From e10349ab8dda8a3f11be6aa19f2b6e29fe814044 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Fri, 23 Feb 2018 11:04:39 +0100 Subject: Update NSS to 3.35-RTM --- security/nss/cmd/modutil/error.h | 6 ++++-- security/nss/cmd/modutil/install-ds.c | 3 +-- security/nss/cmd/modutil/modutil.c | 2 +- security/nss/cmd/modutil/modutil.h | 1 + security/nss/cmd/modutil/pk11.c | 35 ++++++++++++++++++++++++++++++++++- 5 files changed, 41 insertions(+), 6 deletions(-) (limited to 'security/nss/cmd/modutil') diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h index b328afebc..d9f06592f 100644 --- a/security/nss/cmd/modutil/error.h +++ b/security/nss/cmd/modutil/error.h @@ -57,6 +57,7 @@ typedef enum { UNSPECIFIED_ERR, NOCERTDB_MISUSE_ERR, NSS_INITIALIZE_FAILED_ERR, + INITPW_FAILED_ERR, LAST_ERR /* must be last */ } Error; @@ -109,8 +110,9 @@ static char *errStrings[] = { "ERROR: Failed to change default.\n", "ERROR: Unable to read from standard input.\n", "ERROR: Unknown error occurred.\n", - "ERROR: -nocertdb option can only be used with the -jar command.\n" - "ERROR: NSS_Initialize() failed.\n" + "ERROR: -nocertdb option can only be used with the -jar command.\n", + "ERROR: NSS_Initialize() failed.\n", + "ERROR: Unable to set initial password on the database.\n" }; typedef enum { diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c index c8fef7897..030568762 100644 --- a/security/nss/cmd/modutil/install-ds.c +++ b/security/nss/cmd/modutil/install-ds.c @@ -975,8 +975,7 @@ Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad) printf("Doesn't use equiv\n"); } PAD(pad); - printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile - : ""); + printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile : ""); PAD(pad); printf("mechFlags: %lx\n", _this->mechFlags); PAD(pad); diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index 02972f7b4..c1b44be53 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -865,7 +865,7 @@ main(int argc, char* argv[]) errcode = ChangePW(tokenName, pwFile, newpwFile); break; case CREATE_COMMAND: - /* The work was already done in init_crypto() */ + errcode = InitPW(); break; case DEFAULT_COMMAND: errcode = SetDefaultModule(moduleName, slotName, mechanisms); diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h index 127d0d0da..04aa908c8 100644 --- a/security/nss/cmd/modutil/modutil.h +++ b/security/nss/cmd/modutil/modutil.h @@ -29,6 +29,7 @@ Error AddModule(char *moduleName, char *libFile, char *ciphers, Error DeleteModule(char *moduleName); Error ListModule(char *moduleName); Error ListModules(); +Error InitPW(void); Error ChangePW(char *tokenName, char *pwFile, char *newpwFile); Error EnableModule(char *moduleName, char *slotName, PRBool enable); Error RawAddModule(char *dbmodulespec, char *modulespec); diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index 834469af1..1efc1895c 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -668,6 +668,39 @@ loser: return rv; } +/************************************************************************ + * + * I n i t P W + */ +Error +InitPW(void) +{ + PK11SlotInfo *slot; + Error ret = UNSPECIFIED_ERR; + + slot = PK11_GetInternalKeySlot(); + if (!slot) { + PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal"); + return NO_SUCH_TOKEN_ERR; + } + + /* Set the initial password to empty */ + if (PK11_NeedUserInit(slot)) { + if (PK11_InitPin(slot, NULL, "") != SECSuccess) { + PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]); + ret = INITPW_FAILED_ERR; + goto loser; + } + } + + ret = SUCCESS; + +loser: + PK11_FreeSlot(slot); + + return ret; +} + /************************************************************************ * * C h a n g e P W @@ -695,7 +728,7 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile) ret = BAD_PW_ERR; goto loser; } - } else { + } else if (PK11_NeedLogin(slot)) { for (matching = PR_FALSE; !matching;) { oldpw = SECU_GetPasswordString(NULL, "Enter old password: "); if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) { -- cgit v1.2.3