Backed out changeset 6c1092f5203f
authorJohn M. Schanck <jschanck@mozilla.com>
Tue, 22 Mar 2022 12:57:53 -0700
changeset 16159 ffa1e4ce758af719cf355eb5566d4d358b4e1319
parent 16158 31bce2dae97b6837eb77b873608c456ca077b96a
child 16160 b83ad33acd678c78c91b836ad42310e75cac3361
push id4106
push userjschanck@mozilla.com
push dateTue, 22 Mar 2022 19:58:55 +0000
backs out6c1092f5203ff4b00be422b0b602551a5a7e0ba6
Backed out changeset 6c1092f5203f Caused Windows gyp build failures for cmd/mpitests
cmd/mpitests/mpi-test.c
lib/freebl/Makefile
lib/freebl/dh.c
lib/freebl/freebl_base.gypi
lib/freebl/manifest.mn
lib/freebl/mpi/mpprime.c
lib/freebl/mpi/mpprime.h
lib/freebl/pqg.c
lib/freebl/rsa.c
lib/freebl/secmpi.c
lib/freebl/secmpi.h
--- a/cmd/mpitests/mpi-test.c
+++ b/cmd/mpitests/mpi-test.c
@@ -12,19 +12,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
 #include <limits.h>
 #include <time.h>
 
-#include "blapi.h"
 #include "mpi.h"
-#include "secmpi.h"
 #include "mpprime.h"
 
 #include "test-info.c"
 
 /* ZS means Zero Suppressed (no leading zeros) */
 #if MP_USE_LONG_DIGIT
 #define ZS_DIGIT_FMT "%lX"
 #elif MP_USE_LONG_LONG_DIGIT
@@ -2042,42 +2040,41 @@ test_raw(void)
 
 int
 test_pprime(void)
 {
     mp_int p;
     int err = 0;
     mp_err res;
 
-    RNG_RNGInit();
     mp_init(&p);
     mp_read_radix(&p, mp7, 16);
 
-    if (mpp_pprime_secure(&p, 5) != MP_YES) {
+    if (mpp_pprime(&p, 5) != MP_YES) {
         reason("error: %s failed Rabin-Miller test, but is prime\n", mp7);
         err = 1;
     }
 
     IFOK(mp_set_int(&p, 9));
-    res = mpp_pprime_secure(&p, 50);
+    res = mpp_pprime(&p, 50);
     if (res == MP_YES) {
         reason("error: 9 is composite but passed Rabin-Miller test\n");
         err = 1;
     } else if (res != MP_NO) {
-        reason("test mpp_pprime_secure(9, 50) failed: error %d\n", res);
+        reason("test mpp_pprime(9, 50) failed: error %d\n", res);
         err = 1;
     }
 
     IFOK(mp_set_int(&p, 15));
-    res = mpp_pprime_secure(&p, 50);
+    res = mpp_pprime(&p, 50);
     if (res == MP_YES) {
         reason("error: 15 is composite but passed Rabin-Miller test\n");
         err = 1;
     } else if (res != MP_NO) {
-        reason("test mpp_pprime_secure(15, 50) failed: error %d\n", res);
+        reason("test mpp_pprime(15, 50) failed: error %d\n", res);
         err = 1;
     }
 
     mp_clear(&p);
 
     return err;
 }
 
--- a/lib/freebl/Makefile
+++ b/lib/freebl/Makefile
@@ -654,17 +654,17 @@ vpath %.c mpi ecl verified deprecated
 vpath %.S mpi ecl
 vpath %.s mpi ecl
 vpath %.asm mpi ecl
 INCLUDES += -Impi -Iecl -Iverified -Iverified/kremlin/include -Iverified/kremlin/kremlib/dist/minimal -Ideprecated
 
 
 DEFINES += -DMP_API_COMPATIBLE
 
-MPI_USERS = secmpi.c dh.c pqg.c dsa.c rsa.c ec.c
+MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c
 
 MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
 MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
 
 $(MPI_OBJS): $(MPI_HDRS)
 
 ECL_USERS = ec.c
 
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -12,16 +12,17 @@
 
 #include "prerr.h"
 #include "secerr.h"
 
 #include "blapi.h"
 #include "blapii.h"
 #include "secitem.h"
 #include "mpi.h"
+#include "mpprime.h"
 #include "secmpi.h"
 
 #define KEA_DERIVED_SECRET_LEN 128
 
 /* Lengths are in bytes. */
 static unsigned int
 dh_GetSecretKeyLen(unsigned int primeLen)
 {
@@ -431,17 +432,17 @@ dh_prime_testcount(int prime_length)
 PRBool
 KEA_PrimeCheck(SECItem *prime)
 {
     mp_int p;
     mp_err err = 0;
     MP_DIGITS(&p) = 0;
     CHECK_MPI_OK(mp_init(&p));
     SECITEM_TO_MPINT(*prime, &p);
-    CHECK_MPI_OK(mpp_pprime_secure(&p, dh_prime_testcount(prime->len)));
+    CHECK_MPI_OK(mpp_pprime(&p, dh_prime_testcount(prime->len)));
 cleanup:
     mp_clear(&p);
     return err ? PR_FALSE : PR_TRUE;
 }
 
 PRBool
 KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
 {
--- a/lib/freebl/freebl_base.gypi
+++ b/lib/freebl/freebl_base.gypi
@@ -55,17 +55,16 @@
     'rawhash.c',
     'rijndael.c',
     'rsa.c',
     'rsapkcs.c',
     'sha_fast.c',
     'shvfy.c',
     'sysrand.c',
     'tlsprfalg.c',
-    'secmpi.c',
   ],
   'conditions': [
     [ 'OS=="linux" or OS=="android"', {
       'conditions': [
         [ 'target_arch=="x64"', {
           'sources': [
             'arcfour-amd64-gas.s',
             'mpi/mpi_amd64.c',
--- a/lib/freebl/manifest.mn
+++ b/lib/freebl/manifest.mn
@@ -145,17 +145,16 @@ CSRCS = \
 	ecdecode.c \
 	pqg.c \
 	dsa.c \
 	rsa.c \
 	rsapkcs.c \
 	shvfy.c \
 	tlsprfalg.c \
 	jpake.c \
-	secmpi.c \
 	$(MPI_SRCS) \
 	$(MPCPU_SRCS) \
 	$(ECL_SRCS) \
 	$(VERIFIED_SRCS) \
 	$(STUBS_SRCS) \
 	$(LOWHASH_SRCS) \
 	$(EXTRA_SRCS) \
 	$(NULL)
--- a/lib/freebl/mpi/mpprime.c
+++ b/lib/freebl/mpi/mpprime.c
@@ -121,31 +121,29 @@ mpp_random(mp_int *a)
     }
 
     return MP_OKAY;
 
 } /* end mpp_random() */
 
 /* }}} */
 
-static mpp_random_fn mpp_random_insecure = &mpp_random;
-
 /* {{{ mpp_random_size(a, prec) */
 
 mp_err
 mpp_random_size(mp_int *a, mp_size prec)
 {
     mp_err res;
 
     ARGCHK(a != NULL && prec > 0, MP_BADARG);
 
     if ((res = s_mp_pad(a, prec)) != MP_OKAY)
         return res;
 
-    return (*mpp_random_insecure)(a);
+    return mpp_random(a);
 
 } /* end mpp_random_size() */
 
 /* }}} */
 
 /* {{{ mpp_divis_vector(a, vec, size, which) */
 
 /*
@@ -269,22 +267,16 @@ mpp_fermat_list(mp_int *a, const mp_digi
   test on a.  Returns MP_YES if the tests pass, MP_NO if one fails.
   If MP_NO is returned, the number is definitely composite.  If MP_YES
   is returned, it is probably prime (but that is not guaranteed).
  */
 
 mp_err
 mpp_pprime(mp_int *a, int nt)
 {
-    return mpp_pprime_ext_random(a, nt, mpp_random_insecure);
-}
-
-mp_err
-mpp_pprime_ext_random(mp_int *a, int nt, mpp_random_fn random)
-{
     mp_err res;
     mp_int x, amo, m, z; /* "amo" = "a minus one" */
     int iter;
     unsigned int jx;
     mp_size b;
 
     ARGCHK(a != NULL, MP_BADARG);
 
@@ -309,17 +301,17 @@ mpp_pprime_ext_random(mp_int *a, int nt,
     MP_CHECKOK(mp_init(&m));
     MP_CHECKOK(mp_div_2d(&amo, b, &m, 0));
 
     /* Do the test nt times... */
     for (iter = 0; iter < nt; iter++) {
 
         /* Choose a random value for 1 < x < a      */
         MP_CHECKOK(s_mp_pad(&x, USED(a)));
-        MP_CHECKOK((*random)(&x));
+        mpp_random(&x);
         MP_CHECKOK(mp_mod(&x, a, &x));
         if (mp_cmp_d(&x, 1) <= 0) {
             iter--;   /* don't count this iteration */
             continue; /* choose a new x */
         }
 
         /* Compute z = (x ** m) mod a               */
         MP_CHECKOK(mp_exptmod(&x, &m, a, &z));
@@ -407,22 +399,16 @@ mpp_sieve(mp_int *trial, const mp_digit 
     return MP_OKAY;
 }
 
 #define SIEVE_SIZE 32 * 1024
 
 mp_err
 mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong)
 {
-    return mpp_make_prime_ext_random(start, nBits, strong, mpp_random_insecure);
-}
-
-mp_err
-mpp_make_prime_ext_random(mp_int *start, mp_size nBits, mp_size strong, mpp_random_fn random)
-{
     mp_digit np;
     mp_err res;
     unsigned int i = 0;
     mp_int trial;
     mp_int q;
     mp_size num_tests;
     unsigned char *sieve;
 
@@ -499,17 +485,17 @@ mpp_make_prime_ext_random(mp_int *start,
         if (res != MP_OKAY) {
             if (res == MP_NO)
                 continue; /* was composite */
             goto CLEANUP;
         }
 
         FPUTC('+', stderr);
         /* If that passed, run some Miller-Rabin tests  */
-        res = mpp_pprime_ext_random(&trial, num_tests, random);
+        res = mpp_pprime(&trial, num_tests);
         if (res != MP_OKAY) {
             if (res == MP_NO)
                 continue; /* was composite */
             goto CLEANUP;
         }
         FPUTC('!', stderr);
 
         if (!strong)
@@ -537,17 +523,17 @@ mpp_make_prime_ext_random(mp_int *start,
         if (res != MP_YES) {
             mp_clear(&q);
             if (res == MP_NO)
                 continue; /* was composite */
             goto CLEANUP;
         }
 
         /* And test with Miller-Rabin, as with its parent ... */
-        res = mpp_pprime_ext_random(&q, num_tests, random);
+        res = mpp_pprime(&q, num_tests);
         if (res != MP_YES) {
             mp_clear(&q);
             if (res == MP_NO)
                 continue; /* was composite */
             goto CLEANUP;
         }
 
         /* If it passed, we've got a winner */
--- a/lib/freebl/mpi/mpprime.h
+++ b/lib/freebl/mpi/mpprime.h
@@ -21,28 +21,21 @@ extern const mp_digit prime_tab[];
 /* Tests for divisibility    */
 mp_err mpp_divis(mp_int *a, mp_int *b);
 mp_err mpp_divis_d(mp_int *a, mp_digit d);
 
 /* Random selection          */
 mp_err mpp_random(mp_int *a);
 mp_err mpp_random_size(mp_int *a, mp_size prec);
 
-/* Type for a pointer to a user-provided mpp_random implementation */
-typedef mp_err (*mpp_random_fn)(mp_int *);
-
 /* Pseudo-primality testing  */
 mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which);
 mp_err mpp_divis_primes(mp_int *a, mp_digit *np);
 mp_err mpp_fermat(mp_int *a, mp_digit w);
 mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes);
 mp_err mpp_pprime(mp_int *a, int nt);
 mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
                  unsigned char *sieve, mp_size nSieve);
 mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong);
 
-/* Pseudo-primality tests using a user-provided mpp_random implementation */
-mp_err mpp_pprime_ext_random(mp_int *a, int nt, mpp_random_fn random);
-mp_err mpp_make_prime_ext_random(mp_int *start, mp_size nBits, mp_size strong, mpp_random_fn random);
-
 SEC_END_PROTOS
 
 #endif /* end _H_MP_PRIME_ */
--- a/lib/freebl/pqg.c
+++ b/lib/freebl/pqg.c
@@ -1427,17 +1427,17 @@ step_5:
     /* ******************************************************************
     ** Step 8. (Step 4 in 186-1)
     ** "Use a robust primality testing algorithm to test whether q is prime."
     **
     ** Appendix 2.1 states that a Rabin test with at least 50 iterations
     ** "will give an acceptable probability of error."
     */
     /*CHECK_SEC_OK( prm_RabinTest(&Q, &passed) );*/
-    err = mpp_pprime_secure(&Q, prime_testcount_q(L, N));
+    err = mpp_pprime(&Q, prime_testcount_q(L, N));
     passed = (err == MP_YES) ? SECSuccess : SECFailure;
     /* ******************************************************************
     ** Step 9. (Step 5 in 186-1) "If q is not prime, goto step 5 (1 in 186-1)."
     */
     if (passed != SECSuccess)
         goto step_5;
     /* ******************************************************************
     ** Step 10.
@@ -1480,17 +1480,17 @@ step_5:
         CHECK_MPI_OK(mpl_set_bit(&l, (mp_size)(L - 1), 1)); /* l = 2**(L-1) */
         if (mp_cmp(&P, &l) < 0)
             goto step_11_9;
         /************************************************************
     ** Step 11.7 (step 11 in 186-1)
     ** "Perform a robust primality test on p."
     */
         /*CHECK_SEC_OK( prm_RabinTest(&P, &passed) );*/
-        err = mpp_pprime_secure(&P, prime_testcount_p(L, N));
+        err = mpp_pprime(&P, prime_testcount_p(L, N));
         passed = (err == MP_YES) ? SECSuccess : SECFailure;
         /* ******************************************************************
     ** Step 11.8. "If p is determined to be primed return VALID
         ** values of p, q, seed and counter."
     */
         if (passed == SECSuccess)
             break;
     step_11_9:
@@ -1708,19 +1708,19 @@ PQG_VerifyParams(const PQGParams *params
     /* 3.  G < P */
     if (params->base.len != 0) {
         CHECKPARAM(mp_cmp(&G, &P) < 0);
     }
     /* 4.  P % Q == 1 */
     CHECK_MPI_OK(mp_mod(&P, &Q, &r));
     CHECKPARAM(mp_cmp_d(&r, 1) == 0);
     /* 5.  Q is prime */
-    CHECKPARAM(mpp_pprime_secure(&Q, prime_testcount_q(L, N)) == MP_YES);
+    CHECKPARAM(mpp_pprime(&Q, prime_testcount_q(L, N)) == MP_YES);
     /* 6.  P is prime */
-    CHECKPARAM(mpp_pprime_secure(&P, prime_testcount_p(L, N)) == MP_YES);
+    CHECKPARAM(mpp_pprime(&P, prime_testcount_p(L, N)) == MP_YES);
     /* Steps 7-12 are done only if the optional PQGVerify is supplied. */
     /* continue processing P */
     /* 7.  counter < 4*L */
     /* 8.  g >= N and g < 2*L   (g is length of seed in bits) */
     /* step 7 and 8 are delayed until we determine which type of generation
      * was used */
     /* 9.  Q generated from SEED matches Q in PQGParams. */
     /* This function checks all possible hash and generation types to
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -203,17 +203,17 @@ generate_prime(mp_int *prime, int primeL
         PORT_SetError(SEC_ERROR_NO_MEMORY);
         goto cleanup;
     }
     for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) {
         CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(pb, primeLen));
         pb[0] |= 0xC0;            /* set two high-order bits */
         pb[primeLen - 1] |= 0x01; /* set low-order bit       */
         CHECK_MPI_OK(mp_read_unsigned_octets(prime, pb, primeLen));
-        err = mpp_make_prime_secure(prime, primeLen * 8, PR_FALSE);
+        err = mpp_make_prime(prime, primeLen * 8, PR_FALSE);
         if (err != MP_NO)
             goto cleanup;
         /* keep going while err == MP_NO */
     }
 cleanup:
     if (pb)
         PORT_ZFree(pb, primeLen);
     if (err) {
@@ -386,17 +386,17 @@ rsa_is_prime(mp_int *p)
 
     /* run a Fermat test */
     res = mpp_fermat(p, 2);
     if (res != MP_OKAY) {
         return res;
     }
 
     /* If that passed, run some Miller-Rabin tests */
-    res = mpp_pprime_secure(p, 2);
+    res = mpp_pprime(p, 2);
     return res;
 }
 
 /*
  * Factorize a RSA modulus n into p and q by using the exponents e and d.
  *
  * In: e, d, n
  * Out: p, q
deleted file mode 100644
--- a/lib/freebl/secmpi.c
+++ /dev/null
@@ -1,28 +0,0 @@
-#include "blapi.h"
-
-#include "mpi.h"
-#include "mpprime.h"
-
-mp_err
-mpp_random_secure(mp_int *a)
-{
-    SECStatus rv;
-    rv = RNG_GenerateGlobalRandomBytes((unsigned char *)MP_DIGITS(a), MP_USED(a) * sizeof(mp_digit));
-    if (rv != SECSuccess) {
-        return MP_UNDEF;
-    }
-    MP_SIGN(a) = MP_ZPOS;
-    return MP_OKAY;
-}
-
-mp_err
-mpp_pprime_secure(mp_int *a, int nt)
-{
-    return mpp_pprime_ext_random(a, nt, &mpp_random_secure);
-}
-
-mp_err
-mpp_make_prime_secure(mp_int *start, mp_size nBits, mp_size strong)
-{
-    return mpp_make_prime_ext_random(start, nBits, strong, &mpp_random_secure);
-}
--- a/lib/freebl/secmpi.h
+++ b/lib/freebl/secmpi.h
@@ -47,17 +47,8 @@
             break;                                    \
         case MP_BADARG:                               \
             PORT_SetError(SEC_ERROR_INVALID_ARGS);    \
             break;                                    \
         default:                                      \
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); \
             break;                                    \
     }
-
-/* Fill the `used` digits of an mp_int with random bits */
-mp_err mpp_random_secure(mp_int *a);
-
-/* Pseudo-primality testing using `mpp_random_secure` to choose Miller-Rabin base */
-mp_err mpp_pprime_secure(mp_int *a, int nt);
-
-/* Variant of `mpp_make_prime` using `mpp_random_secure` to choose Miller-Rabin base */
-mp_err mpp_make_prime_secure(mp_int *start, mp_size nBits, mp_size strong);