Bug 301496: NSS_Shutdown failure in p7sign. r=nelson
authoralexei.volkov.bugs%sun.com
Thu, 25 Jan 2007 00:52:26 +0000
changeset 7649 d7b15c1eaf973ae8fd10556121b96c81af73a80c
parent 7647 37782998967d0b4b0eed9b6eacbd97feaf7999f7
child 7650 c413cd09e4e0e23838a8dc183e3c00d73b50d303
push idunknown
push userunknown
push dateunknown
reviewersnelson
bugs301496
Bug 301496: NSS_Shutdown failure in p7sign. r=nelson
security/nss/cmd/p7content/p7content.c
security/nss/cmd/p7sign/p7sign.c
security/nss/lib/pkcs7/p7decode.c
security/nss/tests/smime/smime.sh
--- a/security/nss/cmd/p7content/p7content.c
+++ b/security/nss/cmd/p7content/p7content.c
@@ -42,16 +42,17 @@
 
 #include "nspr.h"
 #include "secutil.h"
 #include "plgetopt.h"
 #include "secpkcs7.h"
 #include "cert.h"
 #include "certdb.h"
 #include "nss.h"
+#include "pk11pub.h"
 
 #if defined(XP_UNIX)
 #include <unistd.h>
 #endif
 
 #include <stdio.h>
 #include <string.h>
 
@@ -98,16 +99,29 @@ PrintBytes(void *arg, const char *buf, u
  * need to do it.
  */
 static PRBool
 decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
 {
     return PR_TRUE;
 }
 
+char* KeyDbPassword = 0;
+
+
+char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg)
+{
+    char *ret=0;
+
+    if (retry == PR_TRUE)
+        return NULL;
+    ret = PL_strdup (KeyDbPassword);
+    return ret;
+}
+
 int
 DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
 {
     SECItem derdata;
     SEC_PKCS7ContentInfo *cinfo = NULL;
     SEC_PKCS7DecoderContext *dcx;
 
     if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE)) {
@@ -212,17 +226,17 @@ main(int argc, char **argv)
     progName = progName ? progName+1 : argv[0];
 
     inFile = NULL;
     outFile = NULL;
 
     /*
      * Parse command line arguments
      */
-    optstate = PL_CreateOptState(argc, argv, "d:i:o:");
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case 'd':
 	    SECU_ConfigDirectory(optstate->value);
 	    break;
 
 	  case 'i':
 	    inFile = PR_Open(optstate->value, PR_RDONLY, 0);
@@ -237,16 +251,20 @@ main(int argc, char **argv)
 	    outFile = fopen(optstate->value, "w");
 	    if (!outFile) {
 		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
 			progName, optstate->value);
 		return -1;
 	    }
 	    break;
 
+	  case 'p':
+            KeyDbPassword = strdup (optstate->value);
+            break;
+
 	  default:
 	    Usage(progName);
 	    break;
 	}
     }
     if (status == PL_OPT_BAD)
 	Usage(progName);
 
@@ -256,16 +274,18 @@ main(int argc, char **argv)
     /* Call the initialization routines */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
     rv = NSS_Init(SECU_ConfigDirectory(NULL));
     if (rv != SECSuccess) {
 	SECU_PrintPRandOSError(progName);
 	return -1;
     }
 
+    PK11_SetPasswordFunc (MyPK11PasswordFunc);
+
     if (DecodeAndPrintFile(outFile, inFile, progName)) {
 	SECU_PrintError(progName, "problem decoding data");
 	return -1;
     }
     
     if (NSS_Shutdown() != SECSuccess) {
         exit(1);
     }
--- a/security/nss/cmd/p7sign/p7sign.c
+++ b/security/nss/cmd/p7sign/p7sign.c
@@ -301,13 +301,14 @@ loser:
     }
     if (inFile && inFile != PR_STDIN) {
         PR_Close(inFile);
     }
     if (outFile && outFile != stdout) {
         fclose(outFile);
     }
     if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS shutdown:");
         exit(1);
     }
 
     return (rv != SECSuccess);
 }
--- a/security/nss/lib/pkcs7/p7decode.c
+++ b/security/nss/lib/pkcs7/p7decode.c
@@ -435,19 +435,19 @@ extern const SEC_ASN1Template SEC_SMIMEK
 static PK11SymKey *
 sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx,
 				     SEC_PKCS7RecipientInfo **recipientinfos,
 				     SEC_PKCS7EncryptedContentInfo *enccinfo)
 {
     SEC_PKCS7RecipientInfo *ri;
     CERTCertificate *cert = NULL;
     SECKEYPrivateKey *privkey = NULL;
-    PK11SymKey *bulkkey;
+    PK11SymKey *bulkkey = NULL;
     SECOidTag keyalgtag, bulkalgtag, encalgtag;
-    PK11SlotInfo *slot;
+    PK11SlotInfo *slot = NULL;
     int bulkLength = 0;
 
     if (recipientinfos == NULL || recipientinfos[0] == NULL) {
 	p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT;
 	goto no_key_found;
     }
 
     cert = PK11_FindCertAndKeyByRecipientList(&slot,recipientinfos,&ri,
@@ -587,26 +587,26 @@ sec_pkcs7_decoder_get_recipient_key (SEC
 		  p7dcx->error = PORT_GetError();
 		  PORT_SetError(0);
 		  goto no_key_found;
 	      }
 	      break;
 	  }
       default:
 	p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG;
-	goto no_key_found;
+	break;
     }
 
-    return bulkkey;
-
 no_key_found:
     if (privkey != NULL)
 	SECKEY_DestroyPrivateKey (privkey);
+    if (slot != NULL)
+	PK11_FreeSlot(slot);
 
-    return NULL;
+    return bulkkey;
 }
  
 /*
  * XXX The following comment is old -- the function used to only handle
  * EnvelopedData or SignedAndEnvelopedData but now handles EncryptedData
  * as well (and it had all of the code of the helper function above
  * built into it), though the comment was left as is.  Fix it...
  *
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -141,16 +141,42 @@ smime_sign()
       diff alice.txt alice-ec.data.${HASH}
       html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
   fi
 
 }
 
 
 
+smime_p7()
+{
+  echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
+  echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
+  p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
+  html_msg $? 0 "Creating envelope for user Alice" "."
+
+  echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
+  p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+
+  sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
+
+  echo "diff alice.txt alice_p7.data.sed"
+  diff alice.txt alice_p7.data.sed
+  html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
+
+  echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
+  p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
+  html_msg $? 0 "Signing file for user Alice" "."
+
+  echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
+  p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+}
+
 ############################## smime_main ##############################
 # local shell function to test basic signed and enveloped messages 
 # from 1 --> 2"
 ########################################################################
 smime_main()
 {
 
   HASH=SHA1
@@ -256,10 +282,11 @@ smime_cleanup()
   cd ${QADIR}
   . common/cleanup.sh
 }
 
 ################## main #################################################
 
 smime_init
 smime_main
+smime_p7
 smime_cleanup