Closed
Bug 316925
Opened 19 years ago
Closed 17 years ago
Key export does not work on tokens with non-sensitive keys that can't wrap.
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.7
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
Attachments
(2 files)
2.34 KB,
patch
|
KaiE
:
review+
wtc
:
superreview+
|
Details | Diff | Splinter Review |
866 bytes,
patch
|
wtc
:
review+
nelson
:
review+
|
Details | Diff | Splinter Review |
If a token can't wrap, NSS will fail to import a key. This is for 2 reasons 1) export call tries to move the pbe key, but does not try to move the private key if moving the pbe key failes, and 2) the kea code will erroneously return success of moving a key, even if it winds up 'moving' it to the wrong token. patch comming.
Assignee | ||
Comment 1•19 years ago
|
||
This should handle every case that's doable except the case where the key is not sensitive, the pbe key could be moved, but the token couldn't wrap the private key.
Attachment #203481 -
Flags: review?(kengert)
Assignee | ||
Updated•19 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.12
Updated•19 years ago
|
Attachment #203481 -
Flags: review?(kengert) → review+
Assignee | ||
Comment 2•19 years ago
|
||
Checking in pk11akey.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v <-- pk11akey.c new revision: 1.10; previous revision: 1.9 done Checking in pk11kea.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11kea.c,v <-- pk11kea.c new revision: 1.10; previous revision: 1.9 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment 3•18 years ago
|
||
This was only fixed on trunk, not branch. Do we want this fix in NSS 3.11.1 ?? Need to know now.
Assignee | ||
Comment 4•18 years ago
|
||
It would be a nice to have for 3.11. I wouldn't stop shiip 3.11 if it didn't have it. bob
Comment 5•17 years ago
|
||
try to make it into 3.11.7
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: 3.12 → 3.11.7
Assignee | ||
Updated•17 years ago
|
Attachment #203481 -
Flags: superreview?(wtchang)
Comment 6•17 years ago
|
||
Comment on attachment 203481 [details] [diff] [review] Patch to solve problem with exporting keys. r=wtc. In pk11akey.c, if we move the comment "couldn't import the wrapping key, couldn't export the private key, we are done" before the pk11_loadPrivKey call, it'll be easier to understand what we are trying to do there. Right now this high-level description is in the error handling code, which is a little late. If you move the comment, it needs to be changed to something like: couldn't import the wrapping key, try exporting the private key You may even combine this comment with the comment If the key isn't in the private key slot, move it before the pk11_CopyToSlot call.
Attachment #203481 -
Flags: superreview?(wtchang) → superreview+
Updated•17 years ago
|
QA Contact: jason.m.reid → libraries
Updated•17 years ago
|
OS: Windows XP → All
Comment 7•17 years ago
|
||
Kai, this patch has had 2 reviews for almost 2 months now. Would you consider checking it in for Bob, in time for NSS 3.11.7 ?
Comment 8•17 years ago
|
||
Bob agreed that I can go ahead and land the patch. I propose I land the patch as is into the 3.11 branch. I propose I attach another trunk patch to fix the comment, to ensure you're happy with it.
Comment 9•17 years ago
|
||
Fixed on 3.11 branch for 3.11.7 Checking in pk11akey.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v <-- pk11akey.c new revision: 1.9.2.6; previous revision: 1.9.2.5 done Checking in pk11kea.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11kea.c,v <-- pk11kea.c new revision: 1.9.28.2; previous revision: 1.9.28.1 done
Comment 10•17 years ago
|
||
Attachment #263062 -
Flags: review?(wtc)
Updated•17 years ago
|
Attachment #263062 -
Flags: review+
Updated•17 years ago
|
Attachment #263062 -
Flags: review?(wtc) → review+
Comment 11•17 years ago
|
||
It appears this bug is fixed on trunk and branch now. So, I am marking this bug fixed. If you disagree, pls reopen.
Status: REOPENED → RESOLVED
Closed: 19 years ago → 17 years ago
Resolution: --- → FIXED
Comment 12•17 years ago
|
||
I checked in the enhanced comment to the NSS trunk (only). Checking in pk11akey.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11akey.c,v <-- pk11akey.c new revision: 1.16; previous revision: 1.15 done
You need to log in
before you can comment on or make changes to this bug.
Description
•