mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

1) Fix Solaris, AIX, HP, and Linux warnings. Several were potential real 

problems (mostly uninitialized variables in error cases).

2) Start separating softoken from the rest of NSS where appropriate (finish
separating out the key stuff, the cert stuff is coming).

3) Make the prototypes between the new functions consistant.
This commit is contained in:
relyea%netscape.com 2001-09-20 21:05:53 +00:00
Родитель e05fdd029a
Коммит 3a020389f9
17 изменённых файлов: 267 добавлений и 400 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

18
security/nss/lib/softoken/dbinit.c
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
# $Id: dbinit.c,v 1.3 2001/08/25 21:28:16 mcgreer%netscape.com Exp $
# $Id: dbinit.c,v 1.4 2001/09/20 21:05:48 relyea%netscape.com Exp $
*/
#include <ctype.h>
@ -41,7 +41,8 @@
#include "prprf.h"
#include "prmem.h"
#include "cert.h"
#include "key.h"
#include "keylow.h"
#include "keydbt.h"
#include "ssl.h"
#include "sslproto.h"
#include "secmod.h"
@ -51,18 +52,7 @@
#include "secrng.h"
#include "cdbhdl.h"
#include "pk11func.h"
#ifdef macintosh
#define PATH_SEPARATOR ":"
#define SECMOD_DB "Security Modules"
#define CERT_DB_FMT "%sCertificates%s"
#define KEY_DB_FMT "%sKey Database%s"
#else
#define PATH_SEPARATOR "/"
#define SECMOD_DB "secmod.db"
#define CERT_DB_FMT "%scert%s.db"
#define KEY_DB_FMT "%skey%s.db"
#endif
#include "pkcs11i.h"
static char *secmodname = NULL;

6
security/nss/lib/softoken/fipstest.c
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: fipstest.c,v 1.1 2000/03/31 19:25:43 relyea%netscape.com Exp $
* $Id: fipstest.c,v 1.2 2001/09/20 21:05:48 relyea%netscape.com Exp $
*/
#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
@ -797,8 +797,8 @@ pk11_fips_RSA_PowerUpSelfTest( void )
unsigned int rsa_bytes_signed;
SECStatus rsa_status;
SECKEYLowPublicKey low_public_key = { NULL, rsaKey, };
SECKEYLowPrivateKey low_private_key = { NULL, rsaKey, };
SECKEYLowPublicKey low_public_key = { NULL, lowRSAKey, };
SECKEYLowPrivateKey low_private_key = { NULL, lowRSAKey, };
PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
PRUint8 rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];

108
security/nss/lib/softoken/keydb.c
Просмотреть файл

@ -32,11 +32,12 @@
*
* Private Key Database code
*
* $Id: keydb.c,v 1.6 2001/09/06 23:23:42 relyea%netscape.com Exp $
* $Id: keydb.c,v 1.7 2001/09/20 21:05:48 relyea%netscape.com Exp $
*/
#include "keylow.h"
#include "keydbt.h"
#include "keytboth.h"
#include "seccomon.h"
#include "sechash.h"
#include "secder.h"
@ -83,16 +84,16 @@ const SEC_ASN1Template SECKEY_SetOfAttributeTemplate[] = {
const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SECKEYPrivateKeyInfo) },
0, NULL, sizeof(PrivateKeyInfo) },
{ SEC_ASN1_INTEGER,
offsetof(SECKEYPrivateKeyInfo,version) },
offsetof(PrivateKeyInfo,version) },
{ SEC_ASN1_INLINE,
offsetof(SECKEYPrivateKeyInfo,algorithm),
offsetof(PrivateKeyInfo,algorithm),
SECOID_AlgorithmIDTemplate },
{ SEC_ASN1_OCTET_STRING,
offsetof(SECKEYPrivateKeyInfo,privateKey) },
offsetof(PrivateKeyInfo,privateKey) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(SECKEYPrivateKeyInfo,attributes),
offsetof(PrivateKeyInfo,attributes),
SECKEY_SetOfAttributeTemplate },
{ 0 }
};
@ -103,12 +104,12 @@ const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[] = {
const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) },
0, NULL, sizeof(EncryptedPrivateKeyInfo) },
{ SEC_ASN1_INLINE,
offsetof(SECKEYEncryptedPrivateKeyInfo,algorithm),
offsetof(EncryptedPrivateKeyInfo,algorithm),
SECOID_AlgorithmIDTemplate },
{ SEC_ASN1_OCTET_STRING,
offsetof(SECKEYEncryptedPrivateKeyInfo,encryptedData) },
offsetof(EncryptedPrivateKeyInfo,encryptedData) },
{ 0 }
};
@ -116,6 +117,7 @@ const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[] = {
{ SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate }
};
/* ====== Default key databse encryption algorithm ====== */
static SECOidTag defaultKeyDBAlg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
@ -799,7 +801,7 @@ SECKEY_StoreKeyByPublicKey(SECKEYKeyDBHandle *handle,
SECKEYLowPrivateKey *privkey,
SECItem *pubKeyData,
char *nickname,
SECKEYGetPasswordKey f, void *arg)
SECKEYLowGetPasswordKey f, void *arg)
{
return SECKEY_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData, nickname,
f, arg, SECKEY_GetDefaultKeyDBAlg());
@ -857,10 +859,10 @@ SECKEY_KeyForCertExists(SECKEYKeyDBHandle *handle, CERTCertificate *cert)
*/
SECKEYLowPrivateKey *
SECKEY_FindKeyByCert(SECKEYKeyDBHandle *handle, CERTCertificate *cert,
SECKEYGetPasswordKey f, void *arg)
SECKEYLowGetPasswordKey f, void *arg)
{
SECKEYPublicKey *pubkey = NULL;
SECItem *keyItem;
SECItem *keyItem = NULL;
SECKEYLowPrivateKey *privKey = NULL;
/* get cert's public key */
@ -881,10 +883,12 @@ SECKEY_FindKeyByCert(SECKEYKeyDBHandle *handle, CERTCertificate *cert,
keyItem = &pubkey->u.dh.publicValue;
break;
/* fortezza an NULL keys are not stored in the data base */
case keaKey:
case fortezzaKey:
case nullKey:
goto loser;
}
PORT_Assert( keyItem != NULL );
privKey = SECKEY_FindKeyByPublicKey(handle, keyItem, f, arg);
@ -1019,7 +1023,7 @@ seckey_get_private_key_algorithm(SECKEYKeyDBHandle *keydb, DBT *index)
{
SECKEYDBKey *dbkey = NULL;
SECOidTag algorithm = SEC_OID_UNKNOWN;
SECKEYEncryptedPrivateKeyInfo *epki = NULL;
EncryptedPrivateKeyInfo *epki = NULL;
PLArenaPool *poolp = NULL;
SECStatus rv;
@ -1031,8 +1035,8 @@ seckey_get_private_key_algorithm(SECKEYKeyDBHandle *keydb, DBT *index)
if(dbkey == NULL)
return (SECOidTag)SECFailure;
epki = (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(poolp,
sizeof(SECKEYEncryptedPrivateKeyInfo));
epki = (EncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(poolp,
sizeof(EncryptedPrivateKeyInfo));
if(epki == NULL)
goto loser;
rv = SEC_ASN1DecodeItem(poolp, epki,
@ -1167,13 +1171,13 @@ seckey_rc4_cipher(SECItem *key, SECItem *src, PRBool encrypt)
/* TNH - keydb is unused */
/* TNH - the pwitem should be the derived key for RC4 */
SECKEYEncryptedPrivateKeyInfo *
EncryptedPrivateKeyInfo *
seckey_encrypt_private_key(
SECKEYLowPrivateKey *pk, SECItem *pwitem, SECKEYKeyDBHandle *keydb,
SECOidTag algorithm)
{
SECKEYEncryptedPrivateKeyInfo *epki = NULL;
SECKEYPrivateKeyInfo *pki = NULL;
EncryptedPrivateKeyInfo *epki = NULL;
PrivateKeyInfo *pki = NULL;
SECStatus rv = SECFailure;
SECAlgorithmID *algid = NULL;
PLArenaPool *temparena = NULL, *permarena = NULL;
@ -1189,10 +1193,10 @@ seckey_encrypt_private_key(
goto loser;
/* allocate structures */
epki = (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(permarena,
sizeof(SECKEYEncryptedPrivateKeyInfo));
pki = (SECKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
sizeof(SECKEYPrivateKeyInfo));
epki = (EncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(permarena,
sizeof(EncryptedPrivateKeyInfo));
pki = (PrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
sizeof(PrivateKeyInfo));
der_item = (SECItem *)PORT_ArenaZAlloc(temparena, sizeof(SECItem));
if((epki == NULL) || (pki == NULL) || (der_item == NULL))
goto loser;
@ -1207,9 +1211,9 @@ seckey_encrypt_private_key(
/* Encode the key, and set the algorithm (with params) */
switch (pk->keyType) {
case rsaKey:
case lowRSAKey:
dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
SECKEY_RSAPrivateKeyTemplate);
SECKEY_LowRSAPrivateKeyTemplate);
if (dummy == NULL) {
rv = SECFailure;
goto loser;
@ -1222,16 +1226,16 @@ seckey_encrypt_private_key(
}
break;
case dsaKey:
case lowDSAKey:
dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
SECKEY_DSAPrivateKeyTemplate);
SECKEY_LowDSAPrivateKeyTemplate);
if (dummy == NULL) {
rv = SECFailure;
goto loser;
}
dummy = SEC_ASN1EncodeItem(temparena, NULL, &pk->u.dsa.params,
SECKEY_PQGParamsTemplate);
SECKEY_LowPQGParamsTemplate);
if (dummy == NULL) {
rv = SECFailure;
goto loser;
@ -1244,9 +1248,9 @@ seckey_encrypt_private_key(
}
break;
case dhKey:
case lowDHKey:
dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
SECKEY_DHPrivateKeyTemplate);
SECKEY_LowDHPrivateKeyTemplate);
if (dummy == NULL) {
rv = SECFailure;
goto loser;
@ -1344,7 +1348,7 @@ seckey_put_private_key(SECKEYKeyDBHandle *keydb, DBT *index, SECItem *pwitem,
SECOidTag algorithm)
{
SECKEYDBKey *dbkey = NULL;
SECKEYEncryptedPrivateKeyInfo *epki = NULL;
EncryptedPrivateKeyInfo *epki = NULL;
PLArenaPool *temparena = NULL, *permarena = NULL;
SECItem *dummy = NULL;
SECItem *salt = NULL;
@ -1418,7 +1422,7 @@ SECKEY_StoreKeyByPublicKeyAlg(SECKEYKeyDBHandle *handle,
SECKEYLowPrivateKey *privkey,
SECItem *pubKeyData,
char *nickname,
SECKEYGetPasswordKey f, void *arg,
SECKEYLowGetPasswordKey f, void *arg,
SECOidTag algorithm)
{
DBT namekey;
@ -1448,11 +1452,11 @@ SECKEY_StoreKeyByPublicKeyAlg(SECKEYKeyDBHandle *handle,
}
SECKEYLowPrivateKey *
seckey_decrypt_private_key(SECKEYEncryptedPrivateKeyInfo *epki,
seckey_decrypt_private_key(EncryptedPrivateKeyInfo *epki,
SECItem *pwitem)
{
SECKEYLowPrivateKey *pk = NULL;
SECKEYPrivateKeyInfo *pki = NULL;
PrivateKeyInfo *pki = NULL;
SECStatus rv = SECFailure;
SECOidTag algorithm;
PLArenaPool *temparena = NULL, *permarena = NULL;
@ -1467,8 +1471,8 @@ seckey_decrypt_private_key(SECKEYEncryptedPrivateKeyInfo *epki,
goto loser;
/* allocate temporary items */
pki = (SECKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
sizeof(SECKEYPrivateKeyInfo));
pki = (PrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
sizeof(PrivateKeyInfo));
/* allocate permanent arena items */
pk = (SECKEYLowPrivateKey *)PORT_ArenaZAlloc(permarena,
@ -1516,26 +1520,26 @@ seckey_decrypt_private_key(SECKEYEncryptedPrivateKeyInfo *epki,
switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
case SEC_OID_X500_RSA_ENCRYPTION:
case SEC_OID_PKCS1_RSA_ENCRYPTION:
pk->keyType = rsaKey;
pk->keyType = lowRSAKey;
rv = SEC_ASN1DecodeItem(permarena, pk,
SECKEY_RSAPrivateKeyTemplate,
SECKEY_LowRSAPrivateKeyTemplate,
&pki->privateKey);
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
pk->keyType = dsaKey;
pk->keyType = lowDSAKey;
rv = SEC_ASN1DecodeItem(permarena, pk,
SECKEY_DSAPrivateKeyTemplate,
SECKEY_LowDSAPrivateKeyTemplate,
&pki->privateKey);
if (rv != SECSuccess)
goto loser;
rv = SEC_ASN1DecodeItem(permarena, &pk->u.dsa.params,
SECKEY_PQGParamsTemplate,
SECKEY_LowPQGParamsTemplate,
&pki->algorithm.parameters);
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
pk->keyType = dhKey;
pk->keyType = lowDHKey;
rv = SEC_ASN1DecodeItem(permarena, pk,
SECKEY_DHPrivateKeyTemplate,
SECKEY_LowDHPrivateKeyTemplate,
&pki->privateKey);
break;
default:
@ -1571,7 +1575,7 @@ static SECKEYLowPrivateKey *
seckey_decode_encrypted_private_key(SECKEYDBKey *dbkey, SECItem *pwitem)
{
SECKEYLowPrivateKey *pk = NULL;
SECKEYEncryptedPrivateKeyInfo *epki;
EncryptedPrivateKeyInfo *epki;
PLArenaPool *temparena = NULL;
SECStatus rv;
SECOidTag algorithm;
@ -1585,8 +1589,8 @@ seckey_decode_encrypted_private_key(SECKEYDBKey *dbkey, SECItem *pwitem)
return NULL;
}
epki = (SECKEYEncryptedPrivateKeyInfo *)
PORT_ArenaZAlloc(temparena, sizeof(SECKEYEncryptedPrivateKeyInfo));
epki = (EncryptedPrivateKeyInfo *)
PORT_ArenaZAlloc(temparena, sizeof(EncryptedPrivateKeyInfo));
if(epki == NULL) {
goto loser;
@ -1676,7 +1680,7 @@ SECKEY_DecryptKey(DBT *key, SECItem *pwitem,
*/
SECKEYLowPrivateKey *
SECKEY_FindKeyByPublicKey(SECKEYKeyDBHandle *handle, SECItem *modulus,
SECKEYGetPasswordKey f, void *arg)
SECKEYLowGetPasswordKey f, void *arg)
{
DBT namekey;
SECKEYLowPrivateKey *pk = NULL;
@ -1844,8 +1848,6 @@ loser:
static PRBool
seckey_HasAServerKey(DB *db)
{
DBT checkKey;
DBT checkData;
DBT key;
DBT data;
int ret;
@ -2131,15 +2133,15 @@ ChangeKeyDBPasswordAlg(SECKEYKeyDBHandle *handle,
/* get the public key, which we use as the database index */
switch (privkey->keyType) {
case rsaKey:
case lowRSAKey:
newkey.data = privkey->u.rsa.modulus.data;
newkey.size = privkey->u.rsa.modulus.len;
break;
case dsaKey:
case lowDSAKey:
newkey.data = privkey->u.dsa.publicValue.data;
newkey.size = privkey->u.dsa.publicValue.len;
break;
case dhKey:
case lowDHKey:
newkey.data = privkey->u.dh.publicValue.data;
newkey.size = privkey->u.dh.publicValue.len;
break;
@ -2428,8 +2430,6 @@ SECStatus
SECKEY_ResetKeyDB(SECKEYKeyDBHandle *handle)
{
SECStatus rv;
DBT key;
DBT data;
int ret;
int errors = 0;
@ -2486,6 +2486,4 @@ SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToPrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_EncryptedPrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_DSAPublicKeyTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPublicKeyTemplate)

29
security/nss/lib/softoken/keydbt.h
Просмотреть файл

@ -32,7 +32,7 @@
*
* keydbt.h - private data structures for the private key library
*
* $Id: keydbt.h,v 1.2 2001/01/07 08:13:10 nelsonb%netscape.com Exp $
* $Id: keydbt.h,v 1.3 2001/09/20 21:05:49 relyea%netscape.com Exp $
*/
#ifndef _KEYDBT_H_
@ -67,33 +67,22 @@ typedef struct SECKEYKeyDBHandleStr SECKEYKeyDBHandle;
/*
** Typedef for callback to get a password "key".
*/
typedef SECItem * (* SECKEYGetPasswordKey)(void *arg,
typedef SECItem * (* SECKEYLowGetPasswordKey)(void *arg,
SECKEYKeyDBHandle *handle);
extern const SEC_ASN1Template SECKEY_LowPQGParamsTemplate[];
extern const SEC_ASN1Template SECKEY_LowRSAPrivateKeyTemplate[];
extern const SEC_ASN1Template SECKEY_LowDSAPrivateKeyTemplate[];
extern const SEC_ASN1Template SECKEY_LowDSAPrivateKeyExportTemplate[];
extern const SEC_ASN1Template SECKEY_LowDHPrivateKeyTemplate[];
extern const SEC_ASN1Template SECKEY_LowDHPrivateKeyExportTemplate[];
extern const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[];
extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
extern const SEC_ASN1Template SECKEY_RSAPrivateKeyTemplate[];
extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
extern const SEC_ASN1Template SECKEY_DSAPrivateKeyTemplate[];
extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
extern const SEC_ASN1Template SECKEY_DHPrivateKeyTemplate[];
extern const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[];
extern const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[];
extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
extern const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[];
extern const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[];
extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
extern const SEC_ASN1Template SECKEY_AttributeTemplate[];
/* These functions simply return the address of the above-declared templates.
** This is necessary for Windows DLLs. Sigh.
*/
extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PrivateKeyInfoTemplate;
extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate;
extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate;
extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate;
extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_DSAPublicKeyTemplate;
extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_RSAPublicKeyTemplate;
#endif /* _KEYDBT_H_ */

13
security/nss/lib/softoken/keylow.h
Просмотреть файл

@ -32,7 +32,7 @@
*
* key.h - public data structures and prototypes for the private key library
*
* $Id: keylow.h,v 1.1 2000/03/31 19:26:01 relyea%netscape.com Exp $
* $Id: keylow.h,v 1.2 2001/09/20 21:05:51 relyea%netscape.com Exp $
*/
#ifndef _KEYLOW_H_
@ -43,7 +43,7 @@
#include "keydbt.h"
#include "secoidt.h"
#include "certt.h"
#include "keythi.h"
#include "keytlow.h"
SEC_BEGIN_PROTOS
@ -119,7 +119,8 @@ extern SECStatus SECKEY_StoreKeyByPublicKey(SECKEYKeyDBHandle *handle,
SECKEYLowPrivateKey *pk,
SECItem *pubKeyData,
char *nickname,
SECKEYGetPasswordKey f, void *arg);
SECKEYLowGetPasswordKey f,
void *arg);
/* does the key for this cert exist in the database filed by modulus */
extern SECStatus SECKEY_KeyForCertExists(SECKEYKeyDBHandle *handle,
@ -127,7 +128,7 @@ extern SECStatus SECKEY_KeyForCertExists(SECKEYKeyDBHandle *handle,
SECKEYLowPrivateKey *
SECKEY_FindKeyByCert(SECKEYKeyDBHandle *handle, CERTCertificate *cert,
SECKEYGetPasswordKey f, void *arg);
SECKEYLowGetPasswordKey f, void *arg);
extern SECStatus SECKEY_HasKeyDBPassword(SECKEYKeyDBHandle *handle);
extern SECStatus SECKEY_SetKeyDBPassword(SECKEYKeyDBHandle *handle,
@ -226,7 +227,7 @@ SECKEY_StoreKeyByPublicKeyAlg(SECKEYKeyDBHandle *handle,
SECKEYLowPrivateKey *privkey,
SECItem *pubKeyData,
char *nickname,
SECKEYGetPasswordKey f, void *arg,
SECKEYLowGetPasswordKey f, void *arg,
SECOidTag algorithm);
/* Find key by modulus. This function is the inverse of store key
@ -237,7 +238,7 @@ SECKEY_StoreKeyByPublicKeyAlg(SECKEYKeyDBHandle *handle,
*/
extern SECKEYLowPrivateKey *
SECKEY_FindKeyByPublicKey(SECKEYKeyDBHandle *handle, SECItem *modulus,
SECKEYGetPasswordKey f, void *arg);
SECKEYLowGetPasswordKey f, void *arg);
/* Make a copy of a low private key in it's own arena.
* a return of NULL indicates an error.

36
security/nss/lib/softoken/keytboth.h
Просмотреть файл

@ -48,52 +48,24 @@ typedef struct SECKEYAttributeStr SECKEYAttribute;
/*
** A PKCS#8 private key info object
*/
struct SECKEYPrivateKeyInfoStr {
struct PrivateKeyInfoStr {
PLArenaPool *arena;
SECItem version;
SECAlgorithmID algorithm;
SECItem privateKey;
SECKEYAttribute **attributes;
};
typedef struct SECKEYPrivateKeyInfoStr SECKEYPrivateKeyInfo;
typedef struct PrivateKeyInfoStr PrivateKeyInfo;
#define SEC_PRIVATE_KEY_INFO_VERSION 0 /* what we *create* */
/*
** A PKCS#8 private key info object
*/
struct SECKEYEncryptedPrivateKeyInfoStr {
struct EncryptedPrivateKeyInfoStr {
PLArenaPool *arena;
SECAlgorithmID algorithm;
SECItem encryptedData;
};
typedef struct SECKEYEncryptedPrivateKeyInfoStr SECKEYEncryptedPrivateKeyInfo;
struct DiffPQGParamsStr {
PQGParams DiffKEAParams;
PQGParams DiffDSAParams;
};
typedef struct DiffPQGParamsStr DiffPQGParams;
struct PQGDualParamsStr {
PQGParams CommParams;
DiffPQGParams DiffParams;
};
typedef struct PQGDualParamsStr PQGDualParams;
struct KEAParamsStr {
PLArenaPool *arena;
SECItem hash;
};
typedef struct KEAParamsStr KEAParams;
struct KEAPublicKeyStr {
KEAParams params;
SECItem publicValue;
};
typedef struct KEAPublicKeyStr KEAPublicKey;
typedef struct EncryptedPrivateKeyInfoStr EncryptedPrivateKeyInfo;
#endif /* _KEYT_H_ */

39
security/nss/lib/softoken/keytlow.h
Просмотреть файл

@ -36,41 +36,18 @@
#include "blapit.h"
typedef enum {
nullKey = 0,
rsaKey = 1,
dsaKey = 2,
fortezzaKey = 3,
dhKey = 4,
keaKey = 5
} KeyType;
struct FortezzaPublicKeyStr {
int KEAversion;
int DSSversion;
unsigned char KMID[8];
SECItem clearance;
SECItem KEApriviledge;
SECItem DSSpriviledge;
SECItem KEAKey;
SECItem DSSKey;
PQGParams params;
PQGParams keaParams;
};
typedef struct FortezzaPublicKeyStr FortezzaPublicKey;
struct FortezzaPrivateKeyStr {
int certificate;
unsigned char serial[8];
int socket;
};
typedef struct FortezzaPrivateKeyStr FortezzaPrivateKey;
lowNullKey = 0,
lowRSAKey = 1,
lowDSAKey = 2,
lowDHKey = 4
} LowKeyType;
/*
** An RSA public key object.
*/
struct SECKEYLowPublicKeyStr {
PLArenaPool *arena;
KeyType keyType ;
LowKeyType keyType ;
union {
RSAPublicKey rsa;
DSAPublicKey dsa;
@ -86,13 +63,11 @@ typedef struct SECKEYLowPublicKeyStr SECKEYLowPublicKey;
*/
struct SECKEYLowPrivateKeyStr {
PLArenaPool *arena;
KeyType keyType;
LowKeyType keyType;
union {
RSAPrivateKey rsa;
DSAPrivateKey dsa;
DHPrivateKey dh;
FortezzaPrivateKey fortezza; /* includes DSA and KEA private
keys used with fortezza */
} u;
};
typedef struct SECKEYLowPrivateKeyStr SECKEYLowPrivateKey;

47
security/nss/lib/softoken/lowkey.c
Просмотреть файл

@ -40,7 +40,15 @@
#include "secerr.h"
const SEC_ASN1Template SECKEY_RSAPrivateKeyTemplate[] = {
const SEC_ASN1Template SECKEY_LowPQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(PQGParams,base) },
{ 0, }
};
const SEC_ASN1Template SECKEY_LowRSAPrivateKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPrivateKey) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.version) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.rsa.modulus) },
@ -55,18 +63,18 @@ const SEC_ASN1Template SECKEY_RSAPrivateKeyTemplate[] = {
};
const SEC_ASN1Template SECKEY_DSAPrivateKeyTemplate[] = {
const SEC_ASN1Template SECKEY_LowDSAPrivateKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYLowPrivateKey) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dsa.publicValue) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dsa.privateValue) },
{ 0, }
};
const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[] = {
const SEC_ASN1Template SECKEY_LowDSAPrivateKeyExportTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dsa.privateValue) },
};
const SEC_ASN1Template SECKEY_DHPrivateKeyTemplate[] = {
const SEC_ASN1Template SECKEY_LowDHPrivateKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYLowPrivateKey) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.publicValue) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.privateValue) },
@ -75,12 +83,6 @@ const SEC_ASN1Template SECKEY_DHPrivateKeyTemplate[] = {
{ 0, }
};
const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.privateValue) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.base) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYLowPrivateKey,u.dh.prime) },
};
void
SECKEY_LowDestroyPrivateKey(SECKEYLowPrivateKey *privk)
{
@ -105,7 +107,7 @@ SECKEY_LowPublicModulusLen(SECKEYLowPublicKey *pubk)
* fortezza that's the public key length */
switch (pubk->keyType) {
case rsaKey:
case lowRSAKey:
b0 = pubk->u.rsa.modulus.data[0];
return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
default:
@ -121,7 +123,7 @@ SECKEY_LowPrivateModulusLen(SECKEYLowPrivateKey *privk)
unsigned char b0;
switch (privk->keyType) {
case rsaKey:
case lowRSAKey:
b0 = privk->u.rsa.modulus.data[0];
return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
default:
@ -144,7 +146,7 @@ SECKEY_LowConvertToPublicKey(SECKEYLowPrivateKey *privk)
}
switch(privk->keyType) {
case rsaKey:
case lowRSAKey:
case nullKey:
pubk = (SECKEYLowPublicKey *)PORT_ArenaZAlloc(arena,
sizeof (SECKEYLowPublicKey));
@ -167,7 +169,7 @@ SECKEY_LowConvertToPublicKey(SECKEYLowPrivateKey *privk)
PORT_SetError (SEC_ERROR_NO_MEMORY);
}
break;
case dsaKey:
case lowDSAKey:
pubk = (SECKEYLowPublicKey *)PORT_ArenaZAlloc(arena,
sizeof(SECKEYLowPublicKey));
if (pubk != NULL) {
@ -189,7 +191,7 @@ SECKEY_LowConvertToPublicKey(SECKEYLowPrivateKey *privk)
if (rv == SECSuccess) return pubk;
}
break;
case dhKey:
case lowDHKey:
pubk = (SECKEYLowPublicKey *)PORT_ArenaZAlloc(arena,
sizeof(SECKEYLowPublicKey));
if (pubk != NULL) {
@ -244,7 +246,7 @@ SECKEY_CopyLowPrivateKey(SECKEYLowPrivateKey *privKey)
returnKey->arena = poolp;
switch(privKey->keyType) {
case rsaKey:
case lowRSAKey:
rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus),
&(privKey->u.rsa.modulus));
if(rv != SECSuccess) break;
@ -273,7 +275,7 @@ SECKEY_CopyLowPrivateKey(SECKEYLowPrivateKey *privKey)
&(privKey->u.rsa.coefficient));
if(rv != SECSuccess) break;
break;
case dsaKey:
case lowDSAKey:
rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
&(privKey->u.dsa.publicValue));
if(rv != SECSuccess) break;
@ -291,7 +293,7 @@ SECKEY_CopyLowPrivateKey(SECKEYLowPrivateKey *privKey)
&(privKey->u.dsa.params.base));
if(rv != SECSuccess) break;
break;
case dhKey:
case lowDHKey:
rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
&(privKey->u.dh.publicValue));
if(rv != SECSuccess) break;
@ -306,15 +308,6 @@ SECKEY_CopyLowPrivateKey(SECKEYLowPrivateKey *privKey)
&(privKey->u.dh.base));
if(rv != SECSuccess) break;
break;
case fortezzaKey:
returnKey->u.fortezza.certificate =
privKey->u.fortezza.certificate;
returnKey->u.fortezza.socket =
privKey->u.fortezza.socket;
PORT_Memcpy(returnKey->u.fortezza.serial,
privKey->u.fortezza.serial, 8);
rv = SECSuccess;
break;
default:
rv = SECFailure;
}

6
security/nss/lib/softoken/manifest.mn
Просмотреть файл

@ -40,10 +40,6 @@ LIBRARY_NAME = softoken
EXPORTS = \
keydbt.h \
keylow.h \
keytboth.h \
keytlow.h \
secpkcs5.h \
pkcs11.h \
pkcs11f.h \
@ -55,8 +51,6 @@ EXPORTS = \
PRIVATE_EXPORTS = \
alghmac.h \
pkcs11i.h \
softoken.h \
softoknt.h \
pk11pars.h \
$(NULL)

37
security/nss/lib/softoken/pk11db.c
Просмотреть файл

@ -39,15 +39,6 @@
#include "pk11pars.h"
#include "pkcs11i.h"
#ifdef macintosh
#define PATH_SEPARATOR ":"
#define SECMOD_DB "Security Modules"
#else
#define PATH_SEPARATOR "/"
#define SECMOD_DB "secmod.db"
#endif
#define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
static void
@ -204,7 +195,7 @@ struct secmodSlotDataStr {
#define SECMOD_DB_EXT1_VERSION_MAJOR 0
#define SECMOD_DB_EXT1_VERSION_MINOR 5
#define SECMOD_DB_NOUI_VERSION_MAJOR 0
#define SECMOD_DB_NOUI_VERSION_MINOR 3
#define SECMOD_DB_NOUI_VERSION_MINOR 4
#define SECMOD_PUTSHORT(dest,src) \
(dest)[1] = (unsigned char) ((src)&0xff); \
@ -232,7 +223,7 @@ static SECStatus secmod_EncodeData(DBT *data, char * module) {
unsigned short len, len2 = 0, len3 = 0;
int count = 0;
unsigned short offset;
int dataLen, i, si;
int dataLen, i;
unsigned long order;
unsigned long ssl[2];
char *commonName = NULL , *dllName = NULL, *param = NULL, *nss = NULL;
@ -290,7 +281,7 @@ static SECStatus secmod_EncodeData(DBT *data, char * module) {
encoded->isModuleDBOnly = (unsigned char)
(pk11_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0);
encoded->isCritical = (unsigned char)
(pk11_argHasFlag("flags","isCritical",nss) ? 1 : 0);
(pk11_argHasFlag("flags","critical",nss) ? 1 : 0);
order = pk11_argReadLong("trustOrder",nss);
SECMOD_PUTLONG(encoded->trustOrder,order);
@ -359,11 +350,6 @@ secmod_FreeData(DBT *data)
}
}
static unsigned long internalFlags = SECMOD_RSA_FLAG|SECMOD_DSA_FLAG|
SECMOD_RC2_FLAG| SECMOD_RC4_FLAG|SECMOD_DES_FLAG|SECMOD_RANDOM_FLAG|
SECMOD_SHA1_FLAG|SECMOD_MD5_FLAG|SECMOD_MD2_FLAG|SECMOD_SSL_FLAG|
SECMOD_TLS_FLAG|SECMOD_AES_FLAG;
/*
* build a module from the data base entry.
*/
@ -386,7 +372,7 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
char **slotStrings = NULL;
unsigned long slotID,defaultFlags,timeout;
char *nss,*moduleSpec;
int i,slotLen;
int i;
PLArenaPool *arena;
@ -466,6 +452,8 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
slotID = SECMOD_GETLONG(slots[i].slotID);
defaultFlags = SECMOD_GETLONG(slots[i].defaultFlags);
if (isOldVersion && internal && (slotID != 2)) {
unsigned long internalFlags=
pk11_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS);
defaultFlags |= internalFlags;
}
timeout = SECMOD_GETLONG(slots[i].timeout);
@ -512,12 +500,12 @@ static void secmod_CloseDB(DB *pkcs11db) {
#define SECMOD_STEP 10
#define PK11_DEFAULT_INTERNAL_INIT "library= name=\"NSS Internal PKCS #11 Module\" parameters=\"%s\" NSS=\"Flags=internal,critical slotParams=(1={slotFlags=all askpw=any timeout=30})\""
#define PK11_DEFAULT_INTERNAL_INIT "library= name=\"NSS Internal PKCS #11 Module\" parameters=\"%s\" NSS=\"Flags=internal,critical slotParams=(1={%s askpw=any timeout=30})\""
/*
* Read all the existing modules in
*/
char **
SECMOD_ReadPermDB(char *dbname, char *params, PRBool rw) {
secmod_ReadPermDB(char *dbname, char *params, PRBool rw) {
DBT key,data;
int ret;
DB *pkcs11db = NULL;
@ -558,14 +546,15 @@ SECMOD_ReadPermDB(char *dbname, char *params, PRBool rw) {
done:
if (!moduleList[0]) {
moduleList[0] = PR_smprintf(PK11_DEFAULT_INTERNAL_INIT,params);
moduleList[0] = PR_smprintf(PK11_DEFAULT_INTERNAL_INIT,params,
SECMOD_SLOT_FLAGS);
}
/* deal with trust cert db here */
if (pkcs11db) {
secmod_CloseDB(pkcs11db);
} else {
SECMOD_AddPermDB(dbname,moduleList[0], rw) ;
secmod_AddPermDB(dbname,moduleList[0], rw) ;
}
return moduleList;
}
@ -574,7 +563,7 @@ done:
* Delete a module from the Data Base
*/
SECStatus
SECMOD_DeletePermDB(char *dbname, char *args, PRBool rw) {
secmod_DeletePermDB(char *dbname, char *args, PRBool rw) {
DBT key;
SECStatus rv = SECFailure;
DB *pkcs11db = NULL;
@ -608,7 +597,7 @@ done:
* Add a module to the Data base
*/
SECStatus
SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) {
secmod_AddPermDB(char *dbname, char *module, PRBool rw) {
DBT key,data;
SECStatus rv = SECFailure;
DB *pkcs11db = NULL;

28
security/nss/lib/softoken/pk11pars.h
Просмотреть файл

@ -229,7 +229,6 @@ static SECStatus
pk11_argParseModuleSpec(char *modulespec, char **lib, char **mod,
char **parameters, char **nss)
{
char ch;
int next;
modulespec = pk11_argStrip(modulespec);
@ -358,7 +357,7 @@ pk11_argDecodeNumber(char *num)
num++;
if ((*num == 'x') || (*num == 'X')) {
radix = 16;
*num++;
num++;
}
}
@ -482,7 +481,7 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
if ((slotParams == NULL) || (*slotParams == 0)) return NULL;
/* first count the number of slots */
for (slotIndex = slotParams; *slotIndex;
for (slotIndex = pk11_argStrip(slotParams); *slotIndex;
slotIndex = pk11_argStrip(pk11_argSkipParameter(slotIndex))) {
count++;
}
@ -491,13 +490,15 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
if (arena) {
slotInfo = (PK11PreSlotInfo *)
PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo));
PORT_Memset(slotInfo,0,count*sizeof(PK11PreSlotInfo));
} else {
slotInfo = (PK11PreSlotInfo *)
PORT_ZAlloc(count*sizeof(PK11PreSlotInfo));
}
if (slotInfo == NULL) return NULL;
for (slotIndex = slotParams, i = 0; *slotIndex && i < count ; i++) {
for (slotIndex = pk11_argStrip(slotParams), i = 0;
*slotIndex && i < count ; ) {
char *name;
name = pk11_argGetName(slotIndex,&next);
slotIndex += next;
@ -507,13 +508,14 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
slotIndex += next;
if (args) {
pk11_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
i++;
PORT_Free(args);
}
}
if (name) PORT_Free(name);
slotIndex = pk11_argStrip(slotIndex);
}
*retCount = count;
*retCount = i;
return slotInfo;
}
@ -590,7 +592,7 @@ pk11_freePair(char *pair)
}
#define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
sizeof("moduleDBOnly")+sizeof(isCritical)
sizeof("moduleDBOnly")+sizeof("critical")
static char *
pk11_mkNSSFlags(PRBool internal, PRBool isFIPS,
PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
@ -627,10 +629,9 @@ pk11_mkNSSFlags(PRBool internal, PRBool isFIPS,
}
static char *
pk11_makeCipherFlags(unsigned long ssl0, unsigned long ssl1)
pk11_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
{
char *cipher = NULL;
char *ret = NULL;
int i;
for (i=0; i < sizeof(ssl0)*8; i++) {
@ -669,10 +670,9 @@ pk11_makeCipherFlags(unsigned long ssl0, unsigned long ssl1)
}
static char *
pk11_makeSlotFlags(unsigned long defaultFlags)
pk11_mkSlotFlags(unsigned long defaultFlags)
{
char *flags=NULL;
char *ret=NULL;
int i,j;
for (i=0; i < sizeof(defaultFlags)*8; i++) {
@ -704,7 +704,7 @@ pk11_makeSlotFlags(unsigned long defaultFlags)
#define PK11_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust")
static char *
pk11_makeRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
pk11_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
{
char *flags= (char *)PORT_ZAlloc(PK11_MAX_ROOT_FLAG_SIZE);
PRBool first = PR_TRUE;
@ -740,8 +740,8 @@ pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
askpw = "any";
break;
}
flags = pk11_makeSlotFlags(defaultFlags);
rootFlags = pk11_makeRootFlags(hasRootCerts,hasRootTrust);
flags = pk11_mkSlotFlags(defaultFlags);
rootFlags = pk11_mkRootFlags(hasRootCerts,hasRootTrust);
flagPair=pk11_formatPair("slotFlags",flags,'\'');
rootFlagsPair=pk11_formatPair("rootFlags",rootFlags,'\'');
if (flags) PR_smprintf_free(flags);
@ -790,7 +790,7 @@ pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
nssFlags = pk11_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
isCritical);
/* for now only the internal module is critical */
ciphers = pk11_makeCipherFlags(ssl0, ssl1);
ciphers = pk11_mkCipherFlags(ssl0, ssl1);
trustOrderPair=pk11_formatIntPair("trustOrder",trustOrder,0);
cipherOrderPair=pk11_formatIntPair("cipherOrder",cipherOrder,0);

77
security/nss/lib/softoken/pkcs11.c
Просмотреть файл

@ -778,6 +778,25 @@ pk11_GetPubItem(SECKEYPublicKey *pubKey) {
return pubItem;
}
/* convert a high key type to a low key type. This will go away when
* the last SECKEYPublicKey structs go away.
*/
LowKeyType
seckeyLow_KeyType(KeyType keyType)
{
switch (keyType) {
case rsaKey:
return lowRSAKey;
case dsaKey:
return lowDSAKey;
case dhKey:
return lowDHKey;
default:
break;
}
return lowNullKey;
}
typedef struct {
CERTCertificate *cert;
SECItem *pubKey;
@ -995,7 +1014,7 @@ pk11_handlePrivateKeyObject(PK11Object *object,CK_KEY_TYPE key_type)
if (crv == CKR_OK) {
rv = SECKEY_StoreKeyByPublicKey(SECKEY_GetDefaultKeyDB(),
privKey, &pubKey, label,
(SECKEYGetPasswordKey) pk11_givePass, object->slot);
(SECKEYLowGetPasswordKey) pk11_givePass, object->slot);
/* check for the existance of an existing certificate and activate
* it if necessary */
@ -1117,9 +1136,6 @@ pk11_handleSecretKeyObject(PK11Object *object,CK_KEY_TYPE key_type,
PRBool isFIPS)
{
CK_RV crv;
CK_BBOOL cktrue = CK_TRUE;
CK_BBOOL ckfalse = CK_FALSE;
PK11Attribute *attribute = NULL;
SECKEYLowPrivateKey *privKey = NULL;
SECItem pubKey;
@ -1144,7 +1160,7 @@ pk11_handleSecretKeyObject(PK11Object *object,CK_KEY_TYPE key_type,
rv = SECKEY_StoreKeyByPublicKey(SECKEY_GetDefaultKeyDB(),
privKey, &pubKey, label,
(SECKEYGetPasswordKey) pk11_givePass, object->slot);
(SECKEYLowGetPasswordKey) pk11_givePass, object->slot);
if (rv != SECSuccess) {
crv = CKR_DEVICE_ERROR;
}
@ -1422,7 +1438,7 @@ pk11_importPrivateKey(PK11Slot *slot,SECKEYLowPrivateKey *lowPriv,
* will look them up again from the database when it needs them.
*/
switch (lowPriv->keyType) {
case rsaKey:
case lowRSAKey:
/* format the keys */
key_type = CKK_RSA;
sign = CK_TRUE;
@ -1448,7 +1464,7 @@ pk11_importPrivateKey(PK11Slot *slot,SECKEYLowPrivateKey *lowPriv,
if (crv != CKR_OK) break;
crv = pk11_AddAttributeType(privateKey,CKA_COEFFICIENT,NULL,0);
break;
case dsaKey:
case lowDSAKey:
key_type = CKK_DSA;
sign = CK_TRUE;
recover = CK_FALSE;
@ -1466,7 +1482,7 @@ pk11_importPrivateKey(PK11Slot *slot,SECKEYLowPrivateKey *lowPriv,
crv = pk11_AddAttributeType(privateKey,CKA_VALUE,NULL,0);
if (crv != CKR_OK) break;
break;
case dhKey:
case lowDHKey:
key_type = CKK_DH;
sign = CK_FALSE;
decrypt = CK_FALSE;
@ -1541,7 +1557,7 @@ pk11_importPublicKey(PK11Slot *slot,
CK_RV crv = CKR_OK;
CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
unsigned char cka_id[SHA1_LENGTH];
KeyType keyType = nullKey;
LowKeyType keyType = nullKey;
SECKEYPublicKey *pubKey = NULL;
CK_ATTRIBUTE theTemplate[2];
PK11ObjectListElement *objectList = NULL;
@ -1641,14 +1657,14 @@ pk11_importPublicKey(PK11Slot *slot,
/* Now Set up the parameters to generate the key (based on mechanism) */
if (lowPriv == NULL) {
keyType = pubKey->keyType;
keyType = seckeyLow_KeyType(pubKey->keyType);
} else {
keyType = lowPriv->keyType;
}
switch (keyType) {
case rsaKey:
case lowRSAKey:
/* format the keys */
key_type = CKK_RSA;
verify = CK_TRUE;
@ -1672,7 +1688,7 @@ pk11_importPublicKey(PK11Slot *slot,
if (crv != CKR_OK) break;
}
break;
case dsaKey:
case lowDSAKey:
key_type = CKK_DSA;
verify = CK_TRUE;
recover = CK_FALSE;
@ -1706,7 +1722,7 @@ pk11_importPublicKey(PK11Slot *slot,
if (crv != CKR_OK) break;
}
break;
case dhKey:
case lowDHKey:
key_type = CKK_DH;
verify = CK_FALSE;
encrypt = CK_FALSE;
@ -1950,7 +1966,7 @@ SECKEYLowPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type)
pubKey->arena = arena;
switch (key_type) {
case CKK_RSA:
pubKey->keyType = rsaKey;
pubKey->keyType = lowRSAKey;
crv = pk11_Attribute2SSecItem(arena,&pubKey->u.rsa.modulus,
object,CKA_MODULUS);
if (crv != CKR_OK) break;
@ -1958,7 +1974,7 @@ SECKEYLowPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type)
object,CKA_PUBLIC_EXPONENT);
break;
case CKK_DSA:
pubKey->keyType = dsaKey;
pubKey->keyType = lowDSAKey;
crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.params.prime,
object,CKA_PRIME);
if (crv != CKR_OK) break;
@ -1972,7 +1988,7 @@ SECKEYLowPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type)
object,CKA_VALUE);
break;
case CKK_DH:
pubKey->keyType = dhKey;
pubKey->keyType = lowDHKey;
crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dh.prime,
object,CKA_PRIME);
if (crv != CKR_OK) break;
@ -2019,7 +2035,7 @@ pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
privKey->arena = arena;
switch (key_type) {
case CKK_RSA:
privKey->keyType = rsaKey;
privKey->keyType = lowRSAKey;
crv=pk11_Attribute2SSecItem(arena,&privKey->u.rsa.modulus,
object,CKA_MODULUS);
if (crv != CKR_OK) break;
@ -2050,7 +2066,7 @@ pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
break;
case CKK_DSA:
privKey->keyType = dsaKey;
privKey->keyType = lowDSAKey;
crv = pk11_Attribute2SSecItem(arena,&privKey->u.dsa.params.prime,
object,CKA_PRIME);
if (crv != CKR_OK) break;
@ -2069,7 +2085,7 @@ pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
break;
case CKK_DH:
privKey->keyType = dhKey;
privKey->keyType = lowDHKey;
crv = pk11_Attribute2SSecItem(arena,&privKey->u.dh.prime,
object,CKA_PRIME);
if (crv != CKR_OK) break;
@ -2106,7 +2122,6 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
if (pk11_isTrue(object,CKA_TOKEN)) {
/* grab it from the data base */
char *label = pk11_getString(object,CKA_LABEL);
SECItem pubKey;
CK_RV crv;
@ -2116,7 +2131,7 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
if (crv != CKR_OK) return NULL;
priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&pubKey,
(SECKEYGetPasswordKey) pk11_givePass,
(SECKEYLowGetPasswordKey) pk11_givePass,
object->slot);
if (!priv && pubKey.data[0] == 0) {
/* Because of legacy code issues, sometimes the public key has
@ -2127,7 +2142,7 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
tmpPubKey.data = pubKey.data + 1;
tmpPubKey.len = pubKey.len - 1;
priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&tmpPubKey,
(SECKEYGetPasswordKey) pk11_givePass,
(SECKEYLowGetPasswordKey) pk11_givePass,
object->slot);
}
if (pubKey.data) PORT_Free(pubKey.data);
@ -2230,7 +2245,7 @@ pk11_mkSecretKeyRep(PK11Object *object)
* is used for the key.
* all others - set to integer 0
*/
privKey->keyType = rsaKey;
privKey->keyType = lowRSAKey;
/* The modulus is set to the key id of the symmetric key */
crv=pk11_Attribute2SecItem(arena,&privKey->u.rsa.modulus,object,CKA_ID);
@ -2277,7 +2292,7 @@ loser:
static PRBool
isSecretKey(SECKEYLowPrivateKey *privKey)
{
if (privKey->keyType == rsaKey && privKey->u.rsa.publicExponent.len == 1 &&
if (privKey->keyType == lowRSAKey && privKey->u.rsa.publicExponent.len == 1 &&
privKey->u.rsa.publicExponent.data[0] == 0)
return PR_TRUE;
@ -2425,7 +2440,6 @@ PK11_SlotInit(CK_SLOT_ID slotID, PRBool needLogin)
*/
CK_RV PK11_LowInitialize(CK_VOID_PTR pReserved)
{
SECStatus rv = SECSuccess;
CK_RV crv = CKR_OK;
CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *) pReserved;
@ -2480,18 +2494,17 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args)
char *secmod;
PRBool rw;
static char *success="Success";
static char *fail="Fail";
secmod = secmod_getSecmodName(parameters,&rw);
switch (function) {
case SECMOD_MODULE_DB_FUNCTION_FIND:
return SECMOD_ReadPermDB(secmod,parameters,rw);
return secmod_ReadPermDB(secmod,parameters,rw);
case SECMOD_MODULE_DB_FUNCTION_ADD:
return (SECMOD_AddPermDB(secmod,args,rw) == SECSuccess)
return (secmod_AddPermDB(secmod,args,rw) == SECSuccess)
? &success: NULL;
case SECMOD_MODULE_DB_FUNCTION_DEL:
return (SECMOD_DeletePermDB(secmod,args,rw) == SECSuccess)
return (secmod_DeletePermDB(secmod,args,rw) == SECSuccess)
? &success: NULL;
}
return NULL;
@ -3545,10 +3558,10 @@ add_key_to_list(DBT *key, DBT *data, void *arg)
node->privKey = privKey;
switch (privKey->keyType) {
case rsaKey:
case lowRSAKey:
node->pubItem = &privKey->u.rsa.modulus;
break;
case dsaKey:
case lowDSAKey:
node->pubItem = &privKey->u.dsa.publicValue;
break;
default:
@ -3601,7 +3614,7 @@ add_cert_to_list(CERTCertificate *cert, SECItem *k, void *pdata)
node = keylist->head;
while ( node ) {
/* if key type is different, then there is no match */
if ( node->privKey->keyType == pubKey->keyType ) {
if (node->privKey->keyType == seckeyLow_KeyType(pubKey->keyType)) {
/* compare public value from cert with public value from
* the key

134
security/nss/lib/softoken/pkcs11c.c
Просмотреть файл

@ -125,83 +125,6 @@ static void pk11_FreeSignInfo(PK11HashSignInfo *data, PRBool freeit)
PORT_Free(data);
}
static DSAPublicKey *
DSA_CreateVerifyContext(SECKEYLowPublicKey *pubKey)
{
PLArenaPool * arena;
DSAPublicKey * dsaKey;
SECStatus rv;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) goto loser;
dsaKey = (DSAPublicKey *)PORT_ArenaZAlloc(arena, sizeof (DSAPublicKey));
if (!dsaKey) goto loser;
dsaKey->params.arena = arena;
#define COPY_DSA_ITEM(item) \
rv = SECITEM_CopyItem(arena, &dsaKey->item, &pubKey->u.dsa.item); \
if (rv != SECSuccess) goto loser;
COPY_DSA_ITEM(params.prime);
COPY_DSA_ITEM(params.subPrime);
COPY_DSA_ITEM(params.base);
COPY_DSA_ITEM(publicValue);
return dsaKey;
loser:
if (arena)
PORT_FreeArena(arena, PR_TRUE);
return NULL;
#undef COPY_DSA_ITEM
}
static void
DSA_DestroyVerifyContext(DSAPublicKey * key)
{
if (key && key->params.arena)
PORT_FreeArena(key->params.arena, PR_TRUE);
}
static DSAPrivateKey *
DSA_CreateSignContext(SECKEYLowPrivateKey *privKey)
{
PLArenaPool * arena;
DSAPrivateKey * dsaKey;
SECStatus rv;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) goto loser;
dsaKey = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof (DSAPrivateKey));
if (!dsaKey) goto loser;
dsaKey->params.arena = arena;
#define COPY_DSA_ITEM(item) \
rv = SECITEM_CopyItem(arena, &dsaKey->item, &privKey->u.dsa.item); \
if (rv != SECSuccess) goto loser;
COPY_DSA_ITEM(params.prime);
COPY_DSA_ITEM(params.subPrime);
COPY_DSA_ITEM(params.base);
COPY_DSA_ITEM(publicValue);
COPY_DSA_ITEM(privateValue);
return dsaKey;
loser:
if (arena)
PORT_FreeArena(arena, PR_TRUE);
return NULL;
#undef COPY_DSA_ITEM
}
static void
DSA_DestroySignContext(DSAPrivateKey * key)
{
if (key && key->params.arena)
PORT_FreeArena(key->params.arena, PR_TRUE);
}
/*
* turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by
* Deprecating a full des key to 40 bit key strenth.
@ -3068,7 +2991,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
PK11Session *session;
PRBool checkWeak = PR_FALSE;
CK_ULONG key_length = 0;
CK_KEY_TYPE key_type = -1;
CK_KEY_TYPE key_type = CKK_INVALID_KEY_TYPE;
CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
CK_RV crv = CKR_OK;
CK_BBOOL cktrue = CK_TRUE;
@ -3180,7 +3103,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
/* if there was no error,
* key_type *MUST* be set in the switch statement above */
PORT_Assert( key_type != -1 );
PORT_Assert( key_type != CKK_INVALID_KEY_TYPE );
/*
* now to the actual key gen.
@ -3617,7 +3540,7 @@ dhgn_done:
static SECItem *pk11_PackagePrivateKey(PK11Object *key)
{
SECKEYLowPrivateKey *lk = NULL;
SECKEYPrivateKeyInfo *pki = NULL;
PrivateKeyInfo *pki = NULL;
PK11Attribute *attribute = NULL;
PLArenaPool *arena = NULL;
SECOidTag algorithm = SEC_OID_UNKNOWN;
@ -3646,8 +3569,8 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key)
goto loser;
}
pki = (SECKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena,
sizeof(SECKEYPrivateKeyInfo));
pki = (PrivateKeyInfo*)PORT_ArenaZAlloc(arena,
sizeof(PrivateKeyInfo));
if(!pki) {
rv = SECFailure;
goto loser;
@ -3656,26 +3579,25 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key)
param = NULL;
switch(lk->keyType) {
case rsaKey:
case lowRSAKey:
dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
SECKEY_RSAPrivateKeyTemplate);
SECKEY_LowRSAPrivateKeyTemplate);
algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
break;
case dsaKey:
case lowDSAKey:
dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
SECKEY_DSAPrivateKeyExportTemplate);
SECKEY_LowDSAPrivateKeyExportTemplate);
param = SEC_ASN1EncodeItem(NULL, NULL, &(lk->u.dsa.params),
SECKEY_PQGParamsTemplate);
SECKEY_LowPQGParamsTemplate);
algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
break;
case fortezzaKey:
case dhKey:
case lowDHKey:
default:
dummy = NULL;
break;
}
if(!dummy || ((lk->keyType == dsaKey) && !param)) {
if(!dummy || ((lk->keyType == lowDSAKey) && !param)) {
goto loser;
}
@ -3826,7 +3748,7 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
void *paramDest = NULL;
PLArenaPool *arena;
SECKEYLowPrivateKey *lpk = NULL;
SECKEYPrivateKeyInfo *pki = NULL;
PrivateKeyInfo *pki = NULL;
SECItem *ck_id = NULL;
CK_RV crv = CKR_KEY_TYPE_INCONSISTENT;
@ -3835,8 +3757,8 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
return SECFailure;
}
pki = (SECKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena,
sizeof(SECKEYPrivateKeyInfo));
pki = (PrivateKeyInfo*)PORT_ArenaZAlloc(arena,
sizeof(PrivateKeyInfo));
if(!pki) {
PORT_FreeArena(arena, PR_TRUE);
return SECFailure;
@ -3857,19 +3779,18 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keyTemplate = SECKEY_RSAPrivateKeyTemplate;
keyTemplate = SECKEY_LowRSAPrivateKeyTemplate;
paramTemplate = NULL;
paramDest = NULL;
lpk->keyType = rsaKey;
lpk->keyType = lowRSAKey;
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
paramTemplate = SECKEY_PQGParamsTemplate;
keyTemplate = SECKEY_LowDSAPrivateKeyExportTemplate;
paramTemplate = SECKEY_LowPQGParamsTemplate;
paramDest = &(lpk->u.dsa.params);
lpk->keyType = dsaKey;
lpk->keyType = lowDSAKey;
break;
/* case dhKey: */
/* case fortezzaKey: */
/* case lowDHKey: */
default:
keyTemplate = NULL;
paramTemplate = NULL;
@ -3897,7 +3818,7 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
rv = SECFailure;
switch (lpk->keyType) {
case rsaKey:
case lowRSAKey:
keyType = CKK_RSA;
if(pk11_hasAttribute(key, CKA_NETSCAPE_DB)) {
pk11_DeleteAttributeType(key, CKA_NETSCAPE_DB);
@ -3941,7 +3862,7 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
crv = pk11_AddAttributeType(key, CKA_COEFFICIENT,
pk11_item_expand(&lpk->u.rsa.coefficient));
break;
case dsaKey:
case lowDSAKey:
keyType = CKK_DSA;
crv = (pk11_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK :
CKR_KEY_TYPE_INCONSISTENT;
@ -3969,7 +3890,7 @@ pk11_unwrapPrivateKey(PK11Object *key, SECItem *bpki)
if(crv != CKR_OK) break;
break;
#ifdef notdef
case dhKey:
case lowDHKey:
template = dhTemplate;
templateCount = sizeof(dhTemplate)/sizeof(CK_ATTRIBUTE);
keyType = CKK_DH;
@ -4013,7 +3934,6 @@ CK_RV NSC_UnwrapKey(CK_SESSION_HANDLE hSession,
int i;
CK_ULONG bsize = ulWrappedKeyLen;
PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
PK11Attribute *attr = NULL;
SECItem bpki;
CK_OBJECT_CLASS target_type = CKO_SECRET_KEY;
PRBool isLynks = PR_FALSE;
@ -4233,10 +4153,10 @@ pk11_freeSSLKeys(CK_SESSION_HANDLE session,
static CK_RV
pk11_DeriveSensitiveCheck(PK11Object *baseKey,PK11Object *destKey) {
PRBool hasSensitive;
PRBool sensitive;
PRBool sensitive = PR_FALSE;
PRBool hasExtractable;
PRBool extractable;
CK_RV crv = PR_TRUE;
PRBool extractable = PR_TRUE;
CK_RV crv = CKR_OK;
PK11Attribute *att;
hasSensitive = PR_FALSE;

39
security/nss/lib/softoken/pkcs11i.h
Просмотреть файл

@ -372,6 +372,18 @@ typedef struct pk11_parametersStr {
PRBool pwRequired;
} pk11_parameters;
/* machine dependent path stuff used by dbinit.c and pk11db.c */
#ifdef macintosh
#define PATH_SEPARATOR ":"
#define SECMOD_DB "Security Modules"
#define CERT_DB_FMT "%sCertificates%s"
#define KEY_DB_FMT "%sKey Database%s"
#else
#define PATH_SEPARATOR "/"
#define SECMOD_DB "secmod.db"
#define CERT_DB_FMT "%scert%s.db"
#define KEY_DB_FMT "%skey%s.db"
#endif
SEC_BEGIN_PROTOS
@ -448,9 +460,30 @@ extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed);
extern void secmod_freeParams(pk11_parameters *params);
extern char *secmod_getSecmodName(char *params, PRBool *rw);
extern char ** SECMOD_ReadPermDB(char *dbname, char *params, PRBool rw);
extern SECStatus SECMOD_DeletePermDB(char *dbname,char *args, PRBool rw);
extern SECStatus SECMOD_AddPermDB(char *dbname, char *module, PRBool rw);
extern char ** secmod_ReadPermDB(char *dbname, char *params, PRBool rw);
extern SECStatus secmod_DeletePermDB(char *dbname,char *args, PRBool rw);
extern SECStatus secmod_AddPermDB(char *dbname, char *module, PRBool rw);
/*
* OK there are now lots of options here, lets go through them all:
*
* configdir - base directory where all the cert, key, and module datbases live.
* certPrefix - prefix added to the beginning of the cert database example: "
* "https-server1-"
* keyPrefix - prefix added to the beginning of the key database example: "
* "https-server1-"
* secmodName - name of the security module database (usually "secmod.db").
* readOnly - Boolean: true if the databases are to be openned read only.
* nocertdb - Don't open the cert DB and key DB's, just initialize the
* Volatile certdb.
* nomoddb - Don't open the security module DB, just initialize the
* PKCS #11 module.
* forceOpen - Continue to force initializations even if the databases cannot
* be opened.
*/
CK_RV pk11_DBInit(const char *configdir, const char *certPrefix,
const char *keyPrefix, const char *secmodName, PRBool readOnly,
PRBool noCertDB, PRBool noModDB, PRBool forceOpen);
SEC_END_PROTOS

1
security/nss/lib/softoken/pkcs11t.h
Просмотреть файл

@ -338,6 +338,7 @@ typedef CK_ULONG CK_KEY_TYPE;
#define CKK_AES 0x0000001F
#define CKK_VENDOR_DEFINED 0x80000000
#define CKK_INVALID_KEY_TYPE 0xffffffff
/* CK_CERTIFICATE_TYPE is a value that identifies a certificate

7
security/nss/lib/softoken/pkcs11u.c
Просмотреть файл

@ -36,6 +36,7 @@
#include "pkcs11.h"
#include "pkcs11i.h"
#include "key.h"
#include "keylow.h"
#include "certdb.h"
@ -142,10 +143,10 @@ pk11_NewAttribute(PK11Object *object,
* Free up all the memory associated with an attribute. Reference count
* must be zero to call this.
*/
#ifdef REF_COUNT_ATTRIBUTE
static void
pk11_DestroyAttribute(PK11Attribute *attribute)
{
#ifdef REF_COUNT_ATTRIBUTE
PORT_Assert(attribute->refCount == 0);
PK11_USE_THREADS(PZ_DestroyLock(attribute->refLock);)
if (attribute->attrib.pValue) {
@ -155,8 +156,8 @@ pk11_DestroyAttribute(PK11Attribute *attribute)
PORT_Free(attribute->attrib.pValue);
}
PORT_Free(attribute);
#endif
}
#endif
/*
@ -650,7 +651,6 @@ PK11Object *
pk11_NewObject(PK11Slot *slot)
{
PK11Object *object;
PLArenaPool *arena;
PRBool hasLocks = PR_FALSE;
int i;
@ -734,7 +734,6 @@ pk11_DestroyObject(PK11Object *object)
SECItem pubKey;
CK_RV crv = CKR_OK;
SECStatus rv;
PLArenaPool *arena = NULL;
PORT_Assert(object->refCount == 0);

42
security/nss/lib/softoken/rsawrapr.c
Просмотреть файл

@ -33,7 +33,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: rsawrapr.c,v 1.1 2000/03/31 19:29:42 relyea%netscape.com Exp $
* $Id: rsawrapr.c,v 1.2 2001/09/20 21:05:53 relyea%netscape.com Exp $
*/
#include "blapi.h"
@ -620,8 +620,8 @@ RSA_Sign(SECKEYLowPrivateKey *key,
if (maxOutputLen < modulus_len)
return SECFailure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
return SECFailure;
unformatted.len = input_len;
@ -661,8 +661,8 @@ RSA_CheckSign(SECKEYLowPublicKey *key,
goto failure;
if (hash_len > modulus_len - 8)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
@ -716,8 +716,8 @@ RSA_CheckSignRecover(SECKEYLowPublicKey *key,
if (sign_len != modulus_len)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
@ -778,8 +778,8 @@ RSA_EncryptBlock(SECKEYLowPublicKey *key,
formatted.data = NULL;
if (max_output_len < modulus_len)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
unformatted.len = input_len;
@ -818,8 +818,8 @@ RSA_DecryptBlock(SECKEYLowPrivateKey *key,
unsigned int i;
unsigned char * buffer;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
if (input_len != modulus_len)
goto failure;
@ -877,8 +877,8 @@ RSA_SignRaw(SECKEYLowPrivateKey *key,
if (maxOutputLen < modulus_len)
return SECFailure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
return SECFailure;
unformatted.len = input_len;
@ -913,8 +913,8 @@ RSA_CheckSignRaw(SECKEYLowPublicKey *key,
goto failure;
if (hash_len > modulus_len)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
buffer = (unsigned char *)PORT_Alloc(modulus_len + 1);
@ -957,8 +957,8 @@ RSA_CheckSignRecoverRaw(SECKEYLowPublicKey *key,
goto failure;
if (max_output_len < modulus_len)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
rv = RSA_PublicKeyOp(&key->u.rsa, data, sign);
@ -990,8 +990,8 @@ RSA_EncryptRaw(SECKEYLowPublicKey *key,
formatted.data = NULL;
if (max_output_len < modulus_len)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
unformatted.len = input_len;
@ -1031,8 +1031,8 @@ RSA_DecryptRaw(SECKEYLowPrivateKey *key,
goto failure;
if (modulus_len > max_output_len)
goto failure;
PORT_Assert(key->keyType == rsaKey);
if (key->keyType != rsaKey)
PORT_Assert(key->keyType == lowRSAKey);
if (key->keyType != lowRSAKey)
goto failure;
if (input_len != modulus_len)
goto failure;