From d17f7d2fdf7f7c7e9822c1440d19f99abb8c42ef Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 7 Aug 2013 16:17:58 +0200
Subject: [PATCH] nss: Update to 3.15.1

---
 pkgs/development/libraries/nss/default.nix    |  59 ++-
 .../libraries/nss/nix_secload_fixup.patch     |  40 +-
 ...-r1.patch => nss-3.15-gentoo-fixups.patch} |  59 ++-
 ...ync-up-with-upstream-softokn-changes.patch | 406 ------------------
 4 files changed, 73 insertions(+), 491 deletions(-)
 rename pkgs/development/libraries/nss/{nss-3.14.1-gentoo-fixups-r1.patch => nss-3.15-gentoo-fixups.patch} (70%)
 delete mode 100644 pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch

diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix
index d38fc19f40e1..de980d718f33 100644
--- a/pkgs/development/libraries/nss/default.nix
+++ b/pkgs/development/libraries/nss/default.nix
@@ -1,68 +1,58 @@
-{ stdenv, fetchurl, fetchgit, nspr, perl, zlib, sqlite
+{ stdenv, fetchurl, nspr, perl, zlib, sqlite
 , includeTools ? false
 }:
 
 let
 
-  nssPEM = fetchgit {
-    url = "git://git.fedorahosted.org/git/nss-pem.git";
-    rev = "07a683505d4a0a1113c4085c1ce117425d0afd80";
-    sha256 = "e4a9396d90e50e8b3cceff45f312eda9aaf356423f4eddd354a0e1afbbfd4cf8";
+  nssPEM = fetchurl {
+    url = http://dev.gentoo.org/~anarchy/patches/nss-3.15-pem-support-20130617.patch.xz;
+    sha256 = "1k1m8lsgqwxx251943hks1dd13hz1adpqqb0hxwn011by5vmi201";
   };
 
   secLoadPatch = fetchurl {
     name = "security_load.patch";
-    urls = [
-      # "http://patch-tracker.debian.org/patch/series/dl/nss/2:3.13.6-1/85_security_load.patch"
-      # "http://anonscm.debian.org/gitweb/?p=pkg-mozilla/nss.git;a=blob_plain;f=debian/patches/85_security_load.patch;hb=HEAD"
-      "http://www.parsix.org/export/7797/pkg/security/raul/main/nss/trunk/debian/patches/85_security_load.patch"
-    ];
-    sha256 = "8a8d0ae4ebbd7c389973fa5d26d8bc5f473046c6cb1d8283cb9a3c1f4c565c47";
+    urls = http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.1-1/85_security_load.patch;
+    sha256 = "041c6v4cxwsy14qr5m9qs0gkv3w24g632cwpz27kacxpa886r1ds";
   };
 
 in stdenv.mkDerivation rec {
   name = "nss-${version}";
-  version = "3.14.3";
+  version = "3.15.1";
 
   src = fetchurl {
-    url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_3_RTM/src/${name}.tar.gz";
-    sha1 = "94d8781d1fa29cfbd37453dda3e9488709b82c4c";
+    url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/${name}.tar.gz";
+    sha1 = "1aa7c0ff8af7fb2c8b6e4886ae2291f4bfe0d5c0";
   };
 
   buildInputs = [ nspr perl zlib sqlite ];
 
-  postUnpack = ''
-    cp -rdv "${nssPEM}/mozilla/security/nss/lib/ckfw/pem" \
-            "$sourceRoot/mozilla/security/nss/lib/ckfw/"
-    chmod -R u+w "$sourceRoot/mozilla/security/nss/lib/ckfw/pem"
+  prePatch = ''
+    xz -d < ${nssPEM} | patch -p1
   '';
 
-  patches = [
-    ./nss-3.14.1-gentoo-fixups-r1.patch
-    secLoadPatch
-    ./nix_secload_fixup.patch
-    ./sync-up-with-upstream-softokn-changes.patch
-  ];
+  patches =
+    [ ./nss-3.15-gentoo-fixups.patch
+      secLoadPatch
+      ./nix_secload_fixup.patch
+    ];
 
   postPatch = ''
-    sed -i -e 's/^DIRS.*$/& pem/' mozilla/security/nss/lib/ckfw/manifest.mn
-
-    # Fix up the patch from Gentoo
+    # Fix up the patch from Gentoo.
     sed -i \
       -e "/^PREFIX =/s|= /usr|= $out|" \
       -e '/@libdir@/s|gentoo/nss|lib|' \
       -e '/ln -sf/d' \
-      mozilla/security/nss/config/Makefile
+      nss/config/Makefile
 
     # Note for spacing/tab nazis: The TAB characters are intentional!
-    cat >> mozilla/security/nss/config/Makefile <<INSTALL_TARGET
+    cat >> nss/config/Makefile <<INSTALL_TARGET
     install:
     	mkdir -p \$(DIST)/lib/pkgconfig
     	cp nss.pc \$(DIST)/lib/pkgconfig
     INSTALL_TARGET
   '';
 
-  preConfigure = "cd mozilla/security/nss";
+  preConfigure = "cd nss";
 
   makeFlags = [
     "NSPR_INCLUDE_DIR=${nspr}/include/nspr"
@@ -74,8 +64,6 @@ in stdenv.mkDerivation rec {
     "NSS_USE_SYSTEM_SQLITE=1"
   ] ++ stdenv.lib.optional stdenv.is64bit "USE_64=1";
 
-  buildFlags = [ "build_coreconf" "build_dbm" "all" ];
-
   postInstall = ''
     rm -rf $out/private
     mv $out/public $out/include
@@ -83,6 +71,8 @@ in stdenv.mkDerivation rec {
     rmdir $out/*.OBJ
 
     cp -av config/nss-config $out/bin/nss-config
+
+    ln -s lib $out/lib64
   '';
 
   postFixup = ''
@@ -94,4 +84,9 @@ in stdenv.mkDerivation rec {
   '' + stdenv.lib.optionalString (!includeTools) ''
     find $out/bin -type f \( -name nss-config -o -delete \)
   '';
+
+  meta = {
+    homepage = https://developer.mozilla.org/en-US/docs/NSS;
+    description = "A set of libraries for development of security-enabled client and server applications";
+  };
 }
diff --git a/pkgs/development/libraries/nss/nix_secload_fixup.patch b/pkgs/development/libraries/nss/nix_secload_fixup.patch
index 960fe0ef7a75..89c82f1b87d4 100644
--- a/pkgs/development/libraries/nss/nix_secload_fixup.patch
+++ b/pkgs/development/libraries/nss/nix_secload_fixup.patch
@@ -1,18 +1,7 @@
-diff --git a/mozilla/security/coreconf/config.mk b/mozilla/security/coreconf/config.mk
-index 72557c6..bdcbf88 100644
---- a/mozilla/security/coreconf/config.mk
-+++ b/mozilla/security/coreconf/config.mk
-@@ -207,3 +207,5 @@ endif
- DEFINES += -DUSE_UTIL_DIRECTLY
- USE_UTIL_DIRECTLY = 1
- 
-+# nix specific stuff:
-+DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\"
-diff --git a/mozilla/security/nss/cmd/shlibsign/shlibsign.c b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
-index 5ce626e..e1e8039 100644
---- a/mozilla/security/nss/cmd/shlibsign/shlibsign.c
-+++ b/mozilla/security/nss/cmd/shlibsign/shlibsign.c
-@@ -770,7 +770,7 @@ int main(int argc, char **argv)
+diff -ru -x '*~' nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c nss-3.15.1/nss/cmd/shlibsign/shlibsign.c
+--- nss-3.15.1-orig/nss/cmd/shlibsign/shlibsign.c	2013-08-07 16:03:40.013256377 +0200
++++ nss-3.15.1/nss/cmd/shlibsign/shlibsign.c	2013-08-07 16:04:21.128410153 +0200
+@@ -853,7 +853,7 @@
      assert(libname != NULL);
      lib = PR_LoadLibrary(libname);
      if (!lib)
@@ -21,11 +10,20 @@ index 5ce626e..e1e8039 100644
      assert(lib != NULL);
      PR_FreeLibraryName(libname);
  
-diff --git a/mozilla/security/nss/lib/util/secload.c b/mozilla/security/nss/lib/util/secload.c
-index 7d6fc22..0b7759b 100644
---- a/mozilla/security/nss/lib/util/secload.c
-+++ b/mozilla/security/nss/lib/util/secload.c
-@@ -105,9 +105,9 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
+diff -ru -x '*~' nss-3.15.1-orig/nss/coreconf/config.mk nss-3.15.1/nss/coreconf/config.mk
+--- nss-3.15.1-orig/nss/coreconf/config.mk	2013-06-27 19:58:08.000000000 +0200
++++ nss-3.15.1/nss/coreconf/config.mk	2013-08-07 16:11:27.364608802 +0200
+@@ -181,3 +181,6 @@
+ 
+ # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
+ DEFINES += -DNO_NSPR_10_SUPPORT
++
++# Nix specific stuff.
++DEFINES += -DNIX_NSS_LIBDIR=\"$(out)/lib/\"
+diff -ru -x '*~' nss-3.15.1-orig/nss/lib/util/secload.c nss-3.15.1/nss/lib/util/secload.c
+--- nss-3.15.1-orig/nss/lib/util/secload.c	2013-08-07 16:03:40.014256381 +0200
++++ nss-3.15.1/nss/lib/util/secload.c	2013-08-07 16:05:02.453563064 +0200
+@@ -70,9 +70,9 @@
      /* Remove the trailing filename from referencePath and add the new one */
      c = strrchr(referencePath, PR_GetDirectorySeparator());
      if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
@@ -38,7 +36,7 @@ index 7d6fc22..0b7759b 100644
      }
      if (c) {
          size_t referencePathSize = 1 + c - referencePath;
-@@ -125,8 +125,7 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
+@@ -90,8 +90,7 @@
                  (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
                  memcpy(fullName + referencePathSize -4, "lib", 3);
              }
diff --git a/pkgs/development/libraries/nss/nss-3.14.1-gentoo-fixups-r1.patch b/pkgs/development/libraries/nss/nss-3.15-gentoo-fixups.patch
similarity index 70%
rename from pkgs/development/libraries/nss/nss-3.14.1-gentoo-fixups-r1.patch
rename to pkgs/development/libraries/nss/nss-3.15-gentoo-fixups.patch
index bc3a98ec1438..b3e35b1d2d19 100644
--- a/pkgs/development/libraries/nss/nss-3.14.1-gentoo-fixups-r1.patch
+++ b/pkgs/development/libraries/nss/nss-3.15-gentoo-fixups.patch
@@ -1,9 +1,8 @@
-diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/Makefile
---- a/mozilla/security/nss/config/Makefile	1969-12-31 18:00:00.000000000 -0600
-+++ b/mozilla/security/nss/config/Makefile	2012-12-15 07:27:20.650148987 -0600
+--- a/nss/config/Makefile
++++ b/nss/config/Makefile
 @@ -0,0 +1,40 @@
-+CORE_DEPTH = ../..
-+DEPTH      = ../..
++CORE_DEPTH = ..
++DEPTH      = ..
 +
 +include $(CORE_DEPTH)/coreconf/config.mk
 +
@@ -19,14 +18,14 @@ diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/M
 +	mkdir -p $(DIST)/lib/pkgconfig
 +	sed -e "s,@prefix@,$(PREFIX)," \
 +	    -e "s,@exec_prefix@,\$${prefix}," \
-+	    -e "s,@libdir@,\$${prefix}/gentoo/nss," \
++	    -e "s,@libdir@,\$${prefix}/lib64," \
 +	    -e "s,@includedir@,\$${prefix}/include/nss," \
 +	    -e "s,@NSS_MAJOR_VERSION@,$(NSS_MAJOR_VERSION),g" \
 +	    -e "s,@NSS_MINOR_VERSION@,$(NSS_MINOR_VERSION)," \
 +	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
 +	    nss.pc.in > nss.pc
 +	chmod 0644 nss.pc
-+	ln -sf ../../../../../security/nss/config/nss.pc $(DIST)/lib/pkgconfig
++	ln -sf ../../../../config/nss.pc $(DIST)/lib/pkgconfig
 +
 +	# Create the nss-config script
 +	mkdir -p $(DIST)/bin
@@ -36,15 +35,14 @@ diff -urN a/mozilla/security/nss/config/Makefile b/mozilla/security/nss/config/M
 +	    -e "s,@NSS_PATCH_VERSION@,$(NSS_PATCH_VERSION)," \
 +	    nss-config.in > nss-config
 +	chmod 0755 nss-config
-+	ln -sf ../../../../security/nss/config/nss-config $(DIST)/bin
++	ln -sf ../../../config/nss-config $(DIST)/bin
 +
 +libs:
 +
 +dummy: all export libs
 +
-diff -urN a/mozilla/security/nss/config/nss-config.in b/mozilla/security/nss/config/nss-config.in
---- a/mozilla/security/nss/config/nss-config.in	1969-12-31 18:00:00.000000000 -0600
-+++ b/mozilla/security/nss/config/nss-config.in	2012-12-15 07:27:20.651148959 -0600
+--- a/nss/config/nss-config.in
++++ b/nss/config/nss-config.in
 @@ -0,0 +1,145 @@
 +#!/bin/sh
 +
@@ -191,9 +189,8 @@ diff -urN a/mozilla/security/nss/config/nss-config.in b/mozilla/security/nss/con
 +      echo $libdirs
 +fi      
 +
-diff -urN a/mozilla/security/nss/config/nss.pc.in b/mozilla/security/nss/config/nss.pc.in
---- a/mozilla/security/nss/config/nss.pc.in	1969-12-31 18:00:00.000000000 -0600
-+++ b/mozilla/security/nss/config/nss.pc.in	2012-12-15 07:27:20.651148959 -0600
+--- a/nss/config/nss.pc.in
++++ b/nss/config/nss.pc.in
 @@ -0,0 +1,12 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@@ -207,37 +204,35 @@ diff -urN a/mozilla/security/nss/config/nss.pc.in b/mozilla/security/nss/config/
 +Libs: -lssl3 -lsmime3 -lnss3 -lnssutil3
 +Cflags: -I${includedir}
 +
-diff -urN a/mozilla/security/nss/Makefile b/mozilla/security/nss/Makefile
---- a/mozilla/security/nss/Makefile	2012-11-13 19:14:07.000000000 -0600
-+++ b/mozilla/security/nss/Makefile	2012-12-15 07:27:57.235162137 -0600
+--- a/nss/Makefile
++++ b/nss/Makefile
 @@ -44,7 +44,7 @@
  # (7) Execute "local" rules. (OPTIONAL).                              #
  #######################################################################
  
--nss_build_all: build_coreconf build_nspr build_dbm all
-+nss_build_all: build_coreconf build_dbm all
+-nss_build_all: build_nspr all
++nss_build_all: all
  
- nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
+ nss_clean_all: clobber_nspr clobber
  
-@@ -106,12 +106,6 @@
+@@ -103,12 +103,6 @@
  	--with-dist-prefix='$(NSPR_PREFIX)' \
  	--with-dist-includedir='$(NSPR_PREFIX)/include'
  
 -build_nspr: $(NSPR_CONFIG_STATUS)
--	$(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)
+-	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
 -
 -clobber_nspr: $(NSPR_CONFIG_STATUS)
--	$(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) clobber
+-	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
 -
- build_dbm:
- ifdef NSS_DISABLE_DBM
- 	@echo "skipping the build of DBM"
-diff -urN a/mozilla/security/nss/manifest.mn b/mozilla/security/nss/manifest.mn
---- a/mozilla/security/nss/manifest.mn	2012-03-20 09:46:49.000000000 -0500
-+++ b/mozilla/security/nss/manifest.mn	2012-12-15 07:27:20.652148933 -0600
-@@ -10,6 +10,6 @@
+ build_docs:
+ 	$(MAKE) -C $(CORE_DEPTH)/doc
+ 
+--- a/nss/manifest.mn
++++ b/nss/manifest.mn
+@@ -10,4 +10,4 @@
  
  RELEASE = nss
  
--DIRS = lib cmd
-+DIRS = lib cmd config
+-DIRS = coreconf lib cmd
++DIRS = coreconf lib cmd config
diff --git a/pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch b/pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch
deleted file mode 100644
index 4942debcd302..000000000000
--- a/pkgs/development/libraries/nss/sync-up-with-upstream-softokn-changes.patch
+++ /dev/null
@@ -1,406 +0,0 @@
-From d6dbecfea317a468be12423595e584f43d84d8ec Mon Sep 17 00:00:00 2001
-From: Elio Maldonado <emaldona@redhat.com>
-Date: Sat, 9 Feb 2013 17:11:00 -0500
-Subject: [PATCH] Sync up with upstream softokn changes
-
-- Disable RSA OEP case in FormatBlock, RSA_OAEP support is experimental and in a state of flux
-- Numerous change upstream due to the work for TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
-- It now compiles with the NSS_3_14_3_BETA1 source
----
- mozilla/security/nss/lib/ckfw/pem/rsawrapr.c |  338 +++++++-------------------
- 1 files changed, 82 insertions(+), 256 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
-index 5ac4f39..3780d30 100644
---- a/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
-+++ b/mozilla/security/nss/lib/ckfw/pem/rsawrapr.c
-@@ -46,6 +46,7 @@
- #include "sechash.h"
- #include "base.h"
- 
-+#include "lowkeyi.h"
- #include "secerr.h"
- 
- #define RSA_BLOCK_MIN_PAD_LEN		8
-@@ -54,9 +55,8 @@
- #define RSA_BLOCK_PRIVATE_PAD_OCTET	0xff
- #define RSA_BLOCK_AFTER_PAD_OCTET	0x00
- 
--#define OAEP_SALT_LEN		8
--#define OAEP_PAD_LEN		8
--#define OAEP_PAD_OCTET		0x00
-+/* Needed for RSA-PSS functions */
-+static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
- 
- #define FLAT_BUFSIZE 512        /* bytes to hold flattened SHA1Context. */
- 
-@@ -78,127 +78,39 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
-     return 0;
- }
- 
--static SHA1Context *SHA1_CloneContext(SHA1Context * original)
--{
--    SHA1Context *clone = NULL;
--    unsigned char *pBuf;
--    int sha1ContextSize = SHA1_FlattenSize(original);
--    SECStatus frv;
--    unsigned char buf[FLAT_BUFSIZE];
--
--    PORT_Assert(sizeof buf >= sha1ContextSize);
--    if (sizeof buf >= sha1ContextSize) {
--        pBuf = buf;
--    } else {
--        pBuf = nss_ZAlloc(NULL, sha1ContextSize);
--        if (!pBuf)
--            goto done;
--    }
--
--    frv = SHA1_Flatten(original, pBuf);
--    if (frv == SECSuccess) {
--        clone = SHA1_Resurrect(pBuf, NULL);
--        memset(pBuf, 0, sha1ContextSize);
--    }
--  done:
--    if (pBuf != buf)
--        nss_ZFreeIf(pBuf);
--    return clone;
-+/* Constant time comparison of a single byte.
-+ * Returns 1 iff a == b, otherwise returns 0.
-+ * Note: For ranges of bytes, use constantTimeCompare.
-+ */
-+static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) {
-+    unsigned char c = ~(a - b | b - a);
-+    c >>= 7;
-+    return c;
- }
- 
--/*
-- * Modify data by XORing it with a special hash of salt.
-+/* Constant time comparison of a range of bytes.
-+ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise
-+ * returns 0.
-  */
--static SECStatus
--oaep_xor_with_h1(unsigned char *data, unsigned int datalen,
--                 unsigned char *salt, unsigned int saltlen)
--{
--    SHA1Context *sha1cx;
--    unsigned char *dp, *dataend;
--    unsigned char end_octet;
--
--    sha1cx = SHA1_NewContext();
--    if (sha1cx == NULL) {
--        return SECFailure;
--    }
--
--    /*
--     * Get a hash of salt started; we will use it several times,
--     * adding in a different end octet (x00, x01, x02, ...).
--     */
--    SHA1_Begin(sha1cx);
--    SHA1_Update(sha1cx, salt, saltlen);
--    end_octet = 0;
--
--    dp = data;
--    dataend = data + datalen;
--
--    while (dp < dataend) {
--        SHA1Context *sha1cx_h1;
--        unsigned int sha1len, sha1off;
--        unsigned char sha1[SHA1_LENGTH];
--
--        /*
--         * Create hash of (salt || end_octet)
--         */
--        sha1cx_h1 = SHA1_CloneContext(sha1cx);
--        SHA1_Update(sha1cx_h1, &end_octet, 1);
--        SHA1_End(sha1cx_h1, sha1, &sha1len, sizeof(sha1));
--        SHA1_DestroyContext(sha1cx_h1, PR_TRUE);
--        PORT_Assert(sha1len == SHA1_LENGTH);
--
--        /*
--         * XOR that hash with the data.
--         * When we have fewer than SHA1_LENGTH octets of data
--         * left to xor, use just the low-order ones of the hash.
--         */
--        sha1off = 0;
--        if ((dataend - dp) < SHA1_LENGTH)
--            sha1off = SHA1_LENGTH - (dataend - dp);
--        while (sha1off < SHA1_LENGTH)
--            *dp++ ^= sha1[sha1off++];
--
--        /*
--         * Bump for next hash chunk.
--         */
--        end_octet++;
--    }
--
--    SHA1_DestroyContext(sha1cx, PR_TRUE);
--    return SECSuccess;
-+static unsigned char constantTimeCompare(const unsigned char *a,
-+                                         const unsigned char *b,
-+                                         unsigned int len) {
-+    unsigned char tmp = 0;
-+    unsigned int i;
-+    for (i = 0; i < len; ++i, ++a, ++b)
-+        tmp |= *a ^ *b;
-+    return constantTimeEQ8(0x00, tmp);
- }
- 
--/*
-- * Modify salt by XORing it with a special hash of data.
-+/* Constant time conditional.
-+ * Returns a if c is 1, or b if c is 0. The result is undefined if c is
-+ * not 0 or 1.
-  */
--static SECStatus
--oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen,
--                 unsigned char *data, unsigned int datalen)
-+static unsigned int constantTimeCondition(unsigned int c,
-+                                          unsigned int a,
-+                                          unsigned int b)
- {
--    unsigned char sha1[SHA1_LENGTH];
--    unsigned char *psalt, *psha1, *saltend;
--    SECStatus rv;
--
--    /*
--     * Create a hash of data.
--     */
--    rv = SHA1_HashBuf(sha1, data, datalen);
--    if (rv != SECSuccess) {
--        return rv;
--    }
--
--    /*
--     * XOR the low-order octets of that hash with salt.
--     */
--    PORT_Assert(saltlen <= SHA1_LENGTH);
--    saltend = salt + saltlen;
--    psalt = salt;
--    psha1 = sha1 + SHA1_LENGTH - saltlen;
--    while (psalt < saltend) {
--        *psalt++ ^= *psha1++;
--    }
--
--    return SECSuccess;
-+    return (~(c - 1) & a) | ((c - 1) & b);
- }
- 
- /*
-@@ -212,7 +124,7 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
-     unsigned char *block;
-     unsigned char *bp;
-     int padLen;
--    int i;
-+    int i, j;
-     SECStatus rv;
- 
-     block = (unsigned char *) nss_ZAlloc(NULL, modulusLen);
-@@ -260,124 +172,58 @@ static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
-          */
-     case RSA_BlockPublic:
- 
--        /*
--         * 0x00 || BT || Pad || 0x00 || ActualData
--         *   1      1   padLen    1      data->len
--         * Pad is all non-zero random bytes.
--         */
--        padLen = modulusLen - data->len - 3;
--        PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
--        if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
--            nss_ZFreeIf(block);
--            return NULL;
--        }
--        for (i = 0; i < padLen; i++) {
--            /* Pad with non-zero random data. */
--            do {
--                rv = RNG_GenerateGlobalRandomBytes(bp + i, 1);
--            } while (rv == SECSuccess
--                     && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
--            if (rv != SECSuccess) {
--                nss_ZFreeIf(block);
--                return NULL;
--            }
--        }
--        bp += padLen;
--        *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
--        nsslibc_memcpy(bp, data->data, data->len);
--
--        break;
--
--        /*
--         * Blocks intended for public-key operation, using
--         * Optimal Asymmetric Encryption Padding (OAEP).
--         */
--    case RSA_BlockOAEP:
--        /*
--         * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
--         *   1      1     OAEP_SALT_LEN     OAEP_PAD_LEN + data->len [+ N]
--         *
--         * where:
--         *   PaddedData is "Pad1 || ActualData [|| Pad2]"
--         *   Salt is random data.
--         *   Pad1 is all zeros.
--         *   Pad2, if present, is random data.
--         *   (The "modified" fields are all the same length as the original
--         * unmodified values; they are just xor'd with other values.)
--         *
--         *   Modified1 is an XOR of PaddedData with a special octet
--         * string constructed of iterated hashing of Salt (see below).
--         *   Modified2 is an XOR of Salt with the low-order octets of
--         * the hash of Modified1 (see farther below ;-).
--         *
--         * Whew!
--         */
--
--
--        /*
--         * Salt
--         */
--        rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
--        if (rv != SECSuccess) {
--            nss_ZFreeIf(block);
--            return NULL;
--        }
--        bp += OAEP_SALT_LEN;
--
--        /*
--         * Pad1
--         */
--        nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
--        bp += OAEP_PAD_LEN;
--
--        /*
--         * Data
--         */
--        nsslibc_memcpy(bp, data->data, data->len);
--        bp += data->len;
--
--        /*
--         * Pad2
--         */
--        if (bp < (block + modulusLen)) {
--            rv = RNG_GenerateGlobalRandomBytes(bp,
--                                               block - bp + modulusLen);
--            if (rv != SECSuccess) {
--                nss_ZFreeIf(block);
--                return NULL;
--            }
--        }
--
--        /*
--         * Now we have the following:
--         * 0x00 || BT || Salt || PaddedData
--         * (From this point on, "Pad1 || Data [|| Pad2]" is treated
--         * as the one entity PaddedData.)
--         *
--         * We need to turn PaddedData into Modified1.
--         */
--        if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
--                             modulusLen - 2 - OAEP_SALT_LEN,
--                             block + 2, OAEP_SALT_LEN) != SECSuccess) {
--            nss_ZFreeIf(block);
--            return NULL;
--        }
--
--        /*
--         * Now we have:
--         * 0x00 || BT || Salt || Modified1(PaddedData)
--         *
--         * The remaining task is to turn Salt into Modified2.
--         */
--        if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
--                             block + 2 + OAEP_SALT_LEN,
--                             modulusLen - 2 - OAEP_SALT_LEN) !=
--            SECSuccess) {
--            nss_ZFreeIf(block);
--            return NULL;
--        }
--
--        break;
-+	/*
-+	 * 0x00 || BT || Pad || 0x00 || ActualData
-+	 *   1      1   padLen    1      data->len
-+	 * Pad is all non-zero random bytes.
-+	 *
-+	 * Build the block left to right.
-+	 * Fill the entire block from Pad to the end with random bytes.
-+	 * Use the bytes after Pad as a supply of extra random bytes from 
-+	 * which to find replacements for the zero bytes in Pad.
-+	 * If we need more than that, refill the bytes after Pad with 
-+	 * new random bytes as necessary.
-+	 */
-+	padLen = modulusLen - (data->len + 3);
-+	PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
-+	if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
-+	    nss_ZFreeIf (block);
-+	    return NULL;
-+	}
-+	j = modulusLen - 2;
-+	rv = RNG_GenerateGlobalRandomBytes(bp, j);
-+	if (rv == SECSuccess) {
-+	    for (i = 0; i < padLen; ) {
-+		unsigned char repl;
-+		/* Pad with non-zero random data. */
-+		if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
-+		    ++i;
-+		    continue;
-+		}
-+		if (j <= padLen) {
-+		    rv = RNG_GenerateGlobalRandomBytes(bp + padLen,
-+					  modulusLen - (2 + padLen));
-+		    if (rv != SECSuccess)
-+		    	break;
-+		    j = modulusLen - 2;
-+		}
-+		do {
-+		    repl = bp[--j];
-+		} while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen);
-+		if (repl != RSA_BLOCK_AFTER_PAD_OCTET) {
-+		    bp[i++] = repl;
-+		}
-+	    }
-+	}
-+	if (rv != SECSuccess) {
-+	    /*sftk_fatalError = PR_TRUE;*/
-+	    nss_ZFreeIf (block);
-+	    return NULL;
-+	}
-+	bp += padLen;
-+	*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
-+	nsslibc_memcpy(bp, data->data, data->len);
-+	break;
- 
-     default:
-         PORT_Assert(0);
-@@ -427,26 +273,6 @@ rsa_FormatBlock(SECItem * result, unsigned modulusLen,
- 
-         break;
- 
--    case RSA_BlockOAEP:
--        /*
--         * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
--         *
--         * The "2" below is the first octet + the second octet.
--         * (The other fields do not contain the clear values, but are
--         * the same length as the clear values.)
--         */
--        PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN
--                                                + OAEP_PAD_LEN)));
--
--        result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
--        if (result->data == NULL) {
--            result->len = 0;
--            return SECFailure;
--        }
--        result->len = modulusLen;
--
--        break;
--
-     case RSA_BlockRaw:
-         /*
-          * Pad || ActualData
--- 
-1.7.1
-