Bug 695833: Update NSS to NSS_3_13_1_BETA2. Includes fixes for

bug 647706 and bug 691997.  See individual bugs for code reviews.
This commit is contained in:
Wan-Teh Chang 2011-10-22 17:46:33 -07:00
Родитель c33af222ee
Коммит 8e6c1d757c
19 изменённых файлов: 50 добавлений и 128 удалений

Просмотреть файл

@ -42,3 +42,4 @@
*/
#error "Do not include this header file."

Просмотреть файл

@ -1 +1 @@
NSS_3_13_1_BETA1
NSS_3_13_1_BETA2

Просмотреть файл

@ -3763,6 +3763,8 @@ SECU_StringToSignatureAlgTag(const char *alg)
hashAlgTag = SEC_OID_MD5;
} else if (!PL_strcmp(alg, "SHA1")) {
hashAlgTag = SEC_OID_SHA1;
} else if (!PL_strcmp(alg, "SHA224")) {
hashAlgTag = SEC_OID_SHA224;
} else if (!PL_strcmp(alg, "SHA256")) {
hashAlgTag = SEC_OID_SHA256;
} else if (!PL_strcmp(alg, "SHA384")) {

Просмотреть файл

@ -550,6 +550,7 @@ seckey_GetKeyType (SECOidTag tag) {
* should be handing us a cipher type */
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:

Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: secsign.c,v 1.26 2011/07/24 13:48:12 wtc%google.com Exp $ */
/* $Id: secsign.c,v 1.27 2011/10/22 14:35:42 wtc%google.com Exp $ */
#include <stdio.h>
#include "cryptohi.h"
@ -478,6 +478,8 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
case SEC_OID_UNKNOWN: /* default for RSA if not specified */
case SEC_OID_SHA1:
sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break;
case SEC_OID_SHA224:
sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; break;
case SEC_OID_SHA256:
sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break;
case SEC_OID_SHA384:
@ -502,6 +504,8 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
case SEC_OID_SHA1:
sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break;
case SEC_OID_SHA224:
sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break;
case SEC_OID_SHA256:
sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break;
case SEC_OID_SHA384:

Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: secvfy.c,v 1.24 2010/06/23 02:13:56 wtc%google.com Exp $ */
/* $Id: secvfy.c,v 1.25 2011/10/22 14:35:42 wtc%google.com Exp $ */
#include <stdio.h>
#include "cryptohi.h"
@ -241,6 +241,10 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
*hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
break;
case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
*hashalg = SEC_OID_SHA224;
break;
case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
*hashalg = SEC_OID_SHA256;
@ -276,9 +280,7 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
if (len < 28) { /* 28 bytes == 224 bits */
*hashalg = SEC_OID_SHA1;
} else if (len < 32) { /* 32 bytes == 256 bits */
/* SHA 224 not supported in NSS */
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return SECFailure;
*hashalg = SEC_OID_SHA224;
} else if (len < 48) { /* 48 bytes == 384 bits */
*hashalg = SEC_OID_SHA256;
} else if (len < 64) { /* 48 bytes == 512 bits */
@ -323,6 +325,7 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
@ -344,6 +347,7 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
*encalg = SEC_OID_MISSI_DSS;
break;
case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:

Просмотреть файл

@ -563,6 +563,7 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
case CKM_MD2_RSA_PKCS:
case CKM_MD5_RSA_PKCS:
case CKM_SHA1_RSA_PKCS:
case CKM_SHA224_RSA_PKCS:
case CKM_SHA256_RSA_PKCS:
case CKM_SHA384_RSA_PKCS:
case CKM_SHA512_RSA_PKCS:
@ -596,6 +597,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
return CKM_SSL3_PRE_MASTER_KEY_GEN;
case CKM_SHA_1_HMAC:
case CKM_SHA_1_HMAC_GENERAL:
case CKM_SHA224_HMAC:
case CKM_SHA224_HMAC_GENERAL:
case CKM_SHA256_HMAC:
case CKM_SHA256_HMAC_GENERAL:
case CKM_SHA384_HMAC:

Просмотреть файл

@ -59,7 +59,7 @@
/*
* This array helps parsing between names, mechanisms, and flags.
* to make the config files understand more entries, add them
* to this table. (NOTE: we need function to export this table and it's size)
* to this table. (NOTE: we need function to export this table and its size)
*/
PK11DefaultArrayEntry PK11_DefaultArray[] = {
{ "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
@ -73,6 +73,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = {
{ "SEED", SECMOD_SEED_FLAG, CKM_SEED_CBC },
{ "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },
{ "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 },
/* { "SHA224", SECMOD_SHA256_FLAG, CKM_SHA224 }, */
{ "SHA256", SECMOD_SHA256_FLAG, CKM_SHA256 },
/* { "SHA384", SECMOD_SHA512_FLAG, CKM_SHA384 }, */
{ "SHA512", SECMOD_SHA512_FLAG, CKM_SHA512 },
@ -857,6 +858,7 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type)
return &pk11_rc5SlotList;
case CKM_SHA_1:
return &pk11_sha1SlotList;
case CKM_SHA224:
case CKM_SHA256:
return &pk11_sha256SlotList;
case CKM_SHA384:
@ -2024,6 +2026,7 @@ PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int mech_count, void *wincx)
for (i=0; i < mech_count; i++) {
if ((type[i] != CKM_FAKE_RANDOM) &&
(type[i] != CKM_SHA_1) &&
(type[i] != CKM_SHA224) &&
(type[i] != CKM_SHA256) &&
(type[i] != CKM_SHA384) &&
(type[i] != CKM_SHA512) &&

Просмотреть файл

@ -62,6 +62,8 @@ sec_pkcs12_algtag_to_mech(SECOidTag algtag)
return CKM_MD5_HMAC;
case SEC_OID_SHA1:
return CKM_SHA_1_HMAC;
case SEC_OID_SHA224:
return CKM_SHA224_HMAC;
case SEC_OID_SHA256:
return CKM_SHA256_HMAC;
case SEC_OID_SHA384:

Просмотреть файл

@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: rsawrapr.c,v 1.18 2011/10/04 22:05:53 wtc%google.com Exp $ */
/* $Id: rsawrapr.c,v 1.19 2011/10/22 14:35:43 wtc%google.com Exp $ */
#include "blapi.h"
#include "softoken.h"
@ -1169,11 +1169,13 @@ emsa_pss_verify(const unsigned char *mHash,
static HASH_HashType
GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech)
{
/* TODO(wtc): add SHA-224. */
switch (mech) {
case CKM_SHA_1:
case CKG_MGF1_SHA1:
return HASH_AlgSHA1;
case CKM_SHA224:
case CKG_MGF1_SHA224:
return HASH_AlgSHA224;
case CKM_SHA256:
case CKG_MGF1_SHA256:
return HASH_AlgSHA256;

Просмотреть файл

@ -40,7 +40,7 @@
* ***** END LICENSE BLOCK ***** */
/* ECC code moved here from ssl3con.c */
/* $Id: ssl3ecc.c,v 1.24 2010/03/15 08:03:14 nelson%bolyard.com Exp $ */
/* $Id: ssl3ecc.c,v 1.25 2011/10/22 14:35:44 wtc%google.com Exp $ */
#include "nss.h"
#include "cert.h"
@ -968,6 +968,7 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss)
case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:

Просмотреть файл

@ -38,7 +38,6 @@
#include "prinit.h"
#include "nssutil.h"
#include "ssl.h"
#include "sslerrstrs.h"
#define ER3(name, value, str) {#name, str},
@ -59,8 +58,9 @@ ssl_InitializePRErrorTableOnce(void) {
static PRCallOnceType once;
PRStatus
SECStatus
ssl_InitializePRErrorTable(void)
{
return PR_CallOnce(&once, ssl_InitializePRErrorTableOnce);
return (PR_SUCCESS == PR_CallOnce(&once, ssl_InitializePRErrorTableOnce))
? SECSuccess : SECFailure;
}

Просмотреть файл

@ -1,53 +0,0 @@
/*
* This file contains prototypes for the public SSL functions.
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslerrstrs.h,v 1.1 2011/08/17 14:41:02 emaldona%redhat.com Exp $ */
#ifndef __sslerrstrs_h_
#define __sslerrstrs_h_
#include "prtypes.h"
SEC_BEGIN_PROTOS
extern PRStatus
ssl_InitializePRErrorTable(void);
SEC_END_PROTOS
#endif /* __sslerrstrs_h_ */

Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslimpl.h,v 1.83 2011/10/01 03:59:54 bsmith%mozilla.com Exp $ */
/* $Id: sslimpl.h,v 1.84 2011/10/22 16:45:40 emaldona%redhat.com Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@ -1151,6 +1151,10 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
SEC_BEGIN_PROTOS
/* Internal initialization and installation of the SSL error tables */
extern SECStatus ssl_Init(void);
extern SECStatus ssl_InitializePRErrorTable(void);
/* Implementation of ops for default (non socks, non secure) case */
extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);

Просмотреть файл

@ -36,14 +36,14 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslinit.c,v 1.1 2011/08/17 14:41:05 emaldona%redhat.com Exp $ */
/* $Id: sslinit.c,v 1.2 2011/10/22 16:45:40 emaldona%redhat.com Exp $ */
#include "prtypes.h"
#include "prinit.h"
#include "seccomon.h"
#include "secerr.h"
#include "ssl.h"
#include "sslerrstrs.h"
#include "sslimpl.h"
static int ssl_inited = 0;
@ -51,8 +51,9 @@ SECStatus
ssl_Init(void)
{
if (!ssl_inited) {
if (ssl_InitializePRErrorTable() == PR_FAILURE) {
return (SEC_ERROR_NO_MEMORY);
if (ssl_InitializePRErrorTable() != SECSuccess) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return (SECFailure);
}
ssl_inited = 1;
}

Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsnce.c,v 1.58 2011/10/01 00:11:02 wtc%google.com Exp $ */
/* $Id: sslsnce.c,v 1.59 2011/10/22 16:45:40 emaldona%redhat.com Exp $ */
/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
* cache sids!
@ -83,7 +83,6 @@
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
#include "sslutil.h"
#include "pk11func.h"
#include "base64.h"
#include "keyhi.h"

Просмотреть файл

@ -40,14 +40,13 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsock.c,v 1.74 2011/10/06 22:42:34 wtc%google.com Exp $ */
/* $Id: sslsock.c,v 1.75 2011/10/22 16:45:40 emaldona%redhat.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
#include "sslutil.h"
#include "nspr.h"
#include "private/pprio.h"
#include "blapi.h"

Просмотреть файл

@ -1,53 +0,0 @@
/*
* This file contains prototypes for the public SSL functions.
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslutil.h,v 1.1 2011/08/17 14:41:20 emaldona%redhat.com Exp $ */
#ifndef __sslutil_h_
#define __sslutil_h_
#include "prtypes.h"
SEC_BEGIN_PROTOS
extern PRStatus SSL_InitializePRErrorTable(void);
extern SECStatus ssl_Init(void);
SEC_END_PROTOS
#endif /* __sslutil_h_ */

Просмотреть файл

@ -70,6 +70,7 @@ SECOID_SetAlgorithmID(PRArenaPool *arena, SECAlgorithmID *id, SECOidTag which,
case SEC_OID_MD4:
case SEC_OID_MD5:
case SEC_OID_SHA1:
case SEC_OID_SHA224:
case SEC_OID_SHA256:
case SEC_OID_SHA384:
case SEC_OID_SHA512:
@ -78,6 +79,7 @@ SECOID_SetAlgorithmID(PRArenaPool *arena, SECAlgorithmID *id, SECOidTag which,
case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: