diff options
| author | nicolson%netscape.com <devnull@localhost> | 2001-06-25 21:33:56 +0000 |
|---|---|---|
| committer | nicolson%netscape.com <devnull@localhost> | 2001-06-25 21:33:56 +0000 |
| commit | a20ae27046819e9cf1c5c423097b87dcebfa1a1b (patch) | |
| tree | 0b4cc07c31d4e182bcc9fb9f3d30ae59e0165cdb | |
| parent | fa31cd7c90cc01539d2369727d906c0b54c03d27 (diff) | |
| download | nss-hg-a20ae27046819e9cf1c5c423097b87dcebfa1a1b.tar.gz | |
Fix 70758: signtool fails on Windows 2000, returns still 0.
| -rw-r--r-- | security/nss/cmd/signtool/certgen.c | 8 | ||||
| -rw-r--r-- | security/nss/cmd/signtool/list.c | 5 | ||||
| -rw-r--r-- | security/nss/cmd/signtool/signtool.c | 35 | ||||
| -rw-r--r-- | security/nss/cmd/signtool/signtool.h | 6 | ||||
| -rw-r--r-- | security/nss/cmd/signtool/util.c | 2 | ||||
| -rw-r--r-- | security/nss/cmd/signtool/verify.c | 19 |
6 files changed, 57 insertions, 18 deletions
diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index 8206529f1..0709e5b44 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -63,7 +63,7 @@ static void output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db); * Runs the whole process of creating a new cert, getting info from the * user, etc. */ -void +int GenerateCert(char *nickname, int keysize, char *token) { CERTCertDBHandle *db; @@ -83,7 +83,7 @@ GenerateCert(char *nickname, int keysize, char *token) if(tolower(stdinbuf[0]) != 'y') { PR_fprintf(errorFD, "Operation aborted at user's request.\n"); errorCount++; - return; + return -1; } db = CERT_GetDefaultCertDB(); @@ -111,6 +111,7 @@ GenerateCert(char *nickname, int keysize, char *token) } PORT_Free(subject); + return 0; } #undef VERBOSE_PROMPTS @@ -684,7 +685,7 @@ output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db) { PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename); errorCount++; - return; + exit(ERRX); } certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, db); @@ -699,6 +700,7 @@ output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db) else { PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n", PROGRAM_NAME); errorCount++; + exit(ERRX); } fclose (out); diff --git a/security/nss/cmd/signtool/list.c b/security/nss/cmd/signtool/list.c index bd163f447..b21090c2e 100644 --- a/security/nss/cmd/signtool/list.c +++ b/security/nss/cmd/signtool/list.c @@ -117,8 +117,6 @@ ListCerts(char *key, int list_certs) if (key) { /* Do an analysis of the given cert */ - SECStatus rv; - cert = PK11_FindCertFromNickname(key, NULL /*wincx*/); if (cert) { @@ -167,6 +165,9 @@ ListCerts(char *key, int list_certs) PORT_FreeArena(errlog.arena, PR_FALSE); } + if (rv != SECSuccess) { + return -1; + } return 0; } diff --git a/security/nss/cmd/signtool/signtool.c b/security/nss/cmd/signtool/signtool.c index eb9c43219..98b5b7e39 100644 --- a/security/nss/cmd/signtool/signtool.c +++ b/security/nss/cmd/signtool/signtool.c @@ -927,11 +927,21 @@ main(int argc, char *argv[]) if (verify) { - VerifyJar(verify); + if (VerifyJar(verify)) + { + errorCount++; + retval = -1; + goto cleanup; + } } else if (list_certs) { - ListCerts(keyName, list_certs); + if (ListCerts(keyName, list_certs)) + { + errorCount++; + retval = -1; + goto cleanup; + } } else if (list_modules) { @@ -939,11 +949,21 @@ main(int argc, char *argv[]) } else if (genkey) { - GenerateCert(genkey, keySize, token); + if (GenerateCert(genkey, keySize, token)) + { + errorCount++; + retval = -1; + goto cleanup; + } } else if (tell_who) { - JarWho(tell_who); + if (JarWho(tell_who)) + { + errorCount++; + retval = -1; + goto cleanup; + } } else if (javascript && jartree) { @@ -974,8 +994,11 @@ main(int argc, char *argv[]) } /* sign any resultant .arc directories created in above step */ - SignAllArc(jartree, keyName, javascript, metafile, install_script, - optimize, !noRecurse); + if(SignAllArc(jartree, keyName, javascript, metafile, install_script, + optimize, !noRecurse)) { + retval = -1; + goto cleanup; + } if(!leaveArc) { RemoveAllArc(jartree); diff --git a/security/nss/cmd/signtool/signtool.h b/security/nss/cmd/signtool/signtool.h index bd00ac23b..bcb5b3fd9 100644 --- a/security/nss/cmd/signtool/signtool.h +++ b/security/nss/cmd/signtool/signtool.h @@ -58,7 +58,7 @@ * General Defines */ #define JAR_BASE_END JAR_BASE + 100 -#define ERRX (-1) /* the exit code used on failure */ +#define ERRX (1) /* the exit code used on failure */ #define FNSIZE 256 /* the maximum length for filenames */ #define MAX_RSA_KEY_SIZE 4096 #define DEFAULT_RSA_KEY_SIZE 1024 @@ -81,7 +81,7 @@ /*************************************************************** * Main Task Functions */ -void GenerateCert(char *nickname, int keysize, char *token); +int GenerateCert(char *nickname, int keysize, char *token); int ListCerts(char *key, int list_certs); int VerifyJar(char *filename); int SignArchive(char *tree, char *keyName, char *zip_file, int javascript, @@ -89,7 +89,7 @@ int SignArchive(char *tree, char *keyName, char *zip_file, int javascript, int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile, char *install_script, int optimize, PRBool recurse); int InlineJavaScript(char *dir, PRBool recurse); -void JarWho(char *filename); +int JarWho(char *filename); void JarListModules(void); /************************************************************** diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index 51e0c7efb..6f9ecf77b 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -239,7 +239,7 @@ usage (void) PR_fprintf(outputFD, " http://developer.netscape.com/library/documentation/signedobj/signtool/\n"); - exit (0); + exit (ERRX); } /* diff --git a/security/nss/cmd/signtool/verify.c b/security/nss/cmd/signtool/verify.c index b75d4527e..6b2da2c90 100644 --- a/security/nss/cmd/signtool/verify.c +++ b/security/nss/cmd/signtool/verify.c @@ -49,6 +49,7 @@ VerifyJar(char *filename) int ret; int status; + int failed = 0; char *err; JAR *jar; @@ -102,7 +103,8 @@ VerifyJar(char *filename) PR_fprintf(outputFD, "archive \"%s\" has passed crypto verification.\n", filename); - verify_global (jar); + if (verify_global (jar)) + failed = 1; PR_fprintf(outputFD, "\n"); PR_fprintf(outputFD, "%16s %s\n", "status", "path"); @@ -117,6 +119,7 @@ VerifyJar(char *filename) rm_dash_r(TMP_OUTPUT); ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT); /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */ + if (ret < 0) failed = 1; if (ret == JAR_ERR_PNF) err = "NOT PRESENT"; @@ -144,6 +147,10 @@ VerifyJar(char *filename) JAR_destroy (jar); + if (status < 0) + return status; + if (jar->valid < 0 || failed) + return ERRX; return 0; } @@ -168,6 +175,8 @@ verify_global (JAR *jar) unsigned char *md5_digest, *sha1_digest; + int retval = 0; + ctx = JAR_find (jar, "*", jarTypePhy); while (JAR_find_next (ctx, &it) >= 0) { @@ -203,6 +212,7 @@ verify_global (JAR *jar) PR_fprintf(errorFD, "%s: error extracting %s\n", PROGRAM_NAME, it->pathname); errorCount++; + retval = -1; continue; } @@ -266,14 +276,14 @@ verify_global (JAR *jar) JAR_find_end (ctx); - return 0; + return retval; } /************************************************************************ * * J a r W h o */ -void +int JarWho(char *filename) { FILE *fp; @@ -282,6 +292,7 @@ JarWho(char *filename) JAR_Context *ctx; int status; + int retval = 0; JAR_Item *it; JAR_Cert *fing; @@ -304,6 +315,7 @@ JarWho(char *filename) { PR_fprintf(outputFD, "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename); + retval = -1; if (jar->valid < 0 || status != -1) { char *errtext; @@ -351,6 +363,7 @@ JarWho(char *filename) JAR_find_end (ctx); JAR_destroy (jar); + return retval; } /************************************************************************ |