--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/nss-rsa-key-check.patch	Mon Jul 28 10:47:06 2014 +0200
@@ -0,0 +1,109 @@
+diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h
+index 97fa28b..682be76 100644
+--- a/nss/lib/freebl/blapi.h
++++ b/nss/lib/freebl/blapi.h
+@@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *  key,
+ /*
+ ** Perform a check of private key parameters for consistency.
+ */
+-extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key);
++extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
+ 
+ /*
+ ** Given only minimal private key parameters, fill in the rest of the
+diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c
+index fb4b5d0..34bc395 100644
+--- a/nss/lib/freebl/rsa.c
++++ b/nss/lib/freebl/rsa.c
+@@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+     return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
+ }
+ 
+-static SECStatus
+-swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer)
+-{
+-    int len;
+-    mp_err err = MP_OKAY;
+-    memset(buffer->data, 0, buffer->len);
+-    len = mp_unsigned_octet_size(mpval);
+-    if (len <= 0) return SECFailure;
+-    if ((unsigned int)len <= buffer->len) {
+-	/* The new value is no longer than the old buffer, so use it */
+-	err = mp_to_unsigned_octets(mpval, buffer->data, len);
+-	if (err >= 0) err = MP_OKAY;
+-	buffer->len = len;
+-    } else if (arena) {
+-	/* The new value is longer, but working within an arena */
+-	(void)SECITEM_AllocItem(arena, buffer, len);
+-	err = mp_to_unsigned_octets(mpval, buffer->data, len);
+-	if (err >= 0) err = MP_OKAY;
+-    } else {
+-	/* The new value is longer, no arena, can't handle this key */
+-	return SECFailure;
+-    }
+-    return (err == MP_OKAY) ? SECSuccess : SECFailure;
+-}
+-
+ SECStatus
+-RSA_PrivateKeyCheck(RSAPrivateKey *key)
++RSA_PrivateKeyCheck(const RSAPrivateKey *key)
+ {
+     mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
+     mp_err   err = MP_OKAY;
+@@ -1425,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
+     SECITEM_TO_MPINT(key->exponent1,       &d_p);
+     SECITEM_TO_MPINT(key->exponent2,       &d_q);
+     SECITEM_TO_MPINT(key->coefficient,     &qInv);
+-    /* p > q  */
++    /* p > q */
+     if (mp_cmp(&p, &q) <= 0) {
+-	/* mind the p's and q's (and d_p's and d_q's) */
+-	SECItem tmp;
+-	mp_exch(&p, &q);
+-	mp_exch(&d_p,&d_q);
+-	tmp = key->prime1;
+-	key->prime1 = key->prime2;
+-	key->prime2 = tmp;
+-	tmp = key->exponent1;
+-	key->exponent1 = key->exponent2;
+-	key->exponent2 = tmp;
++	rv = SECFailure;
++	goto cleanup;
+     }
+ #define VERIFY_MPI_EQUAL(m1, m2) \
+     if (mp_cmp(m1, m2) != 0) {   \
+diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c
+index a4e769e..c541946 100644
+--- a/nss/lib/softoken/pkcs11.c
++++ b/nss/lib/softoken/pkcs11.c
+@@ -2057,12 +2057,12 @@ sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded)
+                                  sftk_item_expand(&tmpKey.exponent1));
+         if (crv != CKR_OK) goto loser;
+     }
+-    if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) {
++    if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) {
+         crv = sftk_forceAttribute(object, CKA_EXPONENT_2,
+                                   sftk_item_expand(&tmpKey.exponent2));
+         if (crv != CKR_OK) goto loser;
+     }
+-    if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) {
++    if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) {
+         crv = sftk_forceAttribute(object, CKA_COEFFICIENT,
+                                   sftk_item_expand(&tmpKey.coefficient));
+         if (crv != CKR_OK) goto loser;
+@@ -2089,6 +2089,15 @@ loser:
+     if (publicExponent) {
+ 	sftk_FreeAttribute(publicExponent);
+     }
++    if (exponent1) {
++	sftk_FreeAttribute(exponent1);
++    }
++    if (exponent2) {
++	sftk_FreeAttribute(exponent2);
++    }
++    if (coefficient) {
++	sftk_FreeAttribute(coefficient);
++    }
+     return rv;
+ }
+