diff --git a/crypto-utils.spec b/crypto-utils.spec index 21649d8..4de4683 100644 --- a/crypto-utils.spec +++ b/crypto-utils.spec @@ -4,7 +4,7 @@ Summary: SSL certificate and key management utilities Name: crypto-utils Version: 2.4.1 -Release: 32 +Release: 33 Source: crypto-rand-%{crver}.tar.gz Source1: genkey.pl Source2: certwatch.c @@ -18,7 +18,6 @@ Source9: pemutil.c Source10: keyutil.c Source11: certext.c Source12: secutil.c -Source13: secerror.c Source14: keyutil.h Source15: secutil.h Source16: NSPRerrs.h @@ -29,7 +28,8 @@ License: MIT and GPLv2+ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: nss-devel, pkgconfig, newt-devel, xmlto BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker) -Requires: perl(Newt), nss >= 3.12.2 +Requires: nss-devel >= 3.13.1, nss-util-devel >= 3.13.1 +Requires: perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1 Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)") Obsoletes: crypto-rand @@ -52,7 +52,6 @@ cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \ $RPM_SOURCE_DIR/keyutil.c \ $RPM_SOURCE_DIR/certext.c \ $RPM_SOURCE_DIR/secutil.c \ - $RPM_SOURCE_DIR/secerror.c \ -o keyutil -lplc4 -lnspr4 -lnss3 cc $RPM_OPT_FLAGS -Wall -Werror \ @@ -131,6 +130,11 @@ chmod -R u+w $RPM_BUILD_ROOT %{perl_vendorarch}/auto/Crypt %changelog +* Wed Feb 01 2012 Elio Maldonado - 2.4.1-33 +- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13 +- Update Requires and BuildRequires nss and nss-util mininimum versions +- Add needed line breaks to the keyutil usage message + * Fri Jan 13 2012 Fedora Release Engineering - 2.4.1-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild diff --git a/keyutil.c b/keyutil.c index 253f5ef..1f50d40 100755 --- a/keyutil.c +++ b/keyutil.c @@ -87,6 +87,7 @@ #include #include +#include #include #include @@ -210,21 +211,21 @@ static void Usage(char *progName) { fprintf(stderr, "Usage: %s [options] arguments\n", progName); - fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]"); - fprintf(stderr, "{-r|--renew} cert-to-renew the file with the certifificast to renew"); + fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]\n"); + fprintf(stderr, "{-r|--renew} cert-to-renew the file with the certifificast to renew\n"); fprintf(stderr, "{-s|--subject} subject subject distinguished name"); - fprintf(stderr, "{-g|--gsize} key_size size in bitsof the rsa key to generate"); + fprintf(stderr, "{-g|--gsize} key_size size in bitsof the rsa key to generate\n"); fprintf(stderr, "{-v|--validity} months cert validity in months"); - fprintf(stderr, "{-z|--znoisefile} noisefile seed file for use in key gneration"); - fprintf(stderr, "{-e|--encpwd} keypwd key encryption_password"); - fprintf(stderr, "{-f|--filepwdnss} modpwdfile file with the module access_password"); - fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm"); - fprintf(stderr, "{-i|--input} inputkey-file file with key with which to encrypt or to sign a request"); - fprintf(stderr, "{-p|--passout} pbe-password the password for encrypting of the key"); - fprintf(stderr, "{-o|--output} out-file output file for a csr or cert"); - fprintf(stderr, "{-k|--keyfile} out-key-file output key file, with csr or certgen"); - fprintf(stderr, "{-t|--cacert} indicates that cert renewal is for a ca"); - fprintf(stderr, "{-h|--help} print this help message"); + fprintf(stderr, "{-z|--znoisefile} noisefile seed file for use in key generation\n"); + fprintf(stderr, "{-e|--encpwd} keypwd key encryption_password\n"); + fprintf(stderr, "{-f|--filepwdnss} modpwdfile file with the module access_password\n"); + fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm\n"); + fprintf(stderr, "{-i|--input} inputkey-file file with key with which to encrypt or to sign a request\n"); + fprintf(stderr, "{-p|--passout} pbe-password the password for encrypting of the key\n"); + fprintf(stderr, "{-o|--output} out-file output file for a csr or cert\n"); + fprintf(stderr, "{-k|--keyfile} out-key-file output key file, with csr or certgen\n"); + fprintf(stderr, "{-t|--cacert} indicates that cert renewal is for a ca\n"); + fprintf(stderr, "{-h|--help} print this help message\n"); fprintf(stderr, "\n"); exit(1); } @@ -326,7 +327,7 @@ static SECStatus loadCert( if (!genericObjCert) { rv = PR_GetError(); SECU_PrintError(progName, - "Unable to create object for cert, (%s)", SECU_Strerror(rv)); + "Unable to create object for cert, (%s)", PORT_ErrorToString(rv)); break; } if (!cacert) { @@ -391,7 +392,7 @@ static SECStatus loadKey( rv = SEC_ERROR_BAD_KEY; PR_SetError(rv, 0); SECU_PrintError(progName ? progName : "keyutil", - "Unable to create key object (%s)\n", SECU_Strerror(rv)); + "Unable to create key object (%s)\n", PORT_ErrorToString(rv)); break; } @@ -403,7 +404,7 @@ static SECStatus loadKey( rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) { SECU_PrintError(progName ? progName : "keyutil", - "Can't authenticate\n", SECU_Strerror(rv)); + "Can't authenticate\n", PORT_ErrorToString(rv)); break; } @@ -417,7 +418,7 @@ static SECStatus loadKey( if (!privkey) { rv = PR_GetError(); SECU_PrintError(progName ? progName : "keyutil", - "Unable to find the key for cert, (%s)\n", SECU_Strerror(rv)); + "Unable to find the key for cert, (%s)\n", PORT_ErrorToString(rv)); GEN_BREAK(SECFailure); } rv = SECSuccess; @@ -498,7 +499,7 @@ static SECStatus extractRSAKeysAndSubject( if (!*pubkey) { SECU_PrintError(progName, "Could not get public key from cert, (%s)\n", - SECU_Strerror(PR_GetError())); + PORT_ErrorToString(PR_GetError())); GEN_BREAK(SECFailure); } @@ -507,12 +508,12 @@ static SECStatus extractRSAKeysAndSubject( rv = PR_GetError(); SECU_PrintError(progName, "Unable to find the key with PK11_FindKeyByDERCert, (%s)\n", - SECU_Strerror(rv)); + PORT_ErrorToString(rv)); *privkey= PK11_FindKeyByAnyCert(cert, &pwdata); rv = PR_GetError(); SECU_PrintError(progName, "Unable to find the key with PK11_FindKeyByAnyCert, (%s)\n", - SECU_Strerror(rv)); + PORT_ErrorToString(rv)); GEN_BREAK(SECFailure); } @@ -944,7 +945,7 @@ CreateCert( *outCert = subjectCert; } else { PRErrorCode perr = PR_GetError(); - SECU_PrintError(progName, "Unable to create cert, (%s)\n", SECU_Strerror(perr)); + SECU_PrintError(progName, "Unable to create cert, (%s)\n", PORT_ErrorToString(perr)); if (subjectCert) CERT_DestroyCertificate (subjectCert); } @@ -1268,7 +1269,7 @@ KeyOut(const char *keyoutfile, if (!encryptedKeyDER) { rv = PR_GetError(); SECU_PrintError(progName, "ASN1 Encode failed (%s)\n", - SECU_Strerror(rv)); + PORT_ErrorToString(rv)); GEN_BREAK(rv); } @@ -1535,7 +1536,7 @@ static int keyutil_main( PR_Close(outFile); if (rv) { SECU_PrintError(progName ? progName : "keyutil", - "CertReq failed: \"%s\"\n", SECU_Strerror(rv)); + "CertReq failed: \"%s\"\n", PORT_ErrorToString(rv)); rv = 255; goto shutdown; } diff --git a/secerror.c b/secerror.c deleted file mode 100755 index 71a9687..0000000 --- a/secerror.c +++ /dev/null @@ -1,111 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#include - -struct tuple_str { - PRErrorCode errNum; - const char * errString; -}; - -typedef struct tuple_str tuple_str; - -#define ER2(a,b) {a, b}, -#define ER3(a,b,c) {a, c}, - -#include -#include -#include - -const tuple_str errStrings[] = { - -/* keep this list in asceding order of error numbers */ -/* SSLerrs.h not needed */ -#include "SECerrs.h" -#include "NSPRerrs.h" - -}; - -const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); - -/* Returns a UTF-8 encoded constant error string for "errNum". - * Returns NULL of errNum is unknown. - */ -const char * -SECU_Strerror(PRErrorCode errNum) { - PRInt32 low = 0; - PRInt32 high = numStrings - 1; - PRInt32 i; - PRErrorCode num; - static int initDone; - - /* make sure table is in ascending order. - * binary search depends on it. - */ - if (!initDone) { - PRErrorCode lastNum = ((PRInt32)0x80000000); - for (i = low; i <= high; ++i) { - num = errStrings[i].errNum; - if (num <= lastNum) { - fprintf(stderr, -"sequence error in error strings at item %d\n" -"error %d (%s)\n" -"should come after \n" -"error %d (%s)\n", - i, lastNum, errStrings[i-1].errString, - num, errStrings[i].errString); - } - lastNum = num; - } - initDone = 1; - } - - /* Do binary search of table. */ - while (low + 1 < high) { - i = (low + high) / 2; - num = errStrings[i].errNum; - if (errNum == num) - return errStrings[i].errString; - if (errNum < num) - high = i; - else - low = i; - } - if (errNum == errStrings[low].errNum) - return errStrings[low].errString; - if (errNum == errStrings[high].errNum) - return errStrings[high].errString; - return NULL; -}