Compare commits
384 Commits
Author | SHA1 | Date |
---|---|---|
Bob Relyea | 614f823eb3 | |
Daiki Ueno | 26f93fa193 | |
Daiki Ueno | 047dc3ed4e | |
Daiki Ueno | fc0174ead1 | |
Daiki Ueno | 3c018618ca | |
Daiki Ueno | 65271d923d | |
Daiki Ueno | 9ae0f0b9e1 | |
Daiki Ueno | 2b122e4485 | |
Tom Stellard | 507a1cebf0 | |
Daiki Ueno | 7f30e21d0f | |
Daiki Ueno | aa7d80b11e | |
Daiki Ueno | f512836b78 | |
Daiki Ueno | 58ca69fcaf | |
Daiki Ueno | bd89f2ce5c | |
Daiki Ueno | 9e1e74ca17 | |
Daiki Ueno | 37c40ebd3d | |
Daiki Ueno | 656c979c95 | |
Fedora Release Engineering | 0b17c92d39 | |
Daiki Ueno | 3c27dc2471 | |
Daiki Ueno | 36505c331d | |
Kamil Dudka | 6e689ce0cb | |
Daiki Ueno | 703a4f9a95 | |
Daiki Ueno | 1e2f8acd14 | |
Daiki Ueno | 74b268dbd9 | |
Daiki Ueno | 541296170e | |
Daiki Ueno | f3ad534c37 | |
Daiki Ueno | a8a8d020bf | |
Daiki Ueno | 704f2e22d6 | |
Daiki Ueno | 4f639ad73c | |
Daiki Ueno | 8c9ed11be4 | |
Bob Relyea | 115989f50d | |
Bob Relyea | 2ec4745f30 | |
Daiki Ueno | 626f1941fd | |
Daiki Ueno | 16706fe38d | |
Daiki Ueno | d86af7693a | |
Daiki Ueno | fa84af3e06 | |
Daiki Ueno | 2f14d11d0d | |
Daiki Ueno | 3f3c20ae17 | |
Fedora Release Engineering | 326f5d0c9a | |
Daiki Ueno | c5b7db61f4 | |
Daiki Ueno | 7b734a0c80 | |
Daiki Ueno | c7e445694f | |
Daiki Ueno | 3ea5d2fb0e | |
Daiki Ueno | 4567b678cc | |
Daiki Ueno | 141e716639 | |
Elio Maldonado | 5deb5dd362 | |
Daiki Ueno | d3f6891026 | |
Daiki Ueno | df8d75ac51 | |
Daiki Ueno | b3b17b08a0 | |
Daiki Ueno | 455711f1df | |
Fedora Release Engineering | 0e03f768ab | |
Daiki Ueno | e5e5a75933 | |
Daiki Ueno | 431c940fc5 | |
Daiki Ueno | 41b9b6b6a1 | |
Daiki Ueno | f572eae5ce | |
Daiki Ueno | b250b65666 | |
Daiki Ueno | 5221baae09 | |
Daiki Ueno | cab16c0490 | |
Daiki Ueno | af46412ffe | |
Daiki Ueno | e557c2c2a1 | |
Daiki Ueno | 8be7f95db1 | |
Daiki Ueno | 7bdb9fac17 | |
Daiki Ueno | 71d6df3266 | |
Daiki Ueno | 390eaefc52 | |
Daiki Ueno | 4b42d21883 | |
Daiki Ueno | ec4d144b47 | |
Daiki Ueno | 705e2b3229 | |
Daiki Ueno | 26c062714a | |
Daiki Ueno | c29d479b7f | |
Daiki Ueno | 18c140b4c2 | |
Daiki Ueno | bdf4e9ddaf | |
Daiki Ueno | 93c1de8b0d | |
Daiki Ueno | db341dd2e0 | |
Kai Engert | 89b8b47d46 | |
Fedora Release Engineering | e4c3da9da7 | |
Jason Tibbitts | 137780ff5d | |
Daiki Ueno | 6f4f615c05 | |
Daiki Ueno | 2b3aa61f20 | |
Daiki Ueno | 3b822a7262 | |
Daiki Ueno | 8d5d06f814 | |
Daiki Ueno | 26f23aeeb6 | |
Daiki Ueno | dfa19ec931 | |
Daiki Ueno | e874285f92 | |
Daiki Ueno | abfbe95c8d | |
Daiki Ueno | e42c9742c4 | |
Kai Engert | 93dca340cd | |
Kai Engert | a24d6b1353 | |
Daiki Ueno | 418745fdce | |
Daiki Ueno | 03874d1272 | |
Daiki Ueno | 2007524db8 | |
Daiki Ueno | 67567fd852 | |
Daiki Ueno | 2eadf22a1d | |
Daiki Ueno | 3edcb8bd09 | |
Igor Gnatenko | b33603605a | |
Igor Gnatenko | 7504d3f5b2 | |
Fedora Release Engineering | 51a16f5968 | |
Kai Engert | 1689d12cbb | |
Kai Engert | 0a70bce56d | |
Kai Engert | ccf407af47 | |
Daiki Ueno | 08f152ebf9 | |
Daiki Ueno | bd239c046a | |
Daiki Ueno | 6d15c06123 | |
Kai Engert | 423cf344b1 | |
Kai Engert | cd77ff2c17 | |
Kai Engert | c4dce982fc | |
Serhii Turivny | 24e850cb0b | |
Daiki Ueno | 06c6c5b05b | |
Daiki Ueno | 8a8a89e2ed | |
Daiki Ueno | c6bdcf333a | |
Daiki Ueno | 3e4febd5a1 | |
Kai Engert | 61169569b1 | |
Daiki Ueno | 2d62c98a25 | |
Daiki Ueno | 7ae9f54af6 | |
Fedora Release Engineering | 3bbfdef75c | |
Fedora Release Engineering | 7a90b2748d | |
Daiki Ueno | 943827bba4 | |
Daiki Ueno | 82b3129713 | |
Daiki Ueno | 4b45ae6d65 | |
Daiki Ueno | 314afd2133 | |
Petr Písař | b2ceaeb648 | |
Daiki Ueno | 5ed56146a2 | |
Daiki Ueno | 4a49c5748c | |
Daiki Ueno | 405310c946 | |
Kai Engert | cd8db2917d | |
Daiki Ueno | 17cd27bdca | |
Daiki Ueno | b6664ebb77 | |
Kai Engert | 8b601d64b2 | |
Daiki Ueno | 65a4d20cc7 | |
Daiki Ueno | 07c729494a | |
Daiki Ueno | 73106743c1 | |
Daiki Ueno | 70bf1cefc1 | |
Daiki Ueno | 877f068e97 | |
Daiki Ueno | 82e9983e43 | |
Daiki Ueno | c6535e87bd | |
Daiki Ueno | 8b6e6cc656 | |
Daiki Ueno | 9168316fa8 | |
Daiki Ueno | 1df1edced7 | |
Daiki Ueno | f52ebc585d | |
Kai Engert | 387bb6b467 | |
Daiki Ueno | 74f302809f | |
Daiki Ueno | ddcac56c2e | |
Daiki Ueno | e0be40e6f7 | |
Daiki Ueno | 351f464ed1 | |
Elio Maldonado | 7854e70d7e | |
Elio Maldonado | ff192a931a | |
Elio Maldonado | 270f23d149 | |
Elio Maldonado | e666a29edf | |
Elio Maldonado | 68e30820ed | |
Elio Maldonado | ef6c2f08e7 | |
Elio Maldonado | e51bf1ce38 | |
Elio Maldonado | 3792f60887 | |
Kai Engert | 1911d47990 | |
Elio Maldonado | f5c6a9ac04 | |
Elio Maldonado | 85c6e70f3c | |
Elio Maldonado | c460de4d23 | |
Elio Maldonado | 29b52f2caf | |
Elio Maldonado | fc09930b4d | |
Elio Maldonado | 3648d70a92 | |
Elio Maldonado | 2e6c8d6f71 | |
Elio Maldonado | 299e9058d1 | |
Elio Maldonado | 21d9cd13e1 | |
Elio Maldonado | b9c9bc550c | |
Elio Maldonado | ea86d5898c | |
Elio Maldonado | b22cf46b7c | |
Elio Maldonado | 2a45956d5b | |
Elio Maldonado | e4343992f0 | |
Elio Maldonado | c0f6099656 | |
Elio Maldonado | 69c688f3b5 | |
Elio Maldonado | fe44847276 | |
Elio Maldonado | c281a339e1 | |
Elio Maldonado | 317de01a4d | |
Elio Maldonado | 5953345108 | |
Fedora Release Engineering | f7ddea92df | |
Elio Maldonado | 5fe1656484 | |
Elio Maldonado | 0483a01742 | |
Jaromir Capik | 65e0fbe683 | |
Elio Maldonado | 337a03cdd8 | |
Elio Maldonado | 34058a2a6e | |
Elio Maldonado | 66122a0ff7 | |
Elio Maldonado | 03da09b383 | |
Elio Maldonado | 69b02be530 | |
Elio Maldonado | 0a91ce3fe8 | |
Elio Maldonado | c13e32fe80 | |
Jaromir Capik | 81b37a0f74 | |
Elio Maldonado | 75207789dc | |
Elio Maldonado | 82653be6b2 | |
Elio Maldonado | ae64727ebb | |
Elio Maldonado | a046ce773a | |
Elio Maldonado | 17f536942a | |
Elio Maldonado | b10f7b1f18 | |
Elio Maldonado | c4f83dca30 | |
Elio Maldonado | 8b92dbf50e | |
Elio Maldonado | f35af25385 | |
Kai Engert | 0779a363b4 | |
Kai Engert | 3a7ef4801d | |
Kai Engert | c0a0ca5eb2 | |
Kai Engert | 856e33f728 | |
Kai Engert | a58533f703 | |
Elio Maldonado | f59c0d1275 | |
Elio Maldonado | 9b7199b3db | |
Till Maas | fa80ce0efb | |
Elio Maldonado | 8687a87da5 | |
Elio Maldonado | 8cfb70a447 | |
Elio Maldonado | 8c142e52fe | |
Ville Skyttä | c70e45537d | |
Elio Maldonado | 62096f81c3 | |
Elio Maldonado | a60e3001fe | |
Elio Maldonado | a7df0838aa | |
Elio Maldonado | 3e2a0ea4de | |
Elio Maldonado | 1765d80a6c | |
Kai Engert | 0ac07fb221 | |
Kevin Fenzi | 64ca89cbe4 | |
Elio Maldonado | 3e02cae346 | |
Peter Robinson | db7f9bfa50 | |
Elio Maldonado | eaa519320e | |
Tom Callaway | 8025e7be74 | |
Elio Maldonado | fd6a1f2171 | |
Elio Maldonado | 60816050f2 | |
Dennis Gilmore | 296fce6af9 | |
Jaromir Capik | f94fcb299b | |
Elio Maldonado | 4d04992e9a | |
Elio Maldonado | 37a942df5c | |
Elio Maldonado | 0834927548 | |
Elio Maldonado | 8b13702a67 | |
Elio Maldonado | 4f24d9e6c9 | |
Elio Maldonado | 23d7297fce | |
Elio Maldonado | 9b8380a073 | |
Elio Maldonado | 4c076bc0cd | |
Elio Maldonado | 4fb9d07b7f | |
Elio Maldonado | a25fc11743 | |
Peter Robinson | 5d65d327f1 | |
Elio Maldonado | 301ed12356 | |
Elio Maldonado | 7285eaab48 | |
Elio Maldonado | d2ef6540b5 | |
Elio Maldonado | 569d439b91 | |
Elio Maldonado | aae9602c01 | |
Elio Maldonado | 6ab230bb01 | |
Elio Maldonado | b5567867a7 | |
Elio Maldonado | 4f6555074f | |
Elio Maldonado | f37654e052 | |
Elio Maldonado | 49e209f91d | |
Elio Maldonado | 67a7a21b0e | |
Elio Maldonado | 129e66ef0e | |
Elio Maldonado | 658733b0d3 | |
Elio Maldonado | db7fe53123 | |
Elio Maldonado | a6a13f1a66 | |
Elio Maldonado | 4b2b74e5e0 | |
Elio Maldonado | 74d9e91174 | |
Elio Maldonado | 306dd778f4 | |
Elio Maldonado | 9b70717281 | |
Elio Maldonado | 8f6f357e88 | |
Elio Maldonado | 33f25f5720 | |
Elio Maldonado | da85237ace | |
Elio Maldonado | 2285997461 | |
Elio Maldonado | 1c902d0023 | |
Elio Maldonado | 2c648570aa | |
Elio Maldonado | b4e6e308a6 | |
Elio Maldonado | 5761e30a94 | |
Elio Maldonado | 3888f3b230 | |
Elio Maldonado | 8ae46fa97f | |
Elio Maldonado | fdb9637677 | |
Elio Maldonado | cf4a750103 | |
Elio Maldonado | 8943f1ad54 | |
Elio Maldonado | efdced7007 | |
Elio Maldonado | 65efb2c2f3 | |
Elio Maldonado | b8273ce04c | |
Elio Maldonado | e36079dd45 | |
Elio Maldonado | 41e94360c9 | |
Elio Maldonado | 2f66633263 | |
Elio Maldonado | f6ec57311f | |
Elio Maldonado | 2249db62a6 | |
Elio Maldonado | 30056fd35c | |
Elio Maldonado | 2a8c1318ea | |
Kai Engert | 59b5d52d9e | |
Kai Engert | 21e8668243 | |
Kai Engert | 7b5d7ea05f | |
Elio Maldonado | b03345792c | |
Elio Maldonado | 0370142fd0 | |
Elio Maldonado | b3f05b9f44 | |
Elio Maldonado | 96957e805a | |
Elio Maldonado | 7a7f48e712 | |
Elio Maldonado | 830ee96f85 | |
Kai Engert | ca00551ea7 | |
Elio Maldonado | b13dc44579 | |
Elio Maldonado | 5a0d6572e1 | |
Elio Maldonado | edea054ffc | |
Elio Maldonado | 765b3c410b | |
Elio Maldonado | 461744f676 | |
Elio Maldonado | 4e9cb6d944 | |
Elio Maldonado | e45858c07c | |
Elio Maldonado Batiz | 6e1a26a079 | |
Elio Maldonado | 19ad65d608 | |
Elio Maldonado | fef81756fd | |
Elio Maldonado | b5d7c8e158 | |
Elio Maldonado | 247ec13766 | |
Elio Maldonado | fdff72cd4e | |
Elio Maldonado | f2639d5e85 | |
Elio Maldonado | b89655218d | |
Elio Maldonado | 93eeb31cf1 | |
Elio Maldonado | e4dd1babb0 | |
Elio Maldonado | edf5ff0634 | |
Elio Maldonado | c2e20984e1 | |
Elio Maldonado | 192d1d33fb | |
Elio Maldonado | 3be7379237 | |
Elio Maldonado | 982583d915 | |
Elio Maldonado | b11609d88a | |
Elio Maldonado | 0889879046 | |
Elio Maldonado | 1f01ab68b1 | |
Kai Engert | 61aa73d6e8 | |
Kai Engert | 53a120c4af | |
Elio Maldonado | ab9d670692 | |
Elio Maldonado | 99a740d2ee | |
Dennis Gilmore | bd7e7ae750 | |
Elio Maldonado | f304d0d0cf | |
Elio Maldonado | 18cd8ce5de | |
Elio Maldonado | 967fa1be0d | |
Elio Maldonado | 7011f18b86 | |
Elio Maldonado | 6b33cec549 | |
Elio Maldonado Batiz | e1a1b3583b | |
Elio Maldonado | 580fd0d7b9 | |
Elio Maldonado | a27d98a9ec | |
Elio Maldonado | c38003c691 | |
Elio Maldonado | 41064271a8 | |
Elio Maldonado | 034c16be36 | |
Elio Maldonado | 99d4b15c76 | |
Elio Maldonado | 4fe7a90965 | |
Elio Maldonado | 5203007534 | |
Elio Maldonado | 310e64d3c2 | |
Elio Maldonado | c408966515 | |
Elio Maldonado | 89045d8452 | |
Elio Maldonado Batiz | 51c4dcf0e0 | |
Elio Maldonado | 39b507ea3c | |
Elio Maldonado | 19fee62ac7 | |
Elio Maldonado Batiz | 7d1bd46bd6 | |
Elio Maldonado | 3ccc11c806 | |
Elio Maldonado Batiz | 85a1075a8d | |
Elio Maldonado | ca7f73c317 | |
Tom Callaway | 6e9d7578fc | |
Elio Maldonado | 81470bd3c4 | |
Dennis Gilmore | b6f8eca453 | |
Elio Maldonado | 1f56c5ccc5 | |
Elio Maldonado | 40928cb8e3 | |
Elio Maldonado | d5f0675cc9 | |
Elio Maldonado | def217ea25 | |
Elio Maldonado | aecd53f653 | |
Elio Maldonado | 543ae9ce83 | |
Elio Maldonado | 109e79922c | |
Elio Maldonado | 1584b7eb6a | |
Elio Maldonado | e8491da33f | |
Elio Maldonado | 3fe2df48eb | |
Elio Maldonado | f67889f49c | |
Elio Maldonado | 2980194bf3 | |
Elio Maldonado | 321e446e77 | |
Elio Maldonado | cb85c9e1da | |
Elio Maldonado | 953f3cef9d | |
Elio Maldonado | 1c8a4130f1 | |
Elio Maldonado | 5fe8f41a13 | |
Elio Maldonado | a32a69acd9 | |
Dan Williams | dc20ddf3a8 | |
Elio Maldonado | 190ec81eec | |
Elio Maldonado | 0598777c8d | |
Elio Maldonado | cc7766a55d | |
Elio Maldonado | 28928af492 | |
Elio Maldonado | 4a87b24862 | |
Elio Maldonado | 7b078b5247 | |
Elio Maldonado | e13d622bc5 | |
Elio Maldonado | bc4ac545c9 | |
Elio Maldonado | 3586aff4e7 | |
Kai Engert | a1e61fa589 | |
Kai Engert | c26c5b1326 | |
Elio Maldonado | bc8d177729 | |
Elio Maldonado | 4f63c4864b | |
Elio Maldonado | d7c5a94ba8 | |
Elio Maldonado | a7fb38e80b | |
Michael Schwendt | e2ce6e022c | |
Elio Maldonado | 5c50a33200 | |
Elio Maldonado | 6f6f1203b3 | |
Elio Maldonado | 778a865dab | |
Dennis Gilmore | 321ca50d42 | |
Dennis Gilmore | 7232ae1bc7 | |
Elio Maldonado | c409805d45 | |
Elio Maldonado | 656b5456ab | |
Elio Maldonado | 976de5ebbe | |
Elio Maldonado | 508cdeae12 |
|
@ -1,8 +1,51 @@
|
|||
nss-3.12.9-stripped.tar.bz2
|
||||
nss-pem-20101125.tar.bz2
|
||||
blank-cert8.db
|
||||
blank-key3.db
|
||||
blank-secmod.db
|
||||
blank-cert9.db
|
||||
blank-key4.db
|
||||
PayPalEE.cert
|
||||
TestCA.ca.cert
|
||||
TestUser50.cert
|
||||
TestUser51.cert
|
||||
/PayPalRootCA.cert
|
||||
/PayPalICA.cert
|
||||
/nss-3.25.0.tar.gz
|
||||
/nss-3.26.0.tar.gz
|
||||
/nss-3.27.0.tar.gz
|
||||
/nss-3.27.2.tar.gz
|
||||
/nss-3.28.1.tar.gz
|
||||
/nss-3.29.0.tar.gz
|
||||
/nss-3.29.1.tar.gz
|
||||
/nss-3.30.0.tar.gz
|
||||
/nss-3.30.2.tar.gz
|
||||
/nss-3.31.0.tar.gz
|
||||
/nss-3.32.0.tar.gz
|
||||
/nss-3.32.1.tar.gz
|
||||
/nss-3.33.0.tar.gz
|
||||
/nss-3.34.0.tar.gz
|
||||
/nss-3.35.0.tar.gz
|
||||
/nss-3.36.0.tar.gz
|
||||
/nss-3.36.1.tar.gz
|
||||
/nss-3.37.1.tar.gz
|
||||
/nss-3.37.3.tar.gz
|
||||
/nss-3.38.0.tar.gz
|
||||
/nss-3.39.tar.gz
|
||||
/nss-3.40.1.tar.gz
|
||||
/nss-3.41.tar.gz
|
||||
/nss-3.42.tar.gz
|
||||
/nss-3.42.1.tar.gz
|
||||
/nss-3.43.tar.gz
|
||||
/nss-3.44.tar.gz
|
||||
/nss-3.44.1.tar.gz
|
||||
/nss-3.45.tar.gz
|
||||
/nss-3.46.tar.gz
|
||||
/nss-3.46.1.tar.gz
|
||||
/nss-3.47.tar.gz
|
||||
/nss-3.47.1.tar.gz
|
||||
/nss-3.48.tar.gz
|
||||
/nss-3.49.tar.gz
|
||||
/nss-3.49.2.tar.gz
|
||||
/nss-3.50.tar.gz
|
||||
/nss-3.51.tar.gz
|
||||
/nss-3.51.1.tar.gz
|
||||
/nss-3.52.tar.gz
|
||||
|
|
|
@ -1,107 +0,0 @@
|
|||
From 5c61cdba435096ee6e65cee4dc9a473430643c07 Mon Sep 17 00:00:00 2001
|
||||
From: Elio Maldonado <emaldona@redhat.com>
|
||||
Date: Tue, 12 Apr 2011 09:31:48 -0700
|
||||
Subject: [PATCH] Bug 695011 PEM logging
|
||||
|
||||
Use NSPR logging facilities for PEM logging to fix a segmenation violation
|
||||
caused when user cannot for write a log file created by root
|
||||
---
|
||||
mozilla/security/nss/lib/ckfw/pem/ckpem.h | 7 ++++-
|
||||
mozilla/security/nss/lib/ckfw/pem/util.c | 30 ++++++++++++++++------------
|
||||
2 files changed, 22 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/mozilla/security/nss/lib/ckfw/pem/ckpem.h b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
|
||||
index 839d40b..720525e 100644
|
||||
--- a/mozilla/security/nss/lib/ckfw/pem/ckpem.h
|
||||
+++ b/mozilla/security/nss/lib/ckfw/pem/ckpem.h
|
||||
@@ -1,3 +1,6 @@
|
||||
+#ifndef CKPEM_H
|
||||
+#define CKPEM_H
|
||||
+
|
||||
#include "nssckmdt.h"
|
||||
#include "nssckfw.h"
|
||||
#include "ckfwtm.h"
|
||||
@@ -254,8 +257,8 @@ unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
|
||||
/* ptoken.c */
|
||||
NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
|
||||
|
||||
+/* util.c */
|
||||
void open_log();
|
||||
-void close_log();
|
||||
void plog(const char *fmt, ...);
|
||||
|
||||
-#define PEM_H 1
|
||||
+#endif /* CKPEM_H */
|
||||
diff --git a/mozilla/security/nss/lib/ckfw/pem/util.c b/mozilla/security/nss/lib/ckfw/pem/util.c
|
||||
index 853f418..fafb924 100644
|
||||
--- a/mozilla/security/nss/lib/ckfw/pem/util.c
|
||||
+++ b/mozilla/security/nss/lib/ckfw/pem/util.c
|
||||
@@ -41,6 +41,7 @@
|
||||
#include "prtime.h"
|
||||
#include "prlong.h"
|
||||
#include "prerror.h"
|
||||
+#include "prlog.h"
|
||||
#include "prprf.h"
|
||||
#include "plgetopt.h"
|
||||
#include "prenv.h"
|
||||
@@ -51,6 +52,9 @@
|
||||
#include "cryptohi.h"
|
||||
#include "secpkcs7.h"
|
||||
#include "secerr.h"
|
||||
+
|
||||
+#include "ckpem.h"
|
||||
+
|
||||
#include <stdarg.h>
|
||||
|
||||
#define CHUNK_SIZE 512
|
||||
@@ -267,34 +271,34 @@ ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
|
||||
return -1;
|
||||
}
|
||||
|
||||
-FILE *plogfile;
|
||||
+#ifdef DEBUG
|
||||
+#define LOGGING_BUFFER_SIZE 400
|
||||
+#define PEM_DEFAULT_LOG_FILE "/tmp/pkcs11.log"
|
||||
+static const char *pemLogModuleName = "PEM";
|
||||
+static PRLogModuleInfo* pemLogModule;
|
||||
+#endif
|
||||
|
||||
void open_log()
|
||||
{
|
||||
#ifdef DEBUG
|
||||
- plogfile = fopen("/tmp/pkcs11.log", "a");
|
||||
-#endif
|
||||
+ const char *nsprLogFile = PR_GetEnv("NSPR_LOG_FILE");
|
||||
|
||||
- return;
|
||||
-}
|
||||
+ pemLogModule = PR_NewLogModule(pemLogModuleName);
|
||||
|
||||
-void close_log()
|
||||
-{
|
||||
-#ifdef DEBUG
|
||||
- fclose(plogfile);
|
||||
+ (void) PR_SetLogFile(nsprLogFile ? nsprLogFile : PEM_DEFAULT_LOG_FILE);
|
||||
+ /* If false, the log file will remain what it was before */
|
||||
#endif
|
||||
- return;
|
||||
}
|
||||
|
||||
void plog(const char *fmt, ...)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
+ char buf[LOGGING_BUFFER_SIZE];
|
||||
va_list ap;
|
||||
|
||||
va_start(ap, fmt);
|
||||
- vfprintf(plogfile, fmt, ap);
|
||||
+ PR_vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
va_end(ap);
|
||||
-
|
||||
- fflush(plogfile);
|
||||
+ PR_LOG(pemLogModule, PR_LOG_DEBUG, ("%s", buf));
|
||||
#endif
|
||||
}
|
||||
--
|
||||
1.7.4.2
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
#requires nspr
|
||||
#requires perl
|
||||
#requires nss-util
|
||||
#requires nss-softokn
|
||||
|
||||
mcd $BUILDDIR/nss
|
||||
|
||||
export BUILD_OPT=1
|
||||
export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
|
||||
export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
|
||||
export NSPR_INCLUDE_DIR=/usr/include/nspr
|
||||
export NSPR_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export NSS_USE_SYSTEM_SQLITE=1
|
||||
export NSS_BUILD_WITHOUT_SOFTOKEN=1
|
||||
export USE_SYSTEM_SOFTOKEN=1
|
||||
export SOFTOKEN_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export NSSUTIL_INCLUDE_DIR=/usr/include/nss3
|
||||
export NSSUTIL_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export USE_SYSTEM_NSSUTIL=1
|
||||
export FREEBL_INCLUDE_DIR=/usr/include/nss3
|
||||
export FREEBL_LIB_DIR=/usr/lib${SUFFIX}
|
||||
export USE_SYSTEM_FREEBL=1
|
||||
export NSS_USE_SYSTEM_FREEBL=1
|
||||
export FREEBL_NO_DEPEND=1
|
||||
export IN_TREE_FREEBL_HEADERS_FIRST=1
|
||||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
export NSS_NO_SSL2_NO_EXPORT=1
|
||||
export NSS_ECC_MORE_THAN_SUITE_B=1
|
||||
export NSS_NO_PKCS11_BYPASS=1
|
||||
#export NSDISTMODE="copy"
|
||||
|
||||
if [ "$SUFFIX" = "64" ]; then
|
||||
USE_64=1
|
||||
export USE_64
|
||||
fi
|
||||
|
||||
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp nss/lib/ckfw/nssck.api dist/private/nss/)
|
||||
|
||||
make -C $SRC/nss-3.*/nss/coreconf
|
||||
make -C $SRC/nss-3.*/nss/lib/dbm
|
||||
|
||||
# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
|
||||
# need nss/verref.h which is exported privately, move it to where it can be found.
|
||||
(cd $SRC/nss-3.* && mkdir -p dist/private/nss && cp -a nss/verref.h dist/private/nss/)
|
||||
|
||||
make -C $SRC/nss-3.*/nss
|
||||
cd $SRC/nss-3.*/nss/coreconf
|
||||
make install
|
||||
cd $SRC/nss-3.*/nss/lib/dbm
|
||||
make install
|
||||
cd $SRC/nss-3.*/nss
|
||||
make install
|
||||
# Copy the binary libraries we want
|
||||
NSSLIBS="libnss3.so libnssckbi.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so"
|
||||
# BOZO: temporarily disable FIPS140 support
|
||||
#NSSLIBCHKS="libnssdbm3.chk libfreebl3.chk libsoftokn3.chk"
|
||||
NSSLIBCHKS=""
|
||||
# END BOZO
|
||||
cd $SRC/nss-3.*
|
||||
for file in $NSSLIBS $NSSLIBCHKS
|
||||
do
|
||||
install -p -m 755 dist/*.OBJ/lib/$file /usr/lib${SUFFIX}/
|
||||
done
|
||||
# Copy the include files we want
|
||||
for file in $SRC/nss-*/dist/public/nss/*.h
|
||||
do
|
||||
install -p -m 644 $file /usr/include/nss3/
|
||||
done
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,59 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="cert8.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>cert8.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>cert8.db</refname>
|
||||
<refpurpose>Legacy NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
|
||||
<para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/cert8.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -0,0 +1,59 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="cert9.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>cert9.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>cert9.db</refname>
|
||||
<refpurpose>NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>cert9.db</emphasis> is an NSS certificate database.</para>
|
||||
<para>This certificate database is the sqlite-based shared database with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/cert9.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkcs11.txt(5)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -1,460 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 ./mozilla/security/nss/lib/smime/cmscinfo.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 2011-02-09 14:03:55.133296665 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmscinfo.c 2011-02-09 14:03:55.151294755 -0800
|
||||
@@ -56,27 +56,27 @@
|
||||
SECStatus
|
||||
NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo)
|
||||
{
|
||||
- if (cinfo->private) {
|
||||
+ if (cinfo->privateInfo) {
|
||||
return SECSuccess;
|
||||
}
|
||||
- cinfo->private = PORT_ZNew(NSSCMSContentInfoPrivate);
|
||||
- return (cinfo->private) ? SECSuccess: SECFailure;
|
||||
+ cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate);
|
||||
+ return (cinfo->privateInfo) ? SECSuccess : SECFailure;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
-nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *private)
|
||||
+nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *privateInfo)
|
||||
{
|
||||
- if (private->digcx) {
|
||||
+ if (privateInfo->digcx) {
|
||||
/* must destroy digest objects */
|
||||
- NSS_CMSDigestContext_Cancel(private->digcx);
|
||||
- private->digcx = NULL;
|
||||
+ NSS_CMSDigestContext_Cancel(privateInfo->digcx);
|
||||
+ privateInfo->digcx = NULL;
|
||||
}
|
||||
- if (private->ciphcx) {
|
||||
- NSS_CMSCipherContext_Destroy(private->ciphcx);
|
||||
- private->ciphcx = NULL;
|
||||
+ if (privateInfo->ciphcx) {
|
||||
+ NSS_CMSCipherContext_Destroy(privateInfo->ciphcx);
|
||||
+ privateInfo->ciphcx = NULL;
|
||||
}
|
||||
- PORT_Free(private);
|
||||
+ PORT_Free(privateInfo);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -106,9 +106,9 @@ NSS_CMSContentInfo_Destroy(NSSCMSContent
|
||||
/* XXX Anything else that needs to be "manually" freed/destroyed? */
|
||||
break;
|
||||
}
|
||||
- if (cinfo->private) {
|
||||
- nss_cmsContentInfo_private_destroy(cinfo->private);
|
||||
- cinfo->private = NULL;
|
||||
+ if (cinfo->privateInfo) {
|
||||
+ nss_cmsContentInfo_private_destroy(cinfo->privateInfo);
|
||||
+ cinfo->privateInfo = NULL;
|
||||
}
|
||||
if (cinfo->bulkkey) {
|
||||
PK11_FreeSymKey(cinfo->bulkkey);
|
||||
@@ -153,7 +153,7 @@ NSS_CMSContentInfo_GetChildContentInfo(N
|
||||
}
|
||||
break;
|
||||
}
|
||||
- if (ccinfo && !ccinfo->private) {
|
||||
+ if (ccinfo && !ccinfo->privateInfo) {
|
||||
NSS_CMSContentInfo_Private_Init(ccinfo);
|
||||
}
|
||||
return ccinfo;
|
||||
@@ -169,7 +169,7 @@ NSS_CMSContentInfo_SetDontStream(NSSCMSC
|
||||
/* default is streaming, failure to get ccinfo will not effect this */
|
||||
return dontStream ? SECFailure : SECSuccess ;
|
||||
}
|
||||
- cinfo->private->dontStream = dontStream;
|
||||
+ cinfo->privateInfo->dontStream = dontStream;
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmsdecode.c.676036 ./mozilla/security/nss/lib/smime/cmsdecode.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsdecode.c.676036 2011-02-09 14:03:55.149294968 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsdecode.c 2011-02-09 14:03:55.152294649 -0800
|
||||
@@ -458,7 +458,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
||||
goto loser;
|
||||
}
|
||||
|
||||
- if (cinfo->private && cinfo->private->ciphcx != NULL) {
|
||||
+ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
|
||||
/*
|
||||
* we are decrypting.
|
||||
*
|
||||
@@ -472,7 +472,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
||||
unsigned int buflen; /* length available for decrypted data */
|
||||
|
||||
/* find out about the length of decrypted data */
|
||||
- buflen = NSS_CMSCipherContext_DecryptLength(cinfo->private->ciphcx, len, final);
|
||||
+ buflen = NSS_CMSCipherContext_DecryptLength(cinfo->privateInfo->ciphcx, len, final);
|
||||
|
||||
/*
|
||||
* it might happen that we did not provide enough data for a full
|
||||
@@ -503,7 +503,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
||||
* any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to
|
||||
* keep track of incoming data
|
||||
*/
|
||||
- rv = NSS_CMSCipherContext_Decrypt(cinfo->private->ciphcx, buf, &outlen, buflen,
|
||||
+ rv = NSS_CMSCipherContext_Decrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
|
||||
data, len, final);
|
||||
if (rv != SECSuccess) {
|
||||
p7dcx->error = PORT_GetError();
|
||||
@@ -523,8 +523,8 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
||||
/*
|
||||
* Update the running digests with plaintext bytes (if we need to).
|
||||
*/
|
||||
- if (cinfo->private && cinfo->private->digcx)
|
||||
- NSS_CMSDigestContext_Update(cinfo->private->digcx, data, len);
|
||||
+ if (cinfo->privateInfo && cinfo->privateInfo->digcx)
|
||||
+ NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
|
||||
|
||||
/* at this point, we have the plain decoded & decrypted data
|
||||
** which is either more encoded DER (which we need to hand to the child
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmsdigdata.c.676036 ./mozilla/security/nss/lib/smime/cmsdigdata.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsdigdata.c.676036 2011-02-09 14:03:55.134296559 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsdigdata.c 2011-02-09 14:03:55.152294649 -0800
|
||||
@@ -143,8 +143,8 @@ NSS_CMSDigestedData_Encode_BeforeData(NS
|
||||
/* set up the digests */
|
||||
if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) {
|
||||
/* if digest is already there, do nothing */
|
||||
- digd->contentInfo.private->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
||||
- if (digd->contentInfo.private->digcx == NULL)
|
||||
+ digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
||||
+ if (digd->contentInfo.privateInfo->digcx == NULL)
|
||||
return SECFailure;
|
||||
}
|
||||
return SECSuccess;
|
||||
@@ -162,12 +162,12 @@ NSS_CMSDigestedData_Encode_AfterData(NSS
|
||||
{
|
||||
SECStatus rv = SECSuccess;
|
||||
/* did we have digest calculation going on? */
|
||||
- if (digd->contentInfo.private && digd->contentInfo.private->digcx) {
|
||||
- rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.private->digcx,
|
||||
+ if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
|
||||
+ rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
|
||||
digd->cmsg->poolp,
|
||||
&(digd->digest));
|
||||
/* error has been set by NSS_CMSDigestContext_FinishSingle */
|
||||
- digd->contentInfo.private->digcx = NULL;
|
||||
+ digd->contentInfo.privateInfo->digcx = NULL;
|
||||
}
|
||||
|
||||
return rv;
|
||||
@@ -194,8 +194,8 @@ NSS_CMSDigestedData_Decode_BeforeData(NS
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
- digd->contentInfo.private->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
||||
- if (digd->contentInfo.private->digcx == NULL)
|
||||
+ digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
||||
+ if (digd->contentInfo.privateInfo->digcx == NULL)
|
||||
return SECFailure;
|
||||
|
||||
return SECSuccess;
|
||||
@@ -213,12 +213,12 @@ NSS_CMSDigestedData_Decode_AfterData(NSS
|
||||
{
|
||||
SECStatus rv = SECSuccess;
|
||||
/* did we have digest calculation going on? */
|
||||
- if (digd->contentInfo.private && digd->contentInfo.private->digcx) {
|
||||
- rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.private->digcx,
|
||||
+ if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
|
||||
+ rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
|
||||
digd->cmsg->poolp,
|
||||
&(digd->cdigest));
|
||||
/* error has been set by NSS_CMSDigestContext_FinishSingle */
|
||||
- digd->contentInfo.private->digcx = NULL;
|
||||
+ digd->contentInfo.privateInfo->digcx = NULL;
|
||||
}
|
||||
|
||||
return rv;
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmsencdata.c.676036 ./mozilla/security/nss/lib/smime/cmsencdata.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsencdata.c.676036 2011-02-09 14:03:55.135296453 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsencdata.c 2011-02-09 14:03:55.153294543 -0800
|
||||
@@ -200,9 +200,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N
|
||||
/* this may modify algid (with IVs generated in a token).
|
||||
* it is therefore essential that algid is a pointer to the "real" contentEncAlg,
|
||||
* not just to a copy */
|
||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
|
||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
|
||||
PK11_FreeSymKey(bulkkey);
|
||||
- if (cinfo->private->ciphcx == NULL)
|
||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
||||
return SECFailure;
|
||||
|
||||
return SECSuccess;
|
||||
@@ -214,9 +214,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N
|
||||
SECStatus
|
||||
NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd)
|
||||
{
|
||||
- if (encd->contentInfo.private && encd->contentInfo.private->ciphcx) {
|
||||
- NSS_CMSCipherContext_Destroy(encd->contentInfo.private->ciphcx);
|
||||
- encd->contentInfo.private->ciphcx = NULL;
|
||||
+ if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
|
||||
+ NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
|
||||
+ encd->contentInfo.privateInfo->ciphcx = NULL;
|
||||
}
|
||||
|
||||
/* nothing to do after data */
|
||||
@@ -255,8 +255,8 @@ NSS_CMSEncryptedData_Decode_BeforeData(N
|
||||
}
|
||||
rv = SECFailure;
|
||||
|
||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
||||
- if (cinfo->private->ciphcx == NULL)
|
||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
||||
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
|
||||
|
||||
|
||||
@@ -275,9 +275,9 @@ loser:
|
||||
SECStatus
|
||||
NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd)
|
||||
{
|
||||
- if (encd->contentInfo.private && encd->contentInfo.private->ciphcx) {
|
||||
- NSS_CMSCipherContext_Destroy(encd->contentInfo.private->ciphcx);
|
||||
- encd->contentInfo.private->ciphcx = NULL;
|
||||
+ if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
|
||||
+ NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
|
||||
+ encd->contentInfo.privateInfo->ciphcx = NULL;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmsencode.c.676036 ./mozilla/security/nss/lib/smime/cmsencode.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsencode.c.676036 2011-02-09 14:03:55.136296347 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsencode.c 2011-02-09 14:03:55.154294437 -0800
|
||||
@@ -332,7 +332,7 @@ nss_cms_before_data(NSSCMSEncoderContext
|
||||
* Indicate that we are streaming. We will be streaming until we
|
||||
* get past the contents bytes.
|
||||
*/
|
||||
- if (!cinfo->private || !cinfo->private->dontStream)
|
||||
+ if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
|
||||
SEC_ASN1EncoderSetStreaming(childp7ecx->ecx);
|
||||
|
||||
/*
|
||||
@@ -430,23 +430,23 @@ nss_cms_encoder_work_data(NSSCMSEncoderC
|
||||
}
|
||||
|
||||
/* Update the running digest. */
|
||||
- if (len && cinfo->private && cinfo->private->digcx != NULL)
|
||||
- NSS_CMSDigestContext_Update(cinfo->private->digcx, data, len);
|
||||
+ if (len && cinfo->privateInfo && cinfo->privateInfo->digcx != NULL)
|
||||
+ NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
|
||||
|
||||
/* Encrypt this chunk. */
|
||||
- if (cinfo->private && cinfo->private->ciphcx != NULL) {
|
||||
+ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
|
||||
unsigned int inlen; /* length of data being encrypted */
|
||||
unsigned int outlen; /* length of encrypted data */
|
||||
unsigned int buflen; /* length available for encrypted data */
|
||||
|
||||
inlen = len;
|
||||
- buflen = NSS_CMSCipherContext_EncryptLength(cinfo->private->ciphcx, inlen, final);
|
||||
+ buflen = NSS_CMSCipherContext_EncryptLength(cinfo->privateInfo->ciphcx, inlen, final);
|
||||
if (buflen == 0) {
|
||||
/*
|
||||
* No output is expected, but the input data may be buffered
|
||||
* so we still have to call Encrypt.
|
||||
*/
|
||||
- rv = NSS_CMSCipherContext_Encrypt(cinfo->private->ciphcx, NULL, NULL, 0,
|
||||
+ rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, NULL, NULL, 0,
|
||||
data, inlen, final);
|
||||
if (final) {
|
||||
len = 0;
|
||||
@@ -463,7 +463,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderC
|
||||
if (buf == NULL) {
|
||||
rv = SECFailure;
|
||||
} else {
|
||||
- rv = NSS_CMSCipherContext_Encrypt(cinfo->private->ciphcx, buf, &outlen, buflen,
|
||||
+ rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
|
||||
data, inlen, final);
|
||||
data = buf;
|
||||
len = outlen;
|
||||
@@ -484,7 +484,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderC
|
||||
|
||||
done:
|
||||
|
||||
- if (cinfo->private && cinfo->private->ciphcx != NULL) {
|
||||
+ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
|
||||
if (dest != NULL) {
|
||||
dest->data = buf;
|
||||
dest->len = len;
|
||||
@@ -592,7 +592,7 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg
|
||||
* Indicate that we are streaming. We will be streaming until we
|
||||
* get past the contents bytes.
|
||||
*/
|
||||
- if (!cinfo->private || !cinfo->private->dontStream)
|
||||
+ if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
|
||||
SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
|
||||
|
||||
/*
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 ./mozilla/security/nss/lib/smime/cmsenvdata.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 2011-02-09 14:03:55.137296241 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsenvdata.c 2011-02-09 14:03:55.155294331 -0800
|
||||
@@ -289,9 +289,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N
|
||||
/* this may modify algid (with IVs generated in a token).
|
||||
* it is essential that algid is a pointer to the contentEncAlg data, not a
|
||||
* pointer to a copy! */
|
||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
|
||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
|
||||
PK11_FreeSymKey(bulkkey);
|
||||
- if (cinfo->private->ciphcx == NULL)
|
||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
||||
return SECFailure;
|
||||
|
||||
return SECSuccess;
|
||||
@@ -303,9 +303,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N
|
||||
SECStatus
|
||||
NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd)
|
||||
{
|
||||
- if (envd->contentInfo.private && envd->contentInfo.private->ciphcx) {
|
||||
- NSS_CMSCipherContext_Destroy(envd->contentInfo.private->ciphcx);
|
||||
- envd->contentInfo.private->ciphcx = NULL;
|
||||
+ if (envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
|
||||
+ NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
|
||||
+ envd->contentInfo.privateInfo->ciphcx = NULL;
|
||||
}
|
||||
|
||||
/* nothing else to do after data */
|
||||
@@ -338,7 +338,7 @@ NSS_CMSEnvelopedData_Decode_BeforeData(N
|
||||
}
|
||||
|
||||
/* look if one of OUR cert's issuerSN is on the list of recipients, and if so, */
|
||||
- /* get the cert and private key for it right away */
|
||||
+ /* get the cert and private key for it right away */
|
||||
recipient_list = nss_cms_recipient_list_create(envd->recipientInfos);
|
||||
if (recipient_list == NULL)
|
||||
goto loser;
|
||||
@@ -390,8 +390,8 @@ NSS_CMSEnvelopedData_Decode_BeforeData(N
|
||||
goto loser;
|
||||
}
|
||||
rv = SECFailure;
|
||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
||||
- if (cinfo->private->ciphcx == NULL)
|
||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
||||
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
|
||||
|
||||
|
||||
@@ -411,9 +411,9 @@ loser:
|
||||
SECStatus
|
||||
NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd)
|
||||
{
|
||||
- if (envd && envd->contentInfo.private && envd->contentInfo.private->ciphcx) {
|
||||
- NSS_CMSCipherContext_Destroy(envd->contentInfo.private->ciphcx);
|
||||
- envd->contentInfo.private->ciphcx = NULL;
|
||||
+ if (envd && envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
|
||||
+ NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
|
||||
+ envd->contentInfo.privateInfo->ciphcx = NULL;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
diff -up ./mozilla/security/nss/lib/smime/cms.h.676036 ./mozilla/security/nss/lib/smime/cms.h
|
||||
--- ./mozilla/security/nss/lib/smime/cms.h.676036 2011-02-09 14:05:46.178513159 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cms.h 2011-02-09 14:35:29.675010023 -0800
|
||||
@@ -1171,7 +1171,7 @@ NSS_CMSDEREncode(NSSCMSMessage *cmsg, SE
|
||||
* against that data structure.
|
||||
*/
|
||||
SECStatus NSS_CMSType_RegisterContentType(SECOidTag type,
|
||||
- SEC_ASN1Template *template, size_t size,
|
||||
+ SEC_ASN1Template *asn1Template, size_t size,
|
||||
NSSCMSGenericWrapperDataDestroy destroy,
|
||||
NSSCMSGenericWrapperDataCallback decode_before,
|
||||
NSSCMSGenericWrapperDataCallback decode_after,
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmssigdata.c.676036 ./mozilla/security/nss/lib/smime/cmssigdata.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmssigdata.c.676036 2011-02-09 14:03:55.139296029 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmssigdata.c 2011-02-09 14:03:55.155294331 -0800
|
||||
@@ -228,11 +228,11 @@ NSS_CMSSignedData_Encode_BeforeData(NSSC
|
||||
}
|
||||
/* set up the digests */
|
||||
if (sigd->digests && sigd->digests[0]) {
|
||||
- sigd->contentInfo.private->digcx = NULL; /* don't attempt to make new ones. */
|
||||
+ sigd->contentInfo.privateInfo->digcx = NULL; /* don't attempt to make new ones. */
|
||||
} else if (sigd->digestAlgorithms != NULL) {
|
||||
- sigd->contentInfo.private->digcx =
|
||||
+ sigd->contentInfo.privateInfo->digcx =
|
||||
NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
|
||||
- if (sigd->contentInfo.private->digcx == NULL)
|
||||
+ if (sigd->contentInfo.privateInfo->digcx == NULL)
|
||||
return SECFailure;
|
||||
}
|
||||
return SECSuccess;
|
||||
@@ -272,11 +272,11 @@ NSS_CMSSignedData_Encode_AfterData(NSSCM
|
||||
cinfo = &(sigd->contentInfo);
|
||||
|
||||
/* did we have digest calculation going on? */
|
||||
- if (cinfo->private && cinfo->private->digcx) {
|
||||
- rv = NSS_CMSDigestContext_FinishMultiple(cinfo->private->digcx, poolp,
|
||||
+ if (cinfo->privateInfo && cinfo->privateInfo->digcx) {
|
||||
+ rv = NSS_CMSDigestContext_FinishMultiple(cinfo->privateInfo->digcx, poolp,
|
||||
&(sigd->digests));
|
||||
/* error has been set by NSS_CMSDigestContext_FinishMultiple */
|
||||
- cinfo->private->digcx = NULL;
|
||||
+ cinfo->privateInfo->digcx = NULL;
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
}
|
||||
@@ -409,8 +409,8 @@ NSS_CMSSignedData_Decode_BeforeData(NSSC
|
||||
/* set up the digests */
|
||||
if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) {
|
||||
/* if digests are already there, do nothing */
|
||||
- sigd->contentInfo.private->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
|
||||
- if (sigd->contentInfo.private->digcx == NULL)
|
||||
+ sigd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
|
||||
+ if (sigd->contentInfo.privateInfo->digcx == NULL)
|
||||
return SECFailure;
|
||||
}
|
||||
return SECSuccess;
|
||||
@@ -431,11 +431,11 @@ NSS_CMSSignedData_Decode_AfterData(NSSCM
|
||||
}
|
||||
|
||||
/* did we have digest calculation going on? */
|
||||
- if (sigd->contentInfo.private && sigd->contentInfo.private->digcx) {
|
||||
- rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.private->digcx,
|
||||
+ if (sigd->contentInfo.privateInfo && sigd->contentInfo.privateInfo->digcx) {
|
||||
+ rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.privateInfo->digcx,
|
||||
sigd->cmsg->poolp, &(sigd->digests));
|
||||
/* error set by NSS_CMSDigestContext_FinishMultiple */
|
||||
- sigd->contentInfo.private->digcx = NULL;
|
||||
+ sigd->contentInfo.privateInfo->digcx = NULL;
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmst.h.676036 ./mozilla/security/nss/lib/smime/cmst.h
|
||||
--- ./mozilla/security/nss/lib/smime/cmst.h.676036 2011-02-09 14:03:55.141295816 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmst.h 2011-02-09 14:03:55.156294225 -0800
|
||||
@@ -182,7 +182,7 @@ struct NSSCMSContentInfoStr {
|
||||
* (only used by creation code) */
|
||||
SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
|
||||
* (only used by creation code) */
|
||||
- NSSCMSContentInfoPrivate *private; /* place for NSS private info */
|
||||
+ NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */
|
||||
void *reserved; /* keep binary compatibility */
|
||||
};
|
||||
|
||||
diff -up ./mozilla/security/nss/lib/smime/cmsudf.c.676036 ./mozilla/security/nss/lib/smime/cmsudf.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsudf.c.676036 2011-02-09 14:08:23.907775957 -0800
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsudf.c 2011-02-09 14:36:56.043841454 -0800
|
||||
@@ -435,7 +435,7 @@ NSS_CMSGenericWrapperData_Encode_AfterDa
|
||||
|
||||
SECStatus
|
||||
NSS_CMSType_RegisterContentType(SECOidTag type,
|
||||
- SEC_ASN1Template *template, size_t size,
|
||||
+ SEC_ASN1Template *asn1Template, size_t size,
|
||||
NSSCMSGenericWrapperDataDestroy destroy,
|
||||
NSSCMSGenericWrapperDataCallback decode_before,
|
||||
NSSCMSGenericWrapperDataCallback decode_after,
|
||||
@@ -462,10 +462,10 @@ NSS_CMSType_RegisterContentType(SECOidTa
|
||||
return SECSuccess;
|
||||
}
|
||||
typeInfo = PORT_ArenaNew(nsscmstypeArena, nsscmstypeInfo);
|
||||
- typeInfo->type =type;
|
||||
+ typeInfo->type = type;
|
||||
typeInfo->size = size;
|
||||
typeInfo->isData = isData;
|
||||
- typeInfo->template = template;
|
||||
+ typeInfo->template = asn1Template;
|
||||
typeInfo->destroy = destroy;
|
||||
typeInfo->decode_before = decode_before;
|
||||
typeInfo->decode_after = decode_after;
|
|
@ -1,196 +0,0 @@
|
|||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
|
||||
retrieving revision 1.30
|
||||
retrieving revision 1.30.2.2
|
||||
diff -u -p -r1.30 -r1.30.2.2
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 27 Jan 2011 01:35:46 -0000 1.30.2.2
|
||||
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
|
||||
char *oldModuleSpec;
|
||||
|
||||
if (secmod_IsInternalKeySlot(newModule)) {
|
||||
- pk11_SetInternalKeySlot(slot);
|
||||
- }
|
||||
+ pk11_SetInternalKeySlotIfFirst(slot);
|
||||
+ }
|
||||
newID = slot->slotID;
|
||||
PK11_FreeSlot(slot);
|
||||
for (thisChild=children, thisID=ids; thisChild && *thisChild;
|
||||
@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
|
||||
/* look down the slot info table */
|
||||
PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
|
||||
SECMOD_SetRootCerts(mod->slots[i],mod);
|
||||
+ /* explicitly mark the internal slot as such if IsInternalKeySlot()
|
||||
+ * is set */
|
||||
+ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
|
||||
+ pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
|
||||
+ }
|
||||
}
|
||||
mod->slotCount = slotCount;
|
||||
mod->slotInfoCount = 0;
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
|
||||
retrieving revision 1.13
|
||||
retrieving revision 1.13.2.2
|
||||
diff -u -p -r1.13 -r1.13.2.2
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Jan 2011 01:35:46 -0000 1.13.2.2
|
||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
||||
+void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
||||
|
||||
/*********************************************************************
|
||||
* Mechanism Mapping functions
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
|
||||
retrieving revision 1.101
|
||||
retrieving revision 1.101.2.3
|
||||
diff -u -p -r1.101 -r1.101.2.3
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 27 Jan 2011 01:35:46 -0000 1.101.2.3
|
||||
@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
|
||||
* times as tokens are removed and re-inserted.
|
||||
*/
|
||||
void
|
||||
-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
|
||||
+PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
|
||||
{
|
||||
SECStatus rv;
|
||||
char *tmp;
|
||||
@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
|
||||
}
|
||||
|
||||
static PK11SlotInfo *pk11InternalKeySlot = NULL;
|
||||
+
|
||||
+/*
|
||||
+ * Set a new default internal keyslot. If one has already been set, clear it.
|
||||
+ * Passing NULL falls back to the NSS normally selected default internal key
|
||||
+ * slot.
|
||||
+ */
|
||||
void
|
||||
pk11_SetInternalKeySlot(PK11SlotInfo *slot)
|
||||
{
|
||||
@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
|
||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Set a new default internal keyslot if the normal key slot has not already
|
||||
+ * been overridden. Subsequent calls to this function will be ignored unless
|
||||
+ * pk11_SetInternalKeySlot is used to clear the current default.
|
||||
+ */
|
||||
+void
|
||||
+pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
|
||||
+{
|
||||
+ if (pk11InternalKeySlot) {
|
||||
+ return;
|
||||
+ }
|
||||
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
+}
|
||||
+
|
||||
|
||||
/* get the internal key slot. FIPS has only one slot for both key slots and
|
||||
* default slots */
|
||||
Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
|
||||
retrieving revision 1.2
|
||||
retrieving revision 1.2.2.2
|
||||
diff -u -p -r1.2 -r1.2.2.2
|
||||
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
|
||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 26 Jan 2011 00:52:31 -0000 1.2.2.2
|
||||
@@ -221,16 +221,16 @@ getFIPSMode(void)
|
||||
* 2 for the key slot, and
|
||||
* 3 for the crypto operations slot fips
|
||||
*/
|
||||
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
|
||||
+#define CIPHER_ORDER_FLAGS "cipherOrder=100"
|
||||
#define SLOT_FLAGS \
|
||||
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
|
||||
" askpw=any timeout=30 ]"
|
||||
|
||||
static const char *nssDefaultFlags =
|
||||
- ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
|
||||
static const char *nssDefaultFIPSFlags =
|
||||
- ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
|
||||
/*
|
||||
* This function builds the list of databases and modules to load, and sets
|
||||
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
|
||||
"library= "
|
||||
"module=\"NSS User database\" "
|
||||
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
|
||||
- "NSS=\"%sflags=internal%s\"",
|
||||
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
|
||||
userdb, stripped_parameters, nssflags,
|
||||
isFIPS ? ",FIPS" : "");
|
||||
|
||||
@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
|
||||
userdb, stripped_parameters);
|
||||
}
|
||||
|
||||
-#if 0
|
||||
- /* This doesn't actually work. If we register
|
||||
- both this and the sysdb (in either order)
|
||||
- then only one of them actually shows up */
|
||||
-
|
||||
- /* Using a NULL filename as a Boolean flag to
|
||||
- * prevent registering both an application-defined
|
||||
- * db and the system db. rhbz #546211.
|
||||
- */
|
||||
- PORT_Assert(filename);
|
||||
- if (sysdb && PL_CompareStrings(filename, sysdb))
|
||||
- filename = NULL;
|
||||
- else if (userdb && PL_CompareStrings(filename, userdb))
|
||||
- filename = NULL;
|
||||
-
|
||||
- if (filename && !userIsRoot()) {
|
||||
- module_list[next++] = PR_smprintf(
|
||||
- "library= "
|
||||
- "module=\"NSS database\" "
|
||||
- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
|
||||
- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
/* now the system database (always read only unless it's root) */
|
||||
if (sysdb) {
|
||||
const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
|
||||
@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
|
||||
"library= "
|
||||
"module=\"NSS system database\" "
|
||||
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
||||
- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
}
|
||||
|
||||
/* that was the last module */
|
||||
@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
|
||||
|
||||
/* determine what options the user was trying to open this database with */
|
||||
/* filename is the directory pointed to by configdir= */
|
||||
-/* stripped is the rest of the paramters with configdir= stripped out */
|
||||
+/* stripped is the rest of the parameters with configdir= stripped out */
|
||||
static SECStatus
|
||||
-parse_paramters(char *parameters, char **filename, char **stripped)
|
||||
+parse_parameters(char *parameters, char **filename, char **stripped)
|
||||
{
|
||||
char *sourcePrev;
|
||||
char *sourceCurr;
|
||||
@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
|
||||
char **retString = NULL;
|
||||
SECStatus rv;
|
||||
|
||||
- rv = parse_paramters(parameters, &filename, &stripped);
|
||||
+ rv = parse_parameters(parameters, &filename, &stripped);
|
||||
if (rv != SECSuccess) {
|
||||
/* use defaults */
|
||||
filename = getSystemDB();
|
|
@ -0,0 +1,13 @@
|
|||
diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk
|
||||
--- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200
|
||||
+++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200
|
||||
@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME
|
||||
SQLITE_LIB_NAME = sqlite3
|
||||
endif
|
||||
|
||||
+# Prefer in-tree headers over system headers
|
||||
+ifdef IN_TREE_FREEBL_HEADERS_FIRST
|
||||
+ INCLUDES += -iquote $(DIST)/../public/nss -iquote $(DIST)/../private/nss
|
||||
+endif
|
||||
+
|
||||
MK_LOCATION = included
|
|
@ -0,0 +1,59 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="key3.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>key3.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>key3.db</refname>
|
||||
<refpurpose>Legacy NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
|
||||
<para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/key3.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -0,0 +1,59 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="key4.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>key4.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>key4.db</refname>
|
||||
<refpurpose>NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>key4.db</emphasis> is an NSS key database.</para>
|
||||
<para>This key database is the sqlite-based shared database format with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/key4.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkcs11.txt(5)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -1,33 +1,62 @@
|
|||
Index: mozilla/security/nss/cmd/selfserv/selfserv.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
|
||||
retrieving revision 1.94
|
||||
diff -p -u -8 -r1.94 selfserv.c
|
||||
--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94
|
||||
+++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000
|
||||
@@ -1487,21 +1487,21 @@ PRFileDesc *
|
||||
--- nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700
|
||||
+++ nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700
|
||||
@@ -953,23 +953,23 @@
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
PRFileDesc * listen_sock;
|
||||
int listenQueueDepth = 5 + (2 * maxThreads);
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRFileDesc *listen_sock;
|
||||
int listenQueueDepth = 5 + (2 * maxThreads);
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
- addr.inet.port = PR_htons(port);
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
- addr.inet.port = PR_htons(port);
|
||||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
errExit("PR_NewTCPSocket");
|
||||
- errExit("PR_NewTCPSocket");
|
||||
+ errExit("PR_OpenTCPSockett");
|
||||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
opt.value.non_blocking = PR_FALSE;
|
||||
prStatus = PR_SetSocketOption(listen_sock, &opt);
|
||||
if (prStatus < 0) {
|
||||
PR_Close(listen_sock);
|
||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||
--- nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700
|
||||
+++ nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700
|
||||
@@ -1711,23 +1711,23 @@
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
PRFileDesc *listen_sock;
|
||||
int listenQueueDepth = 5 + (2 * maxThreads);
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
- addr.inet.port = PR_htons(port);
|
||||
+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
+ errExit("PR_OpenTCPSocket error");
|
||||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
opt.value.non_blocking = PR_FALSE;
|
||||
prStatus = PR_SetSocketOption(listen_sock, &opt);
|
||||
if (prStatus < 0) {
|
||||
PR_Close(listen_sock);
|
||||
errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
|
||||
|
|
|
@ -0,0 +1,132 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="nss-config">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>nss-config</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>nss-config</refname>
|
||||
<refpurpose>Return meta information about nss libraries</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>nss-config</command>
|
||||
<arg><option>--prefix</option></arg>
|
||||
<arg><option>--exec-prefix</option></arg>
|
||||
<arg><option>--includedir</option></arg>
|
||||
<arg><option>--libs</option></arg>
|
||||
<arg><option>--cflags</option></arg>
|
||||
<arg><option>--libdir</option></arg>
|
||||
<arg><option>--version</option></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
|
||||
<para><command>nss-config</command> is a shell scrip
|
||||
tool which can be used to obtain gcc options for building client pacakges of nspt. </para>
|
||||
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--prefix</option></term>
|
||||
<listitem><simpara>Returns the top level system directory under which the nss libraries are installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--exec-prefix</option></term>
|
||||
<listitem><simpara>returns the top level system directory under which any nss binaries would be installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--includedir</option> <replaceable>count</replaceable></term>
|
||||
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--version</option></term>
|
||||
<listitem><simpara>returns the upstream version of nss in the form major_version-minor_version-patch_version.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--libs</option></term>
|
||||
<listitem><simpara>returns the compiler linking flags.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--cflags</option></term>
|
||||
<listitem><simpara>returns the compiler include flags.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--libdir</option></term>
|
||||
<listitem><simpara>returns the path to the directory were the nss libraries are installed.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
|
||||
<para>The following example will query for both include path and linkage flags:
|
||||
|
||||
<programlisting>
|
||||
/usr/bin/nss-config --cflags --libs
|
||||
</programlisting>
|
||||
|
||||
</para>
|
||||
|
||||
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
|
||||
<para><filename>/usr/bin/nss-config</filename></para>
|
||||
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkg-config(1)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>
|
||||
Authors: Elio Maldonado <emaldona@redhat.com>.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem ./mozilla/security/nss/lib/ckfw/manifest.mn
|
||||
--- ./mozilla/security/nss/lib/ckfw/manifest.mn.prepem 2008-08-05 16:34:23.000000000 -0700
|
||||
+++ ./mozilla/security/nss/lib/ckfw/manifest.mn 2008-08-05 16:34:30.000000000 -0700
|
||||
@@ -38,7 +38,7 @@ MANIFEST_CVS_ID = "@(#) $RCSfile: manife
|
||||
|
||||
CORE_DEPTH = ../../..
|
||||
|
||||
-DIRS = builtins
|
||||
+DIRS = builtins pem
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
ck.h \
|
|
@ -0,0 +1,21 @@
|
|||
diff -up ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 ./lib/util/pkcs11n.h
|
||||
--- ./lib/util/pkcs11n.h.aes_gcm_pkcs11_v2 2020-05-13 13:44:11.312405744 -0700
|
||||
+++ ./lib/util/pkcs11n.h 2020-05-13 13:45:23.951723660 -0700
|
||||
@@ -605,7 +605,7 @@ typedef struct CK_NSS_GCM_PARAMS {
|
||||
typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
|
||||
|
||||
/* deprecated #defines. Drop in future NSS releases */
|
||||
-#ifdef NSS_PKCS11_2_0_COMPAT
|
||||
+#ifndef NSS_PKCS11_3_0_STRICT
|
||||
|
||||
/* defines that were changed between NSS's PKCS #11 and the Oasis headers */
|
||||
#define CKF_EC_FP CKF_EC_F_P
|
||||
@@ -664,7 +664,7 @@ typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_
|
||||
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
|
||||
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
|
||||
#else
|
||||
-/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */
|
||||
+/* use the new CK_GCM_PARAMS if NSS_PKCS11_3_0_STRICT is defined */
|
||||
typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
|
||||
typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
|
||||
#endif
|
|
@ -0,0 +1,31 @@
|
|||
Index: nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
+++ nss/lib/freebl/verified/kremlin/include/kremlin/internal/types.h
|
||||
@@ -56,9 +56,10 @@ typedef const char *Prims_string;
|
||||
!defined(__clang__)
|
||||
#include <emmintrin.h>
|
||||
typedef __m128i FStar_UInt128_uint128;
|
||||
-#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||
+#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) && \
|
||||
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||
+ defined(__s390x__))
|
||||
typedef unsigned __int128 FStar_UInt128_uint128;
|
||||
#elif !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(__clang__)
|
||||
typedef __uint128_t FStar_UInt128_uint128;
|
||||
Index: nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
+++ nss/lib/freebl/verified/kremlin/kremlib/dist/minimal/fstar_uint128_gcc64.h
|
||||
@@ -26,7 +26,8 @@
|
||||
|
||||
#if !defined(KRML_VERIFIED_UINT128) && (!defined(_MSC_VER) || defined(__clang__)) && \
|
||||
(defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \
|
||||
- (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)))
|
||||
+ (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \
|
||||
+ defined(__s390x__))
|
||||
|
||||
/* GCC + using native unsigned __int128 support */
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
name=p11-kit-proxy
|
||||
library=p11-kit-proxy.so
|
||||
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
Handle decoding of one CMS structure inside another. Plain data as the
|
||||
top-level item in a message needs work.
|
||||
|
||||
diff -ur ./mozilla/security/nss/lib/smime/cmsdecode.c ./mozilla/security/nss/lib/smime/cmsdecode.c
|
||||
--- ./mozilla/security/nss/lib/smime/cmsdecode.c 2010-12-23 13:03:41.000000000 -0500
|
||||
+++ ./mozilla/security/nss/lib/smime/cmsdecode.c 2011-01-12 15:22:22.245908999 -0500
|
||||
@@ -307,6 +307,9 @@
|
||||
if (childp7dcx->content.pointer == NULL)
|
||||
goto loser;
|
||||
|
||||
+ /* give the parent a copy of the pointer so that it doesn't get lost */
|
||||
+ cinfo->content.pointer = childp7dcx->content.pointer;
|
||||
+
|
||||
/* start the child decoder */
|
||||
childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer,
|
||||
template);
|
||||
|
|
@ -0,0 +1,94 @@
|
|||
diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c
|
||||
--- a/cmd/modutil/install.c
|
||||
+++ b/cmd/modutil/install.c
|
||||
@@ -825,17 +825,20 @@ rm_dash_r(char *path)
|
||||
|
||||
dir = PR_OpenDir(path);
|
||||
if (!dir) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Recursively delete all entries in the directory */
|
||||
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||
- sprintf(filename, "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||
+ PR_CloseDir(dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
if (rm_dash_r(filename)) {
|
||||
PR_CloseDir(dir);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||
return -1;
|
||||
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
|
||||
--- a/cmd/signtool/util.c
|
||||
+++ b/cmd/signtool/util.c
|
||||
@@ -132,17 +132,20 @@ rm_dash_r(char *path)
|
||||
if (!dir) {
|
||||
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
|
||||
errorCount++;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Recursively delete all entries in the directory */
|
||||
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
|
||||
- sprintf(filename, "%s/%s", path, entry->name);
|
||||
+ if (snprintf(filename, sizeof(filename), "%s/%s", path, entry->name) >= sizeof(filename)) {
|
||||
+ errorCount++;
|
||||
+ return -1;
|
||||
+ }
|
||||
if (rm_dash_r(filename))
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (PR_CloseDir(dir) != PR_SUCCESS) {
|
||||
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
|
||||
errorCount++;
|
||||
return -1;
|
||||
diff --git a/lib/libpkix/pkix/util/pkix_list.c b/lib/libpkix/pkix/util/pkix_list.c
|
||||
--- a/lib/libpkix/pkix/util/pkix_list.c
|
||||
+++ b/lib/libpkix/pkix/util/pkix_list.c
|
||||
@@ -1530,17 +1530,17 @@ cleanup:
|
||||
*/
|
||||
PKIX_Error *
|
||||
PKIX_List_SetItem(
|
||||
PKIX_List *list,
|
||||
PKIX_UInt32 index,
|
||||
PKIX_PL_Object *item,
|
||||
void *plContext)
|
||||
{
|
||||
- PKIX_List *element;
|
||||
+ PKIX_List *element = NULL;
|
||||
|
||||
PKIX_ENTER(LIST, "PKIX_List_SetItem");
|
||||
PKIX_NULLCHECK_ONE(list);
|
||||
|
||||
if (list->immutable){
|
||||
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
|
||||
}
|
||||
|
||||
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
|
||||
@@ -102,17 +102,17 @@ cleanup:
|
||||
*/
|
||||
static PKIX_Error *
|
||||
pkix_pl_OID_Equals(
|
||||
PKIX_PL_Object *first,
|
||||
PKIX_PL_Object *second,
|
||||
PKIX_Boolean *pResult,
|
||||
void *plContext)
|
||||
{
|
||||
- PKIX_Int32 cmpResult;
|
||||
+ PKIX_Int32 cmpResult = 0;
|
||||
|
||||
PKIX_ENTER(OID, "pkix_pl_OID_Equals");
|
||||
PKIX_NULLCHECK_THREE(first, second, pResult);
|
||||
|
||||
PKIX_CHECK(pkix_pl_OID_Comparator
|
||||
(first, second, &cmpResult, plContext),
|
||||
PKIX_OIDCOMPARATORFAILED);
|
||||
|
|
@ -0,0 +1,116 @@
|
|||
#!/bin/sh
|
||||
|
||||
prefix=@prefix@
|
||||
|
||||
major_version=@MOD_MAJOR_VERSION@
|
||||
minor_version=@MOD_MINOR_VERSION@
|
||||
patch_version=@MOD_PATCH_VERSION@
|
||||
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: nss-softokn-config [OPTIONS] [LIBRARIES]
|
||||
Options:
|
||||
[--prefix[=DIR]]
|
||||
[--exec-prefix[=DIR]]
|
||||
[--includedir[=DIR]]
|
||||
[--libdir[=DIR]]
|
||||
[--version]
|
||||
[--libs]
|
||||
[--cflags]
|
||||
Dynamic Libraries:
|
||||
softokn3 - Requires full dynamic linking
|
||||
freebl3 - for internal use only (and glibc for self-integrity check)
|
||||
nssdbm3 - for internal use only
|
||||
Dymamically linked
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
*) optarg= ;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--prefix=*)
|
||||
prefix=$optarg
|
||||
;;
|
||||
--prefix)
|
||||
echo_prefix=yes
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=yes
|
||||
;;
|
||||
--includedir=*)
|
||||
includedir=$optarg
|
||||
;;
|
||||
--includedir)
|
||||
echo_includedir=yes
|
||||
;;
|
||||
--libdir=*)
|
||||
libdir=$optarg
|
||||
;;
|
||||
--libdir)
|
||||
echo_libdir=yes
|
||||
;;
|
||||
--version)
|
||||
echo ${major_version}.${minor_version}.${patch_version}
|
||||
;;
|
||||
--cflags)
|
||||
echo_cflags=yes
|
||||
;;
|
||||
--libs)
|
||||
echo_libs=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Set variables that may be dependent upon other variables
|
||||
if test -z "$exec_prefix"; then
|
||||
exec_prefix=`pkg-config --variable=exec_prefix nss-softokn`
|
||||
fi
|
||||
if test -z "$includedir"; then
|
||||
includedir=`pkg-config --variable=includedir nss-softokn`
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
libdir=`pkg-config --variable=libdir nss-softokn`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
echo $prefix
|
||||
fi
|
||||
|
||||
if test "$echo_exec_prefix" = "yes"; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
|
||||
if test "$echo_includedir" = "yes"; then
|
||||
echo $includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libdir" = "yes"; then
|
||||
echo $libdir
|
||||
fi
|
||||
|
||||
if test "$echo_cflags" = "yes"; then
|
||||
echo -I$includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libs" = "yes"; then
|
||||
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
|
||||
echo $libdirs
|
||||
fi
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
|
||||
check() {
|
||||
return 255
|
||||
}
|
||||
|
||||
depends() {
|
||||
return 0
|
||||
}
|
||||
|
||||
install() {
|
||||
local _dir
|
||||
|
||||
inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \
|
||||
libfreebl3.so
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
# turn on nss-softokn module
|
||||
|
||||
add_dracutmodules+=" nss-softokn "
|
|
@ -0,0 +1,11 @@
|
|||
prefix=%prefix%
|
||||
exec_prefix=%exec_prefix%
|
||||
libdir=%libdir%
|
||||
includedir=%includedir%
|
||||
|
||||
Name: NSS-SOFTOKN
|
||||
Description: Network Security Services Softoken PKCS #11 Module
|
||||
Version: %SOFTOKEN_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
|
||||
Libs: -L${libdir} -lfreebl3 -lnssdbm3 -lsoftokn3
|
||||
Cflags: -I${includedir}
|
|
@ -0,0 +1,118 @@
|
|||
#!/bin/sh
|
||||
|
||||
prefix=@prefix@
|
||||
|
||||
major_version=@MOD_MAJOR_VERSION@
|
||||
minor_version=@MOD_MINOR_VERSION@
|
||||
patch_version=@MOD_PATCH_VERSION@
|
||||
|
||||
usage()
|
||||
{
|
||||
cat <<EOF
|
||||
Usage: nss-util-config [OPTIONS] [LIBRARIES]
|
||||
Options:
|
||||
[--prefix[=DIR]]
|
||||
[--exec-prefix[=DIR]]
|
||||
[--includedir[=DIR]]
|
||||
[--libdir[=DIR]]
|
||||
[--version]
|
||||
[--libs]
|
||||
[--cflags]
|
||||
Dynamic Libraries:
|
||||
nssutil
|
||||
EOF
|
||||
exit $1
|
||||
}
|
||||
|
||||
if test $# -eq 0; then
|
||||
usage 1 1>&2
|
||||
fi
|
||||
|
||||
lib_nssutil=yes
|
||||
|
||||
while test $# -gt 0; do
|
||||
case "$1" in
|
||||
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
|
||||
*) optarg= ;;
|
||||
esac
|
||||
|
||||
case $1 in
|
||||
--prefix=*)
|
||||
prefix=$optarg
|
||||
;;
|
||||
--prefix)
|
||||
echo_prefix=yes
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=yes
|
||||
;;
|
||||
--includedir=*)
|
||||
includedir=$optarg
|
||||
;;
|
||||
--includedir)
|
||||
echo_includedir=yes
|
||||
;;
|
||||
--libdir=*)
|
||||
libdir=$optarg
|
||||
;;
|
||||
--libdir)
|
||||
echo_libdir=yes
|
||||
;;
|
||||
--version)
|
||||
echo ${major_version}.${minor_version}.${patch_version}
|
||||
;;
|
||||
--cflags)
|
||||
echo_cflags=yes
|
||||
;;
|
||||
--libs)
|
||||
echo_libs=yes
|
||||
;;
|
||||
*)
|
||||
usage 1 1>&2
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Set variables that may be dependent upon other variables
|
||||
if test -z "$exec_prefix"; then
|
||||
exec_prefix=`pkg-config --variable=exec_prefix nss-util`
|
||||
fi
|
||||
if test -z "$includedir"; then
|
||||
includedir=`pkg-config --variable=includedir nss-util`
|
||||
fi
|
||||
if test -z "$libdir"; then
|
||||
libdir=`pkg-config --variable=libdir nss-util`
|
||||
fi
|
||||
|
||||
if test "$echo_prefix" = "yes"; then
|
||||
echo $prefix
|
||||
fi
|
||||
|
||||
if test "$echo_exec_prefix" = "yes"; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
|
||||
if test "$echo_includedir" = "yes"; then
|
||||
echo $includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libdir" = "yes"; then
|
||||
echo $libdir
|
||||
fi
|
||||
|
||||
if test "$echo_cflags" = "yes"; then
|
||||
echo -I$includedir
|
||||
fi
|
||||
|
||||
if test "$echo_libs" = "yes"; then
|
||||
libdirs="-Wl,-rpath-link,$libdir -L$libdir"
|
||||
if test -n "$lib_nssutil"; then
|
||||
libdirs="$libdirs -lnssutil${major_version}"
|
||||
fi
|
||||
echo $libdirs
|
||||
fi
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
prefix=%prefix%
|
||||
exec_prefix=%exec_prefix%
|
||||
libdir=%libdir%
|
||||
includedir=%includedir%
|
||||
|
||||
Name: NSS-UTIL
|
||||
Description: Network Security Services Utility Library
|
||||
Version: %NSSUTIL_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%
|
||||
Libs: -L${libdir} -lnssutil3
|
||||
Cflags: -I${includedir}
|
|
@ -7,5 +7,5 @@ Name: NSS
|
|||
Description: Network Security Services
|
||||
Version: %NSS_VERSION%
|
||||
Requires: nspr >= %NSPR_VERSION%, nss-util >= %NSSUTIL_VERSION%
|
||||
Libs: -lssl3 -lsmime3 -lnss3
|
||||
Libs: -L${libdir} -lssl3 -lsmime3 -lnss3
|
||||
Cflags: -I${includedir}
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 ./mozilla/security/nss/lib/ckfw/pem/util.c
|
||||
--- ./mozilla/security/nss/lib/ckfw/pem/util.c.642433 2010-11-25 10:49:27.000000000 -0800
|
||||
+++ ./mozilla/security/nss/lib/ckfw/pem/util.c 2010-12-08 08:02:02.618304926 -0800
|
||||
@@ -96,9 +96,6 @@ static SECItem *AllocItem(SECItem * item
|
||||
return (result);
|
||||
|
||||
loser:
|
||||
- if (result != NULL) {
|
||||
- SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
|
||||
- }
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
@@ -110,7 +107,7 @@ static SECStatus FileToItem(SECItem * ds
|
||||
|
||||
prStatus = PR_GetOpenFileInfo(src, &info);
|
||||
|
||||
- if (prStatus != PR_SUCCESS) {
|
||||
+ if (prStatus != PR_SUCCESS || info.type == PR_FILE_DIRECTORY) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@@ -126,8 +123,7 @@ static SECStatus FileToItem(SECItem * ds
|
||||
|
||||
return SECSuccess;
|
||||
loser:
|
||||
- SECITEM_FreeItem(dst, PR_FALSE);
|
||||
- nss_ZFreeIf(dst);
|
||||
+ nss_ZFreeIf(dst->data);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@@ -153,6 +149,10 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||
|
||||
/* Read in ascii data */
|
||||
rv = FileToItem(&filedata, inFile);
|
||||
+ if (rv != SECSuccess) {
|
||||
+ PR_Close(inFile);
|
||||
+ return -1;
|
||||
+ }
|
||||
asc = (char *) filedata.data;
|
||||
if (!asc) {
|
||||
PR_Close(inFile);
|
||||
@@ -252,7 +252,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||
} else {
|
||||
/* Read in binary der */
|
||||
rv = FileToItem(der, inFile);
|
||||
- if (rv) {
|
||||
+ if (rv != SECSuccess) {
|
||||
PR_Close(inFile);
|
||||
return -1;
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="pkcs11.txt">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>pkcs11.txt</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>pkcs11.txt</refname>
|
||||
<refpurpose>NSS PKCS #11 module configuration file</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para>
|
||||
The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
|
||||
</para>
|
||||
<para>
|
||||
For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.transitional ./mozilla/security/nss/lib/ssl/sslsock.c
|
||||
--- ./mozilla/security/nss/lib/ssl/sslsock.c.transitional 2010-09-04 09:46:50.331327676 -0700
|
||||
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2010-09-04 09:50:02.814325605 -0700
|
||||
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
|
||||
PR_FALSE, /* noLocks */
|
||||
PR_FALSE, /* enableSessionTickets */
|
||||
PR_FALSE, /* enableDeflate */
|
||||
- 2, /* enableRenegotiation (default: requires extension) */
|
||||
+ 3, /* enableRenegotiation (default: transitional) */
|
||||
PR_FALSE, /* requireSafeNegotiation */
|
||||
PR_FALSE, /* enableFalseStart */
|
||||
};
|
|
@ -0,0 +1,63 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="secmod.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>secmod.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>secmod.db</refname>
|
||||
<refpurpose>Legacy NSS security modules database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>secmod.db</emphasis> is an NSS security modules database.</para>
|
||||
<para>The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
|
||||
</para>
|
||||
<para>The command line utility <emphasis>modutil</emphasis> is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
|
||||
</para>
|
||||
<para>For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/secmod.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -0,0 +1,106 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="setup-nsssysinit">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>setup-nsssysinit</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>setup-nsssysinit</refname>
|
||||
<refpurpose>Query or enable the nss-sysinit module</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>setup-nsssysinit</command>
|
||||
<arg><option>on</option></arg>
|
||||
<arg><option>off</option></arg>
|
||||
<arg><option>status</option></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><command>setup-nsssysinit</command> is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it. </para>
|
||||
<para>Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Options</title>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>on</option></term>
|
||||
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>off</option></term>
|
||||
<listitem><simpara>Turn on nss-sysinit.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>status</option></term>
|
||||
<listitem><simpara>returns whether nss-syinit is enabled or not.</simpara></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Examples</title>
|
||||
|
||||
<para>The following example will query for the status of nss-sysinit:
|
||||
<programlisting>
|
||||
/usr/bin/setup-nsssysinit status
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>The following example, when run as superuser, will turn on nss-sysinit:
|
||||
<programlisting>
|
||||
/usr/bin/setup-nsssysinit on
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/usr/bin/setup-nsssysinit</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkg-config(1)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
||||
|
14
sources
14
sources
|
@ -1,8 +1,6 @@
|
|||
240c8d61d9c9091e486318e889bc1f2f nss-3.12.9-stripped.tar.bz2
|
||||
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
|
||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||
73bc040a0542bba387e6dd7fb9fd7d23 blank-secmod.db
|
||||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
bf47cecad861efa77d1488ad4a73cb5b PayPalEE.cert
|
||||
SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
|
||||
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
|
||||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.52.tar.gz) = a45baf38717bceda03c292b2c01def680a24a846327e17d36044a85e30ed40c68220c78c0a2c3025c11778ee58f5d5eb0fff1b4cd274b95c408fb59e394e62c6
|
||||
|
|
|
@ -1,97 +0,0 @@
|
|||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11pars.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss 2011-02-11 07:45:38.324083242 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 2011-02-11 07:48:14.514166538 -0800
|
||||
@@ -258,6 +258,19 @@ secmod_IsInternalKeySlot(SECMODModule *m
|
||||
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
+void
|
||||
+secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val)
|
||||
+{
|
||||
+ char flags = (char) mod->internal;
|
||||
+
|
||||
+ if (val) {
|
||||
+ flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
|
||||
+ } else {
|
||||
+ flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT;
|
||||
+ }
|
||||
+ mod->internal = flags;
|
||||
+}
|
||||
+
|
||||
/* forward declarations */
|
||||
static int secmod_escapeSize(const char *string, char quote);
|
||||
static char *secmod_addEscape(const char *string, char quote);
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss 2011-02-11 07:47:45.037226877 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2011-02-11 07:48:28.854164207 -0800
|
||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
||||
+PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
||||
|
||||
/*********************************************************************
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss 2011-02-11 07:41:11.258746774 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 2011-02-11 07:48:51.291595867 -0800
|
||||
@@ -1755,6 +1755,18 @@ pk11_SetInternalKeySlotIfFirst(PK11SlotI
|
||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Swap out a default internal keyslot. Caller owns the Slot Reference
|
||||
+ */
|
||||
+PK11SlotInfo *
|
||||
+pk11_SwapInternalKeySlot(PK11SlotInfo *slot)
|
||||
+{
|
||||
+ PK11SlotInfo *swap = pk11InternalKeySlot;
|
||||
+
|
||||
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
+ return swap;
|
||||
+}
|
||||
+
|
||||
|
||||
/* get the internal key slot. FIPS has only one slot for both key slots and
|
||||
* default slots */
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11util.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss 2011-02-11 07:40:23.748066635 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11util.c 2011-02-11 07:49:19.674611909 -0800
|
||||
@@ -483,13 +483,25 @@ SECMOD_DeleteInternalModule(const char *
|
||||
NULL, SECMOD_FIPS_FLAGS);
|
||||
}
|
||||
if (newModule) {
|
||||
+ PK11SlotInfo *slot;
|
||||
newModule->libraryParams =
|
||||
PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams);
|
||||
+ /* if an explicit internal key slot has been set, reset it */
|
||||
+ slot = pk11_SwapInternalKeySlot(NULL);
|
||||
+ if (slot) {
|
||||
+ secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
|
||||
+ }
|
||||
rv = SECMOD_AddModule(newModule);
|
||||
if (rv != SECSuccess) {
|
||||
+ /* load failed, restore the internal key slot */
|
||||
+ pk11_SetInternalKeySlot(slot);
|
||||
SECMOD_DestroyModule(newModule);
|
||||
newModule = NULL;
|
||||
}
|
||||
+ /* free the old explicit internal key slot, we now have a new one */
|
||||
+ if (slot) {
|
||||
+ PK11_FreeSlot(slot);
|
||||
+ }
|
||||
}
|
||||
if (newModule == NULL) {
|
||||
SECMODModuleList *last = NULL,*mlp2;
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss ./mozilla/security/nss/lib/pk11wrap/secmodi.h
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss 2011-02-11 07:39:04.685590962 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/secmodi.h 2011-02-11 07:49:28.120021571 -0800
|
||||
@@ -90,6 +90,8 @@ SECStatus secmod_LoadPKCS11Module(SECMOD
|
||||
SECStatus SECMOD_UnloadModule(SECMODModule *);
|
||||
void SECMOD_SetInternalModule(SECMODModule *);
|
||||
PRBool secmod_IsInternalKeySlot(SECMODModule *);
|
||||
+void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val);
|
||||
+
|
||||
|
||||
/* tools for checking if we are loading the same database twice */
|
||||
typedef struct SECMODConfigListStr SECMODConfigList;
|
|
@ -0,0 +1,64 @@
|
|||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
|
||||
# Description: NSS tools should not use SHA1 by default when
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/nss/Regression/NSS-tools-should-not-use-SHA1-by-default-when
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: NSS tools should not use SHA1 by default when" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 10m" >> $(METADATA)
|
||||
@echo "RunFor: nss openssl" >> $(METADATA)
|
||||
@echo "Requires: nss nss-tools openssl" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
|
@ -0,0 +1,4 @@
|
|||
PURPOSE of NSS-tools-should-not-use-SHA1-by-default-when
|
||||
Description: NSS tools should not use SHA1 by default when
|
||||
Author: Hubert Kario <hkario@redhat.com>
|
||||
Summary: NSS tools should not use SHA1 by default when generating digital signatures/certificates
|
|
@ -0,0 +1,125 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of NSS-tools-should-not-use-SHA1-by-default-when
|
||||
# Description: NSS tools should not use SHA1 by default when
|
||||
# Author: Hubert Kario <hkario@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2016 Red Hat, Inc.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="nss"
|
||||
PACKAGES="nss openssl"
|
||||
DBDIR="nssdb"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm --all
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "mkdir nssdb"
|
||||
rlRun "certutil -N -d $DBDIR --empty-password"
|
||||
rlLogInfo "Create a JAR file"
|
||||
rlRun "mkdir java-dir"
|
||||
rlRun "pushd java-dir"
|
||||
rlRun "mkdir META-INF mypackage"
|
||||
rlRun "echo 'Main-Class: mypackage/MyMainFile' > META-INF/MANIFEST.MF"
|
||||
rlRun "echo 'Those are not the droids you are looking for' > mypackage/MyMainFile.class"
|
||||
#rlRun "jar -cfe package.jar mypackage/MyMainFile mypackage/MyMainFile.class"
|
||||
rlRun "popd"
|
||||
#rlRun "mv java-dir/package.jar ."
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Self signing certificates"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "certutil -d $DBDIR -S -n 'CA' -t 'cTC,cTC,cTC' -s 'CN=CA' -x -z noise"
|
||||
rlRun -s "certutil -d $DBDIR -L -n 'CA' -a | openssl x509 -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Signing certificates"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "certutil -d $DBDIR -S -n 'server' -t 'u,u,u' -s 'CN=server.example.com' -c 'CA' -z noise --nsCertType sslClient,sslServer,objectSigning,smime"
|
||||
rlRun -s "certutil -d $DBDIR -L -n 'server' -a | openssl x509 -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Certificate request"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "mkdir srv2db"
|
||||
rlRun "certutil -d srv2db -N --empty-password"
|
||||
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise"
|
||||
rlRun -s "openssl req -noout -text -in srv2.req"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
|
||||
rlRun -s "openssl x509 -in srv2.crt -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlRun "rm -rf srv2db"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Certificate request with SHA1"
|
||||
rlRun "dd if=/dev/urandom of=noise bs=1 count=32 >/dev/null"
|
||||
rlRun "mkdir srv2db"
|
||||
rlRun "certutil -d srv2db -N --empty-password"
|
||||
rlRun "certutil -d srv2db -R -s CN=www.example.com -o srv2.req -a -z noise -Z SHA1"
|
||||
rlRun -s "openssl req -noout -text -in srv2.req"
|
||||
rlAssertGrep "Signature Algorithm: sha1WithRSAEncryption" "$rlRun_LOG"
|
||||
rlRun "certutil -d $DBDIR -C -c 'CA' -i srv2.req -a -o srv2.crt"
|
||||
rlRun -s "openssl x509 -in srv2.crt -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" "$rlRun_LOG"
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlRun "rm -rf srv2db"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Signing CMS messages"
|
||||
rlRun "echo 'This is a document' > document.txt"
|
||||
rlRun "cmsutil -S -d $DBDIR -N 'server' -i document.txt -o document.cms"
|
||||
rlRun -s "openssl cms -in document.cms -inform der -noout -cmsout -print"
|
||||
rlAssertGrep "algorithm: sha256" $rlRun_LOG
|
||||
rlAssertNotGrep "algorithm: sha1" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "CRL signing"
|
||||
rlRun "echo $(date --utc +update=%Y%m%d%H%M%SZ) > script"
|
||||
rlRun "echo $(date -d 'next week' --utc +nextupdate=%Y%m%d%H%M%SZ) >> script"
|
||||
rlRun "echo addext crlNumber 0 1245 >>script"
|
||||
rlRun "echo addcert 12 $(date -d 'yesterday' --utc +%Y%m%d%H%M%SZ) >>script"
|
||||
rlRun "echo addext reasonCode 0 0 >>script"
|
||||
rlRun "cat script"
|
||||
rlRun "crlutil -G -c script -d $DBDIR -n CA -o ca.crl"
|
||||
rlRun -s "openssl crl -in ca.crl -inform der -noout -text"
|
||||
rlAssertGrep "Signature Algorithm: sha256WithRSAEncryption" $rlRun_LOG
|
||||
rlAssertNotGrep "Signature Algorithm: sha1WithRSAEncryption" $rlRun_LOG
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- NSS-tools-should-not-use-SHA1-by-default-when
|
||||
required_packages:
|
||||
- nss-tools
|
||||
- nss
|
Loading…
Reference in New Issue