Closed
Bug 276310
Opened 20 years ago
Closed 19 years ago
PK11_DigestFinal will return SECSuccess despite DigestOp never being called
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
3.10
People
(Reporter: jason.m.reid, Assigned: wtc)
Details
digest = (unsigned char *)malloc((MD2_LENGTH + 1)*sizeof(unsigned char)); digestContext = PK11_CreateDigestContext(SEC_OID_MD2); if (NULL == digestContext) { fprintf(stderr, "ERROR: PK11_CreateDigestContext(SEC_OID_MD2) failed.\n"); rv++; } secStatus = PK11_DigestBegin(digestContext); if (SECSuccess != secStatus) { fprintf(stderr,"ERROR: PK11_DigestBegin failed\n"); rv++; } secStatus = PK11_DigestFinal(digestContext, digest, &counter, (MD2_LENGTH + 1)); if (secStatus == SECSuccess) { fprintf(stderr,"ERROR: PK11_DigestFinal returned success for a digest without PK11_DigestOp ever being called.\n"); rv++; } else { fprintf(stderr, "ERROR: PK11_DigestFinal failed (expected)\n"); } PK11_DestroyContext(digestContext, PR_TRUE); free(digest); In the above code, PK11_DigestFinal returns SECSuccess and a digest value is inserted into digest despite PK11_DigestOp never being called. This gives the false impression that a valid digest has been computed. ERROR: PK11_DigestFinal returned success for a digest without PK11_DigestOp ever being called.
Assignee | ||
Comment 1•20 years ago
|
||
If PK11_DigestOp is never called, that can be interpreted as hashing a zero-byte input. Is a zero-byte input legal? If so, does PK11_DigestFinal write the correct digest value into the digest? If a zero-byte input is illegal, then I agree PK11_DigestFinal should fail if PK11_DigestOp is never called.
Comment 2•20 years ago
|
||
Zero byte input is legal for all hashes we support.
Comment 3•19 years ago
|
||
Marked invalid per previous comment.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•19 years ago
|
Target Milestone: --- → 3.10
You need to log in
before you can comment on or make changes to this bug.
Description
•