Bob Relyea wrote:
Antonio Andr�s Espallardo wrote:
Now I don't know what happens but Netscape don't finalize the decrypt
operation correctly calling C_DecryptFinal, but he close the session.
The message is showed decrypted in the mail manager, but Netscape
hasn't finalized correctly the decrypt operation.
It's probably a bug in NSS. Once the session is closed, though, you
should throw away all your decryptions state.
libsmime calls
PK11_CreateContextBySymKey
PK11_CipherOp (repeatedly)
PK11_DestroyContext
libsmime should call PK11_Finalize before calling PK11_DestroyContext,
but doesn't. That would be a small fix to a single source file.
PK11_DestroyContext starts by destroying the session.
Later it destroys the key. I believe that is the wrong order.
I believe the key handle is invalid after the session is destroyed,
and so the call to PK11_FreeSymKey probably sends a invalid key handle
(or potentially a reused key handle!) to C_DestroyObject.
I will file bugs about these findings.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
