[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I found a bug in CML v1.91

To: 'Paulo Araújo' <pjaraujo@xxxxxx>, imc-cml@xxxxxxx
Subject: RE: I found a bug in CML v1.91
From: "Pawling, John" <John.Pawling@xxxxxxxxxxxxxxxx>
Date: Wed, 5 Sep 2001 12:55:38 -0400
List-archive: <http://www.imc.org/imc-cml/mail-archive/>
List-id: <imc-cml.imc.org>
List-unsubscribe: <mailto:imc-cml-request@imc.org?body=unsubscribe>
Sender: owner-imc-cml@xxxxxxxxxxxx

Paulo,

Thank you for reporting this bug in the CML.  We are in the process of
delivering a new release of the CML (v1.9.3) in which we fixed the bug that
you reported.  A corrected CM_Cache.cpp file is being delivered as part of
the v1.9.3 CML release.

We also fixed a bug in CMU_DSAEncodePQGparms() function in CM_encode.cpp
source file in which it was using the AsnInt class for the DSA P, Q and G
parameters instead of using the CSM_BigIntegerStr class.  This caused the
DSA parameters to be improperly encoded which (in some cases) caused the
Crypto Token Interface Library (CTIL) to return an error (ex: MSB is 1)
indicating that the DSA parameters were not encoded as valid unsigned ASN.1
INTEGER values. 
A corrected CM_encode.cpp file is being delivered as part of the v1.9.3 CML
release.

The new v1.9.3 CML source code and binary libraries will soon be available
from our CML web page: <http://www.getronicsgov.com/hot/cml_home.htm>.  We
will inform the imc-cml mail list as soon the v1.9.3 CML release is
available.

We will resolve the other issues that you reported in the v2.0 CML release
planned for 31 October 2001.  In our opinion, these issues do not require
the release of an immediate patch.  

Please let us know if we can provide further information.

===========================================
John Pawling, John.Pawling@xxxxxxxxxxxxxxxx
Getronics Government Solutions, LLC
===========================================


-----Original Message-----
From: Paulo Araújo [mailto:pjaraujo@xxxxxx]
Sent: Wednesday, September 05, 2001 9:57 AM
To: imc-cml@xxxxxxx
Cc: John.Pawling@xxxxxxxxxxxxxxxx
Subject: I found a bug in CML v1.91



Hello

I found a bug in CM_cache.c (line 1070).
"pLink = pLink->next;" should be added to
this while loop.

----------------------
Now I have the encoding problem in CMU_DSAEncodePQGparms()
solved, but before that, SMTI_Verify (CM_cetilinfc.cpp 184 and 215)
didn't throw a exception as it should when a fake signature is verified.
However it did return something different from 0 (an error code).

CTILVerifySignature is ignoring SMTI_Verify return code. Is this
correct or not ?

-----------------------

Another suspect bug:

 SRL_DatabaseSearch is testing if "dn[0]!= 0" to find if this parameter is
to be ignored. However I think that the correct test is "dn != 0", because
in SRL API docs is stated that the correct value for dn is NULL and not "".

Am I right or not ?


Thanks for Your help,

Paulo Araújo

Prev by Date: I found a bug in CML v1.91
Next by Date: SRL_DatabaseFlush bug !!?
Previous by thread: I found a bug in CML v1.91
Next by thread: SRL_DatabaseFlush bug !!?
Index(es):
- Date
- Thread