Fix so the encoded cert and key can be written out on cert generation

2009-02-20 23:00:35 +00:00 · 2009-02-20 23:00:35 +00:00 · d5546fea8f
commit d5546fea8f
parent 02c6f8a15d
1 changed files with 156 additions and 154 deletions
--- a/keyutil.c
+++ b/keyutil.c
@ -1221,8 +1221,8 @@ KeyOut(const char *keyoutfile,
    PRFileDesc *keyOutFile = NULL;
    PRUint32 total = 0;
    PRUint32 numBytes = 0;
-    SECItem *derEPKI = NULL;
-    SECItem derPKI = { 0, NULL, 0 };
+    SECItem *encryptedKeyDER = NULL;
+    SECItem clearKeyDER = { 0, NULL, 0 };
    SECItem pwitem = { 0, NULL, 0 };
    PRArenaPool *arenaForEPKI = NULL;
    PLArenaPool *arenaForPKI = NULL;
@ -1268,9 +1268,9 @@ KeyOut(const char *keyoutfile,

        if (keyEncPwd) {
            /* NULL dest to let it allocate memory for us */
-            derEPKI = SEC_ASN1EncodeItem(arenaForEPKI, NULL, epki,
+            encryptedKeyDER = SEC_ASN1EncodeItem(arenaForEPKI, NULL, epki,
                SECKEY_EncryptedPrivateKeyInfoTemplate);
-            if (!derEPKI) {
+            if (!encryptedKeyDER) {
                rv = PR_GetError();
            	SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
                    SECU_Strerror(rv));
@ -1285,27 +1285,29 @@ KeyOut(const char *keyoutfile,
                GEN_BREAK(PR_OUT_OF_MEMORY_ERROR);
            }

-            derPKI.data = PORT_ArenaAlloc(arenaForPKI, epki->encryptedData.len);
-            derPKI.len = epki->encryptedData.len;
-            derPKI.type = siBuffer;
+            clearKeyDER.data = PORT_ArenaAlloc(arenaForPKI, epki->encryptedData.len);
+            clearKeyDER.len = epki->encryptedData.len;
+            clearKeyDER.type = siBuffer;

-            rv = DecryptKey(epki, algTag, &pwitem, pwdata, &derPKI);
-            if (rv) {
+            rv = DecryptKey(epki, algTag, &pwitem, pwdata, &clearKeyDER);
+            if (rv != SECSuccess) {
                GEN_BREAK(rv);
            }
        }

        if (ascii) {
            /* we could be exporting a clear or encrypted key */
-            SECItem *src  = keyEncPwd ? derEPKI : &derPKI;
+            SECItem *src  = keyEncPwd ? encryptedKeyDER : &clearKeyDER;
            char *header  = keyEncPwd ? ENCRYPTED_KEY_HEADER : KEY_HEADER;
            char *trailer = keyEncPwd ? ENCRYPTED_KEY_TRAILER : KEY_TRAILER;
            char *b64 = NULL;
            do {

                b64 = BTOA_ConvertItemToAscii(src);
-                if (b64)
-                	break;
+                if (!b64) {
+                    rv = 255;
+                	GEN_BREAK(rv);
+                }

                total = PL_strlen(b64);

@ -1329,18 +1331,18 @@ KeyOut(const char *keyoutfile,
        } else {
            if (keyEncPwd) {
            	/* Write out the encrypted key */
-                numBytes = PR_Write(keyOutFile, derEPKI, derEPKI->len);
+                numBytes = PR_Write(keyOutFile, encryptedKeyDER, encryptedKeyDER->len);
            } else {
            	/* Write out the unencrypted key */
-                numBytes = PR_Write(keyOutFile, &derPKI, derPKI.len);
-                if (numBytes != derEPKI->len) {
-                    printf("Wrote  %d bytes, instead of %d\n", numBytes, derPKI.len);
+                numBytes = PR_Write(keyOutFile, &clearKeyDER, clearKeyDER.len);
+                if (numBytes != clearKeyDER.len) {
+                    printf("Wrote  %d bytes, instead of %d\n", numBytes, clearKeyDER.len);
                }
            }
        }

-        printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile);
-        /* can we read it and reverse operations */
+        if (rv == SECSuccess)
+            printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile);

    } while (0);

@ -1468,6 +1470,12 @@ static int keyutil_main(
         * This is a certificate signing request for a new cert,
         * will generate a key pair
         */
+
+        if (!subjectstr) {
+            SECU_PrintError(progName, "subject string was NULL\n");
+            rv = 255;
+            goto shutdown;
+        }
        slot = PK11_GetInternalKeySlot(); /* PK11_GetInternalSlot() ? */

        privkey = GenerateRSAPrivateKey(keytype, slot,
@ -1480,11 +1488,6 @@ static int keyutil_main(
            goto shutdown;
        }

-        if (!subjectstr) {
-            SECU_PrintError(progName, "subject string was NULL\n");
-            rv = 255;
-            goto shutdown;
-        }
        subject = CERT_AsciiToName((char *)subjectstr);
        if (!subject) {
            SECU_PrintError(progName,
@ -1557,7 +1560,6 @@ static int keyutil_main(
        LL_L2UI(serialNumber, now);

        privkey->wincx = &pwdata;
-        PR_Close(outFile);

        inFile  = PR_Open(certreqfile, PR_RDONLY, 0);
        assert(inFile);
@ -1652,7 +1654,7 @@ shutdown:
    return rv == SECSuccess ? 0 : 255;
 }

-/* $Id: keyutil.c,v 1.12 2008/11/04 04:28:22 emaldonado Exp $ */
+/* $Id: keyutil.c,v 1.13 2009/01/29 22:22:17 emaldonado Exp $ */

 /* Key generation, encryption, and certificate utility code, based on
 * code from NSS's security utilities and the certutil application.