327667 - pk11_backupGetSignLength doesn't conform to PKCS #11

Status: RESOLVED INACTIVE

(NSS :: Libraries, defect, P5)

Description

[Wan-Teh Chang]

The pk11_backupGetSignLength calls C_Sign with a
NULL pSignature buffer just to get the signature
size.  Then, it has the following code:

    /* now call C_Sign with too small a buffer to clear the session state */
    (void) PK11_GETTAB(slot)->
			C_Sign(session,h_data,sizeof(h_data),buf,&smallLen);

If "to clear the session state" means to terminate
the active signing operation in the session, the
above code doesn't accomplish that because PKCS #11
v2.20 says:

    A call to C_Sign always terminates the active
    signing operation unless it returns CKR_BUFFER_TOO_SMALL
    or is a successful call (i.e., one which returns CKR_OK)
    to determine the length of the buffer needed to hold the
    signature.

Although our softoken returns CKR_DEVICE_ERROR (0x30)
from that C_Sign call, that's beside the point because
it should return CKR_BUFFER_TOO_SMALL.

We have other bad input arguments for C_Sign:
1. pData=NULL: this works with our softoken (with
   CKM_ECDSA, this causes ECDSA_SignDigest to fail).
2. ulDataLen=0: this works with our softoken (with
   CKM_ECDSA, this causes ECDSA_SignDigest to fail).
3. pulSignatureLen=NULL: this crashes NSC_Sign.

Perhaps we should use #1 or #2 instead of a small
buffer.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

See also bug 189920 anf bug 326498.
I think all 3 of these bugs should be fixed at one time.

Comment 2

[Robert Relyea]

Hmm how does pk11_backupGetSignLength() get called in the EC case? It is only called in the case RSA case where Modulus is not available (which is also non-standard PKCS #11 behavior). The function is never called in the softoken case.

bob

Comment 3

[Wan-Teh Chang]

I added new code so that pk11_backupGetSignLength() gets
called in the EC case.  I then tested it by introducing
an artificial error and forcing the new code to call
pk11_backupGetSignLength() on the softoken.