diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2005-05-21 21:35:24 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2005-05-21 21:35:24 +0000 |
| commit | 23a2a0b005a8f476ea62a1900128248216dea1a5 (patch) | |
| tree | d4a55b63669968e3bd358070d439dcf7709be497 | |
| parent | 72f019fa51ff1abd77452c7fa402968c1bd8d03b (diff) | |
| download | nss-hg-23a2a0b005a8f476ea62a1900128248216dea1a5.tar.gz | |
Allow DSA signature output buffer to exceed required length.
Bug 191470. r=nelson. Patch by rrelyea@redhat.com.
| -rw-r--r-- | security/nss/lib/freebl/dsa.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c index fe710cb64..85ceb2e51 100644 --- a/security/nss/lib/freebl/dsa.c +++ b/security/nss/lib/freebl/dsa.c @@ -188,11 +188,12 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest, /* FIPS-compliance dictates that digest is a SHA1 hash. */ /* Check args. */ if (!key || !signature || !digest || - (signature->len != DSA_SIGNATURE_LEN) || + (signature->len < DSA_SIGNATURE_LEN) || (digest->len != SHA1_LENGTH)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } + /* Initialize MPI integers. */ MP_DIGITS(&p) = 0; MP_DIGITS(&q) = 0; @@ -253,6 +254,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest, DSA_SUBPRIME_LEN); if (err < 0) goto cleanup; err = MP_OKAY; + signature->len = DSA_SIGNATURE_LEN; cleanup: mp_clear(&p); mp_clear(&q); |