diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2003-01-17 21:25:19 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2003-01-17 21:25:19 +0000 |
commit | 3871e4556c7835e644ebe56139e0ae36a8856840 (patch) | |
tree | 463c3123c42995fc331cbf06f69540993bcc7f33 | |
parent | c5246dd5a86d82e8e707d8f833f21e127f5219a9 (diff) | |
download | nss-hg-3871e4556c7835e644ebe56139e0ae36a8856840.tar.gz |
implement HMACs with faux OIDs
-rw-r--r-- | security/nss/lib/dev/algparam.c | 21 | ||||
-rw-r--r-- | security/nss/lib/dev/dev.h | 7 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.def | 2 | ||||
-rw-r--r-- | security/nss/lib/pki/trustdomain.c | 10 | ||||
-rw-r--r-- | security/nss/lib/pki1/oiddata.c | 22 | ||||
-rw-r--r-- | security/nss/lib/pki1/oiddata.h | 227 | ||||
-rwxr-xr-x | security/nss/lib/pki1/oidgen.perl | 6 | ||||
-rw-r--r-- | security/nss/lib/pki1/oids.txt | 14 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 22 |
9 files changed, 194 insertions, 137 deletions
diff --git a/security/nss/lib/dev/algparam.c b/security/nss/lib/dev/algparam.c index 95571ed28..ef00ebc64 100644 --- a/security/nss/lib/dev/algparam.c +++ b/security/nss/lib/dev/algparam.c @@ -755,6 +755,11 @@ set_cryptoki_mechanism ( break; case NSS_OID_RC5_CBC_PAD: return set_rc5_mechanism(ap, mech, params, encodedParams, keygen); + case NSS_OID_MD5_HMAC: + case NSS_OID_SHA1_HMAC: + /* XXX should be doing some checking here (ever encoded?) */ + ap->mechanism.mechanism = algorithm->mechanism; + return set_ulong_parameter(&ap->mechanism, params->hmac, ap->arena); case NSS_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC: case NSS_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC: case NSS_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC: @@ -1346,6 +1351,22 @@ NSSAlgNParam_CreateForSSL ( return nssAlgNParam_CreateForSSL(arena, alg, params); } +NSS_EXTERN NSSSSLVersion +nssAlgNParam_GetSSLVersionFromMSDerive ( + const NSSAlgNParam *ap +) +{ + CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR params; + params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR)ap->mechanism.pParameter; + if (params->pVersion->major == 2 && params->pVersion->minor == 0) + return NSSSSLVersion_SSLv2; + else if (params->pVersion->major == 3 && params->pVersion->minor == 0) + return NSSSSLVersion_SSLv3; + else if (params->pVersion->major == 3 && params->pVersion->minor == 1) + return NSSSSLVersion_TLS; + else return -1; /* XXX */ +} + NSS_IMPLEMENT void NSSAlgNParam_Destroy ( NSSAlgNParam *ap diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index fe236a2a0..2d542cde7 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -909,13 +909,6 @@ nssAlgNParam_Decode ( NSSBER *algIDber ); -/* devf.h? */ -NSS_EXTERN NSSAlgNParam * -nssAlgNParam_CreateSSLSessionKeyDerivation ( - NSSArena *arenaOpt, - NSSSSLSessionKeyParameters *parameters -); - NSS_EXTERN NSSAlgNParam * nssAlgNParam_Clone ( const NSSAlgNParam *ap, diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 635eab9cb..7f3d0cf25 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -209,6 +209,7 @@ NSSTrustDomain_FindTokenByName; ;+#NSSTrustDomain_FindTokenBySlotName; ;+#NSSTrustDomain_FindTokenForAlgorithm; ;+#NSSTrustDomain_FindBestTokenForAlgorithms; +NSSTrustDomain_FindTokenForAlgNParam; NSSTrustDomain_Login; ;+#NSSTrustDomain_Logout; ;+#NSSTrustDomain_ImportCert; @@ -339,6 +340,7 @@ nssArena_Mark; nssArena_Release; nssArena_Unmark; NSSAlgNParam_CreateForSSL; +nssAlgNParam_GetSSLVersionFromMSDerive; nssCert_AddRef; nssPublicKey_AddRef; nssPrivateKey_AddRef; diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index 7e7a0d161..49a1fef07 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -322,6 +322,7 @@ NSSTrustDomain_FindTokenBySlotName ( return NULL; } +/* XXX should use mech for algNparams that don't have an OID */ NSS_IMPLEMENT NSSToken * nssTrustDomain_FindTokenForAlgNParam ( NSSTrustDomain *td, @@ -332,6 +333,15 @@ nssTrustDomain_FindTokenForAlgNParam ( } NSS_IMPLEMENT NSSToken * +NSSTrustDomain_FindTokenForAlgNParam ( + NSSTrustDomain *td, + const NSSAlgNParam *ap +) +{ + return nssTrustDomain_FindTokenForAlgNParam(td, ap); +} + +NSS_IMPLEMENT NSSToken * nssTrustDomain_FindTokenForAlgorithm ( NSSTrustDomain *td, NSSOIDTag algorithm diff --git a/security/nss/lib/pki1/oiddata.c b/security/nss/lib/pki1/oiddata.c index a30dde452..6657e54e0 100644 --- a/security/nss/lib/pki1/oiddata.c +++ b/security/nss/lib/pki1/oiddata.c @@ -1347,6 +1347,16 @@ const NSSOID nss_builtin_oids[] = { }, { #ifdef DEBUG + "md5-hmac", + "MD5-HMAC", +#endif /* DEBUG */ + { "\x2a\x86\x48\x86\xf7\x0d\x02\x05\x01", 9 }, + CKK_INVALID_KEY_TYPE, + CKM_MD5_HMAC_GENERAL, + PR_FALSE + }, + { +#ifdef DEBUG "cipher", "RSA cipher algorithm", #endif /* DEBUG */ @@ -2107,6 +2117,16 @@ const NSSOID nss_builtin_oids[] = { }, { #ifdef DEBUG + "sha1-hmac", + "SHA-1 HMAC", +#endif /* DEBUG */ + { "\x2b\x0e\x03\x02\x1a\x01", 6 }, + CKK_INVALID_KEY_TYPE, + CKM_SHA_1_HMAC_GENERAL, + PR_FALSE + }, + { +#ifdef DEBUG "bogusDSASignatureWithSHA1Digest", "Forgezza DSA Signature with SHA-1 Digest", #endif /* DEBUG */ @@ -3837,6 +3857,6 @@ const NSSOID nss_builtin_oids[] = { } }; -const PRUint32 nss_builtin_oid_count = 379; +const PRUint32 nss_builtin_oid_count = 381; diff --git a/security/nss/lib/pki1/oiddata.h b/security/nss/lib/pki1/oiddata.h index 2a3c07d75..9f42f92d9 100644 --- a/security/nss/lib/pki1/oiddata.h +++ b/security/nss/lib/pki1/oiddata.h @@ -43,6 +43,9 @@ static const char OIDDATA_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$ ; #include "nsspki1t.h" #endif /* NSSPKI1T_H */ +/*extern const NSSOID nss_builtin_oids[];*/ +/*extern const PRUint32 nss_builtin_oid_count;*/ + /*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/ /*extern const PRUint32 nss_attribute_type_alias_count;*/ @@ -101,117 +104,119 @@ enum NSSOIDTagEnum { NSS_OID_MD2 = 127, NSS_OID_MD4 = 128, NSS_OID_MD5 = 129, - NSS_OID_RC2_CBC = 131, - NSS_OID_RC4 = 132, - NSS_OID_DES_EDE3_CBC = 133, - NSS_OID_RC5_CBC_PAD = 134, - NSS_OID_X509_AUTH_INFO_ACCESS = 154, - NSS_OID_PKIX_CPS_POINTER_QUALIFIER = 156, - NSS_OID_PKIX_USER_NOTICE_QUALIFIER = 157, - NSS_OID_EXT_KEY_USAGE_SERVER_AUTH = 159, - NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH = 160, - NSS_OID_EXT_KEY_USAGE_CODE_SIGN = 161, - NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION = 162, - NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM = 163, - NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 164, - NSS_OID_EXT_KEY_USAGE_IPSEC_USER = 165, - NSS_OID_EXT_KEY_USAGE_TIME_STAMP = 166, - NSS_OID_OCSP_RESPONDER = 167, - NSS_OID_PKIX_REGCTRL_REGTOKEN = 171, - NSS_OID_PKIX_REGCTRL_AUTHENTICATOR = 172, - NSS_OID_PKIX_REGCTRL_PKIPUBINFO = 173, - NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 174, - NSS_OID_PKIX_REGCTRL_OLD_CERT_ID = 175, - NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 176, - NSS_OID_PKIX_REGINFO_UTF8_PAIRS = 178, - NSS_OID_PKIX_REGINFO_CERT_REQUEST = 179, - NSS_OID_OID_PKIX_OCSP = 181, - NSS_OID_PKIX_OCSP_BASIC_RESPONSE = 182, - NSS_OID_PKIX_OCSP_NONCE = 183, - NSS_OID_PKIX_OCSP_RESPONSE = 184, - NSS_OID_PKIX_OCSP_CRL = 185, - NSS_OID_X509_OCSP_NO_CHECK = 186, - NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 187, - NSS_OID_PKIX_OCSP_SERVICE_LOCATOR = 188, - NSS_OID_DES_ECB = 198, - NSS_OID_DES_CBC = 199, - NSS_OID_DES_OFB = 200, - NSS_OID_DES_CFB = 201, - NSS_OID_DES_MAC = 202, - NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE = 203, - NSS_OID_DES_EDE = 204, - NSS_OID_SHA1 = 205, - NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 206, - NSS_OID_X520_COMMON_NAME = 231, - NSS_OID_X520_SURNAME = 232, - NSS_OID_X520_COUNTRY_NAME = 233, - NSS_OID_X520_LOCALITY_NAME = 234, - NSS_OID_X520_STATE_OR_PROVINCE_NAME = 235, - NSS_OID_X520_ORGANIZATION_NAME = 236, - NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME = 237, - NSS_OID_X520_TITLE = 238, - NSS_OID_X520_NAME = 239, - NSS_OID_X520_GIVEN_NAME = 240, - NSS_OID_X520_INITIALS = 241, - NSS_OID_X520_GENERATION_QUALIFIER = 242, - NSS_OID_X520_DN_QUALIFIER = 243, - NSS_OID_X500_RSA_ENCRYPTION = 249, - NSS_OID_X509_SUBJECT_DIRECTORY_ATTR = 268, - NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES = 269, - NSS_OID_X509_SUBJECT_KEY_ID = 270, - NSS_OID_X509_KEY_USAGE = 271, - NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 272, - NSS_OID_X509_SUBJECT_ALT_NAME = 273, - NSS_OID_X509_ISSUER_ALT_NAME = 274, - NSS_OID_X509_BASIC_CONSTRAINTS = 275, - NSS_OID_X509_CRL_NUMBER = 276, - NSS_OID_X509_REASON_CODE = 277, - NSS_OID_X509_HOLD_INSTRUCTION_CODE = 278, - NSS_OID_X509_INVALID_DATE = 279, - NSS_OID_X509_DELTA_CRL_INDICATOR = 280, - NSS_OID_X509_ISSUING_DISTRIBUTION_POINT = 281, - NSS_OID_X509_CERTIFICATE_ISSUER = 282, - NSS_OID_X509_NAME_CONSTRAINTS = 283, - NSS_OID_X509_CRL_DIST_POINTS = 284, - NSS_OID_X509_CERTIFICATE_POLICIES = 285, - NSS_OID_X509_POLICY_MAPPINGS = 286, - NSS_OID_X509_AUTH_KEY_ID = 288, - NSS_OID_X509_POLICY_CONSTRAINTS = 289, - NSS_OID_X509_EXT_KEY_USAGE = 290, - NSS_OID_MISSI_DSS_OLD = 314, - NSS_OID_FORTEZZA_SKIPJACK = 315, - NSS_OID_MISSI_KEA = 316, - NSS_OID_MISSI_KEA_DSS_OLD = 317, - NSS_OID_MISSI_DSS = 318, - NSS_OID_MISSI_KEA_DSS = 319, - NSS_OID_MISSI_ALT_KEY = 320, - NSS_OID_NS_CERT_EXT_CERT_TYPE = 328, - NSS_OID_NS_CERT_EXT_BASE_URL = 329, - NSS_OID_NS_CERT_EXT_REVOCATION_URL = 330, - NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL = 331, - NSS_OID_NS_CERT_EXT_CA_CRL_URL = 332, - NSS_OID_NS_CERT_EXT_CA_CERT_URL = 333, - NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 334, - NSS_OID_NS_CERT_EXT_CA_POLICY_URL = 335, - NSS_OID_NS_CERT_EXT_HOMEPAGE_URL = 336, - NSS_OID_NS_CERT_EXT_ENTITY_LOGO = 337, - NSS_OID_NS_CERT_EXT_USER_PICTURE = 338, - NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME = 339, - NSS_OID_NS_CERT_EXT_COMMENT = 340, - NSS_OID_NS_CERT_EXT_THAYES = 341, - NSS_OID_NS_TYPE_GIF = 343, - NSS_OID_NS_TYPE_JPEG = 344, - NSS_OID_NS_TYPE_URL = 345, - NSS_OID_NS_TYPE_HTML = 346, - NSS_OID_NS_TYPE_CERT_SEQUENCE = 347, - NSS_OID_NS_KEY_USAGE_GOVT_APPROVED = 350, - NSS_OID_NETSCAPE_RECOVERY_REQUEST = 353, - NSS_OID_NETSCAPE_SMIME_KEA = 355, - NSS_OID_NETSCAPE_NICKNAME = 357, - NSS_OID_VERISIGN_USER_NOTICES = 362, - NSS_OID_NS_CERT_EXT_NETSCAPE_OK = 367, - NSS_OID_NS_CERT_EXT_ISSUER_LOGO = 368, - NSS_OID_NS_CERT_EXT_SUBJECT_LOGO = 369 + NSS_OID_MD5_HMAC = 130, + NSS_OID_RC2_CBC = 132, + NSS_OID_RC4 = 133, + NSS_OID_DES_EDE3_CBC = 134, + NSS_OID_RC5_CBC_PAD = 135, + NSS_OID_X509_AUTH_INFO_ACCESS = 155, + NSS_OID_PKIX_CPS_POINTER_QUALIFIER = 157, + NSS_OID_PKIX_USER_NOTICE_QUALIFIER = 158, + NSS_OID_EXT_KEY_USAGE_SERVER_AUTH = 160, + NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH = 161, + NSS_OID_EXT_KEY_USAGE_CODE_SIGN = 162, + NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION = 163, + NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM = 164, + NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 165, + NSS_OID_EXT_KEY_USAGE_IPSEC_USER = 166, + NSS_OID_EXT_KEY_USAGE_TIME_STAMP = 167, + NSS_OID_OCSP_RESPONDER = 168, + NSS_OID_PKIX_REGCTRL_REGTOKEN = 172, + NSS_OID_PKIX_REGCTRL_AUTHENTICATOR = 173, + NSS_OID_PKIX_REGCTRL_PKIPUBINFO = 174, + NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 175, + NSS_OID_PKIX_REGCTRL_OLD_CERT_ID = 176, + NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 177, + NSS_OID_PKIX_REGINFO_UTF8_PAIRS = 179, + NSS_OID_PKIX_REGINFO_CERT_REQUEST = 180, + NSS_OID_OID_PKIX_OCSP = 182, + NSS_OID_PKIX_OCSP_BASIC_RESPONSE = 183, + NSS_OID_PKIX_OCSP_NONCE = 184, + NSS_OID_PKIX_OCSP_RESPONSE = 185, + NSS_OID_PKIX_OCSP_CRL = 186, + NSS_OID_X509_OCSP_NO_CHECK = 187, + NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 188, + NSS_OID_PKIX_OCSP_SERVICE_LOCATOR = 189, + NSS_OID_DES_ECB = 199, + NSS_OID_DES_CBC = 200, + NSS_OID_DES_OFB = 201, + NSS_OID_DES_CFB = 202, + NSS_OID_DES_MAC = 203, + NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE = 204, + NSS_OID_DES_EDE = 205, + NSS_OID_SHA1 = 206, + NSS_OID_SHA1_HMAC = 207, + NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 208, + NSS_OID_X520_COMMON_NAME = 233, + NSS_OID_X520_SURNAME = 234, + NSS_OID_X520_COUNTRY_NAME = 235, + NSS_OID_X520_LOCALITY_NAME = 236, + NSS_OID_X520_STATE_OR_PROVINCE_NAME = 237, + NSS_OID_X520_ORGANIZATION_NAME = 238, + NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME = 239, + NSS_OID_X520_TITLE = 240, + NSS_OID_X520_NAME = 241, + NSS_OID_X520_GIVEN_NAME = 242, + NSS_OID_X520_INITIALS = 243, + NSS_OID_X520_GENERATION_QUALIFIER = 244, + NSS_OID_X520_DN_QUALIFIER = 245, + NSS_OID_X500_RSA_ENCRYPTION = 251, + NSS_OID_X509_SUBJECT_DIRECTORY_ATTR = 270, + NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES = 271, + NSS_OID_X509_SUBJECT_KEY_ID = 272, + NSS_OID_X509_KEY_USAGE = 273, + NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 274, + NSS_OID_X509_SUBJECT_ALT_NAME = 275, + NSS_OID_X509_ISSUER_ALT_NAME = 276, + NSS_OID_X509_BASIC_CONSTRAINTS = 277, + NSS_OID_X509_CRL_NUMBER = 278, + NSS_OID_X509_REASON_CODE = 279, + NSS_OID_X509_HOLD_INSTRUCTION_CODE = 280, + NSS_OID_X509_INVALID_DATE = 281, + NSS_OID_X509_DELTA_CRL_INDICATOR = 282, + NSS_OID_X509_ISSUING_DISTRIBUTION_POINT = 283, + NSS_OID_X509_CERTIFICATE_ISSUER = 284, + NSS_OID_X509_NAME_CONSTRAINTS = 285, + NSS_OID_X509_CRL_DIST_POINTS = 286, + NSS_OID_X509_CERTIFICATE_POLICIES = 287, + NSS_OID_X509_POLICY_MAPPINGS = 288, + NSS_OID_X509_AUTH_KEY_ID = 290, + NSS_OID_X509_POLICY_CONSTRAINTS = 291, + NSS_OID_X509_EXT_KEY_USAGE = 292, + NSS_OID_MISSI_DSS_OLD = 316, + NSS_OID_FORTEZZA_SKIPJACK = 317, + NSS_OID_MISSI_KEA = 318, + NSS_OID_MISSI_KEA_DSS_OLD = 319, + NSS_OID_MISSI_DSS = 320, + NSS_OID_MISSI_KEA_DSS = 321, + NSS_OID_MISSI_ALT_KEY = 322, + NSS_OID_NS_CERT_EXT_CERT_TYPE = 330, + NSS_OID_NS_CERT_EXT_BASE_URL = 331, + NSS_OID_NS_CERT_EXT_REVOCATION_URL = 332, + NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL = 333, + NSS_OID_NS_CERT_EXT_CA_CRL_URL = 334, + NSS_OID_NS_CERT_EXT_CA_CERT_URL = 335, + NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 336, + NSS_OID_NS_CERT_EXT_CA_POLICY_URL = 337, + NSS_OID_NS_CERT_EXT_HOMEPAGE_URL = 338, + NSS_OID_NS_CERT_EXT_ENTITY_LOGO = 339, + NSS_OID_NS_CERT_EXT_USER_PICTURE = 340, + NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME = 341, + NSS_OID_NS_CERT_EXT_COMMENT = 342, + NSS_OID_NS_CERT_EXT_THAYES = 343, + NSS_OID_NS_TYPE_GIF = 345, + NSS_OID_NS_TYPE_JPEG = 346, + NSS_OID_NS_TYPE_URL = 347, + NSS_OID_NS_TYPE_HTML = 348, + NSS_OID_NS_TYPE_CERT_SEQUENCE = 349, + NSS_OID_NS_KEY_USAGE_GOVT_APPROVED = 352, + NSS_OID_NETSCAPE_RECOVERY_REQUEST = 355, + NSS_OID_NETSCAPE_SMIME_KEA = 357, + NSS_OID_NETSCAPE_NICKNAME = 359, + NSS_OID_VERISIGN_USER_NOTICES = 364, + NSS_OID_NS_CERT_EXT_NETSCAPE_OK = 369, + NSS_OID_NS_CERT_EXT_ISSUER_LOGO = 370, + NSS_OID_NS_CERT_EXT_SUBJECT_LOGO = 371 }; #endif /* OIDDATA_H */ diff --git a/security/nss/lib/pki1/oidgen.perl b/security/nss/lib/pki1/oidgen.perl index e1716d1de..fccfbcc01 100755 --- a/security/nss/lib/pki1/oidgen.perl +++ b/security/nss/lib/pki1/oidgen.perl @@ -253,8 +253,8 @@ static const char OIDDATA_CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; #include "nsspki1t.h" #endif /* NSSPKI1T_H */ -extern const NSSOID nss_builtin_oids[]; -extern const PRUint32 nss_builtin_oid_count; +/*extern const NSSOID nss_builtin_oids[];*/ +/*extern const PRUint32 nss_builtin_oid_count;*/ /*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/ /*extern const PRUint32 nss_attribute_type_alias_count;*/ @@ -274,7 +274,7 @@ for( $i = 0; $i <= $count; $i++ ) { } } print HFILE "\n};\n"; -print HFILE "\ntypedef enum NSSOIDTagEnum NSSOIDTag;\n"; +#print HFILE "\ntypedef enum NSSOIDTagEnum NSSOIDTag;\n"; print HFILE <<EOD diff --git a/security/nss/lib/pki1/oids.txt b/security/nss/lib/pki1/oids.txt index a821da0d9..2b7d5bc22 100644 --- a/security/nss/lib/pki1/oids.txt +++ b/security/nss/lib/pki1/oids.txt @@ -762,6 +762,13 @@ EXPL "MD5" NAME NSS_OID_MD5 CKM CKM_MD5 +# XXX idm - I'm making this up for testing +OID 1.2.840.113549.2.5.1 +TAG md5-hmac +EXPL "MD5-HMAC" +NAME NSS_OID_MD5_HMAC +CKM CKM_MD5_HMAC_GENERAL + OID 1.2.840.113549.3 TAG cipher EXPL "RSA cipher algorithm" @@ -1189,6 +1196,13 @@ EXPL "SHA-1" NAME NSS_OID_SHA1 CKM CKM_SHA_1 +# XXX idm -- I'm making this up for testing +OID 1.3.14.3.2.26.1 +TAG sha1-hmac +EXPL "SHA-1 HMAC" +NAME NSS_OID_SHA1_HMAC +CKM CKM_SHA_1_HMAC_GENERAL + OID 1.3.14.3.2.27 TAG bogusDSASignatureWithSHA1Digest EXPL "Forgezza DSA Signature with SHA-1 Digest" diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 329a59d92..d9dd5d558 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -362,7 +362,6 @@ static NSSArena *s_algs_arena = NULL; static const NSSAlgNParam *s_md5_ap = NULL; static const NSSAlgNParam *s_sha1_ap = NULL; static const NSSAlgNParam *s_rsa_wrap_ap = NULL; -static const NSSAlgNParam *s_rsa_unwrap_ap = NULL; static const NSSAlgNParam *s_ssl3_pms_ap = NULL; static const NSSAlgNParam *s_tls_pms_ap = NULL; static const NSSAlgNParam *s_mac_md5_ap = NULL; @@ -385,13 +384,8 @@ ssl3_InitAlgorithms(void) s_sha1_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_SHA1, NULL, s_algs_arena); /* initialize RSA wrap/unwrap */ - s_rsa_wrap_ap = NSSOIDTag_CreateAlgNParamForWrap( - NSS_OID_PKCS1_RSA_ENCRYPTION, - NULL, s_algs_arena); - - s_rsa_unwrap_ap = NSSOIDTag_CreateAlgNParamForUnwrap( - NSS_OID_PKCS1_RSA_ENCRYPTION, - NULL, s_algs_arena); + s_rsa_wrap_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_PKCS1_RSA_ENCRYPTION, + NULL, s_algs_arena); /* initialize PMS generation algorithms */ params.sslpms = NSSSSLVersion_SSLv3; @@ -411,13 +405,11 @@ ssl3_InitAlgorithms(void) NSSSSLAlgorithm_SHA1_MAC, ¶ms); params.hmac = MD5_LENGTH; - s_hmac_md5_ap = NSSOIDTag_CreateAlgNParamForHMAC(NSS_OID_MD5, - ¶ms, - s_algs_arena); + s_hmac_md5_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_MD5_HMAC, + ¶ms, s_algs_arena); params.hmac = SHA1_LENGTH; - s_hmac_sha1_ap = NSSOIDTag_CreateAlgNParamForHMAC(NSS_OID_SHA1, - ¶ms, - s_algs_arena); + s_hmac_sha1_ap = NSSOIDTag_CreateAlgNParam(NSS_OID_SHA1_HMAC, + ¶ms, s_algs_arena); /* initialize TLS pseudo-random function (currently no params) */ s_tls_prf_ap = NSSAlgNParam_CreateForSSL(s_algs_arena, @@ -6356,7 +6348,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, /* * decrypt pms out of the incoming buffer into volatile domain */ - pms = NSSPrivateKey_UnwrapSymKey(serverKey, s_rsa_unwrap_ap, + pms = NSSPrivateKey_UnwrapSymKey(serverKey, s_rsa_wrap_ap, &enc_pms, NSSSymKeyType_SSLPMS, NULL, 0, 0, NULL, ss->vd, NULL); if (pms) { |