From: Nalin Dahyabhai Date: Tue, 9 Oct 2012 17:46:42 +0000 (-0400) Subject: Make sure that pkinit_octetstring_hkdf() inits NSS X-Git-Tag: krb5-1.11-alpha1~80 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0ff582ded584274b3536512fd6cbcb09588ee9a6;p=thirdparty%2Fkrb5.git Make sure that pkinit_octetstring_hkdf() inits NSS Create an NSS context for use when performing KDF, so that the tests, which call into the function directly, will work. --- diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 9a36df5c28..c1e654ad91 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -3702,6 +3702,7 @@ pkinit_octetstring_hkdf(krb5_context context, size_t kbyte, klength; krb5_data rnd_data; krb5_error_code result; + NSSInitContext *ncontext; if (counter_length > sizeof(counter)) return EINVAL; @@ -3717,6 +3718,17 @@ pkinit_octetstring_hkdf(krb5_context context, counter[i] = (counter_start >> (8 * (counter_length - 1 - i))) & 0xff; rnd_len = kbyte; left = rnd_len; + ncontext = NSS_InitContext(DEFAULT_CONFIGDIR, + NULL, + NULL, + NULL, + NULL, + NSS_INIT_READONLY | + NSS_INIT_NOCERTDB | + NSS_INIT_NOMODDB | + NSS_INIT_FORCEOPEN | + NSS_INIT_NOROOTINIT | + NSS_INIT_PK11RELOAD); while (left > 0) { ctx = PK11_CreateDigestContext(hash_alg); if (ctx == NULL) { @@ -3775,6 +3787,9 @@ pkinit_octetstring_hkdf(krb5_context context, } } + if (NSS_ShutdownContext(ncontext) != SECSuccess) + pkiDebug("%s: error shutting down context\n", __FUNCTION__); + krb5key->contents = malloc(klength); if (krb5key->contents == NULL) { krb5key->length = 0;