Closed Bug 189345 Opened 22 years ago Closed 22 years ago

pk11_Finalize sometimes fails to finalize context

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jamie-bugzilla, Assigned: rrelyea)

References

Details

Attachments

(2 files)

proposed patch
710 bytes, patch
wtc
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
proposed patch 2
1.05 KB, patch
jamie-bugzilla
: review+
Details | Diff | Splinter Review
In PK11_VerifyMechanism, we call PK11_CipherOp, which in turn calls pk11_Finalize. pk11_Finalize first calls C_EncryptFinal with a NULL buffer to get the output count, and then, if the count is nonzero, calls C_EncryptFinal again with a non-NULL buffer to get the final output bytes. If the first call to C_EncryptFinal tells us that the output count is zero, we do not call C_EncryptFinal again. The problem is that nCipher requires us to call C_EncryptFinal with a non-NULL buffer before they consider the encryption context to be finalized. If we later try to start a new encryption context with C_EncryptInit, it fails with CKR_OPERATION_ACTIVE. Their point of view seems to be justified by the PKCS #11 spec, in the documentation for C_EncryptFinal: "A call to C_EncryptFinal always terminates the active encryption operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the ciphertext." We could fix this by always calling C_EncryptFinal with a non-NULL buffer, even if there are no bytes left to pick up.
The target milestone will be changed to 3.7.2 when Bugzilla has it.
Priority: -- → P1
Whiteboard: [3.7.2]
Target Milestone: --- → 3.8
Whiteboard: [3.7.2]
Target Milestone: 3.8 → 3.7.2
Attached patch proposed patchSplinter Review
This is a patch I used to fix the problem. With this patch, we will call C_EncryptFinal even if the number of bytes available is zero.
Comment on attachment 111859 [details] [diff] [review] proposed patch r=wtc. Bob, could you review this patch? I'm wondering if any token would fail now that we may be calling C_EncryptFinalize twice.
Attachment #111859 - Flags: superreview?(relyea)
Attachment #111859 - Flags: review+
Comment on attachment 111859 [details] [diff] [review] proposed patch Sigh. I'm a little worried because I know that our internal token will return an error on the second finalize call because it did the finalize on the first call because there was not data to return... (sigh). This may return spurious errors. Also Wan-Teh pointed out the fixed buffer we are using. This may fail for C_SignFinal operations on RSA keys.
Attachment #111859 - Flags: superreview?(relyea) → superreview+
See also bug 189546.
Target Milestone: 3.7.2 → 3.7.1
Attached patch proposed patch 2Splinter Review
I suggest that we also fix the bug that C_SignFinal on RSA keys may fail if stackBuf is too small. This patch allocates a buffer from the heap if stackBuf is too small and frees the heap-allocated buffer before returning from the buffer. It also uses stackBuf if count is equal to sizeof stackBuf. Please review this patch.
Attachment #112170 - Flags: review+
Comment on attachment 112170 [details] [diff] [review] proposed patch 2 looks good r=relyea
*** Bug 189545 has been marked as a duplicate of this bug. ***
The patches have been checked in on the NSS trunk (3.8) and NSS_3_7_BRANCH (3.7.1).
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: