Macintosh-SW
/
tenfourfox
mirror of https://github.com/classilla/tenfourfox.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#578: M1579060 M1586176

This commit is contained in:
Cameron Kaiser 2019-11-27 17:51:36 -08:00
parent 7758ebb12e
commit f3f2956151
3 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/nss/lib/softoken/pkcs11c.c
View File

@ -1159,8 +1159,7 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession,
} }
/* encrypt the current padded data */ /* encrypt the current padded data */
rv = (*context->update)(context->cipherInfo, pEncryptedPart, rv = (*context->update)(context->cipherInfo, pEncryptedPart,
&padoutlen, context->blockSize, context->padBuf, &padoutlen, maxout, context->padBuf, context->blockSize);
context->blockSize);
if (rv != SECSuccess) { if (rv != SECSuccess) {
return sftk_MapCryptError(PORT_GetError()); return sftk_MapCryptError(PORT_GetError());
} }

19
security/pkix/lib/pkixcert.cpp
View File

@ -105,29 +105,24 @@ BackCert::Init()
return rv; return rv;
} }
static const uint8_t CSC = der::CONTEXT_SPECIFIC | der::CONSTRUCTED;
// According to RFC 5280, all fields below this line are forbidden for // According to RFC 5280, all fields below this line are forbidden for
// certificate versions less than v3. However, for compatibility reasons, // certificate versions less than v3. However, for compatibility reasons,
// we parse v1/v2 certificates in the same way as v3 certificates. So if // we parse v1/v2 certificates in the same way as v3 certificates. So if
// these fields appear in a v1 certificate, they will be used. // these fields appear in a v1 certificate, they will be used.
// Ignore issuerUniqueID if present. // Ignore issuerUniqueID if present.
if (tbsCertificate.Peek(CSC | 1)) { rv = der::SkipOptionalImplicitPrimitiveTag(tbsCertificate, 1);
rv = der::ExpectTagAndSkipValue(tbsCertificate, CSC | 1); if (rv != Success) {
if (rv != Success) { return rv;
return rv;
}
} }
// Ignore subjectUniqueID if present. // Ignore subjectUniqueID if present.
if (tbsCertificate.Peek(CSC | 2)) { rv = der::SkipOptionalImplicitPrimitiveTag(tbsCertificate, 2);
rv = der::ExpectTagAndSkipValue(tbsCertificate, CSC | 2); if (rv != Success) {
if (rv != Success) { return rv;
return rv;
}
} }
static const uint8_t CSC = der::CONTEXT_SPECIFIC | der::CONSTRUCTED;
rv = der::OptionalExtensions( rv = der::OptionalExtensions(
tbsCertificate, CSC | 3, tbsCertificate, CSC | 3,
[this](Reader& extnID, const Input& extnValue, bool critical, [this](Reader& extnID, const Input& extnValue, bool critical,

11
security/pkix/lib/pkixder.h
View File

@ -123,6 +123,17 @@ ExpectTagAndSkipValue(Reader& input, uint8_t tag)
return ExpectTagAndGetValue(input, tag, ignoredValue); return ExpectTagAndGetValue(input, tag, ignoredValue);
} }
// This skips IMPLICIT OPTIONAL tags that are "primitive" (not constructed),
// given the number in the class of the tag (i.e. the number in the brackets in
// `issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL`).
inline Result SkipOptionalImplicitPrimitiveTag(Reader& input,
uint8_t numberInClass) {
if (input.Peek(CONTEXT_SPECIFIC | numberInClass)) {
return ExpectTagAndSkipValue(input, CONTEXT_SPECIFIC | numberInClass);
}
return Success;
}
// Like ExpectTagAndGetValue, except the output Input will contain the // Like ExpectTagAndGetValue, except the output Input will contain the
// encoded tag and length along with the value. // encoded tag and length along with the value.
inline Result inline Result