Issue #1746 - Revert "Update to NSS 3.59.1.1"

1 files changed, 7 insertions, 31 deletions

diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c
index b10f859fbd..2938b8ff1f 100644
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -694,7 +694,7 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
        CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION),
     OD(pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
        "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC",
-       CKM_NSS_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION),
+       CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION),
     OD(pkcs7, SEC_OID_PKCS7,
        "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
     OD(pkcs7Data, SEC_OID_PKCS7_DATA,
@@ -962,23 +962,23 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
     OD(pkcs12PBEWithSha1And128BitRC4,
        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
        "PKCS #12 PBE With SHA-1 and 128 Bit RC4",
-       CKM_NSS_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION),
+       CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION),
     OD(pkcs12PBEWithSha1And40BitRC4,
        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
        "PKCS #12 PBE With SHA-1 and 40 Bit RC4",
-       CKM_NSS_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION),
+       CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION),
     OD(pkcs12PBEWithSha1AndTripleDESCBC,
        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
        "PKCS #12 PBE With SHA-1 and Triple DES-CBC",
-       CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION),
+       CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION),
     OD(pkcs12PBEWithSha1And128BitRC2CBC,
        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
        "PKCS #12 PBE With SHA-1 and 128 Bit RC2 CBC",
-       CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION),
+       CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION),
     OD(pkcs12PBEWithSha1And40BitRC2CBC,
        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
        "PKCS #12 PBE With SHA-1 and 40 Bit RC2 CBC",
-       CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION),
+       CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION),
     OD(pkcs12RSAEncryptionWith128BitRC4,
        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
        "PKCS #12 RSA Encryption with 128 Bit RC4",
@@ -2058,7 +2058,7 @@ SECOID_Init(void)
 {
     PLHashEntry *entry;
     const SECOidData *oid;
-    SECOidTag i;
+    int i;
     char *envVal;
 
 #define NSS_VERSION_VARIABLE __nss_util_version
@@ -2244,8 +2244,6 @@ NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue)
     return SECSuccess;
 }
 
-static PRBool nss_policy_locked = PR_FALSE;
-
 /* The Set function modifies the stored value according to the following
  * algorithm:
  *   policy[tag] = (policy[tag] & ~clearBits) | setBits;
@@ -2257,11 +2255,6 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits)
     PRUint32 policyFlags;
     if (!pxo)
         return SECFailure;
-
-    if (nss_policy_locked) {
-        PORT_SetError(SEC_ERROR_POLICY_LOCKED);
-        return SECFailure;
-    }
     /* The stored policy flags are the ones complement of the flags as
      * seen by the user.  This is not atomic, but these changes should
      * be done rarely, e.g. at initialization time.
@@ -2272,20 +2265,6 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits)
     return SECSuccess;
 }
 
-/* Get the state of nss_policy_locked */
-PRBool
-NSS_IsPolicyLocked(void)
-{
-    return nss_policy_locked;
-}
-
-/* Once the policy is locked, it can't be unlocked */
-void
-NSS_LockPolicy(void)
-{
-    nss_policy_locked = PR_TRUE;
-}
-
 /* --------- END OF opaque extended OID table accessor functions ---------*/
 
 /* for now, this is only used in a single place, so it can remain static */
@@ -2347,9 +2326,6 @@ SECOID_Shutdown(void)
         dynOidEntriesAllocated = 0;
         dynOidEntriesUsed = 0;
     }
-    /* we are trashing the old policy state now, also reenable changing
-     * the policy as well */
-    nss_policy_locked = PR_FALSE;
     memset(xOids, 0, sizeof xOids);
     return SECSuccess;
 }