diff options
| author | chrisk%netscape.com <devnull@localhost> | 2000-06-20 16:22:36 +0000 |
|---|---|---|
| committer | chrisk%netscape.com <devnull@localhost> | 2000-06-20 16:22:36 +0000 |
| commit | b070f39457684d8fd2f9dde93907f85be561b450 (patch) | |
| tree | b408526ff82355bcffa4a1c3f52939a4e51de789 | |
| parent | 9b54fc95a7f9e5ecc8eefb966d75af6df7dae6ce (diff) | |
| download | nss-hg-b070f39457684d8fd2f9dde93907f85be561b450.tar.gz | |
First feeble attempt at fixing the problem that our definition of
Diffie-Hellman key parameters does not encompass all the optional
fields defined in RFC2459, section 7.3.2 (namely j and validationParams).
I added comments reminding us of the fact that PQGParams need to be
extended to hold these, and fixed the ASN1 prototype from its previous
totally broken status to one that decodes prime, subPrime and base
correctly, and skips the rest.
This avoids failure in public key extraction (which is part of verification)
with DH certs.
| -rw-r--r-- | security/nss/lib/cryptohi/seckey.c | 10 | ||||
| -rw-r--r-- | security/nss/lib/freebl/blapit.h | 1 |
2 files changed, 8 insertions, 3 deletions
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index a265ddb5f..1a2e5deba 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -89,8 +89,12 @@ const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = { }; const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.prime), }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.base), }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) }, + { SEC_ASN1_INTEGER, offsetof(PQGParams,prime), }, + { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime), }, + { SEC_ASN1_INTEGER, offsetof(PQGParams,base), }, + /* XXX chrisk: this needs to be expanded for decoding of j and validationParms (RFC2459 7.3.2) */ + { SEC_ASN1_SKIP_REST }, { 0, } }; @@ -818,7 +822,7 @@ seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki) SECItem os; SECStatus rv; PRArenaPool *arena; - int tag; + SECOidTag tag; arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); if (arena == NULL) diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h index 693bccd5c..3a496d2ad 100644 --- a/security/nss/lib/freebl/blapit.h +++ b/security/nss/lib/freebl/blapit.h @@ -161,6 +161,7 @@ struct PQGParamsStr { SECItem prime; /* p */ SECItem subPrime; /* q */ SECItem base; /* g */ + /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ }; typedef struct PQGParamsStr PQGParams; |