Support SHA256, SHA384, and SHA512 hashes in NSS.
authornelsonb%netscape.com
Wed, 10 Dec 2008 22:48:14 +0000
changeset 8892 5c0f2d8f3e7067228f041ebc1b5ea9db096faed1
parent 8891 35309a11ff0e9d8c0f98827b1f31c07662097366
child 8893 5ef6f105843066e4fa1c51a0d77ce51f133739f4
push idunknown
push userunknown
push dateunknown
Support SHA256, SHA384, and SHA512 hashes in NSS.
security/nss/lib/freebl/sechash.h
security/nss/lib/softoken/pk11init.h
security/nss/lib/softoken/secmodt.h
--- a/security/nss/lib/freebl/sechash.h
+++ b/security/nss/lib/freebl/sechash.h
@@ -34,27 +34,30 @@
  *
  * hash.h - public data structures and prototypes for the hashing library
  *
  * $Id$
  */
 
 #include "seccomon.h"
 #include "hasht.h"
+#include "secoidt.h"
 
 SEC_BEGIN_PROTOS
 
 /*
 ** Generic hash api.  
 */
 
 extern unsigned int  HASH_ResultLen(HASH_HashType type);
 
 extern unsigned int  HASH_ResultLenContext(HASHContext *context);
 
+extern unsigned int  HASH_ResultLenByOidTag(SECOidTag hashOid);
+
 extern SECStatus     HASH_HashBuf(HASH_HashType type,
 				 unsigned char *dest,
 				 unsigned char *src,
 				 uint32 src_len);
 
 extern HASHContext * HASH_Create(HASH_HashType type);
 
 extern HASHContext * HASH_Clone(HASHContext *context);
@@ -69,11 +72,15 @@ extern void          HASH_Update(HASHCon
 
 extern void          HASH_End(HASHContext *context,
 			     unsigned char *result,
 			     unsigned int *result_len,
 			     unsigned int max_result_len);
 
 extern const SECHashObject * HASH_GetHashObject(HASH_HashType type);
 
+extern const SECHashObject * HASH_GetHashObjectByOidTag(SECOidTag hashOid);
+
+extern HASH_HashType HASH_GetHashTypeByOidTag(SECOidTag hashOid);
+
 SEC_END_PROTOS
 
 #endif /* _HASH_H_ */
--- a/security/nss/lib/softoken/pk11init.h
+++ b/security/nss/lib/softoken/pk11init.h
@@ -44,21 +44,12 @@ struct PK11PreSlotInfoStr {
     unsigned long defaultFlags; /* bit mask of default implementation this slot
 				 * provides */
     int askpw;			/* slot specific password bits */
     long timeout;		/* slot specific timeout value */
     char hasRootCerts;		/* is this the root cert PKCS #11 module? */
     char hasRootTrust;		/* is this the root cert PKCS #11 module? */
 };
 
-#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES]"
-
-#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
-"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
-
-#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
-#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
-#define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module"
-#define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3)
 extern void PK11SDR_Init(void);
 extern void PK11SDR_Shutdown(void);
 
 #endif /* _PK11_INIT_H_ 1 */
--- a/security/nss/lib/softoken/secmodt.h
+++ b/security/nss/lib/softoken/secmodt.h
@@ -145,16 +145,18 @@ struct PK11DefaultArrayEntryStr {
 #define SECMOD_FORTEZZA_FLAG	0x00000040L
 #define SECMOD_RC5_FLAG		0x00000080L
 #define SECMOD_SHA1_FLAG	0x00000100L
 #define SECMOD_MD5_FLAG		0x00000200L
 #define SECMOD_MD2_FLAG		0x00000400L
 #define SECMOD_SSL_FLAG		0x00000800L
 #define SECMOD_TLS_FLAG		0x00001000L
 #define SECMOD_AES_FLAG 	0x00002000L
+#define SECMOD_SHA256_FLAG	0x00004000L
+#define SECMOD_SHA512_FLAG	0x00008000L	/* also for SHA384 */
 /* reserved bit for future, do not use */
 #define SECMOD_RESERVED_FLAG    0X08000000L
 #define SECMOD_FRIENDLY_FLAG	0x10000000L
 #define SECMOD_RANDOM_FLAG	0x80000000L
 
 /* need to make SECMOD and PK11 prefixes consistant. */
 #define PK11_OWN_PW_DEFAULTS 0x20000000L
 #define PK11_DISABLE_FLAG    0x40000000L
@@ -165,27 +167,26 @@ struct PK11DefaultArrayEntryStr {
 #define CKA_DIGEST            0x81000000L
 
 /* Cryptographic module types */
 #define SECMOD_EXTERNAL	0	/* external module */
 #define SECMOD_INTERNAL 1	/* internal default module */
 #define SECMOD_FIPS	2	/* internal fips module */
 
 /* default module configuration strings */
-#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES]"
+#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512]"
 
 #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
 "Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
 
 #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
 #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
 #define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module"
 #define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3)
 
-
 /*
  * What is the origin of a given Key. Normally this doesn't matter, but
  * the fortezza code needs to know if it needs to invoke the SSL3 fortezza
  * hack.
  */
 typedef enum {
     PK11_OriginNULL = 0,	/* There is not key, it's a null SymKey */
     PK11_OriginDerive = 1,	/* Key was derived from some other key */