Nelson B wrote:
Bob Relyea wrote:
Antonio Andr�s Espallardo wrote:
Now I don't know what happens but Netscape don't finalize the decrypt operation correctly calling C_DecryptFinal, but he close the session. The message is showed decrypted in the mail manager, but Netscape hasn't finalized correctly the decrypt operation.
It's probably a bug in NSS. Once the session is closed, though, you should throw away all your decryptions state.
libsmime calls PK11_CreateContextBySymKey PK11_CipherOp (repeatedly) PK11_DestroyContext
libsmime should call PK11_Finalize before calling PK11_DestroyContext, but doesn't. That would be a small fix to a single source file.
PK11_DestroyContext starts by destroying the session. Later it destroys the key. I believe that is the wrong order. I believe the key handle is invalid after the session is destroyed, and so the call to PK11_FreeSymKey probably sends a invalid key handle (or potentially a reused key handle!) to C_DestroyObject.
SymKeys are on their own sessions, keys are typically created before the context that uses them. They my also be used by multiple contexts, so keys are created with their own sessions.
There is appearantly a bug where we are destroying already destroyed session handles, but that's not it.;(.
I will file bugs about these findings.
Thanks.
smime.p7s
Description: S/MIME Cryptographic Signature
