pkgs/raven-rhel6
1
0
Fork 0
Code Issues Pull Requests Wiki Activity
raven-rhel6/nss-pem/0004-nss-pem-1.0.3-multi-encrypted-keys.patch
Raven 8e3477b473 first commit
2024-02-21 20:14:44 +06:00

118 lines
3.6 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From b4279d5328b8746d7c87e24e196f31f99df06392 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 18 Jan 2023 16:20:28 +0100
Subject: [PATCH 1/3] pobject: logout when a new encrypted private key is
loaded
This forces CKFW to call pem_mdSession_Login() each time we load a new
encrypted private key into nss-pem. Otherwise it would be called only
for the first encrypted private key and an attempt to use the other keys
would fail later on with: `The key does not support the requested
operation.`
Bug: https://bugzilla.redhat.com/2121064
Upstream-commit: 25312ae55da718690fb68a13cfc709efcab17162
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/pobject.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pobject.c b/src/pobject.c
index a86640e..bd9d330 100644
--- a/src/pobject.c
+++ b/src/pobject.c
@@ -1267,6 +1267,7 @@ pem_CreateObject
/* FIXME: dirty hack relying on NSS internals */
CK_SESSION_HANDLE hSession =
NSSCKFWInstance_FindSessionHandle(fwInstance, fwSession);
+ NSSCKFWC_Logout(fwInstance, hSession);
NSSCKFWInstance_DestroySessionHandle(fwInstance, hSession);
} else {
*pError = CKR_KEY_UNEXTRACTABLE;
--
2.39.2
From d85beb202c9fd6d976f8dced54b32b994a0f8181 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 18 Jan 2023 16:28:30 +0100
Subject: [PATCH 2/3] psession: find the key to decrypt in reverse order
If we attempt to decrypt a key that is already decrypted, curl fails
with a misleading error: `Unable to load client key: Incorrect
password`.
In practice, we usually want to decrypt the key that was loaded the last
time. Reversing the order of search through the global array makes
nss-pem work in a scenario where 2 distinct encrypted private keys are
used.
Bug: https://bugzilla.redhat.com/2121064
Upstream-commit: b29f61b52ef622c071b0451255a84b081511bc7b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/psession.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/psession.c b/src/psession.c
index 13a5e5d..1aebd81 100644
--- a/src/psession.c
+++ b/src/psession.c
@@ -256,7 +256,7 @@ pem_mdSession_Login
token_needsLogin[slotID - 1] = PR_FALSE;
/* Find the right key object */
- list_for_each_entry(curObj, &pem_objs, gl_list) {
+ list_for_each_entry_reverse(curObj, &pem_objs, gl_list) {
if ((slotID == curObj->slotID) && (curObj->type == pemBareKey)) {
io = curObj;
break;
--
2.39.2
From f1087f6ab4e6514c0dbc8cfa320ca207bfa78f7b Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 16 Feb 2023 15:55:15 +0100
Subject: [PATCH 3/3] pobject: include <nssckfwc.h> to avoid implicit function
declaration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
```
src/pobject.c: In function pem_CreateObject:
src/pobject.c:1249:13: warning: implicit declaration of function NSSCKFWC_Logout [-Wimplicit-function-declaration]
1249 | NSSCKFWC_Logout(fwInstance, hSession);
| ^~~~~~~~~~~~~~~
```
This is a follow-up commit to nss-pem-1.0.8-5-g25312ae which introduced
the warning.
Closes: https://github.com/kdudka/nss-pem/pull/15
Upstream-commit: 9e160fce7a3aa0e6167400b0dc5cbb7f400585c1
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/pobject.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pobject.c b/src/pobject.c
index bd9d330..1d918dd 100644
--- a/src/pobject.c
+++ b/src/pobject.c
@@ -46,6 +46,7 @@
#include <blapi.h>
#include <certt.h>
+#include <nssckfwc.h>
#include <pk11pub.h>
#include <secasn1.h>
--
2.39.2
Reference in New Issue View Git Blame Copy Permalink