more FIPS fixes. it's possible the old crypto lib alloc'ed the PQG params and copied them over when creating the DSA key, otherwise this code would have never worked. It's also possible this code was never tested as-is. At any rate, the static vars go out of scope and wreak havoc later on, so alloc the memory.

1 files changed, 12 insertions, 1 deletions

diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c
index 5bd85f1fc..cb30e9dd0 100644
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -314,6 +314,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
     PQGParams *dsaparams = NULL;
     void *params;
     secuPWData pwdata = { PW_NONE, 0 };
+    PRArenaPool *dsaparena;
 
     /*
      * Do some random-number initialization.
@@ -344,7 +345,17 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
 	if (pqgFile) {
 	    dsaparams = getpqgfromfile(size, pqgFile);
 	} else {
-	    dsaparams = &default_pqg_params;
+	    dsaparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+	    if (dsaparena == NULL) return NULL;
+	    dsaparams = PORT_ArenaZAlloc(dsaparena, sizeof(PQGParams));
+	    if (params == NULL) return NULL;
+	    dsaparams->arena = dsaparena;
+	    SECITEM_AllocItem(dsaparena, &dsaparams->prime, sizeof P);
+	    SECITEM_AllocItem(dsaparena, &dsaparams->subPrime, sizeof Q);
+	    SECITEM_AllocItem(dsaparena, &dsaparams->base, sizeof G);
+	    PORT_Memcpy(dsaparams->prime.data, P, dsaparams->prime.len);
+	    PORT_Memcpy(dsaparams->subPrime.data, Q, dsaparams->subPrime.len);
+	    PORT_Memcpy(dsaparams->base.data, G, dsaparams->base.len);
 	}
 	params = dsaparams;
 	break;