Attachment 634848 Details for Bug 870864 – Patch 1 - extended key usage support in nss - early work

[patch] Patch 1 - extended key usage support in nss - early work

0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch (text/plain), 6.96 KB, created by Elio Maldonado Batiz on 2012-10-29 03:27:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Elio Maldonado Batiz

Created: 2012-10-29 03:27:36 UTC

Size: 6.96 KB

patch

obsolete

>Index: ./mozilla/security/nss/cmd/certcgi/ca_form.html
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/certcgi/ca_form.html,v
>retrieving revision 1.4
>diff -u -p -r1.4 ca_form.html
>--- ./mozilla/security/nss/cmd/certcgi/ca_form.html	20 Mar 2012 14:46:53 -0000	1.4
>+++ ./mozilla/security/nss/cmd/certcgi/ca_form.html	29 Oct 2012 01:56:47 -0000
>@@ -167,6 +167,7 @@
>     <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
>     <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
>     <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
>+    <input type="checkbox" name="extKeyUsage-msCodeSign"> Microsoft Code Signing</P>
>     </tr>
>     <tr>
>     <td>
>Index: ./mozilla/security/nss/cmd/certcgi/certcgi.c
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/certcgi/certcgi.c,v
>retrieving revision 1.22
>diff -u -p -r1.22 certcgi.c
>--- ./mozilla/security/nss/cmd/certcgi/certcgi.c	29 Apr 2012 12:52:04 -0000	1.22
>+++ ./mozilla/security/nss/cmd/certcgi/certcgi.c	29 Oct 2012 01:56:47 -0000
>@@ -819,6 +819,11 @@ AddExtKeyUsage(void *extHandle, Pair *da
>     if( SECSuccess != rv ) goto loser;
>   }
> 
>+  if( find_field_bool(data, "extKeyUsage-msCodeSign", PR_TRUE) ) {
>+    rv = AddOidToSequence(os, SEC_OID_UNKNOWN/*szOID_KP_CTL_USAGE_SIGNING*/);
>+    if( SECSuccess != rv ) goto loser;
>+  }
>+
>   if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) {
>     rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
>     if( SECSuccess != rv ) goto loser;
>Index: ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/certcgi/stnd_ext_form.html,v
>retrieving revision 1.4
>diff -u -p -r1.4 stnd_ext_form.html
>--- ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html	20 Mar 2012 14:46:53 -0000	1.4
>+++ ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html	29 Oct 2012 01:56:47 -0000
>@@ -34,6 +34,7 @@
>     <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
>     <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
>     <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
>+    <input type="checkbox" name="extKeyUsage-msCodeSign"> Microsoft Code Signing</P>
>     </tr>
>     <tr>
>     <td>
>Index: ./mozilla/security/nss/cmd/certutil/certext.c
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/certutil/certext.c,v
>retrieving revision 1.12
>diff -u -p -r1.12 certext.c
>--- ./mozilla/security/nss/cmd/certutil/certext.c	20 Mar 2012 14:46:54 -0000	1.12
>+++ ./mozilla/security/nss/cmd/certutil/certext.c	29 Oct 2012 01:56:48 -0000
>@@ -18,6 +18,12 @@
> #endif
> 
> #include "secutil.h"
>+#include "secoidt.h"
>+
>+/* FIXME: it's supposed the be in secoidt.h at least temporarily */
>+#ifndef szOID_KP_CTL_USAGE_SIGNING
>+#define szOID_KP_CTL_USAGE_SIGNING  314
>+#endif
> 
> #if defined(XP_UNIX)
> #include <unistd.h>
>@@ -483,6 +489,7 @@ extKeyUsageKeyWordArray[] = { "serverAut
>                               "timeStamp",
>                               "ocspResponder",
>                               "stepUp",
>+                              "msCodeSigning",
>                               NULL};
> 
> static SECStatus 
>@@ -554,6 +561,9 @@ AddExtKeyUsage (void *extHandle, const c
>         case 6:
>             rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
>             break;
>+        case 7:
>+            rv = AddOidToSequence(os, szOID_KP_CTL_USAGE_SIGNING);
>+            break;
>         default:
>             goto endloop;
>         }
>Index: ./mozilla/security/nss/cmd/certutil/certutil.c
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v
>retrieving revision 1.162
>diff -u -p -r1.162 certutil.c
>--- ./mozilla/security/nss/cmd/certutil/certutil.c	20 Mar 2012 14:46:54 -0000	1.162
>+++ ./mozilla/security/nss/cmd/certutil/certutil.c	29 Oct 2012 01:56:48 -0000
>@@ -46,6 +46,17 @@
> 
> char *progName;
> 
>+#define _TO_ITEM(x) {siDEROID, (unsigned char *)(x), sizeof(x) }
>+
>+SECOidTag szOID_KP_CTL_USAGE_SIGNING = SEC_OID_UNKNOWN;
>+/* { 1.3.6.1.4.1.311 } */
>+static const unsigned char msExtendedKeyUsageCodeSigning[] =
>+        { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0xa, 3, 1  };
>+static const SECOidData microsoftAuthenticodeSigning_Entry =
>+        { _TO_ITEM(msExtendedKeyUsageCodeSigning), SEC_OID_UNKNOWN,
>+        "Microsoft Authenticode Signing", CKM_INVALID_MECHANISM,
>+        INVALID_CERT_EXTENSION };
>+
> static CERTCertificateRequest *
> GetCertRequest(PRFileDesc *inFile, PRBool ascii)
> {
>@@ -1145,6 +1156,7 @@ static void luC(enum usage_level ul, con
>               "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n"
>               "%-20s \"stepUp\", \"critical\"\n",
>         "   -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
>+              "%-20s \"stepUp\", \"msCodeSign\", \"critical\"\n",
>     FPS "%-20s Create an email subject alt name extension\n",
>         "   -7 emailAddrs");
>     FPS "%-20s Create an dns subject alt name extension\n",
>Index: ./mozilla/security/nss/cmd/lib/secutil.c
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v
>retrieving revision 1.123
>diff -u -p -r1.123 secutil.c
>--- ./mozilla/security/nss/cmd/lib/secutil.c	27 Sep 2012 17:13:33 -0000	1.123
>+++ ./mozilla/security/nss/cmd/lib/secutil.c	29 Oct 2012 01:56:48 -0000
>@@ -3558,6 +3558,18 @@ SECU_FindCertByNicknameOrFilename(CERTCe
>     return the_cert;
> }
> 
>+/* register the oid if we haven't already */
>+void
>+cert_fetchOID(SECOidTag *data, const SECOidData *src)
>+{
>+    if (*data == SEC_OID_UNKNOWN) {
>+        /* AddEntry does the right thing if someone else has already
>+         * added the oid. (that is return that oid tag) */
>+        *data = SECOID_AddEntry(src);
>+    }
>+    return;
>+}
>+
> /* Convert a SSL/TLS protocol version string into the respective numeric value
>  * defined by the SSL_LIBRARY_VERSION_* constants,
>  * while accepting a flexible set of case-insensitive identifiers.
>Index: ./mozilla/security/nss/cmd/lib/secutil.h
>===================================================================
>RCS file: /cvsroot/mozilla/security/nss/cmd/lib/secutil.h,v
>retrieving revision 1.48
>diff -u -p -r1.48 secutil.h
>--- ./mozilla/security/nss/cmd/lib/secutil.h	27 Sep 2012 17:13:33 -0000	1.48
>+++ ./mozilla/security/nss/cmd/lib/secutil.h	29 Oct 2012 01:56:48 -0000
>@@ -362,6 +362,10 @@ SECU_EncodeAndAddExtensionValue(PRArenaP
>                                 void *value, PRBool criticality, int extenType, 
>                                 EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
> 
>+/* register the oid if we haven't already */
>+void
>+cert_fetchOID(SECOidTag *data, const SECOidData *src);
>+
> /* Caller ensures that dst is at least item->len*2+1 bytes long */
> void
> SECU_SECItemToHex(const SECItem * item, char * dst);

Flags:

rrelyea: review-

Actions: View | Diff

Attachments on bug 870864: 634838 | 634839 | 634848 | 634849 | 634850 | 636948 | 636949 | 636950 | 641077 | 644478