3586aff4e7
- Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
130 lines
3.6 KiB
Diff
130 lines
3.6 KiB
Diff
--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
|
|
+++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
|
|
@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
|
|
size += PEM_ITEM_CHUNK;
|
|
}
|
|
gobj[count] = io;
|
|
count++;
|
|
pem_nobjs++;
|
|
|
|
io->refCount ++;
|
|
return io;
|
|
}
|
|
|
|
CK_RV
|
|
AddCertificate(char *certfile, char *keyfile, PRBool cacert,
|
|
CK_SLOT_ID slotID)
|
|
{
|
|
pemInternalObject *o;
|
|
- SECItem certDER;
|
|
CK_RV error = 0;
|
|
int objid, i;
|
|
int nobjs = 0;
|
|
SECItem **objs = NULL;
|
|
char *ivstring = NULL;
|
|
int cipher;
|
|
|
|
- certDER.data = NULL;
|
|
nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
|
if (nobjs <= 0) {
|
|
nss_ZFreeIf(objs);
|
|
return CKR_GENERAL_ERROR;
|
|
}
|
|
|
|
/* For now load as many certs as are in the file for CAs only */
|
|
if (cacert) {
|
|
for (i = 0; i < nobjs; i++) {
|
|
char nickname[1024];
|
|
objid = pem_nobjs + 1;
|
|
|
|
snprintf(nickname, 1024, "%s - %d", certfile, i);
|
|
|
|
o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
|
|
@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
|
|
loser:
|
|
nss_ZFreeIf(objs);
|
|
nss_ZFreeIf(o);
|
|
return error;
|
|
}
|
|
|
|
CK_RV
|
|
pem_Initialize
|
|
(
|
|
NSSCKMDInstance * mdInstance,
|
|
NSSCKFWInstance * fwInstance,
|
|
NSSUTF8 * configurationData
|
|
)
|
|
{
|
|
CK_RV rv;
|
|
- /* parse the initialization string and initialize CRLInstances */
|
|
+ /* parse the initialization string */
|
|
char **certstrings = NULL;
|
|
+ char *modparms = NULL;
|
|
PRInt32 numcerts = 0;
|
|
PRBool status, error = PR_FALSE;
|
|
int i;
|
|
+ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
|
|
+
|
|
+ if (!fwInstance) return CKR_ARGUMENTS_BAD;
|
|
+
|
|
+ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
|
|
+ if (modArgs &&
|
|
+ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
|
|
+ return CKR_CANT_LOCK;
|
|
+ }
|
|
|
|
if (pemInitialized) {
|
|
return CKR_OK;
|
|
}
|
|
+
|
|
RNG_RNGInit();
|
|
|
|
open_log();
|
|
|
|
plog("pem_Initialize\n");
|
|
|
|
- unsigned char *modparms = NULL;
|
|
- if (!fwInstance) {
|
|
- return CKR_ARGUMENTS_BAD;
|
|
- }
|
|
-
|
|
- CK_C_INITIALIZE_ARGS_PTR modArgs =
|
|
- NSSCKFWInstance_GetInitArgs(fwInstance);
|
|
if (!modArgs || !modArgs->LibraryParameters) {
|
|
goto done;
|
|
}
|
|
- modparms = (unsigned char *) modArgs->LibraryParameters;
|
|
+ modparms = (char *) modArgs->LibraryParameters;
|
|
plog("Initialized with %s\n", modparms);
|
|
|
|
/*
|
|
* The initialization string format is a space-delimited file of
|
|
* pairs of paths which are delimited by a semi-colon. The first
|
|
* entry of the pair is the path to the certificate file. The
|
|
* second is the path to the key file.
|
|
*
|
|
* CA certificates do not need the semi-colon.
|
|
*
|
|
* Example:
|
|
* /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
|
|
*
|
|
*/
|
|
status =
|
|
- pem_ParseString((const char *) modparms, ' ', &numcerts,
|
|
+ pem_ParseString(modparms, ' ', &numcerts,
|
|
&certstrings);
|
|
if (status == PR_FALSE) {
|
|
return CKR_ARGUMENTS_BAD;
|
|
}
|
|
|
|
for (i = 0; i < numcerts && error != PR_TRUE; i++) {
|
|
char *cert = certstrings[i];
|
|
PRInt32 attrcount = 0;
|
|
char **certattrs = NULL;
|
|
status = pem_ParseString(cert, ';', &attrcount, &certattrs);
|
|
if (status == PR_FALSE) {
|
|
error = PR_TRUE;
|
|
break;
|
|
}
|
|
|