diff options
Diffstat (limited to 'security/nss/lib/cryptohi')
| -rw-r--r-- | security/nss/lib/cryptohi/dsautil.c | 11 | ||||
| -rw-r--r-- | security/nss/lib/cryptohi/keythi.h | 2 | ||||
| -rw-r--r-- | security/nss/lib/cryptohi/seckey.c | 13 | ||||
| -rw-r--r-- | security/nss/lib/cryptohi/secsign.c | 15 |
4 files changed, 28 insertions, 13 deletions
diff --git a/security/nss/lib/cryptohi/dsautil.c b/security/nss/lib/cryptohi/dsautil.c index db397dfd5..df4d9a9a7 100644 --- a/security/nss/lib/cryptohi/dsautil.c +++ b/security/nss/lib/cryptohi/dsautil.c @@ -166,12 +166,16 @@ static SECItem * common_DecodeDerSig(const SECItem *item, unsigned int len) { SECItem *result = NULL; + PORTCheapArenaPool arena; SECStatus status; DSA_ASN1Signature sig; SECItem dst; PORT_Memset(&sig, 0, sizeof(sig)); + /* Make enough room for r + s. */ + PORT_InitCheapArena(&arena, PR_MAX(2 * MAX_ECKEY_LEN, DSA_MAX_SIGNATURE_LEN)); + result = PORT_ZNew(SECItem); if (result == NULL) goto loser; @@ -183,7 +187,7 @@ common_DecodeDerSig(const SECItem *item, unsigned int len) sig.r.type = siUnsignedInteger; sig.s.type = siUnsignedInteger; - status = SEC_ASN1DecodeItem(NULL, &sig, DSA_SignatureTemplate, item); + status = SEC_QuickDERDecodeItem(&arena.arena, &sig, DSA_SignatureTemplate, item); if (status != SECSuccess) goto loser; @@ -202,10 +206,7 @@ common_DecodeDerSig(const SECItem *item, unsigned int len) goto loser; done: - if (sig.r.data != NULL) - PORT_Free(sig.r.data); - if (sig.s.data != NULL) - PORT_Free(sig.s.data); + PORT_DestroyCheapArena(&arena); return result; diff --git a/security/nss/lib/cryptohi/keythi.h b/security/nss/lib/cryptohi/keythi.h index 36896540f..f6170bb78 100644 --- a/security/nss/lib/cryptohi/keythi.h +++ b/security/nss/lib/cryptohi/keythi.h @@ -209,7 +209,7 @@ typedef struct SECKEYPublicKeyStr SECKEYPublicKey; (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE) #define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, attribute, haslock) \ - (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, haslock) + (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : pk11_HasAttributeSet_Lock(key->pkcs11Slot, key->pkcs11ID, attribute, haslock) /* ** A generic key structure diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 359de8e46..9ea48b767 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -1260,6 +1260,19 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk) break; return pubk; break; + case ecKey: + rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, + CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams); + if (rv != SECSuccess) { + break; + } + rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, + CKA_EC_POINT, arena, &pubk->u.ec.publicValue); + if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) { + break; + } + pubk->u.ec.encoding = ECPoint_Undefined; + return pubk; default: break; } diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index 1bbdd5384..d06cb2e85 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -312,24 +312,25 @@ SEC_DerSignData(PLArenaPool *arena, SECItem *result, if (algID == SEC_OID_UNKNOWN) { switch (pk->keyType) { case rsaKey: - algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + algID = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; case dsaKey: /* get Signature length (= q_len*2) and work from there */ switch (PK11_SignatureLen(pk)) { + case 320: + algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; + break; case 448: algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break; case 512: - algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; - break; default: - algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; + algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; } break; case ecKey: - algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST; + algID = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break; default: PORT_SetError(SEC_ERROR_INVALID_KEY); @@ -468,13 +469,13 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag) break; case dsaKey: switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for DSA if not specified */ case SEC_OID_SHA1: sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break; case SEC_OID_SHA224: sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break; + case SEC_OID_UNKNOWN: /* default for DSA if not specified */ case SEC_OID_SHA256: sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; @@ -484,13 +485,13 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag) break; case ecKey: switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */ case SEC_OID_SHA1: sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break; case SEC_OID_SHA224: sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break; + case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */ case SEC_OID_SHA256: sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break; |