1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
From 34899117d1c43022d2d9454bf59e3a30cfaa666a Mon Sep 17 00:00:00 2001
Date: Mon, 7 May 2018 18:59:33 +0200
Subject: [PATCH] NSS: ECDSA updates (#172)
* nss: register ecdsa key data
This test started to fail when 2ae61923d6e8db7eca0a8476e934e4af5b1cc5de
(MS CNG: adopt trusted certificate (#141), 2018-01-15) fixed the typo in
the test to require ecdsa key data.
The implementation was there, just not the registration.
Testcase: aleksey-xmldsig-01/enveloping-sha256-ecdsa-sha256
* nss: fix assert condition when getting key type of ECDSA key
The condition is now consistent with the RSA getter. In practice this
fixes a crash when using libxmlsec via its API and setting only the
private key (but not the public key) for signing -- as
SECKEY_GetPublicKeyType(NULL) is not safe.
Bugreport: https://bugs.documentfoundation.org/show_bug.cgi?id=109180
---
src/nss/crypto.c | 4 ++++
src/nss/pkikeys.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/nss/crypto.c b/src/nss/crypto.c
index 57767465..bb50bfb5 100644
--- a/src/nss/crypto.c
+++ b/src/nss/crypto.c
@@ -75,6 +75,10 @@ xmlSecCryptoGetFunctions_nss(void) {
gXmlSecNssFunctions->keyDataDsaGetKlass = xmlSecNssKeyDataDsaGetKlass;
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ gXmlSecNssFunctions->keyDataEcdsaGetKlass = xmlSecNssKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_HMAC
gXmlSecNssFunctions->keyDataHmacGetKlass = xmlSecNssKeyDataHmacGetKlass;
#endif /* XMLSEC_NO_HMAC */
diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
index 25828aec..cf18d1c0 100644
--- a/src/nss/pkikeys.c
+++ b/src/nss/pkikeys.c
@@ -1471,7 +1471,7 @@ xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), xmlSecKeyDataTypeUnknown);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1);
+ xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1);
if (ctx->privkey != NULL) {
return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
} else {
--
2.13.6
|