Bug 614076 - Implement HKDF in Softoken

fix 1. hashLen is uninitialized. 2. the derive sensitivity check is missing. patch by bsmith r=rrelyea
author: rrelyea%redhat.com <devnull@localhost> 2010-12-04 22:35:06 +0000
committer: rrelyea%redhat.com <devnull@localhost> 2010-12-04 22:35:06 +0000
commit: 797c2c883531bdbf8b2866fd7c9df41d049778ad (patch)
tree: 2ae3a9d62ea1992d06a61ab5970743b66aac64e2 /security/nss/lib/softoken
parent: 9d1b24d64ffea1a7f5175567c5fedd98e9710ef3 (diff)
download: nss-hg-797c2c883531bdbf8b2866fd7c9df41d049778ad.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index d9179f278..0aaf8a82e 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -6144,6 +6144,7 @@ hkdf: {
             crv = CKR_FUNCTION_FAILED;
             break;
         }
+        hashLen = rawHash->length;
 
         if (pMechanism->ulParameterLen != sizeof(CK_NSS_HKDFParams) ||
             !params || (!params->bExpand && !params->bExtract) ||
@@ -6158,6 +6159,9 @@ hkdf: {
             crv = CKR_TEMPLATE_INCONSISTENT;
             break;
         }
+        crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+        if (crv != CKR_OK)
+            break;
 
         /* HKDF-Extract(salt, base key value) */
         if (params->bExtract) {
author	rrelyea%redhat.com <devnull@localhost>	2010-12-04 22:35:06 +0000
committer	rrelyea%redhat.com <devnull@localhost>	2010-12-04 22:35:06 +0000
commit	797c2c883531bdbf8b2866fd7c9df41d049778ad (patch)
tree	2ae3a9d62ea1992d06a61ab5970743b66aac64e2 /security/nss/lib/softoken
parent	9d1b24d64ffea1a7f5175567c5fedd98e9710ef3 (diff)
download	nss-hg-797c2c883531bdbf8b2866fd7c9df41d049778ad.tar.gz