Closed Bug 647749 Opened 14 years ago Closed 14 years ago

Assertion failure: !(certificateUsage & (certificateUsage - 1)), at pkix_pl_cert.c:3011

Categories

(NSS :: Libraries, defect)

3.12.9
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: KaiE, Unassigned)

Details

My code that queries a builtin CA cert for usages runs into the following assertion: (PKIX_BuildChain: ( Entering PKIX_BuildChain). (pkix_Build_InitiateBuildChain: ( Entering pkix_Build_InitiateBuildChain). Assertion failure: !(certificateUsage & (certificateUsage - 1)), at pkix_pl_cert.c:3011
... which is a crash
#9 0x00129462 in PR_Assert (s=0x385d420 "!(certificateUsage & (certificateUsage - 1))", file=0x385d1b0 "pkix_pl_cert.c", ln=3011) at /plaindata/moz/mocent/mozilla/nsprpub/pr/src/io/prlog.c:577 #10 0x037fadde in PKIX_PL_Cert_VerifyCertAndKeyType (cert=0xa33c0100, isChainCert=0, plContext=0xa330b820) at pkix_pl_cert.c:3011 #11 0x037a0176 in pkix_CertSelector_DefaultMatch (selector=0xa34c9f60, cert=0xa33c0100, plContext=0xa330b820) at pkix_certselector.c:1332 #12 0x037da3a3 in pkix_Build_InitiateBuildChain (procParams=0xb3366ab0, pNBIOContext=0xa45fde74, pState=0xa45fde7c, pBuildResult=0xa45fde78, pVerifyNode=0xa45fdee4, plContext=0xa330b820) at pkix_build.c:3364 #13 0x037dbe23 in PKIX_BuildChain (procParams=0xb3366ab0, pNBIOContext=0xa45fdef0, pState=0xa45fdeec, pBuildResult=0xa45fdef4, pVerifyNode=0xa45fdee4, plContext=0xa330b820) at pkix_build.c:3731 #14 0x037396fd in CERT_PKIXVerifyCert (cert=0xa1e4b010, usages=1151, paramsIn=0xa4f3bf10, paramsOut=0xa45fdf90, wincx=0x0) at certvfypkix.c:2317 #15 0x01f1ca3d in nsUsageArrayHelper::GetUsagesArray (this=0xa45fe070, suffix=0x2c966b0 "", localOnly=0, outArraySize=13, _verified=0xa45fe100, _count=0xa45fe080, outUsages=0xa45fe03c) at /plaindata/moz/mocent/mozilla/security/manager/ssl/src/nsUsageArrayHelper.cpp:224 #16 0x01eefa2d in nsNSSCertificate::GetUsagesArray (this=0xa1d88680, localOnly=0, _verified=0xa45fe100, _count=0xa45fe0fc, _usages=0xa45fe0f8) at /plaindata/moz/mocent/mozilla/security/manager/ssl/src/nsNSSCertificate.cpp:1443
PSM has always been calling CERT_VerifyCertificateNow with a bitmask that includes multiple usages. It does so to obtain the list of valid usages. The API's output parameter of the new CERT_PKIXVerifyCert is designed to return such a list of usages, too. However, the imlementation of libPKIX contains the mentioned assertion, that will abort if more than one usage is being passed. Obviously, the application shouldn't abort on unexpected input data. It currently calls PORT_Assert !!! Is this maybe an area, where the implementation is incomplete, and the PORT_Assert is some kind of reminder...? Or should the API be used differently?
Blocks: psm-pkix
oh... SECCertUsage != SECCertificateUsage
I think this bug is invalid. My mistake. I used the wrong cert usage constants...
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
No longer blocks: psm-pkix
You need to log in before you can comment on or make changes to this bug.