Bug 13379: Sign our MAR files. (6a22f595) · Commits · boklm / Tor Browser

.mozconfig

+2 −2

Original line number	Diff line number	Diff line
		@@ -11,8 +11,8 @@ ac_add_options --enable-optimize
		ac_add_options --enable-official-branding
		ac_add_options --enable-tor-browser-update
		ac_add_options --enable-update-packaging
		# We do not use signed MAR files yet (Mozilla uses them on Windows only).
		ac_add_options --disable-verify-mar
		ac_add_options --enable-signmar
		ac_add_options --enable-verify-mar
		ac_add_options --disable-strip
		ac_add_options --disable-install-strip
		ac_add_options --disable-tests

+2 −2

Original line number	Diff line number	Diff line
		@@ -38,8 +38,8 @@ ac_add_options --disable-debug

		ac_add_options --enable-tor-browser-update
		ac_add_options --enable-update-packaging
		# We do not use signed MAR files yet (Mozilla uses them on Windows only).
		ac_add_options --disable-verify-mar
		ac_add_options --enable-signmar
		ac_add_options --enable-verify-mar

		# ICU seems still to have cross-compiling issues:
		ac_add_options --without-intl-api

+2 −2

Original line number	Diff line number	Diff line
		@@ -16,8 +16,8 @@ ac_add_options --enable-strip
		ac_add_options --enable-official-branding
		ac_add_options --enable-tor-browser-update
		ac_add_options --enable-update-packaging
		# We do not use signed MAR files yet (Mozilla uses them on Windows only).
		ac_add_options --disable-verify-mar
		ac_add_options --enable-signmar
		ac_add_options --enable-verify-mar

		# ICU seems still to have cross-compiling issues:
		# https://bugzilla.mozilla.org/show_bug.cgi?id=1019744#c19

+12 −3

Original line number	Diff line number	Diff line
		@@ -95,7 +95,12 @@ NSSSignBegin(const char *certName,
		return -1;
		}

		ctx = SGN_NewContext (SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, privKey);
		#ifdef MAR_USE_SHA512_RSA_SIG
		SECOidTag sigAlg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
		#else
		SECOidTag sigAlg = SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE;
		#endif
		ctx = SGN_NewContext (sigAlg, privKey);
		if (!*ctx) {
		fprintf(stderr, "ERROR: Could not create signature context\n");
		return -1;
		@@ -991,8 +996,12 @@ mar_repackage_and_sign(const char *NSSConfigDir,
		signaturePlaceholderOffset = ftello(fpDest);

		for (k = 0; k < certCount; k++) {
		/* Write out the signature algorithm ID, Only an ID of 1 is supported */
		signatureAlgorithmID = htonl(1);
		/* Write out the signature algorithm ID. */
		#ifdef MAR_USE_SHA512_RSA_SIG
		signatureAlgorithmID = htonl(SIGNATURE_ALGORITHM_ID_SHA512_RSA);
		#else
		signatureAlgorithmID = htonl(SIGNATURE_ALGORITHM_ID_SHA1_RSA);
		#endif
		if (WriteAndUpdateSignatures(fpDest, &signatureAlgorithmID,
		sizeof(signatureAlgorithmID),
		ctxs, certCount, "num signatures")) {

+1 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ LOCAL_INCLUDES += [
		]

		DEFINES['MAR_NSS'] = True
		DEFINES['MAR_USE_SHA512_RSA_SIG'] = True

		if CONFIG['OS_ARCH'] == 'WINNT':
		USE_STATIC_LIBS = True