diff options
-rw-r--r-- | security/nss/lib/pk11wrap/pk11skey.c | 15 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11c.c | 14 |
2 files changed, 23 insertions, 6 deletions
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index a4bc0ab2f..5ea1f561c 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -54,6 +54,8 @@ #define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */ #define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */ +static const SECItem pk11_null_params = { 0 }; + /* forward static declarations. */ static PK11SymKey *pk11_DeriveWithTemplate(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, @@ -3162,7 +3164,8 @@ PK11_DestroyContext(PK11Context *context, PRBool freeit) /* initialize the critical fields of the context */ if (context->savedData != NULL ) PORT_Free(context->savedData); if (context->key) PK11_FreeSymKey(context->key); - if (context->param) SECITEM_FreeItem(context->param, PR_TRUE); + if (context->param && context->param != &pk11_null_params) + SECITEM_FreeItem(context->param, PR_TRUE); if (context->sessionLock) PZ_DestroyLock(context->sessionLock); PK11_FreeSlot(context->slot); if (freeit) PORT_Free(context); @@ -3357,7 +3360,15 @@ static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type, /* save the parameters so that some digesting stuff can do multiple * begins on a single context */ context->type = type; - context->param = SECITEM_DupItem(param); + if (param) { + if (param->len > 0) { + context->param = SECITEM_DupItem(param); + } else { + context->param = (SECItem *)&pk11_null_params; + } + } else { + context->param = NULL; + } context->init = PR_FALSE; context->sessionLock = PZ_NewLock(nssILockPK11cxt); if ((context->param == NULL) || (context->sessionLock == NULL)) { diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 6b6a1daa3..84bb4e5ba 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -4899,14 +4899,20 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, /* ** client_write_IV[CipherSpec.IV_size] */ - PORT_Memcpy(ssl3_keys_out->pIVClient, &key_block[i], IVSize); - i += IVSize; + if (IVSize > 0) { + PORT_Memcpy(ssl3_keys_out->pIVClient, + &key_block[i], IVSize); + i += IVSize; + } /* ** server_write_IV[CipherSpec.IV_size] */ - PORT_Memcpy(ssl3_keys_out->pIVServer, &key_block[i], IVSize); - i += IVSize; + if (IVSize > 0) { + PORT_Memcpy(ssl3_keys_out->pIVServer, + &key_block[i], IVSize); + i += IVSize; + } } else if (!isTLS) { |