diff options
Diffstat (limited to 'nss/lib/softoken/pkcs11.c')
-rw-r--r-- | nss/lib/softoken/pkcs11.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c index 768c7c2..b32c8bc 100644 --- a/nss/lib/softoken/pkcs11.c +++ b/nss/lib/softoken/pkcs11.c @@ -1088,7 +1088,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, } /* for ECDSA and EDDSA. Change if the structure of any of them is modified. */ derive = (key_type == CKK_EC_EDWARDS) ? CK_FALSE : CK_TRUE; /* CK_TRUE for ECDH */ - verify = CK_TRUE; /* for ECDSA */ + verify = CK_TRUE; /* for ECDSA and EDDSA */ encrypt = CK_FALSE; recover = CK_FALSE; wrap = CK_FALSE; @@ -1285,8 +1285,10 @@ sftk_handlePrivateKeyObject(SFTKSession *session, SFTKObject *object, CK_KEY_TYP if (!sftk_hasAttribute(object, CKA_VALUE)) { return CKR_TEMPLATE_INCOMPLETE; } + /* for ECDSA and EDDSA. Change if the structure of any of them is modified. */ + derive = (key_type == CKK_EC_EDWARDS) ? CK_FALSE : CK_TRUE; /* CK_TRUE for ECDH */ + sign = CK_TRUE; /* for ECDSA and EDDSA */ encrypt = CK_FALSE; - sign = CK_TRUE; recover = CK_FALSE; wrap = CK_FALSE; break; @@ -3395,7 +3397,8 @@ sftk_getParameters(CK_C_INITIALIZE_ARGS *init_args, PRBool isFIPS, if (libParams) { /* memory allocated */ if (PR_Read(file_dc, libParams, len) == -1) { - PR_Free(libParams); + PORT_Free(libParams); + libParams = NULL; } else { free_mem = PR_TRUE; libParams[len] = '\0'; @@ -3407,7 +3410,7 @@ sftk_getParameters(CK_C_INITIALIZE_ARGS *init_args, PRBool isFIPS, } } - if (!libParams) + if (libParams == NULL) libParams = LIB_PARAM_DEFAULT; } else { @@ -3424,7 +3427,7 @@ sftk_getParameters(CK_C_INITIALIZE_ARGS *init_args, PRBool isFIPS, crv = CKR_OK; loser: if (free_mem) - PR_Free(libParams); + PORT_Free(libParams); return crv; } @@ -4803,8 +4806,14 @@ NSC_CreateObject(CK_SESSION_HANDLE hSession, if (object == NULL) { return CKR_HOST_MEMORY; } - object->isFIPS = PR_FALSE; /* if we created the object on the fly, - * it's not a FIPS object */ + + /* + * sftk_NewObject will set object->isFIPS to PR_TRUE if the slot is FIPS. + * We don't need to worry about that here, as FC_CreateObject will always + * disallow the import of secret and private keys, regardless of isFIPS + * approval status. Therefore, at this point we know that the key is a + * public key, which is acceptable to be imported in plaintext. + */ /* * load the template values into the object |