Bug 1681099, pk11wrap: Tighten certificate lookup based on PKCS #11 URI, r=kjacobs,rrelyea

Previously we only used the "object" attribute (mapped to CKA_LABEL) to find certificates by PKCS #11 URI. This updates the logic to match also with "id" (mapped to CKA_ID) and reject the request if a "type" attribute is present with the value other than "cert". Note: as "id" may not be null-terminated, the PKCS #11 URI API had to be revamped to allow binary blobs. This is still not perfect because PK11URIAttribute doesn't have a length field of value. Differential Revision: https://phabricator.services.mozilla.com/D98940
author: Daiki Ueno <dueno@redhat.com> 2022-07-26 15:52:17 +0000
committer: Daiki Ueno <dueno@redhat.com> 2022-07-26 15:52:17 +0000
commit: cc39dbca85e59e564114a1e12058674ee3d3bac4 (patch)
tree: 7edc7db27ae59dd8100652c18e188c89d523f30e /automation
parent: b2262dcec97c040af81e765d58553dbd51b2a783 (diff)
download: nss-hg-cc39dbca85e59e564114a1e12058674ee3d3bac4.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/automation/abi-check/expected-report-libnssutil3.so.txt b/automation/abi-check/expected-report-libnssutil3.so.txt
index e69de29bb..ba634d9ab 100644
--- a/automation/abi-check/expected-report-libnssutil3.so.txt
+++ b/automation/abi-check/expected-report-libnssutil3.so.txt
@@ -0,0 +1,6 @@
+
+2 Added functions:
+
+  'function const SECItem* PK11URI_GetPathAttributeItem(PK11URI*, const char*)'    {PK11URI_GetPathAttributeItem@@NSSUTIL_3.82}
+  'function const SECItem* PK11URI_GetQueryAttributeItem(PK11URI*, const char*)'    {PK11URI_GetQueryAttributeItem@@NSSUTIL_3.82}
+
author	Daiki Ueno <dueno@redhat.com>	2022-07-26 15:52:17 +0000
committer	Daiki Ueno <dueno@redhat.com>	2022-07-26 15:52:17 +0000
commit	cc39dbca85e59e564114a1e12058674ee3d3bac4 (patch)
tree	7edc7db27ae59dd8100652c18e188c89d523f30e /automation
parent	b2262dcec97c040af81e765d58553dbd51b2a783 (diff)
download	nss-hg-cc39dbca85e59e564114a1e12058674ee3d3bac4.tar.gz