| author | Kai Engert <kaie@kuix.de> |
| Thu, 20 Nov 2014 20:29:15 +0100 | |
| changeset 216697 | 78275e2f0b36093f6f3fffe1bf9cba943ad7eb08 |
| parent 216696 | 57e7c5f093ea7b2e0263e09a316dfdc35a0428be |
| child 216698 | 7f9005cad6e04e1c9c596389b6d47369c0be1f45 |
| push id | 27858 |
| push user | kwierso@gmail.com |
| push date | Fri, 21 Nov 2014 01:35:46 +0000 |
| treeherder | mozilla-central@6309710dd71d [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | wtc |
| bugs | 1088969 |
| milestone | 36.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1,1 +1,1 @@ -NSS_3_18_BETA2 +NSS_3_18_BETA3
--- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -5,9 +5,8 @@ /* * A dummy header file that is a dependency for all the object files. * Used to force a full recompilation of NSS in Mozilla's Tinderbox * depend builds. See comments in rules.mk. */ #error "Do not include this header file." -
--- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -242,37 +242,38 @@ STAN_GetCertIdentifierFromDER(NSSArena * return NULL; } rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data); PORT_FreeArena(arena,PR_FALSE); return rvKey; } NSS_IMPLEMENT PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial) { - SECStatus secrv; - SECItem derCert; + SECItem derCert = { 0 }; SECItem derIssuer = { 0 }; SECItem derSerial = { 0 }; - SECITEM_FROM_NSSITEM(&derCert, der); - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); + SECStatus secrv; + derCert.data = (unsigned char *)der->data; + derCert.len = der->size; + secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); if (secrv != SECSuccess) { return PR_FAILURE; } - (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); + secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); if (secrv != SECSuccess) { PORT_Free(derSerial.data); return PR_FAILURE; } - (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data); - PORT_Free(derSerial.data); - PORT_Free(derIssuer.data); + issuer->data = derIssuer.data; + issuer->size = derIssuer.len; + serial->data = derSerial.data; + serial->size = derSerial.len; return PR_SUCCESS; } static NSSItem * nss3certificate_getIdentifier(nssDecodedCert *dc) { NSSItem *rvID; CERTCertificate *c = (CERTCertificate *)dc->data;
--- a/security/nss/lib/pki/pki3hack.h +++ b/security/nss/lib/pki/pki3hack.h @@ -72,17 +72,17 @@ nssTrust_GetCERTCertTrustForCert(NSSCert NSS_EXTERN PRStatus STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c); NSS_EXTERN PRStatus STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust); NSS_EXTERN PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial); NSS_EXTERN char * STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c); NSS_EXTERN char * STAN_GetCERTCertificateNameForInstance(PLArenaPool *arenaOpt, NSSCertificate *c,
--- a/security/nss/lib/pki/pkistore.c +++ b/security/nss/lib/pki/pkistore.c @@ -18,16 +18,17 @@ #include "base.h" #endif /* BASE_H */ #ifndef PKISTORE_H #include "pkistore.h" #endif /* PKISTORE_H */ #include "cert.h" +#include "pki3hack.h" #include "prbit.h" /* * Certificate Store * * This differs from the cache in that it is a true storage facility. Items * stay in until they are explicitly removed. It is only used by crypto @@ -549,53 +550,26 @@ nssCertificateStore_FindCertificateByIss PZ_Lock(store->lock); rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked ( store, issuer, serial); PZ_Unlock(store->lock); return rvCert; } -static PRStatus -issuer_and_serial_from_encoding ( - NSSBER *encoding, - NSSDER *issuer, - NSSDER *serial -) -{ - SECItem derCert, derIssuer, derSerial; - SECStatus secrv; - derCert.data = (unsigned char *)encoding->data; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - PORT_Free(derIssuer.data); - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - NSS_IMPLEMENT NSSCertificate * nssCertificateStore_FindCertificateByEncodedCertificate ( nssCertificateStore *store, NSSDER *encoding ) { PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert = NULL; - nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store, &issuer, &serial); PORT_Free(issuer.data); PORT_Free(serial.data);
--- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -1041,55 +1041,29 @@ nssTrustDomain_GetCertForIssuerAndSNFrom #ifdef DEBUG_CACHE PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits)); #endif } PZ_Unlock(td->cache->lock); return rvCert; } -static PRStatus -issuer_and_serial_from_encoding ( - NSSBER *encoding, - NSSDER *issuer, - NSSDER *serial -) -{ - SECItem derCert, derIssuer, derSerial; - SECStatus secrv; - derCert.data = (unsigned char *)encoding->data; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - /* * Look for a specific cert in the cache */ NSS_IMPLEMENT NSSCertificate * nssTrustDomain_GetCertByDERFromCache ( NSSTrustDomain *td, NSSDER *der ) { PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert; - nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } #ifdef DEBUG_CACHE log_item_dump("looking for cert by DER", der); #endif rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, &issuer, &serial);
--- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -826,30 +826,26 @@ nssTrustDomain_FindCertificateByEncodedC NSSTrustDomain *td, NSSBER *ber ) { PRStatus status; NSSCertificate *rvCert = NULL; NSSDER issuer = { 0 }; NSSDER serial = { 0 }; - NSSArena *arena = nssArena_Create(); - if (!arena) { - return (NSSCertificate *)NULL; - } /* XXX this is not generic... will any cert crack into issuer/serial? */ - status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial); + status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial); if (status != PR_SUCCESS) { - goto finish; + return NULL; } rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, &issuer, &serial); -finish: - nssArena_Destroy(arena); + PORT_Free(issuer.data); + PORT_Free(serial.data); return rvCert; } NSS_IMPLEMENT NSSCertificate * NSSTrustDomain_FindCertificateByEncodedCertificate ( NSSTrustDomain *td, NSSBER *ber )