Closed
Bug 128144
Opened 23 years ago
Closed 23 years ago
PK11_PQG_ParamGen is stubbed out
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.4
People
(Reporter: jamie-bugzilla, Assigned: rrelyea)
Details
Attachments
(3 files)
|
17.68 KB,
patch
|
Details | Diff | Splinter Review | |
|
4.06 KB,
patch
|
Details | Diff | Splinter Review | |
|
562 bytes,
patch
|
Details | Diff | Splinter Review |
Several of the functions in pk11pqg.c have been ifdef'd out. JSS calls these functions. Why have they been removed?
|
Reporter | |
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.4
|
Assignee | |
Comment 1•23 years ago
|
||
Sigh. This is a complete oversight. What is missing is the PK11 wrapper functions to call C_GenerateKey with the CKM_DSA_PARAMETER_GEN flag and the companion implementation in pkcs11c.c to deal with it. bob
|
||
Comment 2•23 years ago
|
||
We should add a test that uses this function to the NSS or JSS test suite. It is a shame that we found out about this after having passed NSS and JSS QA for more than a month.
|
|
Assignee | |
Comment 3•23 years ago
|
||
Generation is handled as specified by PKCS #11 v2.11, except the verification parameters are also available as attributes (using CKM_DSA_GEN_PARAMETERS and C_GenterateKey). Verification is handled as a side effect of creating the DSA CKO_KG_PARAMTERS object with C_CreateObject().
|
|
Assignee | |
Comment 4•23 years ago
|
||
This program was used as a rudimentary smoke test for the new pqg code.
|
|
Assignee | |
Comment 5•23 years ago
|
||
This patch should fix the problem.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 6•23 years ago
|
||
There's a problem in PK11_PQG_VerifyParams. If the params verify successfully, *result is left undefined instead of being assigned the value SECSuccess. The function specification implies *result will be set to SECSuccess if the params are valid, and SECFailure if they are invalid. I will attach a patch.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Reporter | |
Comment 7•23 years ago
|
||
If the PKCS #11 function returns crv==CKR_OK, we should set *result==SECSuccess.
|
|
Assignee | |
Comment 8•23 years ago
|
||
Good catch Jamie. I wanted to check what the original VerifyParams did before I
proposed a patch. The original does not return a meaningful *result value on
failure (it is possible to have result == SECSuccess even of the whole function
failed). I would propose the patch should be :
+ *result = SECSuccess;
if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
*result = SECFailure;
} else if (crv != CKR_OK) {
PORT_SetError( PK11_MapError(crv) );
rv = SECFailure;
}
We should check this in rather than have apps work around it.
bob|
|
Reporter | |
Comment 9•23 years ago
|
||
Either patch is fine with me. Do you want to check it in, or shall I?
|
|
Assignee | |
Comment 10•23 years ago
|
||
New patch should be checked in.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•