From b4dd7bda56eaf37da6408c8709968458cf3613fc Mon Sep 17 00:00:00 2001 From: "chrisk%netscape.com" Date: Mon, 12 Jun 2000 23:43:42 +0000 Subject: Fix DSA / BLAPI interface by creating stub functions that have the correct signature for being called via context->update or context->verify. --- security/nss/lib/cryptohi/secvfy.c | 6 +++-- security/nss/lib/softoken/pkcs11c.c | 44 +++++++++++++++++++++++++++++++------ 2 files changed, 41 insertions(+), 9 deletions(-) (limited to 'security/nss/lib') diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index 6bd3fdc2e..6c2443e30 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -290,6 +290,7 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig, { SECStatus rv; VFYContext *cx; + SECItem dsasig; rv = SECFailure; @@ -305,7 +306,9 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig, break; case fortezzaKey: case dsaKey: - if (PK11_Verify(cx->key,sig,digest,wincx) != SECSuccess) { + dsasig.data = &cx->digest[0]; + dsasig.len = DSA_SIGNATURE_LEN; /* magic size of dsa signature */ + if (PK11_Verify(cx->key, &dsasig, digest, cx->wincx) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_SIGNATURE); } else { rv = SECSuccess; @@ -314,7 +317,6 @@ VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig, default: break; } - VFY_DestroyContext(cx, PR_TRUE); } return rv; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 11ea8f459..9689982ba 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -1917,6 +1917,37 @@ pk11_HashSign(PK11HashSignInfo *info,unsigned char *sig,unsigned int *sigLen, return rv; } +static SECStatus +nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, CK_ULONG ulDataLen) +{ + SECItem signature, digest; + + signature.data = pSignature; + signature.len = ulSignatureLen; + digest.data = pData; + digest.len = ulDataLen; + return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest); +} + +static SECStatus +nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature, + CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen, + CK_BYTE_PTR pData, CK_ULONG ulDataLen) +{ + SECItem signature = { 0 }, digest; + SECStatus rv; + + (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen); + digest.data = pData; + digest.len = ulDataLen; + rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest); + *ulSignatureLen = signature.len; + PORT_Memcpy(pSignature, signature.data, signature.len); + SECITEM_FreeItem(&signature, PR_FALSE); + return rv; +} + /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied @@ -2059,9 +2090,9 @@ finish_rsa: crv = CKR_HOST_MEMORY; break; } - context->cipherInfo = DSA_CreateSignContext(privKey); - context->update = (PK11Cipher) DSA_SignDigest; - context->destroy = (PK11Destroy) DSA_DestroySignContext; + context->cipherInfo = &(privKey->u.dsa); + context->update = (PK11Cipher) nsc_DSA_Sign_Stub; + context->destroy = pk11_Null; if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey); break; @@ -2465,9 +2496,9 @@ finish_rsa: crv = CKR_HOST_MEMORY; break; } - context->cipherInfo = DSA_CreateVerifyContext(pubKey); - context->verify = (PK11Verify) DSA_VerifyDigest; - context->destroy = (PK11Destroy) DSA_DestroyVerifyContext; + context->cipherInfo = &(pubKey->u.dsa); + context->verify = (PK11Verify) nsc_DSA_Verify_Stub; + context->destroy = pk11_Null; break; case CKM_MD2_HMAC_GENERAL: @@ -2518,7 +2549,6 @@ finish_rsa: return CKR_OK; } - /* NSC_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, * and plaintext cannot be recovered from the signature */ -- cgit v1.2.1