RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 12-May-2014 21:57:21
Branch: rpm-5_4 Handle: 2014051219571801
Modified files: (Branch: rpm-5_4)
rpm CHANGES
rpm/rpmio rpmnss.c
Log:
- nss: ensure bit counts are correct.
Summary:
Revision Changes Path
1.3501.2.391+1 -0 rpm/CHANGES
1.40.2.14 +45 -26 rpm/rpmio/rpmnss.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3501.2.390 -r1.3501.2.391 CHANGES
--- rpm/CHANGES 12 May 2014 19:54:40 -0000 1.3501.2.390
+++ rpm/CHANGES 12 May 2014 19:57:18 -0000 1.3501.2.391
@@ -1,4 +1,5 @@
5.4.14 -> 5.4.15:
+ - jbj: nss: ensure bit counts are correct.
- jbj: bc: stub in ECDSA parameters, ensure bit counts are correct.
- jbj: ltc: add DSA2 support.
- jbj: ltc: prefer/use non-repudiable ecdsa signature.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmnss.c
============================================================================
$ cvs diff -u -r1.40.2.13 -r1.40.2.14 rpmnss.c
--- rpm/rpmio/rpmnss.c 8 May 2014 01:40:50 -0000 1.40.2.13
+++ rpm/rpmio/rpmnss.c 12 May 2014 19:57:19 -0000 1.40.2.14
@@ -43,6 +43,23 @@
((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN,
(_dig)->hash_algoN); \
}
+/* XXX gcc has __builtin_clz */
+# if !defined __GNUC__ || __GNUC__ < 3
+static int __builtin_clz(uint32_t x)
+{
+ int n = 0;
+
+ if (x == 0)
+ return 32;
+ if ((x & 0xffff0000) == 0) { n += 16; x << 16; }
+ if ((x & 0xff000000) == 0) { n += 8; x << 8; }
+ if ((x & 0xf0000000) == 0) { n += 4; x << 4; }
+ if ((x & 0xc0000000) == 0) { n += 2; x << 2; }
+ if ((x & 0x80000000) == 0) { n += 1; x << 1; }
+ return n;
+}
+#endif
+
/*==============================================================*/
typedef struct keyNV_s {
@@ -564,7 +581,7 @@
rc = 0;
exit:
-SPEW(rc, !rc, dig);
+SPEW(0, !rc, dig); /* XXX don't spew on mismatch. */
return rc;
}
@@ -635,7 +652,7 @@
rc = 0;
exit:
-SPEW(rc, !rc, dig);
+SPEW(0, !rc, dig); /* XXX don't spew on mismatch. */
return rc;
}
@@ -773,7 +790,7 @@
rc = 1; /* XXX always fail */
-SPEW(rc, !rc, dig);
+SPEW(0, !rc, dig); /* XXX don't spew on mismatch. */
return rc;
}
@@ -809,7 +826,7 @@
rc = 0;
exit:
-SPEW(rc, !rc, dig);
+SPEW(0, !rc, dig); /* XXX don't spew on mismatch. */
return rc;
}
@@ -1616,43 +1633,49 @@
case PGPPUBKEYALGO_RSA:
/* RSA n */
bn = 8 * nss->pub_key->u.rsa.modulus.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.rsa.modulus.data, 4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.rsa.modulus.data, bn/8);
be += bn/8;
/* RSA e */
bn = 8 * nss->pub_key->u.rsa.publicExponent.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.rsa.publicExponent.data,4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.rsa.publicExponent.data, bn/8);
be += bn/8;
break;
case PGPPUBKEYALGO_DSA:
/* DSA p */
bn = 8 * nss->pub_key->u.dsa.params.prime.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.dsa.params.prime.data, 4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.dsa.params.prime.data, bn/8);
be += bn/8;
/* DSA q */
bn = 8 * nss->pub_key->u.dsa.params.subPrime.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.dsa.params.subPrime.data,
4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.dsa.params.subPrime.data, bn/8);
be += bn/8;
/* DSA g */
bn = 8 * nss->pub_key->u.dsa.params.base.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.dsa.params.base.data, 4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.dsa.params.base.data, bn/8);
be += bn/8;
bn = 8 * nss->pub_key->u.dsa.publicValue.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.dsa.publicValue.data, 4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.dsa.publicValue.data, bn/8);
be += bn/8;
break;
@@ -1666,8 +1689,9 @@
/* ECDSA Q */
bn = 8 * nss->pub_key->u.ec.publicValue.len;
- bn += 7; bn &= ~7;
+ bn -= __builtin_clz(pgpGrab(nss->pub_key->u.ec.publicValue.data, 4));
*be++ = (bn >> 8); *be++ = (bn );
+ bn += 7; bn &= ~7;
memcpy(be, nss->pub_key->u.ec.publicValue.data, bn/8);
be += bn/8;
break;
@@ -1815,10 +1839,9 @@
assert(0);
break;
case PGPPUBKEYALGO_RSA:
- bn = 8 * (nss->sig->len);
+ bn = 8 * nss->sig->len - __builtin_clz(pgpGrab(nss->sig->data, 4));
+ *be++ = (bn >> 8); *be++ = (bn );
bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
memcpy(be, nss->sig->data, bn/8);
be += bn/8;
break;
@@ -1826,17 +1849,15 @@
{ unsigned int nb = nss->qbits/8; /* XXX FIXME */
SECItem * sig = DSAU_DecodeDerSigToLen(nss->sig, 2 * nb);
assert(sig != NULL);
- bn = 8 * (sig->len/2);
+ bn = 8 * (sig->len/2) - __builtin_clz(pgpGrab(sig->data , 4));
+ *be++ = (bn >> 8); *be++ = (bn );
bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
memcpy(be, sig->data, bn/8);
be += bn/8;
- bn = 8 * (sig->len/2);
+ bn = 8 * (sig->len/2) - __builtin_clz(pgpGrab(sig->data+sig->len/2, 4));
+ *be++ = (bn >> 8); *be++ = (bn );
bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
memcpy(be, sig->data + (bn/8), bn/8);
be += bn/8;
SECITEM_ZfreeItem(sig, PR_TRUE);
@@ -1845,17 +1866,15 @@
{ unsigned int nb = nss->qbits/8; /* XXX FIXME */
SECItem * sig = DSAU_DecodeDerSigToLen(nss->sig, 2 * nb);
assert(sig != NULL);
- bn = 8 * (sig->len/2);
+ bn = 8 * (sig->len/2) - __builtin_clz(pgpGrab(sig->data , 4));
+ *be++ = (bn >> 8); *be++ = (bn );
bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
memcpy(be, sig->data, bn/8);
be += bn/8;
- bn = 8 * (sig->len/2);
+ bn = 8 * (sig->len/2) - __builtin_clz(pgpGrab(sig->data+sig->len/2, 4));
+ *be++ = (bn >> 8); *be++ = (bn );
bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
memcpy(be, sig->data + (bn/8), bn/8);
be += bn/8;
SECITEM_ZfreeItem(sig, PR_TRUE);
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
