Mercurial > trustbridge > nss-cmake-static
view patches/nss-rsa-key-check.patch @ 4:b513267f632f tip
Build DBM module
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:58:03 +0200 |
parents | 1e5118fa0cb1 |
children |
line wrap: on
line source
diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h index 97fa28b..682be76 100644 --- a/nss/lib/freebl/blapi.h +++ b/nss/lib/freebl/blapi.h @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, /* ** Perform a check of private key parameters for consistency. */ -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); /* ** Given only minimal private key parameters, fill in the rest of the diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c index fb4b5d0..34bc395 100644 --- a/nss/lib/freebl/rsa.c +++ b/nss/lib/freebl/rsa.c @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, return rsa_PrivateKeyOp(key, output, input, PR_TRUE); } -static SECStatus -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) -{ - int len; - mp_err err = MP_OKAY; - memset(buffer->data, 0, buffer->len); - len = mp_unsigned_octet_size(mpval); - if (len <= 0) return SECFailure; - if ((unsigned int)len <= buffer->len) { - /* The new value is no longer than the old buffer, so use it */ - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - buffer->len = len; - } else if (arena) { - /* The new value is longer, but working within an arena */ - (void)SECITEM_AllocItem(arena, buffer, len); - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - } else { - /* The new value is longer, no arena, can't handle this key */ - return SECFailure; - } - return (err == MP_OKAY) ? SECSuccess : SECFailure; -} - SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; mp_err err = MP_OKAY; @@ -1425,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) SECITEM_TO_MPINT(key->exponent1, &d_p); SECITEM_TO_MPINT(key->exponent2, &d_q); SECITEM_TO_MPINT(key->coefficient, &qInv); - /* p > q */ + /* p > q */ if (mp_cmp(&p, &q) <= 0) { - /* mind the p's and q's (and d_p's and d_q's) */ - SECItem tmp; - mp_exch(&p, &q); - mp_exch(&d_p,&d_q); - tmp = key->prime1; - key->prime1 = key->prime2; - key->prime2 = tmp; - tmp = key->exponent1; - key->exponent1 = key->exponent2; - key->exponent2 = tmp; + rv = SECFailure; + goto cleanup; } #define VERIFY_MPI_EQUAL(m1, m2) \ if (mp_cmp(m1, m2) != 0) { \ diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c index a4e769e..c541946 100644 --- a/nss/lib/softoken/pkcs11.c +++ b/nss/lib/softoken/pkcs11.c @@ -2057,12 +2057,12 @@ sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) sftk_item_expand(&tmpKey.exponent1)); if (crv != CKR_OK) goto loser; } - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { crv = sftk_forceAttribute(object, CKA_EXPONENT_2, sftk_item_expand(&tmpKey.exponent2)); if (crv != CKR_OK) goto loser; } - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { crv = sftk_forceAttribute(object, CKA_COEFFICIENT, sftk_item_expand(&tmpKey.coefficient)); if (crv != CKR_OK) goto loser; @@ -2089,6 +2089,15 @@ loser: if (publicExponent) { sftk_FreeAttribute(publicExponent); } + if (exponent1) { + sftk_FreeAttribute(exponent1); + } + if (exponent2) { + sftk_FreeAttribute(exponent2); + } + if (coefficient) { + sftk_FreeAttribute(coefficient); + } return rv; }