Bug 1378090 - pkcs11c.c check if params are present before using them, r=ttaubert
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Mon, 03 Jul 2017 10:20:56 +0200
changeset 13452 7a6a93296c5294c9f32bf25e98ed12ccd5294940
parent 13451 b790eee5aa8f833cb2e87251d6d705fda6bbf970
child 13453 487757061622e440078e0b90cd46ce7d1611574e
child 13454 a6a5cf93a21e41c6d506708fde4f0791bee51b2e
push id2263
push userfranziskuskiefer@gmail.com
push dateTue, 04 Jul 2017 10:47:09 +0000
reviewersttaubert
bugs1378090
Bug 1378090 - pkcs11c.c check if params are present before using them, r=ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D361
lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -2634,43 +2634,63 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
             context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
             context->maxLen = MAX_ECKEY_LEN * 2;
 
             break;
 #endif /* NSS_DISABLE_ECC */
 
 #define INIT_HMAC_MECH(mmm)                                               \
     case CKM_##mmm##_HMAC_GENERAL:                                        \
+        PORT_Assert(pMechanism->pParameter);                              \
+        if (!pMechanism->pParameter) {                                    \
+            crv = CKR_MECHANISM_PARAM_INVALID;                            \
+            break;                                                        \
+        }                                                                 \
         crv = sftk_doHMACInit(context, HASH_Alg##mmm, key,                \
                               *(CK_ULONG *)pMechanism->pParameter);       \
         break;                                                            \
     case CKM_##mmm##_HMAC:                                                \
         crv = sftk_doHMACInit(context, HASH_Alg##mmm, key, mmm##_LENGTH); \
         break;
 
             INIT_HMAC_MECH(MD2)
             INIT_HMAC_MECH(MD5)
             INIT_HMAC_MECH(SHA224)
             INIT_HMAC_MECH(SHA256)
             INIT_HMAC_MECH(SHA384)
             INIT_HMAC_MECH(SHA512)
 
         case CKM_SHA_1_HMAC_GENERAL:
+            PORT_Assert(pMechanism->pParameter);
+            if (!pMechanism->pParameter) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
             crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
                                   *(CK_ULONG *)pMechanism->pParameter);
             break;
         case CKM_SHA_1_HMAC:
             crv = sftk_doHMACInit(context, HASH_AlgSHA1, key, SHA1_LENGTH);
             break;
 
         case CKM_SSL3_MD5_MAC:
+            PORT_Assert(pMechanism->pParameter);
+            if (!pMechanism->pParameter) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
             crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
                                     *(CK_ULONG *)pMechanism->pParameter);
             break;
         case CKM_SSL3_SHA1_MAC:
+            PORT_Assert(pMechanism->pParameter);
+            if (!pMechanism->pParameter) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
             crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
                                     *(CK_ULONG *)pMechanism->pParameter);
             break;
         case CKM_TLS_PRF_GENERAL:
             crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0);
             break;
         case CKM_TLS_MAC: {
             CK_TLS_MAC_PARAMS *tls12_mac_params;
@@ -3309,28 +3329,43 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
             INIT_HMAC_MECH(MD2)
             INIT_HMAC_MECH(MD5)
             INIT_HMAC_MECH(SHA224)
             INIT_HMAC_MECH(SHA256)
             INIT_HMAC_MECH(SHA384)
             INIT_HMAC_MECH(SHA512)
 
         case CKM_SHA_1_HMAC_GENERAL:
+            PORT_Assert(pMechanism->pParameter);
+            if (!pMechanism->pParameter) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
             crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
                                   *(CK_ULONG *)pMechanism->pParameter);
             break;
         case CKM_SHA_1_HMAC:
             crv = sftk_doHMACInit(context, HASH_AlgSHA1, key, SHA1_LENGTH);
             break;
 
         case CKM_SSL3_MD5_MAC:
+            PORT_Assert(pMechanism->pParameter);
+            if (!pMechanism->pParameter) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
             crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
                                     *(CK_ULONG *)pMechanism->pParameter);
             break;
         case CKM_SSL3_SHA1_MAC:
+            PORT_Assert(pMechanism->pParameter);
+            if (!pMechanism->pParameter) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
             crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
                                     *(CK_ULONG *)pMechanism->pParameter);
             break;
         case CKM_TLS_PRF_GENERAL:
             crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0);
             break;
         case CKM_NSS_TLS_PRF_GENERAL_SHA256:
             crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0);