From 7285eaab48aed62e9f3bf295db960bc26f3b8b87 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 8 Jan 2014 10:24:30 -0800 Subject: [PATCH] Regenerated pem patch to be suitable for submission to interim upstream pem --- ...-3.15.4-changes-in-freebl-and-softok.patch | 58 ++++++++++++------- nss.spec | 4 +- 2 files changed, 40 insertions(+), 22 deletions(-) rename 0001-sync-up-with-upstream-softokn-changes.patch => 0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch (78%) diff --git a/0001-sync-up-with-upstream-softokn-changes.patch b/0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch similarity index 78% rename from 0001-sync-up-with-upstream-softokn-changes.patch rename to 0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch index 3416ed3..53ab4c1 100644 --- a/0001-sync-up-with-upstream-softokn-changes.patch +++ b/0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch @@ -1,6 +1,21 @@ -diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsawrapr.c ---- ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream 2013-12-26 14:21:08.000000000 -0800 -+++ ./nss/lib/ckfw/pem/rsawrapr.c 2014-01-08 09:05:09.549718089 -0800 +From 67aaa70fb0e889ff7dd3668561bfb002dd83e018 Mon Sep 17 00:00:00 2001 +From: Elio Maldonado +Date: Wed, 8 Jan 2014 10:02:19 -0800 +Subject: [PATCH 39/39] Sync up with nss-3.15.4 changes in freebl and softoken + +- Remove RSA_BlockOAEP cases which aren't used by the pem module after all +- Copied the private RSA_BlockType data structure from freebl/pkcss11.c +- Upstream removed softoken/rsawrapr.c and moved the code to freebl/pkcs11.c +- per Mozilla Bug 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl +- https://bugzilla.mozilla.org/show_bug.cgi?id=836019 +--- + mozilla/security/nss/lib/ckfw/pem/rsawrapr.c | 133 ++++----------------------- + 1 file changed, 16 insertions(+), 117 deletions(-) + +diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c +index 5ac4f39..103eeda 100644 +--- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c ++++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c @@ -60,6 +60,21 @@ #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ @@ -23,7 +38,7 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa unsigned pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk) { -@@ -233,7 +248,6 @@ static unsigned char *rsa_FormatOneBlock +@@ -233,7 +248,6 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, /* * Blocks intended for private-key operation. */ @@ -31,7 +46,7 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa case RSA_BlockPrivate: /* preferred method */ /* * 0x00 || BT || Pad || 0x00 || ActualData -@@ -246,10 +260,7 @@ static unsigned char *rsa_FormatOneBlock +@@ -246,10 +260,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, nss_ZFreeIf(block); return NULL; } @@ -43,7 +58,7 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa bp += padLen; *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; nsslibc_memcpy(bp, data->data, data->len); -@@ -288,97 +299,6 @@ static unsigned char *rsa_FormatOneBlock +@@ -288,97 +299,6 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, break; @@ -141,7 +156,7 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa default: PORT_Assert(0); nss_ZFreeIf(block); -@@ -406,7 +326,6 @@ rsa_FormatBlock(SECItem * result, unsign +@@ -406,7 +326,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen, */ switch (blockType) { @@ -149,17 +164,10 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa case RSA_BlockPrivate: case RSA_BlockPublic: /* -@@ -420,26 +339,6 @@ rsa_FormatBlock(SECItem * result, unsign +@@ -427,26 +346,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen, + + break; - result->data = rsa_FormatOneBlock(modulusLen, blockType, data); - if (result->data == NULL) { -- result->len = 0; -- return SECFailure; -- } -- result->len = modulusLen; -- -- break; -- - case RSA_BlockOAEP: - /* - * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2]) @@ -173,6 +181,16 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa - - result->data = rsa_FormatOneBlock(modulusLen, blockType, data); - if (result->data == NULL) { - result->len = 0; - return SECFailure; - } +- result->len = 0; +- return SECFailure; +- } +- result->len = modulusLen; +- +- break; +- + case RSA_BlockRaw: + /* + * Pad || ActualData +-- +1.8.4.2 + diff --git a/nss.spec b/nss.spec index cb1057b..23baa3f 100644 --- a/nss.spec +++ b/nss.spec @@ -80,7 +80,7 @@ Patch18: nss-646045.patch Patch25: nsspem-use-system-freebl.patch # TODO: Remove this patch when the ocsp test are fixed Patch40: nss-3.14.0.0-disble-ocsp-test.patch -Patch44: 0001-sync-up-with-upstream-softokn-changes.patch +Patch44: 0039-Sync-up-with-nss-3.15.4-changes-in-freebl-and-softok.patch # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator Patch47: utilwrap-include-templates.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=902171 @@ -172,7 +172,7 @@ low level services. # link pem against buildroot's freebl, essential when mixing and matching %patch25 -p0 -b .systemfreebl %patch40 -p0 -b .noocsptest -%patch44 -p1 -b .syncupwithupstream +%patch44 -p3 -b .syncupwithupstream %patch47 -p0 -b .templates %patch48 -p0 -b .crypto %patch49 -p0 -b .skipthem