If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Additional bits to support SHA224 certificates

RESOLVED FIXED in 3.13.1

Status

NSS
Libraries
P2
enhancement
RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: Hanno Boeck, Assigned: Wan-Teh Chang)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 4 obsolete attachments)

(Reporter)

Description

7 years ago
Created attachment 523995 [details] [diff] [review]
add sha224 at various places to make certificate signatures possible

nss recently got SHA224 support in #356713 - however, many places within the nss code don't know about that.
Attached patch will add it at some places, making it possible to use rsa/sha224 to sign certificates with certutil.
(Reporter)

Updated

7 years ago
Version: unspecified → trunk
(Reporter)

Comment 1

7 years ago
Created attachment 527527 [details] [diff] [review]
sha224-pss-softoken.diff

This also adds sha224 support to the softoken code for RSA-PSS. To be applied additionaly to the other patch.
Attachment #527527 - Flags: review?
(Assignee)

Updated

6 years ago
Assignee: nobody → wtc
Status: NEW → ASSIGNED
OS: Linux → All
Priority: -- → P2
Hardware: x86_64 → All
Target Milestone: --- → 3.13.1
Version: trunk → 3.13
(Assignee)

Comment 2

6 years ago
Comment on attachment 523995 [details] [diff] [review]
add sha224 at various places to make certificate signatures possible

r=wtc.  Hanno, thanks for the patch.

I wrote a patch to add SHA-224 support to more NSS functions.
When I filed a bug for my patch, I found your bug.  I am sorry
that we didn't see your bug sooner.

Your changes to lib/cryptohi/sechash.c were independently made
by David Cooper in bug 356713 attachment 540747 [details] [diff] [review] (later than
your patch) and have been checked in.

I will combine your patch with my patch for checkin.
Attachment #523995 - Flags: review+
(Assignee)

Comment 3

6 years ago
Created attachment 567745 [details] [diff] [review]
add sha224 at various places (v2) by Hanno Boeck and Wan-Teh Chang

Elio, please review.

This patch includes changes from Hanno Boeck patch (attachment 523995 [details] [diff] [review]).

I generated this patch by searching for "SHA256" in the NSS source tree,
and inspecting every occurrence to see if SHA-224 should also be handled
there.  I did this three months ago (on July 30), so I don't remember if
I completed the task.
Attachment #523995 - Attachment is obsolete: true
Attachment #567745 - Flags: review?(emaldona)
(Assignee)

Comment 4

6 years ago
Created attachment 567749 [details] [diff] [review]
add sha224 at various places (v2, more context) by Hanno Boeck and Wan-Teh Chang

This is the same patch, regenerated with more context for easier
code review.
Attachment #567745 - Attachment is obsolete: true
Attachment #567745 - Flags: review?(emaldona)
Attachment #567749 - Flags: review?(emaldona)

Updated

6 years ago
Attachment #567749 - Flags: review?(emaldona) → review+
(Assignee)

Comment 5

6 years ago
Comment on attachment 527527 [details] [diff] [review]
sha224-pss-softoken.diff

r=wtc.  The SHA-224 cases should be listed before the SHA-256
cases, and the TODO comment in the function should be removed.
I will take care of these when I check this in.
Attachment #527527 - Flags: review? → review+
(Assignee)

Comment 6

6 years ago
Created attachment 568871 [details] [diff] [review]
add sha224 at various places (v3) by Hanno Boeck and Wan-Teh Chang

I merged sha224-pss-softoken.diff (attachment 527527 [details] [diff] [review])
into this patch.

Patch checked in on the NSS trunk (NSS 3.13.1).

Checking in cmd/lib/secutil.c;
/cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v  <--  secutil.c
new revision: 1.110; previous revision: 1.109
done
Checking in lib/cryptohi/seckey.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v  <--  seckey.c
new revision: 1.63; previous revision: 1.62
done
Checking in lib/cryptohi/secsign.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v  <--  secsign.c
new revision: 1.27; previous revision: 1.26
done
Checking in lib/cryptohi/secvfy.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secvfy.c,v  <--  secvfy.c
new revision: 1.25; previous revision: 1.24
done
Checking in lib/pk11wrap/pk11mech.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v  <--  pk11mech.c
new revision: 1.16; previous revision: 1.15
done
Checking in lib/pk11wrap/pk11slot.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v  <--  pk11slot.c
new revision: 1.106; previous revision: 1.105
done
Checking in lib/pkcs12/p12local.c;
/cvsroot/mozilla/security/nss/lib/pkcs12/p12local.c,v  <--  p12local.c
new revision: 1.10; previous revision: 1.9
done
Checking in lib/softoken/rsawrapr.c;
/cvsroot/mozilla/security/nss/lib/softoken/rsawrapr.c,v  <--  rsawrapr.c
new revision: 1.19; previous revision: 1.18
done
Checking in lib/ssl/ssl3ecc.c;
/cvsroot/mozilla/security/nss/lib/ssl/ssl3ecc.c,v  <--  ssl3ecc.c
new revision: 1.25; previous revision: 1.24
done
Checking in lib/util/secalgid.c;
/cvsroot/mozilla/security/nss/lib/util/secalgid.c,v  <--  secalgid.c
new revision: 1.7; previous revision: 1.6
done
Attachment #527527 - Attachment is obsolete: true
Attachment #567749 - Attachment is obsolete: true
(Assignee)

Updated

6 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.