krb5 commit: Make sure that pkinit_octetstring_hkdf() inits NSS
Greg Hudson
ghudson at MIT.EDU
Mon Oct 15 11:44:19 EDT 2012
https://github.com/krb5/krb5/commit/0ff582ded584274b3536512fd6cbcb09588ee9a6
commit 0ff582ded584274b3536512fd6cbcb09588ee9a6
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Oct 9 13:46:42 2012 -0400
Make sure that pkinit_octetstring_hkdf() inits NSS
Create an NSS context for use when performing KDF, so that the tests,
which call into the function directly, will work.
src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 9a36df5..c1e654a 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -3702,6 +3702,7 @@ pkinit_octetstring_hkdf(krb5_context context,
size_t kbyte, klength;
krb5_data rnd_data;
krb5_error_code result;
+ NSSInitContext *ncontext;
if (counter_length > sizeof(counter))
return EINVAL;
@@ -3717,6 +3718,17 @@ pkinit_octetstring_hkdf(krb5_context context,
counter[i] = (counter_start >> (8 * (counter_length - 1 - i))) & 0xff;
rnd_len = kbyte;
left = rnd_len;
+ ncontext = NSS_InitContext(DEFAULT_CONFIGDIR,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NSS_INIT_READONLY |
+ NSS_INIT_NOCERTDB |
+ NSS_INIT_NOMODDB |
+ NSS_INIT_FORCEOPEN |
+ NSS_INIT_NOROOTINIT |
+ NSS_INIT_PK11RELOAD);
while (left > 0) {
ctx = PK11_CreateDigestContext(hash_alg);
if (ctx == NULL) {
@@ -3775,6 +3787,9 @@ pkinit_octetstring_hkdf(krb5_context context,
}
}
+ if (NSS_ShutdownContext(ncontext) != SECSuccess)
+ pkiDebug("%s: error shutting down context\n", __FUNCTION__);
+
krb5key->contents = malloc(klength);
if (krb5key->contents == NULL) {
krb5key->length = 0;
More information about the cvs-krb5
mailing list