Fix DSA / BLAPI interface by creating stub functions that have the

correct signature for being called via context->update or context->verify.

2 files changed, 41 insertions, 9 deletions

diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c
index 6bd3fdc2e..6c2443e30 100644
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -290,6 +290,7 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
 {
     SECStatus rv;
     VFYContext *cx;
+    SECItem dsasig;
 
     rv = SECFailure;
 
@@ -305,7 +306,9 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
 	    break;
 	case fortezzaKey:
 	case dsaKey:
-	     if (PK11_Verify(cx->key,sig,digest,wincx) != SECSuccess) {
+	    dsasig.data = &cx->digest[0];
+	    dsasig.len = DSA_SIGNATURE_LEN; /* magic size of dsa signature */
+	    if (PK11_Verify(cx->key, &dsasig, digest, cx->wincx) != SECSuccess) {
 		PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
 	    } else {
 		rv = SECSuccess;
@@ -314,7 +317,6 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
 	default:
 	    break;
 	}
-
 	VFY_DestroyContext(cx, PR_TRUE);
     }
     return rv;
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 11ea8f459..9689982ba 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -1917,6 +1917,37 @@ pk11_HashSign(PK11HashSignInfo *info,unsigned char *sig,unsigned int *sigLen,
     return rv;
 }
 
+static SECStatus
+nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
+			    CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+{
+    SECItem signature, digest;
+
+    signature.data = pSignature;
+    signature.len = ulSignatureLen;
+    digest.data = pData;
+    digest.len = ulDataLen;
+    return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest);
+}
+
+static SECStatus
+nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature,
+			    CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen,
+			    CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+{
+    SECItem signature = { 0 }, digest;
+    SECStatus rv;
+
+    (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen);
+    digest.data = pData;
+    digest.len = ulDataLen;
+    rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest);
+    *ulSignatureLen = signature.len;
+    PORT_Memcpy(pSignature, signature.data, signature.len);
+    SECITEM_FreeItem(&signature, PR_FALSE);
+    return rv;
+}
+
 /* NSC_SignInit setups up the signing operations. There are three basic
  * types of signing:
  *	(1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
@@ -2059,9 +2090,9 @@ finish_rsa:
 	    crv = CKR_HOST_MEMORY;
 	    break;
 	}
-	context->cipherInfo = DSA_CreateSignContext(privKey);
-	context->update     = (PK11Cipher) DSA_SignDigest;
-	context->destroy    = (PK11Destroy) DSA_DestroySignContext;
+	context->cipherInfo = &(privKey->u.dsa);
+	context->update     = (PK11Cipher) nsc_DSA_Sign_Stub;
+	context->destroy    = pk11_Null;
 
         if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey);
 	break;
@@ -2465,9 +2496,9 @@ finish_rsa:
 	    crv = CKR_HOST_MEMORY;
 	    break;
 	}
-	context->cipherInfo = DSA_CreateVerifyContext(pubKey);
-	context->verify     = (PK11Verify) DSA_VerifyDigest;
-	context->destroy    = (PK11Destroy) DSA_DestroyVerifyContext;
+	context->cipherInfo = &(pubKey->u.dsa);
+	context->verify     = (PK11Verify) nsc_DSA_Verify_Stub;
+	context->destroy    = pk11_Null;
 	break;
 
     case CKM_MD2_HMAC_GENERAL:
@@ -2518,7 +2549,6 @@ finish_rsa:
     return CKR_OK;
 }
 
-
 /* NSC_Verify verifies a signature in a single-part operation, 
  * where the signature is an appendix to the data, 
  * and plaintext cannot be recovered from the signature */