mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 13:51:41 +00:00
Bugzilla bug 338599: added new function SECKEY_SignatureLen and use it
instead of SECKEY_PublicKeyStrength to get ECDSA signature lengths. Removed the 'type' member from the VFYContextStr structure because that info is in the 'key->keyType' field. Set error codes when functions fail (return 0). r=nelsonb. Modified Files: cryptohi/keyhi.h cryptohi/seckey.c cryptohi/secvfy.c nss/nss.def ssl/ssl3con.c
This commit is contained in:
wtchang%redhat.com
parent
e5a18539dd
commit
cdd64c7beb
@ -35,7 +35,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: keyhi.h,v 1.15 2006/03/02 00:06:58 wtchang%redhat.com Exp $ */
|
||||
/* $Id: keyhi.h,v 1.16 2006/05/31 23:54:51 wtchang%redhat.com Exp $ */
|
||||
|
||||
#ifndef _KEYHI_H_
|
||||
#define _KEYHI_H_
|
||||
@ -89,6 +89,11 @@ extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk);
|
||||
*/
|
||||
extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk);
|
||||
|
||||
/*
|
||||
** Return the length of the signature in bytes
|
||||
*/
|
||||
extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk);
|
||||
|
||||
/*
|
||||
** Make a copy of the private key "privKey"
|
||||
*/
|
||||
|
||||
@ -1290,7 +1290,8 @@ SECKEY_ECParamsToKeySize(const SECItem *encodedParams)
|
||||
return 571;
|
||||
|
||||
default:
|
||||
return 0;
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1436,7 +1437,8 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams)
|
||||
return 570;
|
||||
|
||||
default:
|
||||
return 0;
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1471,6 +1473,7 @@ SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk)
|
||||
default:
|
||||
break;
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1491,6 +1494,33 @@ SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk)
|
||||
default:
|
||||
break;
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* returns signature length in bytes (not bits) */
|
||||
unsigned
|
||||
SECKEY_SignatureLen(const SECKEYPublicKey *pubk)
|
||||
{
|
||||
unsigned char b0;
|
||||
unsigned size;
|
||||
|
||||
switch (pubk->keyType) {
|
||||
case rsaKey:
|
||||
b0 = pubk->u.rsa.modulus.data[0];
|
||||
return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
|
||||
case fortezzaKey:
|
||||
case dsaKey:
|
||||
return DSA_SIGNATURE_LEN;
|
||||
case ecKey:
|
||||
/* Get the base point order length in bits and adjust */
|
||||
size = SECKEY_ECParamsToBasePointOrderLen(
|
||||
&pubk->u.ec.DEREncodedParams);
|
||||
return ((size + 7)/8) * 2;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: secvfy.c,v 1.17 2006/02/08 06:14:07 rrelyea%redhat.com Exp $ */
|
||||
/* $Id: secvfy.c,v 1.18 2006/05/31 23:54:51 wtchang%redhat.com Exp $ */
|
||||
|
||||
#include <stdio.h>
|
||||
#include "cryptohi.h"
|
||||
@ -110,12 +110,11 @@ DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, unsigned int len,
|
||||
|
||||
struct VFYContextStr {
|
||||
SECOidTag alg; /* the hash algorithm */
|
||||
KeyType type;
|
||||
SECKEYPublicKey *key;
|
||||
/*
|
||||
* This buffer holds either the digest or the full signature
|
||||
* depending on the type of the signature. It is defined as a
|
||||
* union to make sure it always has enough space.
|
||||
* depending on the type of the signature (key->keyType). It is
|
||||
* defined as a union to make sure it always has enough space.
|
||||
*
|
||||
* Use the "buffer" union member to reference the buffer.
|
||||
* Note: do not take the size of the "buffer" union member. Take
|
||||
@ -383,7 +382,6 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
|
||||
cx->encAlg = encAlg;
|
||||
cx->alg = hashAlg;
|
||||
cx->key = SECKEY_CopyPublicKey(key);
|
||||
cx->type = key->keyType;
|
||||
rv = SECSuccess;
|
||||
if (sig) {
|
||||
switch (key->keyType) {
|
||||
@ -399,9 +397,12 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
|
||||
break;
|
||||
case dsaKey:
|
||||
case ecKey:
|
||||
sigLen = (key->keyType == ecKey) ?
|
||||
SECKEY_PublicKeyStrength(key) * 2 :
|
||||
DSA_SIGNATURE_LEN;
|
||||
sigLen = SECKEY_SignatureLen(key);
|
||||
if (sigLen == 0) {
|
||||
/* error set by SECKEY_SignatureLen */
|
||||
rv = SECFailure;
|
||||
break;
|
||||
}
|
||||
rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
|
||||
break;
|
||||
default:
|
||||
@ -531,13 +532,14 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
|
||||
return SECFailure;
|
||||
}
|
||||
(*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
|
||||
switch (cx->type) {
|
||||
switch (cx->key->keyType) {
|
||||
case ecKey:
|
||||
case dsaKey:
|
||||
dsasig.data = cx->u.buffer;
|
||||
dsasig.len = (cx->type == ecKey) ?
|
||||
SECKEY_PublicKeyStrength(cx->key) * 2 :
|
||||
DSA_SIGNATURE_LEN;
|
||||
dsasig.len = SECKEY_SignatureLen(cx->key);
|
||||
if (dsasig.len == 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
if (sig) {
|
||||
rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
|
||||
dsasig.len);
|
||||
@ -609,11 +611,9 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
|
||||
case dsaKey:
|
||||
case ecKey:
|
||||
dsasig.data = cx->u.buffer;
|
||||
if (key->keyType == ecKey) {
|
||||
dsasig.len = SECKEY_PublicKeyStrength(cx->key) * 2;
|
||||
} else {
|
||||
/* magic size of dsa signature */
|
||||
dsasig.len = DSA_SIGNATURE_LEN;
|
||||
dsasig.len = SECKEY_SignatureLen(cx->key);
|
||||
if (dsasig.len == 0) {
|
||||
break;
|
||||
}
|
||||
if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx)
|
||||
!= SECSuccess) {
|
||||
|
||||
@ -881,6 +881,12 @@ SEC_RegisterDefaultHttpClient;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSS_3.11.2 {
|
||||
;+ global:
|
||||
SECKEY_SignatureLen;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSS_3.12 { # NSS 3.12 release
|
||||
;+ global:
|
||||
PK11_GetAllSlotsForCert;
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl3con.c,v 1.90 2006/05/18 20:39:19 nelson%bolyard.com Exp $ */
|
||||
/* $Id: ssl3con.c,v 1.91 2006/05/31 23:54:52 wtchang%redhat.com Exp $ */
|
||||
|
||||
#include "nssrenam.h"
|
||||
#include "cert.h"
|
||||
@ -896,7 +896,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert,
|
||||
* using ASN (unlike DSA where ASN encoding is used
|
||||
* with TLS but not with SSL3)
|
||||
*/
|
||||
len = SECKEY_PublicKeyStrength(key) * 2;
|
||||
len = SECKEY_SignatureLen(key);
|
||||
if (len == 0) {
|
||||
SECKEY_DestroyPublicKey(key);
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user