mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

force certutil to always return 255 on error. Make sure there is only one pointer to password callback arg.

This commit is contained in:
mcgreer%netscape.com 2001-08-09 20:57:58 +00:00
Родитель 21ba42ba45
Коммит ca1878cfa5
2 изменённых файлов: 52 добавлений и 76 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

116
security/nss/cmd/certutil/certutil.c
Просмотреть файл

@ -609,27 +609,21 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
static SECStatus
ListCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
PRBool raw, PRBool ascii, PRFileDesc *outfile, char *passFile)
PRBool raw, PRBool ascii, PRFileDesc *outfile, secuPWData *pwdata)
{
SECStatus rv;
secuPWData pwdata = { PW_NONE, 0 };
if (passFile) {
pwdata.source = PW_FROMFILE;
pwdata.data = passFile;
}
if (slot == NULL) {
PK11SlotList *list;
PK11SlotListElement *le;
list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,
PR_FALSE,PR_FALSE,&pwdata);
PR_FALSE,PR_FALSE,pwdata);
if (list) for (le = list->head; le; le = le->next) {
rv = listCerts(handle,name,le->slot,raw,ascii,outfile,&pwdata);
rv = listCerts(handle,name,le->slot,raw,ascii,outfile,pwdata);
}
} else {
rv = listCerts(handle,name,slot,raw,ascii,outfile,&pwdata);
rv = listCerts(handle,name,slot,raw,ascii,outfile,pwdata);
}
return rv;
}
@ -898,15 +892,9 @@ listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg)
static SECStatus
ListKeys(PK11SlotInfo *slot, char *keyname, int index,
KeyType keyType, PRBool dopriv, char *passFile)
KeyType keyType, PRBool dopriv, secuPWData *pwdata)
{
SECStatus rv = SECSuccess;
secuPWData pwdata = { PW_NONE, 0 };
if (passFile) {
pwdata.source = PW_FROMFILE;
pwdata.data = passFile;
}
#ifdef notdef
if (keyname) {
@ -925,12 +913,12 @@ ListKeys(PK11SlotInfo *slot, char *keyname, int index,
PK11SlotList *list;
PK11SlotListElement *le;
list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,&pwdata);
list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,pwdata);
if (list) for (le = list->head; le; le = le->next) {
rv = listKeys(le->slot,keyType,&pwdata);
rv = listKeys(le->slot,keyType,pwdata);
}
} else {
rv = listKeys(slot,keyType,&pwdata);
rv = listKeys(slot,keyType,pwdata);
}
return rv;
}
@ -1270,7 +1258,7 @@ static void LongUsage(char *progName)
" -6 ");
FPS "\n");
exit(-1);
exit(1);
#undef FPS
}
@ -2220,7 +2208,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -g: Keysize must be between %d and %d.\n",
MIN_KEY_BITS, MAX_KEY_BITS);
return -1;
return 255;
}
}
@ -2243,7 +2231,7 @@ main(int argc, char **argv)
} else {
PR_fprintf(PR_STDERR, "%s -k: %s is not a recognized type.\n",
progName, certutil.options[opt_KeyType].arg);
return -1;
return 255;
}
}
@ -2253,7 +2241,7 @@ main(int argc, char **argv)
if (serialNumber < 0) {
PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n",
progName, certutil.options[opt_SerialNumber].arg);
return -1;
return 255;
}
}
@ -2266,7 +2254,7 @@ main(int argc, char **argv)
if (keytype != dsaKey) {
PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
progName);
return -1;
return 255;
}
}
@ -2276,7 +2264,7 @@ main(int argc, char **argv)
if (!subject) {
PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
progName, certutil.options[opt_Subject].arg);
return -1;
return 255;
}
}
@ -2286,7 +2274,7 @@ main(int argc, char **argv)
if (validitylength < 0) {
PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n",
progName, certutil.options[opt_Validity].arg);
return -1;
return 255;
}
}
@ -2303,7 +2291,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.",
progName, publicExponent);
PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n");
return -1;
return 255;
}
}
@ -2325,7 +2313,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag);
}
PR_fprintf(PR_STDERR, "\n");
return -1;
return 255;
}
if (commandsEntered == 0) {
PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
@ -2343,7 +2331,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -%c: nickname is required for this command (-n).\n",
progName, commandToRun);
return -1;
return 255;
}
/* -A, -E, -M, -S require trust */
@ -2355,7 +2343,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -%c: trust is required for this command (-t).\n",
progName, commandToRun);
return -1;
return 255;
}
/* if -L is given raw or ascii mode, it must be for only one cert. */
@ -2366,7 +2354,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s: nickname is required to dump cert in raw or ascii mode.\n",
progName);
return -1;
return 255;
}
/* -L can only be in (raw || ascii). */
@ -2376,7 +2364,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s: cannot specify both -r and -a when dumping cert.\n",
progName);
return -1;
return 255;
}
/* For now, deny -C -x combination */
@ -2385,7 +2373,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s: self-signing a cert request is not supported.\n",
progName);
return -1;
return 255;
}
/* If making a cert request, need a subject. */
@ -2395,7 +2383,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -%c: subject is required to create a cert request.\n",
progName, commandToRun);
return -1;
return 255;
}
/* If making a cert, need a serial number. */
@ -2413,7 +2401,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -V: specify a usage to validate the cert for (-u).\n",
progName);
return -1;
return 255;
}
/* To make a cert, need either a issuer or to self-sign it. */
@ -2423,7 +2411,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -S: must specify issuer (-c) or self-sign (-x).\n",
progName);
return -1;
return 255;
}
/* Using slotname == NULL for listing keys and certs on all slots,
@ -2433,7 +2421,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -%c: cannot use \"-h all\" for this command.\n",
progName, commandToRun);
return -1;
return 255;
}
/* Using keytype == nullKey for list all key types, but only that. */
@ -2441,7 +2429,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR,
"%s -%c: cannot use \"-k all\" for this command.\n",
progName, commandToRun);
return -1;
return 255;
}
/* -S open outFile, temporary file for cert request. */
@ -2452,7 +2440,7 @@ main(int argc, char **argv)
"%s -o: unable to open \"%s\" for writing (%ld, %ld)\n",
progName, certreqfile,
PR_GetError(), PR_GetOSError());
return -1;
return 255;
}
}
@ -2464,7 +2452,7 @@ main(int argc, char **argv)
"%s: unable to open \"%s\" for reading (%ld, %ld).\n",
progName, certutil.options[opt_InputFile].arg,
PR_GetError(), PR_GetOSError());
return -1;
return 255;
}
}
@ -2477,7 +2465,7 @@ main(int argc, char **argv)
"%s: unable to open \"%s\" for writing (%ld, %ld).\n",
progName, certutil.options[opt_OutputFile].arg,
PR_GetError(), PR_GetOSError());
return -1;
return 255;
}
}
@ -2491,7 +2479,7 @@ main(int argc, char **argv)
"secmod.db", 0);
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
return -1;
return 255;
}
certHandle = CERT_GetDefaultCertDB();
@ -2517,52 +2505,46 @@ main(int argc, char **argv)
rv = ListCerts(certHandle, name, slot,
certutil.options[opt_BinaryDER].activated,
certutil.options[opt_ASCIIForIO].activated,
(outFile) ? outFile : PR_STDOUT,
certutil.options[opt_PasswordFile].arg);
return !rv - 1;
(outFile) ? outFile : PR_STDOUT, &pwdata);
return (!rv - 1) % 255;
}
/* XXX needs work */
/* List keys (-K) */
if (certutil.commands[cmd_ListKeys].activated) {
rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/,
certutil.options[opt_PasswordFile].arg);
return !rv - 1;
&pwdata);
return (!rv - 1) % 255;
}
/* List modules (-U) */
if (certutil.commands[cmd_ListModules].activated) {
rv = ListModules();
return !rv - 1;
return (!rv - 1) % 255;
}
/* Delete cert (-D) */
if (certutil.commands[cmd_DeleteCert].activated) {
rv = DeleteCert(certHandle, name);
return !rv - 1;
return (!rv - 1) % 255;
}
/* Delete key (-F) */
if (certutil.commands[cmd_DeleteKey].activated) {
rv = DeleteKey(name, &pwdata);
return !rv - 1;
return (!rv - 1) % 255;
}
/* Modify trust attribute for cert (-M) */
if (certutil.commands[cmd_ModifyCertTrust].activated) {
rv = ChangeTrustAttributes(certHandle, name,
certutil.options[opt_Trust].arg);
return !rv - 1;
return (!rv - 1) % 255;
}
/* Change key db password (-W) (future - change pw to slot?) */
if (certutil.commands[cmd_ChangePassword].activated) {
rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
return !rv - 1;
return (!rv - 1) % 255;
}
/* Check cert validity against current time (-V) */
if (certutil.commands[cmd_CheckCertValidity].activated) {
/* XXX temporary hack for fips - must log in to get priv key */
if (certutil.options[opt_VerifySig].activated) {
secuPWData pwdata = { PW_NONE, 0 };
if (certutil.options[opt_PasswordFile].arg) {
pwdata.source = PW_FROMFILE;
pwdata.data = certutil.options[opt_PasswordFile].arg;
}
if (PK11_NeedLogin(slot))
PK11_Authenticate(slot, PR_TRUE, &pwdata);
}
@ -2572,7 +2554,7 @@ main(int argc, char **argv)
certutil.options[opt_VerifySig].activated,
certutil.options[opt_DetailedInfo].activated,
&pwdata);
return !rv - 1;
return (!rv - 1) % 255;
}
/*
@ -2590,10 +2572,10 @@ main(int argc, char **argv)
certutil.options[opt_NoiseFile].arg,
&pubkey,
certutil.options[opt_PQGFile].arg,
certutil.options[opt_PasswordFile].arg);
&pwdata);
if (privkey == NULL) {
SECU_PrintError(progName, "unable to generate key(s)\n");
return -1;
return 255;
}
privkey->wincx = &pwdata;
PORT_Assert(pubkey != NULL);
@ -2616,7 +2598,7 @@ main(int argc, char **argv)
certutil.options[opt_ASCIIForIO].activated,
outFile ? outFile : PR_STDOUT);
if (rv)
return -1;
return 255;
privkey->wincx = &pwdata;
}
@ -2633,13 +2615,13 @@ main(int argc, char **argv)
if (!inFile) {
PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
certreqfile, PR_GetError(), PR_GetOSError());
return -1;
return 255;
}
outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE, 00660);
if (!outFile) {
PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
certfile, PR_GetError(), PR_GetOSError());
return -1;
return 255;
}
}
@ -2659,7 +2641,7 @@ main(int argc, char **argv)
certutil.options[opt_AddCRLDistPtsExt].activated,
certutil.options[opt_AddNSCertTypeExt].activated);
if (rv)
return -1;
return 255;
}
/*
@ -2673,7 +2655,7 @@ main(int argc, char **argv)
if (!inFile) {
PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n",
certfile, PR_GetError(), PR_GetOSError());
return -1;
return 255;
}
}
@ -2686,7 +2668,7 @@ main(int argc, char **argv)
certutil.options[opt_ASCIIForIO].activated,
certutil.commands[cmd_AddEmailCert].activated);
if (rv)
return -1;
return 255;
}
if (certutil.commands[cmd_CreateAndAddCert].activated) {

12
security/nss/cmd/certutil/keystuff.c
Просмотреть файл

@ -306,14 +306,13 @@ SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
int publicExponent, char *noise,
SECKEYPublicKey **pubkeyp, char *pqgFile,
char *passFile)
secuPWData *pwdata)
{
CK_MECHANISM_TYPE mechanism;
SECOidTag algtag;
PK11RSAGenParams rsaparams;
PQGParams *dsaparams = NULL;
void *params;
secuPWData pwdata = { PW_NONE, 0 };
PRArenaPool *dsaparena;
/*
@ -366,12 +365,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
if (slot == NULL)
return NULL;
if (passFile) {
pwdata.source = PW_FROMFILE;
pwdata.data = passFile;
}
if (PK11_Authenticate(slot, PR_TRUE, &pwdata) != SECSuccess)
if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess)
return NULL;
fprintf(stderr, "\n\n");
@ -379,7 +373,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
return PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp,
PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/,
&pwdata /*wincx*/);
pwdata /*wincx*/);
}
/*