Merge branch 'master' into private-emaldona-rhbz1279912
This commit is contained in:
commit
43a0dc3424
|
@ -1,2 +0,0 @@
|
||||||
Dummy source file that we by uploading it lets us verify that nss builds
|
|
||||||
do not cause the 'fedpkg upload' or 'fedpg new-sources' commands to hang.
|
|
|
@ -1,16 +0,0 @@
|
||||||
diff -up nss/lib/ssl/sslsock.c.nobypass nss/lib/ssl/sslsock.c
|
|
||||||
--- nss/lib/ssl/sslsock.c.nobypass 2013-05-30 22:23:37.305583715 -0700
|
|
||||||
+++ nss/lib/ssl/sslsock.c 2013-05-30 22:23:37.311583762 -0700
|
|
||||||
@@ -553,8 +553,10 @@ static PRStatus SSL_BypassRegisterShutdo
|
|
||||||
static PRStatus SSL_BypassSetup(void)
|
|
||||||
{
|
|
||||||
#ifdef NO_PKCS11_BYPASS
|
|
||||||
- /* Guarantee binary compatibility */
|
|
||||||
- return PR_SUCCESS;
|
|
||||||
+ /* No need in our case to guarantee binary compatibility and
|
|
||||||
+ * we can safely return failure as we have never supported it
|
|
||||||
+ */
|
|
||||||
+ return PR_FAILURE;
|
|
||||||
#else
|
|
||||||
return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown);
|
|
||||||
#endif
|
|
24
nss.spec
24
nss.spec
|
@ -21,7 +21,7 @@ Name: nss
|
||||||
Version: 3.21.0
|
Version: 3.21.0
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
|
@ -70,7 +70,10 @@ Source27: secmod.db.xml
|
||||||
|
|
||||||
Patch2: add-relro-linker-option.patch
|
Patch2: add-relro-linker-option.patch
|
||||||
Patch3: renegotiate-transitional.patch
|
Patch3: renegotiate-transitional.patch
|
||||||
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=402712
|
||||||
Patch6: nss-enable-pem.patch
|
Patch6: nss-enable-pem.patch
|
||||||
|
# Below reference applies to most pem module related patches
|
||||||
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
|
||||||
Patch16: nss-539183.patch
|
Patch16: nss-539183.patch
|
||||||
# must statically link pem against the freebl in the buildroot
|
# must statically link pem against the freebl in the buildroot
|
||||||
# Needed only when freebl on tree has new APIS
|
# Needed only when freebl on tree has new APIS
|
||||||
|
@ -96,11 +99,11 @@ Patch55: skip_stress_TLS_RC4_128_with_MD5.patch
|
||||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||||
|
|
||||||
# As of nss-3.21 we compile NSS with -Werror.
|
# As of nss-3.21 we compile NSS with -Werror.
|
||||||
# See https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
|
# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
|
||||||
# This requires a cleanup of the PEM module as we have it here.
|
# This requires a cleanup of the PEM module as we have it here.
|
||||||
# TODO: submit a variant to the interim nss-pem upstream project
|
# TODO: submit a patch to the interim nss-pem upstream project
|
||||||
# Note that the submission will be quite different from this patch
|
# The submission will be very different from this patch as
|
||||||
# as a cleanup there is already in progress there.
|
# cleanup there is already in progress there.
|
||||||
Patch59: pem-compile-with-Werror.patch
|
Patch59: pem-compile-with-Werror.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
|
@ -292,10 +295,12 @@ export NSS_USE_SYSTEM_SQLITE
|
||||||
# TODO: Investigate as there may be a better solution
|
# TODO: Investigate as there may be a better solution
|
||||||
export NSS_DISABLE_GTESTS=1
|
export NSS_DISABLE_GTESTS=1
|
||||||
|
|
||||||
%if %{__isa_bits} == 64
|
%ifnarch noarch
|
||||||
|
%if 0%{__isa_bits} == 64
|
||||||
USE_64=1
|
USE_64=1
|
||||||
export USE_64
|
export USE_64
|
||||||
%endif
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
# uncomment if the iquote patch is activated
|
# uncomment if the iquote patch is activated
|
||||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||||
|
@ -403,10 +408,12 @@ export FREEBL_NO_DEPEND
|
||||||
BUILD_OPT=1
|
BUILD_OPT=1
|
||||||
export BUILD_OPT
|
export BUILD_OPT
|
||||||
|
|
||||||
%if %{__isa_bits} == 64
|
%ifnarch noarch
|
||||||
|
%if 0%{__isa_bits} == 64
|
||||||
USE_64=1
|
USE_64=1
|
||||||
export USE_64
|
export USE_64
|
||||||
%endif
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||||
|
|
||||||
|
@ -821,6 +828,9 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Nov 15 2015 Elio Maldonado <emaldona@redhat.com> - 3.21.0-3
|
||||||
|
- Add references to bugs filed upstream
|
||||||
|
|
||||||
* Fri Nov 13 2015 Elio Maldonado Batiz <emaldona@redhat.com> - 3.21.1-2
|
* Fri Nov 13 2015 Elio Maldonado Batiz <emaldona@redhat.com> - 3.21.1-2
|
||||||
- Update to NSS 3.21
|
- Update to NSS 3.21
|
||||||
- Package listsuites as part of the unsupported tools set
|
- Package listsuites as part of the unsupported tools set
|
||||||
|
|
|
@ -1,114 +1,93 @@
|
||||||
diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
|
diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
|
||||||
--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||||
+++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-12 06:59:07.831377167 -0800
|
+++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800
|
||||||
@@ -233,7 +233,7 @@ struct pemLOWKEYPrivateKeyStr {
|
@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr {
|
||||||
};
|
};
|
||||||
typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
|
typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
|
||||||
|
|
||||||
-SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
|
+/* NOTE: Discrepancy with the the way callers use of the return value as a count
|
||||||
+int ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly, SECStatus *pError);
|
+ * Fix this when we sync. up with the cleanup work being done at nss-pem project.
|
||||||
|
+ */
|
||||||
|
SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
|
||||||
const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
|
const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
|
||||||
void pem_PopulateModulusExponent(pemInternalObject *io);
|
void pem_PopulateModulusExponent(pemInternalObject *io);
|
||||||
NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError);
|
|
||||||
diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
|
diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
|
||||||
--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||||
+++ ./nss/lib/ckfw/pem/pinst.c 2015-11-12 06:59:07.831377167 -0800
|
+++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800
|
||||||
@@ -466,15 +466,17 @@ AddCertificate(char *certfile, char *key
|
@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key
|
||||||
{
|
|
||||||
pemInternalObject *o;
|
|
||||||
CK_RV error = 0;
|
|
||||||
+ SECStatus status;
|
|
||||||
int objid, i;
|
|
||||||
int nobjs = 0;
|
|
||||||
SECItem **objs = NULL;
|
|
||||||
char *ivstring = NULL;
|
char *ivstring = NULL;
|
||||||
int cipher;
|
int cipher;
|
||||||
|
|
||||||
- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||||
+ nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */, &status);
|
+ /* TODO: Fix discrepancy between our usage of the return value as
|
||||||
|
+ * as an int (a count) and the declaration as a SECStatus. */
|
||||||
|
+ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||||
if (nobjs <= 0) {
|
if (nobjs <= 0) {
|
||||||
nss_ZFreeIf(objs);
|
nss_ZFreeIf(objs);
|
||||||
+ /* TODO: map the status to a CK_RV error */
|
|
||||||
return CKR_GENERAL_ERROR;
|
return CKR_GENERAL_ERROR;
|
||||||
}
|
@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key
|
||||||
|
|
||||||
@@ -513,12 +515,14 @@ AddCertificate(char *certfile, char *key
|
|
||||||
o = NULL;
|
|
||||||
|
|
||||||
if (keyfile) { /* add the private key */
|
if (keyfile) { /* add the private key */
|
||||||
+ SECStatus status;
|
|
||||||
SECItem **keyobjs = NULL;
|
SECItem **keyobjs = NULL;
|
||||||
int kobjs = 0;
|
int kobjs = 0;
|
||||||
|
+ /* TODO: Fix discrepancy between our usage of the return value as
|
||||||
|
+ * as an int and the declaration as a SECStatus. */
|
||||||
kobjs =
|
kobjs =
|
||||||
ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
|
- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
|
||||||
- &ivstring, PR_FALSE);
|
+ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
|
||||||
+ &ivstring, PR_FALSE, &status);
|
&ivstring, PR_FALSE);
|
||||||
if (kobjs < 1) {
|
if (kobjs < 1) {
|
||||||
+ /* TODO: map the status to an error */
|
|
||||||
error = CKR_GENERAL_ERROR;
|
error = CKR_GENERAL_ERROR;
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
|
diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
|
||||||
--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||||
+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-12 06:59:07.831377167 -0800
|
+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800
|
||||||
@@ -630,6 +630,8 @@ pem_DestroyInternalObject
|
@@ -630,6 +630,11 @@ pem_DestroyInternalObject
|
||||||
if (io->u.key.ivstring)
|
if (io->u.key.ivstring)
|
||||||
free(io->u.key.ivstring);
|
free(io->u.key.ivstring);
|
||||||
break;
|
break;
|
||||||
+ case pemAll:
|
+ case pemAll:
|
||||||
|
+ /* pemAll is not used, keep the compiler happy
|
||||||
|
+ * TODO: investigate a proper solution
|
||||||
|
+ */
|
||||||
+ return;
|
+ return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NULL != gobj)
|
if (NULL != gobj)
|
||||||
@@ -1044,7 +1046,7 @@ pem_CreateObject
|
@@ -1044,7 +1049,9 @@ pem_CreateObject
|
||||||
int nobjs = 0;
|
int nobjs = 0;
|
||||||
int i;
|
int i;
|
||||||
int objid;
|
int objid;
|
||||||
- pemToken *token;
|
+#if 0
|
||||||
+ /*pemToken *token = NULL;*/
|
pemToken *token;
|
||||||
|
+#endif
|
||||||
int cipher;
|
int cipher;
|
||||||
char *ivstring = NULL;
|
char *ivstring = NULL;
|
||||||
pemInternalObject *listObj = NULL;
|
pemInternalObject *listObj = NULL;
|
||||||
@@ -1073,7 +1075,7 @@ pem_CreateObject
|
@@ -1073,7 +1080,9 @@ pem_CreateObject
|
||||||
}
|
}
|
||||||
slotID = nssCKFWSlot_GetSlotID(fwSlot);
|
slotID = nssCKFWSlot_GetSlotID(fwSlot);
|
||||||
|
|
||||||
- token = (pemToken *) mdToken->etc;
|
+#if 0
|
||||||
+ /*token = (pemToken *) mdToken->etc;*/
|
token = (pemToken *) mdToken->etc;
|
||||||
|
+#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* only create keys and certs.
|
* only create keys and certs.
|
||||||
@@ -1114,7 +1116,10 @@ pem_CreateObject
|
@@ -1114,7 +1123,11 @@ pem_CreateObject
|
||||||
}
|
}
|
||||||
|
|
||||||
if (objClass == CKO_CERTIFICATE) {
|
if (objClass == CKO_CERTIFICATE) {
|
||||||
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||||
+ SECStatus status;
|
+ /* TODO: Fix discrepancy between our usage of the return value as
|
||||||
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring,
|
+ * as an int and the declaration as a SECStatus. Typecasting as a
|
||||||
+ PR_TRUE /* certs only */, &status);
|
+ * temporary workaround.
|
||||||
+ /* TODO: How do we map status to *pError */
|
+ */
|
||||||
if (nobjs < 1)
|
+ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||||
goto loser;
|
|
||||||
|
|
||||||
@@ -1156,11 +1161,14 @@ pem_CreateObject
|
|
||||||
} else if (objClass == CKO_PRIVATE_KEY) {
|
|
||||||
/* Brute force: find the id of the certificate, if any, in this slot */
|
|
||||||
int i;
|
|
||||||
+ SECStatus status;
|
|
||||||
SECItem certDER;
|
|
||||||
CK_SESSION_HANDLE hSession;
|
|
||||||
PRBool added;
|
|
||||||
|
|
||||||
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
|
|
||||||
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring,
|
|
||||||
+ PR_FALSE /* keys only */, &status);
|
|
||||||
+ /* TODO: How do we map status to *pError? */
|
|
||||||
if (nobjs < 1)
|
if (nobjs < 1)
|
||||||
goto loser;
|
goto loser;
|
||||||
|
|
||||||
diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
|
diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
|
||||||
--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||||
+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-12 06:59:07.831377167 -0800
|
+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800
|
||||||
@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
|
@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -128,64 +107,40 @@ diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrap
|
||||||
* Format one block of data for public/private key encryption using
|
* Format one block of data for public/private key encryption using
|
||||||
diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
|
diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
|
||||||
--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||||
+++ ./nss/lib/ckfw/pem/util.c 2015-11-12 06:59:07.831377167 -0800
|
+++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800
|
||||||
@@ -58,7 +58,7 @@
|
@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds
|
||||||
#include <stdarg.h>
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
#define CHUNK_SIZE 512
|
-int
|
||||||
-#define PUT_Object(obj,err) \
|
+/* FIX: Returns a SECStatus yet callers take result as a count */
|
||||||
+#define PUT_Object(obj,pErr) \
|
+SECStatus
|
||||||
{ \
|
|
||||||
if (count >= size) { \
|
|
||||||
*derlist = *derlist ? \
|
|
||||||
@@ -67,7 +67,7 @@
|
|
||||||
nss_ZNEWARRAY(NULL, SECItem *, \
|
|
||||||
(size+CHUNK_SIZE) ) ; \
|
|
||||||
if ((SECItem **)NULL == *derlist) { \
|
|
||||||
- err = CKR_HOST_MEMORY; \
|
|
||||||
+ *pErr = CKR_HOST_MEMORY; \
|
|
||||||
goto loser; \
|
|
||||||
} \
|
|
||||||
size += CHUNK_SIZE; \
|
|
||||||
@@ -133,19 +133,20 @@ static SECStatus FileToItem(SECItem * ds
|
|
||||||
|
|
||||||
int
|
|
||||||
ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
|
ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
|
||||||
- int *cipher, char **ivstring, PRBool certsonly)
|
int *cipher, char **ivstring, PRBool certsonly)
|
||||||
+ int *cipher, char **ivstring, PRBool certsonly, SECStatus *pError)
|
|
||||||
{
|
{
|
||||||
SECStatus rv;
|
@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||||
PRFileDesc *inFile;
|
|
||||||
int count = 0, size = 0;
|
|
||||||
SECItem *der = NULL;
|
|
||||||
- int error;
|
|
||||||
SECItem filedata;
|
|
||||||
char *c, *iv;
|
|
||||||
|
|
||||||
inFile = PR_Open(filename, PR_RDONLY, 0);
|
|
||||||
- if (!inFile)
|
|
||||||
+ if (!inFile) {
|
|
||||||
+ *pError = SECFailure;
|
|
||||||
return -1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (ascii) {
|
|
||||||
/* First convert ascii to binary */
|
|
||||||
@@ -237,7 +238,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
|
||||||
goto loser;
|
goto loser;
|
||||||
}
|
}
|
||||||
if ((certsonly && !key) || (!certsonly && key)) {
|
if ((certsonly && !key) || (!certsonly && key)) {
|
||||||
- PUT_Object(der, error);
|
+ error = CKR_OK;
|
||||||
+ PUT_Object(der, pError);
|
PUT_Object(der, error);
|
||||||
|
+ if (error != CKR_OK) {
|
||||||
|
+ free(der);
|
||||||
|
+ goto loser;
|
||||||
|
+ }
|
||||||
} else {
|
} else {
|
||||||
free(der->data);
|
free(der->data);
|
||||||
free(der);
|
free(der);
|
||||||
@@ -255,7 +256,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||||
}
|
}
|
||||||
|
|
||||||
/* NOTE: This code path has never been tested. */
|
/* NOTE: This code path has never been tested. */
|
||||||
- PUT_Object(der, error);
|
+ error = CKR_OK;
|
||||||
+ PUT_Object(der, pError);
|
PUT_Object(der, error);
|
||||||
|
+ if (error != CKR_OK) {
|
||||||
|
+ free(der);
|
||||||
|
+ goto loser;
|
||||||
|
+ }
|
||||||
}
|
}
|
||||||
|
|
||||||
nss_ZFreeIf(filedata.data);
|
nss_ZFreeIf(filedata.data);
|
||||||
|
|
Loading…
Reference in New Issue