The default bug view has changed. See this FAQ.

New PK11_PubEncryptPKCS1 function always fails

RESOLVED FIXED in 3.9.3

Status

NSS
Libraries
P1
critical
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

In NSS 3.9.3, we added several new functions.  One of them is failing in tests.
This makes NSS 3.9.3 unusable by one internal "customer" for whom it is 
being released.  

The bug is in function pk11_PubEncryptRaw.  It initializes the variable "out",
which is the size of the output buffer, with the length of data in the input
buffer.  This was always wrong.  The output buffer length always should be 
the length of the modulus (exclusing leading zero bytes in the modulus).  
But it always worked because the SSL2 code always passed in an input buffer 
whose length matched the modulus length.  

So, this is an old bug, now surfacing.  I should have caught this in my 
testing, and didn't.  Mea Culpa.  

I'd like to fix this for NSS 3.9.3 (even though the release candidate was
built yesterday).
(Assignee)

Comment 1

13 years ago
tentatively marking P1 for 3.9.3
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.9.3
(Assignee)

Comment 2

13 years ago
Created attachment 159940 [details] [diff] [review]
Patch v1

fix incorrect output buffer length.  (fix tested with customer program).

Updated

13 years ago
Attachment #159940 - Flags: review+
(Assignee)

Comment 3

13 years ago
Thanks for the quick review, Jullien.  Checked in on 3.9 branch.

Checking in pk11skey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v  <--  pk11skey.c
new revision: 1.84.2.5; previous revision: 1.84.2.4
(Assignee)

Comment 4

13 years ago
Checked in on trunk.

Checking in pk11obj.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v  <--  pk11obj.c
new revision: 1.3; previous revision: 1.2
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.