summaryrefslogtreecommitdiff
path: root/security/nss/lib/cryptohi/secsign.c
diff options
context:
space:
mode:
authorcvs2hg <devnull@localhost>2007-01-17 18:58:59 +0000
committercvs2hg <devnull@localhost>2007-01-17 18:58:59 +0000
commit1a2baef5120a52411195a17d360a79e84a09797e (patch)
tree0bf7f8e2bd360c94d835ca8226aea357927e9062 /security/nss/lib/cryptohi/secsign.c
parentefc6ec73fd3a32a186e55ad5da2cb9e383c8676e (diff)
downloadnss-hg-1a2baef5120a52411195a17d360a79e84a09797e.tar.gz
fixup commit for branch 'GECKO181_20070501_RELBRANCH'THUNDERBIRD_2_0_0_4_RELEASETHUNDERBIRD_2_0_0_4_RC1THUNDERBIRD_2_0_0_0_RELEASETHUNDERBIRD_2_0_0_0_RC1SUNBIRD_0_5_RELEASESUNBIRD_0_5_RC1SEAMONKEY_1_1_2_RELEASESEAMONKEY_1_1_1_RELEASELIGHTNING_0_5_RELEASELIGHTNING_0_5_RC1FIREFOX_2_0_0_4_RELEASEFIREFOX_2_0_0_4_RC3FIREFOX_2_0_0_4_RC2FIREFOX_2_0_0_4_RC1FIREFOX_2_0_0_3_RELEASEFIREFOX_2_0_0_3_RC1FIREFOX_2_0_0_2_RELEASEFIREFOX_2_0_0_2_RC5FIREFOX_2_0_0_2_RC4FIREFOX_2_0_0_2_RC3FIREFOX_2_0_0_2_RC2FIREFOX_2_0_0_2_RC1CAMINO_1_5_RELEASECAMINO_1_1_B_RELEASE
Diffstat (limited to 'security/nss/lib/cryptohi/secsign.c')
-rw-r--r--security/nss/lib/cryptohi/secsign.c58
1 files changed, 51 insertions, 7 deletions
diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c
index 12e6ed3ad..270889e6c 100644
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -121,11 +121,26 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
signalg = SEC_OID_MISSI_DSS; /* XXX Is there a better algid? */
keyType = fortezzaKey;
break;
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST:
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
hashalg = SEC_OID_SHA1;
signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
keyType = ecKey;
break;
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ hashalg = SEC_OID_SHA256;
+ signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+ keyType = ecKey;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ hashalg = SEC_OID_SHA384;
+ signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+ keyType = ecKey;
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ hashalg = SEC_OID_SHA512;
+ signalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+ keyType = ecKey;
+ break;
/* we don't implement MD4 hashes.
* we *CERTAINLY* don't want to sign one! */
case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
@@ -142,6 +157,13 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
return 0;
}
+#ifndef NSS_ECC_MORE_THAN_SUITE_B
+ if (key->keyType == ecKey) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return 0;
+ }
+#endif
+
cx = (SGNContext*) PORT_ZAlloc(sizeof(SGNContext));
if (cx) {
cx->hashalg = hashalg;
@@ -200,7 +222,8 @@ SECStatus
SGN_End(SGNContext *cx, SECItem *result)
{
unsigned char digest[HASH_LENGTH_MAX];
- unsigned part1, signatureLen;
+ unsigned part1;
+ int signatureLen;
SECStatus rv;
SECItem digder, sigitem;
PRArenaPool *arena = 0;
@@ -248,6 +271,11 @@ SGN_End(SGNContext *cx, SECItem *result)
** block
*/
signatureLen = PK11_SignatureLen(privKey);
+ if (signatureLen <= 0) {
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto loser;
+ }
sigitem.len = signatureLen;
sigitem.data = (unsigned char*) PORT_Alloc(signatureLen);
@@ -266,7 +294,7 @@ SGN_End(SGNContext *cx, SECItem *result)
if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
(cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
/* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
- rv = DSAU_EncodeDerSigWithLen(result, &sigitem, signatureLen);
+ rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
PORT_Free(sigitem.data);
if (rv != SECSuccess)
goto loser;
@@ -373,7 +401,7 @@ SEC_DerSignData(PRArenaPool *arena, SECItem *result,
algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
break;
case ecKey:
- algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+ algID = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
@@ -407,7 +435,7 @@ SECStatus
SGN_Digest(SECKEYPrivateKey *privKey,
SECOidTag algtag, SECItem *result, SECItem *digest)
{
- unsigned modulusLen;
+ int modulusLen;
SECStatus rv;
SECItem digder;
PRArenaPool *arena = 0;
@@ -446,6 +474,11 @@ SGN_Digest(SECKEYPrivateKey *privKey,
** block
*/
modulusLen = PK11_SignatureLen(privKey);
+ if (modulusLen <= 0) {
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto loser;
+ }
result->len = modulusLen;
result->data = (unsigned char*) PORT_Alloc(modulusLen);
@@ -503,8 +536,19 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
}
break;
case ecKey:
- /* XXX For now only ECDSA with SHA1 is supported */
- sigTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+ switch (hashAlgTag) {
+ case SEC_OID_UNKNOWN: /* default for ECDSA if hash not specified */
+ case SEC_OID_SHA1: /* is ECDSA_SHA1_SIGNTARURE */
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break;
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break;
+ case SEC_OID_SHA384:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; break;
+ case SEC_OID_SHA512:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; break;
+ default:
+ break;
+ }
break;
default:
break;
View Lorry Controller Status