Update NSS to NSS_3_15_BETA2.

nss/lib/pkcs7/p7decode.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * PKCS7 decoding, verification.
  *
  * $Id$
  */
 
@@ skipping 1228 matching lines @@
      * more complicated before I am finished, so...
      */
     if (signerinfos != NULL && signerinfos[0] != NULL)
         return PR_TRUE;
     else
         return PR_FALSE;
 }
 
 
 /*
- * SEC_PKCS7ContentVerifySignature
+ * sec_pkcs7_verify_signature
+ *
  *      Look at a PKCS7 contentInfo and check if the signature is good.
  *      The digest was either calculated earlier (and is stored in the
  *      contentInfo itself) or is passed in via "detached_digest".
  *
  *      The verification checks that the signing cert is valid and trusted
- *      for the purpose specified by "certusage".
+ *      for the purpose specified by "certusage" at
+ *      - "*atTime" if "atTime" is not null, or
+ *      - the signing time if the signing time is available in "cinfo", or
+ *      - the current time (as returned by PR_Now).
  *
  *      In addition, if "keepcerts" is true, add any new certificates found
  *      into our local database.
  *
  * XXX Each place which returns PR_FALSE should be sure to have a good
  * error set for inspection by the caller.  Alternatively, we could create
  * an enumeration of success and each type of failure and return that
  * instead of a boolean.  For now, the default in a bad situation is to
  * set the error to SEC_ERROR_PKCS7_BAD_SIGNATURE.  But this should be
  * reviewed; better (more specific) errors should be possible (to distinguish
  * a signature failure from a badly-formed pkcs7 signedData, for example).
  * Some of the errors should probably just be SEC_ERROR_BAD_SIGNATURE,
  * but that has a less helpful error string associated with it right now;
  * if/when that changes, review and change these as needed.
  *
  * XXX This is broken wrt signedAndEnvelopedData.  In that case, the
  * message digest is doubly encrypted -- first encrypted with the signer
  * private key but then again encrypted with the bulk encryption key used
  * to encrypt the content.  So before we can pass the digest to VerifyDigest,
  * we need to decrypt it with the bulk encryption key.  Also, in this case,
  * there should be NO authenticatedAttributes (signerinfo->authAttr should
  * be NULL).
  */
 static PRBool
 sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
                            SECCertUsage certusage,
                            const SECItem *detached_digest,
                            HASH_HashType digest_type,
-                           PRBool keepcerts)
+                           PRBool keepcerts,
+                           const PRTime *atTime)
 {
     SECAlgorithmID **digestalgs, *bulkid;
     const SECItem *digest;
     SECItem **digests;
     SECItem **rawcerts;
     CERTSignedCrl **crls;
     SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
     CERTCertificate *cert, **certs;
     PRBool goodsig;
     CERTCertDBHandle *certdb, *defaultdb; 
     SECOidTag encTag,digestTag;
     HASH_HashType found_type;
     int i, certcount;
     SECKEYPublicKey *publickey;
     SECItem *content_type;
     PK11SymKey *sigkey;
     SECItem *encoded_stime;
-    int64 stime;
+    PRTime stime;
+    PRTime verificationTime;
     SECStatus rv;
 
     /*
      * Everything needed in order to "goto done" safely.
      */
     goodsig = PR_FALSE;
     certcount = 0;
     cert = NULL;
     certs = NULL;
     certdb = NULL;
@@ skipping 116 matching lines @@
     }
 
     /*
      * XXX  This uses the signing time, if available.  Additionally, we
      * might want to, if there is no signing time, get the message time
      * from the mail header itself, and use that.  That would require
      * a change to our interface though, and for S/MIME callers to pass
      * in a time (and for non-S/MIME callers to pass in nothing, or
      * maybe make them pass in the current time, always?).
      */
-    if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage,
-                         encoded_stime != NULL ? stime : PR_Now(),
+    if (atTime) {
+        verificationTime = *atTime;
+    } else if (encoded_stime != NULL) {
+        verificationTime = stime;
+    } else {
+        verificationTime = PR_Now();
+    }
+    if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, verificationTime,
                          cinfo->pwfn_arg, NULL) != SECSuccess)
         {
         /*
          * XXX Give the user an option to check the signature anyway?
          * If we want to do this, need to give a way to leave and display
          * some dialog and get the answer and come back through (or do
          * the rest of what we do below elsewhere, maybe by putting it
          * in a function that we call below and could call from a dialog
          * finish handler).
          */
@@ skipping 60 matching lines @@
 
         digest = digests[i];
     }
 
     encTag = SECOID_FindOIDTag(&(signerinfo->digestEncAlg.algorithm));
     if (encTag == SEC_OID_UNKNOWN) {
         PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
         goto done;
     }
 
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
-    if (encTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
-        PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
-        goto done;
-    }
-#endif
-
-
     if (signerinfo->authAttr != NULL) {
         SEC_PKCS7Attribute *attr;
         SECItem *value;
         SECItem encoded_attrs;
 
         /*
          * We have a sigkey only for signedAndEnvelopedData, which is
          * not supposed to have any authenticated attributes.
          */
         if (sigkey != NULL) {
@@ skipping 44 matching lines @@
         encoded_attrs.len = 0;
         if (sec_PKCS7EncodeAttributes (NULL, &encoded_attrs,
                                        &(signerinfo->authAttr)) == NULL)
             goto done;
 
         if (encoded_attrs.data == NULL || encoded_attrs.len == 0) {
             PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
             goto done;
         }
 
-
         goodsig = (PRBool)(VFY_VerifyDataDirect(encoded_attrs.data, 
                                    encoded_attrs.len,
                                    publickey, &(signerinfo->encDigest),
                                    encTag, digestTag, NULL,
                                    cinfo->pwfn_arg) == SECSuccess);
         PORT_Free (encoded_attrs.data);
     } else {
         SECItem *sig;
         SECItem holder;
         SECStatus rv;
@@ skipping 146 matching lines @@
  *
  *      In addition, if "keepcerts" is true, add any new certificates found
  *      into our local database.
  */
 PRBool
 SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
                          SECCertUsage certusage,
                          PRBool keepcerts)
 {
     return sec_pkcs7_verify_signature (cinfo, certusage,
-                                       NULL, HASH_AlgNULL, keepcerts);
+                                       NULL, HASH_AlgNULL, keepcerts, 0);

[wtc, 2013/04/24 22:49:45]

This 0 should be NULL.

 }
 
 /*
  * SEC_PKCS7VerifyDetachedSignature
  *      Look at a PKCS7 contentInfo and check if the signature matches
  *      a passed-in digest (calculated, supposedly, from detached contents).
  *      The verification checks that the signing cert is valid and trusted
  *      for the purpose specified by "certusage".
  *
  *      In addition, if "keepcerts" is true, add any new certificates found
  *      into our local database.
  */
 PRBool
 SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
                                  SECCertUsage certusage,
                                  const SECItem *detached_digest,
                                  HASH_HashType digest_type,
                                  PRBool keepcerts)
 {
     return sec_pkcs7_verify_signature (cinfo, certusage,
                                        detached_digest, digest_type,
-                                       keepcerts);
+                                       keepcerts, NULL);
 }
 
+/*
+ * SEC_PKCS7VerifyDetachedSignatureAtTime
+ *      Look at a PKCS7 contentInfo and check if the signature matches
+ *      a passed-in digest (calculated, supposedly, from detached contents).
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage" at time "atTime".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+PRBool
+SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
+                                       SECCertUsage certusage,
+                                       const SECItem *detached_digest,
+                                       HASH_HashType digest_type,
+                                       PRBool keepcerts,
+                                       PRTime atTime)
+{
+    return sec_pkcs7_verify_signature (cinfo, certusage,
+                                       detached_digest, digest_type,
+                                       keepcerts, &atTime);
+}
 
 /*
  * Return the asked-for portion of the name of the signer of a PKCS7
  * signed object.
  *
  * Returns a pointer to allocated memory, which must be freed.
  * A NULL return value is an error.
  */
 
 #define sec_common_name 1
@@ skipping 42 matching lines @@
     /*
      * No cert there; see if we can find one by calling verify ourselves.
      */
     if (signercert == NULL) {
         /*
          * The cert usage does not matter in this case, because we do not
          * actually care about the verification itself, but we have to pick
          * some valid usage to pass in.
          */
         (void) sec_pkcs7_verify_signature (cinfo, certUsageEmailSigner,
-                                           NULL, HASH_AlgNULL, PR_FALSE);
+                                           NULL, HASH_AlgNULL, PR_FALSE, 0);

[wtc, 2013/04/24 22:49:45]

This 0 should be NULL.

         signercert = signerinfos[0]->cert;
         if (signercert == NULL)
             return NULL;
     }
 
     switch (selector) {
       case sec_common_name:
         container = CERT_GetCommonName (&signercert->subject);
         break;
       case sec_email_address:
@@ skipping 42 matching lines @@
     /*
      * No signature, or more than one, means no deal.
      */
     if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
         return NULL;
 
     attr = sec_PKCS7FindAttribute (signerinfos[0]->authAttr,
                                    SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
     return sec_PKCS7AttributeValue (attr);
 }