Attachment 849546 Details for Bug 1049229 – pem module changes to sync. up with upstream softoken/freebl changes

[patch] pem module changes to sync. up with upstream softoken/freebl changes

0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch (text/plain), 6.51 KB, created by Elio Maldonado Batiz on 2014-01-13 19:16:25 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Elio Maldonado Batiz

Created: 2014-01-13 19:16:25 UTC

Size: 6.51 KB

patch

obsolete

>From 67aaa70fb0e889ff7dd3668561bfb002dd83e018 Mon Sep 17 00:00:00 2001
>From: Elio Maldonado <emaldona@redhat.com>
>Date: Wed, 8 Jan 2014 10:02:19 -0800
>Subject: [PATCH 39/39] Sync up with nss-3.15.4 changes in freebl and softoken
>
>- Remove RSA_BlockOAEP cases which aren't used by the pem module after all
>- Copied the private RSA_BlockType data structure from freebl/pkcss11.c
>- Upstream removed softoken/rsawrapr.c and moved the code to freebl/pkcs11.c
>- per Mozilla Bug 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl
>- https://bugzilla.mozilla.org/show_bug.cgi?id=836019
>---
> mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 133 ++++-----------------------
> 1 file changed, 16 insertions(+), 117 deletions(-)
>
>diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
>index 5ac4f39..103eeda 100644
>--- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
>+++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
>@@ -60,6 +60,21 @@
> 
> #define FLAT_BUFSIZE 512        /* bytes to hold flattened SHA1Context. */
> 
>+/*
>+ * RSA block types
>+ *
>+ * The actual values are important -- they are fixed, *not* arbitrary.
>+ * The explicit value assignments are not needed (because C would give
>+ * us those same values anyway) but are included as a reminder...
>+ */
>+typedef enum {
>+    RSA_BlockUnused = 0,    /* unused */
>+    RSA_BlockPrivate = 1,   /* pad for a private-key operation */
>+    RSA_BlockPublic = 2,    /* pad for a public-key operation */
>+    RSA_BlockRaw = 4,       /* simply justify the block appropriately */
>+    RSA_BlockTotal
>+} RSA_BlockType;
>+
> unsigned
> pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
> {
>@@ -233,7 +248,6 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
>         /*
>          * Blocks intended for private-key operation.
>          */
>-    case RSA_BlockPrivate0:    /* essentially unused */
>     case RSA_BlockPrivate:     /* preferred method */
>         /*
>          * 0x00 || BT || Pad || 0x00 || ActualData
>@@ -246,10 +260,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
>             nss_ZFreeIf(block);
>             return NULL;
>         }
>-        nsslibc_memset(bp,
>-                       blockType == RSA_BlockPrivate0
>-                       ? RSA_BLOCK_PRIVATE0_PAD_OCTET
>-                       : RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
>+        nsslibc_memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
>         bp += padLen;
>         *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
>         nsslibc_memcpy(bp, data->data, data->len);
>@@ -288,97 +299,6 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
> 
>         break;
> 
>-        /*
>-         * Blocks intended for public-key operation, using
>-         * Optimal Asymmetric Encryption Padding (OAEP).
>-         */
>-    case RSA_BlockOAEP:
>-        /*
>-         * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
>-         *   1      1     OAEP_SALT_LEN     OAEP_PAD_LEN + data->len [+ N]
>-         *
>-         * where:
>-         *   PaddedData is "Pad1 || ActualData [|| Pad2]"
>-         *   Salt is random data.
>-         *   Pad1 is all zeros.
>-         *   Pad2, if present, is random data.
>-         *   (The "modified" fields are all the same length as the original
>-         * unmodified values; they are just xor'd with other values.)
>-         *
>-         *   Modified1 is an XOR of PaddedData with a special octet
>-         * string constructed of iterated hashing of Salt (see below).
>-         *   Modified2 is an XOR of Salt with the low-order octets of
>-         * the hash of Modified1 (see farther below ;-).
>-         *
>-         * Whew!
>-         */
>-
>-
>-        /*
>-         * Salt
>-         */
>-        rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
>-        if (rv != SECSuccess) {
>-            nss_ZFreeIf(block);
>-            return NULL;
>-        }
>-        bp += OAEP_SALT_LEN;
>-
>-        /*
>-         * Pad1
>-         */
>-        nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
>-        bp += OAEP_PAD_LEN;
>-
>-        /*
>-         * Data
>-         */
>-        nsslibc_memcpy(bp, data->data, data->len);
>-        bp += data->len;
>-
>-        /*
>-         * Pad2
>-         */
>-        if (bp < (block + modulusLen)) {
>-            rv = RNG_GenerateGlobalRandomBytes(bp,
>-                                               block - bp + modulusLen);
>-            if (rv != SECSuccess) {
>-                nss_ZFreeIf(block);
>-                return NULL;
>-            }
>-        }
>-
>-        /*
>-         * Now we have the following:
>-         * 0x00 || BT || Salt || PaddedData
>-         * (From this point on, "Pad1 || Data [|| Pad2]" is treated
>-         * as the one entity PaddedData.)
>-         *
>-         * We need to turn PaddedData into Modified1.
>-         */
>-        if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
>-                             modulusLen - 2 - OAEP_SALT_LEN,
>-                             block + 2, OAEP_SALT_LEN) != SECSuccess) {
>-            nss_ZFreeIf(block);
>-            return NULL;
>-        }
>-
>-        /*
>-         * Now we have:
>-         * 0x00 || BT || Salt || Modified1(PaddedData)
>-         *
>-         * The remaining task is to turn Salt into Modified2.
>-         */
>-        if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
>-                             block + 2 + OAEP_SALT_LEN,
>-                             modulusLen - 2 - OAEP_SALT_LEN) !=
>-            SECSuccess) {
>-            nss_ZFreeIf(block);
>-            return NULL;
>-        }
>-
>-        break;
>-
>     default:
>         PORT_Assert(0);
>         nss_ZFreeIf(block);
>@@ -406,7 +326,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen,
>      */
> 
>     switch (blockType) {
>-    case RSA_BlockPrivate0:
>     case RSA_BlockPrivate:
>     case RSA_BlockPublic:
>         /*
>@@ -427,26 +346,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen,
> 
>         break;
> 
>-    case RSA_BlockOAEP:
>-        /*
>-         * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
>-         *
>-         * The "2" below is the first octet + the second octet.
>-         * (The other fields do not contain the clear values, but are
>-         * the same length as the clear values.)
>-         */
>-        PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN
>-                                                + OAEP_PAD_LEN)));
>-
>-        result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
>-        if (result->data == NULL) {
>-            result->len = 0;
>-            return SECFailure;
>-        }
>-        result->len = modulusLen;
>-
>-        break;
>-
>     case RSA_BlockRaw:
>         /*
>          * Pad || ActualData
>-- 
>1.8.4.2
>

Flags:

rrelyea: review+

Actions: View | Diff

Attachments on bug 1049229: 849543 | 849545 | 849546 | 849559