rpms / nss-softokn

Clone
Source Code
GIT

Blame SOURCES/nss-softokn-3.16-sha384-key-derive.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8
  1.   716a00cd379c22440e8fd5f35a9547476045d010
  2.   SOURCES
  3.   nss-softokn-3.16-sha384-key-derive.patch
Blob History Raw
700847 
diff -up ./nss/lib/softoken/pkcs11c.c.sha384_key_derive ./nss/lib/softoken/pkcs11c.c
700847 
--- ./nss/lib/softoken/pkcs11c.c.sha384_key_derive	2015-05-28 14:14:14.326097673 -0700
700847 
+++ ./nss/lib/softoken/pkcs11c.c	2015-05-28 14:35:51.208984276 -0700
700847 
@@ -5974,7 +5974,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
700847 
     int             i;
700847 
     unsigned int    outLen;
700847 
     unsigned char   sha_out[SHA1_LENGTH];
700847 
-    unsigned char   key_block[NUM_MIXERS * MD5_LENGTH];
700847 
+    unsigned char   key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH];
700847 
     unsigned char   key_block2[MD5_LENGTH];
700847 
     unsigned char   des3key[24];
700847 
     PRBool          isFIPS;
700847 
@@ -6245,19 +6245,24 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
700847 
 	CK_SSL3_KEY_MAT_OUT *   ssl3_keys_out;
700847 
 	CK_ULONG                effKeySize;
700847 
 	unsigned int            block_needed;
700847 
+        unsigned int		max_block_size =  NUM_MIXERS * MD5_LENGTH;
700847 
 	unsigned char           srcrdata[SSL3_RANDOM_LENGTH * 2];
700847 
 	unsigned char           crsrdata[SSL3_RANDOM_LENGTH * 2];
700847
700847 
         if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) {
700847 
 	    CK_TLS12_KEY_MAT_PARAMS *tls12_keys =
700847 
 		(CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter;
700847 
+	    SECHashObject *rawHash;
700847 
 	    tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism);
700847 
 	    if (tlsPrfHash == HASH_AlgNULL) {
700847 
 		crv = CKR_MECHANISM_PARAM_INVALID;
700847 
 		break;
700847 
 	    }
700847 
+            rawHash = HASH_GetRawHashObject(tlsPrfHash);
700847 
+	    max_block_size = NUM_MIXERS*rawHash->length;
700847 
         } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) {
700847 
 	    tlsPrfHash = HASH_AlgSHA256;
700847 
+	    max_block_size = NUM_MIXERS*SHA256_LENGTH;
700847 
 	}
700847
700847 
         if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) {
700847 
@@ -6322,9 +6327,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
700847 
 	}
700847 
 	block_needed = 2 * (macSize + effKeySize +
700847 
 	                    ((!ssl3_keys->bIsExport) * IVSize));
700847 
-	PORT_Assert(block_needed <= sizeof key_block);
700847 
-	if (block_needed > sizeof key_block)
700847 
-	    block_needed = sizeof key_block;
700847 
+	PORT_Assert(block_needed <= max_block_size);
700847 
+	if (block_needed > max_block_size)
700847 
+	    block_needed = max_block_size;
700847
700847 
 	/*
700847 
 	 * generate the key material: This looks amazingly similar to the

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation