diff -up ./nss/lib/softoken/pkcs11c.c.sha384_key_derive ./nss/lib/softoken/pkcs11c.c
--- ./nss/lib/softoken/pkcs11c.c.sha384_key_derive 2015-05-28 14:14:14.326097673 -0700
+++ ./nss/lib/softoken/pkcs11c.c 2015-05-28 14:35:51.208984276 -0700
@@ -5974,7 +5974,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
int i;
unsigned int outLen;
unsigned char sha_out[SHA1_LENGTH];
- unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
+ unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH];
unsigned char key_block2[MD5_LENGTH];
unsigned char des3key[24];
PRBool isFIPS;
@@ -6245,19 +6245,24 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
CK_SSL3_KEY_MAT_OUT * ssl3_keys_out;
CK_ULONG effKeySize;
unsigned int block_needed;
+ unsigned int max_block_size = NUM_MIXERS * MD5_LENGTH;
unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2];
unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) {
CK_TLS12_KEY_MAT_PARAMS *tls12_keys =
(CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter;
+ SECHashObject *rawHash;
tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism);
if (tlsPrfHash == HASH_AlgNULL) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
+ rawHash = HASH_GetRawHashObject(tlsPrfHash);
+ max_block_size = NUM_MIXERS*rawHash->length;
} else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) {
tlsPrfHash = HASH_AlgSHA256;
+ max_block_size = NUM_MIXERS*SHA256_LENGTH;
}
if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) {
@@ -6322,9 +6327,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
}
block_needed = 2 * (macSize + effKeySize +
((!ssl3_keys->bIsExport) * IVSize));
- PORT_Assert(block_needed <= sizeof key_block);
- if (block_needed > sizeof key_block)
- block_needed = sizeof key_block;
+ PORT_Assert(block_needed <= max_block_size);
+ if (block_needed > max_block_size)
+ block_needed = max_block_size;
/*
* generate the key material: This looks amazingly similar to the