Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(911)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: nss/lib/util/secoid.c

Issue 1843333003: Update NSPR to 4.12 and NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@master
Patch Set: Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/util/secasn1d.c ('k') | nss/lib/util/secoidt.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/util/secoid.c
diff --git a/nss/lib/util/secoid.c b/nss/lib/util/secoid.c
index 002099215b5dce70139e89a7620b53ec50db5360..4f16ed386598d8ac292111e2994f25785594105e 100644
--- a/nss/lib/util/secoid.c
+++ b/nss/lib/util/secoid.c
@@ -163,6 +163,11 @@ const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING;
#define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1
#define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3
+/* For IDEA: 1.3.6.1.4.1.188.7.1.1
+ */
+#define ASCOM_OID 0x2b,0x6,0x1,0x4,0x1,0xbc
+#define ASCOM_IDEA_ALG ASCOM_OID,0x7,0x1,0x1
+
/* for SEED : iso(1) member-body(2) korea(410)
* kisa(200004) algorithm(1)
*/
@@ -459,6 +464,10 @@ CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
CONST_OID skipjackCBC[] = { MISSI, 0x04 };
CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
+CONST_OID idea_CBC[] = { ASCOM_IDEA_ALG, 2 };
+CONST_OID aes128_GCM[] = { AES, 0x6 };
+CONST_OID aes192_GCM[] = { AES, 0x1a };
+CONST_OID aes256_GCM[] = { AES, 0x2e };
CONST_OID aes128_ECB[] = { AES, 1 };
CONST_OID aes128_CBC[] = { AES, 2 };
#ifdef DEFINE_ALL_AES_CIPHERS
@@ -579,8 +588,10 @@ CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 };
#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
#ifndef SECOID_NO_STRINGS
#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
+#define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, desc, mech, ext }
#else
#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
+#define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, 0, mech, ext }
#endif
#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
@@ -1639,7 +1650,68 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
"Microsoft Trust List Signing",
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
OD( x520Name, SEC_OID_AVA_NAME,
- "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION )
+ "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+ OD( aes128_GCM, SEC_OID_AES_128_GCM,
+ "AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ),
+ OD( aes192_GCM, SEC_OID_AES_192_GCM,
+ "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ),
+ OD( aes256_GCM, SEC_OID_AES_256_GCM,
+ "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ),
+ OD( idea_CBC, SEC_OID_IDEA_CBC,
+ "IDEA_CBC", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+ ODE( SEC_OID_RC2_40_CBC,
+ "RC2-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_DES_40_CBC,
+ "DES-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_RC4_40,
+ "RC4-40", CKM_RC4, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_RC4_56,
+ "RC4-56", CKM_RC4, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_NULL_CIPHER,
+ "NULL cipher", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_HMAC_MD5,
+ "HMAC-MD5", CKM_MD5_HMAC, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_RSA,
+ "TLS RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DHE_RSA,
+ "TLS DHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DHE_DSS,
+ "TLS DHE-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DH_RSA,
+ "TLS DH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DH_DSS,
+ "TLS DH-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DH_ANON,
+ "TLS DH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_ECDHE_ECDSA,
+ "TLS ECDHE-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_ECDHE_RSA,
+ "TLS ECDHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_ECDH_ECDSA,
+ "TLS ECDH-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_ECDH_RSA,
+ "TLS ECDH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_ECDH_ANON,
+ "TLS ECDH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_RSA_EXPORT,
+ "TLS RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DHE_RSA_EXPORT,
+ "TLS DHE-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DHE_DSS_EXPORT,
+ "TLS DHE-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DH_RSA_EXPORT,
+ "TLS DH-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DH_DSS_EXPORT,
+ "TLS DH-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_TLS_DH_ANON_EXPORT,
+ "TLS DH-ANON-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_APPLY_SSL_POLICY,
+ "Apply SSL policy (pseudo-OID)", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+ ODE( SEC_OID_CHACHA20_POLY1305,
+ "ChaCha20-Poly1305", CKM_NSS_CHACHA20_POLY1305, INVALID_CERT_EXTENSION ),
+
};
/* PRIVATE EXTENDED SECOID Table
@@ -1872,6 +1944,7 @@ secoid_HashNumber(const void *key)
return (PLHashNumber)((char *)key - (char *)NULL);
}
+#define DEF_FLAGS (NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX|NSS_USE_ALG_IN_SSL_KX)
svaldez 2016/04/04 15:59:51 nit: dupped
static void
handleHashAlgSupport(char * envVal)
{
@@ -1887,14 +1960,14 @@ handleHashAlgSupport(char * envVal)
*nextArg++ = '\0';
}
}
- notEnable = (*arg == '-') ? (NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX) : 0;
+ notEnable = (*arg == '-') ? (DEF_FLAGS) : 0;
if ((*arg == '+' || *arg == '-') && *++arg) {
int i;
for (i = 1; i < SEC_OID_TOTAL; i++) {
if (oids[i].desc && strstr(arg, oids[i].desc)) {
xOids[i].notPolicyFlags = notEnable |
- (xOids[i].notPolicyFlags & ~(NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX));
+ (xOids[i].notPolicyFlags & ~(DEF_FLAGS));
}
}
}
@@ -1918,7 +1991,7 @@ SECOID_Init(void)
return SECSuccess; /* already initialized */
}
- if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
+ if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
/* initialize any policy flags that are disabled by default */
xOids[SEC_OID_MD2 ].notPolicyFlags = ~0;
xOids[SEC_OID_MD4 ].notPolicyFlags = ~0;
@@ -1930,7 +2003,10 @@ SECOID_Init(void)
xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
}
- envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");
+ /* turn off NSS_USE_POLICY_IN_SSL by default */
+ xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL;
+
+ envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT");
if (envVal)
handleHashAlgSupport(envVal);
« no previous file with comments | « nss/lib/util/secasn1d.c ('k') | nss/lib/util/secoidt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698