Bug 614076 - Implement HKDF in SoftokenNSS_3_12_9_BETA1

fix 1. hashLen is uninitialized. 2. the derive sensitivity check is missing. patch by bsmith r=rrelyea
author: rrelyea%redhat.com <devnull@localhost> 2010-12-04 22:35:38 +0000
committer: rrelyea%redhat.com <devnull@localhost> 2010-12-04 22:35:38 +0000
commit: 6981549d4d3bacd4b7752480fd02da86285af89e (patch)
tree: a17079a566aff0491424f920245a3861df92aa31 /security
parent: 8bf42b42b7c6390e144f3d5123e76bf2a479b009 (diff)
download: nss-hg-6981549d4d3bacd4b7752480fd02da86285af89e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 9b094a304..8847c2f79 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -6072,6 +6072,7 @@ hkdf: {
             crv = CKR_FUNCTION_FAILED;
             break;
         }
+        hashLen = rawHash->length;
 
         if (pMechanism->ulParameterLen != sizeof(CK_NSS_HKDFParams) ||
             !params || (!params->bExpand && !params->bExtract) ||
@@ -6086,6 +6087,9 @@ hkdf: {
             crv = CKR_TEMPLATE_INCONSISTENT;
             break;
         }
+        crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+        if (crv != CKR_OK)
+            break;
 
         /* HKDF-Extract(salt, base key value) */
         if (params->bExtract) {
author	rrelyea%redhat.com <devnull@localhost>	2010-12-04 22:35:38 +0000
committer	rrelyea%redhat.com <devnull@localhost>	2010-12-04 22:35:38 +0000
commit	6981549d4d3bacd4b7752480fd02da86285af89e (patch)
tree	a17079a566aff0491424f920245a3861df92aa31 /security
parent	8bf42b42b7c6390e144f3d5123e76bf2a479b009 (diff)
download	nss-hg-6981549d4d3bacd4b7752480fd02da86285af89e.tar.gz