Closed
Bug 325683
Opened 20 years ago
Closed 20 years ago
EC param parsing error not propagated correctly
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: andreas.st, Assigned: rrelyea)
Details
(Whiteboard: ECC)
Attachments
(3 files, 1 obsolete file)
|
2.40 KB,
patch
|
julien.pierre
:
review+
wtc
:
superreview+
|
Details | Diff | Splinter Review |
|
2.04 KB,
patch
|
andreas.st
:
review+
julien.pierre
:
superreview+
|
Details | Diff | Splinter Review |
|
757 bytes,
patch
|
andreas.st
:
review+
julien.pierre
:
superreview+
|
Details | Diff | Splinter Review |
When the application specifies unsupported EC params, the parsing error is not correctly propagated. CKR_OK is returned to the app, but the key object is not fully initialized, which may lead to crashes later on.
See attached patch. I don't what the best error to report is in this case, I picked CKR_ATTRIBUTE_VALUE_INVALID.
|
Reporter | |
Comment 1•20 years ago
|
||
|
||
Comment 2•20 years ago
|
||
According to the last paragraph of PKCS #11 v2.20, Sec.
12.3 (the second paragraph on page 216), the error code
should be CKR_DOMAIN_PARAMS_INVALID. Other than that,
the patch is good.
Assignee: wtchang → rrelyea
|
||
Comment 3•20 years ago
|
||
Attachment #210550 -
Attachment is obsolete: true
Attachment #212361 -
Flags: superreview?(wtchang)
Attachment #212361 -
Flags: review?(julien.pierre.bugs)
|
|
||
Updated•20 years ago
|
Priority: -- → P2
|
|
||
Updated•20 years ago
|
Attachment #212361 -
Flags: superreview?(wtchang) → superreview+
|
|
||
Comment 4•20 years ago
|
||
Comment on attachment 212361 [details] [diff] [review]
Andreas's patch with revised CKR error code
This patch looks fine, but are these the only 2 instances that we want to return that error code ?
There are other calls to EC_FillParams in keydb.c and lowcert.c where we don't set that error in case of failure. Also, EC_DecodeParams calls EC_FillParams. Should all the callers of EC_DecodeParams be changed as well ?
As a side note, why is EC_FillParams redeclared in each C file ? Shouldn't it be in a header file ?
Attachment #212361 -
Flags: review?(julien.pierre.bugs) → review+
|
|
||
Comment 5•20 years ago
|
||
Adding Vipul. Vipul, any answers to Julien's questions in the previous comment?
|
|
||
Comment 6•20 years ago
|
||
Patch checked in. Checkin comment:
Bug 325683. EC param parsing error not propagated correctly.
Fix the cases that Andreas identified. Patch by Andreas.Sterbenz@sun.com
r=Julien,wtchang,nelson
On 3.11 branch:
Checking in pkcs11.c; new revision: 1.112.2.1; previous revision: 1.112
On trunk:
Checking in pkcs11.c; new revision: 1.114; previous revision: 1.113
I'm not sure if we should mark this bug fixed or not, in light of Julien's
good questions in comment 4 above.
Bob, this is assigned to you. I'll let you decide if this fix is sufficient.
|
Assignee | |
Comment 7•20 years ago
|
||
re Julien's comment 4
The usage in keydb.c is incorrect. The error code is not checked at all. In the other 2 cases, the functions are returning conventional NSS error codes, not PKCS #11 error codes so the error checking is correct.
Julien is also correct about the multiple function prototypes. There should be one in a common header file.
bob
|
|
||
Updated•20 years ago
|
Whiteboard: ECC
|
|
||
Comment 8•20 years ago
|
||
Bob, please elaborate on your comment 7.
I found it to be somewhat ambiguous. Did you mean to suggest (as you
apparently did) that some functions are returning the wrong type of error codes?
After reading comment 7, I cannot tell what, if anything, needs to be done to
complete this bug, other than moving the declaration of EC_FillParams to a
header file.
|
|
Assignee | |
Comment 9•20 years ago
|
||
Different functions within softoken return different types of error codes. The patch corrects the case where the function is returning CK_RV error codes, but those errors were not being set.
The additional functions that julien identified return SECStatus type error codes. In those cases the proper error code is set (even though the code looks a lot like the orginal incorrect code that Andreas fixed).
The only problematic one is the case julien identified in keydb.c. In keydb.c the error return from the function is not checked at all and it should be.
bob
|
|
Assignee | |
Comment 10•20 years ago
|
||
This is in addition to Andrea's patch.
|
|
Assignee | |
Comment 11•20 years ago
|
||
Comment on attachment 215338 [details] [diff] [review]
Fix handling EC_Fill Error in keydb.c
asking for reviewers who are familiar with the problem;).
Attachment #215338 -
Flags: superreview?(julien.pierre.bugs)
Attachment #215338 -
Flags: review?(Andreas.Sterbenz)
|
|
Reporter | |
Comment 12•20 years ago
|
||
(In reply to comment #11)
> (From update of attachment 215338 [details] [diff] [review] [edit])
> asking for reviewers who are familiar with the problem;).
I believe the intention of this patch is to add a function prototype for EC_FillParams to softoken.h, but softoken.h is missing from the patch.
Bob, could you add that or am I confused?
|
|
Assignee | |
Comment 13•20 years ago
|
||
this patch and patch 215338 are one unit.
Attachment #215463 -
Flags: superreview?(julien.pierre.bugs)
Attachment #215463 -
Flags: review?(Andreas.Sterbenz)
|
|
Reporter | |
Comment 14•20 years ago
|
||
(In reply to comment #13)
> Created an attachment (id=215463) [edit]
> Softoken.h potion of the patch.
>
> this patch and patch 215338 are one unit.
It appears my bugzilla account is does not have permission to review bugs ("You are not authorised to edit attachment 215463 [details] [diff] [review].")
|
|
Reporter | |
Updated•20 years ago
|
Attachment #215463 -
Flags: review?(Andreas.Sterbenz) → review+
|
|
Reporter | |
Updated•20 years ago
|
Attachment #215338 -
Flags: review?(Andreas.Sterbenz) → review+
|
|
Assignee | |
Comment 15•20 years ago
|
||
Checked into the tip (after a false start):
Checking in softoken.h;
/cvsroot/mozilla/security/nss/lib/softoken/softoken.h,v <-- softoken.h
new revision: 1.10; previous revision: 1.9
done
Checking in keydb.c;
/cvsroot/mozilla/security/nss/lib/softoken/keydb.c,v <-- keydb.c
new revision: 1.43; previous revision: 1.42
done
Checking in pkcs11.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v <-- pkcs11.c
new revision: 1.119; previous revision: 1.118
done
Checking in lowcert.c;
/cvsroot/mozilla/security/nss/lib/softoken/lowcert.c,v <-- lowcert.c
new revision: 1.23; previous revision: 1.22
done
|
|
||
Updated•20 years ago
|
Attachment #215463 -
Flags: superreview?(julien.pierre.bugs) → superreview+
|
|
||
Updated•20 years ago
|
Attachment #215338 -
Flags: superreview?(julien.pierre.bugs) → superreview+
|
|
||
Updated•20 years ago
|
QA Contact: jason.m.reid → libraries
|
|
||
Comment 16•20 years ago
|
||
Is this bug fixed now?
|
|
||
Comment 17•20 years ago
|
||
The main bug fix patch ("Andrea's patch with revised CKR error code")
has been checked in on the trunk and the NSS_3_11_BRANCH.
The other two patches have been checked in on the trunk. I just
checked them in on the NSS_3_11_BRANCH.
Checking in keydb.c;
/cvsroot/mozilla/security/nss/lib/softoken/keydb.c,v <-- keydb.c
new revision: 1.40.2.1; previous revision: 1.40
done
Checking in lowcert.c;
/cvsroot/mozilla/security/nss/lib/softoken/lowcert.c,v <-- lowcert.c
new revision: 1.20.2.1; previous revision: 1.20
done
Checking in pkcs11.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v <-- pkcs11.c
new revision: 1.112.2.4; previous revision: 1.112.2.3
done
Checking in softoken.h;
/cvsroot/mozilla/security/nss/lib/softoken/softoken.h,v <-- softoken.h
new revision: 1.7.30.2; previous revision: 1.7.30.1
done
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•