|
 |
ead03f |
From 31eddc5b70ff2158102af6c72849c3a500c4d002 Mon Sep 17 00:00:00 2001
|
|
|
ead03f |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
Date: Fri, 3 Aug 2018 15:05:22 +0200
|
|
|
ead03f |
Subject: [PATCH 1/5] pem_CreateObject: rewrite the conditions in the cert
|
|
|
ead03f |
search loop
|
|
|
ead03f |
|
|
|
ead03f |
... to make the code more readable. No changes in behavior are intended
|
|
|
ead03f |
by this commit.
|
|
|
ead03f |
|
|
|
ead03f |
Upstream-commit: 1d51c2337bc7156e3dfd7a8087ac4328f71174e3
|
|
|
ead03f |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
---
|
|
|
ead03f |
src/pobject.c | 27 +++++++++++++++------------
|
|
|
ead03f |
1 file changed, 15 insertions(+), 12 deletions(-)
|
|
|
ead03f |
|
|
|
ead03f |
diff --git a/src/pobject.c b/src/pobject.c
|
|
|
ead03f |
index e8891d0..c8539f2 100644
|
|
|
ead03f |
--- a/src/pobject.c
|
|
|
ead03f |
+++ b/src/pobject.c
|
|
|
ead03f |
@@ -1209,7 +1209,6 @@ pem_CreateObject
|
|
|
ead03f |
goto loser;
|
|
|
ead03f |
}
|
|
|
ead03f |
} else if (objClass == CKO_PRIVATE_KEY) {
|
|
|
ead03f |
- /* Brute force: find the id of the certificate, if any, in this slot */
|
|
|
ead03f |
int i;
|
|
|
ead03f |
SECItem certDER;
|
|
|
ead03f |
CK_SESSION_HANDLE hSession;
|
|
|
ead03f |
@@ -1222,24 +1221,28 @@ pem_CreateObject
|
|
|
ead03f |
certDER.len = 0; /* in case there is no equivalent cert */
|
|
|
ead03f |
certDER.data = NULL;
|
|
|
ead03f |
|
|
|
ead03f |
+ /* Brute force: find the id of the certificate, if any, in this slot */
|
|
|
ead03f |
objid = -1;
|
|
|
ead03f |
for (i = 0; i < pem_nobjs; i++) {
|
|
|
ead03f |
if (NULL == pem_objs[i])
|
|
|
ead03f |
continue;
|
|
|
ead03f |
|
|
|
ead03f |
- if ((slotID == pem_objs[i]->slotID) && (pem_objs[i]->type == pemCert)) {
|
|
|
ead03f |
- objid = atoi(pem_objs[i]->id.data);
|
|
|
ead03f |
- certDER.data =
|
|
|
ead03f |
- (void *) NSS_ZAlloc(NULL, pem_objs[i]->derCert->len);
|
|
|
ead03f |
+ if (slotID != pem_objs[i]->slotID)
|
|
|
ead03f |
+ continue;
|
|
|
ead03f |
|
|
|
ead03f |
- if (certDER.data == NULL)
|
|
|
ead03f |
- goto loser;
|
|
|
ead03f |
+ if (pem_objs[i]->type != pemCert)
|
|
|
ead03f |
+ continue;
|
|
|
ead03f |
|
|
|
ead03f |
- certDER.len = pem_objs[i]->derCert->len;
|
|
|
ead03f |
- memcpy(certDER.data,
|
|
|
ead03f |
- pem_objs[i]->derCert->data,
|
|
|
ead03f |
- pem_objs[i]->derCert->len);
|
|
|
ead03f |
- }
|
|
|
ead03f |
+ objid = atoi(pem_objs[i]->id.data);
|
|
|
ead03f |
+ certDER.data = NSS_ZAlloc(NULL, pem_objs[i]->derCert->len);
|
|
|
ead03f |
+
|
|
|
ead03f |
+ if (certDER.data == NULL)
|
|
|
ead03f |
+ goto loser;
|
|
|
ead03f |
+
|
|
|
ead03f |
+ certDER.len = pem_objs[i]->derCert->len;
|
|
|
ead03f |
+ memcpy(certDER.data,
|
|
|
ead03f |
+ pem_objs[i]->derCert->data,
|
|
|
ead03f |
+ pem_objs[i]->derCert->len);
|
|
|
ead03f |
}
|
|
|
ead03f |
|
|
|
ead03f |
/* We're just adding a key, we'll assume the cert is next */
|
|
|
ead03f |
--
|
|
|
ead03f |
2.17.1
|
|
|
ead03f |
|
|
|
ead03f |
|
|
|
ead03f |
From 476e1a7db2b35146db6c1fb5c0cd230f84778583 Mon Sep 17 00:00:00 2001
|
|
|
ead03f |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
Date: Fri, 3 Aug 2018 15:09:01 +0200
|
|
|
ead03f |
Subject: [PATCH 2/5] pem_CreateObject: fix memory leak in the cert search loop
|
|
|
ead03f |
|
|
|
ead03f |
If we search the array in reverse direction and stop on the first match,
|
|
|
ead03f |
we end up with the same results but without leaking certDER.data in each
|
|
|
ead03f |
iteration after the first match.
|
|
|
ead03f |
|
|
|
ead03f |
Upstream-commit: e85b6f903fa38a34672428be114741d397f17fe2
|
|
|
ead03f |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
---
|
|
|
ead03f |
src/pobject.c | 3 ++-
|
|
|
ead03f |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
ead03f |
|
|
|
ead03f |
diff --git a/src/pobject.c b/src/pobject.c
|
|
|
ead03f |
index c8539f2..34d0b5a 100644
|
|
|
ead03f |
--- a/src/pobject.c
|
|
|
ead03f |
+++ b/src/pobject.c
|
|
|
ead03f |
@@ -1223,7 +1223,7 @@ pem_CreateObject
|
|
|
ead03f |
|
|
|
ead03f |
/* Brute force: find the id of the certificate, if any, in this slot */
|
|
|
ead03f |
objid = -1;
|
|
|
ead03f |
- for (i = 0; i < pem_nobjs; i++) {
|
|
|
ead03f |
+ for (i = pem_nobjs - 1; 0 <= i; i--) {
|
|
|
ead03f |
if (NULL == pem_objs[i])
|
|
|
ead03f |
continue;
|
|
|
ead03f |
|
|
|
ead03f |
@@ -1243,6 +1243,7 @@ pem_CreateObject
|
|
|
ead03f |
memcpy(certDER.data,
|
|
|
ead03f |
pem_objs[i]->derCert->data,
|
|
|
ead03f |
pem_objs[i]->derCert->len);
|
|
|
ead03f |
+ break;
|
|
|
ead03f |
}
|
|
|
ead03f |
|
|
|
ead03f |
/* We're just adding a key, we'll assume the cert is next */
|
|
|
ead03f |
--
|
|
|
ead03f |
2.17.1
|
|
|
ead03f |
|
|
|
ead03f |
|
|
|
ead03f |
From dddc9331e35520b772b499475f5f2a67eeac8fef Mon Sep 17 00:00:00 2001
|
|
|
ead03f |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
Date: Fri, 3 Aug 2018 15:12:46 +0200
|
|
|
ead03f |
Subject: [PATCH 3/5] pem_CreateObject: check object ID in the cert search loop
|
|
|
ead03f |
|
|
|
ead03f |
We need to find a certificate that refers to the key being added,
|
|
|
ead03f |
which is not necessarily the last certificate added to the slot.
|
|
|
ead03f |
|
|
|
ead03f |
Bug: https://bugzilla.redhat.com/1610998
|
|
|
ead03f |
|
|
|
ead03f |
Upstream-commit: 5e6d9ce0d638eb6c9f25f31366960db2f8031716
|
|
|
ead03f |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
---
|
|
|
ead03f |
src/pobject.c | 6 +++++-
|
|
|
ead03f |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
ead03f |
|
|
|
ead03f |
diff --git a/src/pobject.c b/src/pobject.c
|
|
|
ead03f |
index 34d0b5a..918b327 100644
|
|
|
ead03f |
--- a/src/pobject.c
|
|
|
ead03f |
+++ b/src/pobject.c
|
|
|
ead03f |
@@ -1233,7 +1233,11 @@ pem_CreateObject
|
|
|
ead03f |
if (pem_objs[i]->type != pemCert)
|
|
|
ead03f |
continue;
|
|
|
ead03f |
|
|
|
ead03f |
- objid = atoi(pem_objs[i]->id.data);
|
|
|
ead03f |
+ if (atoi(pem_objs[i]->id.data) != pem_nobjs)
|
|
|
ead03f |
+ /* not a certificate that refers to the key being added */
|
|
|
ead03f |
+ continue;
|
|
|
ead03f |
+
|
|
|
ead03f |
+ objid = pem_nobjs;
|
|
|
ead03f |
certDER.data = NSS_ZAlloc(NULL, pem_objs[i]->derCert->len);
|
|
|
ead03f |
|
|
|
ead03f |
if (certDER.data == NULL)
|
|
|
ead03f |
--
|
|
|
ead03f |
2.17.1
|
|
|
ead03f |
|
|
|
ead03f |
|
|
|
ead03f |
From ed88392c385d7a8733891fb736e9b7456331b617 Mon Sep 17 00:00:00 2001
|
|
|
ead03f |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
Date: Fri, 3 Aug 2018 15:22:23 +0200
|
|
|
ead03f |
Subject: [PATCH 4/5] AddObjectIfNeeded: use a pointer to avoid code
|
|
|
ead03f |
duplication
|
|
|
ead03f |
|
|
|
ead03f |
No changes in behavior intended by this commit.
|
|
|
ead03f |
|
|
|
ead03f |
Upstream-commit: 0eafa24fdf0b54e5a63a76a7c63dc4000253c971
|
|
|
ead03f |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
---
|
|
|
ead03f |
src/pinst.c | 15 ++++++++-------
|
|
|
ead03f |
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
|
ead03f |
|
|
|
ead03f |
diff --git a/src/pinst.c b/src/pinst.c
|
|
|
ead03f |
index 5ac0ff3..c54cbe2 100644
|
|
|
ead03f |
--- a/src/pinst.c
|
|
|
ead03f |
+++ b/src/pinst.c
|
|
|
ead03f |
@@ -401,16 +401,17 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
|
|
|
ead03f |
|
|
|
ead03f |
/* first look for the object in pem_objs, it might be already there */
|
|
|
ead03f |
for (i = 0; i < pem_nobjs; i++) {
|
|
|
ead03f |
- if (NULL == pem_objs[i])
|
|
|
ead03f |
+ pemInternalObject *const curObj = pem_objs[i];
|
|
|
ead03f |
+ if (NULL == curObj)
|
|
|
ead03f |
continue;
|
|
|
ead03f |
|
|
|
ead03f |
/* Comparing DER encodings is dependable and frees the PEM module
|
|
|
ead03f |
* from having to require clients to provide unique nicknames.
|
|
|
ead03f |
*/
|
|
|
ead03f |
- if ((pem_objs[i]->objClass == objClass)
|
|
|
ead03f |
- && (pem_objs[i]->type == type)
|
|
|
ead03f |
- && (pem_objs[i]->slotID == slotID)
|
|
|
ead03f |
- && derEncodingsMatch(objClass, pem_objs[i], certDER, keyDER)) {
|
|
|
ead03f |
+ if ((curObj->objClass == objClass)
|
|
|
ead03f |
+ && (curObj->type == type)
|
|
|
ead03f |
+ && (curObj->slotID == slotID)
|
|
|
ead03f |
+ && derEncodingsMatch(objClass, curObj, certDER, keyDER)) {
|
|
|
ead03f |
|
|
|
ead03f |
/* While adding a client certificate we (wrongly?) assumed that the
|
|
|
ead03f |
* key object will follow right after the cert object. However, if
|
|
|
ead03f |
@@ -420,8 +421,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
|
|
|
ead03f |
LinkSharedKeyObject(pem_nobjs, i);
|
|
|
ead03f |
|
|
|
ead03f |
plog("AddObjectIfNeeded: re-using internal object #%i\n", i);
|
|
|
ead03f |
- pem_objs[i]->refCount ++;
|
|
|
ead03f |
- return pem_objs[i];
|
|
|
ead03f |
+ curObj->refCount ++;
|
|
|
ead03f |
+ return curObj;
|
|
|
ead03f |
}
|
|
|
ead03f |
}
|
|
|
ead03f |
|
|
|
ead03f |
--
|
|
|
ead03f |
2.17.1
|
|
|
ead03f |
|
|
|
ead03f |
|
|
|
ead03f |
From 9f0b5facee73afe5578e98010128a72236e6c370 Mon Sep 17 00:00:00 2001
|
|
|
ead03f |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
Date: Fri, 3 Aug 2018 16:00:50 +0200
|
|
|
ead03f |
Subject: [PATCH 5/5] AddObjectIfNeeded: update object ID while reusing a
|
|
|
ead03f |
certificate
|
|
|
ead03f |
|
|
|
ead03f |
... in case it refers to an object that has already been removed
|
|
|
ead03f |
|
|
|
ead03f |
Bug: https://bugzilla.redhat.com/1610998
|
|
|
ead03f |
|
|
|
ead03f |
Upstream-commit: e14465a1238dcf7364dc07a1438d24111ccad3b1
|
|
|
ead03f |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
ead03f |
---
|
|
|
ead03f |
src/pinst.c | 12 ++++++++++++
|
|
|
ead03f |
1 file changed, 12 insertions(+)
|
|
|
ead03f |
|
|
|
ead03f |
diff --git a/src/pinst.c b/src/pinst.c
|
|
|
ead03f |
index c54cbe2..25485b1 100644
|
|
|
ead03f |
--- a/src/pinst.c
|
|
|
ead03f |
+++ b/src/pinst.c
|
|
|
ead03f |
@@ -420,6 +420,18 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
|
|
|
ead03f |
*/
|
|
|
ead03f |
LinkSharedKeyObject(pem_nobjs, i);
|
|
|
ead03f |
|
|
|
ead03f |
+ if (CKO_CERTIFICATE == objClass) {
|
|
|
ead03f |
+ const int ref = atoi(curObj->id.data);
|
|
|
ead03f |
+ if (0 < ref && ref < pem_nobjs && !pem_objs[ref]) {
|
|
|
ead03f |
+ /* The certificate we are going to reuse refers to an
|
|
|
ead03f |
+ * object that has already been removed. Make it refer
|
|
|
ead03f |
+ * to the object that will be added next (private key).
|
|
|
ead03f |
+ */
|
|
|
ead03f |
+ NSS_ZFreeIf(curObj->id.data);
|
|
|
ead03f |
+ assignObjectID(curObj, pem_nobjs);
|
|
|
ead03f |
+ }
|
|
|
ead03f |
+ }
|
|
|
ead03f |
+
|
|
|
ead03f |
plog("AddObjectIfNeeded: re-using internal object #%i\n", i);
|
|
|
ead03f |
curObj->refCount ++;
|
|
|
ead03f |
return curObj;
|
|
|
ead03f |
--
|
|
|
ead03f |
2.17.1
|
|
|
ead03f |
|