- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13
- Update Requires and BuildRequires nss and nss-util mininimum versions - Add needed line breaks to the keyutil usage message
This commit is contained in:
parent
99a005c95c
commit
b2e5843d92
@ -4,7 +4,7 @@
|
|||||||
Summary: SSL certificate and key management utilities
|
Summary: SSL certificate and key management utilities
|
||||||
Name: crypto-utils
|
Name: crypto-utils
|
||||||
Version: 2.4.1
|
Version: 2.4.1
|
||||||
Release: 32
|
Release: 33
|
||||||
Source: crypto-rand-%{crver}.tar.gz
|
Source: crypto-rand-%{crver}.tar.gz
|
||||||
Source1: genkey.pl
|
Source1: genkey.pl
|
||||||
Source2: certwatch.c
|
Source2: certwatch.c
|
||||||
@ -18,7 +18,6 @@ Source9: pemutil.c
|
|||||||
Source10: keyutil.c
|
Source10: keyutil.c
|
||||||
Source11: certext.c
|
Source11: certext.c
|
||||||
Source12: secutil.c
|
Source12: secutil.c
|
||||||
Source13: secerror.c
|
|
||||||
Source14: keyutil.h
|
Source14: keyutil.h
|
||||||
Source15: secutil.h
|
Source15: secutil.h
|
||||||
Source16: NSPRerrs.h
|
Source16: NSPRerrs.h
|
||||||
@ -29,7 +28,8 @@ License: MIT and GPLv2+
|
|||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||||
BuildRequires: nss-devel, pkgconfig, newt-devel, xmlto
|
BuildRequires: nss-devel, pkgconfig, newt-devel, xmlto
|
||||||
BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker)
|
BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker)
|
||||||
Requires: perl(Newt), nss >= 3.12.2
|
Requires: nss-devel >= 3.13.1, nss-util-devel >= 3.13.1
|
||||||
|
Requires: perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1
|
||||||
Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)")
|
Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)")
|
||||||
Obsoletes: crypto-rand
|
Obsoletes: crypto-rand
|
||||||
|
|
||||||
@ -52,7 +52,6 @@ cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
|
|||||||
$RPM_SOURCE_DIR/keyutil.c \
|
$RPM_SOURCE_DIR/keyutil.c \
|
||||||
$RPM_SOURCE_DIR/certext.c \
|
$RPM_SOURCE_DIR/certext.c \
|
||||||
$RPM_SOURCE_DIR/secutil.c \
|
$RPM_SOURCE_DIR/secutil.c \
|
||||||
$RPM_SOURCE_DIR/secerror.c \
|
|
||||||
-o keyutil -lplc4 -lnspr4 -lnss3
|
-o keyutil -lplc4 -lnspr4 -lnss3
|
||||||
|
|
||||||
cc $RPM_OPT_FLAGS -Wall -Werror \
|
cc $RPM_OPT_FLAGS -Wall -Werror \
|
||||||
@ -131,6 +130,11 @@ chmod -R u+w $RPM_BUILD_ROOT
|
|||||||
%{perl_vendorarch}/auto/Crypt
|
%{perl_vendorarch}/auto/Crypt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 01 2012 Elio Maldonado <emaldona@redhat.com> - 2.4.1-33
|
||||||
|
- Resolves: Bug 782142 - keyutil should use error string utilities provided by nss since 3.13
|
||||||
|
- Update Requires and BuildRequires nss and nss-util mininimum versions
|
||||||
|
- Add needed line breaks to the keyutil usage message
|
||||||
|
|
||||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.1-32
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.1-32
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
47
keyutil.c
47
keyutil.c
@ -87,6 +87,7 @@
|
|||||||
|
|
||||||
#include <prerror.h>
|
#include <prerror.h>
|
||||||
#include <secerr.h>
|
#include <secerr.h>
|
||||||
|
#include <secport.h>
|
||||||
|
|
||||||
#include <nspr.h>
|
#include <nspr.h>
|
||||||
#include <nss.h>
|
#include <nss.h>
|
||||||
@ -210,21 +211,21 @@ static void
|
|||||||
Usage(char *progName)
|
Usage(char *progName)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "Usage: %s [options] arguments\n", progName);
|
fprintf(stderr, "Usage: %s [options] arguments\n", progName);
|
||||||
fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]");
|
fprintf(stderr, "{-c|--command} command, one of [genreq|makecert]\n");
|
||||||
fprintf(stderr, "{-r|--renew} cert-to-renew the file with the certifificast to renew");
|
fprintf(stderr, "{-r|--renew} cert-to-renew the file with the certifificast to renew\n");
|
||||||
fprintf(stderr, "{-s|--subject} subject subject distinguished name");
|
fprintf(stderr, "{-s|--subject} subject subject distinguished name");
|
||||||
fprintf(stderr, "{-g|--gsize} key_size size in bitsof the rsa key to generate");
|
fprintf(stderr, "{-g|--gsize} key_size size in bitsof the rsa key to generate\n");
|
||||||
fprintf(stderr, "{-v|--validity} months cert validity in months");
|
fprintf(stderr, "{-v|--validity} months cert validity in months");
|
||||||
fprintf(stderr, "{-z|--znoisefile} noisefile seed file for use in key gneration");
|
fprintf(stderr, "{-z|--znoisefile} noisefile seed file for use in key generation\n");
|
||||||
fprintf(stderr, "{-e|--encpwd} keypwd key encryption_password");
|
fprintf(stderr, "{-e|--encpwd} keypwd key encryption_password\n");
|
||||||
fprintf(stderr, "{-f|--filepwdnss} modpwdfile file with the module access_password");
|
fprintf(stderr, "{-f|--filepwdnss} modpwdfile file with the module access_password\n");
|
||||||
fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm");
|
fprintf(stderr, "{-d|--digest} digest-algorithm digest algorithm\n");
|
||||||
fprintf(stderr, "{-i|--input} inputkey-file file with key with which to encrypt or to sign a request");
|
fprintf(stderr, "{-i|--input} inputkey-file file with key with which to encrypt or to sign a request\n");
|
||||||
fprintf(stderr, "{-p|--passout} pbe-password the password for encrypting of the key");
|
fprintf(stderr, "{-p|--passout} pbe-password the password for encrypting of the key\n");
|
||||||
fprintf(stderr, "{-o|--output} out-file output file for a csr or cert");
|
fprintf(stderr, "{-o|--output} out-file output file for a csr or cert\n");
|
||||||
fprintf(stderr, "{-k|--keyfile} out-key-file output key file, with csr or certgen");
|
fprintf(stderr, "{-k|--keyfile} out-key-file output key file, with csr or certgen\n");
|
||||||
fprintf(stderr, "{-t|--cacert} indicates that cert renewal is for a ca");
|
fprintf(stderr, "{-t|--cacert} indicates that cert renewal is for a ca\n");
|
||||||
fprintf(stderr, "{-h|--help} print this help message");
|
fprintf(stderr, "{-h|--help} print this help message\n");
|
||||||
fprintf(stderr, "\n");
|
fprintf(stderr, "\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
@ -326,7 +327,7 @@ static SECStatus loadCert(
|
|||||||
if (!genericObjCert) {
|
if (!genericObjCert) {
|
||||||
rv = PR_GetError();
|
rv = PR_GetError();
|
||||||
SECU_PrintError(progName,
|
SECU_PrintError(progName,
|
||||||
"Unable to create object for cert, (%s)", SECU_Strerror(rv));
|
"Unable to create object for cert, (%s)", PORT_ErrorToString(rv));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!cacert) {
|
if (!cacert) {
|
||||||
@ -391,7 +392,7 @@ static SECStatus loadKey(
|
|||||||
rv = SEC_ERROR_BAD_KEY;
|
rv = SEC_ERROR_BAD_KEY;
|
||||||
PR_SetError(rv, 0);
|
PR_SetError(rv, 0);
|
||||||
SECU_PrintError(progName ? progName : "keyutil",
|
SECU_PrintError(progName ? progName : "keyutil",
|
||||||
"Unable to create key object (%s)\n", SECU_Strerror(rv));
|
"Unable to create key object (%s)\n", PORT_ErrorToString(rv));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -403,7 +404,7 @@ static SECStatus loadKey(
|
|||||||
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
|
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
|
||||||
if (rv != SECSuccess) {
|
if (rv != SECSuccess) {
|
||||||
SECU_PrintError(progName ? progName : "keyutil",
|
SECU_PrintError(progName ? progName : "keyutil",
|
||||||
"Can't authenticate\n", SECU_Strerror(rv));
|
"Can't authenticate\n", PORT_ErrorToString(rv));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -417,7 +418,7 @@ static SECStatus loadKey(
|
|||||||
if (!privkey) {
|
if (!privkey) {
|
||||||
rv = PR_GetError();
|
rv = PR_GetError();
|
||||||
SECU_PrintError(progName ? progName : "keyutil",
|
SECU_PrintError(progName ? progName : "keyutil",
|
||||||
"Unable to find the key for cert, (%s)\n", SECU_Strerror(rv));
|
"Unable to find the key for cert, (%s)\n", PORT_ErrorToString(rv));
|
||||||
GEN_BREAK(SECFailure);
|
GEN_BREAK(SECFailure);
|
||||||
}
|
}
|
||||||
rv = SECSuccess;
|
rv = SECSuccess;
|
||||||
@ -498,7 +499,7 @@ static SECStatus extractRSAKeysAndSubject(
|
|||||||
if (!*pubkey) {
|
if (!*pubkey) {
|
||||||
SECU_PrintError(progName,
|
SECU_PrintError(progName,
|
||||||
"Could not get public key from cert, (%s)\n",
|
"Could not get public key from cert, (%s)\n",
|
||||||
SECU_Strerror(PR_GetError()));
|
PORT_ErrorToString(PR_GetError()));
|
||||||
GEN_BREAK(SECFailure);
|
GEN_BREAK(SECFailure);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -507,12 +508,12 @@ static SECStatus extractRSAKeysAndSubject(
|
|||||||
rv = PR_GetError();
|
rv = PR_GetError();
|
||||||
SECU_PrintError(progName,
|
SECU_PrintError(progName,
|
||||||
"Unable to find the key with PK11_FindKeyByDERCert, (%s)\n",
|
"Unable to find the key with PK11_FindKeyByDERCert, (%s)\n",
|
||||||
SECU_Strerror(rv));
|
PORT_ErrorToString(rv));
|
||||||
*privkey= PK11_FindKeyByAnyCert(cert, &pwdata);
|
*privkey= PK11_FindKeyByAnyCert(cert, &pwdata);
|
||||||
rv = PR_GetError();
|
rv = PR_GetError();
|
||||||
SECU_PrintError(progName,
|
SECU_PrintError(progName,
|
||||||
"Unable to find the key with PK11_FindKeyByAnyCert, (%s)\n",
|
"Unable to find the key with PK11_FindKeyByAnyCert, (%s)\n",
|
||||||
SECU_Strerror(rv));
|
PORT_ErrorToString(rv));
|
||||||
GEN_BREAK(SECFailure);
|
GEN_BREAK(SECFailure);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -944,7 +945,7 @@ CreateCert(
|
|||||||
*outCert = subjectCert;
|
*outCert = subjectCert;
|
||||||
} else {
|
} else {
|
||||||
PRErrorCode perr = PR_GetError();
|
PRErrorCode perr = PR_GetError();
|
||||||
SECU_PrintError(progName, "Unable to create cert, (%s)\n", SECU_Strerror(perr));
|
SECU_PrintError(progName, "Unable to create cert, (%s)\n", PORT_ErrorToString(perr));
|
||||||
if (subjectCert)
|
if (subjectCert)
|
||||||
CERT_DestroyCertificate (subjectCert);
|
CERT_DestroyCertificate (subjectCert);
|
||||||
}
|
}
|
||||||
@ -1268,7 +1269,7 @@ KeyOut(const char *keyoutfile,
|
|||||||
if (!encryptedKeyDER) {
|
if (!encryptedKeyDER) {
|
||||||
rv = PR_GetError();
|
rv = PR_GetError();
|
||||||
SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
|
SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
|
||||||
SECU_Strerror(rv));
|
PORT_ErrorToString(rv));
|
||||||
GEN_BREAK(rv);
|
GEN_BREAK(rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1535,7 +1536,7 @@ static int keyutil_main(
|
|||||||
PR_Close(outFile);
|
PR_Close(outFile);
|
||||||
if (rv) {
|
if (rv) {
|
||||||
SECU_PrintError(progName ? progName : "keyutil",
|
SECU_PrintError(progName ? progName : "keyutil",
|
||||||
"CertReq failed: \"%s\"\n", SECU_Strerror(rv));
|
"CertReq failed: \"%s\"\n", PORT_ErrorToString(rv));
|
||||||
rv = 255;
|
rv = 255;
|
||||||
goto shutdown;
|
goto shutdown;
|
||||||
}
|
}
|
||||||
|
111
secerror.c
111
secerror.c
@ -1,111 +0,0 @@
|
|||||||
/* ***** BEGIN LICENSE BLOCK *****
|
|
||||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
||||||
*
|
|
||||||
* The contents of this file are subject to the Mozilla Public License Version
|
|
||||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
||||||
* the License. You may obtain a copy of the License at
|
|
||||||
* http://www.mozilla.org/MPL/
|
|
||||||
*
|
|
||||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
||||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
||||||
* for the specific language governing rights and limitations under the
|
|
||||||
* License.
|
|
||||||
*
|
|
||||||
* The Original Code is the Netscape security libraries.
|
|
||||||
*
|
|
||||||
* The Initial Developer of the Original Code is
|
|
||||||
* Netscape Communications Corporation.
|
|
||||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
||||||
* the Initial Developer. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Contributor(s):
|
|
||||||
*
|
|
||||||
* Alternatively, the contents of this file may be used under the terms of
|
|
||||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
||||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
||||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
||||||
* of those above. If you wish to allow use of your version of this file only
|
|
||||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
||||||
* use your version of this file under the terms of the MPL, indicate your
|
|
||||||
* decision by deleting the provisions above and replace them with the notice
|
|
||||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
||||||
* the provisions above, a recipient may use your version of this file under
|
|
||||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
||||||
*
|
|
||||||
* ***** END LICENSE BLOCK ***** */
|
|
||||||
#include <nspr.h>
|
|
||||||
|
|
||||||
struct tuple_str {
|
|
||||||
PRErrorCode errNum;
|
|
||||||
const char * errString;
|
|
||||||
};
|
|
||||||
|
|
||||||
typedef struct tuple_str tuple_str;
|
|
||||||
|
|
||||||
#define ER2(a,b) {a, b},
|
|
||||||
#define ER3(a,b,c) {a, c},
|
|
||||||
|
|
||||||
#include <secerr.h>
|
|
||||||
#include <sslerr.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
const tuple_str errStrings[] = {
|
|
||||||
|
|
||||||
/* keep this list in asceding order of error numbers */
|
|
||||||
/* SSLerrs.h not needed */
|
|
||||||
#include "SECerrs.h"
|
|
||||||
#include "NSPRerrs.h"
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
|
|
||||||
|
|
||||||
/* Returns a UTF-8 encoded constant error string for "errNum".
|
|
||||||
* Returns NULL of errNum is unknown.
|
|
||||||
*/
|
|
||||||
const char *
|
|
||||||
SECU_Strerror(PRErrorCode errNum) {
|
|
||||||
PRInt32 low = 0;
|
|
||||||
PRInt32 high = numStrings - 1;
|
|
||||||
PRInt32 i;
|
|
||||||
PRErrorCode num;
|
|
||||||
static int initDone;
|
|
||||||
|
|
||||||
/* make sure table is in ascending order.
|
|
||||||
* binary search depends on it.
|
|
||||||
*/
|
|
||||||
if (!initDone) {
|
|
||||||
PRErrorCode lastNum = ((PRInt32)0x80000000);
|
|
||||||
for (i = low; i <= high; ++i) {
|
|
||||||
num = errStrings[i].errNum;
|
|
||||||
if (num <= lastNum) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"sequence error in error strings at item %d\n"
|
|
||||||
"error %d (%s)\n"
|
|
||||||
"should come after \n"
|
|
||||||
"error %d (%s)\n",
|
|
||||||
i, lastNum, errStrings[i-1].errString,
|
|
||||||
num, errStrings[i].errString);
|
|
||||||
}
|
|
||||||
lastNum = num;
|
|
||||||
}
|
|
||||||
initDone = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Do binary search of table. */
|
|
||||||
while (low + 1 < high) {
|
|
||||||
i = (low + high) / 2;
|
|
||||||
num = errStrings[i].errNum;
|
|
||||||
if (errNum == num)
|
|
||||||
return errStrings[i].errString;
|
|
||||||
if (errNum < num)
|
|
||||||
high = i;
|
|
||||||
else
|
|
||||||
low = i;
|
|
||||||
}
|
|
||||||
if (errNum == errStrings[low].errNum)
|
|
||||||
return errStrings[low].errString;
|
|
||||||
if (errNum == errStrings[high].errNum)
|
|
||||||
return errStrings[high].errString;
|
|
||||||
return NULL;
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user