1 --- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
2 +++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
3 @@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
4 size += PEM_ITEM_CHUNK;
15 AddCertificate(char *certfile, char *keyfile, PRBool cacert,
23 SECItem **objs = NULL;
24 char *ivstring = NULL;
27 - certDER.data = NULL;
28 nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
31 return CKR_GENERAL_ERROR;
34 /* For now load as many certs as are in the file for CAs only */
36 for (i = 0; i < nobjs; i++) {
38 objid = pem_nobjs + 1;
40 snprintf(nickname, 1024, "%s - %d", certfile, i);
42 o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
43 @@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
53 NSSCKMDInstance * mdInstance,
54 NSSCKFWInstance * fwInstance,
55 NSSUTF8 * configurationData
59 - /* parse the initialization string and initialize CRLInstances */
60 + /* parse the initialization string */
61 char **certstrings = NULL;
62 + char *modparms = NULL;
64 PRBool status, error = PR_FALSE;
66 + CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
68 + if (!fwInstance) return CKR_ARGUMENTS_BAD;
70 + modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
72 + ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
73 + return CKR_CANT_LOCK;
84 plog("pem_Initialize\n");
86 - unsigned char *modparms = NULL;
88 - return CKR_ARGUMENTS_BAD;
91 - CK_C_INITIALIZE_ARGS_PTR modArgs =
92 - NSSCKFWInstance_GetInitArgs(fwInstance);
93 if (!modArgs || !modArgs->LibraryParameters) {
96 - modparms = (unsigned char *) modArgs->LibraryParameters;
97 + modparms = (char *) modArgs->LibraryParameters;
98 plog("Initialized with %s\n", modparms);
101 * The initialization string format is a space-delimited file of
102 * pairs of paths which are delimited by a semi-colon. The first
103 * entry of the pair is the path to the certificate file. The
104 * second is the path to the key file.
106 * CA certificates do not need the semi-colon.
109 * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
113 - pem_ParseString((const char *) modparms, ' ', &numcerts,
114 + pem_ParseString(modparms, ' ', &numcerts,
116 if (status == PR_FALSE) {
117 return CKR_ARGUMENTS_BAD;
120 for (i = 0; i < numcerts && error != PR_TRUE; i++) {
121 char *cert = certstrings[i];
122 PRInt32 attrcount = 0;
123 char **certattrs = NULL;
124 status = pem_ParseString(cert, ';', &attrcount, &certattrs);
125 if (status == PR_FALSE) {