mozilla/security/nss/lib/softoken/pkcs11c.c - Issue 12197027: Merge NSS_3_14_2_RTM.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: mozilla/security/nss/lib/softoken/pkcs11c.c

Issue 12197027: Merge NSS_3_14_2_RTM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: mozilla/security/nss/lib/softoken/pkcs11c.c

===================================================================

--- mozilla/security/nss/lib/softoken/pkcs11c.c (revision 180567)

+++ mozilla/security/nss/lib/softoken/pkcs11c.c (working copy)

@@ -1173,7 +1173,6 @@

if (context->padDataLength > 0) {

*pulLastPartLen = context->padDataLength;

}

- rv = SECSuccess;

goto finish;

}

@@ -1184,13 +1183,26 @@

* buffer!!! */

rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,

maxout, context->padBuf, context->blockSize);

- if (rv == SECSuccess) {

+ if (rv != SECSuccess) {

+ crv = sftk_MapDecryptError(PORT_GetError());

+ } else {

unsigned int padSize =

(unsigned int) pLastPart[context->blockSize-1];

if ((padSize > context->blockSize) || (padSize == 0)) {

- rv = SECFailure;

+ crv = CKR_ENCRYPTED_DATA_INVALID;

} else {

- *pulLastPartLen = outlen - padSize;

+ unsigned int i;

+ unsigned int badPadding = 0; /* used as a boolean */

+ for (i = 0; i < padSize; i++) {

+ badPadding |=

+ (unsigned int) pLastPart[context->blockSize-1-i] ^

+ padSize;

+ }

+ if (badPadding) {

+ crv = CKR_ENCRYPTED_DATA_INVALID;

+ } else {

+ *pulLastPartLen = outlen - padSize;

+ }

}

@@ -1199,7 +1211,7 @@

sftk_TerminateOp( session, SFTK_DECRYPT, context );

finish:

sftk_FreeSession(session);

- return (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());

+ return crv;

}

/* NSC_Decrypt decrypts encrypted data in a single part. */

@@ -1249,11 +1261,21 @@

/* XXX need to do MUCH better error mapping than this. */

crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());

if (rv == SECSuccess && context->doPad) {

- CK_ULONG padding = pData[outlen - 1];

+ unsigned int padding = pData[outlen - 1];

if (padding > context->blockSize || !padding) {

crv = CKR_ENCRYPTED_DATA_INVALID;

- } else

- outlen -= padding;

+ } else {

+ unsigned int i;

+ unsigned int badPadding = 0; /* used as a boolean */

+ for (i = 0; i < padding; i++) {

+ badPadding |= (unsigned int) pData[outlen - 1 - i] ^ padding;

+ }

+ if (badPadding) {

+ crv = CKR_ENCRYPTED_DATA_INVALID;

+ } else {

+ outlen -= padding;

+ }

}

*pulDataLen = (CK_ULONG) outlen;

sftk_TerminateOp( session, SFTK_DECRYPT, context );

« no previous file with comments | « mozilla/security/nss/lib/pki/pki3hack.c ('k') | mozilla/security/nss/lib/softoken/sdb.c » ('j') | no next file with comments »