diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 07:52:35 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 16:42:52 +0200 |
commit | ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch) | |
tree | 5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/lib/softoken/pkcs11.c | |
parent | f44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff) | |
download | UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip |
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/lib/softoken/pkcs11.c')
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 72 |
1 files changed, 40 insertions, 32 deletions
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 77882a274..34f25a9d0 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -1343,7 +1343,6 @@ sftk_handleSecretKeyObject(SFTKSession *session, SFTKObject *object, if (sftk_isTrue(object, CKA_TOKEN)) { SFTKSlot *slot = session->slot; SFTKDBHandle *keyHandle = sftk_getKeyDB(slot); - CK_RV crv; if (keyHandle == NULL) { return CKR_TOKEN_WRITE_PROTECTED; @@ -3807,12 +3806,12 @@ NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, PZ_Unlock(slot->slotLock); /* Reset login flags. */ if (ulNewLen == 0) { - PRBool tokenRemoved = PR_FALSE; PZ_Lock(slot->slotLock); slot->isLoggedIn = PR_FALSE; slot->ssoLoggedIn = PR_FALSE; PZ_Unlock(slot->slotLock); + tokenRemoved = PR_FALSE; rv = sftkdb_CheckPassword(handle, "", &tokenRemoved); if (tokenRemoved) { sftk_CloseAllSessions(slot, PR_FALSE); @@ -4422,6 +4421,44 @@ NSC_GetObjectSize(CK_SESSION_HANDLE hSession, return CKR_OK; } +static CK_RV +nsc_GetTokenAttributeValue(SFTKSession *session, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + SFTKSlot *slot = sftk_SlotFromSession(session); + SFTKDBHandle *dbHandle = sftk_getDBForTokenObject(slot, hObject); + SFTKDBHandle *keydb = NULL; + CK_RV crv; + + if (dbHandle == NULL) { + return CKR_OBJECT_HANDLE_INVALID; + } + + crv = sftkdb_GetAttributeValue(dbHandle, hObject, pTemplate, ulCount); + + /* make sure we don't export any sensitive information */ + keydb = sftk_getKeyDB(slot); + if (dbHandle == keydb) { + CK_ULONG i; + for (i = 0; i < ulCount; i++) { + if (sftk_isSensitive(pTemplate[i].type, CKO_PRIVATE_KEY)) { + crv = CKR_ATTRIBUTE_SENSITIVE; + if (pTemplate[i].pValue && (pTemplate[i].ulValueLen != -1)) { + PORT_Memset(pTemplate[i].pValue, 0, + pTemplate[i].ulValueLen); + } + pTemplate[i].ulValueLen = -1; + } + } + } + + sftk_freeDB(dbHandle); + if (keydb) { + sftk_freeDB(keydb); + } + return crv; +} + /* NSC_GetAttributeValue obtains the value of one or more object attributes. */ CK_RV NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, @@ -4450,37 +4487,8 @@ NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, /* short circuit everything for token objects */ if (sftk_isToken(hObject)) { - SFTKSlot *slot = sftk_SlotFromSession(session); - SFTKDBHandle *dbHandle = sftk_getDBForTokenObject(slot, hObject); - SFTKDBHandle *keydb = NULL; - - if (dbHandle == NULL) { - sftk_FreeSession(session); - return CKR_OBJECT_HANDLE_INVALID; - } - - crv = sftkdb_GetAttributeValue(dbHandle, hObject, pTemplate, ulCount); - - /* make sure we don't export any sensitive information */ - keydb = sftk_getKeyDB(slot); - if (dbHandle == keydb) { - for (i = 0; i < (int)ulCount; i++) { - if (sftk_isSensitive(pTemplate[i].type, CKO_PRIVATE_KEY)) { - crv = CKR_ATTRIBUTE_SENSITIVE; - if (pTemplate[i].pValue && (pTemplate[i].ulValueLen != -1)) { - PORT_Memset(pTemplate[i].pValue, 0, - pTemplate[i].ulValueLen); - } - pTemplate[i].ulValueLen = -1; - } - } - } - + crv = nsc_GetTokenAttributeValue(session, hObject, pTemplate, ulCount); sftk_FreeSession(session); - sftk_freeDB(dbHandle); - if (keydb) { - sftk_freeDB(keydb); - } return crv; } |