From 19e5b361e516277e6730a577ee53b69a68ba9190 Mon Sep 17 00:00:00 2001 From: "nelson%bolyard.com" Date: Thu, 28 Feb 2008 04:27:36 +0000 Subject: [PATCH] Bug 405966: Unknown signature OID 1.3.14.3.2.29 causes sec_error_bad_signature 3.11 ignores it. r=julien.pierre git-svn-id: svn://10.0.0.236/trunk@246703 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/cryptohi/secvfy.c | 10 ++++++---- mozilla/security/nss/lib/util/secoid.c | 5 +++++ mozilla/security/nss/lib/util/secoidt.h | 4 +++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/mozilla/security/nss/lib/cryptohi/secvfy.c b/mozilla/security/nss/lib/cryptohi/secvfy.c index cc21fbff490..8cdd1a5f0cf 100644 --- a/mozilla/security/nss/lib/cryptohi/secvfy.c +++ b/mozilla/security/nss/lib/cryptohi/secvfy.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: secvfy.c,v 1.21 2007-01-09 00:37:20 alexei.volkov.bugs%sun.com Exp $ */ +/* $Id: secvfy.c,v 1.22 2008-02-28 04:27:36 nelson%bolyard.com Exp $ */ #include #include "cryptohi.h" @@ -233,6 +233,7 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, break; case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: *hashalg = SEC_OID_SHA1; break; case SEC_OID_PKCS1_RSA_ENCRYPTION: @@ -320,6 +321,7 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: + case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: @@ -738,9 +740,9 @@ VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len, SECOidTag *hash, void *wincx) { SECOidTag encAlg, hashAlg; - SECStatus rv = sec_DecodeSigAlg(key, - SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm), - &sigAlgorithm->parameters, &encAlg, &hashAlg); + SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm); + SECStatus rv = sec_DecodeSigAlg(key, sigAlg, + &sigAlgorithm->parameters, &encAlg, &hashAlg); if (rv != SECSuccess) { return rv; } diff --git a/mozilla/security/nss/lib/util/secoid.c b/mozilla/security/nss/lib/util/secoid.c index 4de3430b1f2..07790903a2c 100644 --- a/mozilla/security/nss/lib/util/secoid.c +++ b/mozilla/security/nss/lib/util/secoid.c @@ -201,6 +201,7 @@ CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f }; CONST_OID desede[] = { ALGORITHM, 0x11 }; CONST_OID sha1[] = { ALGORITHM, 0x1a }; CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b }; +CONST_OID isoSHA1WithRSASignature[] = { ALGORITHM, 0x1d }; CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 }; CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 }; @@ -1569,6 +1570,10 @@ const static SECOidData oids[] = { "SIA CA Repository", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + OD( isoSHA1WithRSASignature, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, + "ISO SHA1 with RSA Signature", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + }; /* diff --git a/mozilla/security/nss/lib/util/secoidt.h b/mozilla/security/nss/lib/util/secoidt.h index 7cf5e322a81..0f72fcd5fca 100644 --- a/mozilla/security/nss/lib/util/secoidt.h +++ b/mozilla/security/nss/lib/util/secoidt.h @@ -43,7 +43,7 @@ /* * secoidt.h - public data structures for ASN.1 OID functions * - * $Id: secoidt.h,v 1.26 2007-10-12 01:44:51 julien.pierre.boogz%sun.com Exp $ + * $Id: secoidt.h,v 1.27 2008-02-28 04:27:30 nelson%bolyard.com Exp $ */ #include "secitem.h" @@ -444,6 +444,8 @@ typedef enum { SEC_OID_PKIX_TIMESTAMPING = 299, SEC_OID_PKIX_CA_REPOSITORY = 300, + SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE = 301, + SEC_OID_TOTAL } SECOidTag;