647706 - Additional bits to support SHA224 certificates

Status: RESOLVED FIXED

(NSS :: Libraries, enhancement, P2)

Description

[Hanno Boeck]

Attachment: add sha224 at various places to make certificate signatures possible

nss recently got SHA224 support in #356713 - however, many places within the nss code don't know about that.
Attached patch will add it at some places, making it possible to use rsa/sha224 to sign certificates with certutil.

Comment 1

[Hanno Boeck]

Attachment: sha224-pss-softoken.diff

This also adds sha224 support to the softoken code for RSA-PSS. To be applied additionaly to the other patch.

Comment 2

[Wan-Teh Chang]

Comment on attachment 523995 [details] [diff] [review]
add sha224 at various places to make certificate signatures possible

r=wtc.  Hanno, thanks for the patch.

I wrote a patch to add SHA-224 support to more NSS functions.
When I filed a bug for my patch, I found your bug.  I am sorry
that we didn't see your bug sooner.

Your changes to lib/cryptohi/sechash.c were independently made
by David Cooper in bug 356713 attachment 540747 [details] [diff] [review] (later than
your patch) and have been checked in.

I will combine your patch with my patch for checkin.

Comment 3

[Wan-Teh Chang]

Attachment: add sha224 at various places (v2) by Hanno Boeck and Wan-Teh Chang

Elio, please review.

This patch includes changes from Hanno Boeck patch (attachment 523995 [details] [diff] [review]).

I generated this patch by searching for "SHA256" in the NSS source tree,
and inspecting every occurrence to see if SHA-224 should also be handled
there.  I did this three months ago (on July 30), so I don't remember if
I completed the task.

Comment 4

[Wan-Teh Chang]

Attachment: add sha224 at various places (v2, more context) by Hanno Boeck and Wan-Teh Chang

This is the same patch, regenerated with more context for easier
code review.

Comment 5

[Wan-Teh Chang]

Comment on attachment 527527 [details] [diff] [review]
sha224-pss-softoken.diff

r=wtc.  The SHA-224 cases should be listed before the SHA-256
cases, and the TODO comment in the function should be removed.
I will take care of these when I check this in.

Comment 6

[Wan-Teh Chang]

Attachment: add sha224 at various places (v3) by Hanno Boeck and Wan-Teh Chang

I merged sha224-pss-softoken.diff (attachment 527527 [details] [diff] [review])
into this patch.

Patch checked in on the NSS trunk (NSS 3.13.1).

Checking in cmd/lib/secutil.c;
/cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v  <--  secutil.c
new revision: 1.110; previous revision: 1.109
done
Checking in lib/cryptohi/seckey.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v  <--  seckey.c
new revision: 1.63; previous revision: 1.62
done
Checking in lib/cryptohi/secsign.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v  <--  secsign.c
new revision: 1.27; previous revision: 1.26
done
Checking in lib/cryptohi/secvfy.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secvfy.c,v  <--  secvfy.c
new revision: 1.25; previous revision: 1.24
done
Checking in lib/pk11wrap/pk11mech.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v  <--  pk11mech.c
new revision: 1.16; previous revision: 1.15
done
Checking in lib/pk11wrap/pk11slot.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v  <--  pk11slot.c
new revision: 1.106; previous revision: 1.105
done
Checking in lib/pkcs12/p12local.c;
/cvsroot/mozilla/security/nss/lib/pkcs12/p12local.c,v  <--  p12local.c
new revision: 1.10; previous revision: 1.9
done
Checking in lib/softoken/rsawrapr.c;
/cvsroot/mozilla/security/nss/lib/softoken/rsawrapr.c,v  <--  rsawrapr.c
new revision: 1.19; previous revision: 1.18
done
Checking in lib/ssl/ssl3ecc.c;
/cvsroot/mozilla/security/nss/lib/ssl/ssl3ecc.c,v  <--  ssl3ecc.c
new revision: 1.25; previous revision: 1.24
done
Checking in lib/util/secalgid.c;
/cvsroot/mozilla/security/nss/lib/util/secalgid.c,v  <--  secalgid.c
new revision: 1.7; previous revision: 1.6
done