diff options
| author | kaie%kuix.de <devnull@localhost> | 2007-04-27 23:16:39 +0000 |
|---|---|---|
| committer | kaie%kuix.de <devnull@localhost> | 2007-04-27 23:16:39 +0000 |
| commit | 080db61d7e8bc39e5064bf5ddfe4b1d3c24d5995 (patch) | |
| tree | 78395ff510ee588a2c437f623eaa195081047e6b | |
| parent | eb80f08d1c38cd2795aeec05189f15d55ffb8fb0 (diff) | |
| parent | c22e115983bc55648fd0ae464ed058c1a2297534 (diff) | |
| download | nss-hg-080db61d7e8bc39e5064bf5ddfe4b1d3c24d5995.tar.gz | |
Bug 316925, Key export does not work on tokens with non-sensitive keys that can't wrap.
r=kaie, r=wtc
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11akey.c | 22 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11kea.c | 5 |
2 files changed, 21 insertions, 6 deletions
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 707989d9f..aa4db9243 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -1327,6 +1327,7 @@ PK11_ExportEncryptedPrivKeyInfo( SECAlgorithmID *algid; SECItem *pbe_param = NULL; PK11SymKey *key = NULL; + SECKEYPrivateKey *tmpPK = NULL; SECStatus rv = SECSuccess; CK_RV crv; CK_ULONG encBufLen; @@ -1402,13 +1403,19 @@ PK11_ExportEncryptedPrivKeyInfo( PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot, key->type, CKA_WRAP, key); if (newkey == NULL) { - rv= SECFailure; - goto loser; + tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE); + if (tmpPK == NULL) { + /* couldn't import the wrapping key, couldn't export the + * private key, we are done */ + rv = SECFailure; + goto loser; + } + pk = tmpPK; + } else { + /* free the old key and use the new key */ + PK11_FreeSymKey(key); + key = newkey; } - - /* free the old key and use the new key */ - PK11_FreeSymKey(key); - key = newkey; } /* we are extracting an encrypted privateKey structure. @@ -1463,6 +1470,9 @@ loser: if(key != NULL) { PK11_FreeSymKey(key); } + if (tmpPK != NULL) { + SECKEY_DestroyPrivateKey(tmpPK); + } SECOID_DestroyAlgorithmID(algid, PR_TRUE); if(rv == SECFailure) { diff --git a/security/nss/lib/pk11wrap/pk11kea.c b/security/nss/lib/pk11wrap/pk11kea.c index 7664d8071..3d2a52ad5 100644 --- a/security/nss/lib/pk11wrap/pk11kea.c +++ b/security/nss/lib/pk11wrap/pk11kea.c @@ -144,6 +144,11 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, if (rv == SECSuccess) { newSymKey = PK11_PubUnwrapSymKeyWithFlagsPerm(privKey, &wrapData,type,operation,symKeyLength,flags,isPerm); + /* make sure we wound up where we wanted to be! */ + if (newSymKey && newSymKey->slot != slot) { + PK11_FreeSymKey(newSymKey); + newSymKey = NULL; + } } rsa_failed: if (wrapData.data != NULL) PORT_Free(wrapData.data); |