Mercurial > trustbridge > nss-cmake-static
annotate patches/nss-rsa-key-check.patch @ 4:b513267f632f tip
Build DBM module
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 05 Aug 2014 18:58:03 +0200 |
| parents | 1e5118fa0cb1 |
| children |
| rev | line source |
|---|---|
|
0
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 index 97fa28b..682be76 100644 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 --- a/nss/lib/freebl/blapi.h |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 +++ b/nss/lib/freebl/blapi.h |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 ** Perform a check of private key parameters for consistency. |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 /* |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 ** Given only minimal private key parameters, fill in the rest of the |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 index fb4b5d0..34bc395 100644 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 --- a/nss/lib/freebl/rsa.c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 +++ b/nss/lib/freebl/rsa.c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 return rsa_PrivateKeyOp(key, output, input, PR_TRUE); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 -static SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 -{ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 - int len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 - mp_err err = MP_OKAY; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 - memset(buffer->data, 0, buffer->len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 - len = mp_unsigned_octet_size(mpval); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 - if (len <= 0) return SECFailure; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 - if ((unsigned int)len <= buffer->len) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 - /* The new value is no longer than the old buffer, so use it */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 - err = mp_to_unsigned_octets(mpval, buffer->data, len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 - if (err >= 0) err = MP_OKAY; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 - buffer->len = len; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 - } else if (arena) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 - /* The new value is longer, but working within an arena */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 - (void)SECITEM_AllocItem(arena, buffer, len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 - err = mp_to_unsigned_octets(mpval, buffer->data, len); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 - if (err >= 0) err = MP_OKAY; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 - } else { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 - /* The new value is longer, no arena, can't handle this key */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 - return SECFailure; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 - } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 - return (err == MP_OKAY) ? SECSuccess : SECFailure; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 -} |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 - |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 SECStatus |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 -RSA_PrivateKeyCheck(RSAPrivateKey *key) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 +RSA_PrivateKeyCheck(const RSAPrivateKey *key) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 mp_err err = MP_OKAY; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 @@ -1425,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 SECITEM_TO_MPINT(key->exponent1, &d_p); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 SECITEM_TO_MPINT(key->exponent2, &d_q); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 SECITEM_TO_MPINT(key->coefficient, &qInv); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 - /* p > q */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 + /* p > q */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 if (mp_cmp(&p, &q) <= 0) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 - /* mind the p's and q's (and d_p's and d_q's) */ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 - SECItem tmp; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 - mp_exch(&p, &q); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 - mp_exch(&d_p,&d_q); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 - tmp = key->prime1; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 - key->prime1 = key->prime2; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 - key->prime2 = tmp; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 - tmp = key->exponent1; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 - key->exponent1 = key->exponent2; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 - key->exponent2 = tmp; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 + rv = SECFailure; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 + goto cleanup; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 #define VERIFY_MPI_EQUAL(m1, m2) \ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 if (mp_cmp(m1, m2) != 0) { \ |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 index a4e769e..c541946 100644 |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 --- a/nss/lib/softoken/pkcs11.c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 +++ b/nss/lib/softoken/pkcs11.c |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 @@ -2057,12 +2057,12 @@ sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 sftk_item_expand(&tmpKey.exponent1)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 if (crv != CKR_OK) goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 crv = sftk_forceAttribute(object, CKA_EXPONENT_2, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
86 sftk_item_expand(&tmpKey.exponent2)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
87 if (crv != CKR_OK) goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
88 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
89 - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
90 + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
91 crv = sftk_forceAttribute(object, CKA_COEFFICIENT, |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
92 sftk_item_expand(&tmpKey.coefficient)); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
93 if (crv != CKR_OK) goto loser; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
94 @@ -2089,6 +2089,15 @@ loser: |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
95 if (publicExponent) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
96 sftk_FreeAttribute(publicExponent); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
97 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
98 + if (exponent1) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
99 + sftk_FreeAttribute(exponent1); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
100 + } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
101 + if (exponent2) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 + sftk_FreeAttribute(exponent2); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 + } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 + if (coefficient) { |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 + sftk_FreeAttribute(coefficient); |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 + } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 return rv; |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 } |
|
1e5118fa0cb1
This is NSS with a Cmake Buildsyste
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 |