From e3daa3fdf917b9e5e599437e304e96e8bd039466 Mon Sep 17 00:00:00 2001
From: "alexei.volkov.bugs%sun.com" <alexei.volkov.bugs%sun.com>
Date: Thu, 25 Jan 2007 00:52:26 +0000
Subject: [PATCH] Bug 301496: NSS_Shutdown failure in p7sign. r=nelson

---
 security/nss/cmd/p7content/p7content.c | 24 +++++++++++++++++++++--
 security/nss/cmd/p7sign/p7sign.c       |  3 ++-
 security/nss/lib/pkcs7/p7decode.c      | 14 ++++++-------
 security/nss/tests/smime/smime.sh      | 27 ++++++++++++++++++++++++++
 4 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c
index 3d4c13c0194c..86ea9f991ae5 100644
--- a/security/nss/cmd/p7content/p7content.c
+++ b/security/nss/cmd/p7content/p7content.c
@@ -37,7 +37,7 @@
 /*
  * p7content -- A command to display pkcs7 content.
  *
- * $Id: p7content.c,v 1.10 2004/04/25 15:02:48 gerv%gerv.net Exp $
+ * $Id: p7content.c,v 1.11 2007/01/25 00:52:25 alexei.volkov.bugs%sun.com Exp $
  */
 
 #include "nspr.h"
@@ -47,6 +47,7 @@
 #include "cert.h"
 #include "certdb.h"
 #include "nss.h"
+#include "pk11pub.h"
 
 #if defined(XP_UNIX)
 #include <unistd.h>
@@ -103,6 +104,19 @@ decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
     return PR_TRUE;
 }
 
+char* KeyDbPassword = 0;
+
+
+char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg)
+{
+    char *ret=0;
+
+    if (retry == PR_TRUE)
+        return NULL;
+    ret = PL_strdup (KeyDbPassword);
+    return ret;
+}
+
 int
 DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
 {
@@ -217,7 +231,7 @@ main(int argc, char **argv)
     /*
      * Parse command line arguments
      */
-    optstate = PL_CreateOptState(argc, argv, "d:i:o:");
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case 'd':
@@ -242,6 +256,10 @@ main(int argc, char **argv)
 	    }
 	    break;
 
+	  case 'p':
+            KeyDbPassword = strdup (optstate->value);
+            break;
+
 	  default:
 	    Usage(progName);
 	    break;
@@ -261,6 +279,8 @@ main(int argc, char **argv)
 	return -1;
     }
 
+    PK11_SetPasswordFunc (MyPK11PasswordFunc);
+
     if (DecodeAndPrintFile(outFile, inFile, progName)) {
 	SECU_PrintError(progName, "problem decoding data");
 	return -1;
diff --git a/security/nss/cmd/p7sign/p7sign.c b/security/nss/cmd/p7sign/p7sign.c
index f4f99ded8190..f6989a04408f 100644
--- a/security/nss/cmd/p7sign/p7sign.c
+++ b/security/nss/cmd/p7sign/p7sign.c
@@ -38,7 +38,7 @@
  * p7sign -- A command to create a *detached* pkcs7 signature (over a given
  * input file).
  *
- * $Id: p7sign.c,v 1.11 2007/01/04 22:42:40 alexei.volkov.bugs%sun.com Exp $
+ * $Id: p7sign.c,v 1.12 2007/01/25 00:52:25 alexei.volkov.bugs%sun.com Exp $
  */
 
 #include "nspr.h"
@@ -306,6 +306,7 @@ loser:
         fclose(outFile);
     }
     if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS shutdown:");
         exit(1);
     }
 
diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c
index 6f3645ebbdce..1f3f8b8ae6ea 100644
--- a/security/nss/lib/pkcs7/p7decode.c
+++ b/security/nss/lib/pkcs7/p7decode.c
@@ -38,7 +38,7 @@
 /*
  * PKCS7 decoding, verification.
  *
- * $Id: p7decode.c,v 1.23 2006/10/09 22:22:33 alexei.volkov.bugs%sun.com Exp $
+ * $Id: p7decode.c,v 1.24 2007/01/25 00:52:25 alexei.volkov.bugs%sun.com Exp $
  */
 
 #include "nssrenam.h"
@@ -440,9 +440,9 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
     SEC_PKCS7RecipientInfo *ri;
     CERTCertificate *cert = NULL;
     SECKEYPrivateKey *privkey = NULL;
-    PK11SymKey *bulkkey;
+    PK11SymKey *bulkkey = NULL;
     SECOidTag keyalgtag, bulkalgtag, encalgtag;
-    PK11SlotInfo *slot;
+    PK11SlotInfo *slot = NULL;
     int bulkLength = 0;
 
     if (recipientinfos == NULL || recipientinfos[0] == NULL) {
@@ -592,16 +592,16 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
 	  }
       default:
 	p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG;
-	goto no_key_found;
+	break;
     }
 
-    return bulkkey;
-
 no_key_found:
     if (privkey != NULL)
 	SECKEY_DestroyPrivateKey (privkey);
+    if (slot != NULL)
+	PK11_FreeSlot(slot);
 
-    return NULL;
+    return bulkkey;
 }
  
 /*
diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh
index 78d840099113..32d6a58df5a5 100755
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -146,6 +146,32 @@ smime_sign()
 
 
 
+smime_p7()
+{
+  echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
+  echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
+  p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
+  html_msg $? 0 "Creating envelope for user Alice" "."
+
+  echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
+  p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+
+  sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
+
+  echo "diff alice.txt alice_p7.data.sed"
+  diff alice.txt alice_p7.data.sed
+  html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
+
+  echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
+  p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
+  html_msg $? 0 "Signing file for user Alice" "."
+
+  echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
+  p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+}
+
 ############################## smime_main ##############################
 # local shell function to test basic signed and enveloped messages 
 # from 1 --> 2"
@@ -261,5 +287,6 @@ smime_cleanup()
 
 smime_init
 smime_main
+smime_p7
 smime_cleanup