Add pem module fix, spec file support for AArch64 and document additional fix

- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output, upstream fix
This commit is contained in:
Elio Maldonado 2013-02-16 15:02:25 -08:00
parent b3f05b9f44
commit 0370142fd0
2 changed files with 51 additions and 2 deletions

View File

@ -0,0 +1,44 @@
--- mozilla/security/nss/lib/ckfw/pem/psession.c
+++ mozilla/security/nss/lib/ckfw/pem/psession.c
@@ -230,6 +230,7 @@ pem_mdSession_Login
unsigned int len = 0;
NSSLOWKEYPrivateKey *lpk = NULL;
PLArenaPool *arena;
+ SECItem plain;
int i;
fwSlot = NSSCKFWToken_GetFWSlot(fwToken);
@@ -306,23 +321,27 @@ pem_mdSession_Login
lpk->keyType = NSSLOWKEYRSAKey;
prepare_low_rsa_priv_key_for_asn1(lpk);
- nss_ZFreeIf(io->u.key.key.privateKey->data);
- io->u.key.key.privateKey->len = len - output[len - 1];
- io->u.key.key.privateKey->data =
- (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len);
- memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]);
/* Decode the resulting blob and see if it is a decodable DER that fits
* our private key template. If so we declare success and move on. If not
* then we return an error.
*/
+ memset(&plain, 0, sizeof(plain));
+ plain.data = output;
+ plain.len = len - output[len - 1];
rv = SEC_QuickDERDecodeItem(arena, lpk, pem_RSAPrivateKeyTemplate,
- io->u.key.key.privateKey);
+ &plain);
pem_DestroyPrivateKey(lpk);
arena = NULL;
if (rv != SECSuccess)
goto loser;
+ nss_ZFreeIf(io->u.key.key.privateKey->data);
+ io->u.key.key.privateKey->len = len - output[len - 1];
+ io->u.key.key.privateKey->data =
+ (void *) nss_ZAlloc(NULL, io->u.key.key.privateKey->len);
+ memcpy(io->u.key.key.privateKey->data, output, len - output[len - 1]);
+
rv = CKR_OK;
loser:

View File

@ -79,6 +79,7 @@ Patch40: nss-3.14.0.0-disble-ocsp-test.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=835919
Patch43: no-softoken-freebl-tests.patch
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
Patch45: Bug-896651-pem-dont-trash-keys-on-failed-login.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -164,6 +165,7 @@ low level services.
%patch40 -p1 -b .noocsptest
%patch43 -p0 -b .nosoftokentests
%patch44 -p1 -b .syncupwithupstream
%patch45 -p0 -b .notrash
%build
@ -204,7 +206,7 @@ export USE_SYSTEM_FREEBL=1
NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE
%ifarch x86_64 ppc64 ia64 s390x sparc64
%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
USE_64=1
export USE_64
%endif
@ -299,7 +301,7 @@ export FREEBL_NO_DEPEND
BUILD_OPT=1
export BUILD_OPT
%ifarch x86_64 ppc64 ia64 s390x sparc64
%ifarch x86_64 ppc64 ia64 s390x sparc64 aarch64
USE_64=1
export USE_64
%endif
@ -612,6 +614,9 @@ rm -f $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
* Fri Feb 15 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-1
- Update to NSS_3_14_3_RTM
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
- Resolves: rhbz#896651 - PEM module trashes private keys if login fails
- Resolves: rhbz#909775 - specfile support for AArch64
- Resolves: rhbz#910584 - certutil -a does not produce ASCII output
* Mon Feb 04 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.2-2
- Allow building nss against older system sqlite