Closed Bug 671060 Opened 14 years ago Closed 1 year ago

Remove imcomplete Ephemeral-Static DH support from libsmime (CMSUtil_EncryptSymKey_ESDH)

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(firefox-esr115 wontfix, firefox125 wontfix, firefox126 wontfix, firefox127 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr115 --- wontfix
firefox125 --- wontfix
firefox126 --- wontfix
firefox127 --- fixed

People

(Reporter: briansmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, Whiteboard: [See comment 2 before checking in; more work may be needed])

Attachments

(1 file, 1 obsolete file)

Bug 671060 - Remove incomplete ESDH code. r=rrelyea
48 bytes, text/x-phabricator-request
Details | Review
+++ This bug was initially created as a clone of Bug #668397 +++ In particular, remove the code in the cases of the switch statements that call NSS_CMSUtil_*_ESDH and remove the NSS_CMSUtil_*_ESDH functions, as this code can't work and thus hasn't been tested, AFAICT.
Attached patch Remove ESDH support (obsolete) — Splinter Review
Here is the patch. Notice that this code always failed because NSS_CMSUtil_EncryptSymKey_ESDH unconditionally returned SECFailure. Also, NSS_CMSUtil_DecryptSymKey_ESDH was never called.
Assignee: nobody → bsmith
Attachment #545469 - Flags: review?(rrelyea)
Comment on attachment 545469 [details] [diff] [review] Remove ESDH support There are two other SEC_OID_X942_DIFFIE_HELMAN_KEY cases in security/nss/lib/smime/cmsrecinfo.c. Should we also remove them?
In bug 676118, David Cooper contributed an ESDH implementation, so I am resolving this as a duplicate of that bug.
Severity: major → normal
Status: NEW → RESOLVED
Closed: 14 years ago
Depends on: 676118
Resolution: --- → DUPLICATE
This code was supposed to implement ephemeral-static non-ECC DH, David's patches are for ephemeral-staic ECC DH. So, it still makes sense to keep this bug open to remove this dead code.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment on attachment 545469 [details] [diff] [review] Remove ESDH support r+ with the following caveat.... ECDH and DH should be very similiar (basically differing in some mechanisms and oids). Most of the underlying mechanical differences should not appear at this layer. This patch should be coordinated with David Cooper's work on ECC. bob
Attachment #545469 - Flags: review?(rrelyea) → review+
Whiteboard: [See comment 2 before checking in; more work may be needed]
Assignee: brian → nobody
Severity: normal → S3

I think we should not land this patch as is.

This patch removes the empty *_ESDH functions from cmslocal.h and cmspubkey.c - this seems fine.

This patch also removes a block of code from cmsrecinfo.c - we shouldn't do that.
David's patch in bug requires that block of code, and it changes it to handle SEC_OID_ANSIX962_EC_PUBLIC_KEY.

David's patch keeps the call to the _ESDH function, he attempts to make no changes to existing code (handling of other algorithms).

Because there's consensus in this bug here that the _ESDH code isn't working and can be removed, I suggest that we amend David's patch to remove/disable the case that handles SEC_OID_X942_DIFFIE_HELMAN_KEY - after David's patch landed.

Severity: S3 → S4
Priority: -- → P5

Now that we have David's other patches landed (ECDH and RSA-OAEP), let's complete this task.

I'll mark the patch as obsolete, and submit a new patch for Bob to review.

Attachment #545469 - Attachment is obsolete: true

https://hg.mozilla.org/projects/nss/rev/59cb4785ea5055075136a5421ffddf29ed18b8da
3.100

Status: REOPENED → RESOLVED
Closed: 14 years ago1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: