nss/lib/certhigh/ocsp.c - Issue 70673004: Update to NSS 3.15.3.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: nss/lib/certhigh/ocsp.c

Issue 70673004: Update to NSS 3.15.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Update to NSS 3.15.3 Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: nss/lib/certhigh/ocsp.c

===================================================================

--- nss/lib/certhigh/ocsp.c (revision 233722)

+++ nss/lib/certhigh/ocsp.c (working copy)

@@ -3805,38 +3805,35 @@

SECItem *tbsResponseDataDER,

void *pwArg)

{

- SECItem rawSignature;

SECKEYPublicKey *signerKey = NULL;

SECStatus rv = SECFailure;

+ CERTSignedData signedData;

wtc 2013/11/12 23:01:19 The changes in this file come from the upstream ch

* Now get the public key from the signer's certificate; we need

* it to perform the verification.

signerKey = CERT_ExtractPublicKey(signerCert);

- if (signerKey == NULL)

- return SECFailure;

+ if (signerKey == NULL) {

+ return SECFailure;

+ }

* We copy the signature data *pointer* and length, so that we can

* modify the length without damaging the original copy. This is a

* simple copy, not a dup, so no destroy/free is necessary.

- rawSignature = signature->signature;

- /*

- * The raw signature is a bit string, but we need to represent its

- * length in bytes, because that is what the verify function expects.

- */

- DER_ConvertBitString(&rawSignature);

+ signedData.signature = signature->signature;

+ signedData.signatureAlgorithm = signature->signatureAlgorithm;

+ signedData.data = *tbsResponseDataDER;

- rv = VFY_VerifyDataWithAlgorithmID(tbsResponseDataDER->data,

- tbsResponseDataDER->len,

- signerKey, &rawSignature,

- &signature->signatureAlgorithm,

- NULL, pwArg);

- if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_BAD_SIGNATURE) {

+ rv = CERT_VerifySignedDataWithPublicKey(&signedData, signerKey, pwArg);

+ if (rv != SECSuccess &&

+ (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE ||

+ PORT_GetError() == SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)) {

PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);

}

if (signerKey != NULL) {

SECKEY_DestroyPublicKey(signerKey);

}

« no previous file with comments | « nss/lib/certhigh/certvfy.c ('k') | nss/lib/cryptohi/cryptohi.h » ('j') | nss/lib/util/utilmod.c » ('J')