andre@0: diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h andre@0: index 97fa28b..682be76 100644 andre@0: --- a/nss/lib/freebl/blapi.h andre@0: +++ b/nss/lib/freebl/blapi.h andre@0: @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, andre@0: /* andre@0: ** Perform a check of private key parameters for consistency. andre@0: */ andre@0: -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); andre@0: +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); andre@0: andre@0: /* andre@0: ** Given only minimal private key parameters, fill in the rest of the andre@0: diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c andre@0: index fb4b5d0..34bc395 100644 andre@0: --- a/nss/lib/freebl/rsa.c andre@0: +++ b/nss/lib/freebl/rsa.c andre@0: @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, andre@0: return rsa_PrivateKeyOp(key, output, input, PR_TRUE); andre@0: } andre@0: andre@0: -static SECStatus andre@0: -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) andre@0: -{ andre@0: - int len; andre@0: - mp_err err = MP_OKAY; andre@0: - memset(buffer->data, 0, buffer->len); andre@0: - len = mp_unsigned_octet_size(mpval); andre@0: - if (len <= 0) return SECFailure; andre@0: - if ((unsigned int)len <= buffer->len) { andre@0: - /* The new value is no longer than the old buffer, so use it */ andre@0: - err = mp_to_unsigned_octets(mpval, buffer->data, len); andre@0: - if (err >= 0) err = MP_OKAY; andre@0: - buffer->len = len; andre@0: - } else if (arena) { andre@0: - /* The new value is longer, but working within an arena */ andre@0: - (void)SECITEM_AllocItem(arena, buffer, len); andre@0: - err = mp_to_unsigned_octets(mpval, buffer->data, len); andre@0: - if (err >= 0) err = MP_OKAY; andre@0: - } else { andre@0: - /* The new value is longer, no arena, can't handle this key */ andre@0: - return SECFailure; andre@0: - } andre@0: - return (err == MP_OKAY) ? SECSuccess : SECFailure; andre@0: -} andre@0: - andre@0: SECStatus andre@0: -RSA_PrivateKeyCheck(RSAPrivateKey *key) andre@0: +RSA_PrivateKeyCheck(const RSAPrivateKey *key) andre@0: { andre@0: mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; andre@0: mp_err err = MP_OKAY; andre@0: @@ -1425,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) andre@0: SECITEM_TO_MPINT(key->exponent1, &d_p); andre@0: SECITEM_TO_MPINT(key->exponent2, &d_q); andre@0: SECITEM_TO_MPINT(key->coefficient, &qInv); andre@0: - /* p > q */ andre@0: + /* p > q */ andre@0: if (mp_cmp(&p, &q) <= 0) { andre@0: - /* mind the p's and q's (and d_p's and d_q's) */ andre@0: - SECItem tmp; andre@0: - mp_exch(&p, &q); andre@0: - mp_exch(&d_p,&d_q); andre@0: - tmp = key->prime1; andre@0: - key->prime1 = key->prime2; andre@0: - key->prime2 = tmp; andre@0: - tmp = key->exponent1; andre@0: - key->exponent1 = key->exponent2; andre@0: - key->exponent2 = tmp; andre@0: + rv = SECFailure; andre@0: + goto cleanup; andre@0: } andre@0: #define VERIFY_MPI_EQUAL(m1, m2) \ andre@0: if (mp_cmp(m1, m2) != 0) { \ andre@0: diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c andre@0: index a4e769e..c541946 100644 andre@0: --- a/nss/lib/softoken/pkcs11.c andre@0: +++ b/nss/lib/softoken/pkcs11.c andre@0: @@ -2057,12 +2057,12 @@ sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) andre@0: sftk_item_expand(&tmpKey.exponent1)); andre@0: if (crv != CKR_OK) goto loser; andre@0: } andre@0: - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { andre@0: + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { andre@0: crv = sftk_forceAttribute(object, CKA_EXPONENT_2, andre@0: sftk_item_expand(&tmpKey.exponent2)); andre@0: if (crv != CKR_OK) goto loser; andre@0: } andre@0: - if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { andre@0: + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { andre@0: crv = sftk_forceAttribute(object, CKA_COEFFICIENT, andre@0: sftk_item_expand(&tmpKey.coefficient)); andre@0: if (crv != CKR_OK) goto loser; andre@0: @@ -2089,6 +2089,15 @@ loser: andre@0: if (publicExponent) { andre@0: sftk_FreeAttribute(publicExponent); andre@0: } andre@0: + if (exponent1) { andre@0: + sftk_FreeAttribute(exponent1); andre@0: + } andre@0: + if (exponent2) { andre@0: + sftk_FreeAttribute(exponent2); andre@0: + } andre@0: + if (coefficient) { andre@0: + sftk_FreeAttribute(coefficient); andre@0: + } andre@0: return rv; andre@0: } andre@0: