fix unitialized key_type variable. Add asserts to it doesn't happen again.
fix unitialized key_type variable. Add asserts to it doesn't happen again.
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -3063,17 +3063,17 @@ nsc_SetupPBEKeyGen(CK_MECHANISM_TYPE mec
CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey)
{
PK11Object *key;
PK11Session *session;
PRBool checkWeak = PR_FALSE;
CK_ULONG key_length = 0;
- CK_KEY_TYPE key_type;
+ CK_KEY_TYPE key_type = -1;
CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
CK_RV crv = CKR_OK;
CK_BBOOL cktrue = CK_TRUE;
int i;
PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
char buf[MAX_KEY_LEN];
enum {pk11_pbe, pk11_pbe_hmac, pk11_ssl, pk11_bulk} key_gen_type;
SECOidTag algtag = SEC_OID_UNKNOWN;
@@ -3139,16 +3139,17 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE
key_gen_type = pk11_ssl;
break;
case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
faultyPBE3DES = PR_TRUE;
case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
key_gen_type = pk11_pbe_hmac;
+ key_type = CKK_GENERIC_SECRET;
break;
case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
case CKM_PBE_SHA1_DES3_EDE_CBC:
@@ -3172,16 +3173,20 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE
if (sizeof(buf) < key_length) {
/* someone is getting pretty optimistic about how big their key can
* be... */
crv = CKR_TEMPLATE_INCONSISTENT;
}
if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
+ /* if there was no error,
+ * key_type *MUST* be set in the switch statement above */
+ PORT_Assert( key_type != -1 );
+
/*
* now to the actual key gen.
*/
switch (key_gen_type) {
case pk11_pbe_hmac:
crv = pk11_pbe_hmac_key_gen(pMechanism, buf, &key_length,
faultyPBE3DES);
break;