PK11_DigestFinal will return SECSuccess despite DigestOp never being called

RESOLVED INVALID

Status

RESOLVED INVALID
14 years ago
14 years ago

People

(Reporter: jason.m.reid, Assigned: wtc)

Tracking

3.9.3
3.10
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

14 years ago
digest = (unsigned char *)malloc((MD2_LENGTH + 1)*sizeof(unsigned char));
        digestContext = PK11_CreateDigestContext(SEC_OID_MD2);
        if (NULL == digestContext) {
                fprintf(stderr,
"ERROR: PK11_CreateDigestContext(SEC_OID_MD2) failed.\n");
                rv++;
        }
        secStatus = PK11_DigestBegin(digestContext);
        if (SECSuccess != secStatus) {
                fprintf(stderr,"ERROR: PK11_DigestBegin failed\n");
                rv++;
        }
        secStatus = PK11_DigestFinal(digestContext, digest, &counter,
(MD2_LENGTH + 1));
        if (secStatus == SECSuccess) {
                fprintf(stderr,"ERROR: PK11_DigestFinal returned success for a
digest without PK11_DigestOp ever being called.\n");
                rv++;
        } else {
                fprintf(stderr, "ERROR: PK11_DigestFinal failed (expected)\n");
        }
        PK11_DestroyContext(digestContext, PR_TRUE);
        free(digest);

In the above code, PK11_DigestFinal returns SECSuccess and a digest value
is inserted into digest despite PK11_DigestOp never being called. This gives the
false impression that a valid digest has been computed.

ERROR: PK11_DigestFinal returned success for a digest without PK11_DigestOp ever
being called.
(Assignee)

Comment 1

14 years ago
If PK11_DigestOp is never called, that can be
interpreted as hashing a zero-byte input.  Is a
zero-byte input legal?  If so, does PK11_DigestFinal
write the correct digest value into the digest?

If a zero-byte input is illegal, then I agree
PK11_DigestFinal should fail if PK11_DigestOp is
never called.
Zero byte input is legal for all hashes we support.
Marked invalid per previous comment.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → INVALID
(Assignee)

Updated

14 years ago
Target Milestone: --- → 3.10
You need to log in before you can comment on or make changes to this bug.