Bug 1041328 - Fix crash in CryptoKey::PrivateKeyFromPkcs8() when trying to import invalid key data r=rbarnes
authorTim Taubert <ttaubert@mozilla.com>
Fri, 25 Jul 2014 13:53:28 +0200
changeset 196994 a2c9876376169255891840e955ee5076e82fa37f
parent 196993 0893f2ef4b9ad8694a5ca159a6ee845fe90bc1b7
child 197035 597be00ffc53282a844045ae1e50b096c02b4c0a
push id47021
push userttaubert@mozilla.com
push dateThu, 31 Jul 2014 10:48:02 +0000
treeherdermozilla-inbound@a2c987637616 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrbarnes
bugs1041328
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1041328 - Fix crash in CryptoKey::PrivateKeyFromPkcs8() when trying to import invalid key data r=rbarnes
dom/crypto/CryptoKey.cpp
dom/crypto/test/test-vectors.js
dom/crypto/test/tests.js
--- a/dom/crypto/CryptoKey.cpp
+++ b/dom/crypto/CryptoKey.cpp
@@ -293,21 +293,21 @@ CryptoKey::PrivateKeyFromPkcs8(CryptoBuf
   ScopedSECItem pkcs8Item(aKeyData.ToSECItem());
   if (!pkcs8Item) {
     return nullptr;
   }
 
   // Allow everything, we enforce usage ourselves
   unsigned int usage = KU_ALL;
 
-  nsresult rv = MapSECStatus(PK11_ImportDERPrivateKeyInfoAndReturnKey(
-                slot.get(), pkcs8Item.get(), nullptr, nullptr, false, false,
-                usage, &privKey, nullptr));
+  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+                 slot.get(), pkcs8Item.get(), nullptr, nullptr, false, false,
+                 usage, &privKey, nullptr);
 
-  if (NS_FAILED(rv)) {
+  if (rv == SECFailure) {
     return nullptr;
   }
   return privKey;
 }
 
 SECKEYPublicKey*
 CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData,
                        const nsNSSShutDownPreventionLock& /*proofOfLock*/)
--- a/dom/crypto/test/test-vectors.js
+++ b/dom/crypto/test/test-vectors.js
@@ -430,9 +430,27 @@ tv = {
     iterations: 4096,
     length: 40 * 8,
 
     derived: util.hex2abv(
       "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1" +
       "c635518c7dac47e9"
     )
   },
+
+  broken_pkcs8: {
+    // A DH key with parameters p and g, and a private value.
+    // This currently fails the key import due to the missing public value.
+    // <https://stackoverflow.com/questions/6032675/diffie-hellman-test-vectors>
+    dh: util.hex2abv(
+      "308201340201003082011506072a8648ce3e02013082010802818100da3a8085" +
+      "d372437805de95b88b675122f575df976610c6a844de99f1df82a06848bf7a42" +
+      "f18895c97402e81118e01a00d0855d51922f434c022350861d58ddf60d65bc69" +
+      "41fc6064b147071a4c30426d82fc90d888f94990267c64beef8c304a4b2b26fb" +
+      "93724d6a9472fa16bc50c5b9b8b59afb62cfe9ea3ba042c73a6ade3502818100" +
+      "a51883e9ac0539859df3d25c716437008bb4bd8ec4786eb4bc643299daef5e3e" +
+      "5af5863a6ac40a597b83a27583f6a658d408825105b16d31b6ed088fc623f648" +
+      "fd6d95e9cefcb0745763cddf564c87bcf4ba7928e74fd6a3080481f588d535e4" +
+      "c026b58a21e1e5ec412ff241b436043e29173f1dc6cb943c09742de989547288" +
+      "0416021442c6ee70beb7465928a1efe692d2281b8f7b53d6"
+    )
+  }
 }
--- a/dom/crypto/test/tests.js
+++ b/dom/crypto/test/tests.js
@@ -1814,8 +1814,21 @@ TestArray.addTest(
     var that = this;
 
     crypto.subtle.digest("SHA-256", tv.sha256.data)
       .then(complete(that, function (x) {
         return x instanceof ArrayBuffer;
       }), error(that));
   }
 );
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+  "Ensure that importing an invalid key doesn't crash",
+  function () {
+    var that = this;
+    // TODO Change the algorithm to "DH" once we support it.
+    var alg = {name: "RSA-OAEP", hash: "SHA-1"};
+
+    crypto.subtle.importKey("pkcs8", tv.broken_pkcs8.dh, alg, false, ["decrypt"])
+      .then(error(that), complete(that));
+  }
+);