From c64ee802b43d3fce61f07b9582cf4fbffd2034ab Mon Sep 17 00:00:00 2001
From: "mcgreer%netscape.com" <mcgreer%netscape.com>
Date: Tue, 14 Aug 2001 18:53:27 +0000
Subject: [PATCH] fixes for 95135 and 95150, find DSA keys that start with a
 leading 0

---
 security/nss/lib/softoken/pkcs11.c  | 12 ++++++++++++
 security/nss/lib/softoken/pkcs11u.c | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 4795a5d72d27..709f433bc054 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -2111,6 +2111,18 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
 	priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&pubKey,
 				       (SECKEYGetPasswordKey) pk11_givePass,
 				       object->slot);
+	if (!priv && pubKey.data[0] == 0) {
+	    /* Because of legacy code issues, sometimes the public key has
+	     * a '0' prepended to it, forcing it to be unsigned.  The database
+	     * does not store that '0', so catch that failure here.
+	     */
+	    SECItem tmpPubKey;
+	    tmpPubKey.data = pubKey.data + 1;
+	    tmpPubKey.len = pubKey.len - 1;
+	    priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&tmpPubKey,
+				           (SECKEYGetPasswordKey) pk11_givePass,
+				           object->slot);
+	}
 	if (pubKey.data) PORT_Free(pubKey.data);
 
 	/* don't 'cache' DB private keys */
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index d6da65fed43b..07c03f034f8c 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -749,6 +749,17 @@ pk11_DestroyObject(PK11Object *object)
 		crv=pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
 		if (crv != CKR_OK) break;
 		rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &pubKey);
+		if (rv != SECSuccess && pubKey.data[0] == 0) {
+		    /* Because of legacy code issues, sometimes the public key
+		     * has a '0' prepended to it, forcing it to be unsigned.
+	             * The database  does not store that '0', so catch that
+		     * failure here.
+		     */
+		    SECItem tmpPubKey;
+		    tmpPubKey.data = pubKey.data + 1;
+		    tmpPubKey.len = pubKey.len - 1;
+		    rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &tmpPubKey);
+		}
 		if (rv != SECSuccess) crv= CKR_DEVICE_ERROR;
 		break;
 	      case PK11_TOKEN_TYPE_CERT: