Closed
Bug 94866
Opened 23 years ago
Closed 23 years ago
DSA key gen broken on 64-bit platforms
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bugz, Assigned: wtc)
Details
Attachments
(3 files)
2.24 KB,
patch
|
Details | Diff | Splinter Review | |
2.43 KB,
patch
|
Details | Diff | Splinter Review | |
2.01 KB,
patch
|
Details | Diff | Splinter Review |
DSA key generation failing using certutil on 64-bit platforms.
Reporter | ||
Comment 1•23 years ago
|
||
See the definitions of PK11Cipher and PK11Verify at: http://lxr.mozilla.org/mozilla/source/security/nss/lib/softoken/pkcs11i.h#74 They use native types, including unsigned int. However, the nsc_DSA_Sign_Stub and nsc_DSA_Verify_Stub functions used cryptoki types, including CK_ULONG. This caused data loss. I have already checked a patch into the tip. The reason for my haste was I wanted to see if QA would pass. However, it should be reviewed. Will attach.
Reporter | ||
Comment 2•23 years ago
|
||
Assignee | ||
Comment 3•23 years ago
|
||
Good detective work, Ian! Your patch is good. I just have some nit-picking comments. 1. The original code uses the Hungarian naming convention. To follow the same spirit, the "ul" in the variable names should be changed to "u" (or "ui"?) because the type changed from CK_ULONG to unsigned int. 2. The type cast in PORT_Memcpy((unsigned char *)pSignature, signature.data, signature.len); is not necessary because the first parameter of PORT_Memcpy is a void*. 3. It is not necessary to initialize 'key' and 'context' in NSC_VerifyInit(). pk11_InitGeneric() should set their values if it returns successfully.
Reporter | ||
Comment 4•23 years ago
|
||
bugger. tinderbox solaris 8 64-bit QA is still broken. I can't see the logs from where i'm at, so I don't know why. Perhaps it fails later on. I was testing on AIX 64-bit, and the keygen worked there (didn't try the whole script). 1. agreed. 2. ditto. 3. that was leftover from a previous guess at a fix. I considered this a rough draft, I checked in to see if QA would pass. Evidently, not.
Reporter | ||
Comment 5•23 years ago
|
||
Reporter | ||
Comment 6•23 years ago
|
||
Assignee | ||
Comment 7•23 years ago
|
||
r=wtc.
Reporter | ||
Comment 8•23 years ago
|
||
This is all in. Key gen working on 64-bit now. Marking fixed.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•