From 2577eb148c65c71c75ac5343686979c812ba5f25 Mon Sep 17 00:00:00 2001
From: "wtchang%redhat.com" <wtchang%redhat.com>
Date: Sat, 13 Aug 2005 00:09:26 +0000
Subject: [PATCH] Bugzilla bug 302286: fixed the bug that NSS misinterpreted
 the CKA_PRIME_BITS attribute for DSA's p parameter. r=relyea. Modified files:
 pk11wrap/pk11pqg.c softoken/pkcs11c.c

---
 security/nss/lib/pk11wrap/pk11pqg.c | 6 +++++-
 security/nss/lib/softoken/pkcs11c.c | 9 +++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/security/nss/lib/pk11wrap/pk11pqg.c b/security/nss/lib/pk11wrap/pk11pqg.c
index dd5e5ef3c75d..62afc7756a7b 100644
--- a/security/nss/lib/pk11wrap/pk11pqg.c
+++ b/security/nss/lib/pk11wrap/pk11pqg.c
@@ -79,12 +79,16 @@ PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
     PRArenaPool *varena = NULL;
     PQGParams *params = NULL;
     PQGVerify *verify = NULL;
-    CK_ULONG primeBits = j;
+    CK_ULONG primeBits = PQG_INDEX_TO_PBITS(j);
     CK_ULONG seedBits = seedBytes*8;
 
     *pParams = NULL;
     *pVfy =  NULL;
 
+    if (primeBits == (CK_ULONG)-1) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	goto loser;
+    }
     PK11_SETATTRS(attrs, CKA_PRIME_BITS,&primeBits,sizeof(primeBits)); attrs++;
     if (seedBits != 0) {
     	PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED_BITS, 
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 05bfc42a0afa..10bbdbd9b27e 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -2500,6 +2500,7 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
     CK_ULONG counter;
     unsigned int seedBits = 0;
     unsigned int primeBits;
+    unsigned int j;
     CK_RV crv = CKR_OK;
     PQGParams *params = NULL;
     PQGVerify *vfy = NULL;
@@ -2511,6 +2512,10 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
     }
     primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue;
     sftk_FreeAttribute(attribute);
+    j = PQG_PBITS_TO_INDEX(primeBits);
+    if (j == (unsigned int)-1) {
+	return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
 
     attribute = sftk_FindAttribute(key, CKA_NETSCAPE_PQG_SEED_BITS);
     if (attribute != NULL) {
@@ -2522,9 +2527,9 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
     sftk_DeleteAttributeType(key,CKA_NETSCAPE_PQG_SEED_BITS);
 
     if (seedBits == 0) {
-	rv = PQG_ParamGen(primeBits, &params, &vfy);
+	rv = PQG_ParamGen(j, &params, &vfy);
     } else {
-	rv = PQG_ParamGenSeedLen(primeBits,seedBits/8, &params, &vfy);
+	rv = PQG_ParamGenSeedLen(j,seedBits/8, &params, &vfy);
     }
 
     if (rv != SECSuccess) {