rpms / nss

Clone
Source Code
GIT

Blame SOURCES/nss-old-pkcs11-num.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   d47c419d8cf4e25de8655262e0b919c3ff6db9cb
  2.   SOURCES
  3.   nss-old-pkcs11-num.patch
Blob History Raw
5f1c2b 
diff -up nss/lib/ssl/ssl3con.c.old_pkcs11_num nss/lib/ssl/ssl3con.c
5f1c2b 
--- nss/lib/ssl/ssl3con.c.old_pkcs11_num	2017-01-04 15:24:24.000000000 +0100
5f1c2b 
+++ nss/lib/ssl/ssl3con.c	2017-01-16 10:42:14.993429316 +0100
5f1c2b 
@@ -11054,8 +11054,10 @@ ssl3_ComputeTLSFinished(sslSocket *ss, s
1b6f66 
     tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
1b6f66 
     param.data = (unsigned char *)&tls_mac_params;
1b6f66 
     param.len = sizeof(tls_mac_params);
1b6f66 
-    prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
5f1c2b 
-                                             spec->master_secret, ¶m;;
1b6f66 
+    /* RHEL 7.2 had the wrong number for CKM_TLS12_MACH instead of CKM_TLS_MAC. In the new scheme that
1b6f66 
+     * number matches with CKM_TLS_KDF, so until softoken gets updated, use CKM_TLS_KDF on RHEL7 */
1b6f66 
+    prf_context = PK11_CreateContextBySymKey(CKM_TLS_KDF, CKA_SIGN,
5f1c2b 
+ 					     spec->master_secret, ¶m;;
1b6f66 
     if (!prf_context)
5f1c2b 
         return SECFailure;
5f1c2b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation