From 4a29a230ce0afb92e5db3ef7a07acdbac243bc7c Mon Sep 17 00:00:00 2001 From: "nelsonb%netscape.com" Date: Sat, 21 May 2005 21:35:24 +0000 Subject: [PATCH] Allow DSA signature output buffer to exceed required length. Bug 191470. r=nelson. Patch by rrelyea@redhat.com. --- security/nss/lib/freebl/dsa.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c index 1a1cc2a4160..817d4281091 100644 --- a/security/nss/lib/freebl/dsa.c +++ b/security/nss/lib/freebl/dsa.c @@ -35,7 +35,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: dsa.c,v 1.13 2004-04-27 23:04:36 gerv%gerv.net Exp $ */ +/* $Id: dsa.c,v 1.14 2005-05-21 21:35:24 nelsonb%netscape.com Exp $ */ #include "secerr.h" @@ -188,11 +188,12 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest, /* FIPS-compliance dictates that digest is a SHA1 hash. */ /* Check args. */ if (!key || !signature || !digest || - (signature->len != DSA_SIGNATURE_LEN) || + (signature->len < DSA_SIGNATURE_LEN) || (digest->len != SHA1_LENGTH)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } + /* Initialize MPI integers. */ MP_DIGITS(&p) = 0; MP_DIGITS(&q) = 0; @@ -253,6 +254,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest, DSA_SUBPRIME_LEN); if (err < 0) goto cleanup; err = MP_OKAY; + signature->len = DSA_SIGNATURE_LEN; cleanup: mp_clear(&p); mp_clear(&q);