334013 - non-existant SECOidTag referenced in cryptohi.h?

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P3)

Description

[David Stutzman]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060407 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060407 Firefox/1.5.0.1

I'm using NSS 3.11 and on line 93 of cryptohi.h it shows an example signing algorithm to use as SEC_OID_RSA_WITH_MD5 which doesn't appear to exist anymore.  I ended up using SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION from secoidt.h which did work.  Am I correct in assuming the latter is equal to the former in the current state of NSS?

Link to new OID:
http://lxr.mozilla.org/security/source/security/nss/lib/util/secoidt.h#86

Reproducible: Always



Expected Results:  
An example algorithm that points developers in the right direction, possibly using one with one of the newer SHA algorithms as MD5 is fairly broken.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

David, Thank you for reporting this bug.
You found a comment that references an undefined symbol SEC_OID_RSA_WITH_MD5.
And you found the right symbol to use instead, namely 
SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION

While looking at this, I also found a comment in cryptohi/secsign.c, line 74 
that references two more undefined symbols: CKM_RSA_PKCS_WITH_SHA1 and CKM_RSA_PKCS_WITH_MD5.  The correct symbols to use there are:
CKM_MD5_RSA_PKCS and CKM_SHA1_RSA_PKCS 

All these comments should be corrected.

Comment 2

[:Cykesiopka]

Attachment: bug334013_v1.patch

Makes the changes mentioned in Comment 1.

Comment 3

[Kai Engert (:KaiE:)]

https://hg.mozilla.org/projects/nss/rev/9aafc7846e29