diff options
author | Daiki Ueno <dueno@redhat.com> | 2017-04-05 15:12:03 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2017-04-05 15:12:03 +0200 |
commit | aab9c7d75306966eaf20743566a388a994f266b4 (patch) | |
tree | ffc55fa66a49f30800d55340e11c161153a15738 | |
parent | 68e45894059ee980a6b931dfbecb2d7b8cfc6700 (diff) | |
download | nss-hg-aab9c7d75306966eaf20743566a388a994f266b4.tar.gz |
Bug 1353724, fix key length calculation for PKCS#5 DES-EDE3-CBC-Pad, r=rrelyea
-rw-r--r-- | lib/pk11wrap/pk11pbe.c | 7 | ||||
-rw-r--r-- | lib/pk11wrap/pk11priv.h | 1 | ||||
-rw-r--r-- | lib/pk11wrap/pk11slot.c | 8 |
3 files changed, 16 insertions, 0 deletions
diff --git a/lib/pk11wrap/pk11pbe.c b/lib/pk11wrap/pk11pbe.c index 5c389cfd7..bea9333f6 100644 --- a/lib/pk11wrap/pk11pbe.c +++ b/lib/pk11wrap/pk11pbe.c @@ -370,6 +370,13 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId) length = sec_pkcs5v2_aes_key_length(cipherAlg); } else if (p5_param.keyLength.data != NULL) { length = DER_GetInteger(&p5_param.keyLength); + } else { + CK_MECHANISM_TYPE cipherMech; + cipherMech = PK11_AlgtagToMechanism(cipherAlg); + if (cipherMech == CKM_INVALID_MECHANISM) { + goto loser; + } + length = PK11_GetMaxKeyLength(cipherMech); } loser: diff --git a/lib/pk11wrap/pk11priv.h b/lib/pk11wrap/pk11priv.h index ce0f5d7fa..d9aaeaf92 100644 --- a/lib/pk11wrap/pk11priv.h +++ b/lib/pk11wrap/pk11priv.h @@ -106,6 +106,7 @@ CK_OBJECT_HANDLE PK11_FindObjectForCert(CERTCertificate *cert, void *wincx, PK11SlotInfo **pSlot); PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey); +unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType); /********************************************************************** * Certs diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c index c66ae275c..68d37486f 100644 --- a/lib/pk11wrap/pk11slot.c +++ b/lib/pk11wrap/pk11slot.c @@ -2291,6 +2291,14 @@ PK11_GetMaxKeyLength(CK_MECHANISM_TYPE mechanism) } } } + + /* fallback to pk11_GetPredefinedKeyLength for fixed key size algorithms */ + if (keyLength == 0) { + CK_KEY_TYPE keyType; + keyType = PK11_GetKeyType(mechanism, 0); + keyLength = pk11_GetPredefinedKeyLength(keyType); + } + if (le) PK11_FreeSlotListElement(list, le); if (freeit) |