2008/9/6 Graham Leggett <[EMAIL PROTECTED]>:
>
> 472 SECStatus s = PK11_CipherOp(block->ctx, *out, &outl, outl,
> (unsigned char*)in, inlen);
> (gdb)
> 474 if (s != SECSuccess) {
> (gdb)
> 475 PRErrorCode perr = PORT_GetError();
> (gdb)
> 476 if (perr) {
> (gdb)
> 477 block->factory->result->rc = perr;
> (gdb)
> 478 block->factory->result->msg = PR_ErrorToName(perr);
> (gdb)
> 480 return APR_ECRYPT;
> (gdb) print s
> $10 = SECFailure
> (gdb) print block->ctx
> $11 = (PK11Context *) 0x10ceb0
> (gdb) print perr
> $12 = -8192
Here are the most likely points of failure.
AES_Encrypt:
http://mxr.mozilla.org/security/source/security/nss/lib/freebl/rijndael.c#1083
The input length must be a multiple of block size (16 bytes).
The output buffer length must be >= the input length.
Here is where NSC_EncryptUpdate returns CKR_DEVICE_ERROR on
any encryption failure:
http://mxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11c.c#750
820 /* do it: NOTE: this assumes buf size in is >= buf size out! */
821 rv = (*context->update)(context->cipherInfo,pEncryptedPart,
822 &outlen, maxout, pPart, ulPartLen);
823 *pulEncryptedPartLen = (CK_ULONG) (outlen + padoutlen);
824 return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
Once you have identified the failure point, I'll work on improving
error reporting.
Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
