Closed Bug 244329 Opened 21 years ago Closed 17 years ago

crmftest test program doesn't compile or run.

Categories

(NSS :: Tools, defect, P3)

defect

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: nelson, Assigned: nelson)

References

Details

Attachments

(2 obsolete files)

Recently a user reported a problem with the CRMF library. I went to build and run the crmftest program, and found that it was never converted to use NSS_Init, or to use the PK11 functions instead of the RNG functions directly. I have changed the sources to get most of it to compile. I ifdeffed out one section that call PKCS11 functions directly, because I think it should be calling NSS shared lib functions instead, but I haven't yet figure out what (if any) functions those are. To get it to compile and run (as it now does), I had to add 2 symbols to nss.def. The real purpose of this bug report is to get that change to nss.def code reviewed, so I can make it part of NSS 3.10. patches forthcoming.
Attached patch patch to cmd/crmftest sources (obsolete) (deleted) — Splinter Review
This patch depends on the next patch below, to nss.def. Review of this patch seems optional, since the code doesn't compile without it.
Attached patch patch to nss.def (obsolete) (deleted) — Splinter Review
patch to add CERT_GetCertificateNames and HASH_ResultLenByOidTag to list of exported symbols. (This patch also adds CERT_DecodeDERCertificate, which is the subject of a different bug, please ignore that for this bug.)
Comment on attachment 149088 [details] [diff] [review] patch to nss.def Bob, please reeview
Attachment #149088 - Flags: review?(rrelyea0264)
Comment on attachment 149088 [details] [diff] [review] patch to nss.def CERT_DecodeDERCert should not be included in this list.
Attachment #149088 - Flags: review?(rrelyea0264) → review-
Comment on attachment 149087 [details] [diff] [review] patch to cmd/crmftest sources Must fix: 1. There is no way to set DoReq to TRUE. 2. The ifdef out code in PKCS11_Init needs to be restored. The stuff with the cryptoSlot should be removed, but the keySlot stuff is necessary if NSS ends up creating new databases. (see sdrtest for how we currently do this). Should fix: remove all the #if 0 includes. lines 181-199, the new /* what's this nonsence? */ and the 3 lines following (as well as the declaration of cryptoSlot above should all be removed (it is nonsense and not needed)). Minor comments: To get DO_DSA to compile, use the functins in pk11_pqg.h. bob bob
Attachment #149087 - Flags: review-
Bob, Today the program does not compile at all. As I wrote above, my intention at this time is NOT to restore all the functionality. My intention is to restore MOST of the functionality, ang get it to compile, so that it can be used to test the common functionality. I am not going to do any more work on this program. Your choices are: a) leave it as it is, completely not compiling and useless, should be removed. b) accept this patch, improving it to the point where it is at least somewhat useful.
I have now done a LOT of work overhauling crmftest so it will build and so that all of it can be selected to run from the command line (no dead code). I have not yet fixed the "key recovery" code, which uses NSS internals such as the NSS per-slot table of function pointers. I will work on then when the rest of crmftest runs succesfully. Already my testing of crmftest has revealed NUMEROUS bugs in the crmf libraries, and a bug in the ASN.1 encoder. So, I am going to use this bug as a tracking bug, to track all those other bugs I found, and the new bugs that I undoubtedly will continue to find.
Status: NEW → ASSIGNED
Summary: crmftest test program doesn't compile. → crmftest test program doesn't compile or run.
Depends on: 244922
Depends on: 244929
I checked in a huge change to crmftest.c. It now builds with NSS 3.10, and parts of it run to completion without error, when a modified ASN.1 encoder is used. The program contains code to do numerous different tests. Previously it always ran all tests, and made to attempt to cleanly shutdown. Now, there are command line options that allow the user to select exactly which tests to run. The command line arguments for selecting functionality are presently: - crmf Generate a CRMF v3 request for a pair of RSA certs - dsa Generate a CRMF v3 request for a DSA cert (untested) - decode Decode a CRMF cert request. Decoder test only. - cmmf Attempts to do 4 substeps: - create a CMMF reply (cert granting message) containing a cert - decode a CMMF reply. Decoder test only. Results unused. - create a key escrow request, AKA CMMF "recovery message" - decode a key escrow request. Decoder test only. - recover Request the recovery of an previously escrowed key, Process the response, see if the recovered key works. - challenge Runs the "challenge/response" tests, whatever they are. The code for the "recover" command is still ifdeffed out because it uses NSS shared lib internal stuff. Probably new APIs are needed to overcome this. The CRMF request generated uses almost every optional feature of CRMF, which the mozilla browser does not do. Consequently, the test program encounters problems that the browser is not presently encountering. The program is not presently able to generate correctly encoded CRMF request or CMMF replies due to these bugs. I have a hacked version of the ASN.1 encoder (not ready to checkin yet), with which the crmf and decode commands pass completely, and shutdown cleanly. I intend to subdivide the cmmf command into 4 separate commands so that each of those 4 steps can be run separately. The "recover" and "challenge" commands may also get subdivided when I get around to them.
Depends on: 245420
Attachment #149087 - Attachment is obsolete: true
Attachment #149088 - Attachment is obsolete: true
Depends on: 245429
I have been working on this for 3.10.
Priority: -- → P2
Target Milestone: --- → 3.10
Whiteboard: blocked by ASN.1 encoder bugs
QA Contact: bishakhabanerjee → jason.m.reid
CRMF work seems to be work that is only of interest to mozilla, and maybe no even to that product. So I am reducing this to P3 and setting the target milestone to --.
Priority: P2 → P3
Target Milestone: 3.10 → ---
Bob, in bug 308887 you added the crmf.sh test script to the NSS tip (NSS 3.11). So can we mark this bug fixed now?
Whiteboard: blocked by ASN.1 encoder bugs
QA Contact: jason.m.reid → tools
Alexei, since you've been working on CRMF and CMMF code, you should know about this bug. It contains the only documentation for the crmftest QA program.
I wish we could give the CRMF/CMMF code to PSM. It has no other users. No one is interested in working on it. I'm not going to work on this bug any more.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: