Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-14 13:55:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge in changes from NSS 3.2.1.

Browse Source
This commit is contained in:
nelsonb%netscape.com 2001-04-11 22:47:14 +00:00
parent 7108ab8829
commit b2d4d53739
2 changed files with 42 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
security/nss/cmd/pk12util/pk12util.c
View File

@ -42,6 +42,7 @@
#define PKCS12_IN_BUFFER_SIZE 200
static char *progName;
PRBool pk12_debugging = PR_FALSE;
PRIntn pk12uErrno = 0;
@ -187,12 +188,6 @@ p12u_CreateTemporaryDigestFile(void)
return NULL;
}
p12cxt->file = PR_Open(p12cxt->filename, PR_RDONLY, 0400);
if (!p12cxt->filename) {
p12u_DestroyExportFileInfo(&p12cxt, PR_FALSE);
return NULL;
}
return p12cxt;
}
@ -347,8 +342,7 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
/* If converting Unicode to ASCII, swap bytes before conversion
* as neccessary.
*/
#ifdef DEBUG
{
if (pk12_debugging) {
int i;
printf("Converted from:\n");
for (i=0; i<inBufLen; i++) {
@ -357,7 +351,6 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
}
printf("\n");
}
#endif
it.data = inBuf;
it.len = inBufLen;
dup = SECITEM_DupItem(&it);
@ -388,8 +381,7 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
SECITEM_ZfreeItem(dup, PR_TRUE);
}
#endif
#ifdef DEBUG
{
if (pk12_debugging) {
int i;
printf("Converted to:\n");
for (i=0; i<*outBufLen; i++) {
@ -398,7 +390,6 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
}
printf("\n");
}
#endif
return ret;
}
@ -476,15 +467,15 @@ P12U_InitSlot(PK11SlotInfo *slot, secuPWData *slotPw)
(slotPw->source == PW_PLAINTEXT) ? slotPw->data : 0,
(slotPw->source == PW_FROMFILE) ? slotPw->data : 0);
if (rv != SECSuccess) {
PR_fprintf(PR_STDERR, "%s: Failed to initialize slot \"%s\".\n",
progName, PK11_GetSlotName(slot));
SECU_PrintError(progName, "Failed to initialize slot \"%s\"",
PK11_GetSlotName(slot));
return SECFailure;
}
}
if (PK11_Authenticate(slot, PR_TRUE, slotPw) != SECSuccess) {
PR_fprintf(PR_STDERR, "%s: Failed to authenticate to PKCS11 slot.\n",
progName);
SECU_PrintError(progName,
"Failed to authenticate to PKCS11 slot");
PORT_SetError(SEC_ERROR_USER_CANCELLED);
pk12uErrno = PK12UERR_USER_CANCELLED;
return SECFailure;
@ -520,15 +511,15 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
rv = P12U_InitSlot(slot, slotPw);
if (rv != SECSuccess) {
PR_fprintf(PR_STDERR, "%s: Failed to authenticate to \"%s\".\n",
progName, PK11_GetSlotName(slot));
SECU_PrintError(progName, "Failed to authenticate to \"%s\"",
PK11_GetSlotName(slot));
pk12uErrno = PK12UERR_PK11GETSLOT;
goto loser;
}
p12cxt = p12u_InitFile(PR_TRUE, in_file);
if(!p12cxt) {
printf("%s: Initialization failed: %s\n", progName, in_file);
SECU_PrintError(progName,"Initialization failed: %s", in_file);
pk12uErrno = PK12UERR_INIT_FILE;
goto loser;
}
@ -542,14 +533,14 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
if(P12U_UnicodeConversion(NULL, &uniPwitem, pwitem, PR_TRUE,
swapUnicode) != SECSuccess) {
printf("%s: Unicode conversion failed \n", progName);
SECU_PrintError(progName,"Unicode conversion failed");
pk12uErrno = PK12UERR_UNICODECONV;
goto loser;
}
tmpcxt = p12u_CreateTemporaryDigestFile();
if(!tmpcxt) {
printf("%s: Create Temporary digest file failed.\n", progName);
SECU_PrintError(progName,"Create Temporary digest file failed");
pk12uErrno = PK12UERR_TMPDIGCREATE;
goto loser;
}
@ -560,7 +551,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
p12u_DigestRead, p12u_DigestWrite,
tmpcxt);
if(!p12dcx) {
printf("%s: PKCS12 decoder start failed.\n", progName);
SECU_PrintError(progName,"PKCS12 decoder start failed");
pk12uErrno = PK12UERR_PK12DECODESTART;
goto loser;
}
@ -568,7 +559,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
/* decode the item */
rv = SECU_FileToItem(&p12file, p12cxt->file);
if (rv != SECSuccess) {
fprintf(stderr, "%s: Failed to read from import file.\n", progName);
SECU_PrintError(progName,"Failed to read from import file");
goto loser;
}
rv = SEC_PKCS12DecoderUpdate(p12dcx, p12file.data, p12file.len);
@ -587,7 +578,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
}
goto tried_pdu_import;
#endif /* EXTRA */
printf("%s: PKCS12 decoding failed.\n", progName);
SECU_PrintError(progName,"PKCS12 decoding failed");
pk12uErrno = PK12UERR_DECODE;
}
@ -595,7 +586,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
/* does the blob authenticate properly? */
if(SEC_PKCS12DecoderVerify(p12dcx) != SECSuccess) {
printf("%s: PKCS12 decode not verified\n", progName);
SECU_PrintError(progName,"PKCS12 decode not verified");
pk12uErrno = PK12UERR_DECODEVERIFY;
goto loser;
}
@ -605,15 +596,16 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
!= SECSuccess) {
if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
pk12uErrno = PK12UERR_CERTALREADYEXISTS;
} else {
pk12uErrno = PK12UERR_DECODEVALIBAGS;
}
printf("%s: PKCS12 decode validate bags failed.\n", progName);
pk12uErrno = PK12UERR_DECODEVALIBAGS;
SECU_PrintError(progName,"PKCS12 decode validate bags failed");
goto loser;
}
/* stuff 'em in */
if(SEC_PKCS12DecoderImportBags(p12dcx) != SECSuccess) {
printf("%s: PKCS12 decode import bags failed.\n", progName);
SECU_PrintError(progName,"PKCS12 decode import bags failed");
pk12uErrno = PK12UERR_DECODEIMPTBAGS;
goto loser;
}
@ -622,7 +614,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
/* important - to add the password hash into the key database */
rv = PK11_CheckUserPassword(slot, pw_string);
if( rv != SECSuccess ) {
printf("Failed to CheckUserPassword\n");
SECU_PrintError(progName,"Failed to CheckUserPassword");
exit(-1);
}
#endif
@ -715,19 +707,19 @@ P12U_ExportPKCS12Object(char *nn, char *outfile,
cert = PK11_FindCertFromNickname(nn, NULL);
if(!cert) {
printf("%s: find cert by nickname failed.\n", progName);
SECU_PrintError(progName,"find cert by nickname failed");
pk12uErrno = PK12UERR_FINDCERTBYNN;
return;
}
if (!cert->slot) {
fprintf(stderr, "%s: cert does not have a slot.\n", progName);
SECU_PrintError(progName,"cert does not have a slot");
pk12uErrno = PK12UERR_FINDCERTBYNN;
goto loser;
}
if (P12U_InitSlot(cert->slot, slotPw) != SECSuccess) {
fprintf(stderr, "%s: Failed to authenticate to \"%s\".\n",
progName, PK11_GetSlotName(cert->slot));
SECU_PrintError(progName,"Failed to authenticate to \"%s\"",
PK11_GetSlotName(cert->slot));
pk12uErrno = PK12UERR_PK11GETSLOT;
goto loser;
}
@ -740,14 +732,14 @@ P12U_ExportPKCS12Object(char *nn, char *outfile,
p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, cert->slot, NULL);
if(!p12ecx) {
printf("%s: export context creation failed.\n", progName);
SECU_PrintError(progName,"export context creation failed");
pk12uErrno = PK12UERR_EXPORTCXCREATE;
goto loser;
}
if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1)
!= SECSuccess) {
printf("%s: PKCS12 add password integrity failed.\n", progName);
SECU_PrintError(progName,"PKCS12 add password integrity failed");
pk12uErrno = PK12UERR_PK12ADDPWDINTEG;
goto loser;
}
@ -761,7 +753,7 @@ P12U_ExportPKCS12Object(char *nn, char *outfile,
}
if(!certSafe || !keySafe) {
printf("%s: key or cert safe creation failed.\n", progName);
SECU_PrintError(progName,"key or cert safe creation failed");
pk12uErrno = PK12UERR_CERTKEYSAFE;
goto loser;
}
@ -770,21 +762,21 @@ P12U_ExportPKCS12Object(char *nn, char *outfile,
CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem,
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC)
!= SECSuccess) {
printf("%s: add cert and key failed.\n", progName);
SECU_PrintError(progName,"add cert and key failed");
pk12uErrno = PK12UERR_ADDCERTKEY;
goto loser;
}
p12cxt = p12u_InitFile(PR_FALSE, outfile);
p12cxt = p12u_InitFile(PR_FALSE, outfile);
if(!p12cxt) {
printf("%s: Initialization failed: %s\n", progName, outfile);
SECU_PrintError(progName,"Initialization failed: %s", outfile);
pk12uErrno = PK12UERR_INIT_FILE;
goto loser;
}
if(SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt)
!= SECSuccess) {
printf("%s: PKCS12 encode failed.\n", progName);
SECU_PrintError(progName,"PKCS12 encode failed");
pk12uErrno = PK12UERR_ENCODE;
goto loser;
}
@ -869,7 +861,8 @@ enum {
opt_Export,
opt_P12FilePWFile,
opt_P12FilePW,
opt_DBPrefix
opt_DBPrefix,
opt_Debug
};
static secuCommandFlag pk12util_options[] =
@ -884,7 +877,8 @@ static secuCommandFlag pk12util_options[] =
{ /* opt_Export */ 'o', PR_TRUE, 0, PR_FALSE },
{ /* opt_P12FilePWFile */ 'w', PR_TRUE, 0, PR_FALSE },
{ /* opt_P12FilePW */ 'W', PR_TRUE, 0, PR_FALSE },
{ /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }
{ /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE },
{ /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE }
};
int
@ -914,6 +908,8 @@ main(int argc, char **argv)
if (rv != SECSuccess)
Usage(progName);
pk12_debugging = pk12util.options[opt_Debug].activated;
if (pk12util.options[opt_Import].activated &&
pk12util.options[opt_Export].activated) {
Usage(progName);
@ -964,8 +960,7 @@ main(int argc, char **argv)
slot = PK11_FindSlotByName(slotname);
if (!slot) {
PR_fprintf(PR_STDERR, "%s: Invalid slot \"%s\".\n",
progName, slotname);
SECU_PrintError(progName,"Invalid slot \"%s\"", slotname);
goto done;
}

3
security/nss/lib/pkcs12/p12d.c
View File

@ -703,6 +703,9 @@ sec_pkcs12_decoder_safe_contents_callback(void *arg, const char *buf,
/* update the decoder */
rv = SEC_ASN1DecoderUpdate(safeContentsCtx->safeContentsDcx, buf, len);
if(rv != SECSuccess) {
/* if we fail while trying to decode a 'safe', it's probably because
* we didn't have the correct password. */
PORT_SetError(SEC_ERROR_BAD_PASSWORD);
p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
goto loser;
}