diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-01 22:06:48 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-01 22:06:48 +0000 |
| commit | 47cdc0bbf783f2d35db391050e95867a75af3701 (patch) | |
| tree | dab70ff8a51c7cc71109653486c65f6eac111efb /crypto | |
| parent | 24c66d99fd134119cce6d88b59bf444a20faa911 (diff) | |
| download | chromium_src-47cdc0bbf783f2d35db391050e95867a75af3701.zip chromium_src-47cdc0bbf783f2d35db391050e95867a75af3701.tar.gz chromium_src-47cdc0bbf783f2d35db391050e95867a75af3701.tar.bz2 | |
Reland http://crrev.com/209278
Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2
Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.
3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.
BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org
Review URL: https://chromiumcodereview.appspot.com/18332012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209515 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/nss_util.cc | 18 | ||||
| -rw-r--r-- | crypto/signature_creator_nss.cc | 6 |
2 files changed, 7 insertions, 17 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index 850d47d..52bb054 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -384,23 +384,17 @@ class NSSInitSingleton { base::TimeTicks start_time = base::TimeTicks::Now(); EnsureNSPRInit(); - // We *must* have NSS >= 3.12.3. See bug 26448. + // We *must* have NSS >= 3.14.3. COMPILE_ASSERT( - (NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH >= 3) || - (NSS_VMAJOR == 3 && NSS_VMINOR > 12) || + (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) || + (NSS_VMAJOR == 3 && NSS_VMINOR > 14) || (NSS_VMAJOR > 3), nss_version_check_failed); // Also check the run-time NSS version. // NSS_VersionCheck is a >= check, not strict equality. - if (!NSS_VersionCheck("3.12.3")) { - // It turns out many people have misconfigured NSS setups, where - // their run-time NSPR doesn't match the one their NSS was compiled - // against. So rather than aborting, complain loudly. - LOG(ERROR) << "NSS_VersionCheck(\"3.12.3\") failed. " - "We depend on NSS >= 3.12.3, and this error is not fatal " - "only because many people have busted NSS setups (for " - "example, using the wrong version of NSPR). " - "Please upgrade to the latest NSS and NSPR, and if you " + if (!NSS_VersionCheck("3.14.3")) { + LOG(FATAL) << "NSS_VersionCheck(\"3.14.3\") failed. NSS >= 3.14.3 is " + "required. Please upgrade to the latest NSS, and if you " "still get this error, contact your distribution " "maintainer."; } diff --git a/crypto/signature_creator_nss.cc b/crypto/signature_creator_nss.cc index 3a30efb..82e4444 100644 --- a/crypto/signature_creator_nss.cc +++ b/crypto/signature_creator_nss.cc @@ -44,11 +44,7 @@ SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) { } bool SignatureCreator::Update(const uint8* data_part, int data_part_len) { - // TODO(wtc): Remove this const_cast when we require NSS 3.12.5. - // See NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=518255 - SECStatus rv = SGN_Update(sign_context_, - const_cast<unsigned char*>(data_part), - data_part_len); + SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len); if (rv != SECSuccess) { NOTREACHED(); return false; |