implement HMACs with faux OIDs

author: ian.mcgreer%sun.com <devnull@localhost> 2003-01-17 21:25:19 +0000
committer: ian.mcgreer%sun.com <devnull@localhost> 2003-01-17 21:25:19 +0000
commit: 3871e4556c7835e644ebe56139e0ae36a8856840 (patch)
tree: 463c3123c42995fc331cbf06f69540993bcc7f33
parent: c5246dd5a86d82e8e707d8f833f21e127f5219a9 (diff)
download: nss-hg-3871e4556c7835e644ebe56139e0ae36a8856840.tar.gz
9 files changed, 194 insertions, 137 deletions
diff --git a/security/nss/lib/dev/algparam.c b/security/nss/lib/dev/algparam.c
index 95571ed28..ef00ebc64 100644
--- a/security/nss/lib/dev/algparam.c
+++ b/security/nss/lib/dev/algparam.c
@@ -755,6 +755,11 @@ set_cryptoki_mechanism (
 	break;
     case NSS_OID_RC5_CBC_PAD:
 	return set_rc5_mechanism(ap, mech, params, encodedParams, keygen);
+    case NSS_OID_MD5_HMAC:
+    case NSS_OID_SHA1_HMAC:
+	/* XXX should be doing some checking here (ever encoded?) */
+	ap->mechanism.mechanism = algorithm->mechanism;
+	return set_ulong_parameter(&ap->mechanism, params->hmac, ap->arena);
     case NSS_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
     case NSS_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
     case NSS_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
@@ -1346,6 +1351,22 @@ NSSAlgNParam_CreateForSSL (
     return nssAlgNParam_CreateForSSL(arena, alg, params);
 }
 
+NSS_EXTERN NSSSSLVersion
+nssAlgNParam_GetSSLVersionFromMSDerive (
+  const NSSAlgNParam *ap
+)
+{
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR params;
+    params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR)ap->mechanism.pParameter;
+    if (params->pVersion->major == 2 && params->pVersion->minor == 0) 
+	return NSSSSLVersion_SSLv2;
+    else if (params->pVersion->major == 3 && params->pVersion->minor == 0) 
+	return NSSSSLVersion_SSLv3;
+    else if (params->pVersion->major == 3 && params->pVersion->minor == 1) 
+	return NSSSSLVersion_TLS;
+    else return -1; /* XXX */
+}
+
 NSS_IMPLEMENT void
 NSSAlgNParam_Destroy (
   NSSAlgNParam *ap
diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h
index fe236a2a0..2d542cde7 100644
--- a/security/nss/lib/dev/dev.h
+++ b/security/nss/lib/dev/dev.h
@@ -909,13 +909,6 @@ nssAlgNParam_Decode (
   NSSBER *algIDber
 );
 
-/* devf.h? */
-NSS_EXTERN NSSAlgNParam *
-nssAlgNParam_CreateSSLSessionKeyDerivation (
-  NSSArena *arenaOpt,
-  NSSSSLSessionKeyParameters *parameters
-);
-
 NSS_EXTERN NSSAlgNParam *
 nssAlgNParam_Clone (
   const NSSAlgNParam *ap,
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index 635eab9cb..7f3d0cf25 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -209,6 +209,7 @@ NSSTrustDomain_FindTokenByName;
 ;+#NSSTrustDomain_FindTokenBySlotName;
 ;+#NSSTrustDomain_FindTokenForAlgorithm;
 ;+#NSSTrustDomain_FindBestTokenForAlgorithms;
+NSSTrustDomain_FindTokenForAlgNParam;
 NSSTrustDomain_Login;
 ;+#NSSTrustDomain_Logout;
 ;+#NSSTrustDomain_ImportCert;
@@ -339,6 +340,7 @@ nssArena_Mark;
 nssArena_Release;
 nssArena_Unmark;
 NSSAlgNParam_CreateForSSL;
+nssAlgNParam_GetSSLVersionFromMSDerive;
 nssCert_AddRef;
 nssPublicKey_AddRef;
 nssPrivateKey_AddRef;
diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c
index 7e7a0d161..49a1fef07 100644
--- a/security/nss/lib/pki/trustdomain.c
+++ b/security/nss/lib/pki/trustdomain.c
@@ -322,6 +322,7 @@ NSSTrustDomain_FindTokenBySlotName (
     return NULL;
 }
 
+/* XXX should use mech for algNparams that don't have an OID */
 NSS_IMPLEMENT NSSToken *
 nssTrustDomain_FindTokenForAlgNParam (
   NSSTrustDomain *td,
@@ -332,6 +333,15 @@ nssTrustDomain_FindTokenForAlgNParam (
 }
 
 NSS_IMPLEMENT NSSToken *
+NSSTrustDomain_FindTokenForAlgNParam (
+  NSSTrustDomain *td,
+  const NSSAlgNParam *ap
+)
+{
+    return nssTrustDomain_FindTokenForAlgNParam(td, ap);
+}
+
+NSS_IMPLEMENT NSSToken *
 nssTrustDomain_FindTokenForAlgorithm (
   NSSTrustDomain *td,
   NSSOIDTag algorithm
diff --git a/security/nss/lib/pki1/oiddata.c b/security/nss/lib/pki1/oiddata.c
index a30dde452..6657e54e0 100644
--- a/security/nss/lib/pki1/oiddata.c
+++ b/security/nss/lib/pki1/oiddata.c
@@ -1347,6 +1347,16 @@ const NSSOID nss_builtin_oids[] = {
   },
   {
 #ifdef DEBUG
+    "md5-hmac",
+    "MD5-HMAC",
+#endif /* DEBUG */
+    { "\x2a\x86\x48\x86\xf7\x0d\x02\x05\x01", 9 },
+    CKK_INVALID_KEY_TYPE,
+    CKM_MD5_HMAC_GENERAL,
+    PR_FALSE
+  },
+  {
+#ifdef DEBUG
     "cipher",
     "RSA cipher algorithm",
 #endif /* DEBUG */
@@ -2107,6 +2117,16 @@ const NSSOID nss_builtin_oids[] = {
   },
   {
 #ifdef DEBUG
+    "sha1-hmac",
+    "SHA-1 HMAC",
+#endif /* DEBUG */
+    { "\x2b\x0e\x03\x02\x1a\x01", 6 },
+    CKK_INVALID_KEY_TYPE,
+    CKM_SHA_1_HMAC_GENERAL,
+    PR_FALSE
+  },
+  {
+#ifdef DEBUG
     "bogusDSASignatureWithSHA1Digest",
     "Forgezza DSA Signature with SHA-1 Digest",
 #endif /* DEBUG */
@@ -3837,6 +3857,6 @@ const NSSOID nss_builtin_oids[] = {
   }
 };
 
-const PRUint32 nss_builtin_oid_count = 379;
+const PRUint32 nss_builtin_oid_count = 381;
 
 
diff --git a/security/nss/lib/pki1/oiddata.h b/security/nss/lib/pki1/oiddata.h
index 2a3c07d75..9f42f92d9 100644
--- a/security/nss/lib/pki1/oiddata.h
+++ b/security/nss/lib/pki1/oiddata.h
@@ -43,6 +43,9 @@ static const char OIDDATA_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$ ;
 #include "nsspki1t.h"
 #endif /* NSSPKI1T_H */
 
+/*extern const NSSOID nss_builtin_oids[];*/
+/*extern const PRUint32 nss_builtin_oid_count;*/
+
 /*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/
 /*extern const PRUint32 nss_attribute_type_alias_count;*/
 
@@ -101,117 +104,119 @@ enum NSSOIDTagEnum {
    NSS_OID_MD2 = 127,
    NSS_OID_MD4 = 128,
    NSS_OID_MD5 = 129,
-   NSS_OID_RC2_CBC = 131,
-   NSS_OID_RC4 = 132,
-   NSS_OID_DES_EDE3_CBC = 133,
-   NSS_OID_RC5_CBC_PAD = 134,
-   NSS_OID_X509_AUTH_INFO_ACCESS = 154,
-   NSS_OID_PKIX_CPS_POINTER_QUALIFIER = 156,
-   NSS_OID_PKIX_USER_NOTICE_QUALIFIER = 157,
-   NSS_OID_EXT_KEY_USAGE_SERVER_AUTH = 159,
-   NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH = 160,
-   NSS_OID_EXT_KEY_USAGE_CODE_SIGN = 161,
-   NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION = 162,
-   NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM = 163,
-   NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 164,
-   NSS_OID_EXT_KEY_USAGE_IPSEC_USER = 165,
-   NSS_OID_EXT_KEY_USAGE_TIME_STAMP = 166,
-   NSS_OID_OCSP_RESPONDER = 167,
-   NSS_OID_PKIX_REGCTRL_REGTOKEN = 171,
-   NSS_OID_PKIX_REGCTRL_AUTHENTICATOR = 172,
-   NSS_OID_PKIX_REGCTRL_PKIPUBINFO = 173,
-   NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 174,
-   NSS_OID_PKIX_REGCTRL_OLD_CERT_ID = 175,
-   NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 176,
-   NSS_OID_PKIX_REGINFO_UTF8_PAIRS = 178,
-   NSS_OID_PKIX_REGINFO_CERT_REQUEST = 179,
-   NSS_OID_OID_PKIX_OCSP = 181,
-   NSS_OID_PKIX_OCSP_BASIC_RESPONSE = 182,
-   NSS_OID_PKIX_OCSP_NONCE = 183,
-   NSS_OID_PKIX_OCSP_RESPONSE = 184,
-   NSS_OID_PKIX_OCSP_CRL = 185,
-   NSS_OID_X509_OCSP_NO_CHECK = 186,
-   NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 187,
-   NSS_OID_PKIX_OCSP_SERVICE_LOCATOR = 188,
-   NSS_OID_DES_ECB = 198,
-   NSS_OID_DES_CBC = 199,
-   NSS_OID_DES_OFB = 200,
-   NSS_OID_DES_CFB = 201,
-   NSS_OID_DES_MAC = 202,
-   NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE = 203,
-   NSS_OID_DES_EDE = 204,
-   NSS_OID_SHA1 = 205,
-   NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 206,
-   NSS_OID_X520_COMMON_NAME = 231,
-   NSS_OID_X520_SURNAME = 232,
-   NSS_OID_X520_COUNTRY_NAME = 233,
-   NSS_OID_X520_LOCALITY_NAME = 234,
-   NSS_OID_X520_STATE_OR_PROVINCE_NAME = 235,
-   NSS_OID_X520_ORGANIZATION_NAME = 236,
-   NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME = 237,
-   NSS_OID_X520_TITLE = 238,
-   NSS_OID_X520_NAME = 239,
-   NSS_OID_X520_GIVEN_NAME = 240,
-   NSS_OID_X520_INITIALS = 241,
-   NSS_OID_X520_GENERATION_QUALIFIER = 242,
-   NSS_OID_X520_DN_QUALIFIER = 243,
-   NSS_OID_X500_RSA_ENCRYPTION = 249,
-   NSS_OID_X509_SUBJECT_DIRECTORY_ATTR = 268,
-   NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES = 269,
-   NSS_OID_X509_SUBJECT_KEY_ID = 270,
-   NSS_OID_X509_KEY_USAGE = 271,
-   NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 272,
-   NSS_OID_X509_SUBJECT_ALT_NAME = 273,
-   NSS_OID_X509_ISSUER_ALT_NAME = 274,
-   NSS_OID_X509_BASIC_CONSTRAINTS = 275,
-   NSS_OID_X509_CRL_NUMBER = 276,
-   NSS_OID_X509_REASON_CODE = 277,
-   NSS_OID_X509_HOLD_INSTRUCTION_CODE = 278,
-   NSS_OID_X509_INVALID_DATE = 279,
-   NSS_OID_X509_DELTA_CRL_INDICATOR = 280,
-   NSS_OID_X509_ISSUING_DISTRIBUTION_POINT = 281,
-   NSS_OID_X509_CERTIFICATE_ISSUER = 282,
-   NSS_OID_X509_NAME_CONSTRAINTS = 283,
-   NSS_OID_X509_CRL_DIST_POINTS = 284,
-   NSS_OID_X509_CERTIFICATE_POLICIES = 285,
-   NSS_OID_X509_POLICY_MAPPINGS = 286,
-   NSS_OID_X509_AUTH_KEY_ID = 288,
-   NSS_OID_X509_POLICY_CONSTRAINTS = 289,
-   NSS_OID_X509_EXT_KEY_USAGE = 290,
-   NSS_OID_MISSI_DSS_OLD = 314,
-   NSS_OID_FORTEZZA_SKIPJACK = 315,
-   NSS_OID_MISSI_KEA = 316,
-   NSS_OID_MISSI_KEA_DSS_OLD = 317,
-   NSS_OID_MISSI_DSS = 318,
-   NSS_OID_MISSI_KEA_DSS = 319,
-   NSS_OID_MISSI_ALT_KEY = 320,
-   NSS_OID_NS_CERT_EXT_CERT_TYPE = 328,
-   NSS_OID_NS_CERT_EXT_BASE_URL = 329,
-   NSS_OID_NS_CERT_EXT_REVOCATION_URL = 330,
-   NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL = 331,
-   NSS_OID_NS_CERT_EXT_CA_CRL_URL = 332,
-   NSS_OID_NS_CERT_EXT_CA_CERT_URL = 333,
-   NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 334,
-   NSS_OID_NS_CERT_EXT_CA_POLICY_URL = 335,
-   NSS_OID_NS_CERT_EXT_HOMEPAGE_URL = 336,
-   NSS_OID_NS_CERT_EXT_ENTITY_LOGO = 337,
-   NSS_OID_NS_CERT_EXT_USER_PICTURE = 338,
-   NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME = 339,
-   NSS_OID_NS_CERT_EXT_COMMENT = 340,
-   NSS_OID_NS_CERT_EXT_THAYES = 341,
-   NSS_OID_NS_TYPE_GIF = 343,
-   NSS_OID_NS_TYPE_JPEG = 344,
-   NSS_OID_NS_TYPE_URL = 345,
-   NSS_OID_NS_TYPE_HTML = 346,
-   NSS_OID_NS_TYPE_CERT_SEQUENCE = 347,
-   NSS_OID_NS_KEY_USAGE_GOVT_APPROVED = 350,
-   NSS_OID_NETSCAPE_RECOVERY_REQUEST = 353,
-   NSS_OID_NETSCAPE_SMIME_KEA = 355,
-   NSS_OID_NETSCAPE_NICKNAME = 357,
-   NSS_OID_VERISIGN_USER_NOTICES = 362,
-   NSS_OID_NS_CERT_EXT_NETSCAPE_OK = 367,
-   NSS_OID_NS_CERT_EXT_ISSUER_LOGO = 368,
-   NSS_OID_NS_CERT_EXT_SUBJECT_LOGO = 369
+   NSS_OID_MD5_HMAC = 130,
+   NSS_OID_RC2_CBC = 132,
+   NSS_OID_RC4 = 133,
+   NSS_OID_DES_EDE3_CBC = 134,
+   NSS_OID_RC5_CBC_PAD = 135,
+   NSS_OID_X509_AUTH_INFO_ACCESS = 155,
+   NSS_OID_PKIX_CPS_POINTER_QUALIFIER = 157,
+   NSS_OID_PKIX_USER_NOTICE_QUALIFIER = 158,
+   NSS_OID_EXT_KEY_USAGE_SERVER_AUTH = 160,
+   NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH = 161,
+   NSS_OID_EXT_KEY_USAGE_CODE_SIGN = 162,
+   NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION = 163,
+   NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM = 164,
+   NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 165,
+   NSS_OID_EXT_KEY_USAGE_IPSEC_USER = 166,
+   NSS_OID_EXT_KEY_USAGE_TIME_STAMP = 167,
+   NSS_OID_OCSP_RESPONDER = 168,
+   NSS_OID_PKIX_REGCTRL_REGTOKEN = 172,
+   NSS_OID_PKIX_REGCTRL_AUTHENTICATOR = 173,
+   NSS_OID_PKIX_REGCTRL_PKIPUBINFO = 174,
+   NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 175,
+   NSS_OID_PKIX_REGCTRL_OLD_CERT_ID = 176,
+   NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 177,
+   NSS_OID_PKIX_REGINFO_UTF8_PAIRS = 179,
+   NSS_OID_PKIX_REGINFO_CERT_REQUEST = 180,
+   NSS_OID_OID_PKIX_OCSP = 182,
+   NSS_OID_PKIX_OCSP_BASIC_RESPONSE = 183,
+   NSS_OID_PKIX_OCSP_NONCE = 184,
+   NSS_OID_PKIX_OCSP_RESPONSE = 185,
+   NSS_OID_PKIX_OCSP_CRL = 186,
+   NSS_OID_X509_OCSP_NO_CHECK = 187,
+   NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 188,
+   NSS_OID_PKIX_OCSP_SERVICE_LOCATOR = 189,
+   NSS_OID_DES_ECB = 199,
+   NSS_OID_DES_CBC = 200,
+   NSS_OID_DES_OFB = 201,
+   NSS_OID_DES_CFB = 202,
+   NSS_OID_DES_MAC = 203,
+   NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE = 204,
+   NSS_OID_DES_EDE = 205,
+   NSS_OID_SHA1 = 206,
+   NSS_OID_SHA1_HMAC = 207,
+   NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 208,
+   NSS_OID_X520_COMMON_NAME = 233,
+   NSS_OID_X520_SURNAME = 234,
+   NSS_OID_X520_COUNTRY_NAME = 235,
+   NSS_OID_X520_LOCALITY_NAME = 236,
+   NSS_OID_X520_STATE_OR_PROVINCE_NAME = 237,
+   NSS_OID_X520_ORGANIZATION_NAME = 238,
+   NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME = 239,
+   NSS_OID_X520_TITLE = 240,
+   NSS_OID_X520_NAME = 241,
+   NSS_OID_X520_GIVEN_NAME = 242,
+   NSS_OID_X520_INITIALS = 243,
+   NSS_OID_X520_GENERATION_QUALIFIER = 244,
+   NSS_OID_X520_DN_QUALIFIER = 245,
+   NSS_OID_X500_RSA_ENCRYPTION = 251,
+   NSS_OID_X509_SUBJECT_DIRECTORY_ATTR = 270,
+   NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES = 271,
+   NSS_OID_X509_SUBJECT_KEY_ID = 272,
+   NSS_OID_X509_KEY_USAGE = 273,
+   NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 274,
+   NSS_OID_X509_SUBJECT_ALT_NAME = 275,
+   NSS_OID_X509_ISSUER_ALT_NAME = 276,
+   NSS_OID_X509_BASIC_CONSTRAINTS = 277,
+   NSS_OID_X509_CRL_NUMBER = 278,
+   NSS_OID_X509_REASON_CODE = 279,
+   NSS_OID_X509_HOLD_INSTRUCTION_CODE = 280,
+   NSS_OID_X509_INVALID_DATE = 281,
+   NSS_OID_X509_DELTA_CRL_INDICATOR = 282,
+   NSS_OID_X509_ISSUING_DISTRIBUTION_POINT = 283,
+   NSS_OID_X509_CERTIFICATE_ISSUER = 284,
+   NSS_OID_X509_NAME_CONSTRAINTS = 285,
+   NSS_OID_X509_CRL_DIST_POINTS = 286,
+   NSS_OID_X509_CERTIFICATE_POLICIES = 287,
+   NSS_OID_X509_POLICY_MAPPINGS = 288,
+   NSS_OID_X509_AUTH_KEY_ID = 290,
+   NSS_OID_X509_POLICY_CONSTRAINTS = 291,
+   NSS_OID_X509_EXT_KEY_USAGE = 292,
+   NSS_OID_MISSI_DSS_OLD = 316,
+   NSS_OID_FORTEZZA_SKIPJACK = 317,
+   NSS_OID_MISSI_KEA = 318,
+   NSS_OID_MISSI_KEA_DSS_OLD = 319,
+   NSS_OID_MISSI_DSS = 320,
+   NSS_OID_MISSI_KEA_DSS = 321,
+   NSS_OID_MISSI_ALT_KEY = 322,
+   NSS_OID_NS_CERT_EXT_CERT_TYPE = 330,
+   NSS_OID_NS_CERT_EXT_BASE_URL = 331,
+   NSS_OID_NS_CERT_EXT_REVOCATION_URL = 332,
+   NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL = 333,
+   NSS_OID_NS_CERT_EXT_CA_CRL_URL = 334,
+   NSS_OID_NS_CERT_EXT_CA_CERT_URL = 335,
+   NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 336,
+   NSS_OID_NS_CERT_EXT_CA_POLICY_URL = 337,
+   NSS_OID_NS_CERT_EXT_HOMEPAGE_URL = 338,
+   NSS_OID_NS_CERT_EXT_ENTITY_LOGO = 339,
+   NSS_OID_NS_CERT_EXT_USER_PICTURE = 340,
+   NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME = 341,
+   NSS_OID_NS_CERT_EXT_COMMENT = 342,
+   NSS_OID_NS_CERT_EXT_THAYES = 343,
+   NSS_OID_NS_TYPE_GIF = 345,
+   NSS_OID_NS_TYPE_JPEG = 346,
+   NSS_OID_NS_TYPE_URL = 347,
+   NSS_OID_NS_TYPE_HTML = 348,
+   NSS_OID_NS_TYPE_CERT_SEQUENCE = 349,
+   NSS_OID_NS_KEY_USAGE_GOVT_APPROVED = 352,
+   NSS_OID_NETSCAPE_RECOVERY_REQUEST = 355,
+   NSS_OID_NETSCAPE_SMIME_KEA = 357,
+   NSS_OID_NETSCAPE_NICKNAME = 359,
+   NSS_OID_VERISIGN_USER_NOTICES = 364,
+   NSS_OID_NS_CERT_EXT_NETSCAPE_OK = 369,
+   NSS_OID_NS_CERT_EXT_ISSUER_LOGO = 370,
+   NSS_OID_NS_CERT_EXT_SUBJECT_LOGO = 371
 };
 
 #endif /* OIDDATA_H */
diff --git a/security/nss/lib/pki1/oidgen.perl b/security/nss/lib/pki1/oidgen.perl
index e1716d1de..fccfbcc01 100755
--- a/security/nss/lib/pki1/oidgen.perl
+++ b/security/nss/lib/pki1/oidgen.perl
@@ -253,8 +253,8 @@ static const char OIDDATA_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
 #include "nsspki1t.h"
 #endif /* NSSPKI1T_H */
 
-extern const NSSOID nss_builtin_oids[];
-extern const PRUint32 nss_builtin_oid_count;
+/*extern const NSSOID nss_builtin_oids[];*/
+/*extern const PRUint32 nss_builtin_oid_count;*/
 
 /*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/
 /*extern const PRUint32 nss_attribute_type_alias_count;*/
@@ -274,7 +274,7 @@ for( $i = 0; $i <= $count; $i++ ) {
   }
 }
 print HFILE "\n};\n";
-print HFILE "\ntypedef enum NSSOIDTagEnum NSSOIDTag;\n";
+#print HFILE "\ntypedef enum NSSOIDTagEnum NSSOIDTag;\n";
 
 print HFILE <<EOD
 
diff --git a/security/nss/lib/pki1/oids.txt b/security/nss/lib/pki1/oids.txt
index a821da0d9..2b7d5bc22 100644
--- a/security/nss/lib/pki1/oids.txt
+++ b/security/nss/lib/pki1/oids.txt
@@ -762,6 +762,13 @@ EXPL "MD5"
 NAME NSS_OID_MD5
 CKM CKM_MD5
 
+# XXX idm - I'm making this up for testing
+OID 1.2.840.113549.2.5.1
+TAG md5-hmac
+EXPL "MD5-HMAC"
+NAME NSS_OID_MD5_HMAC
+CKM CKM_MD5_HMAC_GENERAL
+
 OID 1.2.840.113549.3 
 TAG cipher
 EXPL "RSA cipher algorithm"
@@ -1189,6 +1196,13 @@ EXPL "SHA-1"
 NAME NSS_OID_SHA1
 CKM CKM_SHA_1
 
+# XXX idm -- I'm making this up for testing
+OID 1.3.14.3.2.26.1
+TAG sha1-hmac
+EXPL "SHA-1 HMAC"
+NAME NSS_OID_SHA1_HMAC
+CKM CKM_SHA_1_HMAC_GENERAL
+
 OID 1.3.14.3.2.27
 TAG bogusDSASignatureWithSHA1Digest
 EXPL "Forgezza DSA Signature with SHA-1 Digest"
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 329a59d92..d9dd5d558 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -362,7 +362,6 @@ static NSSArena *s_algs_arena = NULL;
 static const NSSAlgNParam *s_md5_ap = NULL;
 static const NSSAlgNParam *s_sha1_ap = NULL;
 static const NSSAlgNParam *s_rsa_wrap_ap = NULL;
-static const NSSAlgNParam *s_rsa_unwrap_ap = NULL;
 static const NSSAlgNParam *s_ssl3_pms_ap = NULL;
 static const NSSAlgNParam *s_tls_pms_ap = NULL;
 static const NSSAlgNParam *s_mac_md5_ap = NULL;
@@ -385,13 +384,8 @@ ssl3_InitAlgorithms(void)
     s_sha1_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_SHA1, NULL, s_algs_arena);
 
     /* initialize RSA wrap/unwrap */
-    s_rsa_wrap_ap = NSSOIDTag_CreateAlgNParamForWrap(
-                                               NSS_OID_PKCS1_RSA_ENCRYPTION, 
-                                               NULL, s_algs_arena);
-
-    s_rsa_unwrap_ap = NSSOIDTag_CreateAlgNParamForUnwrap(
-                                               NSS_OID_PKCS1_RSA_ENCRYPTION, 
-                                               NULL, s_algs_arena);
+    s_rsa_wrap_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_PKCS1_RSA_ENCRYPTION, 
+                                              NULL, s_algs_arena);
 
     /* initialize PMS generation algorithms */
     params.sslpms = NSSSSLVersion_SSLv3;
@@ -411,13 +405,11 @@ ssl3_InitAlgorithms(void)
                                               NSSSSLAlgorithm_SHA1_MAC,
                                               &params);
     params.hmac = MD5_LENGTH;
-    s_hmac_md5_ap = NSSOIDTag_CreateAlgNParamForHMAC(NSS_OID_MD5,
-                                                     &params,
-                                                     s_algs_arena);
+    s_hmac_md5_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_MD5_HMAC,
+                                              &params, s_algs_arena);
     params.hmac = SHA1_LENGTH;
-    s_hmac_sha1_ap = NSSOIDTag_CreateAlgNParamForHMAC(NSS_OID_SHA1,
-                                                      &params,
-                                                      s_algs_arena);
+    s_hmac_sha1_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_SHA1_HMAC,
+                                               &params, s_algs_arena);
 
     /* initialize TLS pseudo-random function (currently no params) */
     s_tls_prf_ap = NSSAlgNParam_CreateForSSL(s_algs_arena, 
@@ -6356,7 +6348,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
     /*
      * decrypt pms out of the incoming buffer into volatile domain
      */
-    pms = NSSPrivateKey_UnwrapSymKey(serverKey, s_rsa_unwrap_ap, 
+    pms = NSSPrivateKey_UnwrapSymKey(serverKey, s_rsa_wrap_ap, 
                                      &enc_pms, NSSSymKeyType_SSLPMS,
                                      NULL, 0, 0, NULL, ss->vd, NULL);
     if (pms) {
author	ian.mcgreer%sun.com <devnull@localhost>	2003-01-17 21:25:19 +0000
committer	ian.mcgreer%sun.com <devnull@localhost>	2003-01-17 21:25:19 +0000
commit	3871e4556c7835e644ebe56139e0ae36a8856840 (patch)
tree	463c3123c42995fc331cbf06f69540993bcc7f33
parent	c5246dd5a86d82e8e707d8f833f21e127f5219a9 (diff)
download	nss-hg-3871e4556c7835e644ebe56139e0ae36a8856840.tar.gz