Update to NSS 3.16.2 Beta 3.

nss/lib/freebl/rsa.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * RSA key generation, public key op, private key op.
  */
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
@@ skipping 1388 matching lines @@
     CHECK_MPI_OK( mp_init(&q)    );
     CHECK_MPI_OK( mp_init(&n)    );
     CHECK_MPI_OK( mp_init(&psub1));
     CHECK_MPI_OK( mp_init(&qsub1));
     CHECK_MPI_OK( mp_init(&e)    );
     CHECK_MPI_OK( mp_init(&d)    );
     CHECK_MPI_OK( mp_init(&d_p)  );
     CHECK_MPI_OK( mp_init(&d_q)  );
     CHECK_MPI_OK( mp_init(&qInv) );
     CHECK_MPI_OK( mp_init(&res)  );
+
+    if (!key->modulus.data || !key->prime1.data || !key->prime2.data ||
+        !key->publicExponent.data || !key->privateExponent.data ||
+        !key->exponent1.data || !key->exponent2.data ||
+        !key->coefficient.data) {
+        /*call RSA_PopulatePrivateKey first, if the application wishes to
+         * recover these parameters */
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
     SECITEM_TO_MPINT(key->modulus,         &n);
     SECITEM_TO_MPINT(key->prime1,          &p);
     SECITEM_TO_MPINT(key->prime2,          &q);
     SECITEM_TO_MPINT(key->publicExponent,  &e);
     SECITEM_TO_MPINT(key->privateExponent, &d);
     SECITEM_TO_MPINT(key->exponent1,       &d_p);
     SECITEM_TO_MPINT(key->exponent2,       &d_q);
     SECITEM_TO_MPINT(key->coefficient,     &qInv);
     /* p > q  */
     if (mp_cmp(&p, &q) <= 0) {
@@ skipping 32 matching lines @@
     CHECK_MPI_OK( mp_sub_d(&q, 1, &qsub1) );
     CHECK_MPI_OK( mp_gcd(&e, &qsub1, &res) );
     VERIFY_MPI_EQUAL_1(&res);
     /* d*e == 1 mod p-1 */
     CHECK_MPI_OK( mp_mulmod(&d, &e, &psub1, &res) );
     VERIFY_MPI_EQUAL_1(&res);
     /* d*e == 1 mod q-1 */
     CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) );
     VERIFY_MPI_EQUAL_1(&res);
     /*
-     * The following errors can be recovered from.
+     * The following errors can be recovered from. However, the purpose of this
+     * function is to check consistency, so they are not.
      */
     /* d_p == d mod p-1 */
     CHECK_MPI_OK( mp_mod(&d, &psub1, &res) );
-    if (mp_cmp(&d_p, &res) != 0) {
-        /* swap in the correct value */
-        CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) );
-    }
+    VERIFY_MPI_EQUAL(&res, &d_p);
     /* d_q == d mod q-1 */
     CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) );
-    if (mp_cmp(&d_q, &res) != 0) {
-        /* swap in the correct value */
-        CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) );
-    }
+    VERIFY_MPI_EQUAL(&res, &d_q);
     /* q * q**-1 == 1 mod p */
     CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) );
-    if (mp_cmp_d(&res, 1) != 0) {
-        /* compute the correct value */
-        CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) );
-        CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) );
-    }
+    VERIFY_MPI_EQUAL_1(&res);
+
 cleanup:
     mp_clear(&n);
     mp_clear(&p);
     mp_clear(&q);
     mp_clear(&psub1);
     mp_clear(&qsub1);
     mp_clear(&e);
     mp_clear(&d);
     mp_clear(&d_p);
     mp_clear(&d_q);
@@ skipping 77 matching lines @@
 PRBool bl_parentForkedAfterC_Initialize;
 
 /*
  * Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms.
  */
 void BL_SetForkState(PRBool forked)
 {
     bl_parentForkedAfterC_Initialize = forked;
 }