Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for bug 353577 . Delete PURE_STAN code and code outside NSS_3_4_CODE . r=wtc,nelson

Browse Source 
git-svn-id: svn://10.0.0.236/trunk@239526 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
julien.pierre.boogz%sun.com 2007-11-16 05:29:27 +00:00
parent c7ea07f8ea
commit 3b557e654d
28 changed files with 29 additions and 2407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mozilla/security/nss/lib/certdb/certdb.c
View File

@ -38,7 +38,7 @@
/*
* Certificate handling code
*
* $Id: certdb.c,v 1.84 2007-11-13 23:10:45 wtc%google.com Exp $
* $Id: certdb.c,v 1.85 2007-11-16 05:29:24 julien.pierre.boogz%sun.com Exp $
*/
#include "nssilock.h"
@ -65,9 +65,6 @@
#include "pk11func.h"
#include "xconst.h" /* for CERT_DecodeAltNameExtension */
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#include "pki.h"
#include "pki3hack.h"

3
mozilla/security/nss/lib/certdb/stanpcertdb.c
View File

@ -54,9 +54,6 @@
#include "plhash.h"
#include "pk11func.h" /* sigh */
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#include "nsspki.h"
#include "pki.h"
#include "pkim.h"

3
mozilla/security/nss/lib/certhigh/certhigh.c
View File

@ -43,9 +43,6 @@
#include "cert.h"
#include "certxutl.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif
#include "nsspki.h"
#include "pki.h"
#include "pkit.h"

3
mozilla/security/nss/lib/certhigh/certvfy.c
View File

@ -50,9 +50,6 @@
#include "pkix_pl_cert.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#include "nsspki.h"
#include "pkitm.h"
#include "pkim.h"

124
mozilla/security/nss/lib/dev/ckhelper.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.35 $ $Date: 2006-10-09 22:11:44 $";
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.36 $ $Date: 2007-11-16 05:29:25 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -392,128 +392,6 @@ nssCryptokiCertificate_GetAttributes (
return PR_SUCCESS;
}
#ifdef PURE_STAN_BUILD
static NSSKeyPairType
nss_key_pair_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib)
{
CK_KEY_TYPE ckKeyType;
PR_ASSERT(attrib->pValue);
ckKeyType = *((CK_ULONG *)attrib->pValue);
switch (ckKeyType) {
case CKK_RSA: return NSSKeyPairType_RSA;
case CKK_DSA: return NSSKeyPairType_DSA;
default: break;
}
return NSSKeyPairType_Unknown;
}
NSS_IMPLEMENT PRStatus
nssCryptokiPrivateKey_GetAttributes (
nssCryptokiObject *keyObject,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSKeyPairType *keyTypeOpt,
NSSItem *idOpt
)
{
PRStatus status;
PRUint32 i;
nssSession *session;
NSSSlot *slot;
CK_ULONG template_size;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[2];
/* Set up a template of all options chosen by caller */
NSS_CK_TEMPLATE_START(key_template, attr, template_size);
if (keyTypeOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_KEY_TYPE);
}
if (idOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
}
NSS_CK_TEMPLATE_FINISH(key_template, attr, template_size);
if (template_size == 0) {
/* caller didn't want anything */
return PR_SUCCESS;
}
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(keyObject->token);
slot = nssToken_GetSlot(keyObject->token);
status = nssCKObject_GetAttributes(keyObject->handle,
key_template, template_size,
arenaOpt, session, slot);
nssSlot_Destroy(slot);
if (status != PR_SUCCESS) {
return status;
}
i=0;
if (keyTypeOpt) {
*keyTypeOpt = nss_key_pair_type_from_ck_attrib(&key_template[i]); i++;
}
if (idOpt) {
NSS_CK_ATTRIBUTE_TO_ITEM(&key_template[i], idOpt); i++;
}
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssCryptokiPublicKey_GetAttributes (
nssCryptokiObject *keyObject,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSKeyPairType *keyTypeOpt,
NSSItem *idOpt
)
{
PRStatus status;
PRUint32 i;
nssSession *session;
NSSSlot *slot;
CK_ULONG template_size;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE key_template[2];
/* Set up a template of all options chosen by caller */
NSS_CK_TEMPLATE_START(key_template, attr, template_size);
if (keyTypeOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_KEY_TYPE);
}
if (idOpt) {
NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
}
NSS_CK_TEMPLATE_FINISH(key_template, attr, template_size);
if (template_size == 0) {
/* caller didn't want anything */
return PR_SUCCESS;
}
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(keyObject->token);
slot = nssToken_GetSlot(keyObject->token);
status = nssCKObject_GetAttributes(keyObject->handle,
key_template, template_size,
arenaOpt, session, slot);
nssSlot_Destroy(slot);
if (status != PR_SUCCESS) {
return status;
}
i=0;
if (keyTypeOpt) {
*keyTypeOpt = nss_key_pair_type_from_ck_attrib(&key_template[i]); i++;
}
if (idOpt) {
NSS_CK_ATTRIBUTE_TO_ITEM(&key_template[i], idOpt); i++;
}
return PR_SUCCESS;
}
#endif /* PURE_STAN_BUILD */
static nssTrustLevel
get_nss_trust (
CK_TRUST ckt

7
mozilla/security/nss/lib/dev/dev.h
View File

@ -44,7 +44,7 @@
*/
#ifdef DEBUG
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.38 $ $Date: 2007-07-11 04:47:41 $";
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.39 $ $Date: 2007-11-16 05:29:25 $";
#endif /* DEBUG */
#ifndef NSSCKT_H
@ -952,8 +952,6 @@ nssSlotList_GetBestSlotForAlgorithmsAndParameters
NSSAlgorithmAndParameters **ap
);
#ifdef NSS_3_4_CODE
NSS_EXTERN PRBool
nssToken_IsPresent
(
@ -996,9 +994,6 @@ nssToken_IsPrivateKeyAvailable
nssCryptokiObject *instance
);
#endif
PR_END_EXTERN_C
#endif /* DEV_H */

882
mozilla/security/nss/lib/dev/devmod.c
View File

@ -1,882 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devmod.c,v $ $Revision: 1.9 $ $Date: 2007-10-09 17:06:22 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
#include "nssckepv.h"
#endif /* NSSCKEPV_H */
#ifndef DEVM_H
#include "devm.h"
#endif /* DEVM_H */
#ifndef CKHELPER_H
#include "ckhelper.h"
#endif /* CKHELPER_H */
#ifdef PURE_STAN_CODE
extern void FC_GetFunctionList(void);
extern void NSC_GetFunctionList(void);
extern void NSC_ModuleDBFunc(void);
/* The list of boolean flags used to describe properties of a
* module.
*/
#define NSSMODULE_FLAGS_NOT_THREADSAFE 0x0001 /* isThreadSafe */
#define NSSMODULE_FLAGS_INTERNAL 0x0002 /* isInternal */
#define NSSMODULE_FLAGS_FIPS 0x0004 /* isFIPS */
#define NSSMODULE_FLAGS_MODULE_DB 0x0008 /* isModuleDB */
#define NSSMODULE_FLAGS_MODULE_DB_ONLY 0x0010 /* moduleDBOnly */
#define NSSMODULE_FLAGS_CRITICAL 0x0020 /* isCritical */
struct NSSModuleStr {
struct nssDeviceBaseStr base;
NSSUTF8 *libraryName;
PRLibrary *library;
char *libraryParams;
void *moduleDBFunc;
void *epv;
CK_INFO info;
NSSSlot **slots;
PRUint32 numSlots;
PRBool isLoaded;
struct {
PRInt32 trust;
PRInt32 cipher;
PRInt32 certStorage;
} order;
};
#define NSSMODULE_IS_THREADSAFE(module) \
(!(module->base.flags & NSSMODULE_FLAGS_NOT_THREADSAFE))
#define NSSMODULE_IS_INTERNAL(module) \
(module->base.flags & NSSMODULE_FLAGS_INTERNAL)
#define NSSMODULE_IS_FIPS(module) \
(module->base.flags & NSSMODULE_FLAGS_FIPS)
#define NSSMODULE_IS_MODULE_DB(module) \
(module->base.flags & NSSMODULE_FLAGS_MODULE_DB)
#define NSSMODULE_IS_MODULE_DB_ONLY(module) \
(module->base.flags & NSSMODULE_FLAGS_MODULE_DB_ONLY)
#define NSSMODULE_IS_CRITICAL(module) \
(module->base.flags & NSSMODULE_FLAGS_CRITICAL)
/* Threading callbacks for C_Initialize. Use NSPR threads. */
CK_RV PR_CALLBACK
nss_ck_CreateMutex(CK_VOID_PTR_PTR pMutex)
{
CK_VOID_PTR mutex = (CK_VOID_PTR)PZ_NewLock(nssILockOther);
if (mutex != NULL) {
*pMutex = (CK_VOID_PTR)mutex;
return CKR_OK;
}
return CKR_HOST_MEMORY;
}
CK_RV PR_CALLBACK
nss_ck_DestroyMutex(CK_VOID_PTR mutex)
{
PZ_DestroyLock((PZLock *)mutex);
return CKR_OK;
}
CK_RV PR_CALLBACK
nss_ck_LockMutex(CK_VOID_PTR mutex)
{
PZ_Lock((PZLock *)mutex);
return CKR_OK;
}
CK_RV PR_CALLBACK
nss_ck_UnlockMutex(CK_VOID_PTR mutex)
{
return (PZ_Unlock((PZLock *)mutex) == PR_SUCCESS) ?
CKR_OK : CKR_MUTEX_NOT_LOCKED;
}
/* Default callback args to C_Initialize */
/* XXX not const because we are modifying the pReserved argument in order
* to use the libraryParams extension.
*/
static CK_C_INITIALIZE_ARGS
s_ck_initialize_args = {
nss_ck_CreateMutex, /* CreateMutex */
nss_ck_DestroyMutex, /* DestroyMutex */
nss_ck_LockMutex, /* LockMutex */
nss_ck_UnlockMutex, /* UnlockMutex */
CKF_LIBRARY_CANT_CREATE_OS_THREADS |
CKF_OS_LOCKING_OK, /* flags */
NULL /* pReserved */
};
/* load all slots in a module. */
static PRStatus
module_load_slots(NSSModule *mod)
{
CK_ULONG i, ulNumSlots;
CK_SLOT_ID *slotIDs;
nssArenaMark *mark = NULL;
NSSSlot **slots;
PRStatus nssrv;
CK_RV ckrv;
/* Get the number of slots */
ckrv = CKAPI(mod->epv)->C_GetSlotList(CK_FALSE, NULL, &ulNumSlots);
if (ckrv != CKR_OK) {
/* what is the error? */
return PR_FAILURE;
}
/* Alloc memory for the array of slot ID's */
slotIDs = nss_ZNEWARRAY(NULL, CK_SLOT_ID, ulNumSlots);
if (!slotIDs) {
goto loser;
}
/* Get the actual slot list */
ckrv = CKAPI(mod->epv)->C_GetSlotList(CK_FALSE, slotIDs, &ulNumSlots);
if (ckrv != CKR_OK) {
/* what is the error? */
goto loser;
}
/* Alloc memory for the array of slots, in the module's arena */
mark = nssArena_Mark(mod->base.arena); /* why mark? it'll be destroyed */
if (!mark) {
return PR_FAILURE;
}
slots = nss_ZNEWARRAY(mod->base.arena, NSSSlot *, ulNumSlots);
if (!slots) {
goto loser;
}
/* Initialize each slot */
for (i=0; i<ulNumSlots; i++) {
slots[i] = nssSlot_Create(slotIDs[i], mod);
}
nss_ZFreeIf(slotIDs);
nssrv = nssArena_Unmark(mod->base.arena, mark);
if (nssrv != PR_SUCCESS) {
goto loser;
}
mod->slots = slots;
mod->numSlots = ulNumSlots;
return PR_SUCCESS;
loser:
if (mark) {
nssArena_Release(mod->base.arena, mark);
}
nss_ZFreeIf(slotIDs);
return PR_FAILURE;
}
NSS_IMPLEMENT PRStatus
nssModule_Load (
NSSModule *mod
)
{
PRLibrary *library = NULL;
CK_C_GetFunctionList epv;
CK_RV ckrv;
if (NSSMODULE_IS_INTERNAL(mod)) {
/* internal, statically get the C_GetFunctionList function */
if (NSSMODULE_IS_FIPS(mod)) {
epv = (CK_C_GetFunctionList) FC_GetFunctionList;
} else {
epv = (CK_C_GetFunctionList) NSC_GetFunctionList;
}
if (NSSMODULE_IS_MODULE_DB(mod)) {
mod->moduleDBFunc = (void *) NSC_ModuleDBFunc;
}
if (NSSMODULE_IS_MODULE_DB_ONLY(mod)) {
mod->isLoaded = PR_TRUE; /* XXX needed? */
return PR_SUCCESS;
}
} else {
/* Use NSPR to load the library */
library = PR_LoadLibrary(mod->libraryName);
if (!library) {
/* what's the error to set? */
return PR_FAILURE;
}
mod->library = library;
/* Skip if only getting the db loader function */
if (!NSSMODULE_IS_MODULE_DB_ONLY(mod)) {
/* Load the cryptoki entry point function */
epv = (CK_C_GetFunctionList)PR_FindSymbol(library,
"C_GetFunctionList");
}
/* Load the module database loader function */
if (NSSMODULE_IS_MODULE_DB(mod)) {
mod->moduleDBFunc = (void *)PR_FindSymbol(library,
"NSS_ReturnModuleSpecData");
}
}
if (epv == NULL) {
goto loser;
}
/* Load the cryptoki entry point vector (function list) */
ckrv = (*epv)((CK_FUNCTION_LIST_PTR *)&mod->epv);
if (ckrv != CKR_OK) {
goto loser;
}
/* Initialize the module */
if (mod->libraryParams) {
s_ck_initialize_args.LibraryParameters = (void *)mod->libraryParams;
} else {
s_ck_initialize_args.LibraryParameters = NULL;
}
ckrv = CKAPI(mod->epv)->C_Initialize(&s_ck_initialize_args);
if (ckrv != CKR_OK) {
/* Apparently the token is not thread safe. Retry without
* threading parameters.
*/
mod->base.flags |= NSSMODULE_FLAGS_NOT_THREADSAFE;
ckrv = CKAPI(mod->epv)->C_Initialize((CK_VOID_PTR)NULL);
if (ckrv != CKR_OK) {
goto loser;
}
}
/* TODO: check the version # using C_GetInfo */
ckrv = CKAPI(mod->epv)->C_GetInfo(&mod->info);
if (ckrv != CKR_OK) {
goto loser;
}
/* TODO: if the name is not set, get it from info.libraryDescription */
/* Now load the slots */
if (module_load_slots(mod) != PR_SUCCESS) {
goto loser;
}
/* Module has successfully loaded */
mod->isLoaded = PR_TRUE;
return PR_SUCCESS;
loser:
if (library) {
PR_UnloadLibrary(library);
}
/* clear all values set above, they are invalid now */
mod->library = NULL;
mod->epv = NULL;
return PR_FAILURE;
}
NSS_IMPLEMENT PRStatus
nssModule_Unload (
NSSModule *mod
)
{
PRStatus nssrv = PR_SUCCESS;
char *disableUnload = NULL;
if (mod->library) {
(void)CKAPI(mod->epv)->C_Finalize(NULL);
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
nssrv = PR_UnloadLibrary(mod->library);
}
}
/* Free the slots, yes? */
mod->library = NULL;
mod->epv = NULL;
mod->isLoaded = PR_FALSE;
return nssrv;
}
/* Alloc memory for a module. Copy in the module name and library path
* if provided. XXX use the opaque arg also, right?
*/
NSS_IMPLEMENT NSSModule *
nssModule_Create (
NSSUTF8 *moduleOpt,
NSSUTF8 *uriOpt,
NSSUTF8 *opaqueOpt,
void *reserved
)
{
NSSArena *arena;
NSSModule *rvMod;
arena = NSSArena_Create();
if(!arena) {
return (NSSModule *)NULL;
}
rvMod = nss_ZNEW(arena, NSSModule);
if (!rvMod) {
goto loser;
}
if (moduleOpt) {
/* XXX making the gross assumption this is just the module name */
/* if the name is a duplicate, should that be tested here? or
* wait for Load?
*/
rvMod->base.name = nssUTF8_Duplicate(moduleOpt, arena);
if (!rvMod->base.name) {
goto loser;
}
}
if (uriOpt) {
/* Load the module from a URI. */
/* XXX at this time - only file URI (even worse, no file:// for now) */
rvMod->libraryName = nssUTF8_Duplicate(uriOpt, arena);
if (!rvMod->libraryName) {
goto loser;
}
}
rvMod->base.arena = arena;
rvMod->base.refCount = 1;
rvMod->base.lock = PZ_NewLock(nssNSSILockOther);
if (!rvMod->base.lock) {
goto loser;
}
/* everything else is 0/NULL at this point. */
return rvMod;
loser:
nssArena_Destroy(arena);
return (NSSModule *)NULL;
}
NSS_EXTERN PRStatus
nssCryptokiArgs_ParseNextPair (
NSSUTF8 *start,
NSSUTF8 **attrib,
NSSUTF8 **value,
NSSUTF8 **remainder,
NSSArena *arenaOpt
);
static PRStatus
parse_slot_flags (
NSSSlot *slot,
NSSUTF8 *slotFlags
)
{
PRStatus nssrv = PR_SUCCESS;
#if 0
PRBool done = PR_FALSE;
NSSUTF8 *mark, *last;
last = mark = slotFlags;
while (PR_TRUE) {
while (*mark && *mark != ',') ++mark;
if (!*mark) done = PR_TRUE;
*mark = '\0';
if (nssUTF8_Equal(last, "RANDOM", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_HAS_RANDOM;
} else if (nssUTF8_Equal(last, "RSA", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_RSA;
} else if (nssUTF8_Equal(last, "DSA", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_DSA;
} else if (nssUTF8_Equal(last, "DH", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_DH;
} else if (nssUTF8_Equal(last, "RC2", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_RC2;
} else if (nssUTF8_Equal(last, "RC4", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_RC4;
} else if (nssUTF8_Equal(last, "RC5", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_RC5;
} else if (nssUTF8_Equal(last, "DES", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_DES;
} else if (nssUTF8_Equal(last, "AES", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_AES;
} else if (nssUTF8_Equal(last, "SHA1", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_SHA1;
} else if (nssUTF8_Equal(last, "MD2", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_MD2;
} else if (nssUTF8_Equal(last, "MD5", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_MD5;
} else if (nssUTF8_Equal(last, "SSL", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_SSL;
} else if (nssUTF8_Equal(last, "TLS", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_TLS;
} else if (nssUTF8_Equal(last, "PublicCerts", &nssrv)) {
slot->base.flags |= NSSSLOT_FLAGS_FRIENDLY;
} else {
return PR_FAILURE;
}
if (done) break;
last = ++mark;
}
#endif
return nssrv;
}
static PRStatus
parse_slot_parameters (
NSSSlot *slot,
NSSUTF8 *slotParams,
NSSArena *tmparena
)
{
PRStatus nssrv = PR_SUCCESS;
NSSUTF8 *current, *remainder;
NSSUTF8 *attrib, *value;
current = slotParams;
while (nssrv == PR_SUCCESS) {
nssrv = nssCryptokiArgs_ParseNextPair(current,
&attrib, &value,
&remainder, tmparena);
if (nssrv != PR_SUCCESS) break;
if (value) {
if (nssUTF8_Equal(attrib, "slotFlags", &nssrv)) {
nssrv = parse_slot_flags(slot, value);
} else if (nssUTF8_Equal(attrib, "askpw", &nssrv)) {
} else if (nssUTF8_Equal(attrib, "timeout", &nssrv)) {
}
}
if (*remainder == '\0') break;
current = remainder;
}
return nssrv;
}
/* softoken seems to use "0x0000001", but no standard yet... perhaps this
* should store the number as an ID, in case the input isn't 1,2,3,...?
*/
static PRIntn
get_slot_number(NSSUTF8* snString)
{
/* XXX super big hack */
return atoi(&snString[strlen(snString)-1]);
}
static PRStatus
parse_module_slot_parameters (
NSSModule *mod,
NSSUTF8 *slotParams
)
{
PRStatus nssrv = PR_SUCCESS;
NSSUTF8 *current, *remainder;
NSSUTF8 *attrib, *value;
NSSArena *tmparena;
PRIntn slotNum;
tmparena = nssArena_Create();
if (!tmparena) {
return PR_FAILURE;
}
current = slotParams;
while (nssrv == PR_SUCCESS) {
nssrv = nssCryptokiArgs_ParseNextPair(current,
&attrib, &value,
&remainder, tmparena);
if (nssrv != PR_SUCCESS) break;
if (value) {
slotNum = get_slot_number(attrib);
if (slotNum < 0 || slotNum > mod->numSlots) {
return PR_FAILURE;
}
nssrv = parse_slot_parameters(mod->slots[slotNum],
value, tmparena);
if (nssrv != PR_SUCCESS) break;
}
if (*remainder == '\0') break;
current = remainder;
}
return nssrv;
}
static PRStatus
parse_nss_flags (
NSSModule *mod,
NSSUTF8 *nssFlags
)
{
PRStatus nssrv = PR_SUCCESS;
PRBool done = PR_FALSE;
NSSUTF8 *mark, *last;
last = mark = nssFlags;
while (PR_TRUE) {
while (*mark && *mark != ',') ++mark;
if (!*mark) done = PR_TRUE;
*mark = '\0';
if (nssUTF8_Equal(last, "internal", &nssrv)) {
mod->base.flags |= NSSMODULE_FLAGS_INTERNAL;
} else if (nssUTF8_Equal(last, "moduleDB", &nssrv)) {
mod->base.flags |= NSSMODULE_FLAGS_MODULE_DB;
} else if (nssUTF8_Equal(last, "moduleDBOnly", &nssrv)) {
mod->base.flags |= NSSMODULE_FLAGS_MODULE_DB_ONLY;
} else if (nssUTF8_Equal(last, "critical", &nssrv)) {
mod->base.flags |= NSSMODULE_FLAGS_CRITICAL;
} else {
return PR_FAILURE;
}
if (done) break;
last = ++mark;
}
return nssrv;
}
static PRStatus
parse_nss_parameters (
NSSModule *mod,
NSSUTF8 *nssParams,
NSSArena *tmparena,
NSSUTF8 **slotParams
)
{
PRStatus nssrv = PR_SUCCESS;
NSSUTF8 *current, *remainder;
NSSUTF8 *attrib, *value;
current = nssParams;
while (nssrv == PR_SUCCESS) {
nssrv = nssCryptokiArgs_ParseNextPair(current,
&attrib, &value,
&remainder, tmparena);
if (nssrv != PR_SUCCESS) break;
if (value) {
if (nssUTF8_Equal(attrib, "flags", &nssrv) ||
nssUTF8_Equal(attrib, "Flags", &nssrv)) {
nssrv = parse_nss_flags(mod, value);
} else if (nssUTF8_Equal(attrib, "trustOrder", &nssrv)) {
mod->order.trust = atoi(value);
} else if (nssUTF8_Equal(attrib, "cipherOrder", &nssrv)) {
mod->order.cipher = atoi(value);
} else if (nssUTF8_Equal(attrib, "ciphers", &nssrv)) {
} else if (nssUTF8_Equal(attrib, "slotParams", &nssrv)) {
/* slotParams doesn't get an arena, it is handled separately */
*slotParams = nssUTF8_Duplicate(value, NULL);
}
}
if (*remainder == '\0') break;
current = remainder;
}
return nssrv;
}
static PRStatus
parse_module_parameters (
NSSModule *mod,
NSSUTF8 *moduleParams,
NSSUTF8 **slotParams
)
{
PRStatus nssrv = PR_SUCCESS;
NSSUTF8 *current, *remainder;
NSSUTF8 *attrib, *value;
NSSArena *arena = mod->base.arena;
NSSArena *tmparena;
current = moduleParams;
tmparena = nssArena_Create();
if (!tmparena) {
return PR_FAILURE;
}
while (nssrv == PR_SUCCESS) {
nssrv = nssCryptokiArgs_ParseNextPair(current,
&attrib, &value,
&remainder, tmparena);
if (nssrv != PR_SUCCESS) break;
if (value) {
if (nssUTF8_Equal(attrib, "name", &nssrv)) {
mod->base.name = nssUTF8_Duplicate(value, arena);
} else if (nssUTF8_Equal(attrib, "library", &nssrv)) {
mod->libraryName = nssUTF8_Duplicate(value, arena);
} else if (nssUTF8_Equal(attrib, "parameters", &nssrv)) {
mod->libraryParams = nssUTF8_Duplicate(value, arena);
} else if (nssUTF8_Equal(attrib, "NSS", &nssrv)) {
parse_nss_parameters(mod, value, tmparena, slotParams);
}
}
if (*remainder == '\0') break;
current = remainder;
}
nssArena_Destroy(tmparena);
return nssrv;
}
static NSSUTF8 **
get_module_specs (
NSSModule *mod
)
{
SECMODModuleDBFunc func = (SECMODModuleDBFunc)mod->moduleDBFunc;
if (func) {
return (*func)(SECMOD_MODULE_DB_FUNCTION_FIND,
mod->libraryParams,
NULL);
}
return NULL;
}
/* XXX continue working on */
NSS_IMPLEMENT NSSModule *
nssModule_CreateFromSpec (
NSSUTF8 *moduleSpec,
NSSModule *parent,
PRBool loadSubModules
)
{
PRStatus nssrv;
NSSModule *thisModule;
NSSArena *arena;
NSSUTF8 *slotParams = NULL;
arena = nssArena_Create();
if (!arena) {
return NULL;
}
thisModule = nss_ZNEW(arena, NSSModule);
if (!thisModule) {
goto loser;
}
thisModule->base.lock = PZ_NewLock(nssILockOther);
if (!thisModule->base.lock) {
goto loser;
}
PR_AtomicIncrement(&thisModule->base.refCount);
thisModule->base.arena = arena;
thisModule->base.lock = PZ_NewLock(nssNSSILockOther);
if (!thisModule->base.lock) {
goto loser;
}
nssrv = parse_module_parameters(thisModule, moduleSpec, &slotParams);
if (nssrv != PR_SUCCESS) {
goto loser;
}
nssrv = nssModule_Load(thisModule);
if (nssrv != PR_SUCCESS) {
goto loser;
}
if (slotParams) {
nssrv = parse_module_slot_parameters(thisModule, slotParams);
nss_ZFreeIf(slotParams);
if (nssrv != PR_SUCCESS) {
goto loser;
}
}
if (loadSubModules && NSSMODULE_IS_MODULE_DB(thisModule)) {
NSSUTF8 **moduleSpecs;
NSSUTF8 **index;
/* get the array of sub modules one level below this module */
moduleSpecs = get_module_specs(thisModule);
/* iterate over the array */
for (index = moduleSpecs; index && *index; index++) {
NSSModule *child;
/* load the child recursively */
child = nssModule_CreateFromSpec(*index, thisModule, PR_TRUE);
if (!child) {
/* when children fail, does the parent? */
nssrv = PR_FAILURE;
break;
}
if (NSSMODULE_IS_CRITICAL(child) && !child->isLoaded) {
nssrv = PR_FAILURE;
nssModule_Destroy(child);
break;
}
nssModule_Destroy(child);
/*nss_ZFreeIf(*index);*/
}
/*nss_ZFreeIf(moduleSpecs);*/
}
/* The global list inherits the reference */
nssrv = nssGlobalModuleList_Add(thisModule);
if (nssrv != PR_SUCCESS) {
goto loser;
}
return thisModule;
loser:
if (thisModule->base.lock) {
PZ_DestroyLock(thisModule->base.lock);
}
nssArena_Destroy(arena);
return (NSSModule *)NULL;
}
NSS_IMPLEMENT PRStatus
nssModule_Destroy (
NSSModule *mod
)
{
PRUint32 i, numSlots;
if (PR_AtomicDecrement(&mod->base.refCount) == 0) {
if (mod->numSlots == 0) {
(void)nssModule_Unload(mod);
return nssArena_Destroy(mod->base.arena);
} else {
numSlots = mod->numSlots;
for (i=0; i<numSlots; i++) {
nssSlot_Destroy(mod->slots[i]);
}
}
}
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssModule_DestroyFromSlot (
NSSModule *mod,
NSSSlot *slot
)
{
PRUint32 i, numSlots = 0;
PR_ASSERT(mod->base.refCount == 0);
for (i=0; i<mod->numSlots; i++) {
if (mod->slots[i] == slot) {
mod->slots[i] = NULL;
} else if (mod->slots[i]) {
numSlots++;
}
}
if (numSlots == 0) {
(void)nssModule_Unload(mod);
return nssArena_Destroy(mod->base.arena);
}
return PR_SUCCESS;
}
NSS_IMPLEMENT NSSModule *
nssModule_AddRef (
NSSModule *mod
)
{
PR_AtomicIncrement(&mod->base.refCount);
return mod;
}
NSS_IMPLEMENT NSSUTF8 *
nssModule_GetName (
NSSModule *mod
)
{
return mod->base.name;
}
NSS_IMPLEMENT PRBool
nssModule_IsThreadSafe (
NSSModule *module
)
{
return NSSMODULE_IS_THREADSAFE(module);
}
NSS_IMPLEMENT PRBool
nssModule_IsInternal (
NSSModule *mod
)
{
return NSSMODULE_IS_INTERNAL(mod);
}
NSS_IMPLEMENT PRBool
nssModule_IsModuleDBOnly (
NSSModule *mod
)
{
return NSSMODULE_IS_MODULE_DB_ONLY(mod);
}
NSS_IMPLEMENT void *
nssModule_GetCryptokiEPV (
NSSModule *mod
)
{
return mod->epv;
}
NSS_IMPLEMENT NSSSlot **
nssModule_GetSlots (
NSSModule *mod
)
{
PRUint32 i;
NSSSlot **rvSlots;
rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, mod->numSlots + 1);
if (rvSlots) {
for (i=0; i<mod->numSlots; i++) {
rvSlots[i] = nssSlot_AddRef(mod->slots[i]);
}
}
return rvSlots;
}
NSS_IMPLEMENT NSSSlot *
nssModule_FindSlotByName (
NSSModule *mod,
NSSUTF8 *slotName
)
{
PRUint32 i;
PRStatus nssrv;
NSSSlot *slot;
NSSUTF8 *name;
for (i=0; i<mod->numSlots; i++) {
slot = mod->slots[i];
name = nssSlot_GetName(slot);
if (nssUTF8_Equal(name, slotName, &nssrv)) {
return nssSlot_AddRef(slot);
}
if (nssrv != PR_SUCCESS) {
break;
}
}
return (NSSSlot *)NULL;
}
NSS_IMPLEMENT NSSToken *
nssModule_FindTokenByName (
NSSModule *mod,
NSSUTF8 *tokenName
)
{
PRUint32 i;
PRStatus nssrv;
NSSToken *tok;
NSSUTF8 *name;
for (i=0; i<mod->numSlots; i++) {
tok = nssSlot_GetToken(mod->slots[i]);
if (tok) {
name = nssToken_GetName(tok);
if (nssUTF8_Equal(name, tokenName, &nssrv)) {
return tok;
}
if (nssrv != PR_SUCCESS) {
break;
}
}
}
return (NSSToken *)NULL;
}
NSS_IMPLEMENT PRInt32
nssModule_GetCertOrder (
NSSModule *module
)
{
return 1; /* XXX */
}
#endif /* PURE_STAN_BUILD */

562
mozilla/security/nss/lib/dev/devslot.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.22 $ $Date: 2005-09-14 01:35:02 $";
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.23 $ $Date: 2007-11-16 05:29:25 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -55,37 +55,6 @@ static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.22 $ $Da
/* this should track global and per-transaction login information */
#ifdef PURE_STAN_CODE
typedef enum {
nssSlotAskPasswordTimes_FirstTime = 0,
nssSlotAskPasswordTimes_EveryTime = 1,
nssSlotAskPasswordTimes_Timeout = 2
}
nssSlotAskPasswordTimes;
struct nssSlotAuthInfoStr
{
PRTime lastLogin;
nssSlotAskPasswordTimes askTimes;
PRIntervalTime askPasswordTimeout;
};
struct NSSSlotStr
{
struct nssDeviceBaseStr base;
NSSModule *module; /* Parent */
NSSToken *token; /* Peer */
CK_SLOT_ID slotID;
CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
struct nssSlotAuthInfoStr authInfo;
PRIntervalTime lastTokenPing;
PZLock *lock;
#ifdef NSS_3_4_CODE
PK11SlotInfo *pk11slot;
#endif
};
#endif /* PURE_STAN_CODE */
#define NSSSLOT_IS_FRIENDLY(slot) \
(slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
@ -95,86 +64,6 @@ static PRIntervalTime s_token_delay_time = 0;
/* The flags needed to open a read-only session. */
static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION;
#ifdef PURE_STAN_BUILD
/* In pk11slot.c, this was a no-op. So it is here also. */
static CK_RV PR_CALLBACK
nss_ck_slot_notify (
CK_SESSION_HANDLE session,
CK_NOTIFICATION event,
CK_VOID_PTR pData
)
{
return CKR_OK;
}
NSS_IMPLEMENT NSSSlot *
nssSlot_Create (
CK_SLOT_ID slotID,
NSSModule *parent
)
{
NSSArena *arena = NULL;
NSSSlot *rvSlot;
NSSToken *token = NULL;
NSSUTF8 *slotName = NULL;
PRUint32 length;
CK_SLOT_INFO slotInfo;
CK_RV ckrv;
void *epv;
arena = NSSArena_Create();
if(!arena) {
return (NSSSlot *)NULL;
}
rvSlot = nss_ZNEW(arena, NSSSlot);
if (!rvSlot) {
goto loser;
}
/* Get slot information */
epv = nssModule_GetCryptokiEPV(parent);
ckrv = CKAPI(epv)->C_GetSlotInfo(slotID, &slotInfo);
if (ckrv != CKR_OK) {
/* set an error here, eh? */
goto loser;
}
/* Grab the slot description from the PKCS#11 fixed-length buffer */
length = nssPKCS11String_Length(slotInfo.slotDescription,
sizeof(slotInfo.slotDescription));
if (length > 0) {
slotName = nssUTF8_Create(arena, nssStringType_UTF8String,
(void *)slotInfo.slotDescription, length);
if (!slotName) {
goto loser;
}
}
rvSlot->base.arena = arena;
rvSlot->base.refCount = 1;
rvSlot->base.name = slotName;
rvSlot->base.lock = PZ_NewLock(nssNSSILockOther); /* XXX */
if (!rvSlot->base.lock) {
goto loser;
}
if (!nssModule_IsThreadSafe(parent)) {
rvSlot->lock = nssModule_GetLock(parent);
}
rvSlot->module = parent; /* refs go from module to slots */
rvSlot->slotID = slotID;
rvSlot->ckFlags = slotInfo.flags;
/* Initialize the token if present. */
if (slotInfo.flags & CKF_TOKEN_PRESENT) {
token = nssToken_Create(slotID, rvSlot);
if (!token) {
goto loser;
}
}
rvSlot->token = token;
return rvSlot;
loser:
nssArena_Destroy(arena);
/* everything was created in the arena, nothing to see here, move along */
return (NSSSlot *)NULL;
}
#endif /* PURE_STAN_BUILD */
NSS_IMPLEMENT PRStatus
nssSlot_Destroy (
NSSSlot *slot
@ -183,10 +72,6 @@ nssSlot_Destroy (
if (slot) {
if (PR_AtomicDecrement(&slot->base.refCount) == 0) {
PZ_DestroyLock(slot->base.lock);
#ifdef PURE_STAN_BUILD
nssToken_Destroy(slot->token);
nssModule_DestroyFromSlot(slot->module, slot);
#endif
return nssArena_Destroy(slot->base.arena);
}
}
@ -288,11 +173,7 @@ nssSlot_IsTokenPresent (
}
/* First obtain the slot info */
#ifdef PURE_STAN_BUILD
epv = nssModule_GetCryptokiEPV(slot->module);
#else
epv = slot->epv;
#endif
if (!epv) {
return PR_FALSE;
}
@ -319,23 +200,15 @@ nssSlot_IsTokenPresent (
session->handle = CK_INVALID_SESSION;
}
nssSession_ExitMonitor(session);
#ifdef NSS_3_4_CODE
if (slot->token->base.name[0] != 0) {
/* notify the high-level cache that the token is removed */
slot->token->base.name[0] = 0; /* XXX */
nssToken_NotifyCertsNotVisible(slot->token);
}
#endif
slot->token->base.name[0] = 0; /* XXX */
/* clear the token cache */
nssToken_Remove(slot->token);
return PR_FALSE;
#ifdef PURE_STAN_CODE
} else if (!slot->token) {
/* token was not present at boot time, is now */
slot->token = nssToken_Create(slot->slotID, slot);
return (slot->token != NULL);
#endif
}
/* token is present, use the session info to determine if the card
* has been removed and reinserted.
@ -360,9 +233,7 @@ nssSlot_IsTokenPresent (
* a token it doesn't recognize. invalidate all the old
* information we had on this token, if we can't refresh, clear
* the present flag */
#ifdef NSS_3_4_CODE
nssToken_NotifyCertsNotVisible(slot->token);
#endif /* NSS_3_4_CODE */
nssToken_Remove(slot->token);
/* token has been removed, need to refresh with new session */
nssrv = nssSlot_Refresh(slot);
@ -375,26 +246,12 @@ nssSlot_IsTokenPresent (
}
}
#ifdef PURE_STAN_BUILD
NSS_IMPLEMENT NSSModule *
nssSlot_GetModule (
NSSSlot *slot
)
{
return nssModule_AddRef(slot->module);
}
#endif /* PURE_STAN_BUILD */
NSS_IMPLEMENT void *
nssSlot_GetCryptokiEPV (
NSSSlot *slot
)
{
#ifdef PURE_STAN_BUILD
return nssModule_GetCryptokiEPV(slot->module);
#else
return slot->epv;
#endif
}
NSS_IMPLEMENT NSSToken *
@ -408,423 +265,6 @@ nssSlot_GetToken (
return (NSSToken *)NULL;
}
#ifdef PURE_STAN_BUILD
NSS_IMPLEMENT PRBool
nssSlot_IsPermanent (
NSSSlot *slot
)
{
return (!(slot->ckFlags & CKF_REMOVABLE_DEVICE));
}
NSS_IMPLEMENT PRBool
nssSlot_IsFriendly (
NSSSlot *slot
)
{
return PR_TRUE /* XXX NSSSLOT_IS_FRIENDLY(slot)*/;
}
NSS_IMPLEMENT PRBool
nssSlot_IsHardware (
NSSSlot *slot
)
{
return (slot->ckFlags & CKF_HW_SLOT);
}
NSS_IMPLEMENT PRStatus
nssSlot_Refresh (
NSSSlot *slot
)
{
/* XXX */
#if 0
nssToken_Destroy(slot->token);
if (slotInfo.flags & CKF_TOKEN_PRESENT) {
slot->token = nssToken_Create(NULL, slotID, slot);
}
#endif
return PR_SUCCESS;
}
static PRBool
slot_needs_login (
NSSSlot *slot,
nssSession *session
)
{
PRBool needsLogin, logout;
struct nssSlotAuthInfoStr *authInfo = &slot->authInfo;
void *epv = nssModule_GetCryptokiEPV(slot->module);
if (!nssToken_IsLoginRequired(slot->token)) {
return PR_FALSE;
}
if (authInfo->askTimes == nssSlotAskPasswordTimes_EveryTime) {
logout = PR_TRUE;
} else if (authInfo->askTimes == nssSlotAskPasswordTimes_Timeout) {
PRIntervalTime currentTime = PR_IntervalNow();
if (authInfo->lastLogin - currentTime < authInfo->askPasswordTimeout) {
logout = PR_FALSE;
} else {
logout = PR_TRUE;
}
} else { /* nssSlotAskPasswordTimes_FirstTime */
logout = PR_FALSE;
}
if (logout) {
/* The login has expired, timeout */
nssSession_EnterMonitor(session);
CKAPI(epv)->C_Logout(session->handle);
nssSession_ExitMonitor(session);
needsLogin = PR_TRUE;
} else {
CK_RV ckrv;
CK_SESSION_INFO sessionInfo;
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
/* XXX error -- invalidate session */
return PR_FALSE;
}
switch (sessionInfo.state) {
case CKS_RW_PUBLIC_SESSION:
case CKS_RO_PUBLIC_SESSION:
default:
needsLogin = PR_TRUE;
break;
case CKS_RW_USER_FUNCTIONS:
case CKS_RW_SO_FUNCTIONS:
case CKS_RO_USER_FUNCTIONS:
needsLogin = PR_FALSE;
break;
}
}
return needsLogin;
}
static PRStatus
slot_login (
NSSSlot *slot,
nssSession *session,
CK_USER_TYPE userType,
NSSCallback *pwcb
)
{
PRStatus nssrv;
PRUint32 attempts;
PRBool keepTrying;
NSSUTF8 *password = NULL;
CK_ULONG pwLen;
CK_RV ckrv;
void *epv;
if (!pwcb->getPW) {
/* set error INVALID_ARG */
return PR_FAILURE;
}
epv = nssModule_GetCryptokiEPV(slot->module);
keepTrying = PR_TRUE;
nssrv = PR_FAILURE;
attempts = 0;
while (keepTrying) {
/* use the token name, since it is present */
NSSUTF8 *tokenName = nssToken_GetName(slot->token);
nssrv = pwcb->getPW(tokenName, attempts, pwcb->arg, &password);
if (nssrv != PR_SUCCESS) {
nss_SetError(NSS_ERROR_USER_CANCELED);
break;
}
pwLen = (CK_ULONG)nssUTF8_Length(password, &nssrv);
if (nssrv != PR_SUCCESS) {
break;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_Login(session->handle, userType,
(CK_CHAR_PTR)password, pwLen);
nssSession_ExitMonitor(session);
switch (ckrv) {
case CKR_OK:
case CKR_USER_ALREADY_LOGGED_IN:
slot->authInfo.lastLogin = PR_Now();
nssrv = PR_SUCCESS;
keepTrying = PR_FALSE;
break;
case CKR_PIN_INCORRECT:
nss_SetError(NSS_ERROR_INVALID_PASSWORD);
keepTrying = PR_TRUE; /* received bad pw, keep going */
break;
default:
nssrv = PR_FAILURE;
keepTrying = PR_FALSE;
break;
}
nss_ZFreeIf(password);
password = NULL;
++attempts;
}
return nssrv;
}
static PRStatus
init_slot_password (
NSSSlot *slot,
nssSession *rwSession,
NSSUTF8 *password
)
{
PRStatus status;
NSSUTF8 *ssoPW = "";
CK_ULONG userPWLen, ssoPWLen;
CK_RV ckrv;
void *epv = nssModule_GetCryptokiEPV(slot->module);
/* Get the SO and user passwords */
userPWLen = (CK_ULONG)nssUTF8_Length(password, &status);
if (status != PR_SUCCESS) {
goto loser;
}
ssoPWLen = (CK_ULONG)nssUTF8_Length(ssoPW, &status);
if (status != PR_SUCCESS) {
goto loser;
}
/* First log in as SO */
ckrv = CKAPI(epv)->C_Login(rwSession->handle, CKU_SO,
(CK_CHAR_PTR)ssoPW, ssoPWLen);
if (ckrv != CKR_OK) {
/* set error ...SO_LOGIN_FAILED */
goto loser;
}
/* Now change the user PIN */
ckrv = CKAPI(epv)->C_InitPIN(rwSession->handle,
(CK_CHAR_PTR)password, userPWLen);
if (ckrv != CKR_OK) {
/* set error */
goto loser;
}
return PR_SUCCESS;
loser:
return PR_FAILURE;
}
static PRStatus
change_slot_password (
NSSSlot *slot,
nssSession *rwSession,
NSSUTF8 *oldPassword,
NSSUTF8 *newPassword
)
{
PRStatus status;
CK_ULONG userPWLen, newPWLen;
CK_RV ckrv;
void *epv = nssModule_GetCryptokiEPV(slot->module);
userPWLen = (CK_ULONG)nssUTF8_Length(oldPassword, &status);
if (status != PR_SUCCESS) {
return status;
}
newPWLen = (CK_ULONG)nssUTF8_Length(newPassword, &status);
if (status != PR_SUCCESS) {
return status;
}
nssSession_EnterMonitor(rwSession);
ckrv = CKAPI(epv)->C_SetPIN(rwSession->handle,
(CK_CHAR_PTR)oldPassword, userPWLen,
(CK_CHAR_PTR)newPassword, newPWLen);
nssSession_ExitMonitor(rwSession);
switch (ckrv) {
case CKR_OK:
slot->authInfo.lastLogin = PR_Now();
status = PR_SUCCESS;
break;
case CKR_PIN_INCORRECT:
nss_SetError(NSS_ERROR_INVALID_PASSWORD);
status = PR_FAILURE;
break;
default:
status = PR_FAILURE;
break;
}
return status;
}
NSS_IMPLEMENT PRStatus
nssSlot_Login (
NSSSlot *slot,
NSSCallback *pwcb
)
{
PRStatus status;
CK_USER_TYPE userType = CKU_USER;
NSSToken *token = nssSlot_GetToken(slot);
nssSession *session;
if (!token) {
return PR_FAILURE;
}
if (!nssToken_IsLoginRequired(token)) {
nssToken_Destroy(token);
return PR_SUCCESS;
}
session = nssToken_GetDefaultSession(slot->token);
if (nssToken_NeedsPINInitialization(token)) {
NSSUTF8 *password = NULL;
if (!pwcb->getInitPW) {
nssToken_Destroy(token);
return PR_FAILURE; /* don't know how to get initial password */
}
status = (*pwcb->getInitPW)(slot->base.name, pwcb->arg, &password);
if (status == PR_SUCCESS) {
session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
status = init_slot_password(slot, session, password);
nssSession_Destroy(session);
}
} else if (slot_needs_login(slot, session)) {
status = slot_login(slot, session, userType, pwcb);
} else {
status = PR_SUCCESS;
}
nssToken_Destroy(token);
return status;
}
NSS_IMPLEMENT PRStatus
nssSlot_Logout (
NSSSlot *slot,
nssSession *sessionOpt
)
{
PRStatus nssrv = PR_SUCCESS;
nssSession *session;
CK_RV ckrv;
void *epv = nssModule_GetCryptokiEPV(slot->module);
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(slot->token);
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_Logout(session->handle);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
/* translate the error */
nssrv = PR_FAILURE;
}
return nssrv;
}
NSS_IMPLEMENT PRBool
nssSlot_IsLoggedIn (
NSSSlot *slot
)
{
nssSession *session = nssToken_GetDefaultSession(slot->token);
return !slot_needs_login(slot, session);
}
NSS_IMPLEMENT void
nssSlot_SetPasswordDefaults (
NSSSlot *slot,
PRInt32 askPasswordTimeout
)
{
slot->authInfo.askPasswordTimeout = askPasswordTimeout;
}
NSS_IMPLEMENT PRStatus
nssSlot_SetPassword (
NSSSlot *slot,
NSSUTF8 *oldPasswordOpt,
NSSUTF8 *newPassword
)
{
PRStatus status;
nssSession *rwSession;
NSSToken *token = nssSlot_GetToken(slot);
if (!token) {
return PR_FAILURE;
}
rwSession = nssSlot_CreateSession(slot, NULL, PR_TRUE);
if (nssToken_NeedsPINInitialization(token)) {
status = init_slot_password(slot, rwSession, newPassword);
} else if (oldPasswordOpt) {
status = change_slot_password(slot, rwSession,
oldPasswordOpt, newPassword);
} else {
/* old password must be given in order to change */
status = PR_FAILURE;
}
nssSession_Destroy(rwSession);
nssToken_Destroy(token);
return status;
}
NSS_IMPLEMENT nssSession *
nssSlot_CreateSession (
NSSSlot *slot,
NSSArena *arenaOpt,
PRBool readWrite /* so far, this is the only flag used */
)
{
CK_RV ckrv;
CK_FLAGS ckflags;
CK_SESSION_HANDLE handle;
void *epv = nssModule_GetCryptokiEPV(slot->module);
nssSession *rvSession;
ckflags = s_ck_readonly_flags;
if (readWrite) {
ckflags |= CKF_RW_SESSION;
}
ckrv = CKAPI(epv)->C_OpenSession(slot->slotID, ckflags,
slot, nss_ck_slot_notify, &handle);
if (ckrv != CKR_OK) {
/* set an error here, eh? */
return (nssSession *)NULL;
}
rvSession = nss_ZNEW(arenaOpt, nssSession);
if (!rvSession) {
return (nssSession *)NULL;
}
if (nssModule_IsThreadSafe(slot->module)) {
/* If the parent module is threadsafe,
* create lock to protect just this session.
*/
rvSession->lock = PZ_NewLock(nssILockOther);
if (!rvSession->lock) {
/* need to translate NSPR error? */
if (arenaOpt) {
} else {
nss_ZFreeIf(rvSession);
}
return (nssSession *)NULL;
}
rvSession->ownLock = PR_TRUE;
} else {
rvSession->lock = slot->lock;
rvSession->ownLock = PR_FALSE;
}
rvSession->handle = handle;
rvSession->slot = slot;
rvSession->isRW = readWrite;
return rvSession;
}
NSS_IMPLEMENT PRStatus
nssSession_Destroy (
nssSession *s
)
{
CK_RV ckrv = CKR_OK;
if (s) {
void *epv = s->slot->epv;
ckrv = CKAPI(epv)->C_CloseSession(s->handle);
if (s->ownLock && s->lock) {
PZ_DestroyLock(s->lock);
}
nss_ZFreeIf(s);
}
return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
}
#endif /* PURE_STAN_BUILD */
NSS_IMPLEMENT PRStatus
nssSession_EnterMonitor (
nssSession *s

8
mozilla/security/nss/lib/dev/devt.h
View File

@ -38,7 +38,7 @@
#define DEVT_H
#ifdef DEBUG
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.22 $ $Date: 2005-01-20 02:25:47 $";
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.23 $ $Date: 2007-11-16 05:29:25 $";
#endif /* DEBUG */
/*
@ -67,9 +67,7 @@ static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.22 $ $
#include "baset.h"
#endif /* BASET_H */
#ifdef NSS_3_4_CODE
#include "secmodt.h"
#endif /* NSS_3_4_CODE */
PR_BEGIN_EXTERN_C
@ -99,9 +97,7 @@ struct NSSTokenStr
NSSTrustDomain *trustDomain;
PRIntervalTime lastTime;
nssTokenObjectCache *cache;
#ifdef NSS_3_4_CODE
PK11SlotInfo *pk11slot;
#endif
};
typedef enum {
@ -128,10 +124,8 @@ struct NSSSlotStr
struct nssSlotAuthInfoStr authInfo;
PRIntervalTime lastTokenPing;
PZLock *lock;
#ifdef NSS_3_4_CODE
void *epv;
PK11SlotInfo *pk11slot;
#endif
};
struct nssSessionStr

118
mozilla/security/nss/lib/dev/devtoken.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.41 $ $Date: 2007-08-09 22:36:17 $";
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.42 $ $Date: 2007-11-16 05:29:25 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -50,11 +50,9 @@ static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.41 $ $D
#include "ckhelper.h"
#endif /* CKHELPER_H */
#ifdef NSS_3_4_CODE
#include "pk11func.h"
#include "dev3hack.h"
#include "secerr.h"
#endif
extern const NSSError NSS_ERROR_NOT_FOUND;
extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
@ -63,96 +61,6 @@ extern const NSSError NSS_ERROR_PKCS11;
/* The number of object handles to grab during each call to C_FindObjects */
#define OBJECT_STACK_SIZE 16
#ifdef PURE_STAN_BUILD
struct NSSTokenStr
{
struct nssDeviceBaseStr base;
NSSSlot *slot; /* Peer */
CK_FLAGS ckFlags; /* from CK_TOKEN_INFO.flags */
nssSession *defaultSession;
nssTokenObjectCache *cache;
};
NSS_IMPLEMENT NSSToken *
nssToken_Create (
CK_SLOT_ID slotID,
NSSSlot *peer
)
{
NSSArena *arena;
NSSToken *rvToken;
nssSession *session = NULL;
NSSUTF8 *tokenName = NULL;
PRUint32 length;
PRBool readWrite;
CK_TOKEN_INFO tokenInfo;
CK_RV ckrv;
void *epv = nssSlot_GetCryptokiEPV(peer);
arena = NSSArena_Create();
if(!arena) {
return (NSSToken *)NULL;
}
rvToken = nss_ZNEW(arena, NSSToken);
if (!rvToken) {
goto loser;
}
/* Get token information */
ckrv = CKAPI(epv)->C_GetTokenInfo(slotID, &tokenInfo);
if (ckrv != CKR_OK) {
/* use the error stack to pass the PKCS #11 error out */
nss_SetError(ckrv);
nss_SetError(NSS_ERROR_PKCS11);
goto loser;
}
/* Grab the slot description from the PKCS#11 fixed-length buffer */
length = nssPKCS11String_Length(tokenInfo.label, sizeof(tokenInfo.label));
if (length > 0) {
tokenName = nssUTF8_Create(arena, nssStringType_UTF8String,
(void *)tokenInfo.label, length);
if (!tokenName) {
goto loser;
}
}
/* Open a default session handle for the token. */
if (tokenInfo.ulMaxSessionCount == 1) {
/* if the token can only handle one session, it must be RW. */
readWrite = PR_TRUE;
} else {
readWrite = PR_FALSE;
}
session = nssSlot_CreateSession(peer, arena, readWrite);
if (session == NULL) {
goto loser;
}
/* TODO: seed the RNG here */
rvToken->base.arena = arena;
rvToken->base.refCount = 1;
rvToken->base.name = tokenName;
rvToken->base.lock = PZ_NewLock(nssNSSILockOther); /* XXX */
if (!rvToken->base.lock) {
goto loser;
}
rvToken->slot = peer; /* slot owns ref to token */
rvToken->ckFlags = tokenInfo.flags;
rvToken->defaultSession = session;
if (nssSlot_IsHardware(peer)) {
rvToken->cache = nssTokenObjectCache_Create(rvToken,
PR_TRUE, PR_TRUE, PR_TRUE);
if (!rvToken->cache) {
nssSlot_Destroy(peer);
goto loser;
}
}
return rvToken;
loser:
if (session) {
nssSession_Destroy(session);
}
nssArena_Destroy(arena);
return (NSSToken *)NULL;
}
#endif /* PURE_STAN_BUILD */
NSS_IMPLEMENT PRStatus
nssToken_Destroy (
NSSToken *tok
@ -201,16 +109,6 @@ nssToken_GetSlot (
return nssSlot_AddRef(tok->slot);
}
#ifdef PURE_STAN_BUILD
NSS_IMPLEMENT NSSModule *
nssToken_GetModule (
NSSToken *token
)
{
return nssSlot_GetModule(token->slot);
}
#endif
NSS_IMPLEMENT void *
nssToken_GetCryptokiEPV (
NSSToken *token
@ -528,9 +426,7 @@ find_objects_by_template (
}
PR_ASSERT(i < otsize);
if (i == otsize) {
#ifdef NSS_3_4_CODE
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
#endif
if (statusOpt) *statusOpt = PR_FAILURE;
return NULL;
}
@ -1118,17 +1014,11 @@ static void
sha1_hash(NSSItem *input, NSSItem *output)
{
NSSAlgorithmAndParameters *ap;
#ifdef NSS_3_4_CODE
PK11SlotInfo *internal = PK11_GetInternalSlot();
NSSToken *token = PK11Slot_GetNSSToken(internal);
#else
NSSToken *token = nss_GetDefaultCryptoToken();
#endif
ap = NSSAlgorithmAndParameters_CreateSHA1Digest(NULL);
(void)nssToken_Digest(token, NULL, ap, input, output, NULL);
#ifdef NSS_3_4_CODE
PK11_FreeSlot(token->pk11slot);
#endif
nss_ZFreeIf(ap);
}
@ -1136,17 +1026,11 @@ static void
md5_hash(NSSItem *input, NSSItem *output)
{
NSSAlgorithmAndParameters *ap;
#ifdef NSS_3_4_CODE
PK11SlotInfo *internal = PK11_GetInternalSlot();
NSSToken *token = PK11Slot_GetNSSToken(internal);
#else
NSSToken *token = nss_GetDefaultCryptoToken();
#endif
ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL);
(void)nssToken_Digest(token, NULL, ap, input, output, NULL);
#ifdef NSS_3_4_CODE
PK11_FreeSlot(token->pk11slot);
#endif
nss_ZFreeIf(ap);
}

310
mozilla/security/nss/lib/dev/devutil.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.28 $ $Date: 2006-10-31 00:21:24 $";
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.29 $ $Date: 2007-11-16 05:29:25 $";
#endif /* DEBUG */
#ifndef DEVM_H
@ -158,22 +158,6 @@ nssSlotArray_Clone (
return rvSlots;
}
#ifdef PURE_STAN_BUILD
NSS_IMPLEMENT void
nssModuleArray_Destroy (
NSSModule **modules
)
{
if (modules) {
NSSModule **mp;
for (mp = modules; *mp; mp++) {
nssModule_Destroy(*mp);
}
nss_ZFreeIf(modules);
}
}
#endif
NSS_IMPLEMENT void
nssSlotArray_Destroy (
NSSSlot **slots
@ -232,298 +216,6 @@ nssCryptokiObjectArray_Destroy (
}
}
#ifdef PURE_STAN_BUILD
/*
* Slot lists
*/
struct nssSlotListNodeStr
{
PRCList link;
NSSSlot *slot;
PRUint32 order;
};
/* XXX separate slots with non-present tokens? */
struct nssSlotListStr
{
NSSArena *arena;
PRBool i_allocated_arena;
PZLock *lock;
PRCList head;
PRUint32 count;
};
NSS_IMPLEMENT nssSlotList *
nssSlotList_Create (
NSSArena *arenaOpt
)
{
nssSlotList *rvList;
NSSArena *arena;
nssArenaMark *mark;
if (arenaOpt) {
arena = arenaOpt;
mark = nssArena_Mark(arena);
if (!mark) {
return (nssSlotList *)NULL;
}
} else {
arena = nssArena_Create();
if (!arena) {
return (nssSlotList *)NULL;
}
}
rvList = nss_ZNEW(arena, nssSlotList);
if (!rvList) {
goto loser;
}
rvList->lock = PZ_NewLock(nssILockOther); /* XXX */
if (!rvList->lock) {
goto loser;
}
PR_INIT_CLIST(&rvList->head);
rvList->arena = arena;
rvList->i_allocated_arena = (arenaOpt == NULL);
nssArena_Unmark(arena, mark);
return rvList;
loser:
if (arenaOpt) {
nssArena_Release(arena, mark);
} else {
nssArena_Destroy(arena);
}
return (nssSlotList *)NULL;
}
NSS_IMPLEMENT void
nssSlotList_Destroy (
nssSlotList *slotList
)
{
PRCList *link;
struct nssSlotListNodeStr *node;
if (slotList) {
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
node = (struct nssSlotListNodeStr *)link;
nssSlot_Destroy(node->slot);
link = PR_NEXT_LINK(link);
}
if (slotList->i_allocated_arena) {
nssArena_Destroy(slotList->arena);
}
}
}
/* XXX should do allocs outside of lock */
NSS_IMPLEMENT PRStatus
nssSlotList_Add (
nssSlotList *slotList,
NSSSlot *slot,
PRUint32 order
)
{
PRCList *link;
struct nssSlotListNodeStr *node;
PZ_Lock(slotList->lock);
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
node = (struct nssSlotListNodeStr *)link;
if (order < node->order) {
break;
}
link = PR_NEXT_LINK(link);
}
node = nss_ZNEW(slotList->arena, struct nssSlotListNodeStr);
if (!node) {
return PR_FAILURE;
}
PR_INIT_CLIST(&node->link);
node->slot = nssSlot_AddRef(slot);
node->order = order;
PR_INSERT_AFTER(&node->link, link);
slotList->count++;
PZ_Unlock(slotList->lock);
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssSlotList_AddModuleSlots (
nssSlotList *slotList,
NSSModule *module,
PRUint32 order
)
{
nssArenaMark *mark = NULL;
NSSSlot **sp, **slots = NULL;
PRCList *link;
struct nssSlotListNodeStr *node;
PZ_Lock(slotList->lock);
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
node = (struct nssSlotListNodeStr *)link;
if (order < node->order) {
break;
}
link = PR_NEXT_LINK(link);
}
slots = nssModule_GetSlots(module);
if (!slots) {
PZ_Unlock(slotList->lock);
return PR_SUCCESS;
}
mark = nssArena_Mark(slotList->arena);
if (!mark) {
goto loser;
}
for (sp = slots; *sp; sp++) {
node = nss_ZNEW(slotList->arena, struct nssSlotListNodeStr);
if (!node) {
goto loser;
}
PR_INIT_CLIST(&node->link);
node->slot = *sp; /* have ref from nssModule_GetSlots */
node->order = order;
PR_INSERT_AFTER(&node->link, link);
slotList->count++;
}
PZ_Unlock(slotList->lock);
nssArena_Unmark(slotList->arena, mark);
return PR_SUCCESS;
loser:
PZ_Unlock(slotList->lock);
if (mark) {
nssArena_Release(slotList->arena, mark);
}
if (slots) {
nssSlotArray_Destroy(slots);
}
return PR_FAILURE;
}
NSS_IMPLEMENT NSSSlot **
nssSlotList_GetSlots (
nssSlotList *slotList
)
{
PRUint32 i;
PRCList *link;
struct nssSlotListNodeStr *node;
NSSSlot **rvSlots = NULL;
PZ_Lock(slotList->lock);
rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, slotList->count + 1);
if (!rvSlots) {
PZ_Unlock(slotList->lock);
return (NSSSlot **)NULL;
}
i = 0;
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
node = (struct nssSlotListNodeStr *)link;
rvSlots[i] = nssSlot_AddRef(node->slot);
link = PR_NEXT_LINK(link);
i++;
}
PZ_Unlock(slotList->lock);
return rvSlots;
}
#if 0
NSS_IMPLEMENT NSSSlot *
nssSlotList_GetBestSlotForAlgorithmAndParameters (
nssSlotList *slotList,
NSSAlgorithmAndParameters *ap
)
{
PRCList *link;
struct nssSlotListNodeStr *node;
NSSSlot *rvSlot = NULL;
PZ_Lock(slotList->lock);
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
node = (struct nssSlotListNodeStr *)link;
if (nssSlot_DoesAlgorithmAndParameters(ap)) {
rvSlot = nssSlot_AddRef(node->slot); /* XXX check isPresent? */
}
link = PR_NEXT_LINK(link);
}
PZ_Unlock(slotList->lock);
return rvSlot;
}
#endif
NSS_IMPLEMENT NSSSlot *
nssSlotList_GetBestSlot (
nssSlotList *slotList
)
{
PRCList *link;
struct nssSlotListNodeStr *node;
NSSSlot *rvSlot = NULL;
PZ_Lock(slotList->lock);
if (PR_CLIST_IS_EMPTY(&slotList->head)) {
PZ_Unlock(slotList->lock);
return (NSSSlot *)NULL;
}
link = PR_NEXT_LINK(&slotList->head);
node = (struct nssSlotListNodeStr *)link;
rvSlot = nssSlot_AddRef(node->slot); /* XXX check isPresent? */
PZ_Unlock(slotList->lock);
return rvSlot;
}
NSS_IMPLEMENT NSSSlot *
nssSlotList_FindSlotByName (
nssSlotList *slotList,
NSSUTF8 *slotName
)
{
PRCList *link;
struct nssSlotListNodeStr *node;
NSSSlot *rvSlot = NULL;
PZ_Lock(slotList->lock);
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
NSSUTF8 *sName;
node = (struct nssSlotListNodeStr *)link;
sName = nssSlot_GetName(node->slot);
if (nssUTF8_Equal(sName, slotName, NULL)) {
rvSlot = nssSlot_AddRef(node->slot);
break;
}
link = PR_NEXT_LINK(link);
}
PZ_Unlock(slotList->lock);
return rvSlot;
}
NSS_IMPLEMENT NSSToken *
nssSlotList_FindTokenByName (
nssSlotList *slotList,
NSSUTF8 *tokenName
)
{
PRCList *link;
struct nssSlotListNodeStr *node;
NSSToken *rvToken = NULL;
PZ_Lock(slotList->lock);
link = PR_NEXT_LINK(&slotList->head);
while (link != &slotList->head) {
NSSUTF8 *tName;
node = (struct nssSlotListNodeStr *)link;
tName = nssSlot_GetTokenName(node->slot);
if (nssUTF8_Equal(tName, tokenName, NULL)) {
rvToken = nssSlot_GetToken(node->slot);
break;
}
link = PR_NEXT_LINK(link);
}
PZ_Unlock(slotList->lock);
return rvToken;
}
#endif /* PURE_STAN_BUILD */
/* object cache for token */
typedef struct

11
mozilla/security/nss/lib/dev/manifest.mn
View File

@ -34,12 +34,14 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.12 $ $Date: 2007-08-15 15:29:54 $"
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.13 $ $Date: 2007-11-16 05:29:25 $"
CORE_DEPTH = ../../..
PRIVATE_EXPORTS = \
ckhelper.h \
devm.h \
devtm.h \
devt.h \
dev.h \
nssdevt.h \
@ -52,19 +54,12 @@ EXPORTS = \
MODULE = nss
CSRCS = \
devmod.c \
devslot.c \
devtoken.c \
devutil.c \
ckhelper.c \
$(NULL)
# here is where the 3.4 glue code is added
ifndef PURE_STAN_BUILD
DEFINES = -DNSS_3_4_CODE
PRIVATE_EXPORTS += devm.h devtm.h
endif
REQUIRES = nspr
LIBRARY_NAME = nssdev

5
mozilla/security/nss/lib/manifest.mn
View File

@ -60,11 +60,6 @@ DIRS = util freebl softoken \
# fortcrypt is no longer built
# NSS 4.0 build - pure stan libraries
ifdef PURE_STAN_BUILD
DIRS = base dev pki pki1
endif
#
# these dirs are not built at the moment
#

8
mozilla/security/nss/lib/pk11wrap/dev3hack.c
View File

@ -35,13 +35,9 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.22 $ $Date: 2006-10-09 22:14:04 $";
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.23 $ $Date: 2007-11-16 05:29:26 $";
#endif /* DEBUG */
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#ifndef PKIT_H
#include "pkit.h"
#endif /* PKIT_H */
@ -108,7 +104,7 @@ nssSlot_CreateSession
* 3. If the module is thread safe and we are using a new
* session, no higher-level lock has been locked and we
* would need a lock for the new session. However, the
* NSS_3_4_CODE usage of the session is that it is always
* current usage of the session is that it is always
* used and destroyed within the same function and never
* shared with another thread.
* So the session is either already protected by another

3
mozilla/security/nss/lib/pk11wrap/pk11cert.c
View File

@ -57,9 +57,6 @@
#include "secerr.h"
#include "sslerr.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#include "pki3hack.h"
#include "dev3hack.h"

3
mozilla/security/nss/lib/pk11wrap/pk11nobj.c
View File

@ -55,9 +55,6 @@
#include "secerr.h"
#include "sslerr.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#include "pki3hack.h"
#include "dev3hack.h"

3
mozilla/security/nss/lib/pk11wrap/secmodti.h
View File

@ -47,9 +47,6 @@
#include "secmodt.h"
#include "pkcs11t.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#include "nssdevt.h"
/* internal data structures */

22
mozilla/security/nss/lib/pki/certdecode.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certdecode.c,v $ $Revision: 1.16 $ $Date: 2005-01-20 02:25:48 $";
static const char CVS_ID[] = "@(#) $RCSfile: certdecode.c,v $ $Revision: 1.17 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef PKIT_H
@ -46,7 +46,6 @@ static const char CVS_ID[] = "@(#) $RCSfile: certdecode.c,v $ $Revision: 1.16 $
#include "pkim.h"
#endif /* PKIM_H */
#ifdef NSS_3_4_CODE
/* This is defined in pki3hack.c */
NSS_EXTERN nssDecodedCert *
nssDecodedPKIXCertificate_Create (
@ -58,25 +57,6 @@ NSS_IMPLEMENT PRStatus
nssDecodedPKIXCertificate_Destroy (
nssDecodedCert *dc
);
#else /* NSS_4_0_CODE */
/* This is where 4.0 PKIX code will handle the decoding */
static nssDecodedCert *
nssDecodedPKIXCertificate_Create (
NSSArena *arenaOpt,
NSSDER *encoding
)
{
return (nssDecodedCert *)NULL;
}
static PRStatus
nssDecodedPKIXCertificate_Destroy (
nssDecodedCert *dc
)
{
return PR_FAILURE;
}
#endif /* not NSS_3_4_CODE */
NSS_IMPLEMENT nssDecodedCert *
nssDecodedCert_Create (

12
mozilla/security/nss/lib/pki/certificate.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.62 $ $Date: 2007-01-05 00:25:05 $";
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.63 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef NSSPKI_H
@ -56,11 +56,9 @@ static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.62 $
#include "pkistore.h"
#ifdef NSS_3_4_CODE
#include "pki3hack.h"
#include "pk11func.h"
#include "hasht.h"
#endif
#ifndef BASE_H
#include "base.h"
@ -497,22 +495,15 @@ nssCertificate_BuildChain (
(!td && (td = NSSCertificate_GetTrustDomain(c)) == NULL)) {
goto loser;
}
#ifdef NSS_3_4_CODE
/* bump the usage up to CA level */
issuerUsage.nss3lookingForCA = PR_TRUE;
#endif
collection = nssCertificateCollection_Create(td, NULL);
if (!collection)
goto loser;
st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
if (st != PR_SUCCESS)
goto loser;
/* XXX This breaks code for which NSS_3_4_CODE is not defined (pure
* 4.0 builds). That won't affect the tip. But be careful
* when merging 4.0!!!
*/
for (rvCount = 1; (!rvLimit || rvCount < rvLimit); ++rvCount) {
#ifdef NSS_3_4_CODE
CERTCertificate *cCert = STAN_GetCERTCertificate(c);
if (cCert->isRoot) {
/* not including the issuer of the self-signed cert, which is,
@ -520,7 +511,6 @@ nssCertificate_BuildChain (
*/
break;
}
#endif
c = find_cert_issuer(c, timeOpt, &issuerUsage, policiesOpt, td, cc);
if (!c) {
ret = PR_FAILURE;

14
mozilla/security/nss/lib/pki/cryptocontext.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: cryptocontext.c,v $ $Revision: 1.17 $ $Date: 2007-07-11 04:47:42 $";
static const char CVS_ID[] = "@(#) $RCSfile: cryptocontext.c,v $ $Revision: 1.18 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef DEV_H
@ -52,18 +52,6 @@ static const char CVS_ID[] = "@(#) $RCSfile: cryptocontext.c,v $ $Revision: 1.17
#include "pki1t.h"
#ifdef PURE_STAN_BUILD
struct NSSCryptoContextStr
{
PRInt32 refCount;
NSSArena *arena;
NSSTrustDomain *td;
NSSToken *token;
nssSession *session;
nssCertificateStore *certStore;
};
#endif
extern const NSSError NSS_ERROR_NOT_FOUND;
extern const NSSError NSS_ERROR_INVALID_ARGUMENT;

14
mozilla/security/nss/lib/pki/manifest.mn
View File

@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.15 $ $Date: 2007-08-15 15:30:01 $"
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.16 $ $Date: 2007-11-16 05:29:27 $"
CORE_DEPTH = ../../..
@ -43,6 +43,10 @@ PRIVATE_EXPORTS = \
pkit.h \
nsspkit.h \
nsspki.h \
pkistore.h \
pki3hack.h \
pkitm.h \
pkim.h \
$(NULL)
EXPORTS = \
@ -60,14 +64,10 @@ CSRCS = \
certdecode.c \
pkistore.c \
pkibase.c \
pki3hack.c \
$(NULL)
ifndef PURE_STAN_BUILD
CSRCS += pki3hack.c
PRIVATE_EXPORTS += pkistore.h pki3hack.h pkitm.h pkim.h
#DEFINES = -DNSS_3_4_CODE -DDEBUG_CACHE
DEFINES = -DNSS_3_4_CODE
endif
#DEFINES = -DDEBUG_CACHE
REQUIRES = nspr

262
mozilla/security/nss/lib/pki/pkibase.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.27 $ $Date: 2007-01-05 00:25:05 $";
static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.28 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef DEV_H
@ -46,9 +46,7 @@ static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.27 $ $Da
#include "pkim.h"
#endif /* PKIM_H */
#ifdef NSS_3_4_CODE
#include "pki3hack.h"
#endif
extern const NSSError NSS_ERROR_NOT_FOUND;
@ -312,35 +310,11 @@ nssPKIObject_DeleteStoredObject (
{
PRUint32 i, numNotDestroyed;
PRStatus status = PR_SUCCESS;
#ifndef NSS_3_4_CODE
NSSTrustDomain *td = object->trustDomain;
NSSCallback *pwcb = uhh ? /* is this optional? */
uhh :
nssTrustDomain_GetDefaultCallback(td, NULL);
#endif
numNotDestroyed = 0;
nssPKIObject_Lock(object);
for (i=0; i<object->numInstances; i++) {
nssCryptokiObject *instance = object->instances[i];
#ifndef NSS_3_4_CODE
NSSSlot *slot = nssToken_GetSlot(instance->token);
/* If both the operation and the slot are friendly, login is
* not required. If either or both are not friendly, it is
* required.
*/
if (!(isFriendly && nssSlot_IsFriendly(slot))) {
status = nssSlot_Login(slot, pwcb);
nssSlot_Destroy(slot);
if (status == PR_SUCCESS) {
/* XXX this should be fixed to understand read-only tokens,
* for now, to handle the builtins, just make the attempt.
*/
status = nssToken_DeleteStoredObject(instance);
}
}
#else
status = nssToken_DeleteStoredObject(instance);
#endif
object->instances[i] = NULL;
if (status == PR_SUCCESS) {
nssCryptokiObject_Destroy(instance);
@ -402,7 +376,6 @@ nssPKIObject_GetNicknameForToken (
return nickname;
}
#ifdef NSS_3_4_CODE
NSS_IMPLEMENT nssCryptokiObject **
nssPKIObject_GetInstances (
nssPKIObject *object
@ -424,7 +397,6 @@ nssPKIObject_GetInstances (
nssPKIObject_Unlock(object);
return instances;
}
#endif
NSS_IMPLEMENT void
nssCertificateArray_Destroy (
@ -434,7 +406,6 @@ nssCertificateArray_Destroy (
if (certs) {
NSSCertificate **certp;
for (certp = certs; *certp; certp++) {
#ifdef NSS_3_4_CODE
if ((*certp)->decoding) {
CERTCertificate *cc = STAN_GetCERTCertificate(*certp);
if (cc) {
@ -442,7 +413,6 @@ nssCertificateArray_Destroy (
}
continue;
}
#endif
nssCertificate_Destroy(*certp);
}
nss_ZFreeIf(certs);
@ -1005,7 +975,6 @@ nssPKIObjectCollection_AddInstanceAsObject (
}
node->haveObject = PR_TRUE;
}
#ifdef NSS_3_4_CODE
else if (!foundIt) {
/* The instance was added to a pre-existing node. This
* function is *only* being used for certificates, and having
@ -1017,7 +986,6 @@ nssPKIObjectCollection_AddInstanceAsObject (
*/
STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object);
}
#endif
return PR_SUCCESS;
}
@ -1029,7 +997,6 @@ static void
cert_destroyObject(nssPKIObject *o)
{
NSSCertificate *c = (NSSCertificate *)o;
#ifdef NSS_3_4_CODE
if (c->decoding) {
CERTCertificate *cc = STAN_GetCERTCertificate(c);
if (cc) {
@ -1037,7 +1004,6 @@ cert_destroyObject(nssPKIObject *o)
return;
} /* else destroy it as NSSCertificate below */
}
#endif
nssCertificate_Destroy(c);
}
@ -1045,7 +1011,6 @@ static PRStatus
cert_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
{
NSSCertificate *c = (NSSCertificate *)o;
#ifdef NSS_3_4_CODE
/* The builtins are still returning decoded serial numbers. Until
* this compatibility issue is resolved, use the full DER of the
* cert to uniquely identify it.
@ -1057,13 +1022,6 @@ cert_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
if (derCert != NULL) {
uid[0] = *derCert;
}
#else
NSSDER *issuer, *serial;
issuer = nssCertificate_GetIssuer(c);
serial = nssCertificate_GetSerialNumber(c);
uid[0] = *issuer;
uid[1] = *serial;
#endif /* NSS_3_4_CODE */
return PR_SUCCESS;
}
@ -1071,7 +1029,6 @@ static PRStatus
cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
NSSArena *arena)
{
#ifdef NSS_3_4_CODE
/* The builtins are still returning decoded serial numbers. Until
* this compatibility issue is resolved, use the full DER of the
* cert to uniquely identify it.
@ -1086,17 +1043,6 @@ cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
NULL, /* issuer */
NULL, /* serial */
NULL); /* subject */
#else
return nssCryptokiCertificate_GetAttributes(instance,
NULL, /* XXX sessionOpt */
arena, /* arena */
NULL, /* type */
NULL, /* id */
NULL, /* encoding */
&uid[0], /* issuer */
&uid[1], /* serial */
NULL); /* subject */
#endif /* NSS_3_4_CODE */
}
static nssPKIObject *
@ -1104,7 +1050,6 @@ cert_createObject(nssPKIObject *o)
{
NSSCertificate *cert;
cert = nssCertificate_Create(o);
#ifdef NSS_3_4_CODE
/* if (STAN_GetCERTCertificate(cert) == NULL) {
nssCertificate_Destroy(cert);
return (nssPKIObject *)NULL;
@ -1117,7 +1062,6 @@ cert_createObject(nssPKIObject *o)
NSSTrustDomain *td = o->trustDomain;
nssTrustDomain_AddCertsToCache(td, &cert, 1);
}
#endif
return (nssPKIObject *)cert;
}
@ -1289,210 +1233,6 @@ nssPKIObjectCollection_GetCRLs (
return rvOpt;
}
#ifdef PURE_STAN_BUILD
/*
* PrivateKey collections
*/
static void
privkey_destroyObject(nssPKIObject *o)
{
NSSPrivateKey *pvk = (NSSPrivateKey *)o;
nssPrivateKey_Destroy(pvk);
}
static PRStatus
privkey_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
{
NSSPrivateKey *pvk = (NSSPrivateKey *)o;
NSSItem *id;
id = nssPrivateKey_GetID(pvk);
uid[0] = *id;
return PR_SUCCESS;
}
static PRStatus
privkey_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
NSSArena *arena)
{
return nssCryptokiPrivateKey_GetAttributes(instance,
NULL, /* XXX sessionOpt */
arena,
NULL, /* type */
&uid[0]);
}
static nssPKIObject *
privkey_createObject(nssPKIObject *o)
{
NSSPrivateKey *pvk;
pvk = nssPrivateKey_Create(o);
return (nssPKIObject *)pvk;
}
NSS_IMPLEMENT nssPKIObjectCollection *
nssPrivateKeyCollection_Create (
NSSTrustDomain *td,
NSSPrivateKey **pvkOpt
)
{
PRStatus status;
nssPKIObjectCollection *collection;
collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
collection->objectType = pkiObjectType_PrivateKey;
collection->destroyObject = privkey_destroyObject;
collection->getUIDFromObject = privkey_getUIDFromObject;
collection->getUIDFromInstance = privkey_getUIDFromInstance;
collection->createObject = privkey_createObject;
if (pvkOpt) {
for (; *pvkOpt; pvkOpt++) {
nssPKIObject *o = (nssPKIObject *)(*pvkOpt);
status = nssPKIObjectCollection_AddObject(collection, o);
}
}
return collection;
}
NSS_IMPLEMENT NSSPrivateKey **
nssPKIObjectCollection_GetPrivateKeys (
nssPKIObjectCollection *collection,
NSSPrivateKey **rvOpt,
PRUint32 maximumOpt,
NSSArena *arenaOpt
)
{
PRStatus status;
PRUint32 rvSize;
PRBool allocated = PR_FALSE;
if (collection->size == 0) {
return (NSSPrivateKey **)NULL;
}
if (maximumOpt == 0) {
rvSize = collection->size;
} else {
rvSize = PR_MIN(collection->size, maximumOpt);
}
if (!rvOpt) {
rvOpt = nss_ZNEWARRAY(arenaOpt, NSSPrivateKey *, rvSize + 1);
if (!rvOpt) {
return (NSSPrivateKey **)NULL;
}
allocated = PR_TRUE;
}
status = nssPKIObjectCollection_GetObjects(collection,
(nssPKIObject **)rvOpt,
rvSize);
if (status != PR_SUCCESS) {
if (allocated) {
nss_ZFreeIf(rvOpt);
}
return (NSSPrivateKey **)NULL;
}
return rvOpt;
}
/*
* PublicKey collections
*/
static void
pubkey_destroyObject(nssPKIObject *o)
{
NSSPublicKey *pubk = (NSSPublicKey *)o;
nssPublicKey_Destroy(pubk);
}
static PRStatus
pubkey_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
{
NSSPublicKey *pubk = (NSSPublicKey *)o;
NSSItem *id;
id = nssPublicKey_GetID(pubk);
uid[0] = *id;
return PR_SUCCESS;
}
static PRStatus
pubkey_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
NSSArena *arena)
{
return nssCryptokiPublicKey_GetAttributes(instance,
NULL, /* XXX sessionOpt */
arena,
NULL, /* type */
&uid[0]);
}
static nssPKIObject *
pubkey_createObject(nssPKIObject *o)
{
NSSPublicKey *pubk;
pubk = nssPublicKey_Create(o);
return (nssPKIObject *)pubk;
}
NSS_IMPLEMENT nssPKIObjectCollection *
nssPublicKeyCollection_Create (
NSSTrustDomain *td,
NSSPublicKey **pubkOpt
)
{
PRStatus status;
nssPKIObjectCollection *collection;
collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
collection->objectType = pkiObjectType_PublicKey;
collection->destroyObject = pubkey_destroyObject;
collection->getUIDFromObject = pubkey_getUIDFromObject;
collection->getUIDFromInstance = pubkey_getUIDFromInstance;
collection->createObject = pubkey_createObject;
if (pubkOpt) {
for (; *pubkOpt; pubkOpt++) {
nssPKIObject *o = (nssPKIObject *)(*pubkOpt);
status = nssPKIObjectCollection_AddObject(collection, o);
}
}
return collection;
}
NSS_IMPLEMENT NSSPublicKey **
nssPKIObjectCollection_GetPublicKeys (
nssPKIObjectCollection *collection,
NSSPublicKey **rvOpt,
PRUint32 maximumOpt,
NSSArena *arenaOpt
)
{
PRStatus status;
PRUint32 rvSize;
PRBool allocated = PR_FALSE;
if (collection->size == 0) {
return (NSSPublicKey **)NULL;
}
if (maximumOpt == 0) {
rvSize = collection->size;
} else {
rvSize = PR_MIN(collection->size, maximumOpt);
}
if (!rvOpt) {
rvOpt = nss_ZNEWARRAY(arenaOpt, NSSPublicKey *, rvSize + 1);
if (!rvOpt) {
return (NSSPublicKey **)NULL;
}
allocated = PR_TRUE;
}
status = nssPKIObjectCollection_GetObjects(collection,
(nssPKIObject **)rvOpt,
rvSize);
if (status != PR_SUCCESS) {
if (allocated) {
nss_ZFreeIf(rvOpt);
}
return (NSSPublicKey **)NULL;
}
return rvOpt;
}
#endif /* PURE_STAN_BUILD */
/* how bad would it be to have a static now sitting around, updated whenever
* this was called? would avoid repeated allocs...
*/

4
mozilla/security/nss/lib/pki/pkim.h
View File

@ -38,7 +38,7 @@
#define PKIM_H
#ifdef DEBUG
static const char PKIM_CVS_ID[] = "@(#) $RCSfile: pkim.h,v $ $Revision: 1.29 $ $Date: 2007-07-11 04:47:42 $";
static const char PKIM_CVS_ID[] = "@(#) $RCSfile: pkim.h,v $ $Revision: 1.30 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef BASE_H
@ -186,13 +186,11 @@ nssPKIObject_DeleteStoredObject
PRBool isFriendly
);
#ifdef NSS_3_4_CODE
NSS_EXTERN nssCryptokiObject **
nssPKIObject_GetInstances
(
nssPKIObject *object
);
#endif
NSS_EXTERN NSSCertificate **
nssTrustDomain_FindCertificatesByID

10
mozilla/security/nss/lib/pki/pkistore.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.29 $ $Date: 2007-07-11 04:47:42 $";
static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.30 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef PKIM_H
@ -58,9 +58,7 @@ static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.29 $ $D
#include "pkistore.h"
#endif /* PKISTORE_H */
#ifdef NSS_3_4_CODE
#include "cert.h"
#endif
/*
* Certificate Store
@ -587,7 +585,6 @@ nssCertificateStore_FindCertificateByIssuerAndSerialNumber (
return rvCert;
}
#ifdef NSS_3_4_CODE
static PRStatus
issuer_and_serial_from_encoding (
NSSBER *encoding,
@ -614,7 +611,6 @@ issuer_and_serial_from_encoding (
serial->size = derSerial.len;
return PR_SUCCESS;
}
#endif
NSS_IMPLEMENT NSSCertificate *
nssCertificateStore_FindCertificateByEncodedCertificate (
@ -625,19 +621,15 @@ nssCertificateStore_FindCertificateByEncodedCertificate (
PRStatus nssrv = PR_FAILURE;
NSSDER issuer, serial;
NSSCertificate *rvCert = NULL;
#ifdef NSS_3_4_CODE
nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial);
#endif
if (nssrv != PR_SUCCESS) {
return NULL;
}
rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store,
&issuer,
&serial);
#ifdef NSS_3_4_CODE
PORT_Free(issuer.data);
PORT_Free(serial.data);
#endif
return rvCert;
}

6
mozilla/security/nss/lib/pki/pkit.h
View File

@ -38,7 +38,7 @@
#define PKIT_H
#ifdef DEBUG
static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.18 $ $Date: 2006-08-22 22:54:11 $";
static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.19 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
/*
@ -55,10 +55,8 @@ static const char PKIT_CVS_ID[] = "@(#) $RCSfile: pkit.h,v $ $Revision: 1.18 $ $
#include "baset.h"
#endif /* BASET_H */
#ifdef NSS_3_4_CODE
#include "certt.h"
#include "pkcs11t.h"
#endif /* NSS_3_4_CODE */
#ifndef NSSPKIT_H
#include "nsspkit.h"
@ -188,10 +186,8 @@ struct NSSTrustDomainStr {
nssListIterator *tokens;
nssTDCertificateCache *cache;
NSSRWLock *tokensLock;
#ifdef NSS_3_4_CODE
void *spkDigestInfo;
CERTStatusConfig *statusConfig;
#endif
};
struct NSSCryptoContextStr

4
mozilla/security/nss/lib/pki/pkitm.h
View File

@ -38,7 +38,7 @@
#define PKITM_H
#ifdef DEBUG
static const char PKITM_CVS_ID[] = "@(#) $RCSfile: pkitm.h,v $ $Revision: 1.14 $ $Date: 2005-06-28 17:55:29 $";
static const char PKITM_CVS_ID[] = "@(#) $RCSfile: pkitm.h,v $ $Revision: 1.15 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
/*
@ -99,10 +99,8 @@ struct nssDecodedCertStr {
struct NSSUsageStr {
PRBool anyUsage;
#ifdef NSS_3_4_CODE
SECCertUsage nss3usage;
PRBool nss3lookingForCA;
#endif
};
typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection;

10
mozilla/security/nss/lib/pki/tdcache.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.46 $ $Date: 2007-07-11 04:47:42 $";
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.47 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef PKIM_H
@ -62,11 +62,9 @@ static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.46 $ $Da
#include "base.h"
#endif /* BASE_H */
#ifdef NSS_3_4_CODE
#include "cert.h"
#include "dev.h"
#include "pki3hack.h"
#endif
#ifdef DEBUG_CACHE
static PRLogModuleInfo *s_log = NULL;
@ -1076,7 +1074,6 @@ nssTrustDomain_GetCertForIssuerAndSNFromCache (
return rvCert;
}
#ifdef NSS_3_4_CODE
static PRStatus
issuer_and_serial_from_encoding (
NSSBER *encoding,
@ -1102,7 +1099,6 @@ issuer_and_serial_from_encoding (
serial->size = derSerial.len;
return PR_SUCCESS;
}
#endif
/*
* Look for a specific cert in the cache
@ -1116,9 +1112,7 @@ nssTrustDomain_GetCertByDERFromCache (
PRStatus nssrv = PR_FAILURE;
NSSDER issuer, serial;
NSSCertificate *rvCert;
#ifdef NSS_3_4_CODE
nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial);
#endif
if (nssrv != PR_SUCCESS) {
return NULL;
}
@ -1127,10 +1121,8 @@ nssTrustDomain_GetCertByDERFromCache (
#endif
rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
&issuer, &serial);
#ifdef NSS_3_4_CODE
PORT_Free(issuer.data);
PORT_Free(serial.data);
#endif
return rvCert;
}

20
mozilla/security/nss/lib/pki/trustdomain.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.54 $ $Date: 2007-07-11 04:47:42 $";
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.55 $ $Date: 2007-11-16 05:29:27 $";
#endif /* DEBUG */
#ifndef DEV_H
@ -50,29 +50,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.54 $
#include "pki1t.h"
#endif /* PKI1T_H */
#ifdef NSS_3_4_CODE
#include "cert.h"
#include "pki3hack.h"
#endif
#include "nssrwlk.h"
#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
#ifdef PURE_STAN_BUILD
struct NSSTrustDomainStr {
PRInt32 refCount;
NSSArena *arena;
NSSCallback *defaultCallback;
struct {
nssSlotList *forCerts;
nssSlotList *forCiphers;
nssSlotList *forTrust;
} slots;
nssCertificateCache *cache;
};
#endif
extern const NSSError NSS_ERROR_NOT_FOUND;
typedef PRUint32 nssUpdateLevel;
@ -103,9 +87,7 @@ NSSTrustDomain_Create (
nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
rvTD->arena = arena;
rvTD->refCount = 1;
#ifdef NSS_3_4_CODE
rvTD->statusConfig = NULL;
#endif
return rvTD;
loser:
if (rvTD && rvTD->tokensLock) {