Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(118)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/certhigh/ocsp.c

Issue 70673004: Update to NSS 3.15.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Update to NSS 3.15.3 Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/lib/certhigh/certvfy.c ('k') | nss/lib/cryptohi/cryptohi.h » ('j') | nss/lib/util/utilmod.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 /* 5 /*
6 * Implementation of OCSP services, for both client and server. 6 * Implementation of OCSP services, for both client and server.
7 * (XXX, really, mostly just for client right now, but intended to do both.) 7 * (XXX, really, mostly just for client right now, but intended to do both.)
8 */ 8 */
9 9
10 #include "prerror.h" 10 #include "prerror.h"
(...skipping 3787 matching lines...) Expand 10 before | Expand all | Expand 10 after
3798 3798
3799 return signerCert; 3799 return signerCert;
3800 } 3800 }
3801 3801
3802 SECStatus 3802 SECStatus
3803 ocsp_VerifyResponseSignature(CERTCertificate *signerCert, 3803 ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
3804 ocspSignature *signature, 3804 ocspSignature *signature,
3805 SECItem *tbsResponseDataDER, 3805 SECItem *tbsResponseDataDER,
3806 void *pwArg) 3806 void *pwArg)
3807 { 3807 {
3808 SECItem rawSignature;
3809 SECKEYPublicKey *signerKey = NULL; 3808 SECKEYPublicKey *signerKey = NULL;
3810 SECStatus rv = SECFailure; 3809 SECStatus rv = SECFailure;
3810 CERTSignedData signedData;
wtc 2013/11/12 23:01:19 The changes in this file come from the upstream ch
3811 3811
3812 /* 3812 /*
3813 * Now get the public key from the signer's certificate; we need 3813 * Now get the public key from the signer's certificate; we need
3814 * it to perform the verification. 3814 * it to perform the verification.
3815 */ 3815 */
3816 signerKey = CERT_ExtractPublicKey(signerCert); 3816 signerKey = CERT_ExtractPublicKey(signerCert);
3817 if (signerKey == NULL) 3817 if (signerKey == NULL) {
3818 » return SECFailure; 3818 return SECFailure;
3819 }
3820
3819 /* 3821 /*
3820 * We copy the signature data *pointer* and length, so that we can 3822 * We copy the signature data *pointer* and length, so that we can
3821 * modify the length without damaging the original copy. This is a 3823 * modify the length without damaging the original copy. This is a
3822 * simple copy, not a dup, so no destroy/free is necessary. 3824 * simple copy, not a dup, so no destroy/free is necessary.
3823 */ 3825 */
3824 rawSignature = signature->signature; 3826 signedData.signature = signature->signature;
3825 /* 3827 signedData.signatureAlgorithm = signature->signatureAlgorithm;
3826 * The raw signature is a bit string, but we need to represent its 3828 signedData.data = *tbsResponseDataDER;
3827 * length in bytes, because that is what the verify function expects.
3828 */
3829 DER_ConvertBitString(&rawSignature);
3830 3829
3831 rv = VFY_VerifyDataWithAlgorithmID(tbsResponseDataDER->data, 3830 rv = CERT_VerifySignedDataWithPublicKey(&signedData, signerKey, pwArg);
3832 tbsResponseDataDER->len, 3831 if (rv != SECSuccess &&
3833 signerKey, &rawSignature, 3832 (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE ||
3834 &signature->signatureAlgorithm, 3833 PORT_GetError() == SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)) {
3835 NULL, pwArg);
3836 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_BAD_SIGNATURE) {
3837 PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE); 3834 PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);
3838 } 3835 }
3839 3836
3840 if (signerKey != NULL) { 3837 if (signerKey != NULL) {
3841 SECKEY_DestroyPublicKey(signerKey); 3838 SECKEY_DestroyPublicKey(signerKey);
3842 } 3839 }
3843 3840
3844 return rv; 3841 return rv;
3845 } 3842 }
3846 3843
3847 3844
3848 /* 3845 /*
3849 * FUNCTION: CERT_VerifyOCSPResponseSignature 3846 * FUNCTION: CERT_VerifyOCSPResponseSignature
(...skipping 1963 matching lines...) Expand 10 before | Expand all | Expand 10 after
5813 case ocspResponse_unauthorized: 5810 case ocspResponse_unauthorized:
5814 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); 5811 PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
5815 break; 5812 break;
5816 case ocspResponse_unused: 5813 case ocspResponse_unused:
5817 default: 5814 default:
5818 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); 5815 PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
5819 break; 5816 break;
5820 } 5817 }
5821 return SECFailure; 5818 return SECFailure;
5822 } 5819 }
OLDNEW
« no previous file with comments | « nss/lib/certhigh/certvfy.c ('k') | nss/lib/cryptohi/cryptohi.h » ('j') | nss/lib/util/utilmod.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698