diff options
author | wtchang%redhat.com <devnull@localhost> | 2005-08-12 23:50:19 +0000 |
---|---|---|
committer | wtchang%redhat.com <devnull@localhost> | 2005-08-12 23:50:19 +0000 |
commit | 551598497b8af95cf8f7b7c8f0613e1e53e489ff (patch) | |
tree | 5b5a99ead52baa72b16d8d7de5180e84fa48602e /security/nss/lib/cryptohi | |
parent | 6ac5ea0d19316478208e4e45acc6024a497c4a99 (diff) | |
download | nss-hg-551598497b8af95cf8f7b7c8f0613e1e53e489ff.tar.gz |
Bugzilla Bug 296410: enlarge the buffer size for message digest so that
we can generate and verify signatures that use SHA-512. r=relyea
Modified files: secsign.c secvfy.c
Diffstat (limited to 'security/nss/lib/cryptohi')
-rw-r--r-- | security/nss/lib/cryptohi/secsign.c | 2 | ||||
-rw-r--r-- | security/nss/lib/cryptohi/secvfy.c | 11 |
2 files changed, 8 insertions, 5 deletions
diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index 279349555..e6e983a65 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -201,7 +201,7 @@ SGN_Update(SGNContext *cx, unsigned char *input, unsigned inputLen) SECStatus SGN_End(SGNContext *cx, SECItem *result) { - unsigned char digest[32]; + unsigned char digest[HASH_LENGTH_MAX]; unsigned part1, signatureLen; SECStatus rv; SECItem digder, sigitem; diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index a9e3970da..4a5de4e0f 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -83,7 +83,7 @@ DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, SECKEYPublicKey *key, */ tag = SECOID_GetAlgorithmTag(&di->digestAlgorithm); /* XXX Check that tag is an appropriate algorithm? */ - if (di->digest.len > 32) { + if (di->digest.len > HASH_LENGTH_MAX) { PORT_SetError(SEC_ERROR_OUTPUT_LEN); goto loser; } @@ -110,8 +110,11 @@ struct VFYContextStr { SECOidTag alg; VerifyType type; SECKEYPublicKey *key; - /* digest holds the full dsa signature... 40 bytes */ - unsigned char digest[DSA_SIGNATURE_LEN]; + /* + * digest holds either the hash (<= HASH_LENGTH_MAX=64 bytes) + * in the RSA signature, or the full DSA signature (40 bytes). + */ + unsigned char digest[HASH_LENGTH_MAX]; void * wincx; void *hashcx; const SECHashObject *hashobj; @@ -350,7 +353,7 @@ VFY_Update(VFYContext *cx, unsigned char *input, unsigned inputLen) SECStatus VFY_EndWithSignature(VFYContext *cx, SECItem *sig) { - unsigned char final[32]; + unsigned char final[HASH_LENGTH_MAX]; unsigned part; SECItem hash,dsasig; /* dsasig is also used for ECDSA */ SECStatus rv; |