Created attachment 523995 [details] [diff] [review] add sha224 at various places to make certificate signatures possible nss recently got SHA224 support in #356713 - however, many places within the nss code don't know about that. Attached patch will add it at some places, making it possible to use rsa/sha224 to sign certificates with certutil.
Created attachment 527527 [details] [diff] [review] sha224-pss-softoken.diff This also adds sha224 support to the softoken code for RSA-PSS. To be applied additionaly to the other patch.
Comment on attachment 523995 [details] [diff] [review] add sha224 at various places to make certificate signatures possible r=wtc. Hanno, thanks for the patch. I wrote a patch to add SHA-224 support to more NSS functions. When I filed a bug for my patch, I found your bug. I am sorry that we didn't see your bug sooner. Your changes to lib/cryptohi/sechash.c were independently made by David Cooper in bug 356713 attachment 540747 [details] [diff] [review] (later than your patch) and have been checked in. I will combine your patch with my patch for checkin.
Created attachment 567745 [details] [diff] [review] add sha224 at various places (v2) by Hanno Boeck and Wan-Teh Chang Elio, please review. This patch includes changes from Hanno Boeck patch (attachment 523995 [details] [diff] [review]). I generated this patch by searching for "SHA256" in the NSS source tree, and inspecting every occurrence to see if SHA-224 should also be handled there. I did this three months ago (on July 30), so I don't remember if I completed the task.
Created attachment 567749 [details] [diff] [review] add sha224 at various places (v2, more context) by Hanno Boeck and Wan-Teh Chang This is the same patch, regenerated with more context for easier code review.
Comment on attachment 527527 [details] [diff] [review] sha224-pss-softoken.diff r=wtc. The SHA-224 cases should be listed before the SHA-256 cases, and the TODO comment in the function should be removed. I will take care of these when I check this in.
Created attachment 568871 [details] [diff] [review] add sha224 at various places (v3) by Hanno Boeck and Wan-Teh Chang I merged sha224-pss-softoken.diff (attachment 527527 [details] [diff] [review]) into this patch. Patch checked in on the NSS trunk (NSS 3.13.1). Checking in cmd/lib/secutil.c; /cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v <-- secutil.c new revision: 1.110; previous revision: 1.109 done Checking in lib/cryptohi/seckey.c; /cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v <-- seckey.c new revision: 1.63; previous revision: 1.62 done Checking in lib/cryptohi/secsign.c; /cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v <-- secsign.c new revision: 1.27; previous revision: 1.26 done Checking in lib/cryptohi/secvfy.c; /cvsroot/mozilla/security/nss/lib/cryptohi/secvfy.c,v <-- secvfy.c new revision: 1.25; previous revision: 1.24 done Checking in lib/pk11wrap/pk11mech.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v <-- pk11mech.c new revision: 1.16; previous revision: 1.15 done Checking in lib/pk11wrap/pk11slot.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v <-- pk11slot.c new revision: 1.106; previous revision: 1.105 done Checking in lib/pkcs12/p12local.c; /cvsroot/mozilla/security/nss/lib/pkcs12/p12local.c,v <-- p12local.c new revision: 1.10; previous revision: 1.9 done Checking in lib/softoken/rsawrapr.c; /cvsroot/mozilla/security/nss/lib/softoken/rsawrapr.c,v <-- rsawrapr.c new revision: 1.19; previous revision: 1.18 done Checking in lib/ssl/ssl3ecc.c; /cvsroot/mozilla/security/nss/lib/ssl/ssl3ecc.c,v <-- ssl3ecc.c new revision: 1.25; previous revision: 1.24 done Checking in lib/util/secalgid.c; /cvsroot/mozilla/security/nss/lib/util/secalgid.c,v <-- secalgid.c new revision: 1.7; previous revision: 1.6 done