Fix the RSA key check to correctly accept keys with p < q.

1 files changed, 3 insertions, 0 deletions

diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c
index 3151ebb87..e1d973fdb 100644
--- a/security/nss/lib/freebl/rsa.c
+++ b/security/nss/lib/freebl/rsa.c
@@ -759,11 +759,13 @@ swap_in_key_value(PRArenaPool *arena, mp_int *mpval, SECItem *buffer)
     if ((unsigned int)len <= buffer->len) {
 	/* The new value is no longer than the old buffer, so use it */
 	err = mp_to_unsigned_octets(mpval, buffer->data, len);
+	if (err >= 0) err = MP_OKAY;
 	buffer->len = len;
     } else if (arena) {
 	/* The new value is longer, but working within an arena */
 	(void)SECITEM_AllocItem(arena, buffer, len);
 	err = mp_to_unsigned_octets(mpval, buffer->data, len);
+	if (err >= 0) err = MP_OKAY;
     } else {
 	/* The new value is longer, no arena, can't handle this key */
 	return SECFailure;
@@ -810,6 +812,7 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key)
 	/* mind the p's and q's (and d_p's and d_q's) */
 	SECItem tmp;
 	mp_exch(&p, &q);
+	mp_exch(&d_p,&d_q);
 	tmp = key->prime1;
 	key->prime1 = key->prime2;
 	key->prime2 = tmp;