From ef5da7984541f253d7fb656d5089edf2426795a4 Mon Sep 17 00:00:00 2001 From: "mcgreer%netscape.com" Date: Mon, 6 Aug 2001 18:57:16 +0000 Subject: [PATCH] more FIPS fixes. it's possible the old crypto lib alloc'ed the PQG params and copied them over when creating the DSA key, otherwise this code would have never worked. It's also possible this code was never tested as-is. At any rate, the static vars go out of scope and wreak havoc later on, so alloc the memory. git-svn-id: svn://10.0.0.236/trunk@100408 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/cmd/certutil/keystuff.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/mozilla/security/nss/cmd/certutil/keystuff.c b/mozilla/security/nss/cmd/certutil/keystuff.c index 5bd85f1fc48..cb30e9dd088 100644 --- a/mozilla/security/nss/cmd/certutil/keystuff.c +++ b/mozilla/security/nss/cmd/certutil/keystuff.c @@ -314,6 +314,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, PQGParams *dsaparams = NULL; void *params; secuPWData pwdata = { PW_NONE, 0 }; + PRArenaPool *dsaparena; /* * Do some random-number initialization. @@ -344,7 +345,17 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, if (pqgFile) { dsaparams = getpqgfromfile(size, pqgFile); } else { - dsaparams = &default_pqg_params; + dsaparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (dsaparena == NULL) return NULL; + dsaparams = PORT_ArenaZAlloc(dsaparena, sizeof(PQGParams)); + if (params == NULL) return NULL; + dsaparams->arena = dsaparena; + SECITEM_AllocItem(dsaparena, &dsaparams->prime, sizeof P); + SECITEM_AllocItem(dsaparena, &dsaparams->subPrime, sizeof Q); + SECITEM_AllocItem(dsaparena, &dsaparams->base, sizeof G); + PORT_Memcpy(dsaparams->prime.data, P, dsaparams->prime.len); + PORT_Memcpy(dsaparams->subPrime.data, Q, dsaparams->subPrime.len); + PORT_Memcpy(dsaparams->base.data, G, dsaparams->base.len); } params = dsaparams; break;