Bug 301496: NSS_Shutdown failure in p7sign. r=nelson

2024-11-25 13:51:41 +00:00 · 2007-01-25 00:52:26 +00:00 · 2007-01-25 00:52:26 +00:00 · e3daa3fdf9
commit e3daa3fdf9
parent eabe84cbf3
4 changed files with 58 additions and 10 deletions
--- a/security/nss/cmd/p7content/p7content.c
+++ b/security/nss/cmd/p7content/p7content.c
@ -37,7 +37,7 @@
 /*
 * p7content -- A command to display pkcs7 content.
 *
- * $Id: p7content.c,v 1.10 2004/04/25 15:02:48 gerv%gerv.net Exp $
+ * $Id: p7content.c,v 1.11 2007/01/25 00:52:25 alexei.volkov.bugs%sun.com Exp $
 */

 #include "nspr.h"
@ -47,6 +47,7 @@
 #include "cert.h"
 #include "certdb.h"
 #include "nss.h"
+#include "pk11pub.h"

 #if defined(XP_UNIX)
 #include <unistd.h>
@ -103,6 +104,19 @@ decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
    return PR_TRUE;
 }

+char* KeyDbPassword = 0;
+
+
+char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg)
+{
+    char *ret=0;
+
+    if (retry == PR_TRUE)
+        return NULL;
+    ret = PL_strdup (KeyDbPassword);
+    return ret;
+}
+
 int
 DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
 {
@ -217,7 +231,7 @@ main(int argc, char **argv)
    /*
     * Parse command line arguments
     */
-    optstate = PL_CreateOptState(argc, argv, "d:i:o:");
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case 'd':
@ -242,6 +256,10 @@ main(int argc, char **argv)
 	    }
 	    break;

+	  case 'p':
+            KeyDbPassword = strdup (optstate->value);
+            break;
+
 	  default:
 	    Usage(progName);
 	    break;
@ -261,6 +279,8 @@ main(int argc, char **argv)
 	return -1;
    }

+    PK11_SetPasswordFunc (MyPK11PasswordFunc);
+
    if (DecodeAndPrintFile(outFile, inFile, progName)) {
 	SECU_PrintError(progName, "problem decoding data");
 	return -1;
--- a/security/nss/cmd/p7sign/p7sign.c
+++ b/security/nss/cmd/p7sign/p7sign.c
@ -38,7 +38,7 @@
 * p7sign -- A command to create a *detached* pkcs7 signature (over a given
 * input file).
 *
- * $Id: p7sign.c,v 1.11 2007/01/04 22:42:40 alexei.volkov.bugs%sun.com Exp $
+ * $Id: p7sign.c,v 1.12 2007/01/25 00:52:25 alexei.volkov.bugs%sun.com Exp $
 */

 #include "nspr.h"
@ -306,6 +306,7 @@ loser:
        fclose(outFile);
    }
    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS shutdown:");
        exit(1);
    }

--- a/security/nss/lib/pkcs7/p7decode.c
+++ b/security/nss/lib/pkcs7/p7decode.c
@ -38,7 +38,7 @@
 /*
 * PKCS7 decoding, verification.
 *
- * $Id: p7decode.c,v 1.23 2006/10/09 22:22:33 alexei.volkov.bugs%sun.com Exp $
+ * $Id: p7decode.c,v 1.24 2007/01/25 00:52:25 alexei.volkov.bugs%sun.com Exp $
 */

 #include "nssrenam.h"
@ -440,9 +440,9 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
    SEC_PKCS7RecipientInfo *ri;
    CERTCertificate *cert = NULL;
    SECKEYPrivateKey *privkey = NULL;
-    PK11SymKey *bulkkey;
+    PK11SymKey *bulkkey = NULL;
    SECOidTag keyalgtag, bulkalgtag, encalgtag;
-    PK11SlotInfo *slot;
+    PK11SlotInfo *slot = NULL;
    int bulkLength = 0;

    if (recipientinfos == NULL || recipientinfos[0] == NULL) {
@ -592,16 +592,16 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
 	  }
      default:
 	p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG;
-	goto no_key_found;
+	break;
    }

-    return bulkkey;
-
 no_key_found:
    if (privkey != NULL)
 	SECKEY_DestroyPrivateKey (privkey);
+    if (slot != NULL)
+	PK11_FreeSlot(slot);

-    return NULL;
+    return bulkkey;
 }
 
 /*
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@ -146,6 +146,32 @@ smime_sign()



+smime_p7()
+{
+  echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
+  echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
+  p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
+  html_msg $? 0 "Creating envelope for user Alice" "."
+
+  echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
+  p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+
+  sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
+
+  echo "diff alice.txt alice_p7.data.sed"
+  diff alice.txt alice_p7.data.sed
+  html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
+
+  echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
+  p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
+  html_msg $? 0 "Signing file for user Alice" "."
+
+  echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
+  p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+}
+
 ############################## smime_main ##############################
 # local shell function to test basic signed and enveloped messages 
 # from 1 --> 2"
@ -261,5 +287,6 @@ smime_cleanup()

 smime_init
 smime_main
+smime_p7
 smime_cleanup