Thanks again Robert, please see my comments inline ...
On 01/13/2011 10:40 PM, Robert Relyea wrote:
--snip--
What is the actual client software you are running?
the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
It merley does the following ...
PR_SetConcurrency(4);
while (len > 0) {
PRInt32 bytesToWrite;
PRInt32 bytesWritten;
if (len > static_cast<std::size_t>(MAX_READ_WRITE_LEN)) {
bytesToWrite = MAX_READ_WRITE_LEN;
} else {
bytesToWrite = static_cast<PRInt32>(len);
}
bytesWritten = PR_Write(socket, data, bytesToWrite);
if (bytesWritten < 0) {
status = AM_NSPR_ERROR;
break;
}
data += bytesWritten;
len -= static_cast<std::size_t>(bytesWritten);
}
the socket referenced is created using the following function
PRFileDesc *createSocket(const PRNetAddr& address, bool useSSL,
const std::string &certDBPasswd,
const std::string &certNickName,
bool alwaysTrustServerCert);
char *growBuffer(char *oldBuffer, std::size_t oldBufferLen,
std::size_t newBufferLen);
am_status_t read(char *buffer, std::size_t& bufferLen);
static bool initialized;
PRFileDesc *socket;
char *certdbpasswd;
char *certnickname;
};
I sounds like
someone is overwriting some buffers and causing very bizarre behavior.
Hmm, why could this 'buffer overwriting' only occour on this
configuration .. it does not happen on any other?!?
-- snip --
PKCS#11 logger now seems to be ok, but shows 'CKR_DEVICE_ERRORS' for
other functions as for 3.12.5.
822564800[1581690]: C_OpenSession
822564800[1581690]: slotID = 0x1
822564800[1581690]: flags = 0x4
822564800[1581690]: pApplication = 0x1884150
822564800[1581690]: Notify = 0x30468315
822564800[1581690]: phSession = 0x7fffb77fd208
822564800[1581690]: *phSession = 0x1884150
822564800[1581690]: rv = CKR_DEVICE_ERROR
822564800[1581690]: C_DigestInit
822564800[1581690]: hSession = 0x1
822564800[1581690]: pMechanism = 0x7fffb77fd260
822564800[1581690]: mechanism = CKM_MD5
822564800[1581690]: rv = CKR_DEVICE_ERROR
822564800[1581690]: C_OpenSession
822564800[1581690]: slotID = 0x1
822564800[1581690]: flags = 0x4
822564800[1581690]: pApplication = 0x1884150
822564800[1581690]: Notify = 0x30468315
822564800[1581690]: phSession = 0x7fffb77fd208
822564800[1581690]: *phSession = 0x1884150
822564800[1581690]: rv = CKR_DEVICE_ERROR
822564800[1581690]: C_DigestInit
822564800[1581690]: hSession = 0x1
822564800[1581690]: pMechanism = 0x7fffb77fd260
822564800[1581690]: mechanism = CKM_SHA_1
822564800[1581690]: rv = CKR_DEVICE_ERROR
...
..
Once the 'CKR_DEVICE_ERROR' occoured it seems to be unrecoverable.
Could this be a file-system problem?
That sounds like exactly the behavior of the FIPS token if it hits the
unrecoverable error state, but clearly you are using Slot 1, not Slot 3
(the FIPS slot). None of this matches anything I would expect to see
with NSS talking to softoken.;(.
Is the output of 'PKCS#11' reliable?
AFAI have understood the code 'NSC_OpenSession' does not return
'CKR_DEVICE_ERROR' ... but I'm not a C-programmer.
Unfortunately 'printfs' are not passed through by Apache httpd ... I'll
try to use PR_LOG, but the question is will this be helpfull...
TIA,
Bernhard
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
