Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1460673 - handle p12 properly, r=ttaubert
Differential Revision: https://phabricator.services.mozilla.com/D1295

--HG--
extra : rebase_source : 3bf6646352a05b65a29b76cbc06510ce93fd1050
extra : amend_source : d572d1c0915d74348207c44db2f1a56d191d05a2
extra : histedit_source : 8e185e4a7d6e8550df49a0fe5826fb992d82fd00%2Cbd442a581f37e5cd0929fc4d2ec59df576f2590b
  • Loading branch information
franziskuskiefer committed May 16, 2018
1 parent 0ea280c commit 376da7d
Show file tree
Hide file tree
Showing 7 changed files with 274 additions and 8 deletions.
5 changes: 5 additions & 0 deletions cpputil/scoped_ptrs.h
Expand Up @@ -13,6 +13,7 @@
#include "pk11pub.h"
#include "pkcs11uri.h"
#include "sslexp.h"
#include "p12.h"

struct ScopedDelete {
void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
Expand Down Expand Up @@ -41,6 +42,9 @@ struct ScopedDelete {
void operator()(SSLResumptionTokenInfo* token) {
SSL_DestroyResumptionTokenInfo(token);
}
void operator()(SEC_PKCS12DecoderContext* dcx) {
SEC_PKCS12DecoderFinish(dcx);
}
};

template <class T>
Expand Down Expand Up @@ -73,6 +77,7 @@ SCOPED(PLArenaPool);
SCOPED(PK11Context);
SCOPED(PK11GenericObject);
SCOPED(SSLResumptionTokenInfo);
SCOPED(SEC_PKCS12DecoderContext);

#undef SCOPED

Expand Down
3 changes: 3 additions & 0 deletions gtests/der_gtest/der_gtest.gyp
Expand Up @@ -13,6 +13,7 @@
'sources': [
'der_getint_unittest.cc',
'der_quickder_unittest.cc',
'p12_import_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
Expand All @@ -21,6 +22,8 @@
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
'<(DEPTH)/lib/nss/nss.gyp:nss3',
'<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
'<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
]
}
],
Expand Down
1 change: 1 addition & 0 deletions gtests/der_gtest/manifest.mn
Expand Up @@ -9,6 +9,7 @@ MODULE = nss
CPPSRCS = \
der_getint_unittest.cc \
der_quickder_unittest.cc \
p12_import_unittest.cc \
$(NULL)

INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
Expand Down
251 changes: 251 additions & 0 deletions gtests/der_gtest/p12_import_unittest.cc

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions lib/pkcs12/p12d.c
Expand Up @@ -813,6 +813,7 @@ sec_pkcs12_decoder_asafes_notify(void *arg, PRBool before, void *dest,
unsigned int cnt = p12dcx->safeContentsCnt - 1;
safeContentsCtx = p12dcx->safeContentsList[cnt];
if (safeContentsCtx->safeContentsA1Dcx) {
SEC_ASN1DecoderClearFilterProc(p12dcx->aSafeA1Dcx);
SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsA1Dcx);
safeContentsCtx->safeContentsA1Dcx = NULL;
}
Expand Down
6 changes: 6 additions & 0 deletions lib/pkcs7/p7decode.c
Expand Up @@ -560,6 +560,7 @@ sec_pkcs7_decoder_start_decrypt(SEC_PKCS7DecoderContext *p7dcx, int depth,
return SECSuccess;

no_decryption:
PK11_FreeSymKey(bulkkey);
/*
* For some reason (error set already, if appropriate), we cannot
* decrypt the content. I am not sure what exactly is the right
Expand Down Expand Up @@ -1031,6 +1032,11 @@ SECStatus
SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
const char *buf, unsigned long len)
{
if (!p7dcx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}

if (p7dcx->cinfo != NULL && p7dcx->dcx != NULL) {
PORT_Assert(p7dcx->error == 0);
if (p7dcx->error == 0) {
Expand Down
15 changes: 7 additions & 8 deletions lib/util/secasn1d.c
Expand Up @@ -175,7 +175,7 @@ static int /* bool */
}
}
} else {
sprintf(buf, " [%d]", k);
sprintf(buf, " [%lu]", k);
}
buf += strlen(buf);

Expand Down Expand Up @@ -982,7 +982,7 @@ sec_asn1d_prepare_for_contents(sec_asn1d_state *state)

#ifdef DEBUG_ASN1D_STATES
{
printf("Found Length %d %s\n", state->contents_length,
printf("Found Length %lu %s\n", state->contents_length,
state->indefinite ? "indefinite" : "");
}
#endif
Expand Down Expand Up @@ -2717,16 +2717,15 @@ dump_states(SEC_ASN1DecoderContext *cx)
}

i = formatKind(state->theTemplate->kind, kindBuf);
printf("%s: tmpl %08x, kind%s",
printf("%s: tmpl kind %s",
(state == cx->current) ? "STATE" : "State",
state->theTemplate,
kindBuf);
printf(" %s", (state->place >= 0 && state->place <= notInUse) ? place_names[state->place] : "(undefined)");
if (!i)
printf(", expect 0x%02x",
printf(", expect 0x%02lx",
state->expect_tag_number | state->expect_tag_modifiers);

printf("%s%s%s %d\n",
printf("%s%s%s %lu\n",
state->indefinite ? ", indef" : "",
state->missing ? ", miss" : "",
state->endofcontents ? ", EOC" : "",
Expand Down Expand Up @@ -2754,7 +2753,7 @@ SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx,
what = SEC_ASN1_Contents;
consumed = 0;
#ifdef DEBUG_ASN1D_STATES
printf("\nPLACE = %s, next byte = 0x%02x, %08x[%d]\n",
printf("\nPLACE = %s, next byte = 0x%02x, %p[%lu]\n",
(state->place >= 0 && state->place <= notInUse) ? place_names[state->place] : "(undefined)",
len ? (unsigned int)((unsigned char *)buf)[consumed] : 0,
buf, consumed);
Expand Down Expand Up @@ -2977,7 +2976,7 @@ SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx)
{
SECStatus rv;

if (cx->status == needBytes) {
if (!cx || cx->status == needBytes) {
PORT_SetError(SEC_ERROR_BAD_DER);
rv = SECFailure;
} else {
Expand Down

0 comments on commit 376da7d

Please sign in to comment.