rpms / nss

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   c7-aarch64
  2.   SOURCES
  3.   nss-old-pkcs11-num.patch
Blob Blame History Raw 
diff -up ./nss/lib/ssl/ssl3con.c.old_pkcs11_num ./nss/lib/ssl/ssl3con.c
--- ./nss/lib/ssl/ssl3con.c.old_pkcs11_num	2016-02-24 17:53:31.936203961 -0500
+++ ./nss/lib/ssl/ssl3con.c	2016-02-24 17:54:34.643037802 -0500
@@ -11075,7 +11075,9 @@ ssl3_ComputeTLSFinished(sslSocket *ss, s
     tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
     param.data = (unsigned char *)&tls_mac_params;
     param.len = sizeof(tls_mac_params);
-    prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
+    /* RHEL 7.2 had the wrong number for CKM_TLS12_MACH instead of CKM_TLS_MAC. In the new scheme that
+     * number matches with CKM_TLS_KDF, so until softoken gets updated, use CKM_TLS_KDF on RHEL7 */
+    prf_context = PK11_CreateContextBySymKey(CKM_TLS_KDF, CKA_SIGN,
 					     spec->master_secret, &param);
     if (!prf_context)
 	return SECFailure;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation