summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap/pk11skey.c
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-02-06 12:02:47 +0100
committerGitHub <noreply@github.com>2018-02-06 12:02:47 +0100
commit389c60da5e01761f4a11ef539ffa26e4c1b17875 (patch)
treec6033924a0de9be1ab140596e305898c651bf57e /security/nss/lib/pk11wrap/pk11skey.c
parent7c9b585349c985df0cf6ace83da5dadba8b5c677 (diff)
parentf017b749ea9f1586d2308504553d40bf4cc5439d (diff)
downloadUXP-389c60da5e01761f4a11ef539ffa26e4c1b17875.tar
UXP-389c60da5e01761f4a11ef539ffa26e4c1b17875.tar.gz
UXP-389c60da5e01761f4a11ef539ffa26e4c1b17875.tar.lz
UXP-389c60da5e01761f4a11ef539ffa26e4c1b17875.tar.xz
UXP-389c60da5e01761f4a11ef539ffa26e4c1b17875.zip
Merge pull request #13 from MoonchildProductions/ported-upstream
Ported upstream
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11skey.c')
-rw-r--r--security/nss/lib/pk11wrap/pk11skey.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index e6301388e..1ef53e1d7 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -18,6 +18,8 @@
#include "secerr.h"
#include "hasht.h"
+static ECPointEncoding pk11_ECGetPubkeyEncoding(const SECKEYPublicKey *pubKey);
+
static void
pk11_EnterKeyMonitor(PK11SymKey *symKey)
{
@@ -2005,7 +2007,7 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
/* old PKCS #11 spec was ambiguous on what needed to be passed,
* try this again with and encoded public key */
- if (crv != CKR_OK) {
+ if (crv != CKR_OK && pk11_ECGetPubkeyEncoding(pubKey) != ECPoint_XOnly) {
SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
&pubKey->u.ec.publicValue,
SEC_ASN1_GET(SEC_OctetStringTemplate));
@@ -2211,6 +2213,11 @@ pk11_PubDeriveECKeyWithKDF(
/* old PKCS #11 spec was ambiguous on what needed to be passed,
* try this again with an encoded public key */
if (crv != CKR_OK) {
+ /* For curves that only use X as public value and no encoding we don't
+ * have to try again. (Currently only Curve25519) */
+ if (pk11_ECGetPubkeyEncoding(pubKey) == ECPoint_XOnly) {
+ goto loser;
+ }
SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
&pubKey->u.ec.publicValue,
SEC_ASN1_GET(SEC_OctetStringTemplate));