This xmlsec-nss patch is based on the XMLSEC_NSS_030714 branch. It includes bug fixes & new code for xmlsec-nss, and 1 bug fix in generic code, and enhancement of test scripts to use pkcs12 file format.
As for the legal issues, I'm still waiting to hear back from legal.
Here's a description of changes:
1 style changes, compiler warning fixes, copyright in xmlsec-nss 2 bug fixes from running valgrind 3 changes to test scripts to read private keys from PKCS12 files ONLY. I've include instructions in tests/keys/README on how to convert existing private keys to a pkcs12 file 4 changes to support crypto-specific commands in the test scripts 5 implementation of rsapkcs1 key transport transform in xmlsec-nss 6 implementation of custom keysstore in xmlsec-nss 7 pkcs12 implementation in xmlsec-nss 8 a crude, simple perl script to help parse valgrind mem leak output (works but needs improvement, I don't know perl very well) 9 valgrind suppression file for nss (nss.supp) 10 new PKCS12 file containing private keys previously in der/p8-der files 11 bug fix in keys.c. function xmlSecKeysMngrGetKey invokes xmlSecKeyInfoNodeRead. On return from xmlSecKeyInfoNodeRead, it returns key if xmlSecKeyGetValue(key) != NULL
That is incorrect because in xmlSecKeyInfoNodeRead, it is possible to have a key value even if xmlSecKeyMatch fails (see the for loop).
I think the better way to fix it is to put a check in xmlSecKeyInfoNodeRead itself before returning. This will require adjusting the callers too. I'll let you decide :)
cheers,
-Tej
nsschanges.tar.gz
Description: GNU Zip compressed data
