Bugzilla bug 302286: fixed the bug that NSS misinterpreted the

CKA_PRIME_BITS attribute for DSA's p parameter. r=relyea.
Modified files: pk11wrap/pk11pqg.c softoken/pkcs11c.c

security/nss/lib/pk11wrap/pk11pqg.c

@@ -79,12 +79,16 @@ PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
     PRArenaPool *varena = NULL;
     PQGParams *params = NULL;
     PQGVerify *verify = NULL;
-    CK_ULONG primeBits = j;
+    CK_ULONG primeBits = PQG_INDEX_TO_PBITS(j);
     CK_ULONG seedBits = seedBytes*8;
 
     *pParams = NULL;
     *pVfy =  NULL;
 
+    if (primeBits == (CK_ULONG)-1) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	goto loser;
+    }
     PK11_SETATTRS(attrs, CKA_PRIME_BITS,&primeBits,sizeof(primeBits)); attrs++;
     if (seedBits != 0) {
     	PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED_BITS, 

security/nss/lib/softoken/pkcs11c.c

@@ -2500,6 +2500,7 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
     CK_ULONG counter;
     unsigned int seedBits = 0;
     unsigned int primeBits;
+    unsigned int j;
     CK_RV crv = CKR_OK;
     PQGParams *params = NULL;
     PQGVerify *vfy = NULL;
@@ -2511,6 +2512,10 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
     }
     primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue;
     sftk_FreeAttribute(attribute);
+    j = PQG_PBITS_TO_INDEX(primeBits);
+    if (j == (unsigned int)-1) {
+	return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
 
     attribute = sftk_FindAttribute(key, CKA_NETSCAPE_PQG_SEED_BITS);
     if (attribute != NULL) {
@@ -2522,9 +2527,9 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
     sftk_DeleteAttributeType(key,CKA_NETSCAPE_PQG_SEED_BITS);
 
     if (seedBits == 0) {
-	rv = PQG_ParamGen(primeBits, &params, &vfy);
+	rv = PQG_ParamGen(j, &params, &vfy);
     } else {
-	rv = PQG_ParamGenSeedLen(primeBits,seedBits/8, &params, &vfy);
+	rv = PQG_ParamGenSeedLen(j,seedBits/8, &params, &vfy);
     }
 
     if (rv != SECSuccess) {