diff options
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/crlutil/crlutil.c | 1 | ||||
-rw-r--r-- | cmd/lib/secutil.c | 1 | ||||
-rw-r--r-- | cmd/modutil/install-ds.c | 4 | ||||
-rw-r--r-- | cmd/signtool/javascript.c | 7 | ||||
-rw-r--r-- | cmd/signtool/list.c | 9 | ||||
-rw-r--r-- | cmd/signtool/util.c | 4 | ||||
-rw-r--r-- | cmd/signver/pk7print.c | 53 | ||||
-rw-r--r-- | cmd/symkeyutil/symkeyutil.c | 1 |
8 files changed, 54 insertions, 26 deletions
diff --git a/cmd/crlutil/crlutil.c b/cmd/crlutil/crlutil.c index be2e47a6c..2ce7b27d9 100644 --- a/cmd/crlutil/crlutil.c +++ b/cmd/crlutil/crlutil.c @@ -386,7 +386,6 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle, rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read input file"); - PORT_FreeArena(modArena, PR_FALSE); goto loser; } diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index b70a14172..7fb041ec7 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -1378,6 +1378,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) (pk->u.ec.DEREncodedParams.data[0] == 0x06)) { curveOID.len = pk->u.ec.DEREncodedParams.data[1]; curveOID.data = pk->u.ec.DEREncodedParams.data + 2; + curveOID.len = PR_MIN(curveOID.len, pk->u.ec.DEREncodedParams.len - 2); SECU_PrintObjectID(out, &curveOID, "Curve", level + 1); } } diff --git a/cmd/modutil/install-ds.c b/cmd/modutil/install-ds.c index a013d05a3..b14c28a0a 100644 --- a/cmd/modutil/install-ds.c +++ b/cmd/modutil/install-ds.c @@ -1034,7 +1034,7 @@ Pk11Install_Info_Cleanup(Pk11Install_Info* _this) for (i = 0; i < _this->numPlatforms; i++) { Pk11Install_Platform_delete(&_this->platforms[i]); } - PR_Free(&_this->platforms); + PR_Free(_this->platforms); _this->platforms = NULL; _this->numPlatforms = 0; } @@ -1043,7 +1043,7 @@ Pk11Install_Info_Cleanup(Pk11Install_Info* _this) for (i = 0; i < _this->numForwardCompatible; i++) { Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]); } - PR_Free(&_this->forwardCompatible); + PR_Free(_this->forwardCompatible); _this->numForwardCompatible = 0; } } diff --git a/cmd/signtool/javascript.c b/cmd/signtool/javascript.c index 58869aa61..87894b74a 100644 --- a/cmd/signtool/javascript.c +++ b/cmd/signtool/javascript.c @@ -1338,13 +1338,15 @@ extract_js(char *filename) if ((PL_strlen(archiveDir) < 4) || PL_strcasecmp((archiveDir + strlen(archiveDir) - 4), ".jar")) { + char *newArchiveDir = NULL; PR_fprintf(errorFD, "warning: ARCHIVE attribute should end in \".jar\" in tag" " starting on %s:%d.\n", filename, curitem->startLine); warningCount++; + newArchiveDir = PR_smprintf("%s.arc", archiveDir); PR_Free(archiveDir); - archiveDir = PR_smprintf("%s.arc", archiveDir); + archiveDir = newArchiveDir; } else { PL_strcpy(archiveDir + strlen(archiveDir) - 4, ".arc"); } @@ -1650,9 +1652,6 @@ loser: if (entityListTail) { PR_Free(entityListTail); } - if (curitem) { - PR_Free(curitem); - } if (basedir) { PR_Free(basedir); } diff --git a/cmd/signtool/list.c b/cmd/signtool/list.c index 70f62d2b1..dd42d8125 100644 --- a/cmd/signtool/list.c +++ b/cmd/signtool/list.c @@ -19,7 +19,6 @@ ListCerts(char *key, int list_certs) { int failed = 0; SECStatus rv; - char *ugly_list; CERTCertDBHandle *db; CERTCertificate *cert; @@ -33,14 +32,6 @@ ListCerts(char *key, int list_certs) errlog.tail = NULL; errlog.count = 0; - ugly_list = PORT_ZAlloc(16); - - if (ugly_list == NULL) { - out_of_memory(); - } - - *ugly_list = 0; - db = CERT_GetDefaultCertDB(); if (list_certs == 2) { diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c index 49b7f3b05..ecd22e39c 100644 --- a/cmd/signtool/util.c +++ b/cmd/signtool/util.c @@ -138,8 +138,10 @@ rm_dash_r(char *path) /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { sprintf(filename, "%s/%s", path, entry->name); - if (rm_dash_r(filename)) + if (rm_dash_r(filename)) { + PR_CloseDir(dir); return -1; + } } if (PR_CloseDir(dir) != PR_SUCCESS) { diff --git a/cmd/signver/pk7print.c b/cmd/signver/pk7print.c index deaaaf9e3..9ebf92088 100644 --- a/cmd/signver/pk7print.c +++ b/cmd/signver/pk7print.c @@ -311,40 +311,75 @@ sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m) sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue="); } +void +sv_PrintECDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m) +{ + SECItem curve = { siBuffer, NULL, 0 }; + if ((pk->u.ec.DEREncodedParams.len > 2) && + (pk->u.ec.DEREncodedParams.data[0] == 0x06)) { + /* strip to just the oid for the curve */ + curve.len = pk->u.ec.DEREncodedParams.data[1]; + curve.data = pk->u.ec.DEREncodedParams.data + 2; + /* don't overflow the buffer */ + curve.len = PR_MIN(curve.len, pk->u.ec.DEREncodedParams.len - 2); + fprintf(out, "%s", m); + sv_PrintObjectID(out, &curve, "curve="); + } + fprintf(out, "%s", m); + sv_PrintInteger(out, &pk->u.ec.publicValue, "publicValue="); +} + int sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, CERTSubjectPublicKeyInfo *i, char *msg) { - SECKEYPublicKey *pk; + SECKEYPublicKey pk; int rv; char mm[200]; sprintf(mm, "%s.publicKeyAlgorithm=", msg); sv_PrintAlgorithmID(out, &i->algorithm, mm); - pk = (SECKEYPublicKey *)PORT_ZAlloc(sizeof(SECKEYPublicKey)); - if (!pk) - return PORT_GetError(); - DER_ConvertBitString(&i->subjectPublicKey); switch (SECOID_FindOIDTag(&i->algorithm.algorithm)) { case SEC_OID_PKCS1_RSA_ENCRYPTION: - rv = SEC_ASN1DecodeItem(arena, pk, + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + rv = SEC_ASN1DecodeItem(arena, &pk, SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &i->subjectPublicKey); if (rv) return rv; sprintf(mm, "%s.rsaPublicKey.", msg); - sv_PrintRSAPublicKey(out, pk, mm); + sv_PrintRSAPublicKey(out, &pk, mm); break; case SEC_OID_ANSIX9_DSA_SIGNATURE: - rv = SEC_ASN1DecodeItem(arena, pk, + rv = SEC_ASN1DecodeItem(arena, &pk, SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate), &i->subjectPublicKey); if (rv) return rv; +#ifdef notdef + /* SECKEY_PQGParamsTemplate is not yet exported form NSS */ + rv = SEC_ASN1DecodeItem(arena, &pk.u.dsa.params, + SEC_ASN1_GET(SECKEY_PQGParamsTemplate), + &i->algorithm.parameters); + if (rv) + return rv; +#endif sprintf(mm, "%s.dsaPublicKey.", msg); - sv_PrintDSAPublicKey(out, pk, mm); + sv_PrintDSAPublicKey(out, &pk, mm); + break; + case SEC_OID_ANSIX962_EC_PUBLIC_KEY: + rv = SECITEM_CopyItem(arena, &pk.u.ec.DEREncodedParams, + &i->algorithm.parameters); + if (rv) + return rv; + rv = SECITEM_CopyItem(arena, &pk.u.ec.publicValue, + &i->subjectPublicKey); + if (rv) + return rv; + sprintf(mm, "%s.ecdsaPublicKey.", msg); + sv_PrintECDSAPublicKey(out, &pk, mm); break; default: fprintf(out, "%s=bad SPKI algorithm type\n", msg); diff --git a/cmd/symkeyutil/symkeyutil.c b/cmd/symkeyutil/symkeyutil.c index 630433823..5f6355b8b 100644 --- a/cmd/symkeyutil/symkeyutil.c +++ b/cmd/symkeyutil/symkeyutil.c @@ -303,6 +303,7 @@ PrintKey(PK11SymKey *symKey) printf("<restricted>"); } printf("\n"); + PORT_Free(name); } SECStatus |