Open
Bug 129563
Opened 24 years ago
Updated 3 years ago
C_CopyObject doesn't copy session private keys
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
NEW
4.0
People
(Reporter: jamie-bugzilla, Assigned: rrelyea)
Details
I'm calling C_CopyObject on a session private key, passing in the attribute
CKA_TOKEN==CK_TRUE in order to convert it to a token private key.
The operation fails in pk11_mkPrivKey at this line
crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.privateExponent,object
,CKA_PRIVATE_EXPONENT);
This is failing because pk11_FindRSAPrivateKeyAttribute always returns
pk11_StaticNullAttr for the private exponent of an RSA key (pkcs11u.c:718).
|
Reporter | |
Updated•24 years ago
|
Target Milestone: --- → 3.4
|
Assignee | |
Comment 1•24 years ago
|
||
I'm not sure copying token private keys ever worked. We have always cleared out
the Sensitive attributes for Token private keys. What's weird, though, is
mkprivKey should actually be looking the key up in the database, not extracting
it from attributes.
bob
|
|
Reporter | |
Comment 2•24 years ago
|
||
There is a workaround. This bug only occurs for keys that were created with the
CKA_SENSITIVE attribute. If you generate the key with sensitive==false, you can
copy it.
|
||
Comment 4•23 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
|
|
||
Comment 5•23 years ago
|
||
Moved to NSS 3.5.
Bob, should we fix this bug or mark it WONTFIX?
Jamie, in comment #2 you said there is a workaround. Would
it be a serious problem for JSS if we don't fix this bug?
Priority: -- → P2
Target Milestone: 3.4.1 → 3.5
|
|
Reporter | |
Comment 6•23 years ago
|
||
I think we can workaround in JSS.
However, if this behavior is not in accordance with the spec, we should fix it
anyway.
|
|
Assignee | |
Comment 7•23 years ago
|
||
I'm not sure complete PKCS #11 compliance of softoken is necessary for 3.x,
setting target for 4.0 because it's still a noble goal and the bug is still valid.
Target Milestone: 3.5 → 4.0
|
|
||
Comment 8•20 years ago
|
||
Change bug description to differentiate this bug from bug 289530.
I wonder if this bug has been fixed as a side effect of work on that bug.
Summary: C_CopyObject doesn't work for private keys → C_CopyObject doesn't copy session private keys
|
|
Assignee | |
Comment 9•20 years ago
|
||
I think it is. It's the mirror the the case where we tried to copy a CKA_TOKEN
private key to a 'Session' private key. The affending code was the code that was
NULL'ing out attributes in pk11_handlePrivateKey.
|
|
||
Comment 10•20 years ago
|
||
Would be good if we had a PKCS11 test program that checked our ability to
copy any combination of token/session key to token/session key.
QA Contact: bishakhabanerjee → jason.m.reid
|
|
Assignee | |
Comment 11•20 years ago
|
||
Any PKCS #11 tests we can add to the suite would be good;).
bob
|
|
||
Updated•20 years ago
|
QA Contact: jason.m.reid → libraries
|
|
||
Comment 12•18 years ago
|
||
Glen, could pk11mode be used to test this ?
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•