Fix for 285233 - need extra symbols to be exported to support CRL generation. Ch
authorjulien.pierre.bugs%sun.com
Tue, 08 Mar 2005 07:08:48 +0000
changeset 5520 42a05da37c69f0594a7a3d79bed6d23d37398003
parent 5518 ea6bdd7f41d7952300f5d9f1df0d7153a5b4dc6d
child 5521 996e1c2994b309d0b68cf2dcd030da7057504492
push idunknown
push userunknown
push dateunknown
bugs285233
Fix for 285233 - need extra symbols to be exported to support CRL generation. Ch ecking in for alexei volkov . r=nelson
security/nss/lib/certdb/cert.h
security/nss/lib/certhigh/crlv2.c
security/nss/lib/cryptohi/cryptohi.h
security/nss/lib/cryptohi/secsign.c
security/nss/lib/nss/nss.def
--- a/security/nss/lib/certdb/cert.h
+++ b/security/nss/lib/certdb/cert.h
@@ -972,17 +972,30 @@ extern SECStatus CERT_FindCRLExtensionBy
    (CERTCrl *crl, SECItem *oid, SECItem *value);
 
 extern SECStatus CERT_FindCRLExtension
    (CERTCrl *crl, int tag, SECItem *value);
 
 extern SECStatus
    CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value);
 
-extern void *CERT_StartCRLExtensions (CERTCrl *crl);
+/*
+** Set up a crl for adding X509v3 extensions.  Returns an opaque handle
+** used by routines that take an exthandle (void*) argument .
+**	"crl" is the CRL we are adding extensions to
+*/
+extern void *CERT_StartCRLExtensions(CERTCrl *crl);
+
+/*
+** Set up a crl entry for adding X509v3 extensions.  Returns an opaque handle
+** used by routines that take an exthandle (void*) argument .
+**	"crl" is the crl we are adding certs entries to
+**      "entry" is the crl entry we are adding extensions to
+*/
+extern void *CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry);
 
 extern CERTCertNicknames *CERT_GetCertNicknames (CERTCertDBHandle *handle,
 						 int what, void *wincx);
 
 /*
 ** Finds the crlNumber extension and decodes its value into 'value'
 */
 extern SECStatus CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value);
--- a/security/nss/lib/certhigh/crlv2.c
+++ b/security/nss/lib/certhigh/crlv2.c
@@ -73,16 +73,29 @@ SetCrlExts(void *object, CERTCertExtensi
 }
 
 void *
 CERT_StartCRLExtensions(CERTCrl *crl)
 {
     return (cert_StartExtensions ((void *)crl, crl->arena, SetCrlExts));
 }
 
+static void
+SetCrlEntryExts(void *object, CERTCertExtension **exts)
+{
+    CERTCrlEntry *crlEntry = (CERTCrlEntry *)object;
+
+    crlEntry->extensions = exts;
+}
+
+void *
+CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
+{
+    return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts));
+}
 
 SECStatus CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value)
 {
     SECItem encodedExtenValue;
     SECStatus rv;
 
     encodedExtenValue.data = NULL;
     encodedExtenValue.len = 0;
--- a/security/nss/lib/cryptohi/cryptohi.h
+++ b/security/nss/lib/cryptohi/cryptohi.h
@@ -168,16 +168,24 @@ extern SECStatus SEC_DerSignData(PRArena
 
 /*
 ** Destroy a signed-data object.
 **	"sd" the object
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
 
+/*
+** Get the hash algorithm tag number for the given type of the key and
+** algorithm tag. Returns SEC_OID_UNKNOWN if key and algorithm
+** are not match.
+*/
+extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
+                                                 SECOidTag hashAlgTag);
+
 /****************************************/
 /*
 ** Signature verification operations
 */
 
 /*
 ** Create a signature verification context.
 **	"key" the public key to verify with
--- a/security/nss/lib/cryptohi/secsign.c
+++ b/security/nss/lib/cryptohi/secsign.c
@@ -517,8 +517,54 @@ SGN_Digest(SECKEYPrivateKey *privKey,
 
   loser:
     SGN_DestroyDigestInfo(di);
     if (arena != NULL) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
     return rv;
 }
+
+SECOidTag
+SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
+{
+    SECOidTag sigTag = SEC_OID_UNKNOWN;
+
+    switch (keyType) {
+    case rsaKey:
+	switch (hashAlgTag) {
+	case SEC_OID_MD2:
+	    sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;	break;
+	case SEC_OID_UNKNOWN:	/* default for RSA if not specified */
+	case SEC_OID_MD5:
+	    sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;	break;
+	case SEC_OID_SHA1:
+	    sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;	break;
+	case SEC_OID_SHA256:
+	    sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;	break;
+	case SEC_OID_SHA384:
+	    sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;	break;
+	case SEC_OID_SHA512:
+	    sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;	break;
+	default:
+	    break;
+	}
+	break;
+    case dsaKey:
+	switch (hashAlgTag) {
+	case SEC_OID_UNKNOWN:	/* default for DSA if not specified */
+	case SEC_OID_SHA1:
+	    sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break;
+	default:
+	    break;
+	}
+	break;
+#ifdef NSS_ENABLE_ECC
+    case ecKey:
+        /* XXX For now only ECDSA with SHA1 is supported */
+        sigTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+	break;
+#endif /* NSS_ENABLE_ECC */
+    default:
+    	break;
+    }
+    return sigTag;
+}
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -820,21 +820,24 @@ CERT_DecodeCRLDistributionPoints;
 CERT_DecodeNameConstraintsExtension;
 CERT_DecodePrivKeyUsagePeriodExtension;
 CERT_DestroyUserNotice;
 CERT_GetCertificateNames;
 CERT_GetNextGeneralName;
 CERT_GetNextNameConstraint;
 CERT_GetPrevGeneralName;
 CERT_GetPrevNameConstraint;
+CERT_StartCRLEntryExtensions;
+CERT_StartCRLExtensions;
 CERT_UncacheCRL;
 HASH_Clone;
 HASH_HashBuf;
 HASH_ResultLenByOidTag;
 HASH_ResultLenContext;
+SEC_GetSignatureAlgorithmOidTag;
 SECKEY_CacheStaticFlags;
 SECOID_AddEntry;
 ;+#
 ;+# Data objects
 ;+#
 ;+# Don't export these DATA symbols on Windows because they don't work right.
 ;;CERT_SequenceOfCertExtensionTemplate DATA ;
 NSS_Get_CERT_SequenceOfCertExtensionTemplate;