nss: Update to 3.15.1
This commit is contained in:
parent
774634a248
commit
d17f7d2fdf
@ -1,68 +1,58 @@
|
||||
{ stdenv, fetchurl, fetchgit, nspr, perl, zlib, sqlite
|
||||
{ stdenv, fetchurl, nspr, perl, zlib, sqlite
|
||||
, includeTools ? false
|
||||
}:
|
||||
|
||||
let
|
||||
|
||||
nssPEM = fetchgit {
|
||||
url = "git://git.fedorahosted.org/git/nss-pem.git";
|
||||
rev = "07a683505d4a0a1113c4085c1ce117425d0afd80";
|
||||
sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8";
|
||||
nssPEM = fetchurl {
|
||||
url = http://dev.gentoo.org/~anarchy/patches/nss-3.15-pem-support-20130617.patch.xz;
|
||||
sha256 = "1k1m8lsgqwxx251943hks1dd13hz1adpqqb0hxwn011by5vmi201";
|
||||
};
|
||||
|
||||
secLoadPatch = fetchurl {
|
||||
name = "security_load.patch";
|
||||
urls = [
|
||||
# "http://patch-tracker.debian.org/patch/series/dl/nss/2:3.13.6-1/85_security_load.patch"
|
||||
# "http://anonscm.debian.org/gitweb/?p=pkg-mozilla/nss.git;a=blob_plain;f=debian/patches/85_security_load.patch;hb=HEAD"
|
||||
"http://www.parsix.org/export/7797/pkg/security/raul/main/nss/trunk/debian/patches/85_security_load.patch"
|
||||
];
|
||||
sha256 = "8a8d0ae4ebbd7c389973fa5d26d8bc5f473046c6cb1d8283cb9a3c1f4c565c47";
|
||||
urls = http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.1-1/85_security_load.patch;
|
||||
sha256 = "041c6v4cxwsy14qr5m9qs0gkv3w24g632cwpz27kacxpa886r1ds";
|
||||
};
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "nss-${version}";
|
||||
version = "3.14.3";
|
||||
version = "3.15.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_3_RTM/src/${name}.tar.gz";
|
||||
sha1 = "94d8781d1fa29cfbd37453dda3e9488709b82c4c";
|
||||
url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/${name}.tar.gz";
|
||||
sha1 = "1aa7c0ff8af7fb2c8b6e4886ae2291f4bfe0d5c0";
|
||||
};
|
||||
|
||||
buildInputs = [ nspr perl zlib sqlite ];
|
||||
|
||||
postUnpack = ''
|
||||
cp -rdv "${nssPEM}/mozilla/security/nss/lib/ckfw/pem" \
|
||||
"$sourceRoot/mozilla/security/nss/lib/ckfw/"
|
||||
chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem"
|
||||
prePatch = ''
|
||||
xz -d < ${nssPEM} | patch -p1
|
||||
'';
|
||||
|
||||
patches = [
|
||||
./nss-3.14.1-gentoo-fixups-r1.patch
|
||||
secLoadPatch
|
||||
./nix_secload_fixup.patch
|
||||
./sync-up-with-upstream-softokn-changes.patch
|
||||
];
|
||||
patches =
|
||||
[ ./nss-3.15-gentoo-fixups.patch
|
||||
secLoadPatch
|
||||
./nix_secload_fixup.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn
|
||||
|
||||
# Fix up the patch from Gentoo
|
||||
# Fix up the patch from Gentoo.
|
||||
sed -i \
|
||||
-e "/^PREFIX =/s|= /usr|= $out|" \
|
||||
-e '/@libdir@/s|gentoo/nss|lib|' \
|
||||
-e '/ln -sf/d' \
|
||||
mozilla/security/nss/config/Makefile
|
||||
nss/config/Makefile
|
||||
|
||||
# Note for spacing/tab nazis: The TAB characters are intentional!
|
||||
cat >> mozilla/security/nss/config/Makefile <<INSTALL_TARGET
|
||||
cat >> nss/config/Makefile <<INSTALL_TARGET
|
||||
install:
|
||||
mkdir -p \$(DIST)/lib/pkgconfig
|
||||
cp nss.pc \$(DIST)/lib/pkgconfig
|
||||
INSTALL_TARGET
|
||||
'';
|
||||
|
||||
preConfigure = "cd mozilla/security/nss";
|
||||
preConfigure = "cd nss";
|
||||
|
||||
makeFlags = [
|
||||
"NSPR_INCLUDE_DIR=${nspr}/include/nspr"
|
||||
@ -74,8 +64,6 @@ in stdenv.mkDerivation rec {
|
||||
"NSS_USE_SYSTEM_SQLITE=1"
|
||||
] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1";
|
||||
|
||||
buildFlags = [ "build_coreconf" "build_dbm" "all" ];
|
||||
|
||||
postInstall = ''
|
||||
rm -rf $out/private
|
||||
mv $out/public $out/include
|
||||
@ -83,6 +71,8 @@ in stdenv.mkDerivation rec {
|
||||
rmdir $out/*.OBJ
|
||||
|
||||
cp -av config/nss-config $out/bin/nss-config
|
||||
|
||||
ln -s lib $out/lib64
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
@ -94,4 +84,9 @@ in stdenv.mkDerivation rec {
|
||||
'' + stdenv.lib.optionalString (!includeTools) ''
|
||||
find $out/bin -type f \( -name nss-config -o -delete \)
|
||||
'';
|
||||
|
||||
meta = {
|
||||
homepage = https://developer.mozilla.org/en-US/docs/NSS;
|
||||
description = "A set of libraries for development of security-enabled client and server applications";
|
||||
};
|
||||
}
|
||||
|
@ -1,18 +1,7 @@
|
||||
diff --git a/mozilla/security/coreconf/config.mk b/mozilla/security/coreconf/config.mk
|
||||
index 72557c6..bdcbf88 100644
|
||||
--- a/mozilla/security/coreconf/config.mk
|
||||
+++ b/mozilla/security/coreconf/config.mk
|
||||
@@ -207,3 +207,5 @@ endif
|
||||
DEFINES += -DUSE_UTIL_DIRECTLY
|
||||
USE_UTIL_DIRECTLY = 1
|
||||
|
||||
+# nix specific stuff:
|
||||
+DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\"
|
||||
diff --git a/mozilla/security/nss/cmd/shlibsign/shlibsign.c b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
|
||||
index 5ce626e..e1e8039 100644
|
||||
--- a/mozilla/security/nss/cmd/shlibsign/shlibsign.c
|
||||
+++ b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
|
||||
@@ -770,7 +770,7 @@ int main(int argc, char **argv)
|
||||
diff -ru -x '*~' nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c nss-3.15.1/nss/cmd/shlibsign/shlibsign.c
|
||||
--- nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c 2013-08-07 16:03:40.013256377 +0200
|
||||
+++ nss-3.15.1/nss/cmd/shlibsign/shlibsign.c 2013-08-07 16:04:21.128410153 +0200
|
||||
@@ -853,7 +853,7 @@
|
||||
assert(libname != NULL);
|
||||
lib = PR_LoadLibrary(libname);
|
||||
if (!lib)
|
||||
@ -21,11 +10,20 @@ index 5ce626e..e1e8039 100644
|
||||
assert(lib != NULL);
|
||||
PR_FreeLibraryName(libname);
|
||||
|
||||
diff --git a/mozilla/security/nss/lib/util/secload.c b/mozilla/security/nss/lib/util/secload.c
|
||||
index 7d6fc22..0b7759b 100644
|
||||
--- a/mozilla/security/nss/lib/util/secload.c
|
||||
+++ b/mozilla/security/nss/lib/util/secload.c
|
||||
@@ -105,9 +105,9 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
|
||||
diff -ru -x '*~' nss-3.15.1-orig/nss/coreconf/config.mk nss-3.15.1/nss/coreconf/config.mk
|
||||
--- nss-3.15.1-orig/nss/coreconf/config.mk 2013-06-27 19:58:08.000000000 +0200
|
||||
+++ nss-3.15.1/nss/coreconf/config.mk 2013-08-07 16:11:27.364608802 +0200
|
||||
@@ -181,3 +181,6 @@
|
||||
|
||||
# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
|
||||
DEFINES += -DNO_NSPR_10_SUPPORT
|
||||
+
|
||||
+# Nix specific stuff.
|
||||
+DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\"
|
||||
diff -ru -x '*~' nss-3.15.1-orig/nss/lib/util/secload.c nss-3.15.1/nss/lib/util/secload.c
|
||||
--- nss-3.15.1-orig/nss/lib/util/secload.c 2013-08-07 16:03:40.014256381 +0200
|
||||
+++ nss-3.15.1/nss/lib/util/secload.c 2013-08-07 16:05:02.453563064 +0200
|
||||
@@ -70,9 +70,9 @@
|
||||
/* Remove the trailing filename from referencePath and add the new one */
|
||||
c = strrchr(referencePath, PR_GetDirectorySeparator());
|
||||
if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
|
||||
@ -38,7 +36,7 @@ index 7d6fc22..0b7759b 100644
|
||||
}
|
||||
if (c) {
|
||||
size_t referencePathSize = 1 + c - referencePath;
|
||||
@@ -125,8 +125,7 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
|
||||
@@ -90,8 +90,7 @@
|
||||
(strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
|
||||
memcpy(fullName + referencePathSize -4, "lib", 3);
|
||||
}
|
||||
|
@ -1,9 +1,8 @@
|
||||
diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/Makefile
|
||||
--- a/mozilla/security/nss/config/Makefile 1969-12-31 18:00:00.000000000 -0600
|
||||
+++ b/mozilla/security/nss/config/Makefile 2012-12-15 07:27:20.650148987 -0600
|
||||
--- a/nss/config/Makefile
|
||||
+++ b/nss/config/Makefile
|
||||
@@ -0,0 +1,40 @@
|
||||
+CORE_DEPTH = ../..
|
||||
+DEPTH = ../..
|
||||
+CORE_DEPTH = ..
|
||||
+DEPTH = ..
|
||||
+
|
||||
+include $(CORE_DEPTH)/coreconf/config.mk
|
||||
+
|
||||
@ -19,14 +18,14 @@ diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/M
|
||||
+ mkdir -p $(DIST)/lib/pkgconfig
|
||||
+ sed -e "s,@prefix@,$(PREFIX)," \
|
||||
+ -e "s,@exec_prefix@,\$${prefix}," \
|
||||
+ -e "s,@libdir@,\$${prefix}/gentoo/nss," \
|
||||
+ -e "s,@libdir@,\$${prefix}/lib64," \
|
||||
+ -e "s,@includedir@,\$${prefix}/include/nss," \
|
||||
+ -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
|
||||
+ -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
|
||||
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
|
||||
+ nss.pc.in > nss.pc
|
||||
+ chmod 0644 nss.pc
|
||||
+ ln -sf ../../../../../security/nss/config/nss.pc $(DIST)/lib/pkgconfig
|
||||
+ ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
|
||||
+
|
||||
+ # Create the nss-config script
|
||||
+ mkdir -p $(DIST)/bin
|
||||
@ -36,15 +35,14 @@ diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/M
|
||||
+ -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
|
||||
+ nss-config.in > nss-config
|
||||
+ chmod 0755 nss-config
|
||||
+ ln -sf ../../../../security/nss/config/nss-config $(DIST)/bin
|
||||
+ ln -sf ../../../config/nss-config $(DIST)/bin
|
||||
+
|
||||
+libs:
|
||||
+
|
||||
+dummy: all export libs
|
||||
+
|
||||
diff -urN a/mozilla/security/nss/config/nss-config.in b/mozilla/security/nss/config/nss-config.in
|
||||
--- a/mozilla/security/nss/config/nss-config.in 1969-12-31 18:00:00.000000000 -0600
|
||||
+++ b/mozilla/security/nss/config/nss-config.in 2012-12-15 07:27:20.651148959 -0600
|
||||
--- a/nss/config/nss-config.in
|
||||
+++ b/nss/config/nss-config.in
|
||||
@@ -0,0 +1,145 @@
|
||||
+#!/bin/sh
|
||||
+
|
||||
@ -191,9 +189,8 @@ diff -urN a/mozilla/security/nss/config/nss-config.in b/mozilla/security/nss/con
|
||||
+ echo $libdirs
|
||||
+fi
|
||||
+
|
||||
diff -urN a/mozilla/security/nss/config/nss.pc.in b/mozilla/security/nss/config/nss.pc.in
|
||||
--- a/mozilla/security/nss/config/nss.pc.in 1969-12-31 18:00:00.000000000 -0600
|
||||
+++ b/mozilla/security/nss/config/nss.pc.in 2012-12-15 07:27:20.651148959 -0600
|
||||
--- a/nss/config/nss.pc.in
|
||||
+++ b/nss/config/nss.pc.in
|
||||
@@ -0,0 +1,12 @@
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
@ -207,37 +204,35 @@ diff -urN a/mozilla/security/nss/config/nss.pc.in b/mozilla/security/nss/config/
|
||||
+Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
|
||||
+Cflags: -I${includedir}
|
||||
+
|
||||
diff -urN a/mozilla/security/nss/Makefile b/mozilla/security/nss/Makefile
|
||||
--- a/mozilla/security/nss/Makefile 2012-11-13 19:14:07.000000000 -0600
|
||||
+++ b/mozilla/security/nss/Makefile 2012-12-15 07:27:57.235162137 -0600
|
||||
--- a/nss/Makefile
|
||||
+++ b/nss/Makefile
|
||||
@@ -44,7 +44,7 @@
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
-nss_build_all: build_coreconf build_nspr build_dbm all
|
||||
+nss_build_all: build_coreconf build_dbm all
|
||||
-nss_build_all: build_nspr all
|
||||
+nss_build_all: all
|
||||
|
||||
nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
|
||||
nss_clean_all: clobber_nspr clobber
|
||||
|
||||
@@ -106,12 +106,6 @@
|
||||
@@ -103,12 +103,6 @@
|
||||
--with-dist-prefix='$(NSPR_PREFIX)' \
|
||||
--with-dist-includedir='$(NSPR_PREFIX)/include'
|
||||
|
||||
-build_nspr: $(NSPR_CONFIG_STATUS)
|
||||
- $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)
|
||||
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
|
||||
-
|
||||
-clobber_nspr: $(NSPR_CONFIG_STATUS)
|
||||
- $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) clobber
|
||||
- $(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
|
||||
-
|
||||
build_dbm:
|
||||
ifdef NSS_DISABLE_DBM
|
||||
@echo "skipping the build of DBM"
|
||||
diff -urN a/mozilla/security/nss/manifest.mn b/mozilla/security/nss/manifest.mn
|
||||
--- a/mozilla/security/nss/manifest.mn 2012-03-20 09:46:49.000000000 -0500
|
||||
+++ b/mozilla/security/nss/manifest.mn 2012-12-15 07:27:20.652148933 -0600
|
||||
@@ -10,6 +10,6 @@
|
||||
build_docs:
|
||||
$(MAKE) -C $(CORE_DEPTH)/doc
|
||||
|
||||
--- a/nss/manifest.mn
|
||||
+++ b/nss/manifest.mn
|
||||
@@ -10,4 +10,4 @@
|
||||
|
||||
RELEASE = nss
|
||||
|
||||
-DIRS = lib cmd
|
||||
+DIRS = lib cmd config
|
||||
-DIRS = coreconf lib cmd
|
||||
+DIRS = coreconf lib cmd config
|
@ -1,406 +0,0 @@
|
||||
From d6dbecfea317a468be12423595e584f43d84d8ec Mon Sep 17 00:00:00 2001
|
||||
From: Elio Maldonado <emaldona@redhat.com>
|
||||
Date: Sat, 9 Feb 2013 17:11:00 -0500
|
||||
Subject: [PATCH] Sync up with upstream softokn changes
|
||||
|
||||
- Disable RSA OEP case in FormatBlock, RSA_OAEP support is experimental and in a state of flux
|
||||
- Numerous change upstream due to the work for TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
|
||||
- It now compiles with the NSS_3_14_3_BETA1 source
|
||||
---
|
||||
mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 338 +++++++-------------------
|
||||
1 files changed, 82 insertions(+), 256 deletions(-)
|
||||
|
||||
diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
|
||||
index 5ac4f39..3780d30 100644
|
||||
--- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
|
||||
+++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
|
||||
@@ -46,6 +46,7 @@
|
||||
#include "sechash.h"
|
||||
#include "base.h"
|
||||
|
||||
+#include "lowkeyi.h"
|
||||
#include "secerr.h"
|
||||
|
||||
#define RSA_BLOCK_MIN_PAD_LEN 8
|
||||
@@ -54,9 +55,8 @@
|
||||
#define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff
|
||||
#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
|
||||
|
||||
-#define OAEP_SALT_LEN 8
|
||||
-#define OAEP_PAD_LEN 8
|
||||
-#define OAEP_PAD_OCTET 0x00
|
||||
+/* Needed for RSA-PSS functions */
|
||||
+static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
||||
|
||||
#define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */
|
||||
|
||||
@@ -78,127 +78,39 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static SHA1Context *SHA1_CloneContext(SHA1Context * original)
|
||||
-{
|
||||
- SHA1Context *clone = NULL;
|
||||
- unsigned char *pBuf;
|
||||
- int sha1ContextSize = SHA1_FlattenSize(original);
|
||||
- SECStatus frv;
|
||||
- unsigned char buf[FLAT_BUFSIZE];
|
||||
-
|
||||
- PORT_Assert(sizeof buf >= sha1ContextSize);
|
||||
- if (sizeof buf >= sha1ContextSize) {
|
||||
- pBuf = buf;
|
||||
- } else {
|
||||
- pBuf = nss_ZAlloc(NULL, sha1ContextSize);
|
||||
- if (!pBuf)
|
||||
- goto done;
|
||||
- }
|
||||
-
|
||||
- frv = SHA1_Flatten(original, pBuf);
|
||||
- if (frv == SECSuccess) {
|
||||
- clone = SHA1_Resurrect(pBuf, NULL);
|
||||
- memset(pBuf, 0, sha1ContextSize);
|
||||
- }
|
||||
- done:
|
||||
- if (pBuf != buf)
|
||||
- nss_ZFreeIf(pBuf);
|
||||
- return clone;
|
||||
+/* Constant time comparison of a single byte.
|
||||
+ * Returns 1 iff a == b, otherwise returns 0.
|
||||
+ * Note: For ranges of bytes, use constantTimeCompare.
|
||||
+ */
|
||||
+static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) {
|
||||
+ unsigned char c = ~(a - b | b - a);
|
||||
+ c >>= 7;
|
||||
+ return c;
|
||||
}
|
||||
|
||||
-/*
|
||||
- * Modify data by XORing it with a special hash of salt.
|
||||
+/* Constant time comparison of a range of bytes.
|
||||
+ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise
|
||||
+ * returns 0.
|
||||
*/
|
||||
-static SECStatus
|
||||
-oaep_xor_with_h1(unsigned char *data, unsigned int datalen,
|
||||
- unsigned char *salt, unsigned int saltlen)
|
||||
-{
|
||||
- SHA1Context *sha1cx;
|
||||
- unsigned char *dp, *dataend;
|
||||
- unsigned char end_octet;
|
||||
-
|
||||
- sha1cx = SHA1_NewContext();
|
||||
- if (sha1cx == NULL) {
|
||||
- return SECFailure;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * Get a hash of salt started; we will use it several times,
|
||||
- * adding in a different end octet (x00, x01, x02, ...).
|
||||
- */
|
||||
- SHA1_Begin(sha1cx);
|
||||
- SHA1_Update(sha1cx, salt, saltlen);
|
||||
- end_octet = 0;
|
||||
-
|
||||
- dp = data;
|
||||
- dataend = data + datalen;
|
||||
-
|
||||
- while (dp < dataend) {
|
||||
- SHA1Context *sha1cx_h1;
|
||||
- unsigned int sha1len, sha1off;
|
||||
- unsigned char sha1[SHA1_LENGTH];
|
||||
-
|
||||
- /*
|
||||
- * Create hash of (salt || end_octet)
|
||||
- */
|
||||
- sha1cx_h1 = SHA1_CloneContext(sha1cx);
|
||||
- SHA1_Update(sha1cx_h1, &end_octet, 1);
|
||||
- SHA1_End(sha1cx_h1, sha1, &sha1len, sizeof(sha1));
|
||||
- SHA1_DestroyContext(sha1cx_h1, PR_TRUE);
|
||||
- PORT_Assert(sha1len == SHA1_LENGTH);
|
||||
-
|
||||
- /*
|
||||
- * XOR that hash with the data.
|
||||
- * When we have fewer than SHA1_LENGTH octets of data
|
||||
- * left to xor, use just the low-order ones of the hash.
|
||||
- */
|
||||
- sha1off = 0;
|
||||
- if ((dataend - dp) < SHA1_LENGTH)
|
||||
- sha1off = SHA1_LENGTH - (dataend - dp);
|
||||
- while (sha1off < SHA1_LENGTH)
|
||||
- *dp++ ^= sha1[sha1off++];
|
||||
-
|
||||
- /*
|
||||
- * Bump for next hash chunk.
|
||||
- */
|
||||
- end_octet++;
|
||||
- }
|
||||
-
|
||||
- SHA1_DestroyContext(sha1cx, PR_TRUE);
|
||||
- return SECSuccess;
|
||||
+static unsigned char constantTimeCompare(const unsigned char *a,
|
||||
+ const unsigned char *b,
|
||||
+ unsigned int len) {
|
||||
+ unsigned char tmp = 0;
|
||||
+ unsigned int i;
|
||||
+ for (i = 0; i < len; ++i, ++a, ++b)
|
||||
+ tmp |= *a ^ *b;
|
||||
+ return constantTimeEQ8(0x00, tmp);
|
||||
}
|
||||
|
||||
-/*
|
||||
- * Modify salt by XORing it with a special hash of data.
|
||||
+/* Constant time conditional.
|
||||
+ * Returns a if c is 1, or b if c is 0. The result is undefined if c is
|
||||
+ * not 0 or 1.
|
||||
*/
|
||||
-static SECStatus
|
||||
-oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen,
|
||||
- unsigned char *data, unsigned int datalen)
|
||||
+static unsigned int constantTimeCondition(unsigned int c,
|
||||
+ unsigned int a,
|
||||
+ unsigned int b)
|
||||
{
|
||||
- unsigned char sha1[SHA1_LENGTH];
|
||||
- unsigned char *psalt, *psha1, *saltend;
|
||||
- SECStatus rv;
|
||||
-
|
||||
- /*
|
||||
- * Create a hash of data.
|
||||
- */
|
||||
- rv = SHA1_HashBuf(sha1, data, datalen);
|
||||
- if (rv != SECSuccess) {
|
||||
- return rv;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * XOR the low-order octets of that hash with salt.
|
||||
- */
|
||||
- PORT_Assert(saltlen <= SHA1_LENGTH);
|
||||
- saltend = salt + saltlen;
|
||||
- psalt = salt;
|
||||
- psha1 = sha1 + SHA1_LENGTH - saltlen;
|
||||
- while (psalt < saltend) {
|
||||
- *psalt++ ^= *psha1++;
|
||||
- }
|
||||
-
|
||||
- return SECSuccess;
|
||||
+ return (~(c - 1) & a) | ((c - 1) & b);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -212,7 +124,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
|
||||
unsigned char *block;
|
||||
unsigned char *bp;
|
||||
int padLen;
|
||||
- int i;
|
||||
+ int i, j;
|
||||
SECStatus rv;
|
||||
|
||||
block = (unsigned char *) nss_ZAlloc(NULL, modulusLen);
|
||||
@@ -260,124 +172,58 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
|
||||
*/
|
||||
case RSA_BlockPublic:
|
||||
|
||||
- /*
|
||||
- * 0x00 || BT || Pad || 0x00 || ActualData
|
||||
- * 1 1 padLen 1 data->len
|
||||
- * Pad is all non-zero random bytes.
|
||||
- */
|
||||
- padLen = modulusLen - data->len - 3;
|
||||
- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
|
||||
- if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
|
||||
- nss_ZFreeIf(block);
|
||||
- return NULL;
|
||||
- }
|
||||
- for (i = 0; i < padLen; i++) {
|
||||
- /* Pad with non-zero random data. */
|
||||
- do {
|
||||
- rv = RNG_GenerateGlobalRandomBytes(bp + i, 1);
|
||||
- } while (rv == SECSuccess
|
||||
- && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
|
||||
- if (rv != SECSuccess) {
|
||||
- nss_ZFreeIf(block);
|
||||
- return NULL;
|
||||
- }
|
||||
- }
|
||||
- bp += padLen;
|
||||
- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
|
||||
- nsslibc_memcpy(bp, data->data, data->len);
|
||||
-
|
||||
- break;
|
||||
-
|
||||
- /*
|
||||
- * Blocks intended for public-key operation, using
|
||||
- * Optimal Asymmetric Encryption Padding (OAEP).
|
||||
- */
|
||||
- case RSA_BlockOAEP:
|
||||
- /*
|
||||
- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
|
||||
- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N]
|
||||
- *
|
||||
- * where:
|
||||
- * PaddedData is "Pad1 || ActualData [|| Pad2]"
|
||||
- * Salt is random data.
|
||||
- * Pad1 is all zeros.
|
||||
- * Pad2, if present, is random data.
|
||||
- * (The "modified" fields are all the same length as the original
|
||||
- * unmodified values; they are just xor'd with other values.)
|
||||
- *
|
||||
- * Modified1 is an XOR of PaddedData with a special octet
|
||||
- * string constructed of iterated hashing of Salt (see below).
|
||||
- * Modified2 is an XOR of Salt with the low-order octets of
|
||||
- * the hash of Modified1 (see farther below ;-).
|
||||
- *
|
||||
- * Whew!
|
||||
- */
|
||||
-
|
||||
-
|
||||
- /*
|
||||
- * Salt
|
||||
- */
|
||||
- rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
|
||||
- if (rv != SECSuccess) {
|
||||
- nss_ZFreeIf(block);
|
||||
- return NULL;
|
||||
- }
|
||||
- bp += OAEP_SALT_LEN;
|
||||
-
|
||||
- /*
|
||||
- * Pad1
|
||||
- */
|
||||
- nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
|
||||
- bp += OAEP_PAD_LEN;
|
||||
-
|
||||
- /*
|
||||
- * Data
|
||||
- */
|
||||
- nsslibc_memcpy(bp, data->data, data->len);
|
||||
- bp += data->len;
|
||||
-
|
||||
- /*
|
||||
- * Pad2
|
||||
- */
|
||||
- if (bp < (block + modulusLen)) {
|
||||
- rv = RNG_GenerateGlobalRandomBytes(bp,
|
||||
- block - bp + modulusLen);
|
||||
- if (rv != SECSuccess) {
|
||||
- nss_ZFreeIf(block);
|
||||
- return NULL;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * Now we have the following:
|
||||
- * 0x00 || BT || Salt || PaddedData
|
||||
- * (From this point on, "Pad1 || Data [|| Pad2]" is treated
|
||||
- * as the one entity PaddedData.)
|
||||
- *
|
||||
- * We need to turn PaddedData into Modified1.
|
||||
- */
|
||||
- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
|
||||
- modulusLen - 2 - OAEP_SALT_LEN,
|
||||
- block + 2, OAEP_SALT_LEN) != SECSuccess) {
|
||||
- nss_ZFreeIf(block);
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * Now we have:
|
||||
- * 0x00 || BT || Salt || Modified1(PaddedData)
|
||||
- *
|
||||
- * The remaining task is to turn Salt into Modified2.
|
||||
- */
|
||||
- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
|
||||
- block + 2 + OAEP_SALT_LEN,
|
||||
- modulusLen - 2 - OAEP_SALT_LEN) !=
|
||||
- SECSuccess) {
|
||||
- nss_ZFreeIf(block);
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- break;
|
||||
+ /*
|
||||
+ * 0x00 || BT || Pad || 0x00 || ActualData
|
||||
+ * 1 1 padLen 1 data->len
|
||||
+ * Pad is all non-zero random bytes.
|
||||
+ *
|
||||
+ * Build the block left to right.
|
||||
+ * Fill the entire block from Pad to the end with random bytes.
|
||||
+ * Use the bytes after Pad as a supply of extra random bytes from
|
||||
+ * which to find replacements for the zero bytes in Pad.
|
||||
+ * If we need more than that, refill the bytes after Pad with
|
||||
+ * new random bytes as necessary.
|
||||
+ */
|
||||
+ padLen = modulusLen - (data->len + 3);
|
||||
+ PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
|
||||
+ if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
|
||||
+ nss_ZFreeIf (block);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ j = modulusLen - 2;
|
||||
+ rv = RNG_GenerateGlobalRandomBytes(bp, j);
|
||||
+ if (rv == SECSuccess) {
|
||||
+ for (i = 0; i < padLen; ) {
|
||||
+ unsigned char repl;
|
||||
+ /* Pad with non-zero random data. */
|
||||
+ if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
|
||||
+ ++i;
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (j <= padLen) {
|
||||
+ rv = RNG_GenerateGlobalRandomBytes(bp + padLen,
|
||||
+ modulusLen - (2 + padLen));
|
||||
+ if (rv != SECSuccess)
|
||||
+ break;
|
||||
+ j = modulusLen - 2;
|
||||
+ }
|
||||
+ do {
|
||||
+ repl = bp[--j];
|
||||
+ } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen);
|
||||
+ if (repl != RSA_BLOCK_AFTER_PAD_OCTET) {
|
||||
+ bp[i++] = repl;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ if (rv != SECSuccess) {
|
||||
+ /*sftk_fatalError = PR_TRUE;*/
|
||||
+ nss_ZFreeIf (block);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ bp += padLen;
|
||||
+ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
|
||||
+ nsslibc_memcpy(bp, data->data, data->len);
|
||||
+ break;
|
||||
|
||||
default:
|
||||
PORT_Assert(0);
|
||||
@@ -427,26 +273,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen,
|
||||
|
||||
break;
|
||||
|
||||
- case RSA_BlockOAEP:
|
||||
- /*
|
||||
- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
|
||||
- *
|
||||
- * The "2" below is the first octet + the second octet.
|
||||
- * (The other fields do not contain the clear values, but are
|
||||
- * the same length as the clear values.)
|
||||
- */
|
||||
- PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN
|
||||
- + OAEP_PAD_LEN)));
|
||||
-
|
||||
- result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
|
||||
- if (result->data == NULL) {
|
||||
- result->len = 0;
|
||||
- return SECFailure;
|
||||
- }
|
||||
- result->len = modulusLen;
|
||||
-
|
||||
- break;
|
||||
-
|
||||
case RSA_BlockRaw:
|
||||
/*
|
||||
* Pad || ActualData
|
||||
--
|
||||
1.7.1
|
||||
|
Loading…
Reference in New Issue
Block a user