PK11_PQG_ParamGen is stubbed out

RESOLVED FIXED in 3.4

Status

NSS
Libraries
P1
critical
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: Jamie Nicolson, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

16 years ago
Several of the functions in pk11pqg.c have been ifdef'd out. JSS calls these
functions. Why have they been removed?
(Reporter)

Updated

16 years ago
Priority: -- → P1
Target Milestone: --- → 3.4
(Assignee)

Comment 1

16 years ago
Sigh.

This is a complete oversight. What is missing is the PK11 wrapper functions to
call C_GenerateKey with the CKM_DSA_PARAMETER_GEN flag and the companion
implementation in pkcs11c.c to deal with it.

bob

Comment 2

16 years ago
We should add a test that uses this function to the NSS or JSS
test suite.  It is a shame that we found out about this after
having passed NSS and JSS QA for more than a month.
(Assignee)

Comment 3

16 years ago
Created attachment 72165 [details] [diff] [review]
Implement PQG Generation and Verification functions.

Generation is handled as specified by PKCS #11 v2.11, except the verification
parameters are also available as attributes (using CKM_DSA_GEN_PARAMETERS and
C_GenterateKey).

Verification is handled as a side effect of creating the DSA CKO_KG_PARAMTERS
object with C_CreateObject().
(Assignee)

Comment 4

16 years ago
Created attachment 72169 [details] [diff] [review]
Changes to makepqg so that it binds with the DLL and uses the PK11_ Interfaces

This program was used as a rudimentary smoke test for the new pqg code.
(Assignee)

Comment 5

16 years ago
This patch should fix the problem.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
(Reporter)

Comment 6

16 years ago
There's a problem in PK11_PQG_VerifyParams. If the params verify successfully,
*result is left undefined instead of being assigned the value SECSuccess. The
function specification implies *result will be set to SECSuccess if the params
are valid, and SECFailure if they are invalid. I will attach a patch.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 7

16 years ago
Created attachment 72541 [details] [diff] [review]
patch to fix bug in VerifyParams

If the PKCS #11 function returns crv==CKR_OK, we should set
*result==SECSuccess.
(Assignee)

Comment 8

16 years ago
Good catch Jamie. I wanted to check what the original VerifyParams did before I
proposed a patch. The original does not return a meaningful *result value on
failure (it is possible to have result == SECSuccess even of the whole function
failed). I would propose the patch should be :

+   *result = SECSuccess;
    if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
        *result = SECFailure;
    } else if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
        rv = SECFailure;
    }

We should check this in rather than have apps work around it.

bob
(Reporter)

Comment 9

16 years ago
Either patch is fine with me. Do you want to check it in, or shall I?
(Assignee)

Comment 10

16 years ago
New patch should be checked in.
Status: REOPENED → RESOLVED
Last Resolved: 16 years ago16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.