Closed Bug 1313430 Opened 8 years ago Closed 8 years ago

ssl_CreateECDHEphemeralKeyPair needs database password

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.27
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

Details

Attachments

(1 file, 1 obsolete file)

1313430-v2.patch
4.58 KB, patch
mt
: review+
Details | Diff | Splinter Review 
The test suite fails to execute on my local system (and I cannot explain why it doesn't fail inside our CI environments).

When a database is in FIPS mode, it's necessary to provide the password whenever performing operatins that involve the private key store.

Function ssl_CreateECDHEphemeralKeyPair passes NULL for the password parameter, and therefore the private key operation fail.

All callers of ssl_CreateECDHEphemeralKeyPair must pass on the password parameter that can be obtained with ss->pkcs11PinArg.
Attached patch 1313430-v1.patch (obsolete) — Splinter Review 
Assignee: nobody → kaie

        Attachment #8805209 -
        Flags: review?(martin.thomson)

    
    

    
  
Comment on attachment 8805209 [details] [diff] [review]
1313430-v1.patch

Review of attachment 8805209 [details] [diff] [review]:
-----------------------------------------------------------------

Kaie:
Given that ssl_CreateECDHEphemeralKeyPair has access to sslSocket, why not just have it internally use pinArg rather than passing it as a separate argument

    
    

    
  
(In reply to Eric Rescorla (:ekr) from comment #2)
> Given that ssl_CreateECDHEphemeralKeyPair has access to sslSocket, why not
> just have it internally use pinArg rather than passing it as a separate
> argument

Because sometimes ssl_CreateECDHEphemeralKeyPair gets called with a NULL sslSocket parameter, for example from ssl_CreateStaticECDHEKeyPair (visible in the patch).

    
    

    
  
(In reply to Kai Engert (:kaie) from comment #3)
> (In reply to Eric Rescorla (:ekr) from comment #2)
> > Given that ssl_CreateECDHEphemeralKeyPair has access to sslSocket, why not
> > just have it internally use pinArg rather than passing it as a separate
> > argument
> 
> Because sometimes ssl_CreateECDHEphemeralKeyPair gets called with a NULL
> sslSocket parameter, for example from ssl_CreateStaticECDHEKeyPair (visible
> in the patch).

In that case please refactor as follows:

- Have one function which takes the pin argument that is called from ssl_CreateStaticECDHEKeyPair
- Have another function which just takes ss and then calls the first function with ss->pin

It's not cool to have the SSL/TLS code need to know about the PIN.

    
    

    
  
Comment on attachment 8805209 [details] [diff] [review]
1313430-v1.patch

Review of attachment 8805209 [details] [diff] [review]:
-----------------------------------------------------------------

In the spirit of ekr's comments, I think that we can just pass the socket in sslgrp.c.  Much less code to touch.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        1313430-v2.patchSplinter Review
      

    


  
(In reply to Martin Thomson [:mt:] from comment #5)
> In the spirit of ekr's comments, I think that we can just pass the socket in
> sslgrp.c.  Much less code to touch.

True.

        Attachment #8805538 -
        Flags: review?(martin.thomson)

    
  

        Attachment #8805209 -
        Attachment is obsolete: true

        Attachment #8805209 -
        Flags: review?(martin.thomson)

    
    

    
  
Comment on attachment 8805538 [details] [diff] [review]
1313430-v2.patch

Review of attachment 8805538 [details] [diff] [review]:
-----------------------------------------------------------------

This looks good.  Changes to taste only.

::: lib/ssl/sslgrp.c
@@ +15,5 @@
>      sslEphemeralKeyPair *keyPair;
>      PRCallOnceType once;
>  } gECDHEKeyPairs[SSL_NAMED_GROUP_COUNT];
>  
> +struct group_and_ss {

I think that I would prefer to keep with the naming convention here: sslSocketAndGroupArg might be better.  And I would typedef this so that you can use the name without `struct`.

@@ +76,5 @@
>  ssl_FilterSupportedGroups(sslSocket *ss)
>  {
>      unsigned int i;
>      PRStatus prv;
> +    struct group_and_ss arg;

I would init this with the ss and NULL.

@@ +109,5 @@
>          index = group - ssl_named_groups;
>          PORT_Assert(index < SSL_NAMED_GROUP_COUNT);
>  
> +        arg.group = group;
> +        arg.ss = ss;

Then you only need to tweak the group here.

@@ +135,5 @@
>      sslEphemeralKeyPair *keyPair;
>      /* We index gECDHEKeyPairs by the named group.  Pointer arithmetic! */
>      unsigned int index = ecGroup - ssl_named_groups;
>      PRStatus prv;
> +    struct group_and_ss arg;

Init with ss and group.

        Attachment #8805538 -
        Flags: review?(martin.thomson) → review+

    
  
Summary: ssl_CreateECDHEphemeralKeyPair needs database password parameter → ssl_CreateECDHEphemeralKeyPair needs database password

    
    

    
  
Fixed including the requested changes from comment 7.

https://hg.mozilla.org/projects/nss/rev/72b92e116f60
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: