Update to NSS 3.12.7 and NSPR 4.8.6....

nss/mozilla/security/nss/lib/cryptohi/secvfy.c

 /*
  * Verification stuff.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 19 matching lines @@
  * in which case the provisions of the GPL or the LGPL are applicable instead
  * of those above. If you wish to allow use of your version of this file only
  * under the terms of either the GPL or the LGPL, and not to allow others to
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: secvfy.c,v 1.23 2010/02/10 00:49:43 wtc%google.com Exp $ */
+/* $Id: secvfy.c,v 1.24 2010/06/23 02:13:56 wtc%google.com Exp $ */
 
 #include <stdio.h>
 #include "cryptohi.h"
 #include "sechash.h"
 #include "keyhi.h"
 #include "secasn1.h"
 #include "secoid.h"
 #include "pk11func.h"
 #include "secdig.h"
 #include "secerr.h"
@@ skipping 179 matching lines @@
         break;
       case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
         *hashalg = SEC_OID_MD5;
         break;
       case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
       case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
       case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
         *hashalg = SEC_OID_SHA1;
         break;
       case SEC_OID_PKCS1_RSA_ENCRYPTION:
+      case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
         *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
         break;
 
       case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
       case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
         *hashalg = SEC_OID_SHA256;
         break;
       case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
       case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
         *hashalg = SEC_OID_SHA384;
@@ skipping 70 matching lines @@
       case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
       case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
       case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
       case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
       case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
       case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
       case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
       case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
         *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
         break;
+      case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+        *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE;
+        break;
 
       /* what about normal DSA? */
       case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
       case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
         *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE;
         break;
       case SEC_OID_MISSI_DSS:
       case SEC_OID_MISSI_KEA_DSS:
       case SEC_OID_MISSI_KEA_DSS_OLD:
       case SEC_OID_MISSI_DSS_OLD:
@@ skipping 31 matching lines @@
 static VFYContext *
 vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, 
         SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx)
 {
     VFYContext *cx;
     SECStatus rv;
     unsigned int sigLen;
     KeyType type;
 
     /* make sure the encryption algorithm matches the key type */
+    /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */
     type = seckey_GetKeyType(encAlg);
-    if (key->keyType != type) {
+    if ((key->keyType != type) &&
+        ((key->keyType != rsaKey) || (type != rsaPssKey))) {
         PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH);
         return NULL;
     }
 
     cx = (VFYContext*) PORT_ZAlloc(sizeof(VFYContext));
     if (cx == NULL) {
         goto loser;
     }
 
     cx->wincx = wincx;
     cx->hasSignature = (sig != NULL);
     cx->encAlg = encAlg;
     cx->hashAlg = hashAlg;
     cx->key = SECKEY_CopyPublicKey(key);
     rv = SECSuccess;
     if (sig) {
-        switch (key->keyType) {
+        switch (type) {
         case rsaKey:
             rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen,
                         HASH_LENGTH_MAX, cx->key, sig, (char*)wincx);
             if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) {
                 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
                 rv = SECFailure;        
             }
             break;
         case dsaKey:
         case ecKey:
@@ skipping 331 matching lines @@
 {
     SECOidTag encAlg, hashAlg;
     SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm);
     SECStatus rv     = sec_DecodeSigAlg(key, sigAlg, 
                                 &sigAlgorithm->parameters, &encAlg, &hashAlg);
     if (rv != SECSuccess) {
         return rv;
     }
     return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
 }