First feeble attempt at fixing the problem that our definition of
authorchrisk%netscape.com
Tue, 20 Jun 2000 16:22:36 +0000
changeset 384 370021482121f6eda2c685342bf0fab64ff2bc5d
parent 383 1264b1ea574f3fdf58d43d365a3af17252c46b8a
child 385 3dd1a1ac0b8356f759cc687250934c5da44983e0
push idunknown
push userunknown
push dateunknown
First feeble attempt at fixing the problem that our definition of Diffie-Hellman key parameters does not encompass all the optional fields defined in RFC2459, section 7.3.2 (namely j and validationParams). I added comments reminding us of the fact that PQGParams need to be extended to hold these, and fixed the ASN1 prototype from its previous totally broken status to one that decodes prime, subPrime and base correctly, and skips the rest. This avoids failure in public key extraction (which is part of verification) with DH certs.
security/nss/lib/cryptohi/seckey.c
security/nss/lib/freebl/blapit.h
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -84,18 +84,22 @@ const SEC_ASN1Template SECKEY_PQGParamsT
 };
 
 const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = {
     { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.publicValue), },
     { 0, }
 };
 
 const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = {
-    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.prime), },
-    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.base), },
+    { SEC_ASN1_SEQUENCE,  0, NULL, sizeof(PQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams,prime), },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime), },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams,base), },
+    /* XXX chrisk: this needs to be expanded for decoding of j and validationParms (RFC2459 7.3.2) */
+    { SEC_ASN1_SKIP_REST },
     { 0, }
 };
 
 const SEC_ASN1Template SECKEY_FortezzaParameterTemplate[] = {
     { SEC_ASN1_SEQUENCE,  0, NULL, sizeof(PQGParams) },
     { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,prime), },
     { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,subPrime), },
     { SEC_ASN1_OCTET_STRING, offsetof(PQGParams,base), },
@@ -813,17 +817,17 @@ CERT_GetCertKeyType (CERTSubjectPublicKe
 
 static SECKEYPublicKey *
 seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
 {
     SECKEYPublicKey *pubk;
     SECItem os;
     SECStatus rv;
     PRArenaPool *arena;
-    int tag;
+    SECOidTag tag;
 
     arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
 	return NULL;
 
     pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
     if (pubk == NULL) {
 	PORT_FreeArena (arena, PR_FALSE);
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -156,16 +156,17 @@ typedef struct RSAPrivateKeyStr RSAPriva
 ** DSA Public and Private Key and related structures
 */
 
 struct PQGParamsStr {
     PRArenaPool *arena;
     SECItem prime;    /* p */
     SECItem subPrime; /* q */
     SECItem base;     /* g */
+    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
 };
 typedef struct PQGParamsStr PQGParams;
 
 struct PQGVerifyStr {
     PRArenaPool * arena;	/* includes this struct, seed, & h. */
     unsigned int  counter;
     SECItem       seed;
     SECItem       h;