Bug 738458 - Upgrade Mozilla to NSS 3.13.5 - starting with BETA1, r=wtc

This commit is contained in:
Kai Engert 2012-04-27 01:47:19 +02:00
parent 6bd2c4f144
commit b60bdce8f8
17 changed files with 36 additions and 22 deletions

View File

@ -43,3 +43,4 @@
#error "Do not include this header file."

View File

@ -1 +1 @@
NSS_3_13_4_RTM
NSS_3_13_5_BETA1

View File

@ -1 +1 @@
NSS_3_13_4_RTM
NSS_3_13_5_BETA1

View File

@ -96,7 +96,7 @@ CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags);
if (rv == SECSuccess &&
!(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
rv = SECFailure;
}
}
@ -496,7 +496,10 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
LOG_ERROR_OR_EXIT(log,issuerCert,count+1,0);
} else {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
if (PORT_GetError() !=
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
}
LOG_ERROR_OR_EXIT(log,subjectCert,count,0);
}
}

View File

@ -997,7 +997,7 @@ PKIX_ERRORENTRY(SETPOLICIESFAILED,Fail to set cert validation policies,0),
PKIX_ERRORENTRY(SHUTDOWNFAILED,PKIX_PL_Shutdown failed,0),
PKIX_ERRORENTRY(SIGNATURECHECKERINITIALIZEFAILED,pkix_SignatureChecker_Initialize failed,0),
PKIX_ERRORENTRY(SIGNATURECHECKERSTATECREATEFAILED,pkix_SignatureCheckerState_Create failed,0),
PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,SEC_ERROR_BAD_SIGNATURE),
PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,0),
PKIX_ERRORENTRY(SINGLEPOLICYNODEEQUALSFAILED,PKIX_PL_SinglePolicyNode_Equals failed,0),
PKIX_ERRORENTRY(SINGLEPOLICYNODEHASHCODEFAILED,pkix_SinglePolicyNode_Hashcode failed,0),
PKIX_ERRORENTRY(SINGLEPOLICYNODETOSTRINGFAILED,pkix_SinglePolicyNode_ToString failed,0),
@ -1100,7 +1100,7 @@ PKIX_ERRORENTRY(VALIDATEPARAMSGETPROCESSINGPARAMSFAILED,PKIX_ValidateParams_GetP
PKIX_ERRORENTRY(VALIDATERESULTCREATEFAILED,pkix_ValidateResult_Create failed,0),
PKIX_ERRORENTRY(VALIDATERESULTGETPOLICYTREEFAILED,PKIX_ValidateResult_GetPolicyTree failed,0),
PKIX_ERRORENTRY(VALIDATERESULTGETTRUSTANCHORFAILED,PKIX_ValidateResult_GetTrustAnchor failed,0),
PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,SEC_ERROR_BAD_SIGNATURE),
PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,0),
PKIX_ERRORENTRY(VALIDATIONFAILEDNULLCERTPOINTER,Validation failed: NULL Cert pointer,0),
PKIX_ERRORENTRY(VALIDATIONFAILEDPATHTONAMECHECKFAILED,Validation failed: PathToName check failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
PKIX_ERRORENTRY(VALUEINESCAPEDASCII,value in EscapedASCII,0),

View File

@ -245,7 +245,6 @@ pkix_SignatureChecker_Check(
certVerified = PKIX_TRUE;
} else {
certVerified = PKIX_FALSE;
PKIX_DECREF(verifyFail);
}
}
@ -292,6 +291,7 @@ pkix_SignatureChecker_Check(
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_DECREF(verifyFail);
verifyFail = PKIX_PL_Cert_VerifySignature
(cert, pKey, plContext);
@ -300,7 +300,6 @@ pkix_SignatureChecker_Check(
break;
} else {
certVerified = PKIX_FALSE;
PKIX_DECREF(verifyFail);
}
PKIX_DECREF(pKey);
@ -309,6 +308,8 @@ pkix_SignatureChecker_Check(
#endif
if (certVerified == PKIX_FALSE) {
pkixErrorResult = verifyFail;
verifyFail = NULL;
PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
}

View File

@ -2889,6 +2889,9 @@ PKIX_PL_Cert_VerifySignature(
status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
if (status != SECSuccess) {
if (PORT_GetError() != SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
}
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
}

View File

@ -1043,6 +1043,7 @@ PKIX_PL_CRL_VerifySignature(
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
if (status != SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
}

View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nss.h,v 1.92.2.1 2012/04/06 15:20:43 kaie%kuix.de Exp $ */
/* $Id: nss.h,v 1.92.2.2 2012/04/24 01:22:22 kaie%kuix.de Exp $ */
#ifndef __nss_h_
#define __nss_h_
@ -66,12 +66,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.13.4.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.13.5.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 13
#define NSS_VPATCH 4
#define NSS_VPATCH 5
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

View File

@ -57,11 +57,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.13.4.0" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.13.5.0" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 13
#define SOFTOKEN_VPATCH 4
#define SOFTOKEN_VPATCH 5
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#define SOFTOKEN_BETA PR_TRUE
#endif /* _SOFTKVER_H_ */

View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: derive.c,v 1.13 2011/03/22 22:15:22 alexei.volkov.bugs%sun.com Exp $ */
/* $Id: derive.c,v 1.13.2.2 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
#include "ssl.h" /* prereq to sslimpl.h */
#include "certt.h" /* prereq to sslimpl.h */

View File

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ssl3con.c,v 1.167 2012/03/06 02:23:25 wtc%google.com Exp $ */
/* $Id: ssl3con.c,v 1.167.2.2 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
#include "cert.h"
#include "ssl.h"

View File

@ -41,7 +41,7 @@
* ***** END LICENSE BLOCK ***** */
/* TLS extension code moved here from ssl3ecc.c */
/* $Id: ssl3ext.c,v 1.22 2012/03/12 19:14:12 wtc%google.com Exp $ */
/* $Id: ssl3ext.c,v 1.22.2.2 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
#include "nssrenam.h"
#include "nss.h"

View File

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsock.c,v 1.82.2.1 2012/03/31 23:16:38 wtc%google.com Exp $ */
/* $Id: sslsock.c,v 1.82.2.3 2012/04/20 00:37:53 emaldona%redhat.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"

View File

@ -573,3 +573,6 @@ ER3(SEC_ERROR_UNKNOWN_PKCS11_ERROR, (SEC_ERROR_BASE + 174),
ER3(SEC_ERROR_BAD_CRL_DP_URL, (SEC_ERROR_BASE + 175),
"Invalid or unsupported URL in CRL distribution point name.")
ER3(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 176),
"The certificate was signed using an signature algorithm that is disabled because it is not secure.")

View File

@ -51,12 +51,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.13.4.0"
#define NSSUTIL_VERSION "3.13.5.0"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 13
#define NSSUTIL_VPATCH 4
#define NSSUTIL_VPATCH 5
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
#define NSSUTIL_BETA PR_TRUE
SEC_BEGIN_PROTOS

View File

@ -236,6 +236,8 @@ SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174),
SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175),
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176),
/* Add new error codes above here. */
SEC_ERROR_END_OF_LIST
} SECErrorCodes;