1 files changed, 14 insertions, 6 deletions

diff --git a/security/nss/lib/freebl/aeskeywrap.c b/security/nss/lib/freebl/aeskeywrap.c
index 79ff8a852..ee909dbd0 100644
--- a/security/nss/lib/freebl/aeskeywrap.c
+++ b/security/nss/lib/freebl/aeskeywrap.c
@@ -22,8 +22,9 @@
 #include "rijndael.h"
 
 struct AESKeyWrapContextStr {
-    unsigned char iv[AES_KEY_WRAP_IV_BYTES];
     AESContext aescx;
+    unsigned char iv[AES_KEY_WRAP_IV_BYTES];
+    void *mem; /* Pointer to beginning of allocated memory. */
 };
 
 /******************************************/
@@ -34,8 +35,14 @@ struct AESKeyWrapContextStr {
 AESKeyWrapContext *
 AESKeyWrap_AllocateContext(void)
 {
-    AESKeyWrapContext *cx = PORT_New(AESKeyWrapContext);
-    return cx;
+    /* aligned_alloc is C11 so we have to do it the old way. */
+    AESKeyWrapContext *ctx = PORT_ZAlloc(sizeof(AESKeyWrapContext) + 15);
+    if (ctx == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    ctx->mem = ctx;
+    return (AESKeyWrapContext *)(((uintptr_t)ctx + 15) & ~(uintptr_t)0x0F);
 }
 
 SECStatus
@@ -77,7 +84,7 @@ AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
         return NULL; /* error is already set */
     rv = AESKeyWrap_InitContext(cx, key, keylen, iv, 0, encrypt, 0);
     if (rv != SECSuccess) {
-        PORT_Free(cx);
+        PORT_Free(cx->mem);
         cx = NULL; /* error should already be set */
     }
     return cx;
@@ -94,8 +101,9 @@ AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
     if (cx) {
         AES_DestroyContext(&cx->aescx, PR_FALSE);
         /*  memset(cx, 0, sizeof *cx); */
-        if (freeit)
-            PORT_Free(cx);
+        if (freeit) {
+            PORT_Free(cx->mem);
+        }
     }
 }