Bug 838767: Allow lib/pkcs7 and lib/smime to verify ECDSA signatures.
authorWan-Teh Chang <wtc@google.com>
Mon, 01 Apr 2013 17:56:19 -0700
changeset 10715 11d7eaadc82c49e5ff747b7d2958fd2021da3843
parent 10714 75b566f189702b06560009018820bff86082d190
child 10716 d721bbf83740797bc6ec8308a1ff449596d13dbd
push id25
push userwtc@google.com
push dateTue, 02 Apr 2013 00:56:29 +0000
bugs838767
Bug 838767: Allow lib/pkcs7 and lib/smime to verify ECDSA signatures. r=rrelyea.
lib/pkcs7/p7decode.c
lib/smime/cmssiginfo.c
--- a/lib/pkcs7/p7decode.c
+++ b/lib/pkcs7/p7decode.c
@@ -1513,24 +1513,16 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
     }
 
     encTag = SECOID_FindOIDTag(&(signerinfo->digestEncAlg.algorithm));
     if (encTag == SEC_OID_UNKNOWN) {
 	PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
 	goto done;
     }
 
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
-    if (encTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
-	PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
-	goto done;
-    }
-#endif
-
-
     if (signerinfo->authAttr != NULL) {
 	SEC_PKCS7Attribute *attr;
 	SECItem *value;
 	SECItem encoded_attrs;
 
 	/*
 	 * We have a sigkey only for signedAndEnvelopedData, which is
 	 * not supposed to have any authenticated attributes.
@@ -1585,17 +1577,16 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
 				       &(signerinfo->authAttr)) == NULL)
 	    goto done;
 
 	if (encoded_attrs.data == NULL || encoded_attrs.len == 0) {
 	    PORT_SetError (SEC_ERROR_PKCS7_BAD_SIGNATURE);
 	    goto done;
 	}
 
-
 	goodsig = (PRBool)(VFY_VerifyDataDirect(encoded_attrs.data, 
 				   encoded_attrs.len,
 				   publickey, &(signerinfo->encDigest),
 				   encTag, digestTag, NULL,
 				   cinfo->pwfn_arg) == SECSuccess);
 	PORT_Free (encoded_attrs.data);
     } else {
 	SECItem *sig;
--- a/lib/smime/cmssiginfo.c
+++ b/lib/smime/cmssiginfo.c
@@ -343,23 +343,16 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInf
 
     digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
     pubkAlgTag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg));
     if ((pubkAlgTag == SEC_OID_UNKNOWN) || (digestalgtag == SEC_OID_UNKNOWN)) {
 	vs = NSSCMSVS_SignatureAlgorithmUnknown;
 	goto loser;
     }
 
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
-    if (pubkAlgTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
-	vs = NSSCMSVS_SignatureAlgorithmUnknown;
-	goto loser;
-    }
-#endif
-
     if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
 	if (contentType) {
 	    /*
 	     * Check content type
 	     *
 	     * RFC2630 sez that if there are any authenticated attributes,
 	     * then there must be one for content type which matches the
 	     * content type of the content being signed, and there must