From 7285eaab48aed62e9f3bf295db960bc26f3b8b87 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Jan 08 2014 18:24:30 +0000 Subject: Regenerated pem patch to be suitable for submission to interim upstream pem --- diff --git a/0001-sync-up-with-upstream-softokn-changes.patch b/0001-sync-up-with-upstream-softokn-changes.patch deleted file mode 100644 index 3416ed3..0000000 --- a/0001-sync-up-with-upstream-softokn-changes.patch +++ /dev/null @@ -1,178 +0,0 @@ -diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsawrapr.c ---- ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream 2013-12-26 14:21:08.000000000 -0800 -+++ ./nss/lib/ckfw/pem/rsawrapr.c 2014-01-08 09:05:09.549718089 -0800 -@@ -60,6 +60,21 @@ - - #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ - -+/* -+ * RSA block types -+ * -+ * The actual values are important -- they are fixed, *not* arbitrary. -+ * The explicit value assignments are not needed (because C would give -+ * us those same values anyway) but are included as a reminder... -+ */ -+typedef enum { -+ RSA_BlockUnused = 0, /* unused */ -+ RSA_BlockPrivate = 1, /* pad for a private-key operation */ -+ RSA_BlockPublic = 2, /* pad for a public-key operation */ -+ RSA_BlockRaw = 4, /* simply justify the block appropriately */ -+ RSA_BlockTotal -+} RSA_BlockType; -+ - unsigned - pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk) - { -@@ -233,7 +248,6 @@ static unsigned char *rsa_FormatOneBlock - /* - * Blocks intended for private-key operation. - */ -- case RSA_BlockPrivate0: /* essentially unused */ - case RSA_BlockPrivate: /* preferred method */ - /* - * 0x00 || BT || Pad || 0x00 || ActualData -@@ -246,10 +260,7 @@ static unsigned char *rsa_FormatOneBlock - nss_ZFreeIf(block); - return NULL; - } -- nsslibc_memset(bp, -- blockType == RSA_BlockPrivate0 -- ? RSA_BLOCK_PRIVATE0_PAD_OCTET -- : RSA_BLOCK_PRIVATE_PAD_OCTET, padLen); -+ nsslibc_memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen); - bp += padLen; - *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; - nsslibc_memcpy(bp, data->data, data->len); -@@ -288,97 +299,6 @@ static unsigned char *rsa_FormatOneBlock - - break; - -- /* -- * Blocks intended for public-key operation, using -- * Optimal Asymmetric Encryption Padding (OAEP). -- */ -- case RSA_BlockOAEP: -- /* -- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData) -- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N] -- * -- * where: -- * PaddedData is "Pad1 || ActualData [|| Pad2]" -- * Salt is random data. -- * Pad1 is all zeros. -- * Pad2, if present, is random data. -- * (The "modified" fields are all the same length as the original -- * unmodified values; they are just xor'd with other values.) -- * -- * Modified1 is an XOR of PaddedData with a special octet -- * string constructed of iterated hashing of Salt (see below). -- * Modified2 is an XOR of Salt with the low-order octets of -- * the hash of Modified1 (see farther below ;-). -- * -- * Whew! -- */ -- -- -- /* -- * Salt -- */ -- rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN); -- if (rv != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- bp += OAEP_SALT_LEN; -- -- /* -- * Pad1 -- */ -- nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN); -- bp += OAEP_PAD_LEN; -- -- /* -- * Data -- */ -- nsslibc_memcpy(bp, data->data, data->len); -- bp += data->len; -- -- /* -- * Pad2 -- */ -- if (bp < (block + modulusLen)) { -- rv = RNG_GenerateGlobalRandomBytes(bp, -- block - bp + modulusLen); -- if (rv != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- } -- -- /* -- * Now we have the following: -- * 0x00 || BT || Salt || PaddedData -- * (From this point on, "Pad1 || Data [|| Pad2]" is treated -- * as the one entity PaddedData.) -- * -- * We need to turn PaddedData into Modified1. -- */ -- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN, -- modulusLen - 2 - OAEP_SALT_LEN, -- block + 2, OAEP_SALT_LEN) != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- -- /* -- * Now we have: -- * 0x00 || BT || Salt || Modified1(PaddedData) -- * -- * The remaining task is to turn Salt into Modified2. -- */ -- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN, -- block + 2 + OAEP_SALT_LEN, -- modulusLen - 2 - OAEP_SALT_LEN) != -- SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- -- break; -- - default: - PORT_Assert(0); - nss_ZFreeIf(block); -@@ -406,7 +326,6 @@ rsa_FormatBlock(SECItem * result, unsign - */ - - switch (blockType) { -- case RSA_BlockPrivate0: - case RSA_BlockPrivate: - case RSA_BlockPublic: - /* -@@ -420,26 +339,6 @@ rsa_FormatBlock(SECItem * result, unsign - - result->data = rsa_FormatOneBlock(modulusLen, blockType, data); - if (result->data == NULL) { -- result->len = 0; -- return SECFailure; -- } -- result->len = modulusLen; -- -- break; -- -- case RSA_BlockOAEP: -- /* -- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2]) -- * -- * The "2" below is the first octet + the second octet. -- * (The other fields do not contain the clear values, but are -- * the same length as the clear values.) -- */ -- PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN -- + OAEP_PAD_LEN))); -- -- result->data = rsa_FormatOneBlock(modulusLen, blockType, data); -- if (result->data == NULL) { - result->len = 0; - return SECFailure; - } diff --git a/0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch b/0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch new file mode 100644 index 0000000..53ab4c1 --- /dev/null +++ b/0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch @@ -0,0 +1,196 @@ +From 67aaa70fb0e889ff7dd3668561bfb002dd83e018 Mon Sep 17 00:00:00 2001 +From: Elio Maldonado +Date: Wed, 8 Jan 2014 10:02:19 -0800 +Subject: [PATCH 39/39] Sync up with nss-3.15.4 changes in freebl and softoken + +- Remove RSA_BlockOAEP cases which aren't used by the pem module after all +- Copied the private RSA_BlockType data structure from freebl/pkcss11.c +- Upstream removed softoken/rsawrapr.c and moved the code to freebl/pkcs11.c +- per Mozilla Bug 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl +- https://bugzilla.mozilla.org/show_bug.cgi?id=836019 +--- + mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 133 ++++----------------------- + 1 file changed, 16 insertions(+), 117 deletions(-) + +diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +index 5ac4f39..103eeda 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c ++++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +@@ -60,6 +60,21 @@ + + #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ + ++/* ++ * RSA block types ++ * ++ * The actual values are important -- they are fixed, *not* arbitrary. ++ * The explicit value assignments are not needed (because C would give ++ * us those same values anyway) but are included as a reminder... ++ */ ++typedef enum { ++ RSA_BlockUnused = 0, /* unused */ ++ RSA_BlockPrivate = 1, /* pad for a private-key operation */ ++ RSA_BlockPublic = 2, /* pad for a public-key operation */ ++ RSA_BlockRaw = 4, /* simply justify the block appropriately */ ++ RSA_BlockTotal ++} RSA_BlockType; ++ + unsigned + pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk) + { +@@ -233,7 +248,6 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, + /* + * Blocks intended for private-key operation. + */ +- case RSA_BlockPrivate0: /* essentially unused */ + case RSA_BlockPrivate: /* preferred method */ + /* + * 0x00 || BT || Pad || 0x00 || ActualData +@@ -246,10 +260,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, + nss_ZFreeIf(block); + return NULL; + } +- nsslibc_memset(bp, +- blockType == RSA_BlockPrivate0 +- ? RSA_BLOCK_PRIVATE0_PAD_OCTET +- : RSA_BLOCK_PRIVATE_PAD_OCTET, padLen); ++ nsslibc_memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen); + bp += padLen; + *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; + nsslibc_memcpy(bp, data->data, data->len); +@@ -288,97 +299,6 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, + + break; + +- /* +- * Blocks intended for public-key operation, using +- * Optimal Asymmetric Encryption Padding (OAEP). +- */ +- case RSA_BlockOAEP: +- /* +- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData) +- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N] +- * +- * where: +- * PaddedData is "Pad1 || ActualData [|| Pad2]" +- * Salt is random data. +- * Pad1 is all zeros. +- * Pad2, if present, is random data. +- * (The "modified" fields are all the same length as the original +- * unmodified values; they are just xor'd with other values.) +- * +- * Modified1 is an XOR of PaddedData with a special octet +- * string constructed of iterated hashing of Salt (see below). +- * Modified2 is an XOR of Salt with the low-order octets of +- * the hash of Modified1 (see farther below ;-). +- * +- * Whew! +- */ +- +- +- /* +- * Salt +- */ +- rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN); +- if (rv != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- bp += OAEP_SALT_LEN; +- +- /* +- * Pad1 +- */ +- nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN); +- bp += OAEP_PAD_LEN; +- +- /* +- * Data +- */ +- nsslibc_memcpy(bp, data->data, data->len); +- bp += data->len; +- +- /* +- * Pad2 +- */ +- if (bp < (block + modulusLen)) { +- rv = RNG_GenerateGlobalRandomBytes(bp, +- block - bp + modulusLen); +- if (rv != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- } +- +- /* +- * Now we have the following: +- * 0x00 || BT || Salt || PaddedData +- * (From this point on, "Pad1 || Data [|| Pad2]" is treated +- * as the one entity PaddedData.) +- * +- * We need to turn PaddedData into Modified1. +- */ +- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN, +- modulusLen - 2 - OAEP_SALT_LEN, +- block + 2, OAEP_SALT_LEN) != SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- +- /* +- * Now we have: +- * 0x00 || BT || Salt || Modified1(PaddedData) +- * +- * The remaining task is to turn Salt into Modified2. +- */ +- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN, +- block + 2 + OAEP_SALT_LEN, +- modulusLen - 2 - OAEP_SALT_LEN) != +- SECSuccess) { +- nss_ZFreeIf(block); +- return NULL; +- } +- +- break; +- + default: + PORT_Assert(0); + nss_ZFreeIf(block); +@@ -406,7 +326,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen, + */ + + switch (blockType) { +- case RSA_BlockPrivate0: + case RSA_BlockPrivate: + case RSA_BlockPublic: + /* +@@ -427,26 +346,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen, + + break; + +- case RSA_BlockOAEP: +- /* +- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2]) +- * +- * The "2" below is the first octet + the second octet. +- * (The other fields do not contain the clear values, but are +- * the same length as the clear values.) +- */ +- PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN +- + OAEP_PAD_LEN))); +- +- result->data = rsa_FormatOneBlock(modulusLen, blockType, data); +- if (result->data == NULL) { +- result->len = 0; +- return SECFailure; +- } +- result->len = modulusLen; +- +- break; +- + case RSA_BlockRaw: + /* + * Pad || ActualData +-- +1.8.4.2 + diff --git a/nss.spec b/nss.spec index cb1057b..23baa3f 100644 --- a/nss.spec +++ b/nss.spec @@ -80,7 +80,7 @@ Patch18: nss-646045.patch Patch25: nsspem-use-system-freebl.patch # TODO: Remove this patch when the ocsp test are fixed Patch40: nss-3.14.0.0-disble-ocsp-test.patch -Patch44: 0001-sync-up-with-upstream-softokn-changes.patch +Patch44: 0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator Patch47: utilwrap-include-templates.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171 @@ -172,7 +172,7 @@ low level services. # link pem against buildroot's freebl, essential when mixing and matching %patch25 -p0 -b .systemfreebl %patch40 -p0 -b .noocsptest -%patch44 -p1 -b .syncupwithupstream +%patch44 -p3 -b .syncupwithupstream %patch47 -p0 -b .templates %patch48 -p0 -b .crypto %patch49 -p0 -b .skipthem