Update the nss-pem source archive to the latest version
- Resolves: Bug 806043 - use pem files interchangeably in a single process - Resolves: Bug 806051 - PEM various flaws detected by Coverity - Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name - Remove patches obsoleted by the nss and pem updates
This commit is contained in:
parent
c408966515
commit
310e64d3c2
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,3 @@
|
|||||||
nss-pem-20101125.tar.bz2
|
|
||||||
blank-cert8.db
|
blank-cert8.db
|
||||||
blank-key3.db
|
blank-key3.db
|
||||||
blank-secmod.db
|
blank-secmod.db
|
||||||
@ -6,3 +5,4 @@ blank-cert9.db
|
|||||||
blank-key4.db
|
blank-key4.db
|
||||||
PayPalEE.cert
|
PayPalEE.cert
|
||||||
/nss-3.13.4-stripped.tar.bz2
|
/nss-3.13.4-stripped.tar.bz2
|
||||||
|
/nss-pem-20120402.tar.bz2
|
||||||
|
@ -1,107 +0,0 @@
|
|||||||
From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Elio Maldonado <emaldona@redhat.com>
|
|
||||||
Date: Tue, 12 Apr 2011 09:31:48 -0700
|
|
||||||
Subject: [PATCH] Bug 695011 PEM logging
|
|
||||||
|
|
||||||
Use NSPR logging facilities for PEM logging to fix a segmenation violation
|
|
||||||
caused when user cannot for write a log file created by root
|
|
||||||
---
|
|
||||||
mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++-
|
|
||||||
mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------
|
|
||||||
2 files changed, 22 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
|
|
||||||
index 839d40b..720525e 100644
|
|
||||||
--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
|
|
||||||
+++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
|
|
||||||
@@ -1,3 +1,6 @@
|
|
||||||
+#ifndef CKPEM_H
|
|
||||||
+#define CKPEM_H
|
|
||||||
+
|
|
||||||
#include "nssckmdt.h"
|
|
||||||
#include "nssckfw.h"
|
|
||||||
#include "ckfwtm.h"
|
|
||||||
@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
|
|
||||||
/* ptoken.c */
|
|
||||||
NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
|
|
||||||
|
|
||||||
+/* util.c */
|
|
||||||
void open_log();
|
|
||||||
-void close_log();
|
|
||||||
void plog(const char *fmt, ...);
|
|
||||||
|
|
||||||
-#define PEM_H 1
|
|
||||||
+#endif /* CKPEM_H */
|
|
||||||
diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
|
|
||||||
index 853f418..fafb924 100644
|
|
||||||
--- a/mozilla/security/nss/lib/ckfw/pem/util.c
|
|
||||||
+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
|
|
||||||
@@ -41,6 +41,7 @@
|
|
||||||
#include "prtime.h"
|
|
||||||
#include "prlong.h"
|
|
||||||
#include "prerror.h"
|
|
||||||
+#include "prlog.h"
|
|
||||||
#include "prprf.h"
|
|
||||||
#include "plgetopt.h"
|
|
||||||
#include "prenv.h"
|
|
||||||
@@ -51,6 +52,9 @@
|
|
||||||
#include "cryptohi.h"
|
|
||||||
#include "secpkcs7.h"
|
|
||||||
#include "secerr.h"
|
|
||||||
+
|
|
||||||
+#include "ckpem.h"
|
|
||||||
+
|
|
||||||
#include <stdarg.h>
|
|
||||||
|
|
||||||
#define CHUNK_SIZE 512
|
|
||||||
@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-FILE *plogfile;
|
|
||||||
+#ifdef DEBUG
|
|
||||||
+#define LOGGING_BUFFER_SIZE 400
|
|
||||||
+#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
|
|
||||||
+static const char *pemLogModuleName = "PEM";
|
|
||||||
+static PRLogModuleInfo* pemLogModule;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
void open_log()
|
|
||||||
{
|
|
||||||
#ifdef DEBUG
|
|
||||||
- plogfile = fopen("/tmp/pkcs11.log", "a");
|
|
||||||
-#endif
|
|
||||||
+ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
|
|
||||||
|
|
||||||
- return;
|
|
||||||
-}
|
|
||||||
+ pemLogModule = PR_NewLogModule(pemLogModuleName);
|
|
||||||
|
|
||||||
-void close_log()
|
|
||||||
-{
|
|
||||||
-#ifdef DEBUG
|
|
||||||
- fclose(plogfile);
|
|
||||||
+ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
|
|
||||||
+ /* If false, the log file will remain what it was before */
|
|
||||||
#endif
|
|
||||||
- return;
|
|
||||||
}
|
|
||||||
|
|
||||||
void plog(const char *fmt, ...)
|
|
||||||
{
|
|
||||||
#ifdef DEBUG
|
|
||||||
+ char buf[LOGGING_BUFFER_SIZE];
|
|
||||||
va_list ap;
|
|
||||||
|
|
||||||
va_start(ap, fmt);
|
|
||||||
- vfprintf(plogfile, fmt, ap);
|
|
||||||
+ PR_vsnprintf(buf, sizeof(buf), fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
-
|
|
||||||
- fflush(plogfile);
|
|
||||||
+ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
--
|
|
||||||
1.7.4.2
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
|
|
||||||
--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700
|
|
||||||
+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700
|
|
||||||
@@ -1117,7 +1117,7 @@ pem_CreateObject
|
|
||||||
|
|
||||||
nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
|
||||||
if (nobjs < 1)
|
|
||||||
- return (NSSCKMDObject *) NULL;
|
|
||||||
+ goto loser;
|
|
||||||
|
|
||||||
objid = -1;
|
|
||||||
/* Brute force: find the id of the key, if any, in this slot */
|
|
||||||
@@ -1176,7 +1176,7 @@ pem_CreateObject
|
|
||||||
|
|
||||||
nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
|
|
||||||
if (nobjs < 1)
|
|
||||||
- return (NSSCKMDObject *) NULL;
|
|
||||||
+ goto loser;
|
|
||||||
|
|
||||||
certDER.len = 0; /* in case there is no equivalent cert */
|
|
||||||
certDER.data = NULL;
|
|
@ -1,15 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 ./mozilla/security/nss/lib/pk11wrap/pk11skey.c
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11skey.c.800676 2012-03-07 18:29:16.679551532 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11skey.c 2012-03-07 18:29:42.338733488 -0800
|
|
||||||
@@ -1664,7 +1664,10 @@ PK11_PubDerive(SECKEYPrivateKey *privKey
|
|
||||||
|
|
||||||
keyType = PK11_GetKeyType(target,keySize);
|
|
||||||
key_size = keySize;
|
|
||||||
- symKey->size = keySize;
|
|
||||||
+ /* There's a bug in FreeBL where this size is treated as a max.
|
|
||||||
+ * if we are using softoken, Don't set that size value here, but
|
|
||||||
+ * set it to zero we we will query softoken for the size */
|
|
||||||
+ symKey->size = slot->isInternal ? 0 : keySize;
|
|
||||||
if (key_size == 0) templateCount--;
|
|
||||||
|
|
||||||
mechanism.mechanism = derive;
|
|
41
nss.spec
41
nss.spec
@ -7,7 +7,7 @@
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: 3.13.4
|
Version: 3.13.4
|
||||||
Release: 0.1%{?dist}.beta.1
|
Release: 0.1%{?dist}.beta1.2
|
||||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -52,23 +52,17 @@ Source7: blank-key4.db
|
|||||||
Source8: system-pkcs11.txt
|
Source8: system-pkcs11.txt
|
||||||
Source9: setup-nsssysinit.sh
|
Source9: setup-nsssysinit.sh
|
||||||
Source10: PayPalEE.cert
|
Source10: PayPalEE.cert
|
||||||
Source12: %{name}-pem-20101125.tar.bz2
|
Source12: %{name}-pem-20120402.tar.bz2
|
||||||
|
|
||||||
Patch3: renegotiate-transitional.patch
|
Patch3: renegotiate-transitional.patch
|
||||||
Patch6: nss-enable-pem.patch
|
Patch6: nss-enable-pem.patch
|
||||||
Patch7: nsspem-642433.patch
|
|
||||||
Patch8: 0001-Bug-695011-PEM-logging.patch
|
|
||||||
Patch16: nss-539183.patch
|
Patch16: nss-539183.patch
|
||||||
Patch18: nss-646045.patch
|
Patch18: nss-646045.patch
|
||||||
Patch20: nsspem-createobject-initialize-pointer.patch
|
# must statically link pem against the freebl in the buildroot
|
||||||
Patch21: 0001-libnsspem-rhbz-734760.patch
|
# Needed only when freebl on tree has newe APIS
|
||||||
Patch22: nsspem-init-inform-not-thread-safe.patch
|
|
||||||
# must statically link pem against the 3.12.x system freebl in the buildroot
|
|
||||||
Patch25: nsspem-use-system-freebl.patch
|
Patch25: nsspem-use-system-freebl.patch
|
||||||
# don't compile the fipstest application
|
# don't compile the fipstest application
|
||||||
Patch26: nofipstest.patch
|
Patch26: nofipstest.patch
|
||||||
# include this patch in the upstream pem review
|
|
||||||
Patch28: nsspem-bz754771.patch
|
|
||||||
# This patch is currently meant for f16 and f15 only
|
# This patch is currently meant for f16 and f15 only
|
||||||
#Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
|
#Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
|
||||||
|
|
||||||
@ -84,14 +78,6 @@ Patch32: Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
|
|||||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
|
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
|
||||||
Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
|
Patch33: Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
|
||||||
|
|
||||||
# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=723740
|
|
||||||
# Fixed on freel for 3.13.4, disable the patch for now
|
|
||||||
# TODO: Remove patch when we verify that it's not needed
|
|
||||||
Patch34: Bug-800676-nss-workaround-for-freebl-bug-that-causes-openswan-to-drop-connections.patch
|
|
||||||
|
|
||||||
# Activate when verified in RHEL
|
|
||||||
# Patch55: Bug-746632-pem_CreateObject-mem-leak-on-non-existing-file-name.patch
|
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -167,25 +153,17 @@ low level services.
|
|||||||
|
|
||||||
%patch3 -p0 -b .transitional
|
%patch3 -p0 -b .transitional
|
||||||
%patch6 -p0 -b .libpem
|
%patch6 -p0 -b .libpem
|
||||||
%patch7 -p0 -b .642433
|
|
||||||
%patch8 -p1 -b .695011
|
|
||||||
%patch16 -p0 -b .539183
|
%patch16 -p0 -b .539183
|
||||||
%patch18 -p0 -b .646045
|
%patch18 -p0 -b .646045
|
||||||
%patch20 -p1 -b .717338
|
# link pem against buildroot's freebl, esential wen mixing and matching
|
||||||
%patch21 -p1 -b .734760
|
|
||||||
%patch22 -p0 -b .736410
|
|
||||||
# link pem against buildroot's 3.12 freebl
|
|
||||||
%patch25 -p0 -b .systemfreebl
|
%patch25 -p0 -b .systemfreebl
|
||||||
%patch26 -p0 -b .nofipstest
|
%patch26 -p0 -b .nofipstest
|
||||||
%patch28 -p0 -b .754771
|
# activate only if requested for this branch
|
||||||
# activate only if requested for f17
|
|
||||||
#%patch29 -p0 -b .770682
|
#%patch29 -p0 -b .770682
|
||||||
%patch30 -p0 -b .784672
|
%patch30 -p0 -b .784672
|
||||||
%patch31 -p0 -b .gcc47
|
%patch31 -p0 -b .gcc47
|
||||||
%patch32 -p0 -b .800674
|
%patch32 -p0 -b .800674
|
||||||
%patch33 -p0 -b .800682
|
%patch33 -p0 -b .800682
|
||||||
# disabling to test the fix
|
|
||||||
#%patch34 -p0 -b .800676
|
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -604,6 +582,13 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 02 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-0.1.beta1.2
|
||||||
|
- Update the nss-pem source archive to the latest version
|
||||||
|
- Remove no longer needed patches
|
||||||
|
- Resolves: Bug 806043 - use pem files interchangeably in a single process
|
||||||
|
- Resolves: Bug 806051 - PEM various flaws detected by Coverity
|
||||||
|
- Resolves: Bug 806058 - PEM pem_CreateObject leaks memory given a non-existing file name
|
||||||
|
|
||||||
* Sun Apr 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-0.1.beta1.1
|
* Sun Apr 01 2012 Elio Maldonado <emaldona@redhat.com> - 3.13.4-0.1.beta1.1
|
||||||
- Update to NSS_3_13.4_BETA1
|
- Update to NSS_3_13.4_BETA1
|
||||||
|
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
|
|
||||||
--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800
|
|
||||||
@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
|
|
||||||
return (result);
|
|
||||||
|
|
||||||
loser:
|
|
||||||
- if (result != NULL) {
|
|
||||||
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
|
|
||||||
- }
|
|
||||||
return (NULL);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
|
|
||||||
|
|
||||||
prStatus = PR_GetOpenFileInfo(src, &info);
|
|
||||||
|
|
||||||
- if (prStatus != PR_SUCCESS) {
|
|
||||||
+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
loser:
|
|
||||||
- SECITEM_FreeItem(dst, PR_FALSE);
|
|
||||||
- nss_ZFreeIf(dst);
|
|
||||||
+ nss_ZFreeIf(dst->data);
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
|
|
||||||
|
|
||||||
/* Read in ascii data */
|
|
||||||
rv = FileToItem(&filedata, inFile);
|
|
||||||
+ if (rv != SECSuccess) {
|
|
||||||
+ PR_Close(inFile);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
asc = (char *) filedata.data;
|
|
||||||
if (!asc) {
|
|
||||||
PR_Close(inFile);
|
|
||||||
@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
|
||||||
} else {
|
|
||||||
/* Read in binary der */
|
|
||||||
rv = FileToItem(der, inFile);
|
|
||||||
- if (rv) {
|
|
||||||
+ if (rv != SECSuccess) {
|
|
||||||
PR_Close(inFile);
|
|
||||||
return -1;
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
|
|
||||||
--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.754771 2011-12-12 09:38:51.839104295 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-12-12 09:44:40.437096761 -0800
|
|
||||||
@@ -350,6 +350,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
|
|
||||||
if (io == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
+ /* initialize pointers to functions */
|
|
||||||
+ pem_CreateMDObject(NULL, io, NULL);
|
|
||||||
+
|
|
||||||
io->gobjIndex = count;
|
|
||||||
|
|
||||||
/* add object to global array */
|
|
@ -1,11 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
|
|
||||||
--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700
|
|
||||||
@@ -1179,6 +1179,7 @@ pem_CreateObject
|
|
||||||
return (NSSCKMDObject *) NULL;
|
|
||||||
|
|
||||||
certDER.len = 0; /* in case there is no equivalent cert */
|
|
||||||
+ certDER.data = NULL;
|
|
||||||
|
|
||||||
objid = -1;
|
|
||||||
for (i = 0; i < pem_nobjs; i++) {
|
|
@ -1,129 +0,0 @@
|
|||||||
--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
|
|
||||||
+++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
|
|
||||||
@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
|
|
||||||
size += PEM_ITEM_CHUNK;
|
|
||||||
}
|
|
||||||
gobj[count] = io;
|
|
||||||
count++;
|
|
||||||
pem_nobjs++;
|
|
||||||
|
|
||||||
io->refCount ++;
|
|
||||||
return io;
|
|
||||||
}
|
|
||||||
|
|
||||||
CK_RV
|
|
||||||
AddCertificate(char *certfile, char *keyfile, PRBool cacert,
|
|
||||||
CK_SLOT_ID slotID)
|
|
||||||
{
|
|
||||||
pemInternalObject *o;
|
|
||||||
- SECItem certDER;
|
|
||||||
CK_RV error = 0;
|
|
||||||
int objid, i;
|
|
||||||
int nobjs = 0;
|
|
||||||
SECItem **objs = NULL;
|
|
||||||
char *ivstring = NULL;
|
|
||||||
int cipher;
|
|
||||||
|
|
||||||
- certDER.data = NULL;
|
|
||||||
nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
|
||||||
if (nobjs <= 0) {
|
|
||||||
nss_ZFreeIf(objs);
|
|
||||||
return CKR_GENERAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* For now load as many certs as are in the file for CAs only */
|
|
||||||
if (cacert) {
|
|
||||||
for (i = 0; i < nobjs; i++) {
|
|
||||||
char nickname[1024];
|
|
||||||
objid = pem_nobjs + 1;
|
|
||||||
|
|
||||||
snprintf(nickname, 1024, "%s - %d", certfile, i);
|
|
||||||
|
|
||||||
o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
|
|
||||||
@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
|
|
||||||
loser:
|
|
||||||
nss_ZFreeIf(objs);
|
|
||||||
nss_ZFreeIf(o);
|
|
||||||
return error;
|
|
||||||
}
|
|
||||||
|
|
||||||
CK_RV
|
|
||||||
pem_Initialize
|
|
||||||
(
|
|
||||||
NSSCKMDInstance * mdInstance,
|
|
||||||
NSSCKFWInstance * fwInstance,
|
|
||||||
NSSUTF8 * configurationData
|
|
||||||
)
|
|
||||||
{
|
|
||||||
CK_RV rv;
|
|
||||||
- /* parse the initialization string and initialize CRLInstances */
|
|
||||||
+ /* parse the initialization string */
|
|
||||||
char **certstrings = NULL;
|
|
||||||
+ char *modparms = NULL;
|
|
||||||
PRInt32 numcerts = 0;
|
|
||||||
PRBool status, error = PR_FALSE;
|
|
||||||
int i;
|
|
||||||
+ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
|
|
||||||
+
|
|
||||||
+ if (!fwInstance) return CKR_ARGUMENTS_BAD;
|
|
||||||
+
|
|
||||||
+ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
|
|
||||||
+ if (modArgs &&
|
|
||||||
+ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
|
|
||||||
+ return CKR_CANT_LOCK;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (pemInitialized) {
|
|
||||||
return CKR_OK;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
RNG_RNGInit();
|
|
||||||
|
|
||||||
open_log();
|
|
||||||
|
|
||||||
plog("pem_Initialize\n");
|
|
||||||
|
|
||||||
- unsigned char *modparms = NULL;
|
|
||||||
- if (!fwInstance) {
|
|
||||||
- return CKR_ARGUMENTS_BAD;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- CK_C_INITIALIZE_ARGS_PTR modArgs =
|
|
||||||
- NSSCKFWInstance_GetInitArgs(fwInstance);
|
|
||||||
if (!modArgs || !modArgs->LibraryParameters) {
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
- modparms = (unsigned char *) modArgs->LibraryParameters;
|
|
||||||
+ modparms = (char *) modArgs->LibraryParameters;
|
|
||||||
plog("Initialized with %s\n", modparms);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The initialization string format is a space-delimited file of
|
|
||||||
* pairs of paths which are delimited by a semi-colon. The first
|
|
||||||
* entry of the pair is the path to the certificate file. The
|
|
||||||
* second is the path to the key file.
|
|
||||||
*
|
|
||||||
* CA certificates do not need the semi-colon.
|
|
||||||
*
|
|
||||||
* Example:
|
|
||||||
* /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
status =
|
|
||||||
- pem_ParseString((const char *) modparms, ' ', &numcerts,
|
|
||||||
+ pem_ParseString(modparms, ' ', &numcerts,
|
|
||||||
&certstrings);
|
|
||||||
if (status == PR_FALSE) {
|
|
||||||
return CKR_ARGUMENTS_BAD;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 0; i < numcerts && error != PR_TRUE; i++) {
|
|
||||||
char *cert = certstrings[i];
|
|
||||||
PRInt32 attrcount = 0;
|
|
||||||
char **certattrs = NULL;
|
|
||||||
status = pem_ParseString(cert, ';', &attrcount, &certattrs);
|
|
||||||
if (status == PR_FALSE) {
|
|
||||||
error = PR_TRUE;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
2
sources
2
sources
@ -1,4 +1,3 @@
|
|||||||
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
|
|
||||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||||
@ -6,3 +5,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||||
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
|
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
|
||||||
13717d6132b9cba15062ee34020ecd5a nss-3.13.4-stripped.tar.bz2
|
13717d6132b9cba15062ee34020ecd5a nss-3.13.4-stripped.tar.bz2
|
||||||
|
d19159b7f91b94afaf7fa78bba006c13 nss-pem-20120402.tar.bz2
|
||||||
|
Loading…
Reference in New Issue
Block a user