- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13

- Update Requires and BuildRequires nss and nss-util mininimum versions - Add needed line breaks to the keyutil usage message
2012-02-01 16:46:57 -08:00 · 2012-02-01 16:46:57 -08:00 · b2e5843d92
parent 99a005c95c
commit b2e5843d92
3 changed files with 32 additions and 138 deletions
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.4.1
-Release: 32
+Release: 33
 Source: crypto-rand-%{crver}.tar.gz
 Source1: genkey.pl
 Source2: certwatch.c
@ -18,7 +18,6 @@ Source9: pemutil.c
 Source10: keyutil.c
 Source11: certext.c
 Source12: secutil.c
-Source13: secerror.c
 Source14: keyutil.h
 Source15: secutil.h
 Source16: NSPRerrs.h
@ -29,7 +28,8 @@ License: MIT and GPLv2+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: nss-devel, pkgconfig, newt-devel, xmlto
 BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker)
-Requires: perl(Newt), nss >= 3.12.2
+Requires: nss-devel >= 3.13.1, nss-util-devel >= 3.13.1
+Requires: perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1
 Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)")
 Obsoletes: crypto-rand

@ -52,7 +52,6 @@ cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
   $RPM_SOURCE_DIR/keyutil.c \
   $RPM_SOURCE_DIR/certext.c \
   $RPM_SOURCE_DIR/secutil.c \
-   $RPM_SOURCE_DIR/secerror.c \
   -o keyutil -lplc4 -lnspr4 -lnss3

 cc $RPM_OPT_FLAGS -Wall -Werror \
@ -131,6 +130,11 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt

 %changelog
+* Wed Feb 01 2012 Elio Maldonado <emaldona@redhat.com> - 2.4.1-33
+- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13
+- Update Requires and BuildRequires nss and nss-util mininimum versions
+- Add needed line breaks to the keyutil usage message 
+
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.1-32
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

--- a/keyutil.c
+++ b/keyutil.c
@ -87,6 +87,7 @@

 #include <prerror.h>
 #include <secerr.h>
+#include <secport.h>

 #include <nspr.h>
 #include <nss.h>
@ -210,21 +211,21 @@ static void
 Usage(char *progName)
 {
    fprintf(stderr, "Usage: %s [options] arguments\n", progName);
-    fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]");
-    fprintf(stderr, "{-r|--renew} cert-to-renew     the file with the certifificast to renew");
+    fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]\n");
+    fprintf(stderr, "{-r|--renew} cert-to-renew     the file with the certifificast to renew\n");
    fprintf(stderr, "{-s|--subject} subject         subject distinguished name");
-    fprintf(stderr, "{-g|--gsize} key_size          size in bitsof the rsa key to generate");
+    fprintf(stderr, "{-g|--gsize} key_size          size in bitsof the rsa key to generate\n");
    fprintf(stderr, "{-v|--validity} months         cert validity in months");
-    fprintf(stderr, "{-z|--znoisefile} noisefile    seed file for use in key gneration");
-    fprintf(stderr, "{-e|--encpwd} keypwd           key encryption_password");
-    fprintf(stderr, "{-f|--filepwdnss} modpwdfile   file with the module access_password");
-    fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm");
-    fprintf(stderr, "{-i|--input} inputkey-file     file with key with which to encrypt or to sign a request");
-    fprintf(stderr, "{-p|--passout} pbe-password    the password for encrypting of the key");
-    fprintf(stderr, "{-o|--output} out-file         output file for a csr or cert");
-    fprintf(stderr, "{-k|--keyfile} out-key-file    output key file, with csr or certgen");
-    fprintf(stderr, "{-t|--cacert}                  indicates that cert renewal is for a ca");
-    fprintf(stderr, "{-h|--help}                    print this help message");
+    fprintf(stderr, "{-z|--znoisefile} noisefile    seed file for use in key generation\n");
+    fprintf(stderr, "{-e|--encpwd} keypwd           key encryption_password\n");
+    fprintf(stderr, "{-f|--filepwdnss} modpwdfile   file with the module access_password\n");
+    fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm\n");
+    fprintf(stderr, "{-i|--input} inputkey-file     file with key with which to encrypt or to sign a request\n");
+    fprintf(stderr, "{-p|--passout} pbe-password    the password for encrypting of the key\n");
+    fprintf(stderr, "{-o|--output} out-file         output file for a csr or cert\n");
+    fprintf(stderr, "{-k|--keyfile} out-key-file    output key file, with csr or certgen\n");
+    fprintf(stderr, "{-t|--cacert}                  indicates that cert renewal is for a ca\n");
+    fprintf(stderr, "{-h|--help}                    print this help message\n");
    fprintf(stderr, "\n");
    exit(1);
 }
@ -326,7 +327,7 @@ static SECStatus loadCert(
        if (!genericObjCert) {
            rv = PR_GetError();
            SECU_PrintError(progName,
-                "Unable to create object for cert, (%s)", SECU_Strerror(rv));
+                "Unable to create object for cert, (%s)", PORT_ErrorToString(rv));
            break;
        }
        if (!cacert) {
@ -391,7 +392,7 @@ static SECStatus loadKey(
            rv = SEC_ERROR_BAD_KEY;
            PR_SetError(rv, 0);
            SECU_PrintError(progName ? progName : "keyutil",
-                "Unable to create key object (%s)\n", SECU_Strerror(rv));
+                "Unable to create key object (%s)\n", PORT_ErrorToString(rv));
            break;
        }

@ -403,7 +404,7 @@ static SECStatus loadKey(
        rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
        if (rv != SECSuccess) {
            SECU_PrintError(progName ? progName : "keyutil",
-                "Can't authenticate\n", SECU_Strerror(rv));
+                "Can't authenticate\n", PORT_ErrorToString(rv));
            break;
        }

@ -417,7 +418,7 @@ static SECStatus loadKey(
        if (!privkey) {
            rv = PR_GetError();
            SECU_PrintError(progName ? progName : "keyutil",
-                "Unable to find the key for cert, (%s)\n", SECU_Strerror(rv));
+                "Unable to find the key for cert, (%s)\n", PORT_ErrorToString(rv));
            GEN_BREAK(SECFailure);
        }
        rv = SECSuccess;
@ -498,7 +499,7 @@ static SECStatus extractRSAKeysAndSubject(
        if (!*pubkey) {
            SECU_PrintError(progName,
                "Could not get public key from cert, (%s)\n",
-                SECU_Strerror(PR_GetError()));
+                PORT_ErrorToString(PR_GetError()));
            GEN_BREAK(SECFailure);
        }

@ -507,12 +508,12 @@ static SECStatus extractRSAKeysAndSubject(
            rv = PR_GetError();
            SECU_PrintError(progName,
                "Unable to find the key with PK11_FindKeyByDERCert, (%s)\n",
-                SECU_Strerror(rv));
+                PORT_ErrorToString(rv));
            *privkey= PK11_FindKeyByAnyCert(cert, &pwdata);
            rv = PR_GetError();
            SECU_PrintError(progName,
                "Unable to find the key with PK11_FindKeyByAnyCert, (%s)\n",
-                SECU_Strerror(rv));
+                PORT_ErrorToString(rv));
            GEN_BREAK(SECFailure);
        }

@ -944,7 +945,7 @@ CreateCert(
        *outCert = subjectCert;
    } else {
        PRErrorCode  perr = PR_GetError();
-        SECU_PrintError(progName, "Unable to create cert, (%s)\n", SECU_Strerror(perr));
+        SECU_PrintError(progName, "Unable to create cert, (%s)\n", PORT_ErrorToString(perr));
        if (subjectCert)
            CERT_DestroyCertificate (subjectCert);
    }
@ -1268,7 +1269,7 @@ KeyOut(const char *keyoutfile,
            if (!encryptedKeyDER) {
                rv = PR_GetError();
            	SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
-                    SECU_Strerror(rv));
+                    PORT_ErrorToString(rv));
                GEN_BREAK(rv);
            }

@ -1535,7 +1536,7 @@ static int keyutil_main(
    PR_Close(outFile);
    if (rv) {
        SECU_PrintError(progName ? progName : "keyutil",
-                "CertReq failed: \"%s\"\n", SECU_Strerror(rv));
+                "CertReq failed: \"%s\"\n", PORT_ErrorToString(rv));
        rv = 255;
        goto shutdown;
    }
--- a/secerror.c
+++ b/secerror.c
@ -1,111 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include <nspr.h>
-
-struct tuple_str {
-    PRErrorCode  errNum;
-    const char * errString;
-};
-
-typedef struct tuple_str tuple_str;
-
-#define ER2(a,b)   {a, b},
-#define ER3(a,b,c) {a, c},
-
-#include <secerr.h>
-#include <sslerr.h>
-#include <stdio.h>
-
-const tuple_str errStrings[] = {
-
-/* keep this list in asceding order of error numbers */
-/* SSLerrs.h not needed */
-#include "SECerrs.h"
-#include "NSPRerrs.h"
-
-};
-
-const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
-
-/* Returns a UTF-8 encoded constant error string for "errNum".
- * Returns NULL of errNum is unknown.
- */
-const char *
-SECU_Strerror(PRErrorCode errNum) {
-    PRInt32 low  = 0;
-    PRInt32 high = numStrings - 1;
-    PRInt32 i;
-    PRErrorCode num;
-    static int initDone;
-
-    /* make sure table is in ascending order.
-     * binary search depends on it.
-     */
-    if (!initDone) {
-        PRErrorCode lastNum = ((PRInt32)0x80000000);
-        for (i = low; i <= high; ++i) {
-            num = errStrings[i].errNum;
-            if (num <= lastNum) {
-                fprintf(stderr, 
-"sequence error in error strings at item %d\n"
-"error %d (%s)\n"
-"should come after \n"
-"error %d (%s)\n",
-                i, lastNum, errStrings[i-1].errString, 
-                num, errStrings[i].errString);
-            }
-            lastNum = num;
-        }
-        initDone = 1;
-    }
-
-    /* Do binary search of table. */
-    while (low + 1 < high) {
-        i = (low + high) / 2;
-        num = errStrings[i].errNum;
-        if (errNum == num) 
-            return errStrings[i].errString;
-        if (errNum < num)
-            high = i;
-        else 
-            low = i;
-    }
-    if (errNum == errStrings[low].errNum)
-        return errStrings[low].errString;
-    if (errNum == errStrings[high].errNum)
-        return errStrings[high].errString;
-    return NULL;
-}