summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/preauth/pkinit/pkinit_crypto_nss.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 9a36df5c2..c1e654ad9 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -3702,6 +3702,7 @@ pkinit_octetstring_hkdf(krb5_context context,
size_t kbyte, klength;
krb5_data rnd_data;
krb5_error_code result;
+ NSSInitContext *ncontext;
if (counter_length > sizeof(counter))
return EINVAL;
@@ -3717,6 +3718,17 @@ pkinit_octetstring_hkdf(krb5_context context,
counter[i] = (counter_start >> (8 * (counter_length - 1 - i))) & 0xff;
rnd_len = kbyte;
left = rnd_len;
+ ncontext = NSS_InitContext(DEFAULT_CONFIGDIR,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NSS_INIT_READONLY |
+ NSS_INIT_NOCERTDB |
+ NSS_INIT_NOMODDB |
+ NSS_INIT_FORCEOPEN |
+ NSS_INIT_NOROOTINIT |
+ NSS_INIT_PK11RELOAD);
while (left > 0) {
ctx = PK11_CreateDigestContext(hash_alg);
if (ctx == NULL) {
@@ -3775,6 +3787,9 @@ pkinit_octetstring_hkdf(krb5_context context,
}
}
+ if (NSS_ShutdownContext(ncontext) != SECSuccess)
+ pkiDebug("%s: error shutting down context\n", __FUNCTION__);
+
krb5key->contents = malloc(klength);
if (krb5key->contents == NULL) {
krb5key->length = 0;
generated by cgit (git 2.34.1) at 2026-01-08 08:46:33 +0000