From d2ef6540b5ded5498426adfd4bdcbb2557a4fc3a Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Wed, 8 Jan 2014 09:08:35 -0800 Subject: [PATCH] Sync up with changes made upstream for freebl and softoken - Reduce the patch to its bare minumum - Remove RSA_BlockOAEP cases which aren't used by the pem module after all - Copied the private RSA_BlockType data structure from freebl/pkcss11.c that needed here - Upstream removed softoken/rsawrapr.c and moved the code to freebl/pkcs11.c - https://bugzilla.mozilla.org/show_bug.cgi?id=836019 - Bug 836019 - Move RSA-PKCS#1, RSA-PSS, and RSA-OAEP into freebl --- ...ync-up-with-upstream-softokn-changes.patch | 871 +----------------- 1 file changed, 27 insertions(+), 844 deletions(-) diff --git a/0001-sync-up-with-upstream-softokn-changes.patch b/0001-sync-up-with-upstream-softokn-changes.patch index 8733b49..3416ed3 100644 --- a/0001-sync-up-with-upstream-softokn-changes.patch +++ b/0001-sync-up-with-upstream-softokn-changes.patch @@ -1,42 +1,10 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsawrapr.c --- ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream 2013-12-26 14:21:08.000000000 -0800 -+++ ./nss/lib/ckfw/pem/rsawrapr.c 2014-01-07 13:26:43.350502692 -0800 -@@ -1,5 +1,10 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ - /* -- * PKCS#1 encoding and decoding functions. -+ RSA PKCS#1 v2.1 (RFC 3447) encoding and decoding functions. -+ - * This file is believed to contain no code licensed from other parties. - * - * ***** BEGIN LICENSE BLOCK ***** -@@ -42,21 +47,38 @@ ++++ ./nss/lib/ckfw/pem/rsawrapr.c 2014-01-08 09:05:09.549718089 -0800 +@@ -60,6 +60,21 @@ - #include "ckpem.h" - #include "blapi.h" -+#include "secitem.h" -+/*#include "blapii.h"*/ -+/* - #include "softoken.h" - #include "sechash.h" --#include "base.h" -- -+#include "base.h"#include "lowkeyi.h" -+*/ - #include "secerr.h" + #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ - #define RSA_BLOCK_MIN_PAD_LEN 8 - #define RSA_BLOCK_FIRST_OCTET 0x00 --#define RSA_BLOCK_PRIVATE0_PAD_OCTET 0x00 - #define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff - #define RSA_BLOCK_AFTER_PAD_OCTET 0x00 - --#define OAEP_SALT_LEN 8 --#define OAEP_PAD_LEN 8 --#define OAEP_PAD_OCTET 0x00 +/* + * RSA block types + * @@ -52,217 +20,18 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa + RSA_BlockTotal +} RSA_BlockType; + -+ -+/* Needed for RSA-PSS functions */ -+static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - - #define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */ - -@@ -78,141 +100,62 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey - return 0; - } - --static SHA1Context *SHA1_CloneContext(SHA1Context * original) --{ -- SHA1Context *clone = NULL; -- unsigned char *pBuf; -- int sha1ContextSize = SHA1_FlattenSize(original); -- SECStatus frv; -- unsigned char buf[FLAT_BUFSIZE]; -- -- PORT_Assert(sizeof buf >= sha1ContextSize); -- if (sizeof buf >= sha1ContextSize) { -- pBuf = buf; -- } else { -- pBuf = nss_ZAlloc(NULL, sha1ContextSize); -- if (!pBuf) -- goto done; -- } -- -- frv = SHA1_Flatten(original, pBuf); -- if (frv == SECSuccess) { -- clone = SHA1_Resurrect(pBuf, NULL); -- memset(pBuf, 0, sha1ContextSize); -- } -- done: -- if (pBuf != buf) -- nss_ZFreeIf(pBuf); -- return clone; -+/* Constant time comparison of a single byte. -+ * Returns 1 iff a == b, otherwise returns 0. -+ * Note: For ranges of bytes, use constantTimeCompare. -+ */ -+static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) { -+ unsigned char c = ~((a - b) | (b - a)); -+ c >>= 7; -+ return c; - } - --/* -- * Modify data by XORing it with a special hash of salt. -+/* Constant time comparison of a range of bytes. -+ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise -+ * returns 0. - */ --static SECStatus --oaep_xor_with_h1(unsigned char *data, unsigned int datalen, -- unsigned char *salt, unsigned int saltlen) --{ -- SHA1Context *sha1cx; -- unsigned char *dp, *dataend; -- unsigned char end_octet; -- -- sha1cx = SHA1_NewContext(); -- if (sha1cx == NULL) { -- return SECFailure; -- } -- -- /* -- * Get a hash of salt started; we will use it several times, -- * adding in a different end octet (x00, x01, x02, ...). -- */ -- SHA1_Begin(sha1cx); -- SHA1_Update(sha1cx, salt, saltlen); -- end_octet = 0; -- -- dp = data; -- dataend = data + datalen; -- -- while (dp < dataend) { -- SHA1Context *sha1cx_h1; -- unsigned int sha1len, sha1off; -- unsigned char sha1[SHA1_LENGTH]; -- -- /* -- * Create hash of (salt || end_octet) -- */ -- sha1cx_h1 = SHA1_CloneContext(sha1cx); -- SHA1_Update(sha1cx_h1, &end_octet, 1); -- SHA1_End(sha1cx_h1, sha1, &sha1len, sizeof(sha1)); -- SHA1_DestroyContext(sha1cx_h1, PR_TRUE); -- PORT_Assert(sha1len == SHA1_LENGTH); -- -- /* -- * XOR that hash with the data. -- * When we have fewer than SHA1_LENGTH octets of data -- * left to xor, use just the low-order ones of the hash. -- */ -- sha1off = 0; -- if ((dataend - dp) < SHA1_LENGTH) -- sha1off = SHA1_LENGTH - (dataend - dp); -- while (sha1off < SHA1_LENGTH) -- *dp++ ^= sha1[sha1off++]; -- -- /* -- * Bump for next hash chunk. -- */ -- end_octet++; -- } -- -- SHA1_DestroyContext(sha1cx, PR_TRUE); -- return SECSuccess; -+static unsigned char constantTimeCompare(const unsigned char *a, -+ const unsigned char *b, -+ unsigned int len) { -+ unsigned char tmp = 0; -+ unsigned int i; -+ for (i = 0; i < len; ++i, ++a, ++b) -+ tmp |= *a ^ *b; -+ return constantTimeEQ8(0x00, tmp); - } - --/* -- * Modify salt by XORing it with a special hash of data. -+/* Constant time conditional. -+ * Returns a if c is 1, or b if c is 0. The result is undefined if c is -+ * not 0 or 1. - */ --static SECStatus --oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen, -- unsigned char *data, unsigned int datalen) -+static unsigned int constantTimeCondition(unsigned int c, -+ unsigned int a, -+ unsigned int b) + unsigned + pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk) { -- unsigned char sha1[SHA1_LENGTH]; -- unsigned char *psalt, *psha1, *saltend; -- SECStatus rv; -- -- /* -- * Create a hash of data. -- */ -- rv = SHA1_HashBuf(sha1, data, datalen); -- if (rv != SECSuccess) { -- return rv; -- } -- -- /* -- * XOR the low-order octets of that hash with salt. -- */ -- PORT_Assert(saltlen <= SHA1_LENGTH); -- saltend = salt + saltlen; -- psalt = salt; -- psha1 = sha1 + SHA1_LENGTH - saltlen; -- while (psalt < saltend) { -- *psalt++ ^= *psha1++; -- } -+ return (~(c - 1) & a) | ((c - 1) & b); -+} - -- return SECSuccess; -+static unsigned int -+rsa_modulusLen(SECItem * modulus) -+{ -+ unsigned char byteZero = modulus->data[0]; -+ unsigned int modLen = modulus->len - !byteZero; -+ return modLen; - } - - /* - * Format one block of data for public/private key encryption using - * the rules defined in PKCS #1. - */ --static unsigned char *rsa_FormatOneBlock(unsigned modulusLen, -- RSA_BlockType blockType, -- SECItem * data) -+static unsigned char * -+rsa_FormatOneBlock(unsigned modulusLen, -+ RSA_BlockType blockType, -+ SECItem * data) - { - unsigned char *block; - unsigned char *bp; - int padLen; -- int i; -+ int i, j; - SECStatus rv; - - block = (unsigned char *) nss_ZAlloc(NULL, modulusLen); -@@ -223,18 +166,17 @@ static unsigned char *rsa_FormatOneBlock - - /* - * All RSA blocks start with two octets: -- * 0x00 || BlockType -+ * 0x00 || BlockType - */ - *bp++ = RSA_BLOCK_FIRST_OCTET; - *bp++ = (unsigned char) blockType; - - switch (blockType) { - -- /* -- * Blocks intended for private-key operation. -- */ +@@ -233,7 +248,6 @@ static unsigned char *rsa_FormatOneBlock + /* + * Blocks intended for private-key operation. + */ - case RSA_BlockPrivate0: /* essentially unused */ -- case RSA_BlockPrivate: /* preferred method */ -+ /* -+ * Blocks intended for private-key operation. -+ */ -+ case RSA_BlockPrivate: /* preferred method */ + case RSA_BlockPrivate: /* preferred method */ /* * 0x00 || BT || Pad || 0x00 || ActualData - * 1 1 padLen 1 data->len -@@ -246,138 +188,69 @@ static unsigned char *rsa_FormatOneBlock +@@ -246,10 +260,7 @@ static unsigned char *rsa_FormatOneBlock nss_ZFreeIf(block); return NULL; } @@ -274,41 +43,10 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa bp += padLen; *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; nsslibc_memcpy(bp, data->data, data->len); +@@ -288,97 +299,6 @@ static unsigned char *rsa_FormatOneBlock + break; -- /* -- * Blocks intended for public-key operation. -- */ -- case RSA_BlockPublic: -- -- /* -- * 0x00 || BT || Pad || 0x00 || ActualData -- * 1 1 padLen 1 data->len -- * Pad is all non-zero random bytes. -- */ -- padLen = modulusLen - data->len - 3; -- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN); -- if (padLen < RSA_BLOCK_MIN_PAD_LEN) { -- nss_ZFreeIf(block); -- return NULL; -- } -- for (i = 0; i < padLen; i++) { -- /* Pad with non-zero random data. */ -- do { -- rv = RNG_GenerateGlobalRandomBytes(bp + i, 1); -- } while (rv == SECSuccess -- && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET); -- if (rv != SECSuccess) { -- nss_ZFreeIf(block); -- return NULL; -- } -- } -- bp += padLen; -- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; -- nsslibc_memcpy(bp, data->data, data->len); -- -- break; -- - /* - * Blocks intended for public-key operation, using - * Optimal Asymmetric Encryption Padding (OAEP). @@ -399,107 +137,22 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa - } - - break; -+ /* -+ * Blocks intended for public-key operation. -+ */ -+ case RSA_BlockPublic: -+ -+ /* -+ * 0x00 || BT || Pad || 0x00 || ActualData -+ * 1 1 padLen 1 data->len -+ * Pad is all non-zero random bytes. -+ * -+ * Build the block left to right. -+ * Fill the entire block from Pad to the end with random bytes. -+ * Use the bytes after Pad as a supply of extra random bytes from -+ * which to find replacements for the zero bytes in Pad. -+ * If we need more than that, refill the bytes after Pad with -+ * new random bytes as necessary. -+ */ -+ padLen = modulusLen - (data->len + 3); -+ PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN); -+ if (padLen < RSA_BLOCK_MIN_PAD_LEN) { -+ nss_ZFreeIf (block); -+ return NULL; -+ } -+ j = modulusLen - 2; -+ rv = RNG_GenerateGlobalRandomBytes(bp, j); -+ if (rv == SECSuccess) { -+ for (i = 0; i < padLen; ) { -+ unsigned char repl; -+ /* Pad with non-zero random data. */ -+ if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) { -+ ++i; -+ continue; -+ } -+ if (j <= padLen) { -+ rv = RNG_GenerateGlobalRandomBytes(bp + padLen, -+ modulusLen - (2 + padLen)); -+ if (rv != SECSuccess) -+ break; -+ j = modulusLen - 2; -+ } -+ do { -+ repl = bp[--j]; -+ } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen); -+ if (repl != RSA_BLOCK_AFTER_PAD_OCTET) { -+ bp[i++] = repl; -+ } -+ } -+ } -+ if (rv != SECSuccess) { -+ /*sftk_fatalError = PR_TRUE;*/ -+ nss_ZFreeIf (block); -+ return NULL; -+ } -+ bp += padLen; -+ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET; -+ nsslibc_memcpy(bp, data->data, data->len); -+ break; - +- default: PORT_Assert(0); -@@ -389,54 +262,21 @@ static unsigned char *rsa_FormatOneBlock - } + nss_ZFreeIf(block); +@@ -406,7 +326,6 @@ rsa_FormatBlock(SECItem * result, unsign + */ - static SECStatus --rsa_FormatBlock(SECItem * result, unsigned modulusLen, -- RSA_BlockType blockType, SECItem * data) -+rsa_FormatBlock(SECItem * result, -+ unsigned modulusLen, -+ RSA_BlockType blockType, -+ SECItem * data) - { -- /* -- * XXX For now assume that the data length fits in a single -- * XXX encryption block; the ASSERTs below force this. -- * XXX To fix it, each case will have to loop over chunks whose -- * XXX lengths satisfy the assertions, until all data is handled. -- * XXX (Unless RSA has more to say about how to handle data -- * XXX which does not fit in a single encryption block?) -- * XXX And I do not know what the result is supposed to be, -- * XXX so the interface to this function may need to change -- * XXX to allow for returning multiple blocks, if they are -- * XXX not wanted simply concatenated one after the other. -- */ -- switch (blockType) { - case RSA_BlockPrivate0: -- case RSA_BlockPrivate: -- case RSA_BlockPublic: -+ case RSA_BlockPrivate: -+ case RSA_BlockPublic: + case RSA_BlockPrivate: + case RSA_BlockPublic: /* - * 0x00 || BT || Pad || 0x00 || ActualData - * - * The "3" below is the first octet + the second octet + the 0x00 - * octet that always comes just before the ActualData. - */ -- PORT_Assert(data->len <= -- (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))); -- -- result->data = rsa_FormatOneBlock(modulusLen, blockType, data); -- if (result->data == NULL) { +@@ -420,26 +339,6 @@ rsa_FormatBlock(SECItem * result, unsign + + result->data = rsa_FormatOneBlock(modulusLen, blockType, data); + if (result->data == NULL) { - result->len = 0; - return SECFailure; - } @@ -517,479 +170,9 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsa - */ - PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN - + OAEP_PAD_LEN))); -+ PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))); - - result->data = rsa_FormatOneBlock(modulusLen, blockType, data); - if (result->data == NULL) { -@@ -447,7 +287,7 @@ rsa_FormatBlock(SECItem * result, unsign - - break; - -- case RSA_BlockRaw: -+ case RSA_BlockRaw: - /* - * Pad || ActualData - * Pad is zeros. The application is responsible for recovering -@@ -476,36 +316,34 @@ rsa_FormatBlock(SECItem * result, unsign - SECStatus - pem_RSA_Sign(pemLOWKEYPrivateKey * key, - unsigned char *output, -- unsigned int *output_len, -+ unsigned int *outputLen, - unsigned int maxOutputLen, -- unsigned char *input, unsigned int input_len) -+ unsigned char *input, unsigned int inputLen) - { - SECStatus rv = SECSuccess; -- unsigned int modulus_len = pem_PrivateModulusLen(key); -+ unsigned int modulusLen = pem_PrivateModulusLen(key); - SECItem formatted; - SECItem unformatted; - -- if (maxOutputLen < modulus_len) -+ if (maxOutputLen < modulusLen) - return SECFailure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - return SECFailure; - -- unformatted.len = input_len; -+ unformatted.len = inputLen; - unformatted.data = input; - formatted.data = NULL; -- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPrivate, -+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPrivate, - &unformatted); - if (rv != SECSuccess) - goto done; - - rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, - formatted.data); -- *output_len = modulus_len; -+ *outputLen = modulusLen; - -- goto done; - -- done: -+done: - if (formatted.data != NULL) - nss_ZFreeIf(formatted.data); - return rv; -@@ -515,17 +353,17 @@ pem_RSA_Sign(pemLOWKEYPrivateKey * key, - /* XXX Doesn't set error code */ - SECStatus - RSA_CheckSign(NSSLOWKEYPublicKey * key, -- unsigned char *sign, -- unsigned int sign_len, -+ unsigned char *sig, -+ unsigned int sigLen, - unsigned char *hash, unsigned int hash_len) - { - SECStatus rv; -- unsigned int modulus_len = pem_PublicModulusLen(key); -+ unsigned int modulusLen = pem_PublicModulusLen(key); - unsigned int i; - unsigned char *buffer; - -- modulus_len = pem_PublicModulusLen(key); -- if (sign_len != modulus_len) -+ modulusLen = pem_PublicModulusLen(key); -+ if (sigLen != modulusLen) - goto failure; - /* - * 0x00 || BT || Pad || 0x00 || ActualData -@@ -533,17 +371,17 @@ RSA_CheckSign(NSSLOWKEYPublicKey * key, - * The "3" below is the first octet + the second octet + the 0x00 - * octet that always comes just before the ActualData. - */ -- if (hash_len > modulus_len - (3 + RSA_BLOCK_MIN_PAD_LEN)) -+ if (hash_len > modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; - -- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1); -+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1); - if (!buffer) - goto failure; - -- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign); -+ rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sig); - if (rv != SECSuccess) - goto loser; - -@@ -552,7 +390,7 @@ RSA_CheckSign(NSSLOWKEYPublicKey * key, - */ - if (buffer[0] != 0 || buffer[1] != 1) - goto loser; -- for (i = 2; i < modulus_len - hash_len - 1; i++) { -+ for (i = 2; i < modulusLen - hash_len - 1; i++) { - if (buffer[i] != 0xff) - goto loser; - } -@@ -562,7 +400,7 @@ RSA_CheckSign(NSSLOWKEYPublicKey * key, - /* - * make sure we get the same results - */ -- if (memcmp(buffer + modulus_len - hash_len, hash, hash_len) != 0) -+ if (memcmp(buffer + modulusLen - hash_len, hash, hash_len) != 0) - goto loser; - - nss_ZFreeIf(buffer); -@@ -579,25 +417,25 @@ SECStatus - RSA_CheckSignRecover(NSSLOWKEYPublicKey * key, - unsigned char *data, - unsigned int *data_len, -- unsigned int max_output_len, -- unsigned char *sign, unsigned int sign_len) -+ unsigned int maxOutputLen, -+ unsigned char *sig, unsigned int sigLen) - { - SECStatus rv; -- unsigned int modulus_len = pem_PublicModulusLen(key); -+ unsigned int modulusLen = pem_PublicModulusLen(key); - unsigned int i; - unsigned char *buffer; - -- if (sign_len != modulus_len) -+ if (sigLen != modulusLen) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; - -- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1); -+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1); - if (!buffer) - goto failure; - -- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign); -+ rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sig); - if (rv != SECSuccess) - goto loser; - *data_len = 0; -@@ -607,9 +445,9 @@ RSA_CheckSignRecover(NSSLOWKEYPublicKey - */ - if (buffer[0] != 0 || buffer[1] != 1) - goto loser; -- for (i = 2; i < modulus_len; i++) { -+ for (i = 2; i < modulusLen; i++) { - if (buffer[i] == 0) { -- *data_len = modulus_len - i - 1; -+ *data_len = modulusLen - i - 1; - break; +- result->data = rsa_FormatOneBlock(modulusLen, blockType, data); +- if (result->data == NULL) { + result->len = 0; + return SECFailure; } - if (buffer[i] != 0xff) -@@ -617,13 +455,13 @@ RSA_CheckSignRecover(NSSLOWKEYPublicKey - } - if (*data_len == 0) - goto loser; -- if (*data_len > max_output_len) -+ if (*data_len > maxOutputLen) - goto loser; - - /* - * make sure we get the same results - */ -- nsslibc_memcpy(data, buffer + modulus_len - *data_len, *data_len); -+ nsslibc_memcpy(data, buffer + modulusLen - *data_len, *data_len); - - nss_ZFreeIf(buffer); - return SECSuccess; -@@ -638,26 +476,26 @@ RSA_CheckSignRecover(NSSLOWKEYPublicKey - SECStatus - RSA_EncryptBlock(NSSLOWKEYPublicKey * key, - unsigned char *output, -- unsigned int *output_len, -- unsigned int max_output_len, -- unsigned char *input, unsigned int input_len) -+ unsigned int *outputLen, -+ unsigned int maxOutputLen, -+ unsigned char *input, unsigned int inputLen) - { - SECStatus rv; -- unsigned int modulus_len = pem_PublicModulusLen(key); -+ unsigned int modulusLen = pem_PublicModulusLen(key); - SECItem formatted; - SECItem unformatted; - - formatted.data = NULL; -- if (max_output_len < modulus_len) -+ if (maxOutputLen < modulusLen) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; - -- unformatted.len = input_len; -+ unformatted.len = inputLen; - unformatted.data = input; - formatted.data = NULL; -- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPublic, -+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPublic, - &unformatted); - if (rv != SECSuccess) - goto failure; -@@ -667,7 +505,7 @@ RSA_EncryptBlock(NSSLOWKEYPublicKey * ke - goto failure; - - nss_ZFreeIf(formatted.data); -- *output_len = modulus_len; -+ *outputLen = modulusLen; - return SECSuccess; - - failure: -@@ -681,22 +519,22 @@ RSA_EncryptBlock(NSSLOWKEYPublicKey * ke - SECStatus - pem_RSA_DecryptBlock(pemLOWKEYPrivateKey * key, - unsigned char *output, -- unsigned int *output_len, -- unsigned int max_output_len, -- unsigned char *input, unsigned int input_len) -+ unsigned int *outputLen, -+ unsigned int maxOutputLen, -+ unsigned char *input, unsigned int inputLen) - { - SECStatus rv; -- unsigned int modulus_len = pem_PrivateModulusLen(key); -+ unsigned int modulusLen = pem_PrivateModulusLen(key); - unsigned int i; - unsigned char *buffer; - - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; -- if (input_len != modulus_len) -+ if (inputLen != modulusLen) - goto failure; - -- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1); -+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1); - if (!buffer) - goto failure; - -@@ -707,19 +545,19 @@ pem_RSA_DecryptBlock(pemLOWKEYPrivateKey - - if (buffer[0] != 0 || buffer[1] != 2) - goto loser; -- *output_len = 0; -- for (i = 2; i < modulus_len; i++) { -+ *outputLen = 0; -+ for (i = 2; i < modulusLen; i++) { - if (buffer[i] == 0) { -- *output_len = modulus_len - i - 1; -+ *outputLen = modulusLen - i - 1; - break; - } - } -- if (*output_len == 0) -+ if (*outputLen == 0) - goto loser; -- if (*output_len > max_output_len) -+ if (*outputLen > maxOutputLen) - goto loser; - -- nsslibc_memcpy(output, buffer + modulus_len - *output_len, *output_len); -+ nsslibc_memcpy(output, buffer + modulusLen - *outputLen, *outputLen); - - nss_ZFreeIf(buffer); - return SECSuccess; -@@ -739,32 +577,32 @@ pem_RSA_DecryptBlock(pemLOWKEYPrivateKey - SECStatus - pem_RSA_SignRaw(pemLOWKEYPrivateKey * key, - unsigned char *output, -- unsigned int *output_len, -+ unsigned int *outputLen, - unsigned int maxOutputLen, -- unsigned char *input, unsigned int input_len) -+ unsigned char *input, unsigned int inputLen) - { - SECStatus rv = SECSuccess; -- unsigned int modulus_len = pem_PrivateModulusLen(key); -+ unsigned int modulusLen = pem_PrivateModulusLen(key); - SECItem formatted; - SECItem unformatted; - -- if (maxOutputLen < modulus_len) -+ if (maxOutputLen < modulusLen) - return SECFailure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - return SECFailure; - -- unformatted.len = input_len; -+ unformatted.len = inputLen; - unformatted.data = input; - formatted.data = NULL; -- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, -+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw, - &unformatted); - if (rv != SECSuccess) - goto done; - - rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output, - formatted.data); -- *output_len = modulus_len; -+ *outputLen = modulusLen; - - done: - if (formatted.data != NULL) -@@ -775,27 +613,27 @@ pem_RSA_SignRaw(pemLOWKEYPrivateKey * ke - /* XXX Doesn't set error code */ - SECStatus - RSA_CheckSignRaw(NSSLOWKEYPublicKey * key, -- unsigned char *sign, -- unsigned int sign_len, -+ unsigned char *sig, -+ unsigned int sigLen, - unsigned char *hash, unsigned int hash_len) - { - SECStatus rv; -- unsigned int modulus_len = pem_PublicModulusLen(key); -+ unsigned int modulusLen = pem_PublicModulusLen(key); - unsigned char *buffer; - -- if (sign_len != modulus_len) -+ if (sigLen != modulusLen) - goto failure; -- if (hash_len > modulus_len) -+ if (hash_len > modulusLen) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; - -- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1); -+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1); - if (!buffer) - goto failure; - -- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign); -+ rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sig); - if (rv != SECSuccess) - goto loser; - -@@ -803,7 +641,7 @@ RSA_CheckSignRaw(NSSLOWKEYPublicKey * ke - * make sure we get the same results - */ - /* NOTE: should we verify the leading zeros? */ -- if (memcmp(buffer + (modulus_len - hash_len), hash, hash_len) != -+ if (memcmp(buffer + (modulusLen - hash_len), hash, hash_len) != - 0) - goto loser; - -@@ -821,25 +659,25 @@ SECStatus - RSA_CheckSignRecoverRaw(NSSLOWKEYPublicKey * key, - unsigned char *data, - unsigned int *data_len, -- unsigned int max_output_len, -- unsigned char *sign, unsigned int sign_len) -+ unsigned int maxOutputLen, -+ unsigned char *sig, unsigned int sigLen) - { - SECStatus rv; -- unsigned int modulus_len = pem_PublicModulusLen(key); -+ unsigned int modulusLen = pem_PublicModulusLen(key); - -- if (sign_len != modulus_len) -+ if (sigLen != modulusLen) - goto failure; -- if (max_output_len < modulus_len) -+ if (maxOutputLen < modulusLen) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; - -- rv = RSA_PublicKeyOp(&key->u.rsa, data, sign); -+ rv = RSA_PublicKeyOp(&key->u.rsa, data, sig); - if (rv != SECSuccess) - goto failure; - -- *data_len = modulus_len; -+ *data_len = modulusLen; - return SECSuccess; - - failure: -@@ -851,26 +689,26 @@ RSA_CheckSignRecoverRaw(NSSLOWKEYPublicK - SECStatus - RSA_EncryptRaw(NSSLOWKEYPublicKey * key, - unsigned char *output, -- unsigned int *output_len, -- unsigned int max_output_len, -- unsigned char *input, unsigned int input_len) -+ unsigned int *outputLen, -+ unsigned int maxOutputLen, -+ unsigned char *input, unsigned int inputLen) - { - SECStatus rv; -- unsigned int modulus_len = pem_PublicModulusLen(key); -+ unsigned int modulusLen = pem_PublicModulusLen(key); - SECItem formatted; - SECItem unformatted; - - formatted.data = NULL; -- if (max_output_len < modulus_len) -+ if (maxOutputLen < modulusLen) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; - -- unformatted.len = input_len; -+ unformatted.len = inputLen; - unformatted.data = input; - formatted.data = NULL; -- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw, -+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw, - &unformatted); - if (rv != SECSuccess) - goto failure; -@@ -880,7 +718,7 @@ RSA_EncryptRaw(NSSLOWKEYPublicKey * key, - goto failure; - - nss_ZFreeIf(formatted.data); -- *output_len = modulus_len; -+ *outputLen = modulusLen; - return SECSuccess; - - failure: -@@ -893,21 +731,21 @@ RSA_EncryptRaw(NSSLOWKEYPublicKey * key, - SECStatus - pem_RSA_DecryptRaw(pemLOWKEYPrivateKey * key, - unsigned char *output, -- unsigned int *output_len, -- unsigned int max_output_len, -- unsigned char *input, unsigned int input_len) -+ unsigned int *outputLen, -+ unsigned int maxOutputLen, -+ unsigned char *input, unsigned int inputLen) - { - SECStatus rv; -- unsigned int modulus_len = pem_PrivateModulusLen(key); -+ unsigned int modulusLen = pem_PrivateModulusLen(key); - -- if (modulus_len <= 0) -+ if (modulusLen <= 0) - goto failure; -- if (modulus_len > max_output_len) -+ if (modulusLen > maxOutputLen) - goto failure; - PORT_Assert(key->keyType == pemLOWKEYRSAKey); - if (key->keyType != pemLOWKEYRSAKey) - goto failure; -- if (input_len != modulus_len) -+ if (inputLen != modulusLen) - goto failure; - - rv = RSA_PrivateKeyOp(&key->u.rsa, output, input); -@@ -915,7 +753,7 @@ pem_RSA_DecryptRaw(pemLOWKEYPrivateKey * - goto failure; - } - -- *output_len = modulus_len; -+ *outputLen = modulusLen; - return SECSuccess; - - failure: