Open Bug 326751 Opened 15 years ago Updated 11 years ago

NSC_VerifyRecover always returns CKR_DEVICE_ERROR on failure

Categories

(NSS :: Libraries, defect)

3.11
defect
Not set
normal

Tracking

(Not tracked)

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(1 file)

NSC_VerifyRecover always returns CKR_DEVICE_ERROR on failure.
CKR_DEVICE_ERROR is subsequently mapped to SEC_ERROR_IO in
the pk11wrap layer.  At a minimum, NSC_VerifyRecover should
return CKR_SIGNATURE_INVALID on failure as NSC_Verify and
NSC_VerifyFinal do.

I will attach a patch that improves error reporting when
NSC_VerifyRecover is dispatched to RSA_CheckSignRecover.

(Some other NSC_XXX functions have a similar problem.  I
don't have time to fix them all, so please don't broaden
the scope of this bug.)
Let's get this naive change in first, just in case
I don't have time to finish the full error mapping
patch soon.
Attachment #211447 - Flags: review?(rrelyea)
Attachment #211447 - Flags: review?(rrelyea) → review+
Comment on attachment 211447 [details] [diff] [review]
Naive patch: always return CKR_SIGNATURE_INVALID on failure

Checked in the "Naive patch" on the trunk (NSS 3.12).

Checking in pkcs11c.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v  <--  pkcs11c.c
new revision: 1.75; previous revision: 1.74
done
QA Contact: jason.m.reid → libraries
Comment on attachment 211447 [details] [diff] [review]
Naive patch: always return CKR_SIGNATURE_INVALID on failure

Wan-Teh, This patch was applied to trunk, not branch.
Any reason not to also apply it to branch?
You can check in my "naive patch" on the NSS_3_11_BRANCH.
(The reason this patch wasn't applied to the NSS_3_11_BRANCH
is that this bug isn't severe, not that the patch depends on
something that's only on the trunk)
Comment on attachment 211447 [details] [diff] [review]
Naive patch: always return CKR_SIGNATURE_INVALID on failure

Now on branch, too.
pkcs11c.c; new revision: 1.68.2.8; previous revision: 1.68.2.7
You need to log in before you can comment on or make changes to this bug.