summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/crlutil/crlutil.c1
-rw-r--r--cmd/lib/secutil.c1
-rw-r--r--cmd/modutil/install-ds.c4
-rw-r--r--cmd/signtool/javascript.c7
-rw-r--r--cmd/signtool/list.c9
-rw-r--r--cmd/signtool/util.c4
-rw-r--r--cmd/signver/pk7print.c53
-rw-r--r--cmd/symkeyutil/symkeyutil.c1
8 files changed, 54 insertions, 26 deletions
diff --git a/cmd/crlutil/crlutil.c b/cmd/crlutil/crlutil.c
index be2e47a6c..2ce7b27d9 100644
--- a/cmd/crlutil/crlutil.c
+++ b/cmd/crlutil/crlutil.c
@@ -386,7 +386,6 @@ CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "unable to read input file");
- PORT_FreeArena(modArena, PR_FALSE);
goto loser;
}
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c
index b70a14172..7fb041ec7 100644
--- a/cmd/lib/secutil.c
+++ b/cmd/lib/secutil.c
@@ -1378,6 +1378,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
(pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
curveOID.len = pk->u.ec.DEREncodedParams.data[1];
curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
+ curveOID.len = PR_MIN(curveOID.len, pk->u.ec.DEREncodedParams.len - 2);
SECU_PrintObjectID(out, &curveOID, "Curve", level + 1);
}
}
diff --git a/cmd/modutil/install-ds.c b/cmd/modutil/install-ds.c
index a013d05a3..b14c28a0a 100644
--- a/cmd/modutil/install-ds.c
+++ b/cmd/modutil/install-ds.c
@@ -1034,7 +1034,7 @@ Pk11Install_Info_Cleanup(Pk11Install_Info* _this)
for (i = 0; i < _this->numPlatforms; i++) {
Pk11Install_Platform_delete(&_this->platforms[i]);
}
- PR_Free(&_this->platforms);
+ PR_Free(_this->platforms);
_this->platforms = NULL;
_this->numPlatforms = 0;
}
@@ -1043,7 +1043,7 @@ Pk11Install_Info_Cleanup(Pk11Install_Info* _this)
for (i = 0; i < _this->numForwardCompatible; i++) {
Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]);
}
- PR_Free(&_this->forwardCompatible);
+ PR_Free(_this->forwardCompatible);
_this->numForwardCompatible = 0;
}
}
diff --git a/cmd/signtool/javascript.c b/cmd/signtool/javascript.c
index 58869aa61..87894b74a 100644
--- a/cmd/signtool/javascript.c
+++ b/cmd/signtool/javascript.c
@@ -1338,13 +1338,15 @@ extract_js(char *filename)
if ((PL_strlen(archiveDir) < 4) ||
PL_strcasecmp((archiveDir + strlen(archiveDir) - 4),
".jar")) {
+ char *newArchiveDir = NULL;
PR_fprintf(errorFD,
"warning: ARCHIVE attribute should end in \".jar\" in tag"
" starting on %s:%d.\n",
filename, curitem->startLine);
warningCount++;
+ newArchiveDir = PR_smprintf("%s.arc", archiveDir);
PR_Free(archiveDir);
- archiveDir = PR_smprintf("%s.arc", archiveDir);
+ archiveDir = newArchiveDir;
} else {
PL_strcpy(archiveDir + strlen(archiveDir) - 4, ".arc");
}
@@ -1650,9 +1652,6 @@ loser:
if (entityListTail) {
PR_Free(entityListTail);
}
- if (curitem) {
- PR_Free(curitem);
- }
if (basedir) {
PR_Free(basedir);
}
diff --git a/cmd/signtool/list.c b/cmd/signtool/list.c
index 70f62d2b1..dd42d8125 100644
--- a/cmd/signtool/list.c
+++ b/cmd/signtool/list.c
@@ -19,7 +19,6 @@ ListCerts(char *key, int list_certs)
{
int failed = 0;
SECStatus rv;
- char *ugly_list;
CERTCertDBHandle *db;
CERTCertificate *cert;
@@ -33,14 +32,6 @@ ListCerts(char *key, int list_certs)
errlog.tail = NULL;
errlog.count = 0;
- ugly_list = PORT_ZAlloc(16);
-
- if (ugly_list == NULL) {
- out_of_memory();
- }
-
- *ugly_list = 0;
-
db = CERT_GetDefaultCertDB();
if (list_certs == 2) {
diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c
index 49b7f3b05..ecd22e39c 100644
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -138,8 +138,10 @@ rm_dash_r(char *path)
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
sprintf(filename, "%s/%s", path, entry->name);
- if (rm_dash_r(filename))
+ if (rm_dash_r(filename)) {
+ PR_CloseDir(dir);
return -1;
+ }
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
diff --git a/cmd/signver/pk7print.c b/cmd/signver/pk7print.c
index deaaaf9e3..9ebf92088 100644
--- a/cmd/signver/pk7print.c
+++ b/cmd/signver/pk7print.c
@@ -311,40 +311,75 @@ sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
}
+void
+sv_PrintECDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
+{
+ SECItem curve = { siBuffer, NULL, 0 };
+ if ((pk->u.ec.DEREncodedParams.len > 2) &&
+ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
+ /* strip to just the oid for the curve */
+ curve.len = pk->u.ec.DEREncodedParams.data[1];
+ curve.data = pk->u.ec.DEREncodedParams.data + 2;
+ /* don't overflow the buffer */
+ curve.len = PR_MIN(curve.len, pk->u.ec.DEREncodedParams.len - 2);
+ fprintf(out, "%s", m);
+ sv_PrintObjectID(out, &curve, "curve=");
+ }
+ fprintf(out, "%s", m);
+ sv_PrintInteger(out, &pk->u.ec.publicValue, "publicValue=");
+}
+
int
sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
CERTSubjectPublicKeyInfo *i, char *msg)
{
- SECKEYPublicKey *pk;
+ SECKEYPublicKey pk;
int rv;
char mm[200];
sprintf(mm, "%s.publicKeyAlgorithm=", msg);
sv_PrintAlgorithmID(out, &i->algorithm, mm);
- pk = (SECKEYPublicKey *)PORT_ZAlloc(sizeof(SECKEYPublicKey));
- if (!pk)
- return PORT_GetError();
-
DER_ConvertBitString(&i->subjectPublicKey);
switch (SECOID_FindOIDTag(&i->algorithm.algorithm)) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
- rv = SEC_ASN1DecodeItem(arena, pk,
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+ rv = SEC_ASN1DecodeItem(arena, &pk,
SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate),
&i->subjectPublicKey);
if (rv)
return rv;
sprintf(mm, "%s.rsaPublicKey.", msg);
- sv_PrintRSAPublicKey(out, pk, mm);
+ sv_PrintRSAPublicKey(out, &pk, mm);
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
- rv = SEC_ASN1DecodeItem(arena, pk,
+ rv = SEC_ASN1DecodeItem(arena, &pk,
SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate),
&i->subjectPublicKey);
if (rv)
return rv;
+#ifdef notdef
+ /* SECKEY_PQGParamsTemplate is not yet exported form NSS */
+ rv = SEC_ASN1DecodeItem(arena, &pk.u.dsa.params,
+ SEC_ASN1_GET(SECKEY_PQGParamsTemplate),
+ &i->algorithm.parameters);
+ if (rv)
+ return rv;
+#endif
sprintf(mm, "%s.dsaPublicKey.", msg);
- sv_PrintDSAPublicKey(out, pk, mm);
+ sv_PrintDSAPublicKey(out, &pk, mm);
+ break;
+ case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+ rv = SECITEM_CopyItem(arena, &pk.u.ec.DEREncodedParams,
+ &i->algorithm.parameters);
+ if (rv)
+ return rv;
+ rv = SECITEM_CopyItem(arena, &pk.u.ec.publicValue,
+ &i->subjectPublicKey);
+ if (rv)
+ return rv;
+ sprintf(mm, "%s.ecdsaPublicKey.", msg);
+ sv_PrintECDSAPublicKey(out, &pk, mm);
break;
default:
fprintf(out, "%s=bad SPKI algorithm type\n", msg);
diff --git a/cmd/symkeyutil/symkeyutil.c b/cmd/symkeyutil/symkeyutil.c
index 630433823..5f6355b8b 100644
--- a/cmd/symkeyutil/symkeyutil.c
+++ b/cmd/symkeyutil/symkeyutil.c
@@ -303,6 +303,7 @@ PrintKey(PK11SymKey *symKey)
printf("<restricted>");
}
printf("\n");
+ PORT_Free(name);
}
SECStatus