Assertion failure: !(certificateUsage & (certificateUsage - 1)), at pkix_pl_cert.c:3011

RESOLVED INVALID

Status

RESOLVED INVALID
8 years ago
8 years ago

People

(Reporter: kaie, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
My code that queries a builtin CA cert for usages runs into the following assertion:

(PKIX_BuildChain: ( Entering PKIX_BuildChain).
(pkix_Build_InitiateBuildChain: ( Entering pkix_Build_InitiateBuildChain).
Assertion failure: !(certificateUsage & (certificateUsage - 1)), at pkix_pl_cert.c:3011
(Reporter)

Comment 1

8 years ago
... which is a crash
(Reporter)

Comment 2

8 years ago
#9  0x00129462 in PR_Assert (s=0x385d420 "!(certificateUsage & (certificateUsage - 1))", file=0x385d1b0 "pkix_pl_cert.c", ln=3011) at /plaindata/moz/mocent/mozilla/nsprpub/pr/src/io/prlog.c:577
#10 0x037fadde in PKIX_PL_Cert_VerifyCertAndKeyType (cert=0xa33c0100, isChainCert=0, plContext=0xa330b820) at pkix_pl_cert.c:3011
#11 0x037a0176 in pkix_CertSelector_DefaultMatch (selector=0xa34c9f60, cert=0xa33c0100, plContext=0xa330b820) at pkix_certselector.c:1332
#12 0x037da3a3 in pkix_Build_InitiateBuildChain (procParams=0xb3366ab0, pNBIOContext=0xa45fde74, pState=0xa45fde7c, pBuildResult=0xa45fde78, pVerifyNode=0xa45fdee4, plContext=0xa330b820) at pkix_build.c:3364
#13 0x037dbe23 in PKIX_BuildChain (procParams=0xb3366ab0, pNBIOContext=0xa45fdef0, pState=0xa45fdeec, pBuildResult=0xa45fdef4, pVerifyNode=0xa45fdee4, plContext=0xa330b820) at pkix_build.c:3731
#14 0x037396fd in CERT_PKIXVerifyCert (cert=0xa1e4b010, usages=1151, paramsIn=0xa4f3bf10, paramsOut=0xa45fdf90, wincx=0x0) at certvfypkix.c:2317
#15 0x01f1ca3d in nsUsageArrayHelper::GetUsagesArray (this=0xa45fe070, suffix=0x2c966b0 "", localOnly=0, outArraySize=13, _verified=0xa45fe100, _count=0xa45fe080, outUsages=0xa45fe03c)
    at /plaindata/moz/mocent/mozilla/security/manager/ssl/src/nsUsageArrayHelper.cpp:224
#16 0x01eefa2d in nsNSSCertificate::GetUsagesArray (this=0xa1d88680, localOnly=0, _verified=0xa45fe100, _count=0xa45fe0fc, _usages=0xa45fe0f8)
    at /plaindata/moz/mocent/mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1443
(Reporter)

Comment 3

8 years ago
PSM has always been calling CERT_VerifyCertificateNow with a bitmask that includes multiple usages.

It does so to obtain the list of valid usages.

The API's output parameter of the new CERT_PKIXVerifyCert is designed to return such a list of usages, too.


However, the imlementation of libPKIX contains the mentioned assertion, that will abort if more than one usage is being passed.


Obviously, the application shouldn't abort on unexpected input data.
It currently calls PORT_Assert !!!

Is this maybe an area, where the implementation is incomplete, and the PORT_Assert is some kind of reminder...?


Or should the API be used differently?
(Reporter)

Updated

8 years ago
Blocks: 479393
(Reporter)

Comment 4

8 years ago
oh... SECCertUsage != SECCertificateUsage
(Reporter)

Comment 5

8 years ago
I think this bug is invalid.
My mistake.
I used the wrong cert usage constants...
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
(Reporter)

Updated

8 years ago
No longer blocks: 479393
You need to log in before you can comment on or make changes to this bug.