Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 634848 Details for
Bug 870864
Add support in NSS for Secure Boot
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch 1 - extended key usage support in nss - early work
0001-Add-extended-key-usage-for-MS-Authenticode-Code-Sign.patch (text/plain), 6.96 KB, created by
Elio Maldonado Batiz
on 2012-10-29 03:27:36 UTC
(
hide
)
Description:
Patch 1 - extended key usage support in nss - early work
Filename:
MIME Type:
Creator:
Elio Maldonado Batiz
Created:
2012-10-29 03:27:36 UTC
Size:
6.96 KB
patch
obsolete
>Index: ./mozilla/security/nss/cmd/certcgi/ca_form.html >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/certcgi/ca_form.html,v >retrieving revision 1.4 >diff -u -p -r1.4 ca_form.html >--- ./mozilla/security/nss/cmd/certcgi/ca_form.html 20 Mar 2012 14:46:53 -0000 1.4 >+++ ./mozilla/security/nss/cmd/certcgi/ca_form.html 29 Oct 2012 01:56:47 -0000 >@@ -167,6 +167,7 @@ > <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> > <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> > <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> >+ <input type="checkbox" name="extKeyUsage-msCodeSign"> Microsoft Code Signing</P> > </tr> > <tr> > <td> >Index: ./mozilla/security/nss/cmd/certcgi/certcgi.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/certcgi/certcgi.c,v >retrieving revision 1.22 >diff -u -p -r1.22 certcgi.c >--- ./mozilla/security/nss/cmd/certcgi/certcgi.c 29 Apr 2012 12:52:04 -0000 1.22 >+++ ./mozilla/security/nss/cmd/certcgi/certcgi.c 29 Oct 2012 01:56:47 -0000 >@@ -819,6 +819,11 @@ AddExtKeyUsage(void *extHandle, Pair *da > if( SECSuccess != rv ) goto loser; > } > >+ if( find_field_bool(data, "extKeyUsage-msCodeSign", PR_TRUE) ) { >+ rv = AddOidToSequence(os, SEC_OID_UNKNOWN/*szOID_KP_CTL_USAGE_SIGNING*/); >+ if( SECSuccess != rv ) goto loser; >+ } >+ > if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) { > rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); > if( SECSuccess != rv ) goto loser; >Index: ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/certcgi/stnd_ext_form.html,v >retrieving revision 1.4 >diff -u -p -r1.4 stnd_ext_form.html >--- ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html 20 Mar 2012 14:46:53 -0000 1.4 >+++ ./mozilla/security/nss/cmd/certcgi/stnd_ext_form.html 29 Oct 2012 01:56:47 -0000 >@@ -34,6 +34,7 @@ > <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> > <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> > <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> >+ <input type="checkbox" name="extKeyUsage-msCodeSign"> Microsoft Code Signing</P> > </tr> > <tr> > <td> >Index: ./mozilla/security/nss/cmd/certutil/certext.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/certutil/certext.c,v >retrieving revision 1.12 >diff -u -p -r1.12 certext.c >--- ./mozilla/security/nss/cmd/certutil/certext.c 20 Mar 2012 14:46:54 -0000 1.12 >+++ ./mozilla/security/nss/cmd/certutil/certext.c 29 Oct 2012 01:56:48 -0000 >@@ -18,6 +18,12 @@ > #endif > > #include "secutil.h" >+#include "secoidt.h" >+ >+/* FIXME: it's supposed the be in secoidt.h at least temporarily */ >+#ifndef szOID_KP_CTL_USAGE_SIGNING >+#define szOID_KP_CTL_USAGE_SIGNING 314 >+#endif > > #if defined(XP_UNIX) > #include <unistd.h> >@@ -483,6 +489,7 @@ extKeyUsageKeyWordArray[] = { "serverAut > "timeStamp", > "ocspResponder", > "stepUp", >+ "msCodeSigning", > NULL}; > > static SECStatus >@@ -554,6 +561,9 @@ AddExtKeyUsage (void *extHandle, const c > case 6: > rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); > break; >+ case 7: >+ rv = AddOidToSequence(os, szOID_KP_CTL_USAGE_SIGNING); >+ break; > default: > goto endloop; > } >Index: ./mozilla/security/nss/cmd/certutil/certutil.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v >retrieving revision 1.162 >diff -u -p -r1.162 certutil.c >--- ./mozilla/security/nss/cmd/certutil/certutil.c 20 Mar 2012 14:46:54 -0000 1.162 >+++ ./mozilla/security/nss/cmd/certutil/certutil.c 29 Oct 2012 01:56:48 -0000 >@@ -46,6 +46,17 @@ > > char *progName; > >+#define _TO_ITEM(x) {siDEROID, (unsigned char *)(x), sizeof(x) } >+ >+SECOidTag szOID_KP_CTL_USAGE_SIGNING = SEC_OID_UNKNOWN; >+/* { 1.3.6.1.4.1.311 } */ >+static const unsigned char msExtendedKeyUsageCodeSigning[] = >+ { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0xa, 3, 1 }; >+static const SECOidData microsoftAuthenticodeSigning_Entry = >+ { _TO_ITEM(msExtendedKeyUsageCodeSigning), SEC_OID_UNKNOWN, >+ "Microsoft Authenticode Signing", CKM_INVALID_MECHANISM, >+ INVALID_CERT_EXTENSION }; >+ > static CERTCertificateRequest * > GetCertRequest(PRFileDesc *inFile, PRBool ascii) > { >@@ -1145,6 +1156,7 @@ static void luC(enum usage_level ul, con > "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n" > "%-20s \"stepUp\", \"critical\"\n", > " -6 | --extKeyUsage keyword,keyword,...", "", "", "", ""); >+ "%-20s \"stepUp\", \"msCodeSign\", \"critical\"\n", > FPS "%-20s Create an email subject alt name extension\n", > " -7 emailAddrs"); > FPS "%-20s Create an dns subject alt name extension\n", >Index: ./mozilla/security/nss/cmd/lib/secutil.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/lib/secutil.c,v >retrieving revision 1.123 >diff -u -p -r1.123 secutil.c >--- ./mozilla/security/nss/cmd/lib/secutil.c 27 Sep 2012 17:13:33 -0000 1.123 >+++ ./mozilla/security/nss/cmd/lib/secutil.c 29 Oct 2012 01:56:48 -0000 >@@ -3558,6 +3558,18 @@ SECU_FindCertByNicknameOrFilename(CERTCe > return the_cert; > } > >+/* register the oid if we haven't already */ >+void >+cert_fetchOID(SECOidTag *data, const SECOidData *src) >+{ >+ if (*data == SEC_OID_UNKNOWN) { >+ /* AddEntry does the right thing if someone else has already >+ * added the oid. (that is return that oid tag) */ >+ *data = SECOID_AddEntry(src); >+ } >+ return; >+} >+ > /* Convert a SSL/TLS protocol version string into the respective numeric value > * defined by the SSL_LIBRARY_VERSION_* constants, > * while accepting a flexible set of case-insensitive identifiers. >Index: ./mozilla/security/nss/cmd/lib/secutil.h >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/cmd/lib/secutil.h,v >retrieving revision 1.48 >diff -u -p -r1.48 secutil.h >--- ./mozilla/security/nss/cmd/lib/secutil.h 27 Sep 2012 17:13:33 -0000 1.48 >+++ ./mozilla/security/nss/cmd/lib/secutil.h 29 Oct 2012 01:56:48 -0000 >@@ -362,6 +362,10 @@ SECU_EncodeAndAddExtensionValue(PRArenaP > void *value, PRBool criticality, int extenType, > EXTEN_EXT_VALUE_ENCODER EncodeValueFn); > >+/* register the oid if we haven't already */ >+void >+cert_fetchOID(SECOidTag *data, const SECOidData *src); >+ > /* Caller ensures that dst is at least item->len*2+1 bytes long */ > void > SECU_SECItemToHex(const SECItem * item, char * dst);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
rrelyea
: review-
Actions:
View
|
Diff
Attachments on
bug 870864
:
634838
|
634839
|
634848
|
634849
|
634850
|
636948
|
636949
|
636950
|
641077
|
644478