diff -up ./nss/lib/softoken/pkcs11c.c.sha384_key_derive ./nss/lib/softoken/pkcs11c.c --- ./nss/lib/softoken/pkcs11c.c.sha384_key_derive 2015-05-28 14:14:14.326097673 -0700 +++ ./nss/lib/softoken/pkcs11c.c 2015-05-28 14:35:51.208984276 -0700 @@ -5974,7 +5974,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h int i; unsigned int outLen; unsigned char sha_out[SHA1_LENGTH]; - unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; + unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH]; unsigned char key_block2[MD5_LENGTH]; unsigned char des3key[24]; PRBool isFIPS; @@ -6245,19 +6245,24 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; CK_ULONG effKeySize; unsigned int block_needed; + unsigned int max_block_size = NUM_MIXERS * MD5_LENGTH; unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { CK_TLS12_KEY_MAT_PARAMS *tls12_keys = (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; + SECHashObject *rawHash; tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); if (tlsPrfHash == HASH_AlgNULL) { crv = CKR_MECHANISM_PARAM_INVALID; break; } + rawHash = HASH_GetRawHashObject(tlsPrfHash); + max_block_size = NUM_MIXERS*rawHash->length; } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { tlsPrfHash = HASH_AlgSHA256; + max_block_size = NUM_MIXERS*SHA256_LENGTH; } if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { @@ -6322,9 +6327,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h } block_needed = 2 * (macSize + effKeySize + ((!ssl3_keys->bIsExport) * IVSize)); - PORT_Assert(block_needed <= sizeof key_block); - if (block_needed > sizeof key_block) - block_needed = sizeof key_block; + PORT_Assert(block_needed <= max_block_size); + if (block_needed > max_block_size) + block_needed = max_block_size; /* * generate the key material: This looks amazingly similar to the