diff options
author | mark%moxienet.com <devnull@localhost> | 2006-09-10 15:21:23 +0000 |
---|---|---|
committer | mark%moxienet.com <devnull@localhost> | 2006-09-10 15:21:23 +0000 |
commit | 0ffde2dcf9d496bc5e56cebbd49efb822d1e5773 (patch) | |
tree | 9b0b0323f1924ce9c5abd984fca1c499955d8be3 | |
parent | 08792d8fccd236ac5df22a45249f396b4d1ba93e (diff) | |
download | nss-hg-0ffde2dcf9d496bc5e56cebbd49efb822d1e5773.tar.gz |
Taking 351848 on CAMINO_1_0_3_MINIBRANCH, it was taken on MOZILLA_1_8_0_BRANCH for 1.8.0.7 after the minibranch split.CAMINO_1_0_3_RELEASE
-rw-r--r-- | security/nss/lib/cryptohi/secvfy.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index 60f48d13b..4d8c379ac 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -54,7 +54,8 @@ ** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION */ static SECStatus -DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, SECKEYPublicKey *key, +DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, + unsigned int *digestlen, SECKEYPublicKey *key, SECItem *sig, char *wincx) { SGNDigestInfo *di = NULL; @@ -96,6 +97,7 @@ DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, SECKEYPublicKey *key, } PORT_Memcpy(digest, di->digest.data, di->digest.len); *tagp = tag; + *digestlen = di->digest.len; goto done; sigloser: @@ -122,6 +124,7 @@ struct VFYContextStr { * in the RSA signature, or the full DSA signature (40 bytes). */ unsigned char digest[HASH_LENGTH_MAX]; + unsigned int digestlen; void * wincx; void *hashcx; const SECHashObject *hashobj; @@ -256,9 +259,11 @@ VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig, SECOidTag algid, cx->key = SECKEY_CopyPublicKey(key); /* extra safety precautions */ if (sig) { SECOidTag hashid = SEC_OID_UNKNOWN; - rv = DecryptSigBlock(&hashid, &cx->digest[0], + unsigned int digestlen = 0; + rv = DecryptSigBlock(&hashid, &cx->digest[0], &digestlen, cx->key, sig, (char*)wincx); cx->alg = hashid; + cx->digestlen = digestlen; } else { rv = decodeSigAlg(algid,&cx->alg); } @@ -403,14 +408,15 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig) case VFY_RSA: if (sig) { SECOidTag hashid = SEC_OID_UNKNOWN; - rv = DecryptSigBlock(&hashid, &cx->digest[0], + rv = DecryptSigBlock(&hashid, &cx->digest[0], &cx->digestlen, cx->key, sig, (char*)cx->wincx); if ((rv != SECSuccess) || (hashid != cx->alg)) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); return SECFailure; } } - if (PORT_Memcmp(final, cx->digest, part)) { + if ((part != cx->digestlen) || + PORT_Memcmp(final, cx->digest, part)) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); return SECFailure; } @@ -452,7 +458,8 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig, if (cx != NULL) { switch (key->keyType) { case rsaKey: - if (PORT_Memcmp(digest->data, cx->digest, digest->len)) { + if ((digest->len != cx->digestlen) || + PORT_Memcmp(digest->data, cx->digest, digest->len)) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); } else { rv = SECSuccess; |