Closed Bug 301528 Opened 20 years ago Closed 18 years ago

RSA certificate request succeeds even when underlying pkcs11 module returns error

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.8

People

(Reporter: ccmartin, Assigned: julien.pierre)

Details

Attachments

(1 file)

Check input argument
922 bytes, patch
nelson
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 When making RSA certificate request using hardware pkcs11 token, the request successes even though the token reported failure. Reproducible: Always Actual Results: Certificate request successful Expected Results: Firefox reports keygen failure in seamonkey/ security/ nss/ cmd/ certcgi/ certcgi.c privkey should be checked for null after keygen 510 slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); 511 privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, 512 pqgParams,&pubkey, PR_FALSE, 513 PR_TRUE, NULL); 514 } else { 515 privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); 516 } 517 privkeys[which_priv_key] = privkey; 518 spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); 519 } else { 520 spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, 521 NULL); 522 if (spki == NULL) { 523 error_out("ERROR: Unable to decode Public Key and Challenge String"); 524 } 525 } in seamonkey/ security/ nss/ lib/ cryptohi/ seckey.c param pubk should be checked for null before use 1590 SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk) 1591 { 1592 CERTSubjectPublicKeyInfo *spki; 1593 PRArenaPool *arena; 1594 SECItem params = { siBuffer, NULL, 0 }; ... 1608 switch(pubk->keyType) {
Assignee: nobody → wtchang
Component: Security → Libraries
Product: Firefox → NSS
QA Contact: firefox → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
The bug in certcgi is real, but certcgi is not being actively maintained. The bug is seckey is worth fixing, though it is worth noting that most NSS functions don't check for argument validity.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Assignee: nobody → julien.pierre.boogz
Attachment #266871 - Flags: superreview?(rrelyea)
Attachment #266871 - Flags: review?(nelson)
Priority: -- → P3
Target Milestone: --- → 3.11.8
Comment on attachment 266871 [details] [diff] [review] Check input argument r=nelson
Attachment #266871 - Flags: review?(nelson) → review+
Martin, when you experienced this bug, was your PKCS#11 token being used by the browser? Or was it being used by a CGI program that was run by a web server? Based on the information in comment 0, I would say that one of two things happened. They are: 1) you tried to generate some certs with a web server that was running the certcgi CGI program. There was a PKCS#11 module in use by the CGI program. When the RSA Key generation (done by the CGI program) failed, the CGI program crashed (which would not appear to be a success). 2. You tried to generate a certificate request with FireFox, with a PKCS#11 token being used by FireFox. The KeyGen failed in the token being used by FireFox, but the transaction appeared to complete successfully. You tried to find the responsible code, and found code in certcgi that you thought was part of FireFox, but isn't. I suspect the latter, because if the certcgi program crashed, it would not appear to be a success. but in comment 0, you say it appeared to succeed. So, I think we need to find out where (in which program) the failure really occurred (browser, or certcgi), and then plan a resolution based on that information.
Comment on attachment 266871 [details] [diff] [review] Check input argument r+= rrelyea
Attachment #266871 - Flags: superreview?(rrelyea) → superreview+
Nelson, Bob, thanks for the reviews. I checked this in to NSS_3_11_BRANCH : Checking in seckey.c; /cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v <-- seckey.c new revision: 1.36.2.8; previous revision: 1.36.2.7 done And to the trunk : Checking in seckey.c; /cvsroot/mozilla/security/nss/lib/cryptohi/seckey.c,v <-- seckey.c new revision: 1.44; previous revision: 1.43 done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Summary: RSA certificate request successful even underlining pkcs11 module returned error → RSA certificate request succeeds even when underlying pkcs11 module returns error
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: