diff options
author | rrelyea%redhat.com <devnull@localhost> | 2008-03-14 20:37:21 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2008-03-14 20:37:21 +0000 |
commit | 2530c7af1a148dc8fc174e0dd03427d6c1d330b2 (patch) | |
tree | b5f4c59babc9a8afd67fe6b111a0c1b41efd3a54 | |
parent | 7740578cd3bf332308c2136ef6ac99c59b3d320d (diff) | |
download | nss-hg-2530c7af1a148dc8fc174e0dd03427d6c1d330b2.tar.gz |
Fix merge tinderbox failures (bug 391296)
r=slavo
-rw-r--r-- | security/nss/lib/pk11wrap/pk11sdr.c | 9 | ||||
-rw-r--r-- | security/nss/lib/softoken/sftkdb.c | 4 | ||||
-rwxr-xr-x | security/nss/tests/all.sh | 2 | ||||
-rwxr-xr-x | security/nss/tests/dbupgrade/dbupgrade.sh | 5 | ||||
-rwxr-xr-x | security/nss/tests/merge/merge.sh | 29 |
5 files changed, 33 insertions, 16 deletions
diff --git a/security/nss/lib/pk11wrap/pk11sdr.c b/security/nss/lib/pk11wrap/pk11sdr.c index 475a38fc9..61c112928 100644 --- a/security/nss/lib/pk11wrap/pk11sdr.c +++ b/security/nss/lib/pk11wrap/pk11sdr.c @@ -111,6 +111,7 @@ unpadBlock(SECItem *data, int blockSize, SECItem *result) { SECStatus rv = SECSuccess; int padLength; + int i; result->data = 0; result->len = 0; @@ -121,6 +122,14 @@ unpadBlock(SECItem *data, int blockSize, SECItem *result) padLength = data->data[data->len-1]; if (padLength > blockSize) { rv = SECFailure; goto loser; } + /* verify padding */ + for (i=data->len - padLength; i < data->len; i++) { + if (data->data[i] != padLength) { + rv = SECFailure; + goto loser; + } + } + result->len = data->len - padLength; result->data = (unsigned char *)PORT_Alloc(result->len); if (!result->data) { rv = SECFailure; goto loser; } diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index ea20cdd44..3714a8a98 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -2313,8 +2313,8 @@ sftk_DBInit(const char *configdir, const char *certPrefix, /* old dbs exist? */ && sftk_hasLegacyDB(updatedir, updCertPrefix, updKeyPrefix, 8, 3) /* and they have not yet been updated? */ - && (noKeyDB || !sftkdb_hasUpdate("key", keySDB, updateID)) - && (noCertDB || !sftkdb_hasUpdate("cert", certSDB, updateID)) ) { + && ((noKeyDB || !sftkdb_hasUpdate("key", keySDB, updateID)) + || (noCertDB || !sftkdb_hasUpdate("cert", certSDB, updateID)))) { /* we need to update */ confdir = updatedir; certPrefix = updCertPrefix; diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index 0c589b569..384c68bf1 100755 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -97,7 +97,7 @@ run_tests() done } -tests="cipher perf libpkix cert dbtests tools fips sdr crmf smime ssl ocsp" +tests="cipher perf libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge" if [ -z "$BUILD_LIBPKIX_TESTS" ] ; then tests=`echo "${tests}" | sed -e "s/libpkix//"` fi diff --git a/security/nss/tests/dbupgrade/dbupgrade.sh b/security/nss/tests/dbupgrade/dbupgrade.sh index 51b3ab2d2..c74d34297 100755 --- a/security/nss/tests/dbupgrade/dbupgrade.sh +++ b/security/nss/tests/dbupgrade/dbupgrade.sh @@ -65,6 +65,11 @@ dbupgrade_init() cd ${QADIR}/cert . ./cert.sh fi + + if [ ! -d ${HOSTDIR}/SDR ]; then # we also need sdr as well + cd ${QADIR}/sdr + . ./sdr.sh + fi SCRIPTNAME=dbupgrade.sh if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for diff --git a/security/nss/tests/merge/merge.sh b/security/nss/tests/merge/merge.sh index 5df18d482..a0ce9171c 100755 --- a/security/nss/tests/merge/merge.sh +++ b/security/nss/tests/merge/merge.sh @@ -58,6 +58,10 @@ merge_init() { SCRIPTNAME=merge.sh # sourced - $0 would point to all.sh + HAS_EXPLICIT_DB=0 + if [ ! -z "${NSS_DEFAULT_DB_TYPE}" ]; then + HAS_EXPLICIT_DB=1 + fi if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for @@ -125,12 +129,11 @@ merge_init() # if NSS_DEFAULT_DB_TYPE is sql, then test merge with sql # if NSS_DEFAULT_DB_TYPE is not set, then test database upgrade merge # from dbm databases (created above) into a new sql db. - if [ -z "${TEST_MODE}" ] && [ -z "${NSS_DEFAULT_DB_TYPE}" ]; then + if [ -z "${TEST_MODE}" ] && [ ${HAS_EXPLICIT_DB} -eq 0 ]; then echo "*** Using Standalone Upgrade DB mode" export NSS_DEFAULT_DB_TYPE=sql echo certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - #gdb `which certutil` - certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} + ${BINDIR}/certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} TEST_MODE=UPGRADE_DB fi @@ -150,7 +153,7 @@ merge_cmd() fi shift echo certutil ${MERGE_CMD} $* - ${PROFTOOL} certutil ${MERGE_CMD} $* + ${PROFTOOL} ${BINDIR}/certutil ${MERGE_CMD} $* } @@ -160,7 +163,7 @@ merge_main() # This will cause a colision with the SDR key in ../SDR. echo "$SCRIPTNAME: Creating an SDR key & Encrypt" echo "sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}" - ${PROFTOOL} sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE} + ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE} html_msg $? 0 "Creating SDR Key" # Now merge in Dave @@ -193,41 +196,41 @@ merge_main() html_msg $? 0 "Merging SDR" # insert a listing of the database into the log for diagonic purposes - certutil -L -d ${PROFILE} - crlutil -L -d ${PROFILE} + ${BINDIR}/certutil -L -d ${PROFILE} + ${BINDIR}/crlutil -L -d ${PROFILE} # Make sure we can decrypt with our original SDR key generated above echo "$SCRIPTNAME: Decrypt - With Original SDR Key" ${PROFTOOL} echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}" - sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE} + ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE} html_msg $? 0 "Decrypt - Value 3" # Make sure we can decrypt with our the SDR key merged in from ../SDR echo "$SCRIPTNAME: Decrypt - With Merged SDR Key" echo "sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}" - ${PROFTOOL} sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE} + ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE} html_msg $? 0 "Decrypt - Value 1" # Make sure we can sign with merge certificate echo "$SCRIPTNAME: Signing with merged key ------------------" echo "cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig" - ${PROFTOOL} cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig + ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig html_msg $? 0 "Create Detached Signature Dave" "." echo "cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} " - ${PROFTOOL} cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} + ${PROFTOOL} ${BINDIR}/cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} html_msg $? 0 "Verifying Dave's Detached Signature" # Make sure that trust objects were properly merged echo "$SCRIPTNAME: verifying merged cert ------------------" echo "certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}" - ${PROFTOOL} certutil -V -n ExtendedSSLUser -u C -d ${PROFILE} + ${PROFTOOL} ${BINDIR}/certutil -V -n ExtendedSSLUser -u C -d ${PROFILE} html_msg $? 0 "Verifying ExtendedSSL User Cert" # Make sure that the crl got properly copied in echo "$SCRIPTNAME: verifying merged crl ------------------" echo "crlutil -L -n TestCA -d ${PROFILE}" - ${PROFTOOL} crlutil -L -n TestCA -d ${PROFILE} + ${PROFTOOL} ${BINDIR}/crlutil -L -n TestCA -d ${PROFILE} html_msg $? 0 "Verifying TestCA CRL" } |