rpms/crypto-utils/devel keyutil.c,1.13,1.14
Elio Maldonado
emaldonado at fedoraproject.org
Fri Feb 20 23:01:05 UTC 2009
Author: emaldonado
Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14942
Modified Files:
keyutil.c
Log Message:
Fix so the encoded cert and key can be written out on cert generation
Index: keyutil.c
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/keyutil.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- keyutil.c 29 Jan 2009 22:22:17 -0000 1.13
+++ keyutil.c 20 Feb 2009 23:00:35 -0000 1.14
@@ -5,16 +5,16 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
+
In addition, as a special exception, Red Hat, Inc. gives permission
to link the code of this program with the OpenSSL library (or with
modified versions of OpenSSL that use the same license as OpenSSL),
@@ -72,9 +72,9 @@
*
* Key generation, encryption, and certificate utility code based on
* on code from NSS's security utilities and the certutil application.
- * Pem file key and certificate loading code based on code from the
+ * Pem file key and certificate loading code based on code from the
* NSS-enabled libcurl.
- * Elio Maldonado <emaldona at redhat.com>
+ * Elio Maldonado <emaldona at redhat.com>
*
*/
#include <stdio.h>
@@ -206,7 +206,7 @@
static certutilExtnList keyutil_extns;
-static void
+static void
Usage(char *progName)
{
fprintf(stderr, "Usage: %s [options] arguments\n", progName);
@@ -293,10 +293,10 @@
* @param nickname the certificate niskanme
*/
static SECStatus loadCert(
- PK11SlotInfo *slot,
+ PK11SlotInfo *slot,
PRBool cacert,
const char *certfile,
- const char *nickname)
+ const char *nickname)
{
SECStatus rv = SECSuccess;
PK11GenericObject *genericObjCert;
@@ -345,12 +345,12 @@
} else {
rv = SECSuccess;
}
-
+
} while (0);
-
+
if (cert)
CERT_DestroyCertificate(cert);
-
+
return rv;
}
@@ -364,10 +364,10 @@
* @param nickname the nickname of the matching certificate
*/
static SECStatus loadKey(
- PK11SlotInfo *slot,
- const char *keyfile,
+ PK11SlotInfo *slot,
+ const char *keyfile,
const char *nickname,
- secuPWData *pwdata)
+ secuPWData *pwdata)
{
SECStatus rv = SECSuccess;
CK_ATTRIBUTE *attrs = NULL;
@@ -421,19 +421,19 @@
GEN_BREAK(SECFailure);
}
rv = SECSuccess;
-
+
} while (0);
-
+
if (cert)
CERT_DestroyCertificate(cert);
-
+
return rv;
}
/*
- * Loads the certificate and private key from the specified files into
+ * Loads the certificate and private key from the specified files into
* the PEM the module at the specified slot.
- *
+ *
* @param slot the slot to load into
* @param certfile the certificate file
* @param nickname the certificate nickname
@@ -442,34 +442,34 @@
*/
static SECStatus
loadCertAndKey(
- PK11SlotInfo *slot,
+ PK11SlotInfo *slot,
PRBool cacert,
- const char *certfile,
+ const char *certfile,
const char *nickname,
const char *keyfile,
secuPWData *pwdata)
{
SECStatus rv = SECSuccess;
-
- /*
- * Load the certificate first
+
+ /*
+ * Load the certificate first
*/
rv = loadCert(slot, cacert, certfile, nickname);
if (rv != SECSuccess) return rv;
-
- /*
+
+ /*
* Load the private key next
*/
rv = loadKey(slot, keyfile, nickname, pwdata);
-
+
return rv;
}
/*
* Extract the public and private keys and the subject
- * distinguished from the cert with the given nickname
+ * distinguished from the cert with the given nickname
* in the given slot.
- *
+ *
* @param nickname the certificate nickname
* @param slot the slot where keys it was loaded
* @param pwdat module authentication password
@@ -487,13 +487,13 @@
{
SECStatus rv = SECSuccess;
CERTCertificate *cert = NULL;
-
+
do {
cert = PK11_FindCertFromNickname((char *)nickname, NULL);
if (!cert) {
GEN_BREAK(SECFailure);
}
-
+
*pubkey = CERT_ExtractPublicKey(cert);
if (!*pubkey) {
SECU_PrintError(progName,
@@ -518,7 +518,7 @@
assert(((*privkey)->keyType) == rsaKey);
*subject = CERT_AsciiToName(cert->subjectName);
-
+
if (!*subject) {
SECU_PrintError(progName,
"Improperly formatted name: \"%s\"\n",
@@ -527,7 +527,7 @@
}
rv = SECSuccess;
} while (0);
-
+
if (cert)
CERT_DestroyCertificate(cert);
return rv;
@@ -553,14 +553,14 @@
if (arena == NULL) {
GEN_BREAK(SECFailure);
}
-
+
rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii);
if (rv) {
GEN_BREAK(rv);
}
certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc
(arena, sizeof(CERTCertificateRequest));
- if (!certReq) {
+ if (!certReq) {
GEN_BREAK(SECFailure);
}
certReq->arena = arena;
@@ -569,17 +569,17 @@
data
*/
PORT_Memset(&signedData, 0, sizeof(signedData));
- rv = SEC_ASN1DecodeItem(arena, &signedData,
+ rv = SEC_ASN1DecodeItem(arena, &signedData,
SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER);
if (rv) {
GEN_BREAK(rv);
}
- rv = SEC_ASN1DecodeItem(arena, certReq,
+ rv = SEC_ASN1DecodeItem(arena, certReq,
SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
if (rv) {
GEN_BREAK(rv);
}
- rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
+ rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
&certReq->subjectPublicKeyInfo, NULL /* wincx */);
} while (0);
@@ -600,7 +600,7 @@
static SECStatus
CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
- SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii,
+ SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii,
const char *emailAddrs, const char *dnsNames,
certutilExtnList extnList,
PRFileDesc *outFile)
@@ -621,7 +621,7 @@
SECU_PrintError(progName, "unable to create subject public key");
return SECFailure;
}
-
+
/* Generate certificate request */
cr = CERT_CreateCertificateRequest(subject, spki, NULL);
if (!cr) {
@@ -634,7 +634,7 @@
SECU_PrintError(progName, "out of memory");
return SECFailure;
}
-
+
extHandle = CERT_StartCertificateRequestAttributes(cr);
if (extHandle == NULL) {
PORT_FreeArena (arena, PR_FALSE);
@@ -662,7 +662,7 @@
SECU_PrintError(progName, "unknown Key or Hash type");
return SECFailure;
}
- rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len,
+ rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len,
privk, signAlgTag);
if (rv) {
SECU_PrintError(progName, "signing of data failed");
@@ -704,7 +704,7 @@
country = CERT_GetCountryName(subject);
if (!country)
country = strdup("(not specified)");
-
+
PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER);
numBytes = PR_Write(outFile, obuf, total);
if (numBytes != total) {
@@ -725,8 +725,8 @@
static CERTCertificate *
MakeV1Cert(CERTCertDBHandle *handle,
CERTCertificateRequest *req,
- char *issuerNickName,
- PRBool selfsign,
+ char *issuerNickName,
+ PRBool selfsign,
unsigned int serialNumber,
int warpmonths,
int validityMonths)
@@ -759,22 +759,22 @@
/* note that the time is now in micro-second unit */
validity = CERT_CreateValidity (now, after);
if (validity) {
- cert = CERT_CreateCertificate(serialNumber,
- (selfsign ? &req->subject
- : &issuerCert->subject),
+ cert = CERT_CreateCertificate(serialNumber,
+ (selfsign ? &req->subject
+ : &issuerCert->subject),
validity, req);
-
+
CERT_DestroyValidity(validity);
}
if ( issuerCert ) {
CERT_DestroyCertificate (issuerCert);
}
-
+
return(cert);
}
static SECItem *
-SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
+SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
SECOidTag hashAlgTag,
SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg)
{
@@ -801,7 +801,7 @@
return NULL;
}
}
-
+
arena = cert->arena;
algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag);
@@ -854,13 +854,13 @@
static SECStatus
CreateCert(
CERTCertDBHandle *handle,
- char *issuerNickName,
+ char *issuerNickName,
PRFileDesc *inFile,
- PRFileDesc *outFile,
+ PRFileDesc *outFile,
SECKEYPrivateKey *selfsignprivkey,
void *pwarg,
SECOidTag hashAlgTag,
- unsigned int serialNumber,
+ unsigned int serialNumber,
int warpmonths,
int validityMonths,
const char *emailAddrs,
@@ -885,7 +885,7 @@
if (!arena) {
GEN_BREAK (SECFailure);
}
-
+
/* Create a certrequest object from the input cert request der */
certReq = GetCertRequest(inFile, ascii);
if (certReq == NULL) {
@@ -897,17 +897,17 @@
if (subjectCert == NULL) {
GEN_BREAK (SECFailure)
}
-
+
extHandle = CERT_StartCertExtensions (subjectCert);
if (extHandle == NULL) {
GEN_BREAK (SECFailure)
}
-
+
rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList);
if (rv != SECSuccess) {
GEN_BREAK (SECFailure)
}
-
+
if (certReq->attributes != NULL &&
certReq->attributes[0] != NULL &&
certReq->attributes[0]->attrType.data != NULL &&
@@ -929,8 +929,8 @@
if (certDER) {
if (ascii) {
- PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER,
- BTOA_DataToAscii(certDER->data, certDER->len),
+ PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER,
+ BTOA_DataToAscii(certDER->data, certDER->len),
NS_CERT_TRAILER);
} else {
PR_Write(outFile, certDER->data, certDER->len);
@@ -938,7 +938,7 @@
}
} while (0);
-
+
CERT_DestroyCertificateRequest(certReq);
PORT_FreeArena (arena, PR_FALSE);
if (rv == SECSuccess) {
@@ -950,7 +950,7 @@
if (subjectCert)
CERT_DestroyCertificate (subjectCert);
}
-
+
return (rv);
}
@@ -1045,7 +1045,7 @@
return rv;
}
-static SECStatus
+static SECStatus
CERTUTIL_FileForRNG(const char *noise)
{
char buf[2048];
@@ -1070,11 +1070,11 @@
}
SECKEYPrivateKey *
-GenerateRSAPrivateKey(KeyType keytype,
+GenerateRSAPrivateKey(KeyType keytype,
PK11SlotInfo *slot,
int rsasize,
int publicExponent,
- char *noise,
+ char *noise,
SECKEYPublicKey **pubkeyp,
secuPWData *pwdata)
{
@@ -1115,23 +1115,23 @@
privKey = PK11_GenerateKeyPair(slot,
mechanism, &rsaparams, pubkeyp,
- PR_FALSE /* isPerm */,
- PR_TRUE /* isSensitive*/,
+ PR_FALSE /* isPerm */,
+ PR_TRUE /* isSensitive*/,
pwdata /* wincx */
);
-
+
assert(privKey);
assert(pubkeyp);
return privKey;
}
-/*
- * Decrypt the private key
+/*
+ * Decrypt the private key
*/
SECStatus DecryptKey(
SECKEYEncryptedPrivateKeyInfo *epki,
SECOidTag algTag,
- SECItem *pwitem,
+ SECItem *pwitem,
secuPWData *pwdata,
SECItem *derPKI)
{
@@ -1143,19 +1143,19 @@
if (!pwitem) {
return SEC_ERROR_INVALID_ARGS;
}
-
+
do {
SECAlgorithmID algid = epki->algorithm;
CK_MECHANISM_TYPE cryptoMechType;
CK_MECHANISM cryptoMech;
CK_ATTRIBUTE_TYPE operation = CKA_DECRYPT;
PK11SlotInfo *slot = NULL;
-
+
cryptoMechType = PK11_GetPBECryptoMechanism(&algid, &cryptoParam, pwitem);
if (cryptoMechType == CKM_INVALID_MECHANISM) {
ERROR_BREAK;
}
-
+
cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType);
cryptoMech.pParameter = cryptoParam ? cryptoParam->data : NULL;
cryptoMech.ulParameterLen = cryptoParam ? cryptoParam->len : 0;
@@ -1164,7 +1164,7 @@
if (!slot) {
ERROR_BREAK;
}
-
+
symKey = PK11_PBEKeyGen(slot, &algid, pwitem, PR_FALSE, pwdata);
if (symKey == NULL) {
ERROR_BREAK;
@@ -1174,21 +1174,21 @@
if (ctx == NULL) {
ERROR_BREAK;
}
-
+
rv = PK11_CipherOp(ctx,
derPKI->data, /* out */
(int *)(&derPKI->len), /* out len */
(int)epki->encryptedData.len, /* max out */
epki->encryptedData.data, /* in */
(int)epki->encryptedData.len); /* in len */
-
+
assert(derPKI->len == epki->encryptedData.len);
assert(rv == SECSuccess);
rv = PK11_Finalize(ctx);
assert(rv == SECSuccess);
-
+
} while (0);
-
+
/* cleanup */
if (symKey) {
PK11_FreeSymKey(symKey);
@@ -1200,7 +1200,7 @@
if (ctx) {
PK11_DestroyContext(ctx, PR_TRUE);
}
-
+
return rv;
}
@@ -1215,20 +1215,20 @@
secuPWData *pwdata,
PRBool ascii)
{
-
+
#define RAND_PASS_LEN 6
-
+
PRFileDesc *keyOutFile = NULL;
PRUint32 total = 0;
PRUint32 numBytes = 0;
- SECItem *derEPKI = NULL;
- SECItem derPKI = { 0, NULL, 0 };
+ SECItem *encryptedKeyDER = NULL;
+ SECItem clearKeyDER = { 0, NULL, 0 };
SECItem pwitem = { 0, NULL, 0 };
PRArenaPool *arenaForEPKI = NULL;
PLArenaPool *arenaForPKI = NULL;
SECKEYEncryptedPrivateKeyInfo *epki = NULL;
unsigned char randomPassword[RAND_PASS_LEN];
-
+
int rv = SECSuccess;
do {
@@ -1248,7 +1248,7 @@
pwitem.len = RAND_PASS_LEN;
pwitem.type = siBuffer;
}
-
+
keyOutFile = PR_Open(keyoutfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660);
if (!keyOutFile) {
SECU_PrintError(progName, "Unable to open \"%s\" for writing\n", keyoutfile);
@@ -1262,100 +1262,102 @@
SECU_PrintError(progName, "Can't export private key info (%d)\n", rv);
GEN_BREAK(rv);
}
-
+
arenaForEPKI = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
assert(arenaForEPKI);
-
+
if (keyEncPwd) {
/* NULL dest to let it allocate memory for us */
- derEPKI = SEC_ASN1EncodeItem(arenaForEPKI, NULL, epki,
+ encryptedKeyDER = SEC_ASN1EncodeItem(arenaForEPKI, NULL, epki,
SECKEY_EncryptedPrivateKeyInfoTemplate);
- if (!derEPKI) {
+ if (!encryptedKeyDER) {
rv = PR_GetError();
SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
SECU_Strerror(rv));
GEN_BREAK(rv);
}
-
+
} else {
/* Make a decrypted key the one to write out. */
-
+
arenaForPKI = PORT_NewArena(2048);
if (!arenaForPKI) {
GEN_BREAK(PR_OUT_OF_MEMORY_ERROR);
}
- derPKI.data = PORT_ArenaAlloc(arenaForPKI, epki->encryptedData.len);
- derPKI.len = epki->encryptedData.len;
- derPKI.type = siBuffer;
+ clearKeyDER.data = PORT_ArenaAlloc(arenaForPKI, epki->encryptedData.len);
+ clearKeyDER.len = epki->encryptedData.len;
+ clearKeyDER.type = siBuffer;
- rv = DecryptKey(epki, algTag, &pwitem, pwdata, &derPKI);
- if (rv) {
+ rv = DecryptKey(epki, algTag, &pwitem, pwdata, &clearKeyDER);
+ if (rv != SECSuccess) {
GEN_BREAK(rv);
}
}
-
+
if (ascii) {
/* we could be exporting a clear or encrypted key */
- SECItem *src = keyEncPwd ? derEPKI : &derPKI;
+ SECItem *src = keyEncPwd ? encryptedKeyDER : &clearKeyDER;
char *header = keyEncPwd ? ENCRYPTED_KEY_HEADER : KEY_HEADER;
char *trailer = keyEncPwd ? ENCRYPTED_KEY_TRAILER : KEY_TRAILER;
char *b64 = NULL;
do {
-
+
b64 = BTOA_ConvertItemToAscii(src);
- if (b64)
- break;
-
+ if (!b64) {
+ rv = 255;
+ GEN_BREAK(rv);
+ }
+
total = PL_strlen(b64);
-
+
PR_fprintf(keyOutFile, "%s\n", header);
-
+
numBytes = PR_Write(keyOutFile, b64, total);
-
+
if (numBytes != total) {
printf("Wrote %d bytes, instead of %d\n", numBytes, total);
break;
}
PR_fprintf(keyOutFile, "\n%s\n", trailer);
-
+
} while (0);
-
+
if (b64) {
PORT_Free(b64);
}
-
+
} else {
if (keyEncPwd) {
/* Write out the encrypted key */
- numBytes = PR_Write(keyOutFile, derEPKI, derEPKI->len);
+ numBytes = PR_Write(keyOutFile, encryptedKeyDER, encryptedKeyDER->len);
} else {
/* Write out the unencrypted key */
- numBytes = PR_Write(keyOutFile, &derPKI, derPKI.len);
- if (numBytes != derEPKI->len) {
- printf("Wrote %d bytes, instead of %d\n", numBytes, derPKI.len);
+ numBytes = PR_Write(keyOutFile, &clearKeyDER, clearKeyDER.len);
+ if (numBytes != clearKeyDER.len) {
+ printf("Wrote %d bytes, instead of %d\n", numBytes, clearKeyDER.len);
}
}
}
-
- printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile);
- /* can we read it and reverse operations */
-
+
+ if (rv == SECSuccess)
+ printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile);
+
} while (0);
-
+
if (keyOutFile) {
PR_Close(keyOutFile);
}
-
+
if (arenaForEPKI) {
PORT_FreeArena(arenaForEPKI, PR_FALSE);
}
-
+
if (arenaForPKI) {
PORT_FreeArena(arenaForPKI, PR_FALSE);
}
-
+
if (!keyEncPwd) {
/* paranoia, though stack-based object we clear it anyway */
memset(randomPassword, 0, RAND_PASS_LEN);
@@ -1366,7 +1368,7 @@
}
memset(&pwitem, 0, sizeof(SECItem));
}
-
+
return rv;
}
@@ -1402,7 +1404,7 @@
SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
PRBool doCert = certfile != NULL;
int rv;
-
+
if (access_pwd_file) {
pwdata.source = PW_FROMFILE;
pwdata.data = (char *)access_pwd_file;
@@ -1422,7 +1424,7 @@
char nickname[256];
CERTCertificate *keycert = NULL;
const char *n = cert_to_renew;
-
+
/* Remove the path part */
n = strrchr(cert_to_renew, '/');
if (!n)
@@ -1438,7 +1440,7 @@
rv = 255;
goto shutdown;
}
-
+
rv = loadCertAndKey(slot, cacert,
cert_to_renew, nickname, input_key_file,
&pwdata);
@@ -1447,7 +1449,7 @@
SECU_PrintError(progName, "Can't load the key or cert, bailing out\n");
goto shutdown;
}
-
+
rv = extractRSAKeysAndSubject(nickname,
slot, &pwdata, &privkey, &pubkey, &subject);
if (rv != SECSuccess) {
@@ -1468,11 +1470,17 @@
* This is a certificate signing request for a new cert,
* will generate a key pair
*/
+
+ if (!subjectstr) {
+ SECU_PrintError(progName, "subject string was NULL\n");
+ rv = 255;
+ goto shutdown;
+ }
slot = PK11_GetInternalKeySlot(); /* PK11_GetInternalSlot() ? */
privkey = GenerateRSAPrivateKey(keytype, slot,
keysize, 65537L, (char *)noisefile, &pubkey, &pwdata);
-
+
if (!privkey) {
SECU_PrintError(progName,
"Keypair generation failed: \"%d\"\n", PORT_GetError());
@@ -1480,11 +1488,6 @@
goto shutdown;
}
- if (!subjectstr) {
- SECU_PrintError(progName, "subject string was NULL\n");
- rv = 255;
- goto shutdown;
- }
subject = CERT_AsciiToName((char *)subjectstr);
if (!subject) {
SECU_PrintError(progName,
@@ -1524,7 +1527,7 @@
keyutil_extns[ext_inhibitAnyPolicy] = PR_FALSE;
hashAlgTag = SEC_OID_MD5;
-
+
/* Make a cert request */
rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject,
NULL, /* PhoneNumber */
@@ -1533,7 +1536,7 @@
NULL, /* ExtendedDNSNames */
keyutil_extns, /* keyutil_extns */
outFile);
-
+
PR_Close(outFile);
if (rv) {
SECU_PrintError(progName ? progName : "keyutil",
@@ -1543,22 +1546,21 @@
}
if (doCert) {
-
+
/* If making a cert, we already have a cert request file.
* without any extensions, load it with any command line extensions
* and output the cert to other file. Delete the request file.
*/
PRFileDesc *inFile = NULL;
unsigned int serialNumber;
-
+
/* Make a default serial number from the current time. */
PRTime now = PR_Now();
LL_USHR(now, now, 19);
LL_L2UI(serialNumber, now);
-
+
privkey->wincx = &pwdata;
- PR_Close(outFile);
-
+
inFile = PR_Open(certreqfile, PR_RDONLY, 0);
assert(inFile);
if (!inFile) {
@@ -1567,7 +1569,7 @@
rv = SECFailure;
goto shutdown;
}
-
+
outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660);
if (!outFile) {
SECU_PrintError(progName, "Failed to open file \"%s\" (%ld, %ld).\n",
@@ -1575,11 +1577,11 @@
rv = SECFailure;
goto shutdown;
}
-
+
/* Create a certificate (-C or -S). */
-
+
/* issuerName == subject */
- rv = CreateCert(certHandle,
+ rv = CreateCert(certHandle,
"tempnickname", inFile, outFile,
privkey, &pwdata, hashAlgTag,
serialNumber, warpmonths, validityMonths,
@@ -1598,7 +1600,7 @@
printf("Created a certificate\n");
/* Sanity check: Check cert validity against current time. */
-
+
/* for fips - must log in to get private key */
if (slot && PK11_NeedLogin(slot)) {
SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
@@ -1655,8 +1657,8 @@
/* $Id$ */
/* Key generation, encryption, and certificate utility code, based on
- * code from NSS's security utilities and the certutil application.
- * Elio Maldonado <emaldona at redhat.com>
+ * code from NSS's security utilities and the certutil application.
+ * Elio Maldonado <emaldona at redhat.com>
*/
@@ -1682,7 +1684,7 @@
SECStatus status = 0;
CommandType cmd = cmd_CertReq;
PRBool initialized = PR_FALSE;
-
+
while ((optc = getopt_long(argc, argv, "atc:rs:g:v:e:f:d:z:i:p:o:k:h", options, NULL)) != -1) {
switch (optc) {
case 'a':
@@ -1760,10 +1762,10 @@
break;
}
}
-
+
/* Initialize NSPR and NSS. */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-
+
status = NSS_NoDB_Init(NULL);
if (status != SECSuccess ) {
printf("NSS initialization failed\n");
@@ -1772,7 +1774,7 @@
if (cert_to_renew) {
char *configstring = NULL;
/* Load our PKCS#11 module */
- configstring = (char *)malloc(4096);
+ configstring = (char *)malloc(4096);
PR_snprintf(configstring, 4096,
"library=%s name=PEM parameters=\"\"", pem_library);
mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
@@ -1791,10 +1793,10 @@
}
}
initialized = PR_TRUE;
-
+
certHandle = CERT_GetDefaultCertDB();
assert(certHandle);
-
+
switch (cmd) {
case cmd_CertReq:
/* certfile NULL signals only the request is needed */
More information about the scm-commits
mailing list