Closed Bug 94866 Opened 24 years ago Closed 24 years ago

DSA key gen broken on 64-bit platforms

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.2.1
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bugz, Assigned: wtc)

Details

Attachments

(3 files)

patch (already checked in to tip)
2.24 KB, patch
Details | Diff | Splinter Review
patch based on wtc's review (same as old patch, only cleaner code)
2.43 KB, patch
Details | Diff | Splinter Review
same patch as the last, only showing overall diff (from r1.14) to fix the bug
2.01 KB, patch
Details | Diff | Splinter Review
DSA key generation failing using certutil on 64-bit platforms.
See the definitions of PK11Cipher and PK11Verify at: http://lxr.mozilla.org/mozilla/source/security/nss/lib/softoken/pkcs11i.h#74 They use native types, including unsigned int. However, the nsc_DSA_Sign_Stub and nsc_DSA_Verify_Stub functions used cryptoki types, including CK_ULONG. This caused data loss. I have already checked a patch into the tip. The reason for my haste was I wanted to see if QA would pass. However, it should be reviewed. Will attach.
Good detective work, Ian! Your patch is good. I just have some nit-picking comments. 1. The original code uses the Hungarian naming convention. To follow the same spirit, the "ul" in the variable names should be changed to "u" (or "ui"?) because the type changed from CK_ULONG to unsigned int. 2. The type cast in PORT_Memcpy((unsigned char *)pSignature, signature.data, signature.len); is not necessary because the first parameter of PORT_Memcpy is a void*. 3. It is not necessary to initialize 'key' and 'context' in NSC_VerifyInit(). pk11_InitGeneric() should set their values if it returns successfully.
bugger. tinderbox solaris 8 64-bit QA is still broken. I can't see the logs from where i'm at, so I don't know why. Perhaps it fails later on. I was testing on AIX 64-bit, and the keygen worked there (didn't try the whole script). 1. agreed. 2. ditto. 3. that was leftover from a previous guess at a fix. I considered this a rough draft, I checked in to see if QA would pass. Evidently, not.
r=wtc.
This is all in. Key gen working on 64-bit now. Marking fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: