Last Comment Bug 262274 - visibility of PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate
: visibility of PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: unspecified
: x86 Linux
: -- normal (vote)
: 3.9.3
Assigned To: Robert Relyea
: Bishakha Banerjee
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-30 06:26 PDT by Caolan McNamara
Modified: 2004-10-21 11:27 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Export PK11_GetCertFromPrivatekey (464 bytes, patch)
2004-10-14 09:13 PDT, Robert Relyea
no flags Details | Diff | Review
3.9.3 version of patch (add PK11_GetCertFromPrivateKey (474 bytes, patch)
2004-10-14 11:28 PDT, Robert Relyea
wtc: review+
Details | Diff | Review
new 3.10 patch. (516 bytes, patch)
2004-10-14 11:30 PDT, Robert Relyea
wtc: review+
Details | Diff | Review
Move PK11_GetCertFromPrivateKey from the private headers to the public headers. (1.58 KB, patch)
2004-10-14 15:37 PDT, Robert Relyea
no flags Details | Diff | Review

Description Caolan McNamara 2004-09-30 06:26:50 PDT
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040929
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040929

OpenOffice.org 1.9.54 attempt to make use of PK11_GetCertFromPrivateKey and 
CERT_DecodeDERCertificate from libnss3.so. OOo has patched their own build to
provide visible PK11_GetCertFromPrivateKey and CERT_DecodeDERCertificate symbols
from libnss3.so
(http://external.openoffice.org/source/browse/external/moz/Attic/mozillasource-1.7b.patch)
by adding them to nss.def (e.g.
http://people.redhat.com/caolanm/systemmozilla/mozilla.nss.OpenOffice.org.patch)

They are listed in the nss/pk11func.h and nss/cert.h headers. Should they be
visible from libnss3.so ? Or should use not be made of them from external
applications ? (mozilla 1.7.3)

Reproducible: Always
Steps to Reproduce:
1. compile something using PK11_GetCertFromPrivateKey &
CERT_DecodeDERCertificate from nss/pk11func.h and nss/cert.h
2. link against libnss3.so for PK11_GetCertFromPrivateKey &
CERT_DecodeDERCertificate
Actual Results:  
fails to link

Expected Results:  
link happily
Comment 1 Wan-Teh Chang 2004-09-30 08:40:35 PDT
Bob, Nelson, could you look at this?  Is it okay
to export PK11_GetCertFromPrivateKey and
CERT_DecodeDERCertificate?

I remember we debated CERT_DecodeDERCertificate
when Nelson tried to make crmftest work again
(bug 244329. see also bug 243245).
Comment 2 Robert Relyea 2004-09-30 11:59:14 PDT
OpenOffice.org should not be using CERT_DecodeDERCertificate. The cert returned
from that function is not a 'complete' cert. Instead, import the cert as a temp
cert.

(if we separated the 'cert decoding' from the cert representation, then we could
crack a cert without importing it. Stan API's are designed to do that).

There is no reason not to export PK11_GetCertFromPrivateKey, however.

bob
Comment 3 Caolan McNamara 2004-10-14 03:06:43 PDT
So if there's no reason not to export PK11_GetCertFromPrivateKey will it be
exported in a future release ?
Comment 4 Robert Relyea 2004-10-14 09:13:58 PDT
Created attachment 162083 [details] [diff] [review]
Export PK11_GetCertFromPrivatekey

Good point.

This patch puts the export in NSS 3.10. If we need it sooner I can supply a
separate patch that puts it in NSS 3.9.x, though I think we're trying to close
3.9.3 shortly?
Comment 5 Wan-Teh Chang 2004-10-14 10:26:46 PDT
Comment on attachment 162083 [details] [diff] [review]
Export PK11_GetCertFromPrivatekey

This is a simple change.  I can export the
function in NSS 3.9.3.	Any objections?

I plan to close NSS 3.9.3 today.
Comment 6 Robert Relyea 2004-10-14 11:28:23 PDT
Created attachment 162102 [details] [diff] [review]
3.9.3 version of patch (add PK11_GetCertFromPrivateKey

The 3.9 version of the patch.
Comment 7 Robert Relyea 2004-10-14 11:30:17 PDT
Created attachment 162103 [details] [diff] [review]
new 3.10 patch.

This patch also updates the 3.10 branch to be consistant with the 3.9.3 export
list. (there were two missing functions).

Since we plan to export this in 3.9.3, we need to move the export the 3.9.3
export block in our 3.10 patch
Comment 8 Robert Relyea 2004-10-14 11:30:48 PDT
Comment on attachment 162102 [details] [diff] [review]
3.9.3 version of patch (add PK11_GetCertFromPrivateKey

wtc: please review
Comment 9 Robert Relyea 2004-10-14 11:31:20 PDT
Comment on attachment 162103 [details] [diff] [review]
new 3.10 patch.

wtc please review
Comment 10 Robert Relyea 2004-10-14 15:37:36 PDT
Created attachment 162128 [details] [diff] [review]
Move PK11_GetCertFromPrivateKey from the private headers to the public headers.

This change doesn't have a compile issue since on NSS 3.10 pk11priv.h and
pk11pub.h are new and both are included in pk11func.h, but the current rules
are anything publically exported should be in a public header, so this change
is needed for cleanliness.

No equivalent change is needed in NSS 3.9.3 since all the functions are listed
in pk11func.h flat without any indication of which are public and which are
private.

bob
Comment 11 Robert Relyea 2004-10-14 15:39:41 PDT
All the patches are checked into the appropriate branches. (including the header
change for NSS 3.10).

bob
Comment 12 Wan-Teh Chang 2004-10-21 11:27:56 PDT
Marked the bug fixed.

Note You need to log in before you can comment on or make changes to this bug.