[tor/master] Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID - tor-commits

5 Sep 2018

commit b8a2bdbdc8c467762f1bb0c2d103c566fe9703a7
Author: Nick Mathewson nickm@torproject.org
Date:   Wed Sep 5 16:49:15 2018 -0400
Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID
---
 src/lib/tls/x509_nss.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/lib/tls/x509_nss.c b/src/lib/tls/x509_nss.c
index 5bb7940c9..a0a9c559c 100644
--- a/src/lib/tls/x509_nss.c
+++ b/src/lib/tls/x509_nss.c
@@ -114,11 +114,19 @@ tor_tls_create_certificate_internal(crypto_pk_t *rsa,
   if (!tmp)
     goto err;
+#if 0
   s = SEC_DerSignDataWithAlgorithmID(cert->arena,
                                      &signed_der,
                                      der.data, der.len,
                                      (SECKEYPrivateKey *)signing_key,//const
                                      &cert->signature);
+#else
+  s = SEC_DerSignData(cert->arena,
+                      &signed_der,
+                      der.data, der.len,
+                      (SECKEYPrivateKey *)signing_key,//const
+                      SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION);
+#endif
if (s != SECSuccess)
     goto err;

    