Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1968)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: mozilla/security/nss/lib/cryptohi/seckey.c

Issue 11359091: Update NSS to NSS 3.14 pre-release snapshot 2012-06-26 01:00:00 PDT. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Remove the RCS Id from nss-shvfy-const.patch Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « mozilla/security/nss/lib/cryptohi/sechash.c ('k') | mozilla/security/nss/lib/cryptohi/secsign.c » ('j') | mozilla/security/nss/lib/cryptohi/secvfy.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mozilla/security/nss/lib/cryptohi/seckey.c
===================================================================
--- mozilla/security/nss/lib/cryptohi/seckey.c (revision 164196)
+++ mozilla/security/nss/lib/cryptohi/seckey.c (working copy)
@@ -325,11 +325,19 @@
if (oid != NULL) {
tag = oid->offset;
- /* Check if cert has a DSA public key. If not, return
- * success since no PQG params need to be updated. */
+ /* Check if cert has a DSA or EC public key. If not, return
+ * success since no PQG params need to be updated.
+ *
+ * Question: do we really need to do this for EC keys. They don't have
+ * PQG parameters, but they do have parameters. The question is does
+ * the child cert inherit thost parameters for EC from the parent, or
+ * do we always include those parameters in each cert.
+ */
if ( (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
(tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
(tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
(tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
(tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) {
@@ -372,6 +380,8 @@
if ( (tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
(tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
+ (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
(tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
(tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
(tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) {
@@ -1000,7 +1010,7 @@
b0 = pubk->u.rsa.modulus.data[0];
return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
case dsaKey:
- return DSA_SIGNATURE_LEN;
+ return pubk->u.dsa.params.subPrime.len * 2;
case ecKey:
/* Get the base point order length in bits and adjust */
size = SECKEY_ECParamsToBasePointOrderLen(
@@ -1921,6 +1931,7 @@
if (key && key->pkcs11Slot && key->pkcs11ID) {
key->staticflags |= SECKEY_Attributes_Cached;
SECKEY_CacheAttribute(key, CKA_PRIVATE);
+ SECKEY_CacheAttribute(key, CKA_ALWAYS_AUTHENTICATE);
rv = SECSuccess;
}
return rv;
« no previous file with comments | « mozilla/security/nss/lib/cryptohi/sechash.c ('k') | mozilla/security/nss/lib/cryptohi/secsign.c » ('j') | mozilla/security/nss/lib/cryptohi/secvfy.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698