Closed
Bug 244329
Opened 20 years ago
Closed 17 years ago
crmftest test program doesn't compile or run.
Categories
(NSS :: Tools, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(2 obsolete files)
Recently a user reported a problem with the CRMF library. I went to build and run the crmftest program, and found that it was never converted to use NSS_Init, or to use the PK11 functions instead of the RNG functions directly. I have changed the sources to get most of it to compile. I ifdeffed out one section that call PKCS11 functions directly, because I think it should be calling NSS shared lib functions instead, but I haven't yet figure out what (if any) functions those are. To get it to compile and run (as it now does), I had to add 2 symbols to nss.def. The real purpose of this bug report is to get that change to nss.def code reviewed, so I can make it part of NSS 3.10. patches forthcoming.
|
Assignee | |
Comment 1•20 years ago
|
||
This patch depends on the next patch below, to nss.def. Review of this patch seems optional, since the code doesn't compile without it.
|
|
Assignee | |
Comment 2•20 years ago
|
||
patch to add CERT_GetCertificateNames and HASH_ResultLenByOidTag to list of exported symbols. (This patch also adds CERT_DecodeDERCertificate, which is the subject of a different bug, please ignore that for this bug.)
|
|
Assignee | |
Comment 3•20 years ago
|
||
Comment on attachment 149088 [details] [diff] [review] patch to nss.def Bob, please reeview
Attachment #149088 -
Flags: review?(rrelyea0264)
|
||
Comment 4•20 years ago
|
||
Comment on attachment 149088 [details] [diff] [review] patch to nss.def CERT_DecodeDERCert should not be included in this list.
Attachment #149088 -
Flags: review?(rrelyea0264) → review-
|
|
||
Comment 5•20 years ago
|
||
Comment on attachment 149087 [details] [diff] [review] patch to cmd/crmftest sources Must fix: 1. There is no way to set DoReq to TRUE. 2. The ifdef out code in PKCS11_Init needs to be restored. The stuff with the cryptoSlot should be removed, but the keySlot stuff is necessary if NSS ends up creating new databases. (see sdrtest for how we currently do this). Should fix: remove all the #if 0 includes. lines 181-199, the new /* what's this nonsence? */ and the 3 lines following (as well as the declaration of cryptoSlot above should all be removed (it is nonsense and not needed)). Minor comments: To get DO_DSA to compile, use the functins in pk11_pqg.h. bob bob
Attachment #149087 -
Flags: review-
|
|
Assignee | |
Comment 6•20 years ago
|
||
Bob, Today the program does not compile at all. As I wrote above, my intention at this time is NOT to restore all the functionality. My intention is to restore MOST of the functionality, ang get it to compile, so that it can be used to test the common functionality. I am not going to do any more work on this program. Your choices are: a) leave it as it is, completely not compiling and useless, should be removed. b) accept this patch, improving it to the point where it is at least somewhat useful.
|
|
Assignee | |
Comment 7•20 years ago
|
||
I have now done a LOT of work overhauling crmftest so it will build and so that all of it can be selected to run from the command line (no dead code). I have not yet fixed the "key recovery" code, which uses NSS internals such as the NSS per-slot table of function pointers. I will work on then when the rest of crmftest runs succesfully. Already my testing of crmftest has revealed NUMEROUS bugs in the crmf libraries, and a bug in the ASN.1 encoder. So, I am going to use this bug as a tracking bug, to track all those other bugs I found, and the new bugs that I undoubtedly will continue to find.
Status: NEW → ASSIGNED
Summary: crmftest test program doesn't compile. → crmftest test program doesn't compile or run.
|
|
Assignee | |
Comment 8•20 years ago
|
||
I checked in a huge change to crmftest.c. It now builds with NSS 3.10,
and parts of it run to completion without error, when a modified ASN.1
encoder is used.
The program contains code to do numerous different tests. Previously it
always ran all tests, and made to attempt to cleanly shutdown. Now, there
are command line options that allow the user to select exactly which tests
to run.
The command line arguments for selecting functionality are presently:
- crmf Generate a CRMF v3 request for a pair of RSA certs
- dsa Generate a CRMF v3 request for a DSA cert (untested)
- decode Decode a CRMF cert request. Decoder test only.
- cmmf Attempts to do 4 substeps:
- create a CMMF reply (cert granting message) containing a cert
- decode a CMMF reply. Decoder test only. Results unused.
- create a key escrow request, AKA CMMF "recovery message"
- decode a key escrow request. Decoder test only.
- recover Request the recovery of an previously escrowed key,
Process the response, see if the recovered key works.
- challenge Runs the "challenge/response" tests, whatever they are.
The code for the "recover" command is still ifdeffed out because it uses
NSS shared lib internal stuff. Probably new APIs are needed to overcome
this.
The CRMF request generated uses almost every optional feature of CRMF,
which the mozilla browser does not do. Consequently, the test program
encounters problems that the browser is not presently encountering.
The program is not presently able to generate correctly encoded CRMF
request or CMMF replies due to these bugs.
I have a hacked version of the ASN.1 encoder (not ready to checkin yet),
with which the crmf and decode commands pass completely, and shutdown
cleanly.
I intend to subdivide the cmmf command into 4 separate commands so that
each of those 4 steps can be run separately. The "recover" and "challenge"
commands may also get subdivided when I get around to them.Depends on: 245420
|
|
Assignee | |
Updated•20 years ago
|
Attachment #149087 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•20 years ago
|
Attachment #149088 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 9•20 years ago
|
||
I have been working on this for 3.10.
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Assignee | |
Updated•20 years ago
|
Whiteboard: blocked by ASN.1 encoder bugs
|
|
Assignee | |
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
Assignee | |
Comment 10•19 years ago
|
||
CRMF work seems to be work that is only of interest to mozilla, and maybe no even to that product. So I am reducing this to P3 and setting the target milestone to --.
Priority: P2 → P3
Target Milestone: 3.10 → ---
|
||
Comment 11•19 years ago
|
||
Bob, in bug 308887 you added the crmf.sh test script to the NSS tip (NSS 3.11). So can we mark this bug fixed now?
Whiteboard: blocked by ASN.1 encoder bugs
|
|
Assignee | |
Updated•18 years ago
|
QA Contact: jason.m.reid → tools
|
|
Assignee | |
Comment 12•18 years ago
|
||
Alexei, since you've been working on CRMF and CMMF code, you should know about this bug. It contains the only documentation for the crmftest QA program.
|
|
Assignee | |
Comment 13•17 years ago
|
||
I wish we could give the CRMF/CMMF code to PSM. It has no other users. No one is interested in working on it. I'm not going to work on this bug any more.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•