid.h"
#include "secoidt.h"
#include "pkcs11t.h"
#include "secitem.h"
#include "secerr.h"
@ -145,6 +146,13 @@ const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING
#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
#define EV_NAME_ATTRIBUTE MICROSOFT_OID, 60, 2, 1
/* Microsoft Crypto 2.0 ID space */
/* { 1.3.6.1.4.1.311.10 } */
#define MS_CRYPTO_20 MICROSOFT_OID, 10
/* Microsoft Crypto 2.0 Extended Key Usage ID space */
/* { 1.3.6.1.4.1.311.10.3 } */
#define MS_CRYPTO_EKU MS_CRYPTO_20, 3
#define CERTICOM_OID 0x2b, 0x81, 0x04
#define SECG_OID CERTICOM_OID, 0x00
@ -448,6 +456,7 @@ CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 };
/* OIDs for Netscape defined algorithms */
CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
@ -1633,7 +1642,11 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
OD( nistDSASignaturewithSHA256Digest,
SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST,
"DSA with SHA-256 Signature",
CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION)
CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION),
OD( msExtendedKeyUsageTrustListSigning,
SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING,
"Microsoft Trust List Signing",
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION )
};
/* PRIVATE EXTENDED SECOID Table

8
security/nss/lib/util/secoidt.h
View File

@ -10,7 +10,7 @@
/*
* secoidt.h - public data structures for ASN.1 OID functions
*
* $Id: secoidt.h,v 1.36 2012/06/25 21:48:41 rrelyea%redhat.com Exp $
* $Id: secoidt.h,v 1.37 2012/12/19 02:10:42 emaldona%redhat.com Exp $
*/
#include "secitem.h"
@ -436,6 +436,12 @@ typedef enum {
SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST = 314,
SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST = 315,
/* Microsoft Trust List Signing
* szOID_KP_CTL_USAGE_SIGNING
* where KP stands for Key Purpose
*/
SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING = 316,
SEC_OID_TOTAL
} SECOidTag;

11
security/nss/tests/lowhash/lowhash.sh
View File

@ -42,7 +42,12 @@ lowhash_init()
fi
LOWHASHDIR=../lowhash
mkdir -p ${LOWHASHDIR}
html_head "Lowhash Tests"
if [ -f /proc/sys/crypto/fips_enabled ]; then
FVAL=`cat /proc/sys/crypto/fips_enabled`
html_head "Lowhash Tests - /proc/sys/crypto/fips_enabled is ${FVAL}"
else
html_head "Lowhash Tests"
fi
cd ${LOWHASHDIR}
}
@ -59,14 +64,14 @@ lowhash_test()
TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
OLD_MODE=`echo ${NSS_FIPS}`
for fips_mode in 0 1; do
echo "lowhashtest with fips mode=${mode}"
echo "lowhashtest with fips mode=${fips_mode}"
export NSS_FIPS=${fips_mode}
for TEST in ${TESTS}
do
echo "lowhashtest ${TEST}"
${BINDIR}/lowhashtest ${TEST} 2>&1
RESULT=$?
html_msg ${RESULT} 0 "lowhashtest with fips mode=${mode} for ${TEST}"
html_msg ${RESULT} 0 "lowhashtest with fips mode=${fips_mode} for ${TEST}"
done
done
export NSS_FIPS=${OLD_MODE}

11
security/nss/tests/ssl/ssl.sh
View File

@ -630,12 +630,17 @@ load_group_crl() {
echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
echo ""
echo "RELOAD time $i"
${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f \
-d ${R_CLIENTDIR} -v -V ssl3: -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
>${OUTFILE_TMP} 2>&1 <<_EOF_REQUEST_
REQF=${R_CLIENTDIR}.crlreq
cat > ${REQF} <<_EOF_REQUEST_
GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
_EOF_REQUEST_
${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f \
-d ${R_CLIENTDIR} -v -V ssl3: -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
>${OUTFILE_TMP} 2>&1 < ${REQF}
cat ${OUTFILE_TMP}
grep "CRL ReCache Error" ${OUTFILE_TMP}
if [ $? -eq 0 ]; then