diff options
author | rrelyea%redhat.com <devnull@localhost> | 2007-12-21 01:30:02 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2007-12-21 01:30:02 +0000 |
commit | f1ea6a5307ff27f380071e96deef8c80953b9c67 (patch) | |
tree | 36ddc766b7e4bf95a0df49ffc1757983122c446a | |
parent | 66a900e967a13822cebaf3ae471724512b75e1d0 (diff) | |
download | nss-hg-f1ea6a5307ff27f380071e96deef8c80953b9c67.tar.gz |
bug 401928 softoken updates for pkcs5 v2
r= nelsonb
-rw-r--r-- | security/nss/lib/softoken/lowpbe.c | 8 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 1 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11c.c | 14 |
3 files changed, 16 insertions, 7 deletions
diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index e12b3462c..f91839836 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -362,7 +362,7 @@ nsspkcs5_PBKFD2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt, unsigned int lastLength = salt->len + 4; unsigned int lastBufLength; - cx=HMAC_Create(hashobj,pwitem->data,pwitem->len,PR_TRUE); + cx=HMAC_Create(hashobj,pwitem->data,pwitem->len,PR_FALSE); if (cx == NULL) { goto loser; } @@ -406,7 +406,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param, int bytesNeeded = pbe_param->keyLen; unsigned int dkLen = bytesNeeded; unsigned int hLen = hashobj->length; - unsigned int l = (dkLen+hLen-1) / hLen; + unsigned int nblocks = (dkLen+hLen-1) / hLen; unsigned int i; unsigned char *rp; unsigned char *T = NULL; @@ -414,7 +414,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param, SECItem *salt = &pbe_param->salt; SECStatus rv = SECFailure; - result = SECITEM_AllocItem(NULL,NULL,l*hLen); + result = SECITEM_AllocItem(NULL,NULL,nblocks*hLen); if (result == NULL) { return NULL; } @@ -424,7 +424,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param, goto loser; } - for (i=0,rp=result->data; i < l ; i++, rp +=hLen) { + for (i=1,rp=result->data; i <= nblocks ; i++, rp +=hLen) { rv = nsspkcs5_PBKFD2_F(hashobj,pwitem,salt,iterations,i,T); if (rv != SECSuccess) { break; diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 953e1bdea..3c48a4506 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -450,6 +450,7 @@ static const struct mechanismList mechanisms[] = { {CKM_PBE_SHA1_RC4_40, {40,40, CKF_GENERATE}, PR_TRUE}, {CKM_PBE_SHA1_RC4_128, {128,128, CKF_GENERATE}, PR_TRUE}, {CKM_PBA_SHA1_WITH_SHA1_HMAC, {20,20, CKF_GENERATE}, PR_TRUE}, + {CKM_PKCS5_PBKD2, {1,256, CKF_GENERATE}, PR_TRUE}, {CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, {20,20, CKF_GENERATE}, PR_TRUE}, {CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, {16,16, CKF_GENERATE}, PR_TRUE}, {CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, {16,16, CKF_GENERATE}, PR_TRUE}, diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 857507c48..3a1fde282 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -628,8 +628,14 @@ finish_des: case CKM_CAMELLIA_CBC_PAD: context->doPad = PR_TRUE; /* fall thru */ - case CKM_CAMELLIA_ECB: case CKM_CAMELLIA_CBC: + if (!pMechanism->pParameter || + pMechanism->ulParameterLen != 16) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + /* fall thru */ + case CKM_CAMELLIA_ECB: context->blockSize = 16; if (key_type != CKK_CAMELLIA) { crv = CKR_KEY_TYPE_INCONSISTENT; @@ -2630,11 +2636,12 @@ nsc_pbe_key_gen(NSSPKCS5PBEParameter *pkcs5_pbe, CK_MECHANISM_PTR pMechanism, if (pMechanism->mechanism == CKM_PKCS5_PBKD2) { pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *)pMechanism->pParameter; pwitem.data = (unsigned char *)pbkd2_params->pPassword; - pwitem.len = (unsigned int)pbkd2_params->ulPasswordLen; + /* was this a typo in the PKCS #11 spec? */ + pwitem.len = *pbkd2_params->ulPasswordLen; } else { pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter; pwitem.data = (unsigned char *)pbe_params->pPassword; - pwitem.len = (unsigned int)pbe_params->ulPasswordLen; + pwitem.len = pbe_params->ulPasswordLen; } pbe_key = nsspkcs5_ComputeKeyAndIV(pkcs5_pbe, &pwitem, &iv, faulty3DES); if (pbe_key == NULL) { @@ -3053,6 +3060,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, case CKM_PBE_SHA1_RC4_40: case CKM_PBE_MD5_DES_CBC: case CKM_PBE_MD2_DES_CBC: + case CKM_PKCS5_PBKD2: key_gen_type = nsc_pbe; crv = nsc_SetupPBEKeyGen(pMechanism,&pbe_param, &key_type, &key_length); break; |