[xmlsec] xmlsec-nss patch

Tejkumar Arora tej at netscape.com
Sun Jul 20 17:47:20 PDT 2003

Hi Aleksey,

This xmlsec-nss patch is based on the XMLSEC_NSS_030714 branch.
It includes bug fixes & new code for xmlsec-nss, and 1 bug fix
in generic code, and enhancement of test scripts to use pkcs12
file format.

As for the legal issues, I'm still waiting to hear back from legal.

Here's a description of changes:

1 style changes, compiler warning fixes, copyright in xmlsec-nss
2 bug fixes from running valgrind
3 changes to test scripts to read private keys from PKCS12 files
ONLY. I've include instructions in tests/keys/README on how
to convert existing private keys to a pkcs12 file
4 changes to support crypto-specific commands in the test scripts
5 implementation of rsapkcs1 key transport transform in xmlsec-nss
6 implementation of custom keysstore in xmlsec-nss
7 pkcs12 implementation in xmlsec-nss
8 a crude, simple perl script to help parse valgrind mem leak output
(works but needs improvement, I don't know perl very well)
9 valgrind suppression file for nss (nss.supp)
10 new PKCS12 file containing private keys previously in der/p8-der
11 bug fix in keys.c.
function xmlSecKeysMngrGetKey invokes xmlSecKeyInfoNodeRead. On
return from xmlSecKeyInfoNodeRead, it returns key if
xmlSecKeyGetValue(key) != NULL

That is incorrect because in xmlSecKeyInfoNodeRead, it is possible
to have a key value even if xmlSecKeyMatch fails (see the for loop).

I think the better way to fix it is to put a check in
xmlSecKeyInfoNodeRead itself before returning. This will
require adjusting the callers too. I'll let you decide :)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: nsschanges.tar.gz
Type: application/x-gzip
Size: 26625 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030720/402d5168/nsschanges.tar.bin

More information about the xmlsec mailing list