pkgs/raven-rhel6
1
0
Fork 0
Code Issues Pull Requests Wiki Activity
raven-rhel6/nss-pem/0004-nss-pem-1.0.3-multi-encrypted-keys.patch

118 lines
3.6 KiB
Diff
Raw Normal View History

first commit
2024-02-21 20:14:44 +06:00
From b4279d5328b8746d7c87e24e196f31f99df06392 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 18 Jan 2023 16:20:28 +0100
Subject: [PATCH 1/3] pobject: logout when a new encrypted private key is
loaded
This forces CKFW to call pem_mdSession_Login() each time we load a new
encrypted private key into nss-pem. Otherwise it would be called only
for the first encrypted private key and an attempt to use the other keys
would fail later on with: `The key does not support the requested
operation.`
Bug: https://bugzilla.redhat.com/2121064
Upstream-commit: 25312ae55da718690fb68a13cfc709efcab17162
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/pobject.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pobject.c b/src/pobject.c
index a86640e..bd9d330 100644
--- a/src/pobject.c
+++ b/src/pobject.c
@@ -1267,6 +1267,7 @@ pem_CreateObject
/* FIXME: dirty hack relying on NSS internals */
CK_SESSION_HANDLE hSession =
NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession);
+ NSSCKFWC_Logout(fwInstance, hSession);
NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession);
} else {
*pError = CKR_KEY_UNEXTRACTABLE;
--
2.39.2
From d85beb202c9fd6d976f8dced54b32b994a0f8181 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 18 Jan 2023 16:28:30 +0100
Subject: [PATCH 2/3] psession: find the key to decrypt in reverse order
If we attempt to decrypt a key that is already decrypted, curl fails
with a misleading error: `Unable to load client key: Incorrect
password`.
In practice, we usually want to decrypt the key that was loaded the last
time. Reversing the order of search through the global array makes
nss-pem work in a scenario where 2 distinct encrypted private keys are
used.
Bug: https://bugzilla.redhat.com/2121064
Upstream-commit: b29f61b52ef622c071b0451255a84b081511bc7b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/psession.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/psession.c b/src/psession.c
index 13a5e5d..1aebd81 100644
--- a/src/psession.c
+++ b/src/psession.c
@@ -256,7 +256,7 @@ pem_mdSession_Login
token_needsLogin[slotID - 1] = PR_FALSE;
/* Find the right key object */
- list_for_each_entry(curObj, &pem_objs, gl_list) {
+ list_for_each_entry_reverse(curObj, &pem_objs, gl_list) {
if ((slotID == curObj->slotID) && (curObj->type == pemBareKey)) {
io = curObj;
break;
--
2.39.2
From f1087f6ab4e6514c0dbc8cfa320ca207bfa78f7b Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 16 Feb 2023 15:55:15 +0100
Subject: [PATCH 3/3] pobject: include <nssckfwc.h> to avoid implicit function
declaration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
```
src/pobject.c: In function pem_CreateObject:
src/pobject.c:1249:13: warning: implicit declaration of function NSSCKFWC_Logout [-Wimplicit-function-declaration]
1249 | NSSCKFWC_Logout(fwInstance, hSession);
| ^~~~~~~~~~~~~~~
```
This is a follow-up commit to nss-pem-1.0.8-5-g25312ae which introduced
the warning.
Closes: https://github.com/kdudka/nss-pem/pull/15
Upstream-commit: 9e160fce7a3aa0e6167400b0dc5cbb7f400585c1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/pobject.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pobject.c b/src/pobject.c
index bd9d330..1d918dd 100644
--- a/src/pobject.c
+++ b/src/pobject.c
@@ -46,6 +46,7 @@
#include <blapi.h>
#include <certt.h>
+#include <nssckfwc.h>
#include <pk11pub.h>
#include <secasn1.h>
--
2.39.2
Reference in New Issue Copy Permalink