Mercurial > illumos > git > illumos-joyent
changeset 25202:86c234625694
12942 pkcs11_softtoken pbkdf2 key derivation can crash
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Approved by: Dan McDonald <danmcd@joyent.com>
author | Jason King <jason.king@joyent.com> |
---|---|
date | Thu, 09 Jul 2020 10:47:18 -0500 |
parents | f5277f2f1798 |
children | be59935f1175 |
files | usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c |
diffstat | 1 files changed, 3 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c Sun Apr 12 18:18:21 2020 +0300 +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c Thu Jul 09 10:47:18 2020 -0500 @@ -1228,14 +1228,13 @@ static CK_RV soft_create_hmac_key(soft_session_t *session_p, CK_BYTE *passwd, - CK_ULONG passwd_len, CK_OBJECT_HANDLE_PTR phKey) + CK_ULONG passwd_len, soft_object_t **keyp) { CK_RV rv = CKR_OK; CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY; CK_KEY_TYPE keytype = CKK_GENERIC_SECRET; CK_BBOOL True = TRUE; CK_ATTRIBUTE keytemplate[4]; - soft_object_t *keyobj; /* * We must initialize each template member individually @@ -1265,13 +1264,10 @@ * mechanism parameter structure. */ rv = soft_gen_keyobject(keytemplate, - sizeof (keytemplate)/sizeof (CK_ATTRIBUTE), &keyobj, session_p, + sizeof (keytemplate)/sizeof (CK_ATTRIBUTE), keyp, session_p, CKO_SECRET_KEY, (CK_KEY_TYPE)CKK_GENERIC_SECRET, 0, SOFT_CREATE_OBJ, B_TRUE); - if (keyobj != NULL) - *phKey = keyobj->handle; - return (rv); } @@ -1285,7 +1281,6 @@ CK_ULONG hLen = SHA1_HASH_SIZE; CK_ULONG dkLen, i; CK_ULONG blocks, remainder; - CK_OBJECT_HANDLE phKey = 0; soft_object_t *hmac_key = NULL; CK_BYTE *salt = NULL; CK_BYTE *keydata = NULL; @@ -1306,13 +1301,11 @@ * Create a key object to use for HMAC operations. */ rv = soft_create_hmac_key(session_p, params->pPassword, - *params->ulPasswordLen, &phKey); + *params->ulPasswordLen, &hmac_key); if (rv != CKR_OK) return (rv); - hmac_key = (soft_object_t *)phKey; - /* Step 1. */ dkLen = OBJ_SEC_VALUE_LEN(secret_key); /* length of desired key */