Closed
Bug 333090
Opened 18 years ago
Closed 18 years ago
CKM_DH_PKCS_KEY_PAIR_GEN always fails
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: andreas.st, Assigned: nelson)
Details
Attachments
(1 file)
3.80 KB,
patch
|
nelson
:
review+
rrelyea
:
superreview+
|
Details | Diff | Splinter Review |
Trying to generate a DH keypair using C_GenerateKeyPair() always fails in the pairwise consistency check if the attribute CKA_SIGN is not specified. The problem is that sftk_handlePrivateKeyObject() assigns CKA_SIGN a default value of CK_TRUE for all keys (including DH). That causes sftk_PairwiseConsistencyCheck() to attempt a consistency check using signing, which of course fails for DH keys. This used to work in earlier NSS releases. I believe a change in the consistency check has exposed this preexisting problem in sftk_handlePrivateKeyObject().
Reporter | ||
Comment 1•18 years ago
|
||
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → rrelyea
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Assignee | ||
Comment 2•18 years ago
|
||
Comment on attachment 217527 [details] [diff] [review] Patch against NSS_3_11_BRANCH Andreas, you discovered this with some build of NSS 3.11.1. I gather it was a build from the 3.11 branch. Please confirm if it was a branch build, or trunk, and approximately when it was built.
Attachment #217527 -
Flags: superreview?(rrelyea)
Attachment #217527 -
Flags: review+
Reporter | ||
Comment 3•18 years ago
|
||
(In reply to comment #2) > (From update of attachment 217527 [details] [diff] [review] [edit]) > Andreas, you discovered this with some build of NSS 3.11.1. I gather it was a > build from the 3.11 branch. Please confirm if it was a branch build, or trunk, > and approximately when it was built. Right. I reproduced this bug using a clean build of NSS_3_11_BRANCH pulled from CVS this evening. I had noticed it in earlier builds but did not have a chance to track it down.
Comment 4•18 years ago
|
||
Comment on attachment 217527 [details] [diff] [review] Patch against NSS_3_11_BRANCH r+=relyea
Attachment #217527 -
Flags: superreview?(rrelyea) → superreview+
Assignee | ||
Comment 5•18 years ago
|
||
For some reason, this patch did not apply cleanly to the trunk, even though I could find no visible differences to the patched code between the 3.11 branch and the trunk. So I manually applied the patch to the trunk. Checking in pkcs11.c; new revision: 1.121; previous revision: 1.120
Assignee | ||
Comment 6•18 years ago
|
||
Checked in on 3.11 branch Checking in pkcs11.c; new revision: 1.112.2.6; previous revision: 1.112.2.5
Assignee: rrelyea → nelson
Assignee | ||
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•