Bug 1186896 - NIST SP800-108 KDF - add sanity checking.

2 files changed, 12 insertions, 1 deletions

diff --git a/base/symkey/src/com/netscape/symkey/NistSP800_108KDF.cpp b/base/symkey/src/com/netscape/symkey/NistSP800_108KDF.cpp
index 9f89dd372..7bed85d71 100644
--- a/base/symkey/src/com/netscape/symkey/NistSP800_108KDF.cpp
+++ b/base/symkey/src/com/netscape/symkey/NistSP800_108KDF.cpp
@@ -51,6 +51,15 @@ void ComputeCardKeys(  PK11SymKey* masterKey,               // Key Derivation Ke
                        PK11SymKey** macKey,                 // output parameter: generated mac key
                        PK11SymKey** kekKey)                 // output parameter: generated kek key
 {
+
+    // sanity check input parameters
+    if (masterKey == NULL){
+        throw std::runtime_error("Input parameter \"masterKey\" was NULL.");
+    }
+    if (context == NULL){
+        throw std::runtime_error("Input parameter \"context\" was NULL.");
+    }
+
     // sanity check output parameters
     if (*encKey != NULL){
         throw std::runtime_error("Output parameter \"encKey\" wasn't initialized to NULL. Overwriting may result in a memory leak.");
diff --git a/base/symkey/src/com/netscape/symkey/SymKey.cpp b/base/symkey/src/com/netscape/symkey/SymKey.cpp
index 02465de13..512da4efe 100644
--- a/base/symkey/src/com/netscape/symkey/SymKey.cpp
+++ b/base/symkey/src/com/netscape/symkey/SymKey.cpp
@@ -1280,7 +1280,9 @@ extern "C" JNIEXPORT jbyteArray JNICALL Java_com_netscape_symkey_SessionKey_Dive
         (env)->ReleaseStringUTFChars(newMasterKeyName, (const char *)newMasterKeyNameChars);
     }
 
-
+    if(masterKey == NULL) {
+        goto done;
+    }
 
     // AC: BUGFIX for key versions higher than 09:  Since "jstring keyInfo" is now passed in as "jbyteArray newKeyInfo", we no longer need this code.
     //