Closed Bug 94866 Opened 23 years ago Closed 23 years ago

DSA key gen broken on 64-bit platforms

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.2.1
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bugz, Assigned: wtc)

Details

Attachments

(3 files)

patch (already checked in to tip)
2.24 KB, patch
Details | Diff | Splinter Review
patch based on wtc's review (same as old patch, only cleaner code)
2.43 KB, patch
Details | Diff | Splinter Review
same patch as the last, only showing overall diff (from r1.14) to fix the bug
2.01 KB, patch
Details | Diff | Splinter Review 
DSA key generation failing using certutil on 64-bit platforms.
See the definitions of PK11Cipher and PK11Verify at:

http://lxr.mozilla.org/mozilla/source/security/nss/lib/softoken/pkcs11i.h#74

They use native types, including unsigned int.

However, the nsc_DSA_Sign_Stub and nsc_DSA_Verify_Stub functions used cryptoki
types, including CK_ULONG.  This caused data loss.

I have already checked a patch into the tip.  The reason for my haste was I
wanted to see if QA would pass.  However, it should be reviewed.  Will attach.

    
    

    
  
Good detective work, Ian!

Your patch is good.  I just have some nit-picking comments.

1. The original code uses the Hungarian naming convention.
   To follow the same spirit, the "ul" in the variable names
   should be changed to "u" (or "ui"?) because the type
   changed from CK_ULONG to unsigned int.

2. The type cast in
   PORT_Memcpy((unsigned char *)pSignature, signature.data, signature.len);
   is not necessary because the first parameter of PORT_Memcpy is a void*.

3. It is not necessary to initialize 'key' and 'context' in
   NSC_VerifyInit().  pk11_InitGeneric() should set their
   values if it returns successfully.

    
    

    
  
bugger.  tinderbox solaris 8 64-bit QA is still broken.  I can't see the logs 
from where i'm at, so I don't know why.  Perhaps it fails later on.  I was 
testing on AIX 64-bit, and the keygen worked there (didn't try the whole 
script).

1.  agreed.
2.  ditto.
3.  that was leftover from a previous guess at a fix.

I considered this a rough draft, I checked in to see if QA would pass.  
Evidently, not.

    
    

    
  
r=wtc.

    
    

    
  
This is all in.  Key gen working on 64-bit now.  Marking fixed.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: