diff options
| author | cvs2hg <devnull@localhost> | 2001-04-06 00:20:31 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2001-04-06 00:20:31 +0000 |
| commit | bc8150a352b2bf39bc3fe660eaed4b14fb585329 (patch) | |
| tree | 4acc82bececa525e104759a8f4137909af116c5f | |
| parent | c4beecc5e5939018dc285bb17f8753742fdab163 (diff) | |
| download | nss-hg-bc8150a352b2bf39bc3fe660eaed4b14fb585329.tar.gz | |
fixup commit for tag 'NSS_3_2_1_RTM'NSS_3_2_1_RTM
| -rw-r--r-- | security/coreconf/SunOS5.5.1_i86pc.mk | 45 | ||||
| -rw-r--r-- | security/coreconf/SunOS5.6_i86pc.mk | 45 | ||||
| -rw-r--r-- | security/coreconf/SunOS5.7_i86pc.mk | 47 | ||||
| -rw-r--r-- | security/coreconf/SunOS5.8_i86pc.mk | 47 | ||||
| -rwxr-xr-x | security/coreconf/SunOS5.9_i86pc.mk | 47 | ||||
| -rw-r--r-- | security/coreconf/config.mk | 150 | ||||
| -rw-r--r-- | security/coreconf/tree.mk | 114 | ||||
| -rw-r--r-- | security/nss/lib/certdb/crl.c | 395 | ||||
| -rw-r--r-- | security/nss/lib/freebl/Makefile | 331 | ||||
| -rw-r--r-- | security/nss/lib/freebl/rsa.c | 693 |
10 files changed, 1914 insertions, 0 deletions
diff --git a/security/coreconf/SunOS5.5.1_i86pc.mk b/security/coreconf/SunOS5.5.1_i86pc.mk new file mode 100644 index 000000000..978286856 --- /dev/null +++ b/security/coreconf/SunOS5.5.1_i86pc.mk @@ -0,0 +1,45 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +# Config stuff for Solaris 2.5.1 on x86 +# + +SOL_CFLAGS = -D_SVID_GETTOD + +include $(CORE_DEPTH)/coreconf/SunOS5.mk + +CPU_ARCH = x86 +OS_DEFINES += -Di386 + +ifeq ($(OS_RELEASE),5.5.1_i86pc) + OS_DEFINES += -DSOLARIS2_5 +endif diff --git a/security/coreconf/SunOS5.6_i86pc.mk b/security/coreconf/SunOS5.6_i86pc.mk new file mode 100644 index 000000000..286ff3505 --- /dev/null +++ b/security/coreconf/SunOS5.6_i86pc.mk @@ -0,0 +1,45 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +# Config stuff for Solaris 2.6 on x86 +# + +SOL_CFLAGS = -D_SVID_GETTOD + +include $(CORE_DEPTH)/coreconf/SunOS5.mk + +CPU_ARCH = x86 +OS_DEFINES += -Di386 + +ifeq ($(OS_RELEASE),5.6_i86pc) + OS_DEFINES += -DSOLARIS2_6 +endif diff --git a/security/coreconf/SunOS5.7_i86pc.mk b/security/coreconf/SunOS5.7_i86pc.mk new file mode 100644 index 000000000..ab8c66f84 --- /dev/null +++ b/security/coreconf/SunOS5.7_i86pc.mk @@ -0,0 +1,47 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +# Config stuff for Solaris 7 on x86 +# + +SOL_CFLAGS = -D_SVID_GETTOD + +include $(CORE_DEPTH)/coreconf/SunOS5.mk + +CPU_ARCH = x86 +OS_DEFINES += -Di386 + +ifeq ($(OS_RELEASE),5.7_i86pc) + OS_DEFINES += -DSOLARIS2_7 +endif + +OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/SunOS5.8_i86pc.mk b/security/coreconf/SunOS5.8_i86pc.mk new file mode 100644 index 000000000..7b2c71a64 --- /dev/null +++ b/security/coreconf/SunOS5.8_i86pc.mk @@ -0,0 +1,47 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +# Config stuff for Solaris 8 on x86 +# + +SOL_CFLAGS = -D_SVID_GETTOD + +include $(CORE_DEPTH)/coreconf/SunOS5.mk + +CPU_ARCH = x86 +OS_DEFINES += -Di386 + +ifeq ($(OS_RELEASE),5.8_i86pc) + OS_DEFINES += -DSOLARIS2_8 +endif + +OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/SunOS5.9_i86pc.mk b/security/coreconf/SunOS5.9_i86pc.mk new file mode 100755 index 000000000..115a2bc32 --- /dev/null +++ b/security/coreconf/SunOS5.9_i86pc.mk @@ -0,0 +1,47 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +# Config stuff for Solaris 9 on x86 +# + +SOL_CFLAGS = -D_SVID_GETTOD + +include $(CORE_DEPTH)/coreconf/SunOS5.mk + +CPU_ARCH = x86 +OS_DEFINES += -Di386 + +ifeq ($(OS_RELEASE),5.9_i86pc) + OS_DEFINES += -DSOLARIS2_9 +endif + +OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk new file mode 100644 index 000000000..0eb5fc93f --- /dev/null +++ b/security/coreconf/config.mk @@ -0,0 +1,150 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +# Configuration information for building in the "Core Components" source module +# + +####################################################################### +# [1.0] Master "Core Components" source and release <architecture> # +# tags # +####################################################################### + +include $(CORE_DEPTH)/coreconf/arch.mk + +####################################################################### +# [2.0] Master "Core Components" default command macros # +# (NOTE: may be overridden in $(OS_CONFIG).mk) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/command.mk + +####################################################################### +# [3.0] Master "Core Components" <architecture>-specific macros # +# (dependent upon <architecture> tags) # +# # +# We are moving towards just having a $(OS_TARGET).mk file # +# as opposed to multiple $(OS_CONFIG).mk files, one for # +# each OS release. # +####################################################################### + +ifeq (,$(filter-out BSD_OS NetBSD OS2,$(OS_TARGET))) +include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk +else +include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk +endif + +####################################################################### +# [4.0] Master "Core Components" source and release <platform> tags # +# (dependent upon <architecture> tags) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/platform.mk + +####################################################################### +# [5.0] Master "Core Components" release <tree> tags # +# (dependent upon <architecture> tags) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/tree.mk + +####################################################################### +# [6.0] Master "Core Components" source and release <component> tags # +# NOTE: A component is also called a module or a subsystem. # +# (dependent upon $(MODULE) being defined on the # +# command line, as an environment variable, or in individual # +# makefiles, or more appropriately, manifest.mn) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/module.mk + +####################################################################### +# [7.0] Master "Core Components" release <version> tags # +# (dependent upon $(MODULE) being defined on the # +# command line, as an environment variable, or in individual # +# makefiles, or more appropriately, manifest.mn) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/version.mk + +####################################################################### +# [8.0] Master "Core Components" macros to figure out # +# binary code location # +# (dependent upon <platform> tags) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/location.mk + +####################################################################### +# [9.0] Master "Core Components" <component>-specific source path # +# (dependent upon <user_source_tree>, <source_component>, # +# <version>, and <platform> tags) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/source.mk + +####################################################################### +# [10.0] Master "Core Components" include switch for support header # +# files # +# (dependent upon <tree>, <component>, <version>, # +# and <platform> tags) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/headers.mk + +####################################################################### +# [11.0] Master "Core Components" for computing program prefixes # +####################################################################### + +include $(CORE_DEPTH)/coreconf/prefix.mk + +####################################################################### +# [12.0] Master "Core Components" for computing program suffixes # +# (dependent upon <architecture> tags) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/suffix.mk + +####################################################################### +# [13.0] Master "Core Components" for defining JDK # +# (dependent upon <architecture>, <source>, and <suffix> tags)# +####################################################################### + +include $(CORE_DEPTH)/coreconf/jdk.mk + +####################################################################### +# [14.0] Master "Core Components" rule set # +# (should always be the last file included by config.mk) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/ruleset.mk +-include $(MKDEPENDENCIES) + diff --git a/security/coreconf/tree.mk b/security/coreconf/tree.mk new file mode 100644 index 000000000..b9c247ee1 --- /dev/null +++ b/security/coreconf/tree.mk @@ -0,0 +1,114 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# Master "Core Components" file system "release" prefixes # +####################################################################### + +# RELEASE_TREE = $(CORE_DEPTH)/../coredist + + +ifndef RELEASE_TREE + ifdef BUILD_SHIP + ifdef USE_SHIPS + RELEASE_TREE = $(BUILD_SHIP) + else + RELEASE_TREE = /share/builds/components + endif + else + RELEASE_TREE = /share/builds/components + endif + ifeq ($(OS_TARGET), WINNT) + ifdef BUILD_SHIP + ifdef USE_SHIPS + RELEASE_TREE = $(NTBUILD_SHIP) + else + RELEASE_TREE = //hs-sca15c/components + endif + else + RELEASE_TREE = //hs-sca15c/components + endif + endif + + ifeq ($(OS_TARGET), WIN95) + ifdef BUILD_SHIP + ifdef USE_SHIPS + RELEASE_TREE = $(NTBUILD_SHIP) + else + RELEASE_TREE = //hs-sca15c/components + endif + else + RELEASE_TREE = //hs-sca15c/components + endif + endif + ifeq ($(OS_TARGET), WIN16) + ifdef BUILD_SHIP + ifdef USE_SHIPS + RELEASE_TREE = $(NTBUILD_SHIP) + else + RELEASE_TREE = //hs-sca15c/components + endif + else + RELEASE_TREE = //hs-sca15c/components + endif + endif +endif + +# +# NOTE: export control policy enforced for XP and MD files +# released to the binary release tree +# + +ifeq ($(POLICY), domestic) + RELEASE_XP_DIR = domestic + RELEASE_MD_DIR = domestic/$(PLATFORM) +else + ifeq ($(POLICY), export) + RELEASE_XP_DIR = export + RELEASE_MD_DIR = export/$(PLATFORM) + else + ifeq ($(POLICY), france) + RELEASE_XP_DIR = france + RELEASE_MD_DIR = france/$(PLATFORM) + else + RELEASE_XP_DIR = + RELEASE_MD_DIR = $(PLATFORM) + endif + endif +endif + + +REPORTER_TREE = $(subst \,\\,$(RELEASE_TREE)) + +IMPORT_XP_DIR = +IMPORT_MD_DIR = $(PLATFORM) diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c new file mode 100644 index 000000000..8bfded225 --- /dev/null +++ b/security/nss/lib/certdb/crl.c @@ -0,0 +1,395 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * Moved from secpkcs7.c + * + * $Id$ + */ + +#include "cert.h" +#include "secder.h" +#include "secasn1.h" +#include "secoid.h" +#include "certdb.h" +#include "certxutl.h" +#include "prtime.h" +#include "secerr.h" + +const SEC_ASN1Template SEC_CERTExtensionTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTCertExtension) }, + { SEC_ASN1_OBJECT_ID, + offsetof(CERTCertExtension,id) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */ + offsetof(CERTCertExtension,critical), }, + { SEC_ASN1_OCTET_STRING, + offsetof(CERTCertExtension,value) }, + { 0, } +}; + +static const SEC_ASN1Template SEC_CERTExtensionsTemplate[] = { + { SEC_ASN1_SEQUENCE_OF, 0, SEC_CERTExtensionTemplate} +}; + +/* + * XXX Also, these templates, especially the Krl/FORTEZZA ones, need to + * be tested; Lisa did the obvious translation but they still should be + * verified. + */ + +const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTIssuerAndSN) }, + { SEC_ASN1_SAVE, + offsetof(CERTIssuerAndSN,derIssuer) }, + { SEC_ASN1_INLINE, + offsetof(CERTIssuerAndSN,issuer), + CERT_NameTemplate }, + { SEC_ASN1_INTEGER, + offsetof(CERTIssuerAndSN,serialNumber) }, + { 0 } +}; + +static const SEC_ASN1Template cert_KrlEntryTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTCrlEntry) }, + { SEC_ASN1_OCTET_STRING, + offsetof(CERTCrlEntry,serialNumber) }, + { SEC_ASN1_UTC_TIME, + offsetof(CERTCrlEntry,revocationDate) }, + { 0 } +}; + +static const SEC_ASN1Template cert_KrlTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTCrl) }, + { SEC_ASN1_INLINE, + offsetof(CERTCrl,signatureAlg), + SECOID_AlgorithmIDTemplate }, + { SEC_ASN1_SAVE, + offsetof(CERTCrl,derName) }, + { SEC_ASN1_INLINE, + offsetof(CERTCrl,name), + CERT_NameTemplate }, + { SEC_ASN1_UTC_TIME, + offsetof(CERTCrl,lastUpdate) }, + { SEC_ASN1_UTC_TIME, + offsetof(CERTCrl,nextUpdate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, + offsetof(CERTCrl,entries), + cert_KrlEntryTemplate }, + { 0 } +}; + +static const SEC_ASN1Template cert_SignedKrlTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTSignedCrl) }, + { SEC_ASN1_SAVE, + offsetof(CERTSignedCrl,signatureWrap.data) }, + { SEC_ASN1_INLINE, + offsetof(CERTSignedCrl,crl), + cert_KrlTemplate }, + { SEC_ASN1_INLINE, + offsetof(CERTSignedCrl,signatureWrap.signatureAlgorithm), + SECOID_AlgorithmIDTemplate }, + { SEC_ASN1_BIT_STRING, + offsetof(CERTSignedCrl,signatureWrap.signature) }, + { 0 } +}; + +static const SEC_ASN1Template cert_CrlKeyTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTCrlKey) }, + { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrlKey,dummy) }, + { SEC_ASN1_SKIP }, + { SEC_ASN1_ANY, offsetof(CERTCrlKey,derName) }, + { SEC_ASN1_SKIP_REST }, + { 0 } +}; + +static const SEC_ASN1Template cert_CrlEntryTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTCrlEntry) }, + { SEC_ASN1_INTEGER, + offsetof(CERTCrlEntry,serialNumber) }, + { SEC_ASN1_UTC_TIME, + offsetof(CERTCrlEntry,revocationDate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, + offsetof(CERTCrlEntry, extensions), + SEC_CERTExtensionTemplate}, + { 0 } +}; + +const SEC_ASN1Template CERT_CrlTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTCrl) }, + { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (CERTCrl, version) }, + { SEC_ASN1_INLINE, + offsetof(CERTCrl,signatureAlg), + SECOID_AlgorithmIDTemplate }, + { SEC_ASN1_SAVE, + offsetof(CERTCrl,derName) }, + { SEC_ASN1_INLINE, + offsetof(CERTCrl,name), + CERT_NameTemplate }, + { SEC_ASN1_UTC_TIME, + offsetof(CERTCrl,lastUpdate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_UTC_TIME, + offsetof(CERTCrl,nextUpdate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, + offsetof(CERTCrl,entries), + cert_CrlEntryTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_EXPLICIT | 0, + offsetof(CERTCrl,extensions), + SEC_CERTExtensionsTemplate}, + { 0 } +}; + +static const SEC_ASN1Template cert_SignedCrlTemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTSignedCrl) }, + { SEC_ASN1_SAVE, + offsetof(CERTSignedCrl,signatureWrap.data) }, + { SEC_ASN1_INLINE, + offsetof(CERTSignedCrl,crl), + CERT_CrlTemplate }, + { SEC_ASN1_INLINE, + offsetof(CERTSignedCrl,signatureWrap.signatureAlgorithm), + SECOID_AlgorithmIDTemplate }, + { SEC_ASN1_BIT_STRING, + offsetof(CERTSignedCrl,signatureWrap.signature) }, + { 0 } +}; + +const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[] = { + { SEC_ASN1_SET_OF, 0, cert_SignedCrlTemplate }, +}; + +/* Check the version of the CRL. If there is a critical extension in the crl + or crl entry, then the version must be v2. Otherwise, it should be v1. If + the crl contains critical extension(s), then we must recognized the extension's + OID. + */ +SECStatus cert_check_crl_version (CERTCrl *crl) +{ + CERTCrlEntry **entries; + CERTCrlEntry *entry; + PRBool hasCriticalExten = PR_FALSE; + SECStatus rv = SECSuccess; + int version; + + /* CRL version is defaulted to v1 */ + version = SEC_CRL_VERSION_1; + if (crl->version.data != 0) + version = (int)DER_GetUInteger (&crl->version); + + if (version > SEC_CRL_VERSION_2) { + PORT_SetError (SEC_ERROR_BAD_DER); + return (SECFailure); + } + + /* Check the crl extensions for a critial extension. If one is found, + and the version is not v2, then we are done. + */ + if (crl->extensions) { + hasCriticalExten = cert_HasCriticalExtension (crl->extensions); + if (hasCriticalExten) { + if (version != SEC_CRL_VERSION_2) + return (SECFailure); + /* make sure that there is no unknown critical extension */ + if (cert_HasUnknownCriticalExten (crl->extensions) == PR_TRUE) { + PORT_SetError (SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION); + return (SECFailure); + } + } + } + + + if (crl->entries == NULL) { + if (hasCriticalExten == PR_FALSE && version == SEC_CRL_VERSION_2) { + PORT_SetError (SEC_ERROR_BAD_DER); + return (SECFailure); + } + return (SECSuccess); + } + /* Look in the crl entry extensions. If there is a critical extension, + then the crl version must be v2; otherwise, it should be v1. + */ + entries = crl->entries; + while (*entries) { + entry = *entries; + if (entry->extensions) { + /* If there is a critical extension in the entries, then the + CRL must be of version 2. If we already saw a critical extension, + there is no need to check the version again. + */ + if (hasCriticalExten == PR_FALSE) { + hasCriticalExten = cert_HasCriticalExtension (entry->extensions); + if (hasCriticalExten && version != SEC_CRL_VERSION_2) { + rv = SECFailure; + break; + } + } + + /* For each entry, make sure that it does not contain an unknown + critical extension. If it does, we must reject the CRL since + we don't know how to process the extension. + */ + if (cert_HasUnknownCriticalExten (entry->extensions) == PR_TRUE) { + PORT_SetError (SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION); + rv = SECFailure; + break; + } + } + ++entries; + } + if (rv == SECFailure) + return (rv); + + /* There is no critical extension, but the version is set to v2 */ + if (version != SEC_CRL_VERSION_1 && hasCriticalExten == PR_FALSE) { + PORT_SetError (SEC_ERROR_BAD_DER); + return (SECFailure); + } + return (SECSuccess); +} + +/* + * Generate a database key, based on the issuer name from a + * DER crl. + */ +SECStatus +CERT_KeyFromDERCrl(PRArenaPool *arena, SECItem *derCrl, SECItem *key) +{ + SECStatus rv; + CERTSignedData sd; + CERTCrlKey crlkey; + + PORT_Memset (&sd, 0, sizeof (sd)); + rv = SEC_ASN1DecodeItem (arena, &sd, CERT_SignedDataTemplate, derCrl); + if (rv != SECSuccess) { + return rv; + } + + PORT_Memset (&crlkey, 0, sizeof (crlkey)); + rv = SEC_ASN1DecodeItem(arena, &crlkey, cert_CrlKeyTemplate, &sd.data); + if (rv != SECSuccess) { + return rv; + } + + key->len = crlkey.derName.len; + key->data = crlkey.derName.data; + + return(SECSuccess); +} + +/* + * take a DER CRL or KRL and decode it into a CRL structure + */ +CERTSignedCrl * +CERT_DecodeDERCrl(PRArenaPool *narena, SECItem *derSignedCrl, int type) +{ + PRArenaPool *arena; + CERTSignedCrl *crl; + SECStatus rv; + + /* make a new arena */ + if (narena == NULL) { + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if ( !arena ) { + return NULL; + } + } else { + arena = narena; + } + + /* allocate the CRL structure */ + crl = (CERTSignedCrl *)PORT_ArenaZAlloc(arena, sizeof(CERTSignedCrl)); + if ( !crl ) { + goto loser; + } + + crl->arena = arena; + + /* Save the arena in the inner crl for CRL extensions support */ + crl->crl.arena = arena; + + /* decode the CRL info */ + switch (type) { + case SEC_CRL_TYPE: + rv = SEC_ASN1DecodeItem + (arena, crl, cert_SignedCrlTemplate, derSignedCrl); + if (rv != SECSuccess) + break; + + /* If the version is set to v2, make sure that it contains at + least 1 critical extension either the crl extensions or + crl entry extensions. */ + rv = cert_check_crl_version (&crl->crl); + break; + + case SEC_KRL_TYPE: + rv = SEC_ASN1DecodeItem + (arena, crl, cert_SignedKrlTemplate, derSignedCrl); + break; + default: + rv = SECFailure; + break; + } + + if (rv != SECSuccess) { + goto loser; + } + + crl->referenceCount = 1; + + return(crl); + +loser: + + if ((narena == NULL) && arena ) { + PORT_FreeArena(arena, PR_FALSE); + } + + return(0); +} + +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_IssuerAndSNTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CrlTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SetOfSignedCrlTemplate) + diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile new file mode 100644 index 000000000..10beb49d3 --- /dev/null +++ b/security/nss/lib/freebl/Makefile @@ -0,0 +1,331 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +-include config.mk + +CPORLN = ln -s + +ifdef USE_64 + DEFINES += -DNSS_USE_64 +endif + +ifdef USE_HYBRID + DEFINES += -DNSS_USE_HYBRID +endif + +# des.c wants _X86_ defined for intel CPUs. +# coreconf does this for windows, but not for Linux, FreeBSD, etc. +ifeq ($(CPU_ARCH),x86) +ifneq ($(OS_ARCH),WINNT) + OS_REL_CFLAGS += -D_X86_ +endif +endif + +ifeq ($(OS_ARCH),WINNT) +CPORLN = cp +ifneq ($(OS_TARGET),WIN16) + ASFILES = mpi_x86.asm + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D +endif +endif + + +ifeq ($(OS_ARCH),IRIX) +ifeq ($(USE_N32),1) + ASFILES = mpi_mips.s + ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE + DEFINES += -DMP_USE_UINT_DIGIT +else +endif +endif + +ifeq ($(OS_TARGET),Linux) +ifeq ($(CPU_ARCH),x86) + ASFILES = mpi_x86.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D +endif +endif + +ifeq ($(OS_ARCH),AIX) +DEFINES += -DMP_USE_UINT_DIGIT +ifndef USE_64 +DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD +endif +endif + +ifeq ($(OS_ARCH), HP-UX) +MKSHLIB += +k +vshlibunsats -u FREEBL_GetVector +e FREEBL_GetVector +ifndef FREEBL_EXTENDED_BUILD +ifdef USE_PURE_32 +# build for DA1.1 (HP PA 1.1) pure 32 bit model + DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD +else +ifdef USE_64 +# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 32-bit digits + MPI_SRCS += mpi_hp.c + ASFILES += hpma512.s hppa20.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE +else +# this builds for DA2.0 (HP PA 2.0 Narrow) hybrid model +# (the 32-bit ABI with 64-bit registers) using 32-bit digits + MPI_SRCS += mpi_hp.c + ASFILES += hpma512.s hppa20.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE +# This is done in coreconf by defining USE_LONG_LONGS +# OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 +endif +endif +endif +endif + +# Note: -xarch=v8 or v9 is now done in coreconf +ifeq ($(OS_TARGET),SunOS) +ifeq ($(CPU_ARCH),sparc) +ifndef NS_USE_GCC +ifndef USE_PURE_32 + OS_CFLAGS += -xchip=ultra2 +endif +endif +ifeq ($(OS_RELEASE),5.5.1) + SYSV_SPARC = 1 +endif +ifeq ($(OS_RELEASE),5.6) + SYSV_SPARC = 1 +endif +ifeq ($(OS_RELEASE),5.7) + SYSV_SPARC = 1 +endif +ifeq ($(OS_RELEASE),5.8) + SYSV_SPARC = 1 +endif +ifeq ($(SYSV_SPARC),1) +SOLARIS_AS = /usr/ccs/bin/as +ifdef NS_USE_GCC +LD = gcc +DSO_LDOPTS += -shared -Wl,-B,symbolic,-z,defs,-z,now,-z,text,-M,mapfile.Solaris +else +MKSHLIB += -B symbolic -z defs -z now -z text -M mapfile.Solaris +endif +ifdef USE_PURE_32 +# this builds for Sparc v8 pure 32-bit architecture + DEFINES += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD +else +ifdef USE_64 +# this builds for Sparc v9a pure 64-bit architecture + MPI_SRCS += mpi_sparc.c + ASFILES = mpv_sparcv9.s montmulfv9.s + DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_USING_MONT_MULF + DEFINES += -DMP_USE_UINT_DIGIT +# MPI_SRCS += mpv_sparc.c +# removed -xdepend from the following line + SOLARIS_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt + SOLARIS_AS_FLAGS = -xarch=v9a -K PIC +else +# this builds for Sparc v8+a hybrid architecture, 64-bit registers, 32-bit ABI + MPI_SRCS += mpi_sparc.c + ASFILES = mpv_sparcv8.s montmulfv8.s + DEFINES += -DMP_NO_MP_WORD -DMP_ASSEMBLY_MULTIPLY -DMP_USING_MONT_MULF + DEFINES += -DMP_USE_UINT_DIGIT + SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC +# ASM_SUFFIX = .S +endif +endif +endif +endif +endif + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +export:: private_export + +rijndael_tables: + $(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \ + $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a + $(OBJDIR)/make_rijndael_tab + +ifdef MOZILLA_BSAFE_BUILD + +private_export:: +ifeq ($(OS_ARCH), WINNT) + rm -f $(DIST)/lib/bsafe$(BSAFEVER).lib +endif + $(NSINSTALL) -R $(BSAFEPATH) $(DIST)/lib +endif + +mp%.h : mpi/mp%.h + -$(CPORLN) $< . + +mp%.c : mpi/mp%.c + -$(CPORLN) $< . + +mp%.S : mpi/mp%.S + -$(CPORLN) $< . + +mp%.s : mpi/mp%.s + -$(CPORLN) $< . + +mp%.asm : mpi/mp%.asm + -$(CPORLN) $< . + +logtab.h : mpi/logtab.h + -$(CPORLN) $< . + +primes.c : mpi/primes.c + -$(CPORLN) $< . + +vis%.il : mpi/vis%.il + -$(CPORLN) $< . + +vis%.h : mpi/vis%.h + -$(CPORLN) $< . + +mont% : mpi/mont% + -$(CPORLN) $< . + +hp%.s : mpi/hp%.s + -$(CPORLN) $< . + +.PRECIOUS : $(MPI_SRCS) $(MPI_HDRS) $(ASFILES) + +ALL_TRASH += $(MPI_SRCS) $(MPI_HDRS) $(ASFILES) primes.c mont* + +DEFINES += -DMP_API_COMPATIBLE + +MPI_USERS = dh.c pqg.c dsa.c rsa.c + +MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX))) +MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX))) + +$(MPI_OBJS): $(MPI_HDRS) primes.c + +ifeq ($(SYSV_SPARC),1) +SPARCFIX = $(OBJDIR)/sparcfix + +$(SPARCFIX): sparcfix.c + @$(MAKE_OBJDIR) + $(CC) -o $@ -O sparcfix.c -lelf + +#$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s $(SPARCFIX) +$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s + @$(MAKE_OBJDIR) + $(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $*.s +# $(SPARCFIX) $@ + +$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s + @$(MAKE_OBJDIR) + $(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $*.s + +$(OBJDIR)/mpv_sparc.o: vis_64.il vis_proto.h mpv_sparc.c + @$(MAKE_OBJDIR) + $(CC) -o $@ $(SOLARIS_FLAGS) -c vis_64.il mpv_sparc.c + +$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h +endif + +ifeq ($(OS_ARCH), HP-UX) +$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h +endif + +$(OBJDIR)/ldvector.o $(OBJDIR)/loader.o : loader.h + +ifdef FREEBL_EXTENDED_BUILD + +PURE32DIR = $(OS_ARCH)pure32 +ALL_TRASH += $(PURE32DIR) + +FILES2LN = \ + $(ALL_HDRS) \ + $(ALL_CSRCS) \ + $(wildcard *.tab) \ + $(wildcard mapfile.*) \ + Makefile manifest.mn config.mk + +LINKEDFILES = $(addprefix $(PURE32DIR)/, $(FILES2LN)) + +$(PURE32DIR): + -mkdir $(PURE32DIR) + -ln -s ../mpi $(PURE32DIR) + +$(LINKEDFILES) : $(PURE32DIR)/% : % + ln -s ../$* $(PURE32DIR) + +libs:: + $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_HYBRID=1 libs + +libs:: $(PURE32DIR) $(LINKEDFILES) + cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 libs + +release_md:: + $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_HYBRID=1 $@ + cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 $@ + +endif diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c new file mode 100644 index 000000000..ff748ba3b --- /dev/null +++ b/security/nss/lib/freebl/rsa.c @@ -0,0 +1,693 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + * + */ + +/* + * RSA key generation, public key op, private key op. + * + * $Id$ + */ + +#include "secerr.h" + +#include "prclist.h" +#include "nssilock.h" +#include "prinit.h" +#include "blapi.h" +#include "mpi.h" +#include "mpprime.h" +#include "mplogic.h" +#include "secmpi.h" +#include "secitem.h" + +/* +** Number of times to attempt to generate a prime (p or q) from a random +** seed (the seed changes for each iteration). +*/ +#define MAX_PRIME_GEN_ATTEMPTS 10 +/* +** Number of times to attempt to generate a key. The primes p and q change +** for each attempt. +*/ +#define MAX_KEY_GEN_ATTEMPTS 10 + +/* +** RSABlindingParamsStr +** +** For discussion of Paul Kocher's timing attack against an RSA private key +** operation, see http://www.cryptography.com/timingattack/paper.html. The +** countermeasure to this attack, known as blinding, is also discussed in +** the Handbook of Applied Cryptography, 11.118-11.119. +*/ +struct RSABlindingParamsStr +{ + /* Blinding-specific parameters */ + PRCList link; /* link to list of structs */ + SECItem modulus; /* list element "key" */ + mp_int f, g; /* Blinding parameters */ + int counter; /* number of remaining uses of (f, g) */ +}; + +/* +** RSABlindingParamsListStr +** +** List of key-specific blinding params. The arena holds the volatile pool +** of memory for each entry and the list itself. The lock is for list +** operations, in this case insertions and iterations, as well as control +** of the counter for each set of blinding parameters. +*/ +struct RSABlindingParamsListStr +{ + PZLock *lock; /* Lock for the list */ + PRCList head; /* Pointer to the list */ +}; + +/* +** The master blinding params list. +*/ +static struct RSABlindingParamsListStr blindingParamsList = { 0 }; + +/* Number of times to reuse (f, g). Suggested by Paul Kocher */ +#define RSA_BLINDING_PARAMS_MAX_REUSE 50 + +/* Global, allows optional use of blinding. On by default. */ +/* Cannot be changed at the moment, due to thread-safety issues. */ +static PRBool nssRSAUseBlinding = PR_TRUE; + +static SECStatus +rsa_keygen_from_primes(mp_int *p, mp_int *q, mp_int *e, RSAPrivateKey *key, + unsigned int keySizeInBits) +{ + mp_int n, d, phi; + mp_int psub1, qsub1, tmp; + mp_err err = MP_OKAY; + SECStatus rv = SECSuccess; + MP_DIGITS(&n) = 0; + MP_DIGITS(&d) = 0; + MP_DIGITS(&phi) = 0; + MP_DIGITS(&psub1) = 0; + MP_DIGITS(&qsub1) = 0; + MP_DIGITS(&tmp) = 0; + CHECK_MPI_OK( mp_init(&n) ); + CHECK_MPI_OK( mp_init(&d) ); + CHECK_MPI_OK( mp_init(&phi) ); + CHECK_MPI_OK( mp_init(&psub1) ); + CHECK_MPI_OK( mp_init(&qsub1) ); + CHECK_MPI_OK( mp_init(&tmp) ); + /* 1. Compute n = p*q */ + CHECK_MPI_OK( mp_mul(p, q, &n) ); + /* verify that the modulus has the desired number of bits */ + if ((unsigned)mpl_significant_bits(&n) != keySizeInBits) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); + rv = SECFailure; + goto cleanup; + } + /* 2. Compute phi = (p-1)*(q-1) */ + CHECK_MPI_OK( mp_sub_d(p, 1, &psub1) ); + CHECK_MPI_OK( mp_sub_d(q, 1, &qsub1) ); + CHECK_MPI_OK( mp_mul(&psub1, &qsub1, &phi) ); + /* 3. Compute d = e**-1 mod(phi) */ + err = mp_invmod(e, &phi, &d); + /* Verify that phi(n) and e have no common divisors */ + if (err != MP_OKAY) { + if (err == MP_UNDEF) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); + err = MP_OKAY; /* to keep PORT_SetError from being called again */ + rv = SECFailure; + } + goto cleanup; + } + MPINT_TO_SECITEM(&n, &key->modulus, key->arena); + MPINT_TO_SECITEM(&d, &key->privateExponent, key->arena); + /* 4. Compute exponent1 = d mod (p-1) */ + CHECK_MPI_OK( mp_mod(&d, &psub1, &tmp) ); + MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena); + /* 5. Compute exponent2 = d mod (q-1) */ + CHECK_MPI_OK( mp_mod(&d, &qsub1, &tmp) ); + MPINT_TO_SECITEM(&tmp, &key->exponent2, key->arena); + /* 6. Compute coefficient = q**-1 mod p */ + CHECK_MPI_OK( mp_invmod(q, p, &tmp) ); + MPINT_TO_SECITEM(&tmp, &key->coefficient, key->arena); +cleanup: + mp_clear(&n); + mp_clear(&d); + mp_clear(&phi); + mp_clear(&psub1); + mp_clear(&qsub1); + mp_clear(&tmp); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} +static SECStatus +generate_prime(mp_int *prime, int primeLen) +{ + mp_err err = MP_OKAY; + SECStatus rv = SECSuccess; + unsigned long counter = 0; + int piter; + unsigned char *pb = NULL; + pb = PORT_Alloc(primeLen); + if (!pb) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + goto cleanup; + } + for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) { + CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) ); + pb[0] |= 0xC0; /* set two high-order bits */ + pb[primeLen-1] |= 0x01; /* set low-order bit */ + CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) ); + err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter); + if (err != MP_NO) + goto cleanup; + /* keep going while err == MP_NO */ + } +cleanup: + if (pb) + PORT_ZFree(pb, primeLen); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +/* +** Generate and return a new RSA public and private key. +** Both keys are encoded in a single RSAPrivateKey structure. +** "cx" is the random number generator context +** "keySizeInBits" is the size of the key to be generated, in bits. +** 512, 1024, etc. +** "publicExponent" when not NULL is a pointer to some data that +** represents the public exponent to use. The data is a byte +** encoded integer, in "big endian" order. +*/ +RSAPrivateKey * +RSA_NewKey(int keySizeInBits, SECItem *publicExponent) +{ + unsigned int primeLen; + mp_int p, q, e; + int kiter; + mp_err err = MP_OKAY; + SECStatus rv = SECSuccess; + int prerr = 0; + RSAPrivateKey *key = NULL; + PRArenaPool *arena = NULL; + /* Require key size to be a multiple of 16 bits. */ + if (!publicExponent || keySizeInBits % 16 != 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + /* 1. Allocate arena & key */ + arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); + if (!arena) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return NULL; + } + key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey)); + if (!key) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + PORT_FreeArena(arena, PR_TRUE); + return NULL; + } + key->arena = arena; + /* length of primes p and q (in bytes) */ + primeLen = keySizeInBits / (2 * BITS_PER_BYTE); + MP_DIGITS(&p) = 0; + MP_DIGITS(&q) = 0; + MP_DIGITS(&e) = 0; + CHECK_MPI_OK( mp_init(&p) ); + CHECK_MPI_OK( mp_init(&q) ); + CHECK_MPI_OK( mp_init(&e) ); + /* 2. Set the version number (PKCS1 v1.5 says it should be zero) */ + SECITEM_AllocItem(arena, &key->version, 1); + key->version.data[0] = 0; + /* 3. Set the public exponent */ + SECITEM_CopyItem(arena, &key->publicExponent, publicExponent); + SECITEM_TO_MPINT(*publicExponent, &e); + kiter = 0; + do { + PORT_SetError(0); + CHECK_SEC_OK( generate_prime(&p, primeLen) ); + CHECK_SEC_OK( generate_prime(&q, primeLen) ); + /* Assure q < p */ + if (mp_cmp(&p, &q) < 0) + mp_exch(&p, &q); + /* Attempt to use these primes to generate a key */ + rv = rsa_keygen_from_primes(&p, &q, &e, key, keySizeInBits); + if (rv == SECSuccess) + break; /* generated two good primes */ + prerr = PORT_GetError(); + kiter++; + /* loop until have primes */ + } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < MAX_KEY_GEN_ATTEMPTS); + if (prerr) + goto cleanup; + MPINT_TO_SECITEM(&p, &key->prime1, arena); + MPINT_TO_SECITEM(&q, &key->prime2, arena); +cleanup: + mp_clear(&p); + mp_clear(&q); + mp_clear(&e); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + if (rv && arena) { + PORT_FreeArena(arena, PR_TRUE); + key = NULL; + } + return key; +} + +static unsigned int +rsa_modulusLen(SECItem *modulus) +{ + unsigned char byteZero = modulus->data[0]; + unsigned int modLen = modulus->len - !byteZero; + return modLen; +} + +/* +** Perform a raw public-key operation +** Length of input and output buffers are equal to key's modulus len. +*/ +SECStatus +RSA_PublicKeyOp(RSAPublicKey *key, + unsigned char *output, + const unsigned char *input) +{ + unsigned int modLen; + mp_int n, e, m, c; + mp_err err = MP_OKAY; + SECStatus rv = SECSuccess; + if (!key || !output || !input) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + MP_DIGITS(&n) = 0; + MP_DIGITS(&e) = 0; + MP_DIGITS(&m) = 0; + MP_DIGITS(&c) = 0; + CHECK_MPI_OK( mp_init(&n) ); + CHECK_MPI_OK( mp_init(&e) ); + CHECK_MPI_OK( mp_init(&m) ); + CHECK_MPI_OK( mp_init(&c) ); + modLen = rsa_modulusLen(&key->modulus); + /* 1. Obtain public key (n, e) */ + SECITEM_TO_MPINT(key->modulus, &n); + SECITEM_TO_MPINT(key->publicExponent, &e); + /* 2. Represent message as integer in range [0..n-1] */ + CHECK_MPI_OK( mp_read_unsigned_octets(&m, input, modLen) ); + /* 3. Compute c = m**e mod n */ +#ifdef USE_MPI_EXPT_D + /* XXX see which is faster */ + if (MP_USED(&e) == 1) { + CHECK_MPI_OK( mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c) ); + } else +#endif + CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) ); + /* 4. result c is ciphertext */ + err = mp_to_fixlen_octets(&c, output, modLen); + if (err >= 0) err = MP_OKAY; +cleanup: + mp_clear(&n); + mp_clear(&e); + mp_clear(&m); + mp_clear(&c); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +/* +** RSA Private key operation (no CRT). +*/ +static SECStatus +rsa_PrivateKeyOp(RSAPrivateKey *key, mp_int *m, mp_int *c, mp_int *n, + unsigned int modLen) +{ + mp_int d; + mp_err err = MP_OKAY; + SECStatus rv = SECSuccess; + MP_DIGITS(&d) = 0; + CHECK_MPI_OK( mp_init(&d) ); + SECITEM_TO_MPINT(key->privateExponent, &d); + /* 1. m = c**d mod n */ + CHECK_MPI_OK( mp_exptmod(c, &d, n, m) ); +cleanup: + mp_clear(&d); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +/* +** RSA Private key operation using CRT. +*/ +static SECStatus +rsa_PrivateKeyOpCRT(RSAPrivateKey *key, mp_int *m, mp_int *c, + unsigned int modLen) +{ + mp_int p, q, d_p, d_q, qInv; + mp_int m1, m2, b2, h, ctmp; + mp_err err = MP_OKAY; + SECStatus rv = SECSuccess; + MP_DIGITS(&p) = 0; + MP_DIGITS(&q) = 0; + MP_DIGITS(&d_p) = 0; + MP_DIGITS(&d_q) = 0; + MP_DIGITS(&qInv) = 0; + MP_DIGITS(&m1) = 0; + MP_DIGITS(&m2) = 0; + MP_DIGITS(&b2) = 0; + MP_DIGITS(&h) = 0; + MP_DIGITS(&ctmp) = 0; + CHECK_MPI_OK( mp_init(&p) ); + CHECK_MPI_OK( mp_init(&q) ); + CHECK_MPI_OK( mp_init(&d_p) ); + CHECK_MPI_OK( mp_init(&d_q) ); + CHECK_MPI_OK( mp_init(&qInv) ); + CHECK_MPI_OK( mp_init(&m1) ); + CHECK_MPI_OK( mp_init(&m2) ); + CHECK_MPI_OK( mp_init(&b2) ); + CHECK_MPI_OK( mp_init(&h) ); + CHECK_MPI_OK( mp_init(&ctmp) ); + /* copy private key parameters into mp integers */ + SECITEM_TO_MPINT(key->prime1, &p); /* p */ + SECITEM_TO_MPINT(key->prime2, &q); /* q */ + SECITEM_TO_MPINT(key->exponent1, &d_p); /* d_p = d mod (p-1) */ + SECITEM_TO_MPINT(key->exponent2, &d_q); /* d_p = d mod (q-1) */ + SECITEM_TO_MPINT(key->coefficient, &qInv); /* qInv = q**-1 mod p */ + /* 1. m1 = c**d_p mod p */ + CHECK_MPI_OK( mp_mod(c, &p, &ctmp) ); + CHECK_MPI_OK( mp_exptmod(&ctmp, &d_p, &p, &m1) ); + /* 2. m2 = c**d_q mod q */ + CHECK_MPI_OK( mp_mod(c, &q, &ctmp) ); + CHECK_MPI_OK( mp_exptmod(&ctmp, &d_q, &q, &m2) ); + /* 3. h = (m1 - m2) * qInv mod p */ + CHECK_MPI_OK( mp_submod(&m1, &m2, &p, &h) ); + CHECK_MPI_OK( mp_mulmod(&h, &qInv, &p, &h) ); + /* 4. m = m2 + h * q */ + CHECK_MPI_OK( mp_mul(&h, &q, m) ); + CHECK_MPI_OK( mp_add(m, &m2, m) ); +cleanup: + mp_clear(&p); + mp_clear(&q); + mp_clear(&d_p); + mp_clear(&d_q); + mp_clear(&qInv); + mp_clear(&m1); + mp_clear(&m2); + mp_clear(&b2); + mp_clear(&h); + mp_clear(&ctmp); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +static PRCallOnceType coBPInit = { 0, 0, 0 }; +static PRStatus +init_blinding_params_list(void) +{ + blindingParamsList.lock = PZ_NewLock(nssILockOther); + if (!blindingParamsList.lock) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return PR_FAILURE; + } + PR_INIT_CLIST(&blindingParamsList.head); + return PR_SUCCESS; +} + +static SECStatus +generate_blinding_params(struct RSABlindingParamsStr *rsabp, + RSAPrivateKey *key, mp_int *n, unsigned int modLen) +{ + SECStatus rv = SECSuccess; + mp_int e, k; + mp_err err = MP_OKAY; + unsigned char *kb = NULL; + MP_DIGITS(&e) = 0; + MP_DIGITS(&k) = 0; + CHECK_MPI_OK( mp_init(&e) ); + CHECK_MPI_OK( mp_init(&k) ); + SECITEM_TO_MPINT(key->publicExponent, &e); + /* generate random k < n */ + kb = PORT_Alloc(modLen); + if (!kb) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + goto cleanup; + } + CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(kb, modLen) ); + CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, modLen) ); + /* k < n */ + CHECK_MPI_OK( mp_mod(&k, n, &k) ); + /* f = k**e mod n */ + CHECK_MPI_OK( mp_exptmod(&k, &e, n, &rsabp->f) ); + /* g = k**-1 mod n */ + CHECK_MPI_OK( mp_invmod(&k, n, &rsabp->g) ); + /* Initialize the counter for this (f, g) */ + rsabp->counter = RSA_BLINDING_PARAMS_MAX_REUSE; +cleanup: + if (kb) + PORT_ZFree(kb, modLen); + mp_clear(&k); + mp_clear(&e); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +static SECStatus +init_blinding_params(struct RSABlindingParamsStr *rsabp, RSAPrivateKey *key, + mp_int *n, unsigned int modLen) +{ + SECStatus rv = SECSuccess; + mp_err err = MP_OKAY; + MP_DIGITS(&rsabp->f) = 0; + MP_DIGITS(&rsabp->g) = 0; + /* initialize blinding parameters */ + CHECK_MPI_OK( mp_init(&rsabp->f) ); + CHECK_MPI_OK( mp_init(&rsabp->g) ); + /* List elements are keyed using the modulus */ + SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus); + CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) ); + return SECSuccess; +cleanup: + mp_clear(&rsabp->f); + mp_clear(&rsabp->g); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} + +static SECStatus +get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, + mp_int *f, mp_int *g) +{ + SECStatus rv = SECSuccess; + mp_err err = MP_OKAY; + int cmp; + PRCList *el; + struct RSABlindingParamsStr *rsabp = NULL; + /* Init the list if neccessary (the init function is only called once!) */ + if (blindingParamsList.lock == NULL) { + if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + } + /* Acquire the list lock */ + PZ_Lock(blindingParamsList.lock); + /* Walk the list looking for the private key */ + for (el = PR_NEXT_LINK(&blindingParamsList.head); + el != &blindingParamsList.head; + el = PR_NEXT_LINK(el)) { + rsabp = (struct RSABlindingParamsStr *)el; + cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus); + if (cmp == 0) { + /* Check the usage counter for the parameters */ + if (--rsabp->counter <= 0) { + /* Regenerate the blinding parameters */ + CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) ); + } + /* Return the parameters */ + CHECK_MPI_OK( mp_copy(&rsabp->f, f) ); + CHECK_MPI_OK( mp_copy(&rsabp->g, g) ); + /* Now that the params are located, release the list lock. */ + PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */ + return SECSuccess; + } else if (cmp > 0) { + /* The key is not in the list. Break to param creation. */ + break; + } + } + /* At this point, the key is not in the list. el should point to the + ** list element that this key should be inserted before. NOTE: the list + ** lock is still held, so there cannot be a race condition here. + */ + rsabp = (struct RSABlindingParamsStr *) + PORT_ZAlloc(sizeof(struct RSABlindingParamsStr)); + if (!rsabp) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + goto cleanup; + } + /* Initialize the list pointer for the element */ + PR_INIT_CLIST(&rsabp->link); + /* Initialize the blinding parameters + ** This ties up the list lock while doing some heavy, element-specific + ** operations, but we don't want to insert the element until it is valid, + ** which requires computing the blinding params. If this proves costly, + ** it could be done after the list lock is released, and then if it fails + ** the lock would have to be reobtained and the invalid element removed. + */ + rv = init_blinding_params(rsabp, key, n, modLen); + if (rv != SECSuccess) { + PORT_ZFree(rsabp, sizeof(struct RSABlindingParamsStr)); + goto cleanup; + } + /* Insert the new element into the list + ** If inserting in the middle of the list, el points to the link + ** to insert before. Otherwise, the link needs to be appended to + ** the end of the list, which is the same as inserting before the + ** head (since el would have looped back to the head). + */ + PR_INSERT_BEFORE(&rsabp->link, el); + /* Return the parameters */ + CHECK_MPI_OK( mp_copy(&rsabp->f, f) ); + CHECK_MPI_OK( mp_copy(&rsabp->g, g) ); + /* Release the list lock */ + PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */ + return SECSuccess; +cleanup: + /* It is possible to reach this after the lock is already released. + ** Ignore the error in that case. + */ + PZ_Unlock(blindingParamsList.lock); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return SECFailure; +} + +/* +** Perform a raw private-key operation +** Length of input and output buffers are equal to key's modulus len. +*/ +SECStatus +RSA_PrivateKeyOp(RSAPrivateKey *key, + unsigned char *output, + const unsigned char *input) +{ + unsigned int modLen; + unsigned int offset; + SECStatus rv; + mp_err err; + mp_int n, c, m; + mp_int f, g; + if (!key || !output || !input) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + /* check input out of range (needs to be in range [0..n-1]) */ + modLen = rsa_modulusLen(&key->modulus); + offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */ + if (memcmp(input, key->modulus.data + offset, modLen) >= 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + MP_DIGITS(&n) = 0; + MP_DIGITS(&c) = 0; + MP_DIGITS(&m) = 0; + MP_DIGITS(&f) = 0; + MP_DIGITS(&g) = 0; + CHECK_MPI_OK( mp_init(&n) ); + CHECK_MPI_OK( mp_init(&c) ); + CHECK_MPI_OK( mp_init(&m) ); + CHECK_MPI_OK( mp_init(&f) ); + CHECK_MPI_OK( mp_init(&g) ); + SECITEM_TO_MPINT(key->modulus, &n); + OCTETS_TO_MPINT(input, &c, modLen); + /* If blinding, compute pre-image of ciphertext by multiplying by + ** blinding factor + */ + if (nssRSAUseBlinding) { + CHECK_SEC_OK( get_blinding_params(key, &n, modLen, &f, &g) ); + /* c' = c*f mod n */ + CHECK_MPI_OK( mp_mulmod(&c, &f, &n, &c) ); + } + /* Do the private key operation m = c**d mod n */ + if ( key->prime1.len == 0 || + key->prime2.len == 0 || + key->exponent1.len == 0 || + key->exponent2.len == 0 || + key->coefficient.len == 0) { + CHECK_SEC_OK( rsa_PrivateKeyOp(key, &m, &c, &n, modLen) ); + } else { + CHECK_SEC_OK( rsa_PrivateKeyOpCRT(key, &m, &c, modLen) ); + } + /* If blinding, compute post-image of plaintext by multiplying by + ** blinding factor + */ + if (nssRSAUseBlinding) { + /* m = m'*g mod n */ + CHECK_MPI_OK( mp_mulmod(&m, &g, &n, &m) ); + } + err = mp_to_fixlen_octets(&m, output, modLen); + if (err >= 0) err = MP_OKAY; +cleanup: + mp_clear(&n); + mp_clear(&c); + mp_clear(&m); + mp_clear(&f); + mp_clear(&g); + if (err) { + MP_TO_SEC_ERROR(err); + rv = SECFailure; + } + return rv; +} |