Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(110)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10540165: Update NSS to NSS 3.13.5 (from NSS 3.13.3). (Closed)

Created:
8 years, 6 months ago by wtc
Modified:
8 years, 6 months ago
Reviewers:
Ryan Sleevi
CC:
chromium-reviews
Visibility:
Public.

Description

Update NSS to NSS 3.13.5 (from NSS 3.13.3). R=rsleevi@chromium.org BUG=132885 TEST=none Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=142261

Patch Set 1 #

Total comments: 4
Unified diffs Side-by-side diffs Delta from patch set Stats (+274 lines, -163 lines) Patch
M nss/README.chromium View 3 chunks +5 lines, -6 lines 0 comments Download
M nss/mozilla/security/nss/lib/certdb/certdb.c View 3 chunks +16 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/certdb/stanpcertdb.c View 2 chunks +7 lines, -3 lines 0 comments Download
M nss/mozilla/security/nss/lib/certhigh/certhigh.c View 1 chunk +2 lines, -0 lines 0 comments Download
M nss/mozilla/security/nss/lib/certhigh/certvfy.c View 2 chunks +5 lines, -2 lines 2 comments Download
M nss/mozilla/security/nss/lib/certhigh/certvfypkix.c View 3 chunks +14 lines, -8 lines 0 comments Download
M nss/mozilla/security/nss/lib/certhigh/ocsp.c View 5 chunks +8 lines, -8 lines 0 comments Download
M nss/mozilla/security/nss/lib/cryptohi/secvfy.c View 2 chunks +6 lines, -4 lines 0 comments Download
M nss/mozilla/security/nss/lib/freebl/blapi.h View 3 chunks +9 lines, -4 lines 0 comments Download
M nss/mozilla/security/nss/lib/freebl/blapit.h View 2 chunks +2 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/freebl/dh.c View 3 chunks +16 lines, -7 lines 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/include/pkix_errorstrings.h View 2 chunks +2 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c View 4 chunks +3 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/pkix/results/pkix_valresult.c View 9 chunks +44 lines, -34 lines 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c View 7 chunks +35 lines, -12 lines 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h View 1 chunk +4 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c View 2 chunks +5 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c View 1 chunk +1 line, -0 lines 0 comments Download
M nss/mozilla/security/nss/lib/nss/nss.h View 2 chunks +3 lines, -3 lines 0 comments Download
M nss/mozilla/security/nss/lib/pk11wrap/pk11auth.c View 1 chunk +1 line, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pk11wrap/pk11merge.c View 1 chunk +1 line, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pk11wrap/pk11sdr.c View 1 chunk +1 line, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pkcs7/p7create.c View 3 chunks +6 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/pki/certificate.c View 2 chunks +2 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pki/pki.h View 2 chunks +2 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pki/pki3hack.c View 3 chunks +5 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pki/pkibase.c View 2 chunks +3 lines, -3 lines 0 comments Download
M nss/mozilla/security/nss/lib/pki/pkistore.c View 2 chunks +2 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/pki/tdcache.c View 3 chunks +5 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/softoken/softkver.h View 1 chunk +2 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/util/SECerrs.h View 1 chunk +3 lines, -0 lines 2 comments Download
M nss/mozilla/security/nss/lib/util/ciferfam.h View 2 chunks +2 lines, -1 line 0 comments Download
M nss/mozilla/security/nss/lib/util/nssutil.h View 1 chunk +2 lines, -2 lines 0 comments Download
M nss/mozilla/security/nss/lib/util/quickder.c View 2 chunks +43 lines, -26 lines 0 comments Download
M nss/mozilla/security/nss/lib/util/secerr.h View 1 chunk +2 lines, -0 lines 0 comments Download
M nss/mozilla/security/nss/lib/util/secitem.c View 3 chunks +4 lines, -4 lines 0 comments Download
M nss/patches/nss-warnings.patch View 1 chunk +0 lines, -13 lines 0 comments Download
M nss/scripts/nss-checkout.sh View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 3 (0 generated)
wtc
Use the following Bugzilla query for the bugs fixed in NSS 3.13.4 and 3.13.5. https://bugzilla.mozilla.org/buglist.cgi?order=Importance;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.13.4;target_milestone=3.13.5;product=NSS ...
8 years, 6 months ago (2012-06-14 22:30:02 UTC) #1
Ryan Sleevi
lgtm https://chromiumcodereview.appspot.com/10540165/diff/1/nss/mozilla/security/nss/lib/certhigh/certvfy.c File nss/mozilla/security/nss/lib/certhigh/certvfy.c (right): https://chromiumcodereview.appspot.com/10540165/diff/1/nss/mozilla/security/nss/lib/certhigh/certvfy.c#newcode543 nss/mozilla/security/nss/lib/certhigh/certvfy.c:543: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) { It's weird that this wasn't done ...
8 years, 6 months ago (2012-06-14 22:54:10 UTC) #2
wtc
8 years, 6 months ago (2012-06-14 23:16:16 UTC) #3 
Thank you for the review.

https://chromiumcodereview.appspot.com/10540165/diff/1/nss/mozilla/security/n...
File nss/mozilla/security/nss/lib/certhigh/certvfy.c (right):

https://chromiumcodereview.appspot.com/10540165/diff/1/nss/mozilla/security/n...
nss/mozilla/security/nss/lib/certhigh/certvfy.c:543:
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {

On 2012/06/14 22:54:11, Ryan Sleevi wrote:
> It's weird that this wasn't done as
> } else if (PORT_GetError() == ... ) {
>   LOG_ERROR_OR_EXIT(...)
> } else {
>   PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
>   LOG_ERROR_OR_EXIT(...)
> }
> 
> (or even a switch, fwiw).
> 
> Just to keep symmetric with line 538 rather than going another layer of
nesting.

I guess I wanted to avoid duplicating LOG_ERROR_OR_EXIT.

https://chromiumcodereview.appspot.com/10540165/diff/1/nss/mozilla/security/n...
File nss/mozilla/security/nss/lib/util/SECerrs.h (right):

https://chromiumcodereview.appspot.com/10540165/diff/1/nss/mozilla/security/n...
nss/mozilla/security/nss/lib/util/SECerrs.h:578: "The certificate was signed
using a signature algorithm that is disabled because it is not secure.")

On 2012/06/14 22:54:11, Ryan Sleevi wrote:
> too late nit: is not secure -> disabled by policy?

I originally named this error code SEC_ERROR_ALGORITHM_DISABLED_BY_POLICY
because the algorithm is disabled by a NSS_SetAlgorithmPolicy
call.  So the original error message may well have been what
you suggested.

During code review, Brian Smith noted that "policy" could be
misinterpreted as Windows group policy and suggested the
current wording.

Powered by Google App Engine
This is Rietveld 408576698