Closed
Bug 341590
Opened 18 years ago
Closed 18 years ago
In FIPS mode, softoken should report the fatalError condition before the isLoggedIn != PR_TRUE condition
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: wtc, Assigned: wtc)
Details
(Whiteboard: FIPS)
Attachments
(1 file)
618 bytes,
patch
|
nelson
:
review+
rrelyea
:
superreview+
|
Details | Diff | Splinter Review |
In lib/softoken/fipstokn.c, we have: static PRBool isLoggedIn = PR_FALSE; static PRBool fatalError = PR_FALSE; ... /* FIPS required checks before any useful cryptographic services */ static CK_RV sftk_fipsCheck(void) { if (isLoggedIn != PR_TRUE) return CKR_USER_NOT_LOGGED_IN; if (fatalError) return CKR_DEVICE_ERROR; return CKR_OK; } Note the order we check these two error conditions. I propose that we reverse the order of those two checks. The order matters when both error conditions are true. When both error conditions are true, we should report the more serious error condition (fatalError). This change will also simplify our FIPS documentation. I will be able to simply say "when the module is in the Error state, all security functions fail with the error code CKR_DEVICE_ERROR."
Assignee | ||
Comment 1•18 years ago
|
||
Reverse the two checks and use !isLoggedIn instead of isLoggedIn != PR_TRUE.
Attachment #225660 -
Flags: superreview?(rrelyea)
Attachment #225660 -
Flags: review?(nelson)
Comment 2•18 years ago
|
||
Comment on attachment 225660 [details] [diff] [review] Proposed patch r=nelson
Attachment #225660 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 3•18 years ago
|
||
I checked in the proposed patch on the NSS trunk (3.12) and NSS_3_11_BRANCH (3.11.2). Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.15; previous revision: 1.14 done Checking in fipstokn.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstokn.c,v <-- fipstokn.c new revision: 1.11.2.4; previous revision: 1.11.2.3 done
Status: NEW → RESOLVED
Closed: 18 years ago
Priority: -- → P2
Resolution: --- → FIXED
Whiteboard: FIPS
Target Milestone: --- → 3.11.2
Comment 4•18 years ago
|
||
Comment on attachment 225660 [details] [diff] [review] Proposed patch Sounds like reasonable logic to me. bob
Attachment #225660 -
Flags: superreview?(rrelyea) → superreview+
You need to log in
before you can comment on or make changes to this bug.
Description
•