diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-04-25 21:33:33 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-04-25 21:33:33 +0200 |
commit | fba28f19754f62b5227650143d5441fc86d4c7d7 (patch) | |
tree | 26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/cryptohi/secvfy.c | |
parent | b4154e043bfc0d2f301d88304efc896989d650bf (diff) | |
download | UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip |
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/lib/cryptohi/secvfy.c')
-rw-r--r-- | security/nss/lib/cryptohi/secvfy.c | 149 |
1 files changed, 22 insertions, 127 deletions
diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index 83c9c579d..2ac21abd4 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -136,8 +136,6 @@ struct VFYContextStr { unsigned char dsasig[DSA_MAX_SIGNATURE_LEN]; /* the full ECDSA signature */ unsigned char ecdsasig[2 * MAX_ECKEY_LEN]; - /* the full RSA signature, only used in RSA-PSS */ - unsigned char rsasig[(RSA_MAX_MODULUS_BITS + 7) / 8]; } u; unsigned int pkcs1RSADigestInfoLen; /* the encoded DigestInfo from a RSA PKCS#1 signature */ @@ -150,7 +148,6 @@ struct VFYContextStr { * VFY_CreateContext call. If false, the * signature must be provided with a * VFY_EndWithSignature call. */ - SECItem *params; }; static SECStatus @@ -253,37 +250,8 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, *hashalg = SEC_OID_SHA1; break; case SEC_OID_PKCS1_RSA_ENCRYPTION: - *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ - break; case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: - if (param && param->data) { - SECKEYRSAPSSParams pssParam; - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - return SECFailure; - } - PORT_Memset(&pssParam, 0, sizeof pssParam); - rv = SEC_QuickDERDecodeItem(arena, &pssParam, - SECKEY_RSAPSSParamsTemplate, - param); - if (rv != SECSuccess) { - PORT_FreeArena(arena, PR_FALSE); - return rv; - } - if (pssParam.hashAlg) { - *hashalg = SECOID_GetAlgorithmTag(pssParam.hashAlg); - } else { - *hashalg = SEC_OID_SHA1; /* default, SHA-1 */ - } - PORT_FreeArena(arena, PR_FALSE); - /* only accept hash algorithms */ - if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) { - /* error set by HASH_GetHashTypeByOidTag */ - return SECFailure; - } - } else { - *hashalg = SEC_OID_SHA1; /* default, SHA-1 */ - } + *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */ break; case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: @@ -466,20 +434,6 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, cx->key, sig, wincx); break; - case rsaPssKey: - sigLen = SECKEY_SignatureLen(key); - if (sigLen == 0) { - /* error set by SECKEY_SignatureLen */ - rv = SECFailure; - break; - } - if (sig->len != sigLen) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - rv = SECFailure; - break; - } - PORT_Memcpy(cx->u.buffer, sig->data, sigLen); - break; case dsaKey: case ecKey: sigLen = SECKEY_SignatureLen(key); @@ -542,7 +496,6 @@ VFYContext * VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig, const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx) { - VFYContext *cx; SECOidTag encAlg, hashAlg; SECStatus rv = sec_DecodeSigAlg(key, SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm), @@ -550,13 +503,7 @@ VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig, if (rv != SECSuccess) { return NULL; } - - cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx); - if (sigAlgorithm->parameters.data) { - cx->params = SECITEM_DupItem(&sigAlgorithm->parameters); - } - - return cx; + return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx); } void @@ -573,9 +520,6 @@ VFY_DestroyContext(VFYContext *cx, PRBool freeit) if (cx->pkcs1RSADigestInfo) { PORT_Free(cx->pkcs1RSADigestInfo); } - if (cx->params) { - SECITEM_FreeItem(cx->params, PR_TRUE); - } if (freeit) { PORT_ZFree(cx, sizeof(VFYContext)); } @@ -618,7 +562,7 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig) { unsigned char final[HASH_LENGTH_MAX]; unsigned part; - SECItem hash, rsasig, dsasig; /* dsasig is also used for ECDSA */ + SECItem hash, dsasig; /* dsasig is also used for ECDSA */ SECStatus rv; if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) { @@ -654,70 +598,25 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig) return SECFailure; } break; - case rsaKey: - if (cx->encAlg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) { - CK_RSA_PKCS_PSS_PARAMS mech; - SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) }; - SECKEYRSAPSSParams params; - PLArenaPool *arena; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - return SECFailure; - } - - PORT_Memset(¶ms, 0, sizeof(params)); - rv = SEC_QuickDERDecodeItem(arena, ¶ms, - SECKEY_RSAPSSParamsTemplate, - cx->params); - if (rv != SECSuccess) { - PORT_FreeArena(arena, PR_FALSE); - return SECFailure; - } - rv = sec_RSAPSSParamsToMechanism(&mech, ¶ms); - PORT_FreeArena(arena, PR_FALSE); + case rsaKey: { + SECItem digest; + digest.data = final; + digest.len = part; + if (sig) { + SECOidTag hashid; + PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN); + rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid, + &cx->pkcs1RSADigestInfo, + &cx->pkcs1RSADigestInfoLen, + cx->key, + sig, cx->wincx); + PORT_Assert(cx->hashAlg == hashid); if (rv != SECSuccess) { return SECFailure; } - rsasig.data = cx->u.buffer; - rsasig.len = SECKEY_SignatureLen(cx->key); - if (rsasig.len == 0) { - return SECFailure; - } - if (sig) { - if (sig->len != rsasig.len) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - PORT_Memcpy(rsasig.data, sig->data, rsasig.len); - } - hash.data = final; - hash.len = part; - if (PK11_VerifyWithMechanism(cx->key, CKM_RSA_PKCS_PSS, &mechItem, - &rsasig, &hash, cx->wincx) != SECSuccess) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - } else { - SECItem digest; - digest.data = final; - digest.len = part; - if (sig) { - SECOidTag hashid; - PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN); - rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid, - &cx->pkcs1RSADigestInfo, - &cx->pkcs1RSADigestInfoLen, - cx->key, - sig, cx->wincx); - PORT_Assert(cx->hashAlg == hashid); - if (rv != SECSuccess) { - return SECFailure; - } - } - return verifyPKCS1DigestInfo(cx, &digest); } - break; + return verifyPKCS1DigestInfo(cx, &digest); + } default: PORT_SetError(SEC_ERROR_BAD_SIGNATURE); return SECFailure; /* shouldn't happen */ @@ -823,7 +722,7 @@ VFY_VerifyDigestWithAlgorithmID(const SECItem *digest, static SECStatus vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key, const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, - const SECItem *params, SECOidTag *hash, void *wincx) + SECOidTag *hash, void *wincx) { SECStatus rv; VFYContext *cx; @@ -831,9 +730,6 @@ vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key, cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx); if (cx == NULL) return SECFailure; - if (params) { - cx->params = SECITEM_DupItem(params); - } rv = VFY_Begin(cx); if (rv == SECSuccess) { @@ -852,7 +748,7 @@ VFY_VerifyDataDirect(const unsigned char *buf, int len, SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx) { - return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, hash, wincx); + return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx); } SECStatus @@ -864,7 +760,7 @@ VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key, if (rv != SECSuccess) { return rv; } - return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, NULL, wincx); + return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, wincx); } SECStatus @@ -881,6 +777,5 @@ VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len, if (rv != SECSuccess) { return rv; } - return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, - &sigAlgorithm->parameters, hash, wincx); + return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx); } |