Closed Bug 333090 Opened 18 years ago Closed 18 years ago

CKM_DH_PKCS_KEY_PAIR_GEN always fails

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.11.1
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.1

People

(Reporter: andreas.st, Assigned: nelson)

Details

Attachments

(1 file)

Patch against NSS_3_11_BRANCH
3.80 KB, patch
nelson
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review 
Trying to generate a DH keypair using C_GenerateKeyPair() always fails in the pairwise consistency check if the attribute CKA_SIGN is not specified.

The problem is that sftk_handlePrivateKeyObject() assigns CKA_SIGN a default value of CK_TRUE for all keys (including DH). That causes sftk_PairwiseConsistencyCheck() to attempt a consistency check using signing, which of course fails for DH keys.

This used to work in earlier NSS releases. I believe a change in the consistency check has exposed this preexisting problem in sftk_handlePrivateKeyObject().
Assignee: nobody → rrelyea
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All

    
    

    
  
Comment on attachment 217527 [details] [diff] [review]
Patch against NSS_3_11_BRANCH

Andreas, you discovered this with some build of NSS 3.11.1.  I gather it was a build from the 3.11 branch.  Please confirm if it was a branch build, or trunk, and approximately when it was built.

        Attachment #217527 -
        Flags: superreview?(rrelyea)

        Attachment #217527 -
        Flags: review+

    
    

    
  
(In reply to comment #2)
> (From update of attachment 217527 [details] [diff] [review] [edit])
> Andreas, you discovered this with some build of NSS 3.11.1.  I gather it was a
> build from the 3.11 branch.  Please confirm if it was a branch build, or trunk,
> and approximately when it was built.

Right. I reproduced this bug using a clean build of NSS_3_11_BRANCH pulled from CVS this evening. I had noticed it in earlier builds but did not have a chance to track it down.


    
    

    
  
Comment on attachment 217527 [details] [diff] [review]
Patch against NSS_3_11_BRANCH

r+=relyea

        Attachment #217527 -
        Flags: superreview?(rrelyea) → superreview+

    
    

    
  
For some reason, this patch did not apply cleanly to the trunk, even though
I could find no visible differences to the patched code between the 3.11
branch and the trunk. So I manually applied the patch to the trunk.  

Checking in pkcs11.c;  new revision: 1.121; previous revision: 1.120

    
    

    
  
Checked in on 3.11 branch
Checking in pkcs11.c; new revision: 1.112.2.6; previous revision: 1.112.2.5
Assignee: rrelyea → nelson
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: