diff options
| author | Dan McDonald <danmcd@joyent.com> | 2020-11-09 10:34:11 -0500 |
|---|---|---|
| committer | Dan McDonald <danmcd@joyent.com> | 2020-11-09 10:34:11 -0500 |
| commit | 7afe96f0f2a44c188f4cec6dbbc0b5f4661927c8 (patch) | |
| tree | f623640cadd1cdf0f31f5467dbd85eb32db186ba | |
| parent | adb1eae86786c47d5fc2e57f31da530a34c53890 (diff) | |
| parent | 6cb54de2051534cc59e36ddc42abe1960e47c133 (diff) | |
| download | illumos-joyent-7afe96f0f2a44c188f4cec6dbbc0b5f4661927c8.tar.gz | |
[illumos-gate merge]
commit 6cb54de2051534cc59e36ddc42abe1960e47c133
13196 C_DeriveKey() doesn't always set object handle value
commit 6d96b4576425f4553ac02099504f0c92248a6c3a
13284 demo_rdb build fails on SPARC
| -rw-r--r-- | usr/src/cmd/sgs/demo_rdb/sparcv9/Makefile | 2 | ||||
| -rw-r--r-- | usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c | 22 |
2 files changed, 23 insertions, 1 deletions
diff --git a/usr/src/cmd/sgs/demo_rdb/sparcv9/Makefile b/usr/src/cmd/sgs/demo_rdb/sparcv9/Makefile index b1b3f38d32..174e56dc54 100644 --- a/usr/src/cmd/sgs/demo_rdb/sparcv9/Makefile +++ b/usr/src/cmd/sgs/demo_rdb/sparcv9/Makefile @@ -56,5 +56,5 @@ install: all $(ROOTONLDBINPROG64) include ../Makefile.targ # DEMO DELETE START -include ../../../../../Makefile.master.64 +include ../../../../Makefile.master.64 # DEMO DELETE END diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c index 667a220451..89a04fb867 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c @@ -839,6 +839,9 @@ soft_derivekey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, switch (pMechanism->mechanism) { case CKM_DH_PKCS_DERIVE: + if (phKey == NULL_PTR) + return (CKR_ARGUMENTS_BAD); + /* * Create a new object for secret key. The key type should * be provided in the template. @@ -868,6 +871,9 @@ soft_derivekey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, break; case CKM_ECDH1_DERIVE: + if (phKey == NULL_PTR) + return (CKR_ARGUMENTS_BAD); + /* * Create a new object for secret key. The key type should * be provided in the template. @@ -932,6 +938,9 @@ soft_derivekey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, goto common; common: + if (phKey == NULL_PTR) + return (CKR_ARGUMENTS_BAD); + /* * Create a new object for secret key. The key type is optional * to be provided in the template. If it is not specified in @@ -1032,10 +1041,12 @@ common: case CKM_SSL3_KEY_AND_MAC_DERIVE: case CKM_TLS_KEY_AND_MAC_DERIVE: + /* These mechanisms do not use phKey */ return (soft_ssl_key_and_mac_derive(session_p, pMechanism, basekey_p, pTemplate, ulAttributeCount)); case CKM_TLS_PRF: + /* This mechanism does not use phKey */ if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != sizeof (CK_TLS_PRF_PARAMS) || phKey != NULL) @@ -1063,6 +1074,17 @@ common: soft_delete_token_object(secret_key, B_FALSE, B_FALSE); } + /* + * Some mechanisms don't use phKey either because they create + * multiple key objects and instead populate a structure passed in + * as a field in their pParameter parameter with the resulting key + * objects (e.g. CKM_TLS_KEY_AND_MAC_DERIVE) or they instead write + * their result to an output buffer passed in their pParameter + * parameter (e.g. CKM_TLS_PRF). All such mechanisms return prior + * to reaching here. The remaining mechanisms (which do use phKey) + * should have already validated phKey is not NULL prior to doing + * their key derivation. + */ *phKey = secret_key->handle; return (rv); |