Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(740)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: nss/lib/freebl/rsa.c

Issue 329663003: Apply the fix for NSS bug 1021102 from the NSS upstream. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/nss
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/freebl/blapi.h ('k') | nss/lib/softoken/pkcs11.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/freebl/rsa.c
diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c
index fb4b5d058945fc4c7821d6ad0259a6ce94475eb3..aacef586ebb9cc208088aaa4564990d6bbd5bbc1 100644
--- a/nss/lib/freebl/rsa.c
+++ b/nss/lib/freebl/rsa.c
@@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
}
-static SECStatus
-swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer)
-{
- int len;
- mp_err err = MP_OKAY;
- memset(buffer->data, 0, buffer->len);
- len = mp_unsigned_octet_size(mpval);
- if (len <= 0) return SECFailure;
- if ((unsigned int)len <= buffer->len) {
- /* The new value is no longer than the old buffer, so use it */
- err = mp_to_unsigned_octets(mpval, buffer->data, len);
- if (err >= 0) err = MP_OKAY;
- buffer->len = len;
- } else if (arena) {
- /* The new value is longer, but working within an arena */
- (void)SECITEM_AllocItem(arena, buffer, len);
- err = mp_to_unsigned_octets(mpval, buffer->data, len);
- if (err >= 0) err = MP_OKAY;
- } else {
- /* The new value is longer, no arena, can't handle this key */
- return SECFailure;
- }
- return (err == MP_OKAY) ? SECSuccess : SECFailure;
-}
-
SECStatus
-RSA_PrivateKeyCheck(RSAPrivateKey *key)
+RSA_PrivateKeyCheck(const RSAPrivateKey *key)
{
mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
mp_err err = MP_OKAY;
@@ -1425,18 +1400,11 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
SECITEM_TO_MPINT(key->exponent1, &d_p);
SECITEM_TO_MPINT(key->exponent2, &d_q);
SECITEM_TO_MPINT(key->coefficient, &qInv);
- /* p > q */
+ /* The qInv check depends on p > q. */
if (mp_cmp(&p, &q) <= 0) {
/* mind the p's and q's (and d_p's and d_q's) */
- SECItem tmp;
mp_exch(&p, &q);
mp_exch(&d_p,&d_q);
Ryan Sleevi 2014/06/11 19:11:16 This now means we're allowing invalid qInvs. I sus
wtc 2014/06/11 19:35:24 I see. We can also just delete this p > q check (l
Ryan Sleevi 2014/06/11 19:41:13 We could, but it seems like that'd be more computa
- tmp = key->prime1;
- key->prime1 = key->prime2;
- key->prime2 = tmp;
- tmp = key->exponent1;
- key->exponent1 = key->exponent2;
- key->exponent2 = tmp;
}
#define VERIFY_MPI_EQUAL(m1, m2) \
if (mp_cmp(m1, m2) != 0) { \
« no previous file with comments | « nss/lib/freebl/blapi.h ('k') | nss/lib/softoken/pkcs11.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698