mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Rename all internal private softoken functions types and symbols from 

PK11 or pk11 prefixes to SFTK or sftk prefixes.  Bug 286685.
r=relyea,wtchang  Modified Files:
 cmd/bltest/blapitest.c lib/pk11wrap/pk11pars.c lib/softoken/dbinit.c
 lib/softoken/dbmshim.c lib/softoken/fipstest.c lib/softoken/fipstokn.c
 lib/softoken/pcertdb.c lib/softoken/pk11db.c lib/softoken/pk11pars.h
 lib/softoken/pkcs11.c lib/softoken/pkcs11c.c lib/softoken/pkcs11i.h
 lib/softoken/pkcs11u.c lib/softoken/softoken.h lib/softoken/tlsprf.c
This commit is contained in:
nelsonb%netscape.com 2005-03-29 18:21:18 +00:00
Родитель 2028a434ec
Коммит c03b9d33fe
15 изменённых файлов: 2602 добавлений и 2602 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
security/nss/cmd/bltest/blapitest.c
Просмотреть файл

@ -2818,7 +2818,7 @@ int main(int argc, char **argv)
/* Do FIPS self-test */
if (bltest.commands[cmd_FIPS].activated) {
CK_RV ckrv = pk11_fipsPowerUpSelfTest();
CK_RV ckrv = sftk_fipsPowerUpSelfTest();
fprintf(stdout, "CK_RV: %ld.\n", ckrv);
return 0;
}

42
security/nss/lib/pk11wrap/pk11pars.c
Просмотреть файл

@ -128,26 +128,26 @@ SECMOD_CreateModule(const char *library, const char *moduleName,
if (parameters) {
mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters);
}
mod->internal = pk11_argHasFlag("flags","internal",nssc);
mod->isFIPS = pk11_argHasFlag("flags","FIPS",nssc);
mod->isCritical = pk11_argHasFlag("flags","critical",nssc);
slotParams = pk11_argGetParamValue("slotParams",nssc);
mod->slotInfo = pk11_argParseSlotInfo(mod->arena,slotParams,
mod->internal = sftk_argHasFlag("flags","internal",nssc);
mod->isFIPS = sftk_argHasFlag("flags","FIPS",nssc);
mod->isCritical = sftk_argHasFlag("flags","critical",nssc);
slotParams = sftk_argGetParamValue("slotParams",nssc);
mod->slotInfo = sftk_argParseSlotInfo(mod->arena,slotParams,
&mod->slotInfoCount);
if (slotParams) PORT_Free(slotParams);
/* new field */
mod->trustOrder = pk11_argReadLong("trustOrder",nssc,
PK11_DEFAULT_TRUST_ORDER,NULL);
mod->trustOrder = sftk_argReadLong("trustOrder",nssc,
SFTK_DEFAULT_TRUST_ORDER,NULL);
/* new field */
mod->cipherOrder = pk11_argReadLong("cipherOrder",nssc,
PK11_DEFAULT_CIPHER_ORDER,NULL);
mod->cipherOrder = sftk_argReadLong("cipherOrder",nssc,
SFTK_DEFAULT_CIPHER_ORDER,NULL);
/* new field */
mod->isModuleDB = pk11_argHasFlag("flags","moduleDB",nssc);
mod->moduleDBOnly = pk11_argHasFlag("flags","moduleDBOnly",nssc);
mod->isModuleDB = sftk_argHasFlag("flags","moduleDB",nssc);
mod->moduleDBOnly = sftk_argHasFlag("flags","moduleDBOnly",nssc);
if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE;
ciphers = pk11_argGetParamValue("ciphers",nssc);
pk11_argSetNewCipherFlags(&mod->ssl[0],ciphers);
ciphers = sftk_argGetParamValue("ciphers",nssc);
sftk_argSetNewCipherFlags(&mod->ssl[0],ciphers);
if (ciphers) PORT_Free(ciphers);
secmod_PrivateModuleCount++;
@ -156,7 +156,7 @@ SECMOD_CreateModule(const char *library, const char *moduleName,
}
static char *
pk11_mkModuleSpec(SECMODModule * module)
secmod_mkModuleSpec(SECMODModule * module)
{
char *nss = NULL, *modSpec = NULL, **slotStrings = NULL;
int slotCount, i, si;
@ -189,7 +189,7 @@ pk11_mkModuleSpec(SECMODModule * module)
if (module->slots[i]->defaultFlags) {
PORT_Assert(si < slotCount);
if (si >= slotCount) break;
slotStrings[si] = pk11_mkSlotString(module->slots[i]->slotID,
slotStrings[si] = sftk_mkSlotString(module->slots[i]->slotID,
module->slots[i]->defaultFlags,
module->slots[i]->timeout,
module->slots[i]->askpw,
@ -200,7 +200,7 @@ pk11_mkModuleSpec(SECMODModule * module)
}
} else {
for (i=0; i < slotCount; i++) {
slotStrings[i] = pk11_mkSlotString(module->slotInfo[i].slotID,
slotStrings[i] = sftk_mkSlotString(module->slotInfo[i].slotID,
module->slotInfo[i].defaultFlags,
module->slotInfo[i].timeout,
module->slotInfo[i].askpw,
@ -210,10 +210,10 @@ pk11_mkModuleSpec(SECMODModule * module)
}
SECMOD_ReleaseReadLock(moduleLock);
nss = pk11_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS,
nss = sftk_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS,
module->isModuleDB, module->moduleDBOnly, module->isCritical,
module->trustOrder,module->cipherOrder,module->ssl[0],module->ssl[1]);
modSpec= pk11_mkNewModuleSpec(module->dllName,module->commonName,
modSpec= sftk_mkNewModuleSpec(module->dllName,module->commonName,
module->libraryParams,nss);
PORT_Free(slotStrings);
PR_smprintf_free(nss);
@ -244,7 +244,7 @@ SECMOD_AddPermDB(SECMODModule *module)
func = (SECMODModuleDBFunc) module->parent->moduleDBFunc;
if (func) {
moduleSpec = pk11_mkModuleSpec(module);
moduleSpec = secmod_mkModuleSpec(module);
retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD,
module->parent->libraryParams,moduleSpec);
PORT_Free(moduleSpec);
@ -264,7 +264,7 @@ SECMOD_DeletePermDB(SECMODModule *module)
func = (SECMODModuleDBFunc) module->parent->moduleDBFunc;
if (func) {
moduleSpec = pk11_mkModuleSpec(module);
moduleSpec = secmod_mkModuleSpec(module);
retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL,
module->parent->libraryParams,moduleSpec);
PORT_Free(moduleSpec);
@ -300,7 +300,7 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
/* initialize the underlying module structures */
SECMOD_Init();
status = pk11_argParseModuleSpec(modulespec, &library, &moduleName,
status = sftk_argParseModuleSpec(modulespec, &library, &moduleName,
&parameters, &nss);
if (status != SECSuccess) {
goto loser;

54
security/nss/lib/softoken/dbinit.c
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: dbinit.c,v 1.24 2005/01/04 18:20:00 wtchang%redhat.com Exp $ */
/* $Id: dbinit.c,v 1.25 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */
#include <ctype.h>
#include "seccomon.h"
@ -50,7 +50,7 @@
#include "pkcs11i.h"
static char *
pk11_certdb_name_cb(void *arg, int dbVersion)
sftk_certdb_name_cb(void *arg, int dbVersion)
{
const char *configdir = (const char *)arg;
const char *dbver;
@ -87,7 +87,7 @@ pk11_certdb_name_cb(void *arg, int dbVersion)
}
static char *
pk11_keydb_name_cb(void *arg, int dbVersion)
sftk_keydb_name_cb(void *arg, int dbVersion)
{
const char *configdir = (const char *)arg;
const char *dbver;
@ -119,7 +119,7 @@ pk11_keydb_name_cb(void *arg, int dbVersion)
}
const char *
pk11_EvaluateConfigDir(const char *configdir,char **appName)
sftk_EvaluateConfigDir(const char *configdir,char **appName)
{
if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
char *cdir;
@ -142,7 +142,7 @@ pk11_EvaluateConfigDir(const char *configdir,char **appName)
}
static CK_RV
pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
sftk_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
NSSLOWCERTCertDBHandle **certdbPtr)
{
NSSLOWCERTCertDBHandle *certdb = NULL;
@ -155,7 +155,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
prefix = "";
}
configdir = pk11_EvaluateConfigDir(configdir, &appName);
configdir = sftk_EvaluateConfigDir(configdir, &appName);
name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
if (name == NULL) goto loser;
@ -166,7 +166,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
/* fix when we get the DB in */
rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix,
pk11_certdb_name_cb, (void *)name, PR_FALSE);
sftk_certdb_name_cb, (void *)name, PR_FALSE);
if (rv == SECSuccess) {
crv = CKR_OK;
*certdbPtr = certdb;
@ -180,7 +180,7 @@ loser:
}
static CK_RV
pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
sftk_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
NSSLOWKEYDBHandle **keydbPtr)
{
NSSLOWKEYDBHandle *keydb;
@ -190,13 +190,13 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
if (prefix == NULL) {
prefix = "";
}
configdir = pk11_EvaluateConfigDir(configdir, &appName);
configdir = sftk_EvaluateConfigDir(configdir, &appName);
name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
if (name == NULL)
return CKR_HOST_MEMORY;
keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix,
pk11_keydb_name_cb, (void *)name);
sftk_keydb_name_cb, (void *)name);
PR_smprintf_free(name);
if (appName) PORT_Free(appName);
if (keydb == NULL)
@ -225,7 +225,7 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
* be opened.
*/
CK_RV
pk11_DBInit(const char *configdir, const char *certPrefix,
sftk_DBInit(const char *configdir, const char *certPrefix,
const char *keyPrefix, PRBool readOnly,
PRBool noCertDB, PRBool noKeyDB, PRBool forceOpen,
NSSLOWCERTCertDBHandle **certdbPtr, NSSLOWKEYDBHandle **keydbPtr)
@ -234,7 +234,7 @@ pk11_DBInit(const char *configdir, const char *certPrefix,
if (!noCertDB) {
crv = pk11_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr);
crv = sftk_OpenCertDB(configdir, certPrefix, readOnly, certdbPtr);
if (crv != CKR_OK) {
if (!forceOpen) goto loser;
crv = CKR_OK;
@ -242,7 +242,7 @@ pk11_DBInit(const char *configdir, const char *certPrefix,
}
if (!noKeyDB) {
crv = pk11_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr);
crv = sftk_OpenKeyDB(configdir, keyPrefix, readOnly, keydbPtr);
if (crv != CKR_OK) {
if (!forceOpen) goto loser;
crv = CKR_OK;
@ -256,7 +256,7 @@ loser:
void
pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
NSSLOWKEYDBHandle *keyHandle)
{
if (certHandle) {
@ -270,8 +270,8 @@ pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
}
static int rdbmapflags(int flags);
static rdbfunc pk11_rdbfunc = NULL;
static rdbstatusfunc pk11_rdbstatusfunc = NULL;
static rdbfunc sftk_rdbfunc = NULL;
static rdbstatusfunc sftk_rdbstatusfunc = NULL;
/* NOTE: SHLIB_SUFFIX is defined on the command line */
#define RDBLIB SHLIB_PREFIX"rdb."SHLIB_SUFFIX
@ -282,10 +282,10 @@ DB * rdbopen(const char *appName, const char *prefix,
PRLibrary *lib;
DB *db;
if (pk11_rdbfunc) {
db = (*pk11_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
if (!db && status && pk11_rdbstatusfunc) {
*status = (*pk11_rdbstatusfunc)();
if (sftk_rdbfunc) {
db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
if (!db && status && sftk_rdbstatusfunc) {
*status = (*sftk_rdbstatusfunc)();
}
return db;
}
@ -300,12 +300,12 @@ DB * rdbopen(const char *appName, const char *prefix,
}
/* get the entry points */
pk11_rdbstatusfunc = (rdbstatusfunc) PR_FindSymbol(lib,"rdbstatus");
pk11_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen");
if (pk11_rdbfunc) {
db = (*pk11_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
if (!db && status && pk11_rdbstatusfunc) {
*status = (*pk11_rdbstatusfunc)();
sftk_rdbstatusfunc = (rdbstatusfunc) PR_FindSymbol(lib,"rdbstatus");
sftk_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen");
if (sftk_rdbfunc) {
db = (*sftk_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
if (!db && status && sftk_rdbstatusfunc) {
*status = (*sftk_rdbstatusfunc)();
}
return db;
}
@ -385,7 +385,7 @@ db_InitComplete(DB *db)
/* we should have addes a version number to the RDBS structure. Since we
* didn't, we detect that we have and 'extended' structure if the rdbstatus
* func exists */
if (!pk11_rdbstatusfunc) {
if (!sftk_rdbstatusfunc) {
return 0;
}

4
security/nss/lib/softoken/dbmshim.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* Berkeley DB 1.85 Shim code to handle blobs.
*
* $Id: dbmshim.c,v 1.10 2004/04/25 15:03:16 gerv%gerv.net Exp $
* $Id: dbmshim.c,v 1.11 2005/03/29 18:21:18 nelsonb%netscape.com Exp $
*/
#include "mcom_db.h"
#include "secitem.h"
@ -45,7 +45,7 @@
#include "prprf.h"
#include "cdbhdl.h"
/* Call to PK11_FreeSlot below */
/* Call to SFTK_FreeSlot below */
#include "pcertt.h"
#include "secasn1.h"

40
security/nss/lib/softoken/fipstest.c
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: fipstest.c,v 1.7 2004/04/27 23:04:38 gerv%gerv.net Exp $ */
/* $Id: fipstest.c,v 1.8 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */
#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
/* DES-CBC, DES3-ECB, DES3-CBC, RSA */
@ -107,7 +107,7 @@
#define FIPS_DSA_BASE_LENGTH 64 /* 512-bits */
static CK_RV
pk11_fips_RC2_PowerUpSelfTest( void )
sftk_fips_RC2_PowerUpSelfTest( void )
{
/* RC2 Known Key (40-bits). */
static const PRUint8 rc2_known_key[] = { "RSARC" };
@ -238,7 +238,7 @@ pk11_fips_RC2_PowerUpSelfTest( void )
static CK_RV
pk11_fips_RC4_PowerUpSelfTest( void )
sftk_fips_RC4_PowerUpSelfTest( void )
{
/* RC4 Known Key (40-bits). */
static const PRUint8 rc4_known_key[] = { "RSARC" };
@ -307,7 +307,7 @@ pk11_fips_RC4_PowerUpSelfTest( void )
static CK_RV
pk11_fips_DES_PowerUpSelfTest( void )
sftk_fips_DES_PowerUpSelfTest( void )
{
/* DES Known Key (56-bits). */
static const PRUint8 des_known_key[] = { "ANSI DES" };
@ -434,7 +434,7 @@ pk11_fips_DES_PowerUpSelfTest( void )
static CK_RV
pk11_fips_DES3_PowerUpSelfTest( void )
sftk_fips_DES3_PowerUpSelfTest( void )
{
/* DES3 Known Key (56-bits). */
static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
@ -563,7 +563,7 @@ pk11_fips_DES3_PowerUpSelfTest( void )
static CK_RV
pk11_fips_MD2_PowerUpSelfTest( void )
sftk_fips_MD2_PowerUpSelfTest( void )
{
/* MD2 Known Hash Message (512-bits). */
static const PRUint8 md2_known_hash_message[] = {
@ -608,7 +608,7 @@ pk11_fips_MD2_PowerUpSelfTest( void )
static CK_RV
pk11_fips_MD5_PowerUpSelfTest( void )
sftk_fips_MD5_PowerUpSelfTest( void )
{
/* MD5 Known Hash Message (512-bits). */
static const PRUint8 md5_known_hash_message[] = {
@ -641,7 +641,7 @@ pk11_fips_MD5_PowerUpSelfTest( void )
static CK_RV
pk11_fips_SHA1_PowerUpSelfTest( void )
sftk_fips_SHA1_PowerUpSelfTest( void )
{
/* SHA-1 Known Hash Message (512-bits). */
static const PRUint8 sha1_known_hash_message[] = {
@ -675,7 +675,7 @@ pk11_fips_SHA1_PowerUpSelfTest( void )
static CK_RV
pk11_fips_RSA_PowerUpSelfTest( void )
sftk_fips_RSA_PowerUpSelfTest( void )
{
/* RSA Known Modulus used in both Public/Private Key Values (520-bits). */
static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
@ -913,7 +913,7 @@ rsa_loser:
static CK_RV
pk11_fips_DSA_PowerUpSelfTest( void )
sftk_fips_DSA_PowerUpSelfTest( void )
{
/* DSA Known P (512-bits), Q (160-bits), and G (512-bits) Values. */
static const PRUint8 dsa_P[] = {
@ -1032,60 +1032,60 @@ pk11_fips_DSA_PowerUpSelfTest( void )
CK_RV
pk11_fipsPowerUpSelfTest( void )
sftk_fipsPowerUpSelfTest( void )
{
CK_RV rv;
/* RC2 Power-Up SelfTest(s). */
rv = pk11_fips_RC2_PowerUpSelfTest();
rv = sftk_fips_RC2_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* RC4 Power-Up SelfTest(s). */
rv = pk11_fips_RC4_PowerUpSelfTest();
rv = sftk_fips_RC4_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* DES Power-Up SelfTest(s). */
rv = pk11_fips_DES_PowerUpSelfTest();
rv = sftk_fips_DES_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* DES3 Power-Up SelfTest(s). */
rv = pk11_fips_DES3_PowerUpSelfTest();
rv = sftk_fips_DES3_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* MD2 Power-Up SelfTest(s). */
rv = pk11_fips_MD2_PowerUpSelfTest();
rv = sftk_fips_MD2_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* MD5 Power-Up SelfTest(s). */
rv = pk11_fips_MD5_PowerUpSelfTest();
rv = sftk_fips_MD5_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* SHA-1 Power-Up SelfTest(s). */
rv = pk11_fips_SHA1_PowerUpSelfTest();
rv = sftk_fips_SHA1_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* RSA Power-Up SelfTest(s). */
rv = pk11_fips_RSA_PowerUpSelfTest();
rv = sftk_fips_RSA_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* DSA Power-Up SelfTest(s). */
rv = pk11_fips_DSA_PowerUpSelfTest();
rv = sftk_fips_DSA_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;

134
security/nss/lib/softoken/fipstokn.c
Просмотреть файл

@ -64,7 +64,7 @@ static PRBool isLoggedIn = PR_FALSE;
static PRBool fatalError = PR_FALSE;
/* Fips required checks before any useful crypto graphic services */
static CK_RV pk11_fipsCheck(void) {
static CK_RV sftk_fipsCheck(void) {
if (isLoggedIn != PR_TRUE)
return CKR_USER_NOT_LOGGED_IN;
if (fatalError)
@ -73,11 +73,11 @@ static CK_RV pk11_fipsCheck(void) {
}
#define PK11_FIPSCHECK() \
#define SFTK_FIPSCHECK() \
CK_RV rv; \
if ((rv = pk11_fipsCheck()) != CKR_OK) return rv;
if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
#define PK11_FIPSFATALCHECK() \
#define SFTK_FIPSFATALCHECK() \
if (fatalError) return CKR_DEVICE_ERROR;
@ -118,7 +118,7 @@ fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate,
#include "pkcs11f.h"
/* ------------- build the CK_CRYPTO_TABLE ------------------------- */
static CK_FUNCTION_LIST pk11_fipsTable = {
static CK_FUNCTION_LIST sftk_fipsTable = {
{ 1, 10 },
#undef CK_NEED_ARG_LIST
@ -149,7 +149,7 @@ fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
if (rv == CKR_OK) {
if ((objClass == CKO_PRIVATE_KEY) || (objClass == CKO_SECRET_KEY)) {
rv = pk11_fipsCheck();
rv = sftk_fipsCheck();
}
}
return rv;
@ -163,7 +163,7 @@ fips_login_if_key_object(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
**********************************************************************/
/* return the function list */
CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) {
*pFunctionList = &pk11_fipsTable;
*pFunctionList = &sftk_fipsTable;
return CKR_OK;
}
@ -180,7 +180,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
crv = nsc_CommonInitialize(pReserved, PR_TRUE);
/* not an 'else' rv can be set by either PK11_LowInit or PK11_SlotInit*/
/* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
if (crv != CKR_OK) {
fatalError = PR_TRUE;
return crv;
@ -188,7 +188,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
fatalError = PR_FALSE; /* any error has been reset */
crv = pk11_fipsPowerUpSelfTest();
crv = sftk_fipsPowerUpSelfTest();
if (crv != CKR_OK) {
nsc_CommonFinalize(NULL, PR_TRUE);
fatalError = PR_TRUE;
@ -252,7 +252,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/
CK_RV FC_GetMechanismList(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
/* FIPS Slot supports all functions */
return NSC_GetMechanismList(slotID,pMechanismList,pusCount);
@ -263,7 +263,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* possibly supported by a token. */
CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID;
/* FIPS Slot supports all functions */
return NSC_GetMechanismInfo(slotID,type,pInfo);
@ -289,14 +289,14 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) {
CK_RV rv;
if ((rv = pk11_fipsCheck()) != CKR_OK) return rv;
if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
return NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen);
}
/* FC_OpenSession opens a session between an application and a token. */
CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession);
}
@ -317,7 +317,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = NSC_GetSessionInfo(hSession,pInfo);
if (rv == CKR_OK) {
@ -335,7 +335,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
CK_CHAR_PTR pPin, CK_ULONG usPinLen) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = NSC_Login(hSession,userType,pPin,usPinLen);
if (rv == CKR_OK)
isLoggedIn = PR_TRUE;
@ -344,7 +344,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
isLoggedIn = PR_TRUE;
/* Provide FIPS PUB 140-1 power-up self-tests on demand. */
rv = pk11_fipsPowerUpSelfTest();
rv = sftk_fipsPowerUpSelfTest();
if (rv == CKR_OK)
return CKR_USER_ALREADY_LOGGED_IN;
else
@ -355,7 +355,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_Logout logs a user out from a token. */
CK_RV FC_Logout(CK_SESSION_HANDLE hSession) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
rv = NSC_Logout(hSession);
isLoggedIn = PR_FALSE;
@ -368,7 +368,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject) {
CK_OBJECT_CLASS * classptr;
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;
@ -388,7 +388,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
CK_OBJECT_HANDLE_PTR phNewObject) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = fips_login_if_key_object(hSession, hObject);
if (rv != CKR_OK) {
return rv;
@ -401,7 +401,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = fips_login_if_key_object(hSession, hObject);
if (rv != CKR_OK) {
return rv;
@ -414,7 +414,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pusSize) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = fips_login_if_key_object(hSession, hObject);
if (rv != CKR_OK) {
return rv;
@ -427,7 +427,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = fips_login_if_key_object(hSession, hObject);
if (rv != CKR_OK) {
return rv;
@ -440,7 +440,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
CK_RV rv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
rv = fips_login_if_key_object(hSession, hObject);
if (rv != CKR_OK) {
return rv;
@ -459,7 +459,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV rv;
PRBool needLogin = PR_FALSE;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
for (i=0; i < usCount; i++) {
CK_OBJECT_CLASS class;
@ -479,7 +479,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
}
}
if (needLogin) {
if ((rv = pk11_fipsCheck()) != CKR_OK) return rv;
if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
}
return NSC_FindObjectsInit(hSession,pTemplate,usCount);
}
@ -491,7 +491,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount,
CK_ULONG_PTR pusObjectCount) {
/* let publically readable object be found */
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_FindObjects(hSession,phObject,usMaxObjectCount,
pusObjectCount);
}
@ -504,7 +504,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_EncryptInit initializes an encryption operation. */
CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_EncryptInit(hSession,pMechanism,hKey);
}
@ -512,7 +512,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pusEncryptedDataLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData,
pusEncryptedDataLen);
}
@ -522,7 +522,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pusEncryptedPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart,
pusEncryptedPartLen);
}
@ -532,7 +532,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_EncryptFinal(hSession,pLastEncryptedPart,
pusLastEncryptedPartLen);
}
@ -545,7 +545,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_DecryptInit initializes a decryption operation. */
CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DecryptInit(hSession,pMechanism,hKey);
}
@ -553,7 +553,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData,
CK_ULONG_PTR pusDataLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData,
pusDataLen);
}
@ -563,7 +563,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen,
pPart,pusPartLen);
}
@ -572,7 +572,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_DecryptFinal finishes a multiple-part decryption operation. */
CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen);
}
@ -584,7 +584,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_DigestInit initializes a message-digesting operation. */
CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_DigestInit(hSession, pMechanism);
}
@ -593,7 +593,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_Digest(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
CK_ULONG_PTR pusDigestLen) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen);
}
@ -601,7 +601,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_DigestUpdate continues a multiple-part message-digesting operation. */
CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
CK_ULONG usPartLen) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_DigestUpdate(hSession,pPart,usPartLen);
}
@ -609,7 +609,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_DigestFinal finishes a multiple-part message-digesting operation. */
CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
CK_ULONG_PTR pusDigestLen) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_DigestFinal(hSession,pDigest,pusDigestLen);
}
@ -623,7 +623,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* and plaintext cannot be recovered from the signature */
CK_RV FC_SignInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_SignInit(hSession,pMechanism,hKey);
}
@ -634,7 +634,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_Sign(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature,
CK_ULONG_PTR pusSignatureLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen);
}
@ -644,7 +644,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* and plaintext cannot be recovered from the signature */
CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
CK_ULONG usPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_SignUpdate(hSession,pPart,usPartLen);
}
@ -653,7 +653,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* returning the signature. */
CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,
CK_ULONG_PTR pusSignatureLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_SignFinal(hSession,pSignature,pusSignatureLen);
}
@ -665,7 +665,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* E.g. encryption with the user's private key */
CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_SignRecoverInit(hSession,pMechanism,hKey);
}
@ -675,7 +675,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* E.g. encryption with the user's private key */
CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen);
}
@ -688,7 +688,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* and plaintext cannot be recovered from the signature (e.g. DSA) */
CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_VerifyInit(hSession,pMechanism,hKey);
}
@ -699,7 +699,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) {
/* make sure we're legal */
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen);
}
@ -709,7 +709,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* and plaintext cannot be recovered from the signature */
CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG usPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_VerifyUpdate(hSession,pPart,usPartLen);
}
@ -718,7 +718,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* checking the signature. */
CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_VerifyFinal(hSession,pSignature,usSignatureLen);
}
@ -731,7 +731,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
* E.g. Decryption with the user's public key */
CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
}
@ -742,7 +742,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen,
CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData,
pusDataLen);
}
@ -757,7 +757,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_OBJECT_HANDLE_PTR phKey) {
CK_BBOOL *boolptr;
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
/* all secret keys must be sensitive, if the upper level code tries to say
* otherwise, reject it. */
@ -781,7 +781,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_OBJECT_HANDLE_PTR phPrivateKey) {
CK_BBOOL *boolptr;
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
/* all private keys must be sensitive, if the upper level code tries to say
* otherwise, reject it. */
@ -803,7 +803,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pusWrappedKeyLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
pusWrappedKeyLen);
}
@ -817,7 +817,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_OBJECT_HANDLE_PTR phKey) {
CK_BBOOL *boolptr;
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
/* all secret keys must be sensitive, if the upper level code tries to say
* otherwise, reject it. */
@ -840,7 +840,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_OBJECT_HANDLE_PTR phKey) {
CK_BBOOL *boolptr;
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
/* all secret keys must be sensitive, if the upper level code tries to say
* otherwise, reject it. */
@ -865,7 +865,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_ULONG usSeedLen) {
CK_RV crv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
if (crv != CKR_OK) {
fatalError = PR_TRUE;
@ -879,7 +879,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
CK_BYTE_PTR pRandomData, CK_ULONG usRandomLen) {
CK_RV crv;
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
crv = NSC_GenerateRandom(hSession,pRandomData,usRandomLen);
if (crv != CKR_OK) {
fatalError = PR_TRUE;
@ -891,14 +891,14 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
/* FC_GetFunctionStatus obtains an updated status of a function running
* in parallel with an application. */
CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_GetFunctionStatus(hSession);
}
/* FC_CancelFunction cancels a function running in parallel */
CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_CancelFunction(hSession);
}
@ -910,7 +910,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
*operation in a session. */
CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen);
}
@ -920,7 +920,7 @@ CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession,
CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) {
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen,
hEncryptionKey,hAuthenticationKey);
}
@ -928,7 +928,7 @@ CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession,
/* FC_FindObjectsFinal finishes a search for token and session objects. */
CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
/* let publically readable object be found */
PK11_FIPSFATALCHECK();
SFTK_FIPSFATALCHECK();
return NSC_FindObjectsFinal(hSession);
}
@ -940,7 +940,7 @@ CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
pulEncryptedPartLen);
}
@ -952,7 +952,7 @@ CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen,
pPart,pulPartLen);
}
@ -963,7 +963,7 @@ CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
pulEncryptedPartLen);
}
@ -974,7 +974,7 @@ CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen,
pData,pulDataLen);
}
@ -984,7 +984,7 @@ CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
* by digesting the value of a secret key as part of the data already digested.
*/
CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) {
PK11_FIPSCHECK();
SFTK_FIPSCHECK();
return NSC_DigestKey(hSession,hKey);
}

4
security/nss/lib/softoken/pcertdb.c
Просмотреть файл

@ -37,7 +37,7 @@
/*
* Permanent Certificate database handling code
*
* $Id: pcertdb.c,v 1.48 2004/04/25 15:03:16 gerv%gerv.net Exp $
* $Id: pcertdb.c,v 1.49 2005/03/29 18:21:18 nelsonb%netscape.com Exp $
*/
#include "prtime.h"
@ -48,7 +48,7 @@
#include "secitem.h"
#include "secder.h"
/* Call to PK11_FreeSlot below */
/* Call to SFTK_FreeSlot below */
#include "secasn1.h"
#include "secerr.h"

176
security/nss/lib/softoken/pk11db.c
Просмотреть файл

@ -48,83 +48,83 @@
#define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
static void
secmod_parseTokenFlags(char *tmp, pk11_token_parameters *parsed) {
parsed->readOnly = pk11_argHasFlag("flags","readOnly",tmp);
parsed->noCertDB = pk11_argHasFlag("flags","noCertDB",tmp);
parsed->noKeyDB = pk11_argHasFlag("flags","noKeyDB",tmp);
parsed->forceOpen = pk11_argHasFlag("flags","forceOpen",tmp);
parsed->pwRequired = pk11_argHasFlag("flags","passwordRequired",tmp);
parsed->optimizeSpace = pk11_argHasFlag("flags","optimizeSpace",tmp);
secmod_parseTokenFlags(char *tmp, sftk_token_parameters *parsed) {
parsed->readOnly = sftk_argHasFlag("flags","readOnly",tmp);
parsed->noCertDB = sftk_argHasFlag("flags","noCertDB",tmp);
parsed->noKeyDB = sftk_argHasFlag("flags","noKeyDB",tmp);
parsed->forceOpen = sftk_argHasFlag("flags","forceOpen",tmp);
parsed->pwRequired = sftk_argHasFlag("flags","passwordRequired",tmp);
parsed->optimizeSpace = sftk_argHasFlag("flags","optimizeSpace",tmp);
return;
}
static void
secmod_parseFlags(char *tmp, pk11_parameters *parsed) {
parsed->noModDB = pk11_argHasFlag("flags","noModDB",tmp);
parsed->readOnly = pk11_argHasFlag("flags","readOnly",tmp);
secmod_parseFlags(char *tmp, sftk_parameters *parsed) {
parsed->noModDB = sftk_argHasFlag("flags","noModDB",tmp);
parsed->readOnly = sftk_argHasFlag("flags","readOnly",tmp);
/* keep legacy interface working */
parsed->noCertDB = pk11_argHasFlag("flags","noCertDB",tmp);
parsed->forceOpen = pk11_argHasFlag("flags","forceOpen",tmp);
parsed->pwRequired = pk11_argHasFlag("flags","passwordRequired",tmp);
parsed->optimizeSpace = pk11_argHasFlag("flags","optimizeSpace",tmp);
parsed->noCertDB = sftk_argHasFlag("flags","noCertDB",tmp);
parsed->forceOpen = sftk_argHasFlag("flags","forceOpen",tmp);
parsed->pwRequired = sftk_argHasFlag("flags","passwordRequired",tmp);
parsed->optimizeSpace = sftk_argHasFlag("flags","optimizeSpace",tmp);
return;
}
CK_RV
secmod_parseTokenParameters(char *param, pk11_token_parameters *parsed)
secmod_parseTokenParameters(char *param, sftk_token_parameters *parsed)
{
int next;
char *tmp;
char *index;
index = pk11_argStrip(param);
index = sftk_argStrip(param);
while (*index) {
PK11_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
PK11_HANDLE_STRING_ARG(index,parsed->certPrefix,"certPrefix=",;)
PK11_HANDLE_STRING_ARG(index,parsed->keyPrefix,"keyPrefix=",;)
PK11_HANDLE_STRING_ARG(index,parsed->tokdes,"tokenDescription=",;)
PK11_HANDLE_STRING_ARG(index,parsed->slotdes,"slotDescription=",;)
PK11_HANDLE_STRING_ARG(index,tmp,"minPWLen=",
SFTK_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->certPrefix,"certPrefix=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->keyPrefix,"keyPrefix=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->tokdes,"tokenDescription=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->slotdes,"slotDescription=",;)
SFTK_HANDLE_STRING_ARG(index,tmp,"minPWLen=",
if(tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); })
PK11_HANDLE_STRING_ARG(index,tmp,"flags=",
SFTK_HANDLE_STRING_ARG(index,tmp,"flags=",
if(tmp) { secmod_parseTokenFlags(param,parsed); PORT_Free(tmp); })
PK11_HANDLE_FINAL_ARG(index)
SFTK_HANDLE_FINAL_ARG(index)
}
return CKR_OK;
}
static void
secmod_parseTokens(char *tokenParams, pk11_parameters *parsed)
secmod_parseTokens(char *tokenParams, sftk_parameters *parsed)
{
char *tokenIndex;
pk11_token_parameters *tokens = NULL;
sftk_token_parameters *tokens = NULL;
int i=0,count = 0,next;
if ((tokenParams == NULL) || (*tokenParams == 0)) return;
/* first count the number of slots */
for (tokenIndex = pk11_argStrip(tokenParams); *tokenIndex;
tokenIndex = pk11_argStrip(pk11_argSkipParameter(tokenIndex))) {
for (tokenIndex = sftk_argStrip(tokenParams); *tokenIndex;
tokenIndex = sftk_argStrip(sftk_argSkipParameter(tokenIndex))) {
count++;
}
/* get the data structures */
tokens = (pk11_token_parameters *)
PORT_ZAlloc(count*sizeof(pk11_token_parameters));
tokens = (sftk_token_parameters *)
PORT_ZAlloc(count*sizeof(sftk_token_parameters));
if (tokens == NULL) return;
for (tokenIndex = pk11_argStrip(tokenParams), i = 0;
for (tokenIndex = sftk_argStrip(tokenParams), i = 0;
*tokenIndex && i < count ; i++ ) {
char *name;
name = pk11_argGetName(tokenIndex,&next);
name = sftk_argGetName(tokenIndex,&next);
tokenIndex += next;
tokens[i].slotID = pk11_argDecodeNumber(name);
tokens[i].slotID = sftk_argDecodeNumber(name);
tokens[i].readOnly = PR_TRUE;
tokens[i].noCertDB = PR_TRUE;
tokens[i].noKeyDB = PR_TRUE;
if (!pk11_argIsBlank(*tokenIndex)) {
char *args = pk11_argFetchValue(tokenIndex,&next);
if (!sftk_argIsBlank(*tokenIndex)) {
char *args = sftk_argFetchValue(tokenIndex,&next);
tokenIndex += next;
if (args) {
secmod_parseTokenParameters(args,&tokens[i]);
@ -132,7 +132,7 @@ secmod_parseTokens(char *tokenParams, pk11_parameters *parsed)
}
}
if (name) PORT_Free(name);
tokenIndex = pk11_argStrip(tokenIndex);
tokenIndex = sftk_argStrip(tokenIndex);
}
parsed->token_count = i;
parsed->tokens = tokens;
@ -140,7 +140,7 @@ secmod_parseTokens(char *tokenParams, pk11_parameters *parsed)
}
CK_RV
secmod_parseParameters(char *param, pk11_parameters *parsed, PRBool isFIPS)
secmod_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS)
{
int next;
char *tmp;
@ -150,39 +150,39 @@ secmod_parseParameters(char *param, pk11_parameters *parsed, PRBool isFIPS)
char *slotdes = NULL, *pslotdes = NULL;
char *fslotdes = NULL, *fpslotdes = NULL;
char *minPW = NULL;
index = pk11_argStrip(param);
index = sftk_argStrip(param);
PORT_Memset(parsed, 0, sizeof(pk11_parameters));
PORT_Memset(parsed, 0, sizeof(sftk_parameters));
while (*index) {
PK11_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
PK11_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;)
PK11_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;)
PK11_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->configdir,"configDir=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->secmodName,"secmod=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->man,"manufacturerID=",;)
SFTK_HANDLE_STRING_ARG(index,parsed->libdes,"libraryDescription=",;)
/* constructed values, used so legacy interfaces still work */
PK11_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;)
PK11_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;)
PK11_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;)
PK11_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;)
PK11_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;)
PK11_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;)
PK11_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;)
PK11_HANDLE_STRING_ARG(index,minPW,"FIPSTokenDescription=",;)
PK11_HANDLE_STRING_ARG(index,tmp,"minPWLen=",;)
SFTK_HANDLE_STRING_ARG(index,certPrefix,"certPrefix=",;)
SFTK_HANDLE_STRING_ARG(index,keyPrefix,"keyPrefix=",;)
SFTK_HANDLE_STRING_ARG(index,tokdes,"cryptoTokenDescription=",;)
SFTK_HANDLE_STRING_ARG(index,ptokdes,"dbTokenDescription=",;)
SFTK_HANDLE_STRING_ARG(index,slotdes,"cryptoSlotDescription=",;)
SFTK_HANDLE_STRING_ARG(index,pslotdes,"dbSlotDescription=",;)
SFTK_HANDLE_STRING_ARG(index,fslotdes,"FIPSSlotDescription=",;)
SFTK_HANDLE_STRING_ARG(index,minPW,"FIPSTokenDescription=",;)
SFTK_HANDLE_STRING_ARG(index,tmp,"minPWLen=",;)
PK11_HANDLE_STRING_ARG(index,tmp,"flags=",
SFTK_HANDLE_STRING_ARG(index,tmp,"flags=",
if(tmp) { secmod_parseFlags(param,parsed); PORT_Free(tmp); })
PK11_HANDLE_STRING_ARG(index,tmp,"tokens=",
SFTK_HANDLE_STRING_ARG(index,tmp,"tokens=",
if(tmp) { secmod_parseTokens(tmp,parsed); PORT_Free(tmp); })
PK11_HANDLE_FINAL_ARG(index)
SFTK_HANDLE_FINAL_ARG(index)
}
if (parsed->tokens == NULL) {
int count = isFIPS ? 1 : 2;
int index = count-1;
pk11_token_parameters *tokens = NULL;
sftk_token_parameters *tokens = NULL;
tokens = (pk11_token_parameters *)
PORT_ZAlloc(count*sizeof(pk11_token_parameters));
tokens = (sftk_token_parameters *)
PORT_ZAlloc(count*sizeof(sftk_token_parameters));
if (tokens == NULL) {
goto loser;
}
@ -235,7 +235,7 @@ loser:
}
void
secmod_freeParams(pk11_parameters *params)
secmod_freeParams(sftk_parameters *params)
{
int i;
@ -264,18 +264,18 @@ secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw)
char *value = NULL;
char *save_params = param;
const char *lconfigdir;
param = pk11_argStrip(param);
param = sftk_argStrip(param);
while (*param) {
PK11_HANDLE_STRING_ARG(param,configdir,"configDir=",;)
PK11_HANDLE_STRING_ARG(param,secmodName,"secmod=",;)
PK11_HANDLE_FINAL_ARG(param)
SFTK_HANDLE_STRING_ARG(param,configdir,"configDir=",;)
SFTK_HANDLE_STRING_ARG(param,secmodName,"secmod=",;)
SFTK_HANDLE_FINAL_ARG(param)
}
*rw = PR_TRUE;
if (pk11_argHasFlag("flags","readOnly",save_params) ||
pk11_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE;
if (sftk_argHasFlag("flags","readOnly",save_params) ||
sftk_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE;
if (!secmodName || *secmodName == '\0') {
if (secmodName) PORT_Free(secmodName);
@ -283,7 +283,7 @@ secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw)
}
*filename = secmodName;
lconfigdir = pk11_EvaluateConfigDir(configdir, appName);
lconfigdir = sftk_EvaluateConfigDir(configdir, appName);
if (lconfigdir) {
value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName);
@ -299,9 +299,9 @@ static SECStatus secmod_MakeKey(DBT *key, char * module) {
int len = 0;
char *commonName;
commonName = pk11_argGetParamValue("name",module);
commonName = sftk_argGetParamValue("name",module);
if (commonName == NULL) {
commonName = pk11_argGetParamValue("library",module);
commonName = sftk_argGetParamValue("library",module);
}
if (commonName == NULL) return SECFailure;
len = PORT_Strlen(commonName);
@ -393,7 +393,7 @@ secmod_EncodeData(DBT *data, char * module)
PK11PreSlotInfo *slotInfo = NULL;
SECStatus rv = SECFailure;
rv = pk11_argParseModuleSpec(module,&dllName,&commonName,&param,&nss);
rv = sftk_argParseModuleSpec(module,&dllName,&commonName,&param,&nss);
if (rv != SECSuccess) return rv;
rv = SECFailure;
@ -410,8 +410,8 @@ secmod_EncodeData(DBT *data, char * module)
len3 = PORT_Strlen(param);
}
slotParams = pk11_argGetParamValue("slotParams",nss);
slotInfo = pk11_argParseSlotInfo(NULL,slotParams,&count);
slotParams = sftk_argGetParamValue("slotParams",nss);
slotInfo = sftk_argParseSlotInfo(NULL,slotParams,&count);
if (slotParams) PORT_Free(slotParams);
if (count && slotInfo == NULL) {
@ -435,24 +435,24 @@ secmod_EncodeData(DBT *data, char * module)
encoded->major = SECMOD_DB_VERSION_MAJOR;
encoded->minor = SECMOD_DB_VERSION_MINOR;
encoded->internal = (unsigned char)
(pk11_argHasFlag("flags","internal",nss) ? 1 : 0);
(sftk_argHasFlag("flags","internal",nss) ? 1 : 0);
encoded->fips = (unsigned char)
(pk11_argHasFlag("flags","FIPS",nss) ? 1 : 0);
(sftk_argHasFlag("flags","FIPS",nss) ? 1 : 0);
encoded->isModuleDB = (unsigned char)
(pk11_argHasFlag("flags","isModuleDB",nss) ? 1 : 0);
(sftk_argHasFlag("flags","isModuleDB",nss) ? 1 : 0);
encoded->isModuleDBOnly = (unsigned char)
(pk11_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0);
(sftk_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0);
encoded->isCritical = (unsigned char)
(pk11_argHasFlag("flags","critical",nss) ? 1 : 0);
(sftk_argHasFlag("flags","critical",nss) ? 1 : 0);
order = pk11_argReadLong("trustOrder",nss, PK11_DEFAULT_TRUST_ORDER, NULL);
order = sftk_argReadLong("trustOrder",nss, SFTK_DEFAULT_TRUST_ORDER, NULL);
SECMOD_PUTLONG(encoded->trustOrder,order);
order = pk11_argReadLong("cipherOrder",nss,PK11_DEFAULT_CIPHER_ORDER,NULL);
order = sftk_argReadLong("cipherOrder",nss,SFTK_DEFAULT_CIPHER_ORDER,NULL);
SECMOD_PUTLONG(encoded->cipherOrder,order);
ciphers = pk11_argGetParamValue("ciphers",nss);
pk11_argSetNewCipherFlags(&ssl[0], ciphers);
ciphers = sftk_argGetParamValue("ciphers",nss);
sftk_argSetNewCipherFlags(&ssl[0], ciphers);
SECMOD_PUTLONG(encoded->ssl,ssl[0]);
SECMOD_PUTLONG(&encoded->ssl[4],ssl[1]);
if (ciphers) PORT_Free(ciphers);
@ -549,8 +549,8 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
unsigned long slotID;
unsigned long defaultFlags;
unsigned long timeout;
unsigned long trustOrder =PK11_DEFAULT_TRUST_ORDER;
unsigned long cipherOrder =PK11_DEFAULT_CIPHER_ORDER;
unsigned long trustOrder =SFTK_DEFAULT_TRUST_ORDER;
unsigned long cipherOrder =SFTK_DEFAULT_CIPHER_ORDER;
unsigned short len;
unsigned short namesOffset = 0; /* start of the names block */
unsigned long namesRunningOffset; /* offset to name we are
@ -726,14 +726,14 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
hasRootCerts = slots->hasRootCerts;
if (isOldVersion && internal && (slotID != 2)) {
unsigned long internalFlags=
pk11_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS);
sftk_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS);
defaultFlags |= internalFlags;
}
if (hasRootCerts && !extended) {
trustOrder = 100;
}
slotStrings[i] = pk11_mkSlotString(slotID, defaultFlags, timeout,
slotStrings[i] = sftk_mkSlotString(slotID, defaultFlags, timeout,
(unsigned char)slots->askpw,
hasRootCerts, hasRootTrust);
if (slotStrings[i] == NULL) {
@ -742,13 +742,13 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
}
}
nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB,
nss = sftk_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB,
isModuleDBOnly, internal, trustOrder, cipherOrder,
ssl0, ssl1);
secmod_FreeSlotStrings(slotStrings,slotCount);
/* it's permissible (and normal) for nss to be NULL. it simply means
* there are no NSS specific parameters in the database */
moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss);
moduleSpec = sftk_mkNewModuleSpec(dllName,commonName,parameters,nss);
PR_smprintf_free(nss);
PORT_FreeArena(arena,PR_TRUE);
return moduleSpec;
@ -855,7 +855,7 @@ secmod_addEscape(const char *string, char quote)
}
#define SECMOD_STEP 10
#define PK11_DEFAULT_INTERNAL_INIT "library= name=\"NSS Internal PKCS #11 Module\" parameters=\"%s\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={%s askpw=any timeout=30})\""
#define SFTK_DEFAULT_INTERNAL_INIT "library= name=\"NSS Internal PKCS #11 Module\" parameters=\"%s\" NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={%s askpw=any timeout=30})\""
/*
* Read all the existing modules in
*/
@ -905,7 +905,7 @@ done:
if (!moduleList[0]) {
char * newparams = secmod_addEscape(params,'"');
if (newparams) {
moduleList[0] = PR_smprintf(PK11_DEFAULT_INTERNAL_INIT,newparams,
moduleList[0] = PR_smprintf(SFTK_DEFAULT_INTERNAL_INIT,newparams,
SECMOD_SLOT_FLAGS);
PORT_Free(newparams);
}

328
security/nss/lib/softoken/pk11pars.h
Просмотреть файл

@ -51,61 +51,61 @@
#include "secmodt.h"
#include "pk11init.h"
#define PK11_ARG_LIBRARY_PARAMETER "library="
#define PK11_ARG_NAME_PARAMETER "name="
#define PK11_ARG_MODULE_PARAMETER "parameters="
#define PK11_ARG_NSS_PARAMETER "NSS="
#define PK11_ARG_FORTEZZA_FLAG "FORTEZZA"
#define PK11_ARG_ESCAPE '\\'
#define SFTK_ARG_LIBRARY_PARAMETER "library="
#define SFTK_ARG_NAME_PARAMETER "name="
#define SFTK_ARG_MODULE_PARAMETER "parameters="
#define SFTK_ARG_NSS_PARAMETER "NSS="
#define SFTK_ARG_FORTEZZA_FLAG "FORTEZZA"
#define SFTK_ARG_ESCAPE '\\'
struct pk11argSlotFlagTable {
struct sftkargSlotFlagTable {
char *name;
int len;
unsigned long value;
};
#define PK11_DEFAULT_CIPHER_ORDER 0
#define PK11_DEFAULT_TRUST_ORDER 50
#define SFTK_DEFAULT_CIPHER_ORDER 0
#define SFTK_DEFAULT_TRUST_ORDER 50
#define PK11_ARG_ENTRY(arg,flag) \
#define SFTK_ARG_ENTRY(arg,flag) \
{ #arg , sizeof(#arg)-1, flag }
static struct pk11argSlotFlagTable pk11_argSlotFlagTable[] = {
PK11_ARG_ENTRY(RSA,SECMOD_RSA_FLAG),
PK11_ARG_ENTRY(DSA,SECMOD_RSA_FLAG),
PK11_ARG_ENTRY(RC2,SECMOD_RC4_FLAG),
PK11_ARG_ENTRY(RC4,SECMOD_RC2_FLAG),
PK11_ARG_ENTRY(DES,SECMOD_DES_FLAG),
PK11_ARG_ENTRY(DH,SECMOD_DH_FLAG),
PK11_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
PK11_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
PK11_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
PK11_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
PK11_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
PK11_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
PK11_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
PK11_ARG_ENTRY(AES,SECMOD_AES_FLAG),
PK11_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
PK11_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
static struct sftkargSlotFlagTable sftk_argSlotFlagTable[] = {
SFTK_ARG_ENTRY(RSA,SECMOD_RSA_FLAG),
SFTK_ARG_ENTRY(DSA,SECMOD_RSA_FLAG),
SFTK_ARG_ENTRY(RC2,SECMOD_RC4_FLAG),
SFTK_ARG_ENTRY(RC4,SECMOD_RC2_FLAG),
SFTK_ARG_ENTRY(DES,SECMOD_DES_FLAG),
SFTK_ARG_ENTRY(DH,SECMOD_DH_FLAG),
SFTK_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
SFTK_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
SFTK_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
SFTK_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
SFTK_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
SFTK_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
SFTK_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
SFTK_ARG_ENTRY(AES,SECMOD_AES_FLAG),
SFTK_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
SFTK_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
};
#define PK11_HANDLE_STRING_ARG(param,target,value,command) \
#define SFTK_HANDLE_STRING_ARG(param,target,value,command) \
if (PORT_Strncasecmp(param,value,sizeof(value)-1) == 0) { \
param += sizeof(value)-1; \
target = pk11_argFetchValue(param,&next); \
target = sftk_argFetchValue(param,&next); \
param += next; \
command ;\
} else
#define PK11_HANDLE_FINAL_ARG(param) \
{ param = pk11_argSkipParameter(param); } param = pk11_argStrip(param);
#define SFTK_HANDLE_FINAL_ARG(param) \
{ param = sftk_argSkipParameter(param); } param = sftk_argStrip(param);
static int pk11_argSlotFlagTableSize =
sizeof(pk11_argSlotFlagTable)/sizeof(pk11_argSlotFlagTable[0]);
static int sftk_argSlotFlagTableSize =
sizeof(sftk_argSlotFlagTable)/sizeof(sftk_argSlotFlagTable[0]);
static PRBool pk11_argGetPair(char c) {
static PRBool sftk_argGetPair(char c) {
switch (c) {
case '\'': return c;
case '\"': return c;
@ -118,15 +118,15 @@ static PRBool pk11_argGetPair(char c) {
return ' ';
}
static PRBool pk11_argIsBlank(char c) {
static PRBool sftk_argIsBlank(char c) {
return isspace(c);
}
static PRBool pk11_argIsEscape(char c) {
static PRBool sftk_argIsEscape(char c) {
return c == '\\';
}
static PRBool pk11_argIsQuote(char c) {
static PRBool sftk_argIsQuote(char c) {
switch (c) {
case '\'':
case '\"':
@ -139,7 +139,7 @@ static PRBool pk11_argIsQuote(char c) {
return PR_FALSE;
}
static PRBool pk11_argHasChar(char *v, char c)
static PRBool sftk_argHasChar(char *v, char c)
{
for ( ;*v; v++) {
if (*v == c) return PR_TRUE;
@ -147,26 +147,26 @@ static PRBool pk11_argHasChar(char *v, char c)
return PR_FALSE;
}
static PRBool pk11_argHasBlanks(char *v)
static PRBool sftk_argHasBlanks(char *v)
{
for ( ;*v; v++) {
if (pk11_argIsBlank(*v)) return PR_TRUE;
if (sftk_argIsBlank(*v)) return PR_TRUE;
}
return PR_FALSE;
}
static char *pk11_argStrip(char *c) {
while (*c && pk11_argIsBlank(*c)) c++;
static char *sftk_argStrip(char *c) {
while (*c && sftk_argIsBlank(*c)) c++;
return c;
}
static char *
pk11_argFindEnd(char *string) {
sftk_argFindEnd(char *string) {
char endChar = ' ';
PRBool lastEscape = PR_FALSE;
if (pk11_argIsQuote(*string)) {
endChar = pk11_argGetPair(*string);
if (sftk_argIsQuote(*string)) {
endChar = sftk_argGetPair(*string);
string++;
}
@ -175,11 +175,11 @@ pk11_argFindEnd(char *string) {
lastEscape = PR_FALSE;
continue;
}
if (pk11_argIsEscape(*string) && !lastEscape) {
if (sftk_argIsEscape(*string) && !lastEscape) {
lastEscape = PR_TRUE;
continue;
}
if ((endChar == ' ') && pk11_argIsBlank(*string)) break;
if ((endChar == ' ') && sftk_argIsBlank(*string)) break;
if (*string == endChar) {
break;
}
@ -189,9 +189,9 @@ pk11_argFindEnd(char *string) {
}
static char *
pk11_argFetchValue(char *string, int *pcount)
sftk_argFetchValue(char *string, int *pcount)
{
char *end = pk11_argFindEnd(string);
char *end = sftk_argFindEnd(string);
char *retString, *copyString;
PRBool lastEscape = PR_FALSE;
@ -202,9 +202,9 @@ pk11_argFetchValue(char *string, int *pcount)
copyString = retString = (char *)PORT_Alloc(*pcount);
if (retString == NULL) return NULL;
if (pk11_argIsQuote(*string)) string++;
if (sftk_argIsQuote(*string)) string++;
for (; string < end; string++) {
if (pk11_argIsEscape(*string) && !lastEscape) {
if (sftk_argIsEscape(*string) && !lastEscape) {
lastEscape = PR_TRUE;
continue;
}
@ -216,44 +216,44 @@ pk11_argFetchValue(char *string, int *pcount)
}
static char *
pk11_argSkipParameter(char *string)
sftk_argSkipParameter(char *string)
{
char *end;
/* look for the end of the <name>= */
for (;*string; string++) {
if (*string == '=') { string++; break; }
if (pk11_argIsBlank(*string)) return(string);
if (sftk_argIsBlank(*string)) return(string);
}
end = pk11_argFindEnd(string);
end = sftk_argFindEnd(string);
if (*end) end++;
return end;
}
static SECStatus
pk11_argParseModuleSpec(char *modulespec, char **lib, char **mod,
sftk_argParseModuleSpec(char *modulespec, char **lib, char **mod,
char **parameters, char **nss)
{
int next;
modulespec = pk11_argStrip(modulespec);
modulespec = sftk_argStrip(modulespec);
*lib = *mod = *parameters = *nss = 0;
while (*modulespec) {
PK11_HANDLE_STRING_ARG(modulespec,*lib,PK11_ARG_LIBRARY_PARAMETER,;)
PK11_HANDLE_STRING_ARG(modulespec,*mod,PK11_ARG_NAME_PARAMETER,;)
PK11_HANDLE_STRING_ARG(modulespec,*parameters,
PK11_ARG_MODULE_PARAMETER,;)
PK11_HANDLE_STRING_ARG(modulespec,*nss,PK11_ARG_NSS_PARAMETER,;)
PK11_HANDLE_FINAL_ARG(modulespec)
SFTK_HANDLE_STRING_ARG(modulespec,*lib,SFTK_ARG_LIBRARY_PARAMETER,;)
SFTK_HANDLE_STRING_ARG(modulespec,*mod,SFTK_ARG_NAME_PARAMETER,;)
SFTK_HANDLE_STRING_ARG(modulespec,*parameters,
SFTK_ARG_MODULE_PARAMETER,;)
SFTK_HANDLE_STRING_ARG(modulespec,*nss,SFTK_ARG_NSS_PARAMETER,;)
SFTK_HANDLE_FINAL_ARG(modulespec)
}
return SECSuccess;
}
static char *
pk11_argGetParamValue(char *paramName,char *parameters)
sftk_argGetParamValue(char *paramName,char *parameters)
{
char searchValue[256];
int paramLen = strlen(paramName);
@ -269,19 +269,19 @@ pk11_argGetParamValue(char *paramName,char *parameters)
while (*parameters) {
if (PORT_Strncasecmp(parameters,searchValue,paramLen+1) == 0) {
parameters += paramLen+1;
returnValue = pk11_argFetchValue(parameters,&next);
returnValue = sftk_argFetchValue(parameters,&next);
break;
} else {
parameters = pk11_argSkipParameter(parameters);
parameters = sftk_argSkipParameter(parameters);
}
parameters = pk11_argStrip(parameters);
parameters = sftk_argStrip(parameters);
}
return returnValue;
}
static char *
pk11_argNextFlag(char *flags)
sftk_argNextFlag(char *flags)
{
for (; *flags ; flags++) {
if (*flags == ',') {
@ -293,16 +293,16 @@ pk11_argNextFlag(char *flags)
}
static PRBool
pk11_argHasFlag(char *label, char *flag, char *parameters)
sftk_argHasFlag(char *label, char *flag, char *parameters)
{
char *flags,*index;
int len = strlen(flag);
PRBool found = PR_FALSE;
flags = pk11_argGetParamValue(label,parameters);
flags = sftk_argGetParamValue(label,parameters);
if (flags == NULL) return PR_FALSE;
for (index=flags; *index; index=pk11_argNextFlag(index)) {
for (index=flags; *index; index=sftk_argNextFlag(index)) {
if (PORT_Strncasecmp(index,flag,len) == 0) {
found=PR_TRUE;
break;
@ -313,14 +313,14 @@ pk11_argHasFlag(char *label, char *flag, char *parameters)
}
static void
pk11_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList)
sftk_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList)
{
newCiphers[0] = newCiphers[1] = 0;
if ((cipherList == NULL) || (*cipherList == 0)) return;
for (;*cipherList; cipherList=pk11_argNextFlag(cipherList)) {
if (PORT_Strncasecmp(cipherList,PK11_ARG_FORTEZZA_FLAG,
sizeof(PK11_ARG_FORTEZZA_FLAG)-1) == 0) {
for (;*cipherList; cipherList=sftk_argNextFlag(cipherList)) {
if (PORT_Strncasecmp(cipherList,SFTK_ARG_FORTEZZA_FLAG,
sizeof(SFTK_ARG_FORTEZZA_FLAG)-1) == 0) {
newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
}
@ -341,7 +341,7 @@ pk11_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList)
* decode a number. handle octal (leading '0'), hex (leading '0x') or decimal
*/
static long
pk11_argDecodeNumber(char *num)
sftk_argDecodeNumber(char *num)
{
int radix = 10;
unsigned long value = 0;
@ -351,7 +351,7 @@ pk11_argDecodeNumber(char *num)
if (num == NULL) return retValue;
num = pk11_argStrip(num);
num = sftk_argStrip(num);
if (*num == '-') {
sign = -1;
@ -387,18 +387,18 @@ pk11_argDecodeNumber(char *num)
}
static long
pk11_argReadLong(char *label,char *params, long defValue, PRBool *isdefault)
sftk_argReadLong(char *label,char *params, long defValue, PRBool *isdefault)
{
char *value;
long retValue;
if (isdefault) *isdefault = PR_FALSE;
value = pk11_argGetParamValue(label,params);
value = sftk_argGetParamValue(label,params);
if (value == NULL) {
if (isdefault) *isdefault = PR_TRUE;
return defValue;
}
retValue = pk11_argDecodeNumber(value);
retValue = sftk_argDecodeNumber(value);
if (value) PORT_Free(value);
return retValue;
@ -406,23 +406,23 @@ pk11_argReadLong(char *label,char *params, long defValue, PRBool *isdefault)
static unsigned long
pk11_argSlotFlags(char *label,char *params)
sftk_argSlotFlags(char *label,char *params)
{
char *flags,*index;
unsigned long retValue = 0;
int i;
PRBool all = PR_FALSE;
flags = pk11_argGetParamValue(label,params);
flags = sftk_argGetParamValue(label,params);
if (flags == NULL) return 0;
if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE;
for (index=flags; *index; index=pk11_argNextFlag(index)) {
for (i=0; i < pk11_argSlotFlagTableSize; i++) {
if (all || (PORT_Strncasecmp(index, pk11_argSlotFlagTable[i].name,
pk11_argSlotFlagTable[i].len) == 0)) {
retValue |= pk11_argSlotFlagTable[i].value;
for (index=flags; *index; index=sftk_argNextFlag(index)) {
for (i=0; i < sftk_argSlotFlagTableSize; i++) {
if (all || (PORT_Strncasecmp(index, sftk_argSlotFlagTable[i].name,
sftk_argSlotFlagTable[i].len) == 0)) {
retValue |= sftk_argSlotFlagTable[i].value;
}
}
}
@ -432,15 +432,15 @@ pk11_argSlotFlags(char *label,char *params)
static void
pk11_argDecodeSingleSlotInfo(char *name,char *params,PK11PreSlotInfo *slotInfo)
sftk_argDecodeSingleSlotInfo(char *name,char *params,PK11PreSlotInfo *slotInfo)
{
char *askpw;
slotInfo->slotID=pk11_argDecodeNumber(name);
slotInfo->defaultFlags=pk11_argSlotFlags("slotFlags",params);
slotInfo->timeout=pk11_argReadLong("timeout",params, 0, NULL);
slotInfo->slotID=sftk_argDecodeNumber(name);
slotInfo->defaultFlags=sftk_argSlotFlags("slotFlags",params);
slotInfo->timeout=sftk_argReadLong("timeout",params, 0, NULL);
askpw = pk11_argGetParamValue("askpw",params);
askpw = sftk_argGetParamValue("askpw",params);
slotInfo->askpw = 0;
if (askpw) {
@ -452,12 +452,12 @@ pk11_argDecodeSingleSlotInfo(char *name,char *params,PK11PreSlotInfo *slotInfo)
PORT_Free(askpw);
slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
}
slotInfo->hasRootCerts = pk11_argHasFlag("rootFlags","hasRootCerts",params);
slotInfo->hasRootTrust = pk11_argHasFlag("rootFlags","hasRootTrust",params);
slotInfo->hasRootCerts = sftk_argHasFlag("rootFlags","hasRootCerts",params);
slotInfo->hasRootTrust = sftk_argHasFlag("rootFlags","hasRootTrust",params);
}
static char *
pk11_argGetName(char *inString, int *next)
sftk_argGetName(char *inString, int *next)
{
char *name=NULL;
char *string;
@ -466,7 +466,7 @@ pk11_argGetName(char *inString, int *next)
/* look for the end of the <name>= */
for (string = inString;*string; string++) {
if (*string == '=') { break; }
if (pk11_argIsBlank(*string)) break;
if (sftk_argIsBlank(*string)) break;
}
len = string - inString;
@ -482,7 +482,7 @@ pk11_argGetName(char *inString, int *next)
}
static PK11PreSlotInfo *
pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
sftk_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
{
char *slotIndex;
PK11PreSlotInfo *slotInfo = NULL;
@ -492,8 +492,8 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
if ((slotParams == NULL) || (*slotParams == 0)) return NULL;
/* first count the number of slots */
for (slotIndex = pk11_argStrip(slotParams); *slotIndex;
slotIndex = pk11_argStrip(pk11_argSkipParameter(slotIndex))) {
for (slotIndex = sftk_argStrip(slotParams); *slotIndex;
slotIndex = sftk_argStrip(sftk_argSkipParameter(slotIndex))) {
count++;
}
@ -508,38 +508,38 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
}
if (slotInfo == NULL) return NULL;
for (slotIndex = pk11_argStrip(slotParams), i = 0;
for (slotIndex = sftk_argStrip(slotParams), i = 0;
*slotIndex && i < count ; ) {
char *name;
name = pk11_argGetName(slotIndex,&next);
name = sftk_argGetName(slotIndex,&next);
slotIndex += next;
if (!pk11_argIsBlank(*slotIndex)) {
char *args = pk11_argFetchValue(slotIndex,&next);
if (!sftk_argIsBlank(*slotIndex)) {
char *args = sftk_argFetchValue(slotIndex,&next);
slotIndex += next;
if (args) {
pk11_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
sftk_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
i++;
PORT_Free(args);
}
}
if (name) PORT_Free(name);
slotIndex = pk11_argStrip(slotIndex);
slotIndex = sftk_argStrip(slotIndex);
}
*retCount = i;
return slotInfo;
}
static char *pk11_nullString = "";
static char *sftk_nullString = "";
static char *
pk11_formatValue(PRArenaPool *arena, char *value, char quote)
sftk_formatValue(PRArenaPool *arena, char *value, char quote)
{
char *vp,*vp2,*retval;
int size = 0, escapes = 0;
for (vp=value; *vp ;vp++) {
if ((*vp == quote) || (*vp == PK11_ARG_ESCAPE)) escapes++;
if ((*vp == quote) || (*vp == SFTK_ARG_ESCAPE)) escapes++;
size++;
}
if (arena) {
@ -550,48 +550,48 @@ pk11_formatValue(PRArenaPool *arena, char *value, char quote)
if (retval == NULL) return NULL;
vp2 = retval;
for (vp=value; *vp; vp++) {
if ((*vp == quote) || (*vp == PK11_ARG_ESCAPE))
*vp2++ = PK11_ARG_ESCAPE;
if ((*vp == quote) || (*vp == SFTK_ARG_ESCAPE))
*vp2++ = SFTK_ARG_ESCAPE;
*vp2++ = *vp;
}
return retval;
}
static char *pk11_formatPair(char *name,char *value, char quote)
static char *sftk_formatPair(char *name,char *value, char quote)
{
char openQuote = quote;
char closeQuote = pk11_argGetPair(quote);
char closeQuote = sftk_argGetPair(quote);
char *newValue = NULL;
char *returnValue;
PRBool need_quote = PR_FALSE;
if (!value || (*value == 0)) return pk11_nullString;
if (!value || (*value == 0)) return sftk_nullString;
if (pk11_argHasBlanks(value) || pk11_argIsQuote(value[0]))
if (sftk_argHasBlanks(value) || sftk_argIsQuote(value[0]))
need_quote=PR_TRUE;
if ((need_quote && pk11_argHasChar(value,closeQuote))
|| pk11_argHasChar(value,PK11_ARG_ESCAPE)) {
value = newValue = pk11_formatValue(NULL, value,quote);
if (newValue == NULL) return pk11_nullString;
if ((need_quote && sftk_argHasChar(value,closeQuote))
|| sftk_argHasChar(value,SFTK_ARG_ESCAPE)) {
value = newValue = sftk_formatValue(NULL, value,quote);
if (newValue == NULL) return sftk_nullString;
}
if (need_quote) {
returnValue = PR_smprintf("%s=%c%s%c",name,openQuote,value,closeQuote);
} else {
returnValue = PR_smprintf("%s=%s",name,value);
}
if (returnValue == NULL) returnValue = pk11_nullString;
if (returnValue == NULL) returnValue = sftk_nullString;
if (newValue) PORT_Free(newValue);
return returnValue;
}
static char *pk11_formatIntPair(char *name,unsigned long value, unsigned long def)
static char *sftk_formatIntPair(char *name,unsigned long value, unsigned long def)
{
char *returnValue;
if (value == def) return pk11_nullString;
if (value == def) return sftk_nullString;
returnValue = PR_smprintf("%s=%d",name,value);
@ -599,9 +599,9 @@ static char *pk11_formatIntPair(char *name,unsigned long value, unsigned long de
}
static void
pk11_freePair(char *pair)
sftk_freePair(char *pair)
{
if (pair && pair != pk11_nullString) {
if (pair && pair != sftk_nullString) {
PR_smprintf_free(pair);
}
}
@ -609,7 +609,7 @@ pk11_freePair(char *pair)
#define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
sizeof("moduleDBOnly")+sizeof("critical")
static char *
pk11_mkNSSFlags(PRBool internal, PRBool isFIPS,
sftk_mkNSSFlags(PRBool internal, PRBool isFIPS,
PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
{
char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
@ -644,7 +644,7 @@ pk11_mkNSSFlags(PRBool internal, PRBool isFIPS,
}
static char *
pk11_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
sftk_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
{
char *cipher = NULL;
int i;
@ -685,7 +685,7 @@ pk11_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
}
static char *
pk11_mkSlotFlags(unsigned long defaultFlags)
sftk_mkSlotFlags(unsigned long defaultFlags)
{
char *flags=NULL;
int i,j;
@ -694,9 +694,9 @@ pk11_mkSlotFlags(unsigned long defaultFlags)
if (defaultFlags & (1<<i)) {
char *string = NULL;
for (j=0; j < pk11_argSlotFlagTableSize; j++) {
if (pk11_argSlotFlagTable[j].value == (((unsigned long)1)<<i)) {
string = pk11_argSlotFlagTable[j].name;
for (j=0; j < sftk_argSlotFlagTableSize; j++) {
if (sftk_argSlotFlagTable[j].value == (((unsigned long)1)<<i)) {
string = sftk_argSlotFlagTable[j].name;
break;
}
}
@ -716,15 +716,15 @@ pk11_mkSlotFlags(unsigned long defaultFlags)
return flags;
}
#define PK11_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust")
#define SFTK_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust")
static char *
pk11_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
sftk_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
{
char *flags= (char *)PORT_ZAlloc(PK11_MAX_ROOT_FLAG_SIZE);
char *flags= (char *)PORT_ZAlloc(SFTK_MAX_ROOT_FLAG_SIZE);
PRBool first = PR_TRUE;
PORT_Memset(flags,0,PK11_MAX_ROOT_FLAG_SIZE);
PORT_Memset(flags,0,SFTK_MAX_ROOT_FLAG_SIZE);
if (hasRootCerts) {
PORT_Strcat(flags,"hasRootCerts");
first = PR_FALSE;
@ -738,7 +738,7 @@ pk11_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
}
static char *
pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
sftk_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
unsigned long timeout, unsigned char askpw_in,
PRBool hasRootCerts, PRBool hasRootTrust) {
char *askpw,*flags,*rootFlags,*slotString;
@ -755,10 +755,10 @@ pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
askpw = "any";
break;
}
flags = pk11_mkSlotFlags(defaultFlags);
rootFlags = pk11_mkRootFlags(hasRootCerts,hasRootTrust);
flagPair=pk11_formatPair("slotFlags",flags,'\'');
rootFlagsPair=pk11_formatPair("rootFlags",rootFlags,'\'');
flags = sftk_mkSlotFlags(defaultFlags);
rootFlags = sftk_mkRootFlags(hasRootCerts,hasRootTrust);
flagPair=sftk_formatPair("slotFlags",flags,'\'');
rootFlagsPair=sftk_formatPair("rootFlags",rootFlags,'\'');
if (flags) PR_smprintf_free(flags);
if (rootFlags) PORT_Free(rootFlags);
if (defaultFlags & PK11_OWN_PW_DEFAULTS) {
@ -769,13 +769,13 @@ pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
slotString = PR_smprintf("0x%08lx=[%s %s]",
(PRUint32)slotID,flagPair,rootFlagsPair);
}
pk11_freePair(flagPair);
pk11_freePair(rootFlagsPair);
sftk_freePair(flagPair);
sftk_freePair(rootFlagsPair);
return slotString;
}
static char *
pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
sftk_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical,
unsigned long trustOrder, unsigned long cipherOrder,
unsigned long ssl0, unsigned long ssl1) {
@ -805,29 +805,29 @@ pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
/*
* now the NSS structure
*/
nssFlags = pk11_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
nssFlags = sftk_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
isCritical);
/* for now only the internal module is critical */
ciphers = pk11_mkCipherFlags(ssl0, ssl1);
ciphers = sftk_mkCipherFlags(ssl0, ssl1);
trustOrderPair=pk11_formatIntPair("trustOrder",trustOrder,
PK11_DEFAULT_TRUST_ORDER);
cipherOrderPair=pk11_formatIntPair("cipherOrder",cipherOrder,
PK11_DEFAULT_CIPHER_ORDER);
slotPair=pk11_formatPair("slotParams",slotParams,'{'); /* } */
trustOrderPair=sftk_formatIntPair("trustOrder",trustOrder,
SFTK_DEFAULT_TRUST_ORDER);
cipherOrderPair=sftk_formatIntPair("cipherOrder",cipherOrder,
SFTK_DEFAULT_CIPHER_ORDER);
slotPair=sftk_formatPair("slotParams",slotParams,'{'); /* } */
if (slotParams) PORT_Free(slotParams);
cipherPair=pk11_formatPair("ciphers",ciphers,'\'');
cipherPair=sftk_formatPair("ciphers",ciphers,'\'');
if (ciphers) PR_smprintf_free(ciphers);
flagPair=pk11_formatPair("Flags",nssFlags,'\'');
flagPair=sftk_formatPair("Flags",nssFlags,'\'');
if (nssFlags) PORT_Free(nssFlags);
nss = PR_smprintf("%s %s %s %s %s",trustOrderPair,
cipherOrderPair,slotPair,cipherPair,flagPair);
pk11_freePair(trustOrderPair);
pk11_freePair(cipherOrderPair);
pk11_freePair(slotPair);
pk11_freePair(cipherPair);
pk11_freePair(flagPair);
tmp = pk11_argStrip(nss);
sftk_freePair(trustOrderPair);
sftk_freePair(cipherOrderPair);
sftk_freePair(slotPair);
sftk_freePair(cipherPair);
sftk_freePair(flagPair);
tmp = sftk_argStrip(nss);
if (*tmp == '\0') {
PR_smprintf_free(nss);
nss = NULL;
@ -836,7 +836,7 @@ pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
}
static char *
pk11_mkNewModuleSpec(char *dllName, char *commonName, char *parameters,
sftk_mkNewModuleSpec(char *dllName, char *commonName, char *parameters,
char *NSS) {
char *moduleSpec;
char *lib,*name,*param,*nss;
@ -844,15 +844,15 @@ pk11_mkNewModuleSpec(char *dllName, char *commonName, char *parameters,
/*
* now the final spec
*/
lib = pk11_formatPair("library",dllName,'\"');
name = pk11_formatPair("name",commonName,'\"');
param = pk11_formatPair("parameters",parameters,'\"');
nss = pk11_formatPair("NSS",NSS,'\"');
lib = sftk_formatPair("library",dllName,'\"');
name = sftk_formatPair("name",commonName,'\"');
param = sftk_formatPair("parameters",parameters,'\"');
nss = sftk_formatPair("NSS",NSS,'\"');
moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
pk11_freePair(lib);
pk11_freePair(name);
pk11_freePair(param);
pk11_freePair(nss);
sftk_freePair(lib);
sftk_freePair(name);
sftk_freePair(param);
sftk_freePair(nss);
return (moduleSpec);
}

1296
security/nss/lib/softoken/pkcs11.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

1534
security/nss/lib/softoken/pkcs11c.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

414
security/nss/lib/softoken/pkcs11i.h
Просмотреть файл

@ -121,30 +121,30 @@
/* NOSPREAD sessionID to hash table index macro has been slower. */
/* define typedefs, double as forward declarations as well */
typedef struct PK11AttributeStr PK11Attribute;
typedef struct PK11ObjectListStr PK11ObjectList;
typedef struct PK11ObjectFreeListStr PK11ObjectFreeList;
typedef struct PK11ObjectListElementStr PK11ObjectListElement;
typedef struct PK11ObjectStr PK11Object;
typedef struct PK11SessionObjectStr PK11SessionObject;
typedef struct PK11TokenObjectStr PK11TokenObject;
typedef struct PK11SessionStr PK11Session;
typedef struct PK11SlotStr PK11Slot;
typedef struct PK11SessionContextStr PK11SessionContext;
typedef struct PK11SearchResultsStr PK11SearchResults;
typedef struct PK11HashVerifyInfoStr PK11HashVerifyInfo;
typedef struct PK11HashSignInfoStr PK11HashSignInfo;
typedef struct PK11SSLMACInfoStr PK11SSLMACInfo;
typedef struct SFTKAttributeStr SFTKAttribute;
typedef struct SFTKObjectListStr SFTKObjectList;
typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
typedef struct SFTKObjectListElementStr SFTKObjectListElement;
typedef struct SFTKObjectStr SFTKObject;
typedef struct SFTKSessionObjectStr SFTKSessionObject;
typedef struct SFTKTokenObjectStr SFTKTokenObject;
typedef struct SFTKSessionStr SFTKSession;
typedef struct SFTKSlotStr SFTKSlot;
typedef struct SFTKSessionContextStr SFTKSessionContext;
typedef struct SFTKSearchResultsStr SFTKSearchResults;
typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
/* define function pointer typdefs for pointer tables */
typedef void (*PK11Destroy)(void *, PRBool);
typedef void (*PK11Begin)(void *);
typedef SECStatus (*PK11Cipher)(void *,void *,unsigned int *,unsigned int,
typedef void (*SFTKDestroy)(void *, PRBool);
typedef void (*SFTKBegin)(void *);
typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
void *, unsigned int);
typedef SECStatus (*PK11Verify)(void *,void *,unsigned int,void *,unsigned int);
typedef void (*PK11Hash)(void *,void *,unsigned int);
typedef void (*PK11End)(void *,void *,unsigned int *,unsigned int);
typedef void (*PK11Free)(void *);
typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
typedef void (*SFTKHash)(void *,void *,unsigned int);
typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
typedef void (*SFTKFree)(void *);
/* Value to tell if an attribute is modifiable or not.
* NEVER: attribute is only set on creation.
@ -153,31 +153,31 @@ typedef void (*PK11Free)(void *);
* ALWAYS: attribute can always be changed.
*/
typedef enum {
PK11_NEVER = 0,
PK11_ONCOPY = 1,
PK11_SENSITIVE = 2,
PK11_ALWAYS = 3
} PK11ModifyType;
SFTK_NEVER = 0,
SFTK_ONCOPY = 1,
SFTK_SENSITIVE = 2,
SFTK_ALWAYS = 3
} SFTKModifyType;
/*
* Free Status Enum... tell us more information when we think we're
* deleting an object.
*/
typedef enum {
PK11_DestroyFailure,
PK11_Destroyed,
PK11_Busy
} PK11FreeStatus;
SFTK_DestroyFailure,
SFTK_Destroyed,
SFTK_Busy
} SFTKFreeStatus;
/*
* attribute values of an object.
*/
struct PK11AttributeStr {
PK11Attribute *next;
PK11Attribute *prev;
struct SFTKAttributeStr {
SFTKAttribute *next;
SFTKAttribute *prev;
PRBool freeAttr;
PRBool freeData;
/*must be called handle to make pk11queue_find work */
/*must be called handle to make sftkqueue_find work */
CK_ATTRIBUTE_TYPE handle;
CK_ATTRIBUTE attrib;
unsigned char space[ATTR_SPACE];
@ -187,14 +187,14 @@ struct PK11AttributeStr {
/*
* doubly link list of objects
*/
struct PK11ObjectListStr {
PK11ObjectList *next;
PK11ObjectList *prev;
PK11Object *parent;
struct SFTKObjectListStr {
SFTKObjectList *next;
SFTKObjectList *prev;
SFTKObject *parent;
};
struct PK11ObjectFreeListStr {
PK11Object *head;
struct SFTKObjectFreeListStr {
SFTKObject *head;
PZLock *lock;
int count;
};
@ -202,48 +202,48 @@ struct PK11ObjectFreeListStr {
/*
* PKCS 11 crypto object structure
*/
struct PK11ObjectStr {
PK11Object *next;
PK11Object *prev;
struct SFTKObjectStr {
SFTKObject *next;
SFTKObject *prev;
CK_OBJECT_CLASS objclass;
CK_OBJECT_HANDLE handle;
int refCount;
PZLock *refLock;
PK11Slot *slot;
SFTKSlot *slot;
void *objectInfo;
PK11Free infoFree;
SFTKFree infoFree;
};
struct PK11TokenObjectStr {
PK11Object obj;
struct SFTKTokenObjectStr {
SFTKObject obj;
SECItem dbKey;
};
struct PK11SessionObjectStr {
PK11Object obj;
PK11ObjectList sessionList;
struct SFTKSessionObjectStr {
SFTKObject obj;
SFTKObjectList sessionList;
PZLock *attributeLock;
PK11Session *session;
SFTKSession *session;
PRBool wasDerived;
int nextAttr;
PK11Attribute attrList[MAX_OBJS_ATTRS];
SFTKAttribute attrList[MAX_OBJS_ATTRS];
PRBool optimizeSpace;
unsigned int hashSize;
PK11Attribute *head[1];
SFTKAttribute *head[1];
};
/*
* struct to deal with a temparary list of objects
*/
struct PK11ObjectListElementStr {
PK11ObjectListElement *next;
PK11Object *object;
struct SFTKObjectListElementStr {
SFTKObjectListElement *next;
SFTKObject *object;
};
/*
* Area to hold Search results
*/
struct PK11SearchResultsStr {
struct SFTKSearchResultsStr {
CK_OBJECT_HANDLE *handles;
int size;
int index;
@ -255,50 +255,50 @@ struct PK11SearchResultsStr {
* the universal crypto/hash/sign/verify context structure
*/
typedef enum {
PK11_ENCRYPT,
PK11_DECRYPT,
PK11_HASH,
PK11_SIGN,
PK11_SIGN_RECOVER,
PK11_VERIFY,
PK11_VERIFY_RECOVER
} PK11ContextType;
SFTK_ENCRYPT,
SFTK_DECRYPT,
SFTK_HASH,
SFTK_SIGN,
SFTK_SIGN_RECOVER,
SFTK_VERIFY,
SFTK_VERIFY_RECOVER
} SFTKContextType;
#define PK11_MAX_BLOCK_SIZE 16
#define SFTK_MAX_BLOCK_SIZE 16
/* currently SHA512 is the biggest hash length */
#define PK11_MAX_MAC_LENGTH 64
#define PK11_INVALID_MAC_SIZE 0xffffffff
#define SFTK_MAX_MAC_LENGTH 64
#define SFTK_INVALID_MAC_SIZE 0xffffffff
struct PK11SessionContextStr {
PK11ContextType type;
struct SFTKSessionContextStr {
SFTKContextType type;
PRBool multi; /* is multipart */
PRBool doPad; /* use PKCS padding for block ciphers */
unsigned int blockSize; /* blocksize for padding */
unsigned int padDataLength; /* length of the valid data in padbuf */
unsigned char padBuf[PK11_MAX_BLOCK_SIZE];
unsigned char macBuf[PK11_MAX_BLOCK_SIZE];
unsigned char padBuf[SFTK_MAX_BLOCK_SIZE];
unsigned char macBuf[SFTK_MAX_BLOCK_SIZE];
CK_ULONG macSize; /* size of a general block cipher mac*/
void *cipherInfo;
void *hashInfo;
unsigned int cipherInfoLen;
CK_MECHANISM_TYPE currentMech;
PK11Cipher update;
PK11Hash hashUpdate;
PK11End end;
PK11Destroy destroy;
PK11Destroy hashdestroy;
PK11Verify verify;
SFTKCipher update;
SFTKHash hashUpdate;
SFTKEnd end;
SFTKDestroy destroy;
SFTKDestroy hashdestroy;
SFTKVerify verify;
unsigned int maxLen;
PK11Object *key;
SFTKObject *key;
};
/*
* Sessions (have objects)
*/
struct PK11SessionStr {
PK11Session *next;
PK11Session *prev;
struct SFTKSessionStr {
SFTKSession *next;
SFTKSession *prev;
CK_SESSION_HANDLE handle;
int refCount;
PZLock *objectLock;
@ -306,12 +306,12 @@ struct PK11SessionStr {
CK_SESSION_INFO info;
CK_NOTIFY notify;
CK_VOID_PTR appData;
PK11Slot *slot;
PK11SearchResults *search;
PK11SessionContext *enc_context;
PK11SessionContext *hash_context;
PK11SessionContext *sign_context;
PK11ObjectList *objects[1];
SFTKSlot *slot;
SFTKSearchResults *search;
SFTKSessionContext *enc_context;
SFTKSessionContext *hash_context;
SFTKSessionContext *sign_context;
SFTKObjectList *objects[1];
};
/*
@ -324,7 +324,7 @@ struct PK11SessionStr {
* and slotLock protects the remaining protected elements:
* password, isLoggedIn, ssoLoggedIn, and sessionCount
*/
struct PK11SlotStr {
struct SFTKSlotStr {
CK_SLOT_ID slotID;
PZLock *slotLock;
PZLock **sessionLock;
@ -349,9 +349,9 @@ struct PK11SlotStr {
int tokenIDCount;
int index;
PLHashTable *tokenHashTable;
PK11Object **tokObjects;
SFTKObject **tokObjects;
unsigned int tokObjHashSize;
PK11Session **head;
SFTKSession **head;
unsigned int sessHashSize;
char tokDescription[33];
char slotDescription[64];
@ -360,22 +360,22 @@ struct PK11SlotStr {
/*
* special joint operations Contexts
*/
struct PK11HashVerifyInfoStr {
struct SFTKHashVerifyInfoStr {
SECOidTag hashOid;
NSSLOWKEYPublicKey *key;
};
struct PK11HashSignInfoStr {
struct SFTKHashSignInfoStr {
SECOidTag hashOid;
NSSLOWKEYPrivateKey *key;
};
/* context for the Final SSLMAC message */
struct PK11SSLMACInfoStr {
struct SFTKSSLMACInfoStr {
void *hashContext;
PK11Begin begin;
PK11Hash update;
PK11End end;
SFTKBegin begin;
SFTKHash update;
SFTKEnd end;
CK_ULONG macSize;
int padSize;
unsigned char key[MAX_KEY_LEN];
@ -385,27 +385,27 @@ struct PK11SSLMACInfoStr {
/*
* session handle modifiers
*/
#define PK11_SESSION_SLOT_MASK 0xff000000L
#define SFTK_SESSION_SLOT_MASK 0xff000000L
/*
* object handle modifiers
*/
#define PK11_TOKEN_MASK 0x80000000L
#define PK11_TOKEN_MAGIC 0x80000000L
#define PK11_TOKEN_TYPE_MASK 0x70000000L
#define SFTK_TOKEN_MASK 0x80000000L
#define SFTK_TOKEN_MAGIC 0x80000000L
#define SFTK_TOKEN_TYPE_MASK 0x70000000L
/* keydb (high bit == 0) */
#define PK11_TOKEN_TYPE_PRIV 0x10000000L
#define PK11_TOKEN_TYPE_PUB 0x20000000L
#define PK11_TOKEN_TYPE_KEY 0x30000000L
#define SFTK_TOKEN_TYPE_PRIV 0x10000000L
#define SFTK_TOKEN_TYPE_PUB 0x20000000L
#define SFTK_TOKEN_TYPE_KEY 0x30000000L
/* certdb (high bit == 1) */
#define PK11_TOKEN_TYPE_TRUST 0x40000000L
#define PK11_TOKEN_TYPE_CRL 0x50000000L
#define PK11_TOKEN_TYPE_SMIME 0x60000000L
#define PK11_TOKEN_TYPE_CERT 0x70000000L
#define SFTK_TOKEN_TYPE_TRUST 0x40000000L
#define SFTK_TOKEN_TYPE_CRL 0x50000000L
#define SFTK_TOKEN_TYPE_SMIME 0x60000000L
#define SFTK_TOKEN_TYPE_CERT 0x70000000L
#define PK11_TOKEN_KRL_HANDLE (PK11_TOKEN_MAGIC|PK11_TOKEN_TYPE_CRL|1)
#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
/* how big a password/pin we can deal with */
#define PK11_MAX_PIN 255
#define SFTK_MAX_PIN 255
/* slot ID's */
#define NETSCAPE_SLOT_ID 1
@ -413,39 +413,39 @@ struct PK11SSLMACInfoStr {
#define FIPS_SLOT_ID 3
/* slot helper macros */
#define pk11_SlotFromSession(sp) ((sp)->slot)
#define pk11_isToken(id) (((id) & PK11_TOKEN_MASK) == PK11_TOKEN_MAGIC)
#define sftk_SlotFromSession(sp) ((sp)->slot)
#define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
/* the session hash multiplier (see bug 201081) */
#define SHMULTIPLIER 1791398085
/* queueing helper macros */
#define pk11_hash(value,size) \
#define sftk_hash(value,size) \
((PRUint32)((value) * SHMULTIPLIER) & (size-1))
#define pk11queue_add(element,id,head,hash_size) \
{ int tmp = pk11_hash(id,hash_size); \
#define sftkqueue_add(element,id,head,hash_size) \
{ int tmp = sftk_hash(id,hash_size); \
(element)->next = (head)[tmp]; \
(element)->prev = NULL; \
if ((head)[tmp]) (head)[tmp]->prev = (element); \
(head)[tmp] = (element); }
#define pk11queue_find(element,id,head,hash_size) \
for( (element) = (head)[pk11_hash(id,hash_size)]; (element) != NULL; \
#define sftkqueue_find(element,id,head,hash_size) \
for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
(element) = (element)->next) { \
if ((element)->handle == (id)) { break; } }
#define pk11queue_is_queued(element,id,head,hash_size) \
#define sftkqueue_is_queued(element,id,head,hash_size) \
( ((element)->next) || ((element)->prev) || \
((head)[pk11_hash(id,hash_size)] == (element)) )
#define pk11queue_delete(element,id,head,hash_size) \
((head)[sftk_hash(id,hash_size)] == (element)) )
#define sftkqueue_delete(element,id,head,hash_size) \
if ((element)->next) (element)->next->prev = (element)->prev; \
if ((element)->prev) (element)->prev->next = (element)->next; \
else (head)[pk11_hash(id,hash_size)] = ((element)->next); \
else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
(element)->next = NULL; \
(element)->prev = NULL; \
#define pk11queue_init_element(element) \
#define sftkqueue_init_element(element) \
(element)->prev = NULL;
#define pk11queue_add2(element, id, index, head) \
#define sftkqueue_add2(element, id, index, head) \
{ \
(element)->next = (head)[index]; \
if ((head)[index]) \
@ -453,19 +453,19 @@ struct PK11SSLMACInfoStr {
(head)[index] = (element); \
}
#define pk11queue_find2(element, id, index, head) \
#define sftkqueue_find2(element, id, index, head) \
for ( (element) = (head)[index]; \
(element) != NULL; \
(element) = (element)->next) { \
if ((element)->handle == (id)) { break; } \
}
#define pk11queue_delete2(element, id, index, head) \
#define sftkqueue_delete2(element, id, index, head) \
if ((element)->next) (element)->next->prev = (element)->prev; \
if ((element)->prev) (element)->prev->next = (element)->next; \
else (head)[index] = ((element)->next);
#define pk11queue_clear_deleted_element(element) \
#define sftkqueue_clear_deleted_element(element) \
(element)->next = NULL; \
(element)->prev = NULL; \
@ -473,20 +473,20 @@ struct PK11SSLMACInfoStr {
/* sessionID (handle) is used to determine session lock bucket */
#ifdef NOSPREAD
/* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */
#define PK11_SESSION_LOCK(slot,handle) \
#define SFTK_SESSION_LOCK(slot,handle) \
((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
& (slot)->sessionLockMask])
#else
/* SPREAD: ID & (perbucket-1) */
#define PK11_SESSION_LOCK(slot,handle) \
#define SFTK_SESSION_LOCK(slot,handle) \
((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
#endif
/* expand an attribute & secitem structures out */
#define pk11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
#define pk11_item_expand(ip) (ip)->data,(ip)->len
#define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
#define sftk_item_expand(ip) (ip)->data,(ip)->len
typedef struct pk11_token_parametersStr {
typedef struct sftk_token_parametersStr {
CK_SLOT_ID slotID;
char *configdir;
char *certPrefix;
@ -500,9 +500,9 @@ typedef struct pk11_token_parametersStr {
PRBool forceOpen;
PRBool pwRequired;
PRBool optimizeSpace;
} pk11_token_parameters;
} sftk_token_parameters;
typedef struct pk11_parametersStr {
typedef struct sftk_parametersStr {
char *configdir;
char *secmodName;
char *man;
@ -513,9 +513,9 @@ typedef struct pk11_parametersStr {
PRBool forceOpen;
PRBool pwRequired;
PRBool optimizeSpace;
pk11_token_parameters *tokens;
sftk_token_parameters *tokens;
int token_count;
} pk11_parameters;
} sftk_parameters;
/* machine dependent path stuff used by dbinit.c and pk11db.c */
@ -538,88 +538,88 @@ extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
/* shared functions between PKCS11.c and PK11FIPS.c */
extern CK_RV PK11_SlotInit(char *configdir,pk11_token_parameters *params,
/* shared functions between PKCS11.c and SFTKFIPS.c */
extern CK_RV SFTK_SlotInit(char *configdir,sftk_token_parameters *params,
int moduleIndex);
/* internal utility functions used by pkcs11.c */
extern PK11Attribute *pk11_FindAttribute(PK11Object *object,
extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
CK_ATTRIBUTE_TYPE type);
extern void pk11_FreeAttribute(PK11Attribute *attribute);
extern CK_RV pk11_AddAttributeType(PK11Object *object, CK_ATTRIBUTE_TYPE type,
extern void sftk_FreeAttribute(SFTKAttribute *attribute);
extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
void *valPtr,
CK_ULONG length);
extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
PK11Object *object, CK_ATTRIBUTE_TYPE type);
extern unsigned int pk11_GetLengthInBits(unsigned char *buf,
extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
SFTKObject *object, CK_ATTRIBUTE_TYPE type);
extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
unsigned int bufLen);
extern CK_RV pk11_ConstrainAttribute(PK11Object *object,
extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,
CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
extern PRBool pk11_hasAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type);
extern PRBool pk11_isTrue(PK11Object *object, CK_ATTRIBUTE_TYPE type);
extern void pk11_DeleteAttributeType(PK11Object *object,
extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
extern void sftk_DeleteAttributeType(SFTKObject *object,
CK_ATTRIBUTE_TYPE type);
extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
PK11Object *object, CK_ATTRIBUTE_TYPE type);
extern CK_RV pk11_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
PK11Object *object,
extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
SFTKObject *object, CK_ATTRIBUTE_TYPE type);
extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
SFTKObject *object,
CK_ATTRIBUTE_TYPE type);
extern PK11ModifyType pk11_modifyType(CK_ATTRIBUTE_TYPE type,
extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
CK_OBJECT_CLASS inClass);
extern PRBool pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
extern char *pk11_getString(PK11Object *object, CK_ATTRIBUTE_TYPE type);
extern void pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type);
extern CK_RV pk11_GetULongAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
CK_ULONG *longData);
extern CK_RV pk11_forceAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
void *value, unsigned int len);
extern CK_RV pk11_defaultAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type,
extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
void *value, unsigned int len);
extern unsigned int pk11_MapTrust(CK_TRUST trust, PRBool clientAuth);
extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
extern PK11Object *pk11_NewObject(PK11Slot *slot);
extern CK_RV pk11_CopyObject(PK11Object *destObject, PK11Object *srcObject);
extern PK11FreeStatus pk11_FreeObject(PK11Object *object);
extern CK_RV pk11_DeleteObject(PK11Session *session, PK11Object *object);
extern void pk11_ReferenceObject(PK11Object *object);
extern PK11Object *pk11_ObjectFromHandle(CK_OBJECT_HANDLE handle,
PK11Session *session);
extern void pk11_AddSlotObject(PK11Slot *slot, PK11Object *object);
extern void pk11_AddObject(PK11Session *session, PK11Object *object);
extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
extern void sftk_ReferenceObject(SFTKObject *object);
extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
SFTKSession *session);
extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
extern CK_RV pk11_searchObjectList(PK11SearchResults *search,
PK11Object **head, unsigned int size,
extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
SFTKObject **head, unsigned int size,
PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
int count, PRBool isLoggedIn);
extern PK11ObjectListElement *pk11_FreeObjectListElement(
PK11ObjectListElement *objectList);
extern void pk11_FreeObjectList(PK11ObjectListElement *objectList);
extern void pk11_FreeSearch(PK11SearchResults *search);
extern CK_RV pk11_handleObject(PK11Object *object, PK11Session *session);
extern SFTKObjectListElement *sftk_FreeObjectListElement(
SFTKObjectListElement *objectList);
extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
extern void sftk_FreeSearch(SFTKSearchResults *search);
extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
extern PK11Slot *pk11_SlotFromID(CK_SLOT_ID slotID);
extern PK11Slot *pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
extern PK11Session *pk11_SessionFromHandle(CK_SESSION_HANDLE handle);
extern void pk11_FreeSession(PK11Session *session);
extern PK11Session *pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID);
extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
extern void sftk_FreeSession(SFTKSession *session);
extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
CK_VOID_PTR pApplication, CK_FLAGS flags);
extern void pk11_update_state(PK11Slot *slot,PK11Session *session);
extern void pk11_update_all_states(PK11Slot *slot);
extern void pk11_FreeContext(PK11SessionContext *context);
extern void pk11_InitFreeLists(void);
extern void pk11_CleanupFreeLists(void);
extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
extern void sftk_update_all_states(SFTKSlot *slot);
extern void sftk_FreeContext(SFTKSessionContext *context);
extern void sftk_InitFreeLists(void);
extern void sftk_CleanupFreeLists(void);
extern NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,
extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
CK_KEY_TYPE key_type, CK_RV *crvp);
extern NSSLOWKEYPrivateKey *pk11_GetPrivKey(PK11Object *object,
extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
CK_KEY_TYPE key_type, CK_RV *crvp);
extern void pk11_FormatDESKey(unsigned char *key, int length);
extern PRBool pk11_CheckDESKey(unsigned char *key);
extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
extern void sftk_FormatDESKey(unsigned char *key, int length);
extern PRBool sftk_CheckDESKey(unsigned char *key);
extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed,
extern CK_RV secmod_parseParameters(char *param, sftk_parameters *parsed,
PRBool isFIPS);
extern void secmod_freeParams(pk11_parameters *params);
extern void secmod_freeParams(sftk_parameters *params);
extern char *secmod_getSecmodName(char *params, char **domain,
char **filename, PRBool *rw);
extern char ** secmod_ReadPermDB(const char *domain, const char *filename,
@ -631,7 +631,7 @@ extern SECStatus secmod_AddPermDB(const char *domain, const char *filename,
extern SECStatus secmod_ReleasePermDBData(const char *domain,
const char *filename, const char *dbname, char **specList, PRBool rw);
/* mechanism allows this operation */
extern CK_RV pk11_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
/*
* OK there are now lots of options here, lets go through them all:
*
@ -649,47 +649,47 @@ extern CK_RV pk11_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE
* forceOpen - Continue to force initializations even if the databases cannot
* be opened.
*/
CK_RV pk11_DBInit(const char *configdir, const char *certPrefix,
CK_RV sftk_DBInit(const char *configdir, const char *certPrefix,
const char *keyPrefix, PRBool readOnly, PRBool noCertDB,
PRBool noKeyDB, PRBool forceOpen,
NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB);
void pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
void sftk_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
NSSLOWKEYDBHandle *keyHandle);
const char *pk11_EvaluateConfigDir(const char *configdir, char **domain);
const char *sftk_EvaluateConfigDir(const char *configdir, char **domain);
/*
* narrow objects
*/
PK11SessionObject * pk11_narrowToSessionObject(PK11Object *);
PK11TokenObject * pk11_narrowToTokenObject(PK11Object *);
SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
/*
* token object utilities
*/
void pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle);
PRBool pk11_poisonHandle(PK11Slot *slot, SECItem *dbkey,
void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,
CK_OBJECT_HANDLE handle);
PRBool pk11_tokenMatch(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
PRBool sftk_tokenMatch(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
CK_ATTRIBUTE_PTR theTemplate,int count);
CK_OBJECT_HANDLE pk11_mkHandle(PK11Slot *slot,
CK_OBJECT_HANDLE sftk_mkHandle(SFTKSlot *slot,
SECItem *dbKey, CK_OBJECT_HANDLE class);
PK11Object * pk11_NewTokenObject(PK11Slot *slot, SECItem *dbKey,
SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,
CK_OBJECT_HANDLE handle);
PK11TokenObject *pk11_convertSessionToToken(PK11Object *so);
SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
/****************************************
* implement TLS Pseudo Random Function (PRF)
*/
extern SECStatus
pk11_PRF(const SECItem *secret, const char *label, SECItem *seed,
sftk_PRF(const SECItem *secret, const char *label, SECItem *seed,
SECItem *result, PRBool isFIPS);
extern CK_RV
pk11_TLSPRFInit(PK11SessionContext *context,
PK11Object * key,
sftk_TLSPRFInit(SFTKSessionContext *context,
SFTKObject * key,
CK_KEY_TYPE key_type);
SEC_END_PROTOS

1114
security/nss/lib/softoken/pkcs11u.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

8
security/nss/lib/softoken/softoken.h
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: softoken.h,v 1.6 2004/04/27 23:04:38 gerv%gerv.net Exp $ */
/* $Id: softoken.h,v 1.7 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */
#ifndef _SOFTOKEN_H_
#define _SOFTOKEN_H_
@ -46,7 +46,7 @@
#include "softoknt.h"
#include "secoidt.h"
#include "pkcs11t.h" /* CK_RV Required for pk11_fipsPowerUpSelfTest(). */
#include "pkcs11t.h" /* CK_RV Required for sftk_fipsPowerUpSelfTest(). */
SEC_BEGIN_PROTOS
@ -152,12 +152,12 @@ extern unsigned char * DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf,
** Power-Up selftests required for FIPS and invoked only
** under PKCS #11 FIPS mode.
*/
extern CK_RV pk11_fipsPowerUpSelfTest( void );
extern CK_RV sftk_fipsPowerUpSelfTest( void );
/*
** make known fixed PKCS #11 key types to their sizes in bytes
*/
unsigned long pk11_MapKeySize(CK_KEY_TYPE keyType);
unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
SEC_END_PROTOS

54
security/nss/lib/softoken/tlsprf.c
Просмотреть файл

@ -35,19 +35,19 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: tlsprf.c,v 1.4 2004/04/27 23:04:38 gerv%gerv.net Exp $ */
/* $Id: tlsprf.c,v 1.5 2005/03/29 18:21:18 nelsonb%netscape.com Exp $ */
#include "pkcs11i.h"
#include "sechash.h"
#include "alghmac.h"
#define PK11_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
#define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
#define PHASH_STATE_MAX_LEN 20
/* TLS P_hash function */
static SECStatus
pk11_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
sftk_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
SECItem *seed, SECItem *result, PRBool isFIPS)
{
unsigned char state[PHASH_STATE_MAX_LEN];
@ -119,7 +119,7 @@ loser:
}
SECStatus
pk11_PRF(const SECItem *secret, const char *label, SECItem *seed,
sftk_PRF(const SECItem *secret, const char *label, SECItem *seed,
SECItem *result, PRBool isFIPS)
{
SECStatus rv = SECFailure, status;
@ -145,11 +145,11 @@ pk11_PRF(const SECItem *secret, const char *label, SECItem *seed,
goto loser;
tmp.len = result->len;
status = pk11_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS);
status = sftk_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS);
if (status != SECSuccess)
goto loser;
status = pk11_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS);
status = sftk_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS);
if (status != SECSuccess)
goto loser;
@ -164,7 +164,7 @@ loser:
return rv;
}
static void pk11_TLSPRFNull(void *data, PRBool freeit)
static void sftk_TLSPRFNull(void *data, PRBool freeit)
{
return;
}
@ -181,7 +181,7 @@ typedef struct {
} TLSPRFContext;
static void
pk11_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data,
sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data,
unsigned int data_len)
{
PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen;
@ -211,7 +211,7 @@ pk11_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data,
}
static void
pk11_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout,
sftk_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout,
unsigned int *pDigestLen, unsigned int maxDigestLen)
{
*pDigestLen = 0; /* tells Verify that no data has been input yet. */
@ -219,7 +219,7 @@ pk11_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout,
/* Compute the PRF values from the data previously input. */
static SECStatus
pk11_TLSPRFUpdate(TLSPRFContext *cx,
sftk_TLSPRFUpdate(TLSPRFContext *cx,
unsigned char *sig, /* output goes here. */
unsigned int * sigLen, /* how much output. */
unsigned int maxLen, /* output buffer size */
@ -243,7 +243,7 @@ pk11_TLSPRFUpdate(TLSPRFContext *cx,
sigItem.data = sig;
sigItem.len = maxLen;
rv = pk11_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS);
rv = sftk_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS);
if (rv == SECSuccess && sigLen != NULL)
*sigLen = sigItem.len;
return rv;
@ -251,7 +251,7 @@ pk11_TLSPRFUpdate(TLSPRFContext *cx,
}
static SECStatus
pk11_TLSPRFVerify(TLSPRFContext *cx,
sftk_TLSPRFVerify(TLSPRFContext *cx,
unsigned char *sig, /* input, for comparison. */
unsigned int sigLen, /* length of sig. */
unsigned char *hash, /* data to be verified. */
@ -267,9 +267,9 @@ pk11_TLSPRFVerify(TLSPRFContext *cx,
/* hashLen is non-zero when the user does a one-step verify.
** In this case, none of the data has been input yet.
*/
pk11_TLSPRFHashUpdate(cx, hash, hashLen);
sftk_TLSPRFHashUpdate(cx, hash, hashLen);
}
rv = pk11_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
if (rv == SECSuccess) {
rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
}
@ -278,7 +278,7 @@ pk11_TLSPRFVerify(TLSPRFContext *cx,
}
static void
pk11_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
{
if (freeit) {
if (cx->cxBufPtr != cx->cxBuf)
@ -288,11 +288,11 @@ pk11_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
}
CK_RV
pk11_TLSPRFInit(PK11SessionContext *context,
PK11Object * key,
sftk_TLSPRFInit(SFTKSessionContext *context,
SFTKObject * key,
CK_KEY_TYPE key_type)
{
PK11Attribute * keyVal;
SFTKAttribute * keyVal;
TLSPRFContext * prf_cx;
CK_RV crv = CKR_HOST_MEMORY;
PRUint32 keySize;
@ -303,7 +303,7 @@ pk11_TLSPRFInit(PK11SessionContext *context,
context->multi = PR_TRUE;
keyVal = pk11_FindAttribute(key, CKA_VALUE);
keyVal = sftk_FindAttribute(key, CKA_VALUE);
keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen;
blockSize = keySize + sizeof(TLSPRFContext);
prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
@ -312,7 +312,7 @@ pk11_TLSPRFInit(PK11SessionContext *context,
prf_cx->cxSize = blockSize;
prf_cx->cxKeyLen = keySize;
prf_cx->cxDataLen = 0;
prf_cx->cxBufSize = blockSize - PK11_OFFSETOF(TLSPRFContext, cxBuf);
prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf);
prf_cx->cxRv = SECSuccess;
prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID);
prf_cx->cxBufPtr = prf_cx->cxBuf;
@ -321,17 +321,17 @@ pk11_TLSPRFInit(PK11SessionContext *context,
context->hashInfo = (void *) prf_cx;
context->cipherInfo = (void *) prf_cx;
context->hashUpdate = (PK11Hash) pk11_TLSPRFHashUpdate;
context->end = (PK11End) pk11_TLSPRFEnd;
context->update = (PK11Cipher) pk11_TLSPRFUpdate;
context->verify = (PK11Verify) pk11_TLSPRFVerify;
context->destroy = (PK11Destroy) pk11_TLSPRFNull;
context->hashdestroy = (PK11Destroy) pk11_TLSPRFHashDestroy;
context->hashUpdate = (SFTKHash) sftk_TLSPRFHashUpdate;
context->end = (SFTKEnd) sftk_TLSPRFEnd;
context->update = (SFTKCipher) sftk_TLSPRFUpdate;
context->verify = (SFTKVerify) sftk_TLSPRFVerify;
context->destroy = (SFTKDestroy) sftk_TLSPRFNull;
context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy;
crv = CKR_OK;
done:
if (keyVal)
pk11_FreeAttribute(keyVal);
sftk_FreeAttribute(keyVal);
return crv;
}