Bug 527659, Update Mozilla-central to NSS 3.12.6
=== r=rrelyea for upgrading to release candidate 1 === reapplying bug 519550 on top === includes PSM makefile tweak to keep TLS disabled (variables changed in the updated NSS snapshot) === change configure.in to require the newer system NSS, r=wtc
This commit is contained in:
Родитель
4aa0b6c8c1
Коммит
1d9e4dd979
|
@ -4366,7 +4366,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
|
|||
_USE_SYSTEM_NSS=1 )
|
||||
|
||||
if test -n "$_USE_SYSTEM_NSS"; then
|
||||
AM_PATH_NSS(3.12.0, [MOZ_NATIVE_NSS=1], [MOZ_NATIVE_NSS=])
|
||||
AM_PATH_NSS(3.12.6, [MOZ_NATIVE_NSS=1], [MOZ_NATIVE_NSS=])
|
||||
fi
|
||||
|
||||
if test -n "$MOZ_NATIVE_NSS"; then
|
||||
|
|
|
@ -131,4 +131,5 @@ DLL_SUFFIX = dylib
|
|||
PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
|
||||
sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,_,' > $@
|
||||
|
||||
G++INCLUDES = -I/usr/include/g++
|
||||
USE_SYSTEM_ZLIB = 1
|
||||
ZLIB_LIBS = -lz
|
||||
|
|
|
@ -42,3 +42,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -243,9 +243,9 @@ ifeq ($(OS_ARCH),Linux)
|
|||
DEFAULT_GMAKE_FLAGS += FREEBL_NO_DEPEND=1
|
||||
endif
|
||||
|
||||
# Turn off TLS compression support because NSS 3.12.5 Beta can't be built
|
||||
# Turn off TLS compression support because NSS 3.12.6 can't be built
|
||||
# with Mozilla's zlib.h. See bug 527659 comment 10.
|
||||
DEFAULT_GMAKE_FLAGS += USE_SYSTEM_ZLIB=
|
||||
DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ZLIB=
|
||||
|
||||
# Disable building of the test programs in security/nss/lib/zlib
|
||||
DEFAULT_GMAKE_FLAGS += PROGRAMS=
|
||||
|
|
|
@ -320,7 +320,6 @@ extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
|
|||
extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
|
||||
|
||||
extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
|
||||
extern void SEC_Init(void);
|
||||
|
||||
extern char *SECU_SECModDBName(void);
|
||||
|
||||
|
|
|
@ -57,6 +57,12 @@ include $(CORE_DEPTH)/coreconf/config.mk
|
|||
#######################################################################
|
||||
include ../platlibs.mk
|
||||
|
||||
ifdef USE_SYSTEM_ZLIB
|
||||
OS_LIBS += $(ZLIB_LIBS)
|
||||
else
|
||||
EXTRA_LIBS += $(ZLIB_LIBS)
|
||||
endif
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* p7env -- A command to create a pkcs7 enveloped data.
|
||||
*
|
||||
* $Id: p7env.c,v 1.9 2008/08/08 23:47:56 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: p7env.c,v 1.10 2010/02/11 02:39:47 wtc%google.com Exp $
|
||||
*/
|
||||
|
||||
#include "nspr.h"
|
||||
|
@ -61,8 +61,6 @@ extern int fwrite(char *, size_t, size_t, FILE*);
|
|||
extern int fprintf(FILE *, char *, ...);
|
||||
#endif
|
||||
|
||||
extern void SEC_Init(void); /* XXX */
|
||||
|
||||
|
||||
static void
|
||||
Usage(char *progName)
|
||||
|
|
|
@ -251,6 +251,4 @@ ifndef USE_SYSTEM_ZLIB
|
|||
ZLIB_LIBS = $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX)
|
||||
endif
|
||||
|
||||
JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX) \
|
||||
$(ZLIB_LIBS) \
|
||||
$(NULL)
|
||||
JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX)
|
||||
|
|
|
@ -58,6 +58,12 @@ include $(CORE_DEPTH)/coreconf/config.mk
|
|||
|
||||
include ../platlibs.mk
|
||||
|
||||
ifdef USE_SYSTEM_ZLIB
|
||||
OS_LIBS += $(ZLIB_LIBS)
|
||||
else
|
||||
EXTRA_LIBS += $(ZLIB_LIBS)
|
||||
endif
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
|
|
@ -66,7 +66,7 @@
|
|||
#include "cert.h"
|
||||
#include "sslproto.h"
|
||||
|
||||
#define VERSIONSTRING "$Revision: 1.17 $ ($Date: 2010/01/28 06:19:11 $) $Author: nelson%bolyard.com $"
|
||||
#define VERSIONSTRING "$Revision: 1.18 $ ($Date: 2010/02/10 02:00:56 $) $Author: wtc%google.com $"
|
||||
|
||||
|
||||
struct _DataBufferList;
|
||||
|
@ -76,7 +76,7 @@ typedef struct _DataBufferList {
|
|||
struct _DataBuffer *first,*last;
|
||||
int size;
|
||||
int isEncrypted;
|
||||
char * msgBuf;
|
||||
unsigned char * msgBuf;
|
||||
int msgBufOffset;
|
||||
int msgBufSize;
|
||||
int hMACsize;
|
||||
|
@ -774,7 +774,7 @@ void print_ssl3_handshake(unsigned char *recordBuf,
|
|||
/* append recordBuf to msgBuf, then use msgBuf */
|
||||
if (s->msgBufOffset + recordLen > s->msgBufSize) {
|
||||
int newSize = s->msgBufOffset + recordLen;
|
||||
char * newBuf = PORT_Realloc(s->msgBuf, newSize);
|
||||
unsigned char * newBuf = PORT_Realloc(s->msgBuf, newSize);
|
||||
if (!newBuf) {
|
||||
PR_ASSERT(newBuf);
|
||||
showErr( "Realloc failed");
|
||||
|
@ -1132,7 +1132,7 @@ void print_ssl3_handshake(unsigned char *recordBuf,
|
|||
s->msgBufSize = newMsgLen;
|
||||
memcpy(s->msgBuf, recordBuf + offset, newMsgLen);
|
||||
} else if (newMsgLen > s->msgBufSize) {
|
||||
char * newBuf = PORT_Realloc(s->msgBuf, newMsgLen);
|
||||
unsigned char * newBuf = PORT_Realloc(s->msgBuf, newMsgLen);
|
||||
if (!newBuf) {
|
||||
PR_ASSERT(newBuf);
|
||||
showErr( "Realloc failed");
|
||||
|
|
|
@ -229,8 +229,8 @@ errExit(char * funcString)
|
|||
void
|
||||
disableAllSSLCiphers(void)
|
||||
{
|
||||
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
|
||||
int i = SSL_NumImplementedCiphers;
|
||||
const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
|
||||
int i = SSL_GetNumImplementedCiphers();
|
||||
SECStatus rv;
|
||||
|
||||
/* disable all the SSL3 cipher suites */
|
||||
|
|
|
@ -274,8 +274,8 @@ milliPause(PRUint32 milli)
|
|||
void
|
||||
disableAllSSLCiphers(void)
|
||||
{
|
||||
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
|
||||
int i = SSL_NumImplementedCiphers;
|
||||
const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
|
||||
int i = SSL_GetNumImplementedCiphers();
|
||||
SECStatus rv;
|
||||
|
||||
/* disable all the SSL3 cipher suites */
|
||||
|
|
|
@ -68,6 +68,10 @@ SQLITE_SRCDIR = sqlite # Add the sqlite directory to DIRS.
|
|||
endif
|
||||
endif
|
||||
|
||||
ifeq ($(OS_ARCH),Linux)
|
||||
SYSINIT_SRCDIR = sysinit # Add the sysinit directory to DIRS.
|
||||
endif
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
|
|
@ -458,7 +458,7 @@ ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr)
|
|||
vt = SEC_ASN1_UTF8_STRING;
|
||||
}
|
||||
|
||||
derVal.data = valBuf;
|
||||
derVal.data = (unsigned char*) valBuf;
|
||||
derVal.len = valLen;
|
||||
a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal);
|
||||
}
|
||||
|
@ -981,7 +981,7 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict)
|
|||
|
||||
nameLen = strlen(tagName);
|
||||
valueLen = (useHex ? avaValue->len :
|
||||
cert_RFC1485_GetRequiredLen(avaValue->data, avaValue->len,
|
||||
cert_RFC1485_GetRequiredLen((char *)avaValue->data, avaValue->len,
|
||||
&mode));
|
||||
len = nameLen + valueLen + 2; /* Add 2 for '=' and trailing NUL */
|
||||
|
||||
|
@ -1194,8 +1194,8 @@ avaToString(PRArenaPool *arena, CERTAVA *ava)
|
|||
if(!avaValue) {
|
||||
return buf;
|
||||
}
|
||||
valueLen = cert_RFC1485_GetRequiredLen(avaValue->data, avaValue->len,
|
||||
NULL) + 1;
|
||||
valueLen = cert_RFC1485_GetRequiredLen((char *)avaValue->data,
|
||||
avaValue->len, NULL) + 1;
|
||||
if (arena) {
|
||||
buf = (char *)PORT_ArenaZAlloc(arena, valueLen);
|
||||
} else {
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
/*
|
||||
* Certificate handling code
|
||||
*
|
||||
* $Id: certdb.c,v 1.101 2009/05/18 21:33:25 nelson%bolyard.com Exp $
|
||||
* $Id: certdb.c,v 1.102 2010/02/10 02:00:57 wtc%google.com Exp $
|
||||
*/
|
||||
|
||||
#include "nssilock.h"
|
||||
|
@ -1553,14 +1553,16 @@ cert_VerifySubjectAltName(CERTCertificate *cert, const char *hn)
|
|||
*/
|
||||
int cnLen = current->name.other.len;
|
||||
rv = CERT_RFC1485_EscapeAndQuote(cn, cnBufLen,
|
||||
current->name.other.data, cnLen);
|
||||
(char *)current->name.other.data,
|
||||
cnLen);
|
||||
if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_OUTPUT_LEN) {
|
||||
cnBufLen = cnLen * 3 + 3; /* big enough for worst case */
|
||||
cn = (char *)PORT_ArenaAlloc(arena, cnBufLen);
|
||||
if (!cn)
|
||||
goto fail;
|
||||
rv = CERT_RFC1485_EscapeAndQuote(cn, cnBufLen,
|
||||
current->name.other.data, cnLen);
|
||||
(char *)current->name.other.data,
|
||||
cnLen);
|
||||
}
|
||||
if (rv == SECSuccess)
|
||||
rv = cert_TestHostName(cn ,hn);
|
||||
|
|
|
@ -590,7 +590,7 @@ CERT_CompareRDN(CERTRDN *a, CERTRDN *b)
|
|||
if (ac > bc) return SECGreaterThan;
|
||||
|
||||
while (NULL != (aava = *aavas++)) {
|
||||
for (bavas = b->avas; bava = *bavas++; ) {
|
||||
for (bavas = b->avas; NULL != (bava = *bavas++); ) {
|
||||
rv = SECITEM_CompareItem(&aava->type, &bava->type);
|
||||
if (SECEqual == rv) {
|
||||
rv = CERT_CompareAVA(aava, bava);
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: cryptohi.h,v 1.13 2009/09/23 22:51:56 wtc%google.com Exp $ */
|
||||
/* $Id: cryptohi.h,v 1.14 2010/02/10 00:49:43 wtc%google.com Exp $ */
|
||||
|
||||
#ifndef _CRYPTOHI_H_
|
||||
#define _CRYPTOHI_H_
|
||||
|
@ -137,7 +137,8 @@ extern SECStatus SGN_End(SGNContext *cx, SECItem *result);
|
|||
** "algid" the signature/hash algorithm to sign with
|
||||
** (must be compatible with the key type).
|
||||
*/
|
||||
extern SECStatus SEC_SignData(SECItem *result, unsigned char *buf, int len,
|
||||
extern SECStatus SEC_SignData(SECItem *result,
|
||||
const unsigned char *buf, int len,
|
||||
SECKEYPrivateKey *pk, SECOidTag algid);
|
||||
|
||||
/*
|
||||
|
@ -348,8 +349,8 @@ extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig,
|
|||
** the key type.
|
||||
** "wincx" void pointer to the window context
|
||||
*/
|
||||
extern SECStatus VFY_VerifyData(unsigned char *buf, int len,
|
||||
SECKEYPublicKey *key, SECItem *sig,
|
||||
extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
|
||||
const SECKEYPublicKey *key, const SECItem *sig,
|
||||
SECOidTag sigAlg, void *wincx);
|
||||
/*
|
||||
** Verify the signature on a block of data. The signature data is an RSA
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: secsign.c,v 1.21 2009/09/23 22:51:56 wtc%google.com Exp $ */
|
||||
/* $Id: secsign.c,v 1.22 2010/02/10 00:49:43 wtc%google.com Exp $ */
|
||||
|
||||
#include <stdio.h>
|
||||
#include "cryptohi.h"
|
||||
|
@ -277,7 +277,7 @@ SGN_End(SGNContext *cx, SECItem *result)
|
|||
** signature. Returns zero on success, an error code on failure.
|
||||
*/
|
||||
SECStatus
|
||||
SEC_SignData(SECItem *res, unsigned char *buf, int len,
|
||||
SEC_SignData(SECItem *res, const unsigned char *buf, int len,
|
||||
SECKEYPrivateKey *pk, SECOidTag algid)
|
||||
{
|
||||
SECStatus rv;
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: secvfy.c,v 1.22 2008/02/28 04:27:36 nelson%bolyard.com Exp $ */
|
||||
/* $Id: secvfy.c,v 1.23 2010/02/10 00:49:43 wtc%google.com Exp $ */
|
||||
|
||||
#include <stdio.h>
|
||||
#include "cryptohi.h"
|
||||
|
@ -721,8 +721,8 @@ VFY_VerifyDataDirect(const unsigned char *buf, int len,
|
|||
}
|
||||
|
||||
SECStatus
|
||||
VFY_VerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
|
||||
SECItem *sig, SECOidTag algid, void *wincx)
|
||||
VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
|
||||
const SECItem *sig, SECOidTag algid, void *wincx)
|
||||
{
|
||||
SECOidTag encAlg, hashAlg;
|
||||
SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg);
|
||||
|
|
|
@ -535,7 +535,7 @@ jar_parse_any(JAR *jar, int type, JAR_Signer *signer,
|
|||
}
|
||||
}
|
||||
|
||||
if (!x_name || !*x_name) {
|
||||
if (!*x_name) {
|
||||
/* Whatever that was, it wasn't an entry, because we didn't get a
|
||||
name. We don't really have anything, so don't record this. */
|
||||
continue;
|
||||
|
|
|
@ -120,7 +120,7 @@ pkix_List_Destroy(
|
|||
|
||||
/* We have a valid list. DecRef its item and recurse on next */
|
||||
PKIX_DECREF(list->item);
|
||||
while (nextItem = list->next) {
|
||||
while ((nextItem = list->next) != NULL) {
|
||||
list->next = nextItem->next;
|
||||
nextItem->next = NULL;
|
||||
PKIX_DECREF(nextItem);
|
||||
|
|
|
@ -43,6 +43,13 @@
|
|||
|
||||
#include "pkix_pl_pk11certstore.h"
|
||||
|
||||
/*
|
||||
* PKIX_DEFAULT_MAX_RESPONSE_LENGTH (64 * 1024) is too small for downloading
|
||||
* CRLs. We observed CRLs of sizes 338759 and 439035 in practice. So we
|
||||
* need to use a higher max response length for CRLs.
|
||||
*/
|
||||
#define PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH (512 * 1024)
|
||||
|
||||
/* --Private-Pk11CertStore-Functions---------------------------------- */
|
||||
|
||||
/*
|
||||
|
@ -871,6 +878,8 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
|
|||
|
||||
myHttpResponseDataLen =
|
||||
((PKIX_PL_NssContext*)plContext)->maxResponseLength;
|
||||
if (myHttpResponseDataLen < PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH)
|
||||
myHttpResponseDataLen = PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH;
|
||||
|
||||
/* We use a non-zero timeout, which means:
|
||||
- the client will use blocking I/O
|
||||
|
|
|
@ -55,7 +55,7 @@ DIRS = util freebl $(SQLITE_SRCDIR) softoken \
|
|||
$(ZLIB_SRCDIR) ssl \
|
||||
pkcs12 pkcs7 smime \
|
||||
crmf jar \
|
||||
ckfw \
|
||||
ckfw $(SYSINIT_SRCDIR) \
|
||||
$(NULL)
|
||||
|
||||
# fortcrypt is no longer built
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nss.h,v 1.74 2009/11/20 20:15:05 christophe.ravel.bugs%sun.com Exp $ */
|
||||
/* $Id: nss.h,v 1.76 2010/02/11 19:12:45 christophe.ravel.bugs%sun.com Exp $ */
|
||||
|
||||
#ifndef __nss_h_
|
||||
#define __nss_h_
|
||||
|
@ -66,12 +66,12 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.12.6.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VERSION "3.12.6.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 12
|
||||
#define NSS_VPATCH 6
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_BETA PR_TRUE
|
||||
#define NSS_BETA PR_FALSE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
||||
|
@ -263,11 +263,7 @@ extern SECStatus NSS_InitReadWrite(const char *configdir);
|
|||
NSS_INIT_NOPK11FINALIZE | \
|
||||
NSS_INIT_RESERVED
|
||||
|
||||
#ifdef macintosh
|
||||
#define SECMOD_DB "Security Modules"
|
||||
#else
|
||||
#define SECMOD_DB "secmod.db"
|
||||
#endif
|
||||
|
||||
typedef struct NSSInitContextStr NSSInitContext;
|
||||
|
||||
|
|
|
@ -1945,7 +1945,7 @@ PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
|
|||
nssPKIObjectCollection_Destroy(collection);
|
||||
return SECFailure;
|
||||
}
|
||||
(void *)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
(void)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
transfer_token_certs_to_collection(certList, tok, collection);
|
||||
instances = nssToken_FindObjects(tok, NULL, CKO_CERTIFICATE,
|
||||
tokenOnly, 0, &nssrv);
|
||||
|
|
|
@ -1134,6 +1134,12 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
|
|||
|
||||
for (; *index; index++) {
|
||||
SECMODModule *child;
|
||||
if (0 == PORT_Strcmp(*index, modulespec)) {
|
||||
/* avoid trivial infinite recursion */
|
||||
PORT_SetError(SEC_ERROR_NO_MODULE);
|
||||
rv = SECFailure;
|
||||
break;
|
||||
}
|
||||
child = SECMOD_LoadModule(*index,module,PR_TRUE);
|
||||
if (!child) break;
|
||||
if (child->isCritical && !child->loaded) {
|
||||
|
|
|
@ -360,7 +360,7 @@ notder:
|
|||
while ( cl >= NS_CERT_TRAILER_LEN ) {
|
||||
if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
|
||||
NS_CERT_TRAILER_LEN) ) {
|
||||
certend = (unsigned char *)cp;
|
||||
certend = cp;
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -383,7 +383,7 @@ notder:
|
|||
|
||||
*certend = 0;
|
||||
/* convert to binary */
|
||||
bincert = ATOB_AsciiToData(certbegin, &binLen);
|
||||
bincert = ATOB_AsciiToData((char *)certbegin, &binLen);
|
||||
if (!bincert) {
|
||||
rv = SECFailure;
|
||||
goto loser;
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.48 $ $Date: 2008/11/19 16:08:05 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.49 $ $Date: 2010/02/10 02:04:32 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef PKIM_H
|
||||
|
@ -499,7 +499,7 @@ nssTrustDomain_UpdateCachedTokenCerts (
|
|||
PRUint32 count;
|
||||
certList = nssList_Create(NULL, PR_FALSE);
|
||||
if (!certList) return PR_FAILURE;
|
||||
(void *)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
(void)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
count = nssList_Count(certList);
|
||||
if (count > 0) {
|
||||
cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.60 $ $Date: 2008/10/06 02:56:00 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.61 $ $Date: 2010/02/10 02:04:32 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef DEV_H
|
||||
|
@ -1048,7 +1048,7 @@ NSSTrustDomain_TraverseCertificates (
|
|||
certList = nssList_Create(NULL, PR_FALSE);
|
||||
if (!certList)
|
||||
return NULL;
|
||||
(void *)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
(void)nssTrustDomain_GetCertsFromCache(td, certList);
|
||||
cached = get_certs_from_list(certList);
|
||||
collection = nssCertificateCollection_Create(td, cached);
|
||||
nssCertificateArray_Destroy(cached);
|
||||
|
|
|
@ -71,11 +71,6 @@ CSRCS += unix_err.c
|
|||
endif
|
||||
endif
|
||||
|
||||
ifdef USE_SYSTEM_ZLIB
|
||||
DEFINES += -DNSS_ENABLE_ZLIB
|
||||
EXTRA_LIBS += $(ZLIB_LIBS)
|
||||
endif
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
|
|
@ -43,7 +43,6 @@ ifdef NSS_SURVIVE_DOUBLE_BYPASS_FAILURE
|
|||
DEFINES += -DNSS_SURVIVE_DOUBLE_BYPASS_FAILURE
|
||||
endif
|
||||
|
||||
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
|
||||
CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
|
||||
|
||||
EXTRA_LIBS += \
|
||||
|
@ -82,7 +81,6 @@ endif # NS_USE_GCC
|
|||
|
||||
else
|
||||
|
||||
# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
|
||||
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(DIST)/lib \
|
||||
|
@ -100,3 +98,23 @@ EXTRA_SHARED_LIBS += -lbe
|
|||
endif
|
||||
|
||||
endif
|
||||
|
||||
# Mozilla's mozilla/modules/zlib/src/zconf.h adds the MOZ_Z_ prefix to zlib
|
||||
# exported symbols, which causes problem when NSS is built as part of Mozilla.
|
||||
# So we add a NSS_ENABLE_ZLIB variable to allow Mozilla to turn this off.
|
||||
NSS_ENABLE_ZLIB = 1
|
||||
ifdef NSS_ENABLE_ZLIB
|
||||
|
||||
DEFINES += -DNSS_ENABLE_ZLIB
|
||||
|
||||
# If a platform has a system zlib, set USE_SYSTEM_ZLIB to 1 and
|
||||
# ZLIB_LIBS to the linker command-line arguments for the system zlib
|
||||
# (for example, -lz) in the platform's config file in coreconf.
|
||||
ifdef USE_SYSTEM_ZLIB
|
||||
OS_LIBS += $(ZLIB_LIBS)
|
||||
else
|
||||
ZLIB_LIBS = $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX)
|
||||
EXTRA_LIBS += $(ZLIB_LIBS)
|
||||
endif
|
||||
|
||||
endif
|
||||
|
|
|
@ -142,7 +142,9 @@ SSL_CanBypass;
|
|||
;+NSS_3.12.6 { # NSS 3.12.6 release
|
||||
;+ global:
|
||||
SSL_ConfigServerSessionIDCacheWithOpt;
|
||||
SSL_GetImplementedCiphers;
|
||||
SSL_GetNegotiatedHostInfo;
|
||||
SSL_GetNumImplementedCiphers;
|
||||
SSL_HandshakeNegotiatedExtension;
|
||||
SSL_ReconfigFD;
|
||||
SSL_SetTrustAnchors;
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl.h,v 1.35 2010/02/04 03:21:11 wtc%google.com Exp $ */
|
||||
/* $Id: ssl.h,v 1.36 2010/02/10 18:07:21 wtc%google.com Exp $ */
|
||||
|
||||
#ifndef __ssl_h_
|
||||
#define __ssl_h_
|
||||
|
@ -61,9 +61,15 @@ SEC_BEGIN_PROTOS
|
|||
/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
|
||||
SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
|
||||
|
||||
/* the same as the above, but is a function */
|
||||
SSL_IMPORT const PRUint16 *SSL_GetImplementedCiphers(void);
|
||||
|
||||
/* number of entries in the above table. */
|
||||
SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
|
||||
|
||||
/* the same as the above, but is a function */
|
||||
SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);
|
||||
|
||||
/* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
|
||||
#define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslenum.c,v 1.16 2008/12/17 06:09:19 nelson%bolyard.com Exp $ */
|
||||
/* $Id: sslenum.c,v 1.17 2010/02/10 18:07:21 wtc%google.com Exp $ */
|
||||
|
||||
#include "ssl.h"
|
||||
#include "sslproto.h"
|
||||
|
@ -54,6 +54,9 @@
|
|||
* such as AES and RC4 to allow servers that prefer Camellia to negotiate
|
||||
* Camellia without having to disable AES and RC4, which are needed for
|
||||
* interoperability with clients that don't yet implement Camellia.
|
||||
*
|
||||
* If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
|
||||
* in ssl3ecc.c.
|
||||
*/
|
||||
const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
/* 256-bit */
|
||||
|
@ -149,3 +152,14 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
const PRUint16 SSL_NumImplementedCiphers =
|
||||
(sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
|
||||
|
||||
const PRUint16 *
|
||||
SSL_GetImplementedCiphers(void)
|
||||
{
|
||||
return SSL_ImplementedCiphers;
|
||||
}
|
||||
|
||||
PRUint16
|
||||
SSL_GetNumImplementedCiphers(void)
|
||||
{
|
||||
return SSL_NumImplementedCiphers;
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslimpl.h,v 1.76 2010/02/04 03:08:45 wtc%google.com Exp $ */
|
||||
/* $Id: sslimpl.h,v 1.77 2010/02/10 00:33:50 wtc%google.com Exp $ */
|
||||
|
||||
#ifndef __sslimpl_h_
|
||||
#define __sslimpl_h_
|
||||
|
@ -130,11 +130,7 @@ extern int Debug;
|
|||
#define SSL_DBG(b)
|
||||
#endif
|
||||
|
||||
#ifdef macintosh
|
||||
#include "pprthred.h"
|
||||
#else
|
||||
#include "private/pprthred.h" /* for PR_InMonitor() */
|
||||
#endif
|
||||
#define ssl_InMonitor(m) PZ_InMonitor(m)
|
||||
|
||||
#define LSB(x) ((unsigned char) ((x) & 0xff))
|
||||
|
|
Двоичный файл не отображается.
|
@ -36,8 +36,7 @@
|
|||
#include "seccomon.h"
|
||||
#include "prio.h"
|
||||
#include "prprf.h"
|
||||
|
||||
|
||||
#include "plhash.h"
|
||||
|
||||
/*
|
||||
* The following provides a default example for operating systems to set up
|
||||
|
@ -52,6 +51,7 @@
|
|||
*/
|
||||
|
||||
#ifdef XP_UNIX
|
||||
#include <unistd.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
|
@ -110,12 +110,26 @@ getSystemDB(void) {
|
|||
return PORT_Strdup(NSS_DEFAULT_SYSTEM);
|
||||
}
|
||||
|
||||
static PRBool
|
||||
userIsRoot()
|
||||
{
|
||||
/* this works for linux and all unixes that we know off
|
||||
though it isn't stated as such in POSIX documentation */
|
||||
return getuid() == 0;
|
||||
}
|
||||
|
||||
static PRBool
|
||||
userCanModifySystemDB()
|
||||
{
|
||||
return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0);
|
||||
}
|
||||
|
||||
#else
|
||||
#ifdef XP_WIN
|
||||
static char *
|
||||
getUserDB(void)
|
||||
{
|
||||
/* use the registry to find the user's NSS_DIR. if no entry exists, creaate
|
||||
/* use the registry to find the user's NSS_DIR. if no entry exists, create
|
||||
* one in the users Appdir location */
|
||||
return NULL;
|
||||
}
|
||||
|
@ -123,13 +137,28 @@ getUserDB(void)
|
|||
static char *
|
||||
getSystemDB(void)
|
||||
{
|
||||
/* use the registry to find the system's NSS_DIR. if no entry exists, creaate
|
||||
/* use the registry to find the system's NSS_DIR. if no entry exists, create
|
||||
* one based on the windows system data area */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static PRBool
|
||||
userIsRoot()
|
||||
{
|
||||
/* use the registry to find if the user is the system administrator. */
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
static PRBool
|
||||
userCanModifySystemDB()
|
||||
{
|
||||
/* use the registry to find if the user has administrative privilege
|
||||
* to modify the system's nss database. */
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
#else
|
||||
#error "Need to write getUserDB and get SystemDB functions"
|
||||
#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -184,6 +213,25 @@ getFIPSMode(void)
|
|||
|
||||
#define NSS_DEFAULT_FLAGS "flags=readonly"
|
||||
|
||||
/* configuration flags according to
|
||||
* https://developer.mozilla.org/en/PKCS11_Module_Specs
|
||||
* As stated there the slotParams start with a slot name which is a slotID
|
||||
* Slots 1 through 3 are reserved for the nss internal modules as follows:
|
||||
* 1 for crypto operations slot non-fips,
|
||||
* 2 for the key slot, and
|
||||
* 3 for the crypto operations slot fips
|
||||
*/
|
||||
#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
|
||||
#define SLOT_FLAGS \
|
||||
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
|
||||
" askpw=any timeout=30 ]"
|
||||
|
||||
static const char *nssDefaultFlags =
|
||||
ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
|
||||
static const char *nssDefaultFIPSFlags =
|
||||
ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
|
||||
/*
|
||||
* This function builds the list of databases and modules to load, and sets
|
||||
* their configuration. For the sample we have a fixed set.
|
||||
|
@ -201,8 +249,10 @@ getFIPSMode(void)
|
|||
static char **
|
||||
get_list(char *filename, char *stripped_parameters)
|
||||
{
|
||||
char **module_list = PORT_ZNewArray(char *, 4);
|
||||
char *userdb;
|
||||
char **module_list = PORT_ZNewArray(char *, 5);
|
||||
char *userdb, *sysdb;
|
||||
int isFIPS = getFIPSMode();
|
||||
const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
|
||||
int next = 0;
|
||||
|
||||
/* can't get any space */
|
||||
|
@ -210,15 +260,19 @@ get_list(char *filename, char *stripped_parameters)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
sysdb = getSystemDB();
|
||||
userdb = getUserDB();
|
||||
if (userdb != NULL) {
|
||||
|
||||
/* Don't open root's user DB */
|
||||
if (userdb != NULL && !userIsRoot()) {
|
||||
/* return a list of databases to open. First the user Database */
|
||||
module_list[next++] = PR_smprintf(
|
||||
"library= "
|
||||
"module=\"NSS User database\" "
|
||||
"parameters=\"configdir='sql:%s' %s\" "
|
||||
"NSS=\"flags=internal%s\"",
|
||||
userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
|
||||
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
|
||||
"NSS=\"%sflags=internal%s\"",
|
||||
userdb, stripped_parameters, nssflags,
|
||||
isFIPS ? ",FIPS" : "");
|
||||
|
||||
/* now open the user's defined PKCS #11 modules */
|
||||
/* skip the local user DB entry */
|
||||
|
@ -230,17 +284,45 @@ get_list(char *filename, char *stripped_parameters)
|
|||
userdb, stripped_parameters);
|
||||
}
|
||||
|
||||
/* now the system database (always read only) */
|
||||
#if 0
|
||||
/* This doesn't actually work. If we register
|
||||
both this and the sysdb (in either order)
|
||||
then only one of them actually shows up */
|
||||
|
||||
/* Using a NULL filename as a Boolean flag to
|
||||
* prevent registering both an application-defined
|
||||
* db and the system db. rhbz #546211.
|
||||
*/
|
||||
PORT_Assert(filename);
|
||||
if (sysdb && PL_CompareStrings(filename, sysdb))
|
||||
filename = NULL;
|
||||
else if (userdb && PL_CompareStrings(filename, userdb))
|
||||
filename = NULL;
|
||||
|
||||
if (filename && !userIsRoot()) {
|
||||
module_list[next++] = PR_smprintf(
|
||||
"library= "
|
||||
"module=\"NSS database\" "
|
||||
"parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
|
||||
"NSS=\"%sflags=internal\"",filename, filename, nssflags);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* now the system database (always read only unless it's root) */
|
||||
if (sysdb) {
|
||||
const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
|
||||
module_list[next++] = PR_smprintf(
|
||||
"library= "
|
||||
"module=\"NSS system database\" "
|
||||
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
|
||||
"NSS=\"flags=internal,critical\"",filename);
|
||||
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
||||
"NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
}
|
||||
|
||||
/* that was the last module */
|
||||
module_list[next] = 0;
|
||||
|
||||
PORT_Free(userdb);
|
||||
PORT_Free(sysdb);
|
||||
|
||||
return module_list;
|
||||
}
|
||||
|
|
|
@ -95,7 +95,6 @@ CSRCS = \
|
|||
secoid.c \
|
||||
sectime.c \
|
||||
secport.c \
|
||||
secinit.c \
|
||||
templates.c \
|
||||
utf8.c \
|
||||
$(NULL)
|
||||
|
|
|
@ -51,11 +51,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.12.6.0 Beta"
|
||||
#define NSSUTIL_VERSION "3.12.6.0"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 12
|
||||
#define NSSUTIL_VPATCH 6
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
|
||||
#endif /* __nssutil_h_ */
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nspr.h"
|
||||
#include "secport.h"
|
||||
|
||||
static int sec_inited = 0;
|
||||
|
||||
void
|
||||
SEC_Init(void)
|
||||
{
|
||||
/* PR_Init() must be called before SEC_Init() */
|
||||
#if !defined(SERVER_BUILD)
|
||||
PORT_Assert(PR_Initialized() == PR_TRUE);
|
||||
#endif
|
||||
if (sec_inited)
|
||||
return;
|
||||
|
||||
sec_inited = 1;
|
||||
}
|
|
@ -42,6 +42,26 @@
|
|||
#include "prenv.h"
|
||||
#include "plhash.h"
|
||||
#include "nssrwlk.h"
|
||||
#include "nssutil.h"
|
||||
|
||||
/* Library identity and versioning */
|
||||
|
||||
#if defined(DEBUG)
|
||||
#define _DEBUG_STRING " (debug)"
|
||||
#else
|
||||
#define _DEBUG_STRING ""
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Version information for the 'ident' and 'what commands
|
||||
*
|
||||
* NOTE: the first component of the concatenated rcsid string
|
||||
* must not end in a '$' to prevent rcs keyword substitution.
|
||||
*/
|
||||
const char __nss_util_rcsid[] = "$Header: NSS " NSSUTIL_VERSION _DEBUG_STRING
|
||||
" " __DATE__ " " __TIME__ " $";
|
||||
const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING
|
||||
" " __DATE__ " " __TIME__;
|
||||
|
||||
/* MISSI Mosaic Object ID space */
|
||||
#define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
|
||||
|
@ -1861,6 +1881,9 @@ SECOID_Init(void)
|
|||
const SECOidData *oid;
|
||||
int i;
|
||||
char * envVal;
|
||||
volatile char c; /* force a reference that won't get optimized away */
|
||||
|
||||
c = __nss_util_rcsid[0] + __nss_util_sccsid[0];
|
||||
|
||||
if (oidhash) {
|
||||
return SECSuccess; /* already initialized */
|
||||
|
|
|
@ -426,6 +426,7 @@ run_strsclnt()
|
|||
"Tstclnt produced a returncode of ${ret} - FAILED"
|
||||
fi
|
||||
|
||||
sleep 20
|
||||
kill $(jobs -p) 2> /dev/null
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче