diff options
author | rrelyea%redhat.com <devnull@localhost> | 2010-12-04 22:35:06 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2010-12-04 22:35:06 +0000 |
commit | 797c2c883531bdbf8b2866fd7c9df41d049778ad (patch) | |
tree | 2ae3a9d62ea1992d06a61ab5970743b66aac64e2 | |
parent | 9d1b24d64ffea1a7f5175567c5fedd98e9710ef3 (diff) | |
download | nss-hg-797c2c883531bdbf8b2866fd7c9df41d049778ad.tar.gz |
Bug 614076 - Implement HKDF in Softoken
fix
1. hashLen is uninitialized.
2. the derive sensitivity check is missing.
patch by bsmith
r=rrelyea
-rw-r--r-- | security/nss/lib/softoken/pkcs11c.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index d9179f278..0aaf8a82e 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -6144,6 +6144,7 @@ hkdf: { crv = CKR_FUNCTION_FAILED; break; } + hashLen = rawHash->length; if (pMechanism->ulParameterLen != sizeof(CK_NSS_HKDFParams) || !params || (!params->bExpand && !params->bExtract) || @@ -6158,6 +6159,9 @@ hkdf: { crv = CKR_TEMPLATE_INCONSISTENT; break; } + crv = sftk_DeriveSensitiveCheck(sourceKey, key); + if (crv != CKR_OK) + break; /* HKDF-Extract(salt, base key value) */ if (params->bExtract) { |