Mercurial > trustbridge > nss-cmake-static
comparison patches/nss-rsa-key-check.patch @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e5118fa0cb1 |
|---|---|
| 1 diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h | |
| 2 index 97fa28b..682be76 100644 | |
| 3 --- a/nss/lib/freebl/blapi.h | |
| 4 +++ b/nss/lib/freebl/blapi.h | |
| 5 @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, | |
| 6 /* | |
| 7 ** Perform a check of private key parameters for consistency. | |
| 8 */ | |
| 9 -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); | |
| 10 +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); | |
| 11 | |
| 12 /* | |
| 13 ** Given only minimal private key parameters, fill in the rest of the | |
| 14 diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c | |
| 15 index fb4b5d0..34bc395 100644 | |
| 16 --- a/nss/lib/freebl/rsa.c | |
| 17 +++ b/nss/lib/freebl/rsa.c | |
| 18 @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, | |
| 19 return rsa_PrivateKeyOp(key, output, input, PR_TRUE); | |
| 20 } | |
| 21 | |
| 22 -static SECStatus | |
| 23 -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) | |
| 24 -{ | |
| 25 - int len; | |
| 26 - mp_err err = MP_OKAY; | |
| 27 - memset(buffer->data, 0, buffer->len); | |
| 28 - len = mp_unsigned_octet_size(mpval); | |
| 29 - if (len <= 0) return SECFailure; | |
| 30 - if ((unsigned int)len <= buffer->len) { | |
| 31 - /* The new value is no longer than the old buffer, so use it */ | |
| 32 - err = mp_to_unsigned_octets(mpval, buffer->data, len); | |
| 33 - if (err >= 0) err = MP_OKAY; | |
| 34 - buffer->len = len; | |
| 35 - } else if (arena) { | |
| 36 - /* The new value is longer, but working within an arena */ | |
| 37 - (void)SECITEM_AllocItem(arena, buffer, len); | |
| 38 - err = mp_to_unsigned_octets(mpval, buffer->data, len); | |
| 39 - if (err >= 0) err = MP_OKAY; | |
| 40 - } else { | |
| 41 - /* The new value is longer, no arena, can't handle this key */ | |
| 42 - return SECFailure; | |
| 43 - } | |
| 44 - return (err == MP_OKAY) ? SECSuccess : SECFailure; | |
| 45 -} | |
| 46 - | |
| 47 SECStatus | |
| 48 -RSA_PrivateKeyCheck(RSAPrivateKey *key) | |
| 49 +RSA_PrivateKeyCheck(const RSAPrivateKey *key) | |
| 50 { | |
| 51 mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; | |
| 52 mp_err err = MP_OKAY; | |
| 53 @@ -1425,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) | |
| 54 SECITEM_TO_MPINT(key->exponent1, &d_p); | |
| 55 SECITEM_TO_MPINT(key->exponent2, &d_q); | |
| 56 SECITEM_TO_MPINT(key->coefficient, &qInv); | |
| 57 - /* p > q */ | |
| 58 + /* p > q */ | |
| 59 if (mp_cmp(&p, &q) <= 0) { | |
| 60 - /* mind the p's and q's (and d_p's and d_q's) */ | |
| 61 - SECItem tmp; | |
| 62 - mp_exch(&p, &q); | |
| 63 - mp_exch(&d_p,&d_q); | |
| 64 - tmp = key->prime1; | |
| 65 - key->prime1 = key->prime2; | |
| 66 - key->prime2 = tmp; | |
| 67 - tmp = key->exponent1; | |
| 68 - key->exponent1 = key->exponent2; | |
| 69 - key->exponent2 = tmp; | |
| 70 + rv = SECFailure; | |
| 71 + goto cleanup; | |
| 72 } | |
| 73 #define VERIFY_MPI_EQUAL(m1, m2) \ | |
| 74 if (mp_cmp(m1, m2) != 0) { \ | |
| 75 diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c | |
| 76 index a4e769e..c541946 100644 | |
| 77 --- a/nss/lib/softoken/pkcs11.c | |
| 78 +++ b/nss/lib/softoken/pkcs11.c | |
| 79 @@ -2057,12 +2057,12 @@ sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) | |
| 80 sftk_item_expand(&tmpKey.exponent1)); | |
| 81 if (crv != CKR_OK) goto loser; | |
| 82 } | |
| 83 - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { | |
| 84 + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { | |
| 85 crv = sftk_forceAttribute(object, CKA_EXPONENT_2, | |
| 86 sftk_item_expand(&tmpKey.exponent2)); | |
| 87 if (crv != CKR_OK) goto loser; | |
| 88 } | |
| 89 - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { | |
| 90 + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { | |
| 91 crv = sftk_forceAttribute(object, CKA_COEFFICIENT, | |
| 92 sftk_item_expand(&tmpKey.coefficient)); | |
| 93 if (crv != CKR_OK) goto loser; | |
| 94 @@ -2089,6 +2089,15 @@ loser: | |
| 95 if (publicExponent) { | |
| 96 sftk_FreeAttribute(publicExponent); | |
| 97 } | |
| 98 + if (exponent1) { | |
| 99 + sftk_FreeAttribute(exponent1); | |
| 100 + } | |
| 101 + if (exponent2) { | |
| 102 + sftk_FreeAttribute(exponent2); | |
| 103 + } | |
| 104 + if (coefficient) { | |
| 105 + sftk_FreeAttribute(coefficient); | |
| 106 + } | |
| 107 return rv; | |
| 108 } | |
| 109 |