Closed Bug 51436 Opened 24 years ago Closed 24 years ago

SSL Server code failing on tip PK11_ImportSymKey fails

Categories

(NSS :: Libraries, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: nelson, Assigned: rrelyea)

References

Details

In correspondence about bugzilla bug 48657, John Myers reported that he couldn't get SSL Server code to work on the tip. So I tried it and found numerous strange phenomena. John was right, SSL server code wasn't able to complete a handshake. One of the sequences I saw was this: pk11_CopyToSlot calls PK11_ExtractKeyValue() which succeeds, then calls PK11_ImportSymKey(), which calls pk11_ImportSymKeyWithTempl(), which calls PK11_CreateNewObject(), which calls NSC_CreateObject(), which calls pk11_SessionFromHandle() which returns null. So, then pk11_CopyToSlot calls pk11_KeyExchange(), which is VERY costly. (As an aside, I think that there ought to be some way for pk11_CopyToSlot to distinguish among the different types of failures from PK11_ImportSymKey(). Some of those failures are because the key cannot be copied in an unwrapped fashion. Other failures are just failures, and wrapping won't help. IMO pk11_CopyToSlot should not call pk11_KeyExchange() after the latter type of failure. Today it always does. :-(
Blocks: 48657, 51425
Up the priority to P1
Priority: P3 → P1
target == NSS 3.0
Target Milestone: --- → 3.0
OK, This bug *IS* present in both 3.0 and 3.1. To trigger the bug you need to do several full SSL handshakes on the server. PSM would also have the problem in some cases where it was using keys other than SSL keys (SDR may start failing after several SSL handshakes). The test suites succeed because none of the test suites do more than one full SSL handshake (including the stress test suites).
Status: NEW → ASSIGNED
Changing target fix version to 3.0.1 Bob, I confirm that your recent checkin fixed this.
Target Milestone: 3.0 → 3.0.1
I'm taking the liberty of marking this bug fixed. I have confirmed that SSL is working in NSS 3.0.1.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.