diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2012-10-09 13:46:42 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-15 11:43:55 -0400 |
| commit | 0ff582ded584274b3536512fd6cbcb09588ee9a6 (patch) | |
| tree | c34b25dc1a4dd03018c24c4b0933ede625880b30 /src | |
| parent | 8c01d39e12032f5e74292f29763cf89ea4b9ed58 (diff) | |
| download | krb5-0ff582ded584274b3536512fd6cbcb09588ee9a6.tar.gz krb5-0ff582ded584274b3536512fd6cbcb09588ee9a6.tar.xz krb5-0ff582ded584274b3536512fd6cbcb09588ee9a6.zip | |
Make sure that pkinit_octetstring_hkdf() inits NSS
Create an NSS context for use when performing KDF, so that the tests,
which call into the function directly, will work.
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 9a36df5c2..c1e654ad9 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -3702,6 +3702,7 @@ pkinit_octetstring_hkdf(krb5_context context, size_t kbyte, klength; krb5_data rnd_data; krb5_error_code result; + NSSInitContext *ncontext; if (counter_length > sizeof(counter)) return EINVAL; @@ -3717,6 +3718,17 @@ pkinit_octetstring_hkdf(krb5_context context, counter[i] = (counter_start >> (8 * (counter_length - 1 - i))) & 0xff; rnd_len = kbyte; left = rnd_len; + ncontext = NSS_InitContext(DEFAULT_CONFIGDIR, + NULL, + NULL, + NULL, + NULL, + NSS_INIT_READONLY | + NSS_INIT_NOCERTDB | + NSS_INIT_NOMODDB | + NSS_INIT_FORCEOPEN | + NSS_INIT_NOROOTINIT | + NSS_INIT_PK11RELOAD); while (left > 0) { ctx = PK11_CreateDigestContext(hash_alg); if (ctx == NULL) { @@ -3775,6 +3787,9 @@ pkinit_octetstring_hkdf(krb5_context context, } } + if (NSS_ShutdownContext(ncontext) != SECSuccess) + pkiDebug("%s: error shutting down context\n", __FUNCTION__); + krb5key->contents = malloc(klength); if (krb5key->contents == NULL) { krb5key->length = 0; |