Closed
Bug 128144
Opened 23 years ago
Closed 23 years ago
PK11_PQG_ParamGen is stubbed out
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.4
People
(Reporter: jamie-bugzilla, Assigned: rrelyea)
Details
Attachments
(3 files)
17.68 KB,
patch
|
Details | Diff | Splinter Review | |
4.06 KB,
patch
|
Details | Diff | Splinter Review | |
562 bytes,
patch
|
Details | Diff | Splinter Review |
Several of the functions in pk11pqg.c have been ifdef'd out. JSS calls these functions. Why have they been removed?
Reporter | ||
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.4
Assignee | ||
Comment 1•23 years ago
|
||
Sigh. This is a complete oversight. What is missing is the PK11 wrapper functions to call C_GenerateKey with the CKM_DSA_PARAMETER_GEN flag and the companion implementation in pkcs11c.c to deal with it. bob
Comment 2•23 years ago
|
||
We should add a test that uses this function to the NSS or JSS test suite. It is a shame that we found out about this after having passed NSS and JSS QA for more than a month.
Assignee | ||
Comment 3•23 years ago
|
||
Generation is handled as specified by PKCS #11 v2.11, except the verification parameters are also available as attributes (using CKM_DSA_GEN_PARAMETERS and C_GenterateKey). Verification is handled as a side effect of creating the DSA CKO_KG_PARAMTERS object with C_CreateObject().
Assignee | ||
Comment 4•23 years ago
|
||
This program was used as a rudimentary smoke test for the new pqg code.
Assignee | ||
Comment 5•23 years ago
|
||
This patch should fix the problem.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 6•23 years ago
|
||
There's a problem in PK11_PQG_VerifyParams. If the params verify successfully, *result is left undefined instead of being assigned the value SECSuccess. The function specification implies *result will be set to SECSuccess if the params are valid, and SECFailure if they are invalid. I will attach a patch.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 7•23 years ago
|
||
If the PKCS #11 function returns crv==CKR_OK, we should set *result==SECSuccess.
Assignee | ||
Comment 8•23 years ago
|
||
Good catch Jamie. I wanted to check what the original VerifyParams did before I proposed a patch. The original does not return a meaningful *result value on failure (it is possible to have result == SECSuccess even of the whole function failed). I would propose the patch should be : + *result = SECSuccess; if (crv == CKR_ATTRIBUTE_VALUE_INVALID) { *result = SECFailure; } else if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); rv = SECFailure; } We should check this in rather than have apps work around it. bob
Reporter | ||
Comment 9•23 years ago
|
||
Either patch is fine with me. Do you want to check it in, or shall I?
Assignee | ||
Comment 10•23 years ago
|
||
New patch should be checked in.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•