Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1002)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: patches/nss-rsa-key-check.patch

Issue 329663003: Apply the fix for NSS bug 1021102 from the NSS upstream. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/nss
Patch Set: RSA_PrivateKeyCheck should require p > q. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/softoken/pkcs11.c ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: patches/nss-rsa-key-check.patch
diff --git a/patches/nss-rsa-key-check.patch b/patches/nss-rsa-key-check.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6935fa78cbb1a4862a84e57f66345c1758fb4b39
--- /dev/null
+++ b/patches/nss-rsa-key-check.patch
@@ -0,0 +1,109 @@
+diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h
+index 97fa28b..682be76 100644
+--- a/nss/lib/freebl/blapi.h
++++ b/nss/lib/freebl/blapi.h
+@@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key,
+ /*
+ ** Perform a check of private key parameters for consistency.
+ */
+-extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key);
++extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
+
+ /*
+ ** Given only minimal private key parameters, fill in the rest of the
+diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c
+index fb4b5d0..34bc395 100644
+--- a/nss/lib/freebl/rsa.c
++++ b/nss/lib/freebl/rsa.c
+@@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+ return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
+ }
+
+-static SECStatus
+-swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer)
+-{
+- int len;
+- mp_err err = MP_OKAY;
+- memset(buffer->data, 0, buffer->len);
+- len = mp_unsigned_octet_size(mpval);
+- if (len <= 0) return SECFailure;
+- if ((unsigned int)len <= buffer->len) {
+- /* The new value is no longer than the old buffer, so use it */
+- err = mp_to_unsigned_octets(mpval, buffer->data, len);
+- if (err >= 0) err = MP_OKAY;
+- buffer->len = len;
+- } else if (arena) {
+- /* The new value is longer, but working within an arena */
+- (void)SECITEM_AllocItem(arena, buffer, len);
+- err = mp_to_unsigned_octets(mpval, buffer->data, len);
+- if (err >= 0) err = MP_OKAY;
+- } else {
+- /* The new value is longer, no arena, can't handle this key */
+- return SECFailure;
+- }
+- return (err == MP_OKAY) ? SECSuccess : SECFailure;
+-}
+-
+ SECStatus
+-RSA_PrivateKeyCheck(RSAPrivateKey *key)
++RSA_PrivateKeyCheck(const RSAPrivateKey *key)
+ {
+ mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
+ mp_err err = MP_OKAY;
+@@ -1425,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
+ SECITEM_TO_MPINT(key->exponent1, &d_p);
+ SECITEM_TO_MPINT(key->exponent2, &d_q);
+ SECITEM_TO_MPINT(key->coefficient, &qInv);
+- /* p > q */
++ /* p > q */
+ if (mp_cmp(&p, &q) <= 0) {
+- /* mind the p's and q's (and d_p's and d_q's) */
+- SECItem tmp;
+- mp_exch(&p, &q);
+- mp_exch(&d_p,&d_q);
+- tmp = key->prime1;
+- key->prime1 = key->prime2;
+- key->prime2 = tmp;
+- tmp = key->exponent1;
+- key->exponent1 = key->exponent2;
+- key->exponent2 = tmp;
++ rv = SECFailure;
++ goto cleanup;
+ }
+ #define VERIFY_MPI_EQUAL(m1, m2) \
+ if (mp_cmp(m1, m2) != 0) { \
+diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c
+index a4e769e..c541946 100644
+--- a/nss/lib/softoken/pkcs11.c
++++ b/nss/lib/softoken/pkcs11.c
+@@ -2057,12 +2057,12 @@ sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded)
+ sftk_item_expand(&tmpKey.exponent1));
+ if (crv != CKR_OK) goto loser;
+ }
+- if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) {
++ if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) {
+ crv = sftk_forceAttribute(object, CKA_EXPONENT_2,
+ sftk_item_expand(&tmpKey.exponent2));
+ if (crv != CKR_OK) goto loser;
+ }
+- if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) {
++ if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) {
+ crv = sftk_forceAttribute(object, CKA_COEFFICIENT,
+ sftk_item_expand(&tmpKey.coefficient));
+ if (crv != CKR_OK) goto loser;
+@@ -2089,6 +2089,15 @@ loser:
+ if (publicExponent) {
+ sftk_FreeAttribute(publicExponent);
+ }
++ if (exponent1) {
++ sftk_FreeAttribute(exponent1);
++ }
++ if (exponent2) {
++ sftk_FreeAttribute(exponent2);
++ }
++ if (coefficient) {
++ sftk_FreeAttribute(coefficient);
++ }
+ return rv;
+ }
+
« no previous file with comments | « nss/lib/softoken/pkcs11.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698