Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@jollamobile.com>
- Loading branch information
Showing
9 changed files
with
566 additions
and
10 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
141 changes: 141 additions & 0 deletions
141
add_SEC_PKCS7VerifyDetachedSignatureAtTime_842856.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
Index: mozilla/security/nss/lib/pkcs7/p7decode.c | ||
=================================================================== | ||
RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/p7decode.c,v | ||
retrieving revision 1.31 | ||
diff -p -u -r1.31 p7decode.c | ||
--- mozilla/security/nss/lib/pkcs7/p7decode.c 12 Dec 2012 19:25:36 -0000 1.31 | ||
+++ mozilla/security/nss/lib/pkcs7/p7decode.c 20 Feb 2013 00:45:08 -0000 | ||
@@ -1281,7 +1281,8 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont | ||
SECCertUsage certusage, | ||
const SECItem *detached_digest, | ||
HASH_HashType digest_type, | ||
- PRBool keepcerts) | ||
+ PRBool keepcerts, | ||
+ PRTime atTime) | ||
{ | ||
SECAlgorithmID **digestalgs, *bulkid; | ||
const SECItem *digest; | ||
@@ -1299,7 +1300,8 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont | ||
SECItem *content_type; | ||
PK11SymKey *sigkey; | ||
SECItem *encoded_stime; | ||
- int64 stime; | ||
+ PRTime stime; | ||
+ PRTime verificationTime; | ||
SECStatus rv; | ||
|
||
/* | ||
@@ -1436,8 +1438,10 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont | ||
* in a time (and for non-S/MIME callers to pass in nothing, or | ||
* maybe make them pass in the current time, always?). | ||
*/ | ||
+ verificationTime = atTime ? atTime | ||
+ : (encoded_stime ? stime : PR_Now()); | ||
if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, | ||
- encoded_stime != NULL ? stime : PR_Now(), | ||
+ verificationTime, | ||
cinfo->pwfn_arg, NULL) != SECSuccess) | ||
{ | ||
/* | ||
@@ -1757,7 +1761,7 @@ SEC_PKCS7VerifySignature(SEC_PKCS7Conten | ||
PRBool keepcerts) | ||
{ | ||
return sec_pkcs7_verify_signature (cinfo, certusage, | ||
- NULL, HASH_AlgNULL, keepcerts); | ||
+ NULL, HASH_AlgNULL, keepcerts, 0); | ||
} | ||
|
||
/* | ||
@@ -1779,9 +1783,34 @@ SEC_PKCS7VerifyDetachedSignature(SEC_PKC | ||
{ | ||
return sec_pkcs7_verify_signature (cinfo, certusage, | ||
detached_digest, digest_type, | ||
- keepcerts); | ||
+ keepcerts, 0); | ||
} | ||
|
||
+/* | ||
+ * SEC_PKCS7VerifyDetachedSignatureAtTime | ||
+ * Look at a PKCS7 contentInfo and check if the signature matches | ||
+ * a passed-in digest (calculated, supposedly, from detached contents). | ||
+ * The verification checks that the signing cert is valid and trusted | ||
+ * for the purpose specified by "certusage" at time "atTime" | ||
+ * if "atTime" is non-zero, or at the current time (as returned by | ||
+ * PR_Now) otherwise. | ||
+ */ | ||
+PRBool | ||
+SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo, | ||
+ SECCertUsage certusage, | ||
+ const SECItem *detached_digest, | ||
+ HASH_HashType digest_type, | ||
+ PRBool keepcerts, | ||
+ PRTime atTime) | ||
+{ | ||
+ if (!atTime) { | ||
+ atTime = PR_Now(); | ||
+ } | ||
+ | ||
+ return sec_pkcs7_verify_signature (cinfo, certusage, | ||
+ detached_digest, digest_type, | ||
+ keepcerts, atTime); | ||
+} | ||
|
||
/* | ||
* Return the asked-for portion of the name of the signer of a PKCS7 | ||
@@ -1844,7 +1873,7 @@ sec_pkcs7_get_signer_cert_info(SEC_PKCS7 | ||
* some valid usage to pass in. | ||
*/ | ||
(void) sec_pkcs7_verify_signature (cinfo, certUsageEmailSigner, | ||
- NULL, HASH_AlgNULL, PR_FALSE); | ||
+ NULL, HASH_AlgNULL, PR_FALSE, 0); | ||
signercert = signerinfos[0]->cert; | ||
if (signercert == NULL) | ||
return NULL; | ||
Index: mozilla/security/nss/lib/pkcs7/secpkcs7.h | ||
=================================================================== | ||
RCS file: /cvsroot/mozilla/security/nss/lib/pkcs7/secpkcs7.h,v | ||
retrieving revision 1.10 | ||
diff -p -u -r1.10 secpkcs7.h | ||
--- mozilla/security/nss/lib/pkcs7/secpkcs7.h 27 Nov 2012 22:48:08 -0000 1.10 | ||
+++ mozilla/security/nss/lib/pkcs7/secpkcs7.h 20 Feb 2013 00:45:08 -0000 | ||
@@ -133,6 +133,23 @@ extern PRBool SEC_PKCS7VerifyDetachedSig | ||
HASH_HashType digest_type, | ||
PRBool keepcerts); | ||
|
||
+ | ||
+/* | ||
+ * SEC_PKCS7VerifyDetachedSignatureAtTime | ||
+ * Look at a PKCS7 contentInfo and check if the signature matches | ||
+ * a passed-in digest (calculated, supposedly, from detached contents). | ||
+ * The verification checks that the signing cert is valid and trusted | ||
+ * for the purpose specified by "certusage" at time "atTime" | ||
+ * if "atTime" is non-zero, or at the current time (as returned by | ||
+ * PR_Now) otherwise. | ||
+ */ | ||
+extern PRBool SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo, | ||
+ SECCertUsage certusage, | ||
+ const SECItem *detached_digest, | ||
+ HASH_HashType digest_type, | ||
+ PRBool keepcerts, | ||
+ PRTime atTime); | ||
+ | ||
/* | ||
* SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress | ||
* The passed-in contentInfo is espected to be Signed, and these | ||
Index: mozilla/security/nss/lib/smime/smime.def | ||
=================================================================== | ||
RCS file: /cvsroot/mozilla/security/nss/lib/smime/smime.def,v | ||
retrieving revision 1.39 | ||
diff -p -u -r1.39 smime.def | ||
--- mozilla/security/nss/lib/smime/smime.def 25 Apr 2012 14:50:09 -0000 1.39 | ||
+++ mozilla/security/nss/lib/smime/smime.def 20 Feb 2013 00:45:08 -0000 | ||
@@ -267,3 +267,9 @@ NSSSMIME_GetVersion; | ||
;+ local: | ||
;+ *; | ||
;+}; | ||
+;+NSS_3.14.3 { # NSS 3.14.3 release | ||
+;+ global: | ||
+SEC_PKCS7VerifyDetachedSignatureAtTime; | ||
+;+ local: | ||
+;+ *; | ||
+;+}; |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,14 @@ | ||
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2007-02-19 07:17:06.000000000 +0100 | ||
+++ ./mozilla/security/nss/cmd/platlibs.mk 2007-02-19 07:18:07.000000000 +0100 | ||
@@ -52,9 +52,9 @@ | ||
--- ./mozilla/security/nss/cmd/platlibs.mk.withrpath 2013-03-09 02:09:57.584660753 +0200 | ||
+++ ./mozilla/security/nss/cmd/platlibs.mk 2013-03-09 02:10:59.144484108 +0200 | ||
@@ -18,9 +18,9 @@ | ||
|
||
ifeq ($(OS_ARCH), Linux) | ||
ifeq ($(USE_64), 1) | ||
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' | ||
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:$$ORIGIN/../lib' | ||
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' | ||
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib' | ||
else | ||
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' | ||
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib' | ||
-EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' | ||
+#EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib' | ||
endif | ||
endif | ||
|
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters