Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 590991, Implement a tool to externally "test for existing valid .…
…chk file", without loading the tested shared library (chktest)

r=rrelyea
  • Loading branch information
kaie%kuix.de committed Dec 6, 2010
1 parent a326685 commit 9fcd2dc
Show file tree
Hide file tree
Showing 9 changed files with 248 additions and 4 deletions.
79 changes: 79 additions & 0 deletions security/nss/cmd/chktest/Makefile
@@ -0,0 +1,79 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****

#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################

include manifest.mn

#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/config.mk

#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################



#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################

include ../platlibs.mk

#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/rules.mk

#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################



#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################

include ../platrules.mk
76 changes: 76 additions & 0 deletions security/nss/cmd/chktest/chktest.c
@@ -0,0 +1,76 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kengert@redhat.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */

#include <stdio.h>
#include <stdlib.h>

#include "blapi.h"
#include "secutil.h"

static int Usage()
{
fprintf(stderr, "Usage: chktest <full-path-to-shared-library>\n");
fprintf(stderr, " Will test for valid chk file.\n");
fprintf(stderr, " Will print SUCCESS or FAILURE.\n");
exit(1);
}

int main(int argc, char **argv)
{
SECStatus rv = SECFailure;
PRBool good_result = PR_FALSE;

if (argc != 2)
return Usage();

rv = RNG_RNGInit();
if (rv != SECSuccess) {
SECU_PrintPRandOSError("");
return -1;
}
rv = BL_Init();
if (rv != SECSuccess) {
SECU_PrintPRandOSError("");
return -1;
}
RNG_SystemInfoForRNG();

good_result = BLAPI_SHVerifyFile(argv[1]);
printf("%s\n",
(good_result ? "SUCCESS" : "FAILURE"));
return (good_result) ? SECSuccess : SECFailure;
}
59 changes: 59 additions & 0 deletions security/nss/cmd/chktest/manifest.mn
@@ -0,0 +1,59 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../..

MODULE = nss

#REQUIRES = seccmd dbm softoken
REQUIRES = seccmd dbm

#INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken

PROGRAM = chktest

USE_STATIC_LIBS = 1

EXPORTS = \
$(NULL)

PRIVATE_EXPORTS = \
$(NULL)

CSRCS = \
chktest.c \
$(NULL)

1 change: 1 addition & 0 deletions security/nss/cmd/manifest.mn
Expand Up @@ -48,6 +48,7 @@ DIRS = lib \
certcgi \
certutil \
checkcert \
chktest \
crlutil \
crmftest \
dbtest \
Expand Down
5 changes: 5 additions & 0 deletions security/nss/lib/freebl/blapi.h
Expand Up @@ -1335,6 +1335,11 @@ extern void BL_Unload(void);
**************************************************************************/
PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);

/**************************************************************************
* Verify a given filename's signature *
**************************************************************************/
PRBool BLAPI_SHVerifyFile(const char *shName);

/**************************************************************************
* Verify Are Own Shared library signature *
**************************************************************************/
Expand Down
3 changes: 2 additions & 1 deletion security/nss/lib/freebl/ldvector.c
Expand Up @@ -286,7 +286,8 @@ static const struct FREEBLVectorStr vector =
SHA224_FlattenSize,
SHA224_Flatten,
SHA224_Resurrect,
SHA224_Clone
SHA224_Clone,
BLAPI_SHVerifyFile

/* End of Version 3.013 */
};
Expand Down
7 changes: 7 additions & 0 deletions security/nss/lib/freebl/loader.c
Expand Up @@ -1874,3 +1874,10 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src)
(vector->p_SHA224_Clone)(dest, src);
}

PRBool
BLAPI_SHVerifyFile(const char *name)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return PR_FALSE;
return vector->p_BLAPI_SHVerifyFile(name);
}
1 change: 1 addition & 0 deletions security/nss/lib/freebl/loader.h
Expand Up @@ -596,6 +596,7 @@ struct FREEBLVectorStr {
SECStatus (* p_SHA224_Flatten)(SHA224Context *cx,unsigned char *space);
SHA224Context * (* p_SHA224_Resurrect)(unsigned char *space, void *arg);
void (* p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
PRBool (*p_BLAPI_SHVerifyFile)(const char *name);
/* Version 3.013 came to here */

};
Expand Down
21 changes: 18 additions & 3 deletions security/nss/lib/freebl/shvfy.c
Expand Up @@ -307,8 +307,26 @@ readItem(PRFileDesc *fd, SECItem *item)
PRBool
BLAPI_SHVerify(const char *name, PRFuncPtr addr)
{
PRBool result = PR_FALSE; /* if anything goes wrong,
* the signature does not verify */
/* find our shared library name */
char *shName = PR_GetLibraryFilePathname(name, addr);
if (!shName) {
goto loser;
}
result = BLAPI_SHVerifyFile(shName);

loser:
if (shName != NULL) {
PR_Free(shName);
}

return result;
}

PRBool
BLAPI_SHVerifyFile(const char *shName)
{
char *checkName = NULL;
PRFileDesc *checkFD = NULL;
PRFileDesc *shFD = NULL;
Expand Down Expand Up @@ -468,9 +486,6 @@ BLAPI_SHVerify(const char *name, PRFuncPtr addr)


loser:
if (shName != NULL) {
PR_Free(shName);
}
if (checkName != NULL) {
PORT_Free(checkName);
}
Expand Down

0 comments on commit 9fcd2dc

Please sign in to comment.