diff options
author | Benjamin Beurdouche <bbeurdouche@mozilla.com> | 2020-07-16 21:31:45 +0000 |
---|---|---|
committer | Benjamin Beurdouche <bbeurdouche@mozilla.com> | 2020-07-16 21:31:45 +0000 |
commit | bfc05d0925ffb6516d53c9892020a16a05b34861 (patch) | |
tree | 38ec3cd369658e025e89052020ca6a80f094e587 | |
parent | 4de049d4e7bf5040c56c958faa055de6a8b14630 (diff) | |
download | nss-hg-bfc05d0925ffb6516d53c9892020a16a05b34861.tar.gz |
Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj
Differential Revision: https://phabricator.services.mozilla.com/D75774
-rw-r--r-- | lib/softoken/pkcs11c.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index 9777829f5..bd8882680 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -984,10 +984,6 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - if (pMechanism->ulParameterLen < 8) { - crv = CKR_DOMAIN_PARAMS_INVALID; - break; - } t = NSS_DES_CBC; goto finish_des; case CKM_DES3_ECB: @@ -1005,12 +1001,13 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, crv = CKR_KEY_TYPE_INCONSISTENT; break; } - if (pMechanism->ulParameterLen < 8) { + t = NSS_DES_EDE3_CBC; + finish_des: + if ((t != NSS_DES && t != NSS_DES_EDE3) && (pMechanism->pParameter == NULL || + pMechanism->ulParameterLen < 8)) { crv = CKR_DOMAIN_PARAMS_INVALID; break; } - t = NSS_DES_EDE3_CBC; - finish_des: context->blockSize = 8; att = sftk_FindAttribute(key, CKA_VALUE); if (att == NULL) { |