Bug 298906 crash when accepting new certificate permanently on taschenonkel.de

r=wtc, sr=nelson

security/nss/lib/softoken/lowcert.c

@@ -38,7 +38,7 @@
 /*
  * Certificate handling code
  *
- * $Id: lowcert.c,v 1.18 2004-04-25 15:03:16 gerv%gerv.net Exp $
+ * $Id: lowcert.c,v 1.19 2005-08-01 18:23:55 relyea%netscape.com Exp $
  */
 
 #include "seccomon.h"
@@ -50,6 +50,7 @@
 #include "pcert.h"
 #include "secasn1.h"
 #include "secoid.h"
+#include "secerr.h"
 
 #ifdef NSS_ENABLE_ECC
 extern SECStatus EC_FillParams(PRArenaPool *arena, 
@@ -362,21 +363,41 @@ nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb)
 
 #define SOFT_DEFAULT_CHUNKSIZE 2048
 
-
 static SECStatus
-nsslowcert_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn,
-			SECItem *key)
+nsslowcert_KeyFromIssuerAndSN(PRArenaPool *arena, 
+			      SECItem *issuer, SECItem *sn, SECItem *key)
 {
     unsigned int len = sn->len + issuer->len;
 
-
-    if (arena) {
-	key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
-    } else {
-	if (len > key->len) {
-	    key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
-	}
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	goto loser;
     }
+    key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
+    if ( !key->data ) {
+	goto loser;
+    }
+
+    key->len = len;
+    /* copy the serialNumber */
+    PORT_Memcpy(key->data, sn->data, sn->len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
+
+    return(SECSuccess);
+
+loser:
+    return(SECFailure);
+}
+
+static SECStatus
+nsslowcert_KeyFromIssuerAndSNStatic(unsigned char *space,
+	int spaceLen, SECItem *issuer, SECItem *sn, SECItem *key)
+{
+    unsigned int len = sn->len + issuer->len;
+
+    key->data = pkcs11_allocStaticData(len, space, spaceLen);
     if ( !key->data ) {
 	goto loser;
     }
@@ -430,10 +451,9 @@ nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname)
     cert ->trust = NULL;
 
     /* generate and save the database key for the cert */
-    cert->certKey.data = cert->certKeySpace;
-    cert->certKey.len = sizeof(cert->certKeySpace);
-    rv = nsslowcert_KeyFromIssuerAndSN(NULL, &cert->derIssuer, 
-					&cert->serialNumber, &cert->certKey);
+    rv = nsslowcert_KeyFromIssuerAndSNStatic(cert->certKeySpace,
+		sizeof(cert->certKeySpace), &cert->derIssuer, 
+		&cert->serialNumber, &cert->certKey);
     if ( rv ) {
 	goto loser;
     }

security/nss/lib/softoken/pcert.h

@@ -236,6 +236,9 @@ pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
 void
 pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
 
+unsigned char *
+pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
+
 unsigned char *
 pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
 						int spaceLen);

security/nss/lib/softoken/pkcs11.c

@@ -2346,7 +2346,7 @@ static PLHashTable *nscSlotHashTable[2] = {NULL, NULL};
 static int
 sftk_GetModuleIndex(CK_SLOT_ID slotID)
 {
-    if ((slotID == FIPS_SLOT_ID) || (slotID > 100)) {
+    if ((slotID == FIPS_SLOT_ID) || (slotID >= MIN_FIPS_USER_SLOT_ID)) {
 	return NSC_FIPS_MODULE;
     }
     return NSC_NON_FIPS_MODULE;
@@ -2357,9 +2357,13 @@ sftk_GetModuleIndex(CK_SLOT_ID slotID)
 SFTKSlot *
 sftk_SlotFromID(CK_SLOT_ID slotID)
 {
+    SFTKSlot *slot;
     int index = sftk_GetModuleIndex(slotID);
-    return (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index], 
+    slot = (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index], 
 							(void *)slotID);
+    /* cleared slots shouldn't 'show up' */
+    if (slot && slot->slotID == 0) slot = NULL;
+    return slot;
 }
 
 SFTKSlot *
@@ -2462,21 +2466,30 @@ sftk_DBVerify(SFTKSlot *slot)
     return;
 }
 
-/* forward static declaration. */
-static CK_RV sftk_DestroySlotData(SFTKSlot *slot);
-
 /*
  * initialize one of the slot structures. figure out which by the ID
  */
 CK_RV
-SFTK_SlotInit(char *configdir,sftk_token_parameters *params, int moduleIndex)
+SFTK_SlotInit(SFTKSlot *slot,
+	char *configdir,sftk_token_parameters *params, int moduleIndex)
 {
     unsigned int i;
     CK_SLOT_ID slotID = params->slotID;
-    SFTKSlot *slot = PORT_ZNew(SFTKSlot);
     PRBool needLogin = !params->noKeyDB;
+    PRBool reinit = PR_TRUE;
     CK_RV crv;
 
+    /* if slot as been supplied, we are reinitializing and existing slot.
+     * this means that we preserve some fields and don't try to register
+     * the slot again. To applications it looks like a token removal and
+     * insertion event . If we don't supply a slot (the normal case), we
+     * are creating a new slot, and thus need to fully initialize everything
+     * as well as registering the slot. */
+    if (slot == NULL) {
+	slot = PORT_ZNew(SFTKSlot);
+	reinit = PR_FALSE;
+    }
+
     if (slot == NULL) {
 	return CKR_HOST_MEMORY;
     }
@@ -2520,11 +2533,17 @@ SFTK_SlotInit(char *configdir,sftk_token_parameters *params, int moduleIndex)
 
     slot->password = NULL;
     slot->hasTokens = PR_FALSE;
-    slot->sessionIDCount = 0;
+    /* if we are reinitalizing, don't clear the sessionIDCount 
+     * and tokenIDCount. We don't want the application to think that old
+     * sessions and tokens from the previous instance are still valid.
+     */
+    if (!reinit) {
+	slot->sessionIDCount = 0;
+	slot->tokenIDCount = 1;
+    }
     slot->sessionIDConflict = 0;
     slot->sessionCount = 0;
     slot->rwSessionCount = 0;
-    slot->tokenIDCount = 1;
     slot->needLogin = PR_FALSE;
     slot->isLoggedIn = PR_FALSE;
     slot->ssoLoggedIn = PR_FALSE;
@@ -2565,16 +2584,20 @@ SFTK_SlotInit(char *configdir,sftk_token_parameters *params, int moduleIndex)
 	    slot->minimumPinLen = 1;
 	}
     }
-    crv = sftk_RegisterSlot(slot, moduleIndex);
-    if (crv != CKR_OK) {
-	goto loser;
+    if (!reinit) {
+	crv = sftk_RegisterSlot(slot, moduleIndex);
+	if (crv != CKR_OK) {
+	    goto loser;
+	}
     }
     return CKR_OK;
 
 mem_loser:
     crv = CKR_HOST_MEMORY;
 loser:
-    sftk_DestroySlotData(slot);
+    /* if we are reinitting the slot, don't free it, it's still on the slot
+     * list. */
+    SFTK_DestroySlotData(slot, !reinit);
     return crv;
 }
 
@@ -2590,8 +2613,8 @@ sftk_freeHashItem(PLHashEntry* entry, PRIntn index, void *arg)
 /*
  * initialize one of the slot structures. figure out which by the ID
  */
-static CK_RV
-sftk_DestroySlotData(SFTKSlot *slot)
+CK_RV
+SFTK_DestroySlotData(SFTKSlot *slot, PRBool freeit)
 {
     unsigned int i;
 
@@ -2645,7 +2668,17 @@ sftk_DestroySlotData(SFTKSlot *slot)
     slot->sessHashSize = 0;
     sftk_DBShutdown(slot->certDB,slot->keyDB);
 
-    PORT_Free(slot);
+    if (freeit) {
+	PORT_Free(slot);
+    } else {
+	/* paranoia, init should reinitialize everything. Note: we need to
+	 * preserve the sessionID and tokenID counts */
+	unsigned long sessionIDCount = slot->sessionIDCount;
+	unsigned long tokenIDCount = slot->tokenIDCount;
+	PORT_Memset(slot,0,sizeof(*slot));
+	slot->sessionIDCount = sessionIDCount;
+	slot->tokenIDCount = tokenIDCount;
+    }
     return CKR_OK;
 }
 
@@ -2717,7 +2750,7 @@ static void nscFreeAllSlots(int moduleIndex)
 			PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
 	    PORT_Assert(slot);
 	    if (!slot) continue;
-	    sftk_DestroySlotData(slot);
+	    SFTK_DestroySlotData(slot, PR_TRUE);
 	    PL_HashTableRemove(tmpSlotHashTable, (void *)slotID);
 	}
 	PORT_Free(tmpSlotList);
@@ -2827,8 +2860,8 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
 	}
 
 	for (i=0; i < paramStrings.token_count; i++) {
-	    crv = 
-		SFTK_SlotInit(paramStrings.configdir, &paramStrings.tokens[i],
+	    crv = SFTK_SlotInit(NULL, paramStrings.configdir, 
+			&paramStrings.tokens[i],
 			moduleIndex);
 	    if (crv != CKR_OK) {
                 nscFreeAllSlots(moduleIndex);
@@ -2927,7 +2960,7 @@ CK_RV  NSC_GetInfo(CK_INFO_PTR pInfo)
 
     c = __nss_softokn_rcsid[0] + __nss_softokn_sccsid[0]; 
     pInfo->cryptokiVersion.major = 2;
-    pInfo->cryptokiVersion.minor = 11;
+    pInfo->cryptokiVersion.minor = 20;
     PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
     pInfo->libraryVersion.major = NSS_VMAJOR;
     pInfo->libraryVersion.minor = NSS_VMINOR;
@@ -2969,6 +3002,10 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
     PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
     PORT_Memcpy(pInfo->slotDescription,slot->slotDescription,64);
     pInfo->flags = CKF_TOKEN_PRESENT;
+    /* all user defined slots are defined as removable */
+    if (slotID > MIN_USER_SLOT_ID) {
+	pInfo->flags |= CKF_REMOVABLE_DEVICE;
+    }
     /* ok we really should read it out of the keydb file. */
     /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */
     pInfo->hardwareVersion.major = NSS_VMAJOR;
@@ -3661,6 +3698,81 @@ CK_RV NSC_Logout(CK_SESSION_HANDLE hSession)
     return CKR_OK;
 }
 
+/*
+ * Create a new slot on the fly. The slot that is passed in is the
+ * slot the request came from. Only the crypto or FIPS slots can
+ * be used. The resulting slot will live in the same module as
+ * the slot the request was passed to. object is the creation object
+ * that specifies the module spec for the new slot.
+ */
+static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, SFTKObject *object)
+{
+    CK_SLOT_ID idMin, idMax;
+    PRBool isFIPS = PR_FALSE;
+    unsigned long moduleIndex;
+    SFTKAttribute *attribute;
+    sftk_parameters paramStrings;
+    char *paramString;
+    CK_RV crv = CKR_OK;
+    int i;
+
+    /* only the crypto or FIPS slots can create new slot objects */
+    if (slot->slotID == NETSCAPE_SLOT_ID) {
+	idMin = MIN_USER_SLOT_ID;
+	idMax = MAX_USER_SLOT_ID;
+	moduleIndex = NSC_NON_FIPS_MODULE;
+	isFIPS = PR_FALSE;
+    } else if (slot->slotID == FIPS_SLOT_ID) {
+	idMin = MIN_FIPS_USER_SLOT_ID;
+	idMax = MAX_FIPS_USER_SLOT_ID;
+	moduleIndex = NSC_FIPS_MODULE;
+	isFIPS = PR_TRUE;
+    } else {
+	return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    attribute = sftk_FindAttribute(object,CKA_NETSCAPE_MODULE_SPEC);
+    if (attribute == NULL) {
+	return CKR_TEMPLATE_INCOMPLETE;
+    }
+    paramString = (unsigned char *)attribute->attrib.pValue;
+    crv = secmod_parseParameters(paramString, &paramStrings, isFIPS);
+    if (crv != CKR_OK) {
+	goto loser;
+    }
+
+    /* The API allows initialization of several tokens at once,
+     * but there is no way to back out reinitialization should one
+     * of these functions fail. In general it's probably best to
+     * only initialize one slot at a time here */
+    for (i=0; i < paramStrings.token_count; i++) {
+	CK_SLOT_ID slotID = paramStrings.tokens[i].slotID;
+	SFTKSlot *newSlot;
+
+	if ((slotID < idMin) || (slotID > idMax)) {
+	    crv = CKR_ATTRIBUTE_VALUE_INVALID;
+	    goto loser;
+	}
+
+        newSlot = sftk_SlotFromID(slotID);
+	if (newSlot) {
+	    crv = SFTK_DestroySlotData(newSlot, PR_FALSE);
+	    if (crv != CKR_OK) {
+		goto loser;
+	    }
+	}
+	crv = SFTK_SlotInit(newSlot, paramStrings.configdir, 
+			&paramStrings.tokens[i], moduleIndex);
+	if (crv != CKR_OK) {
+	    goto loser;
+	}
+    }
+loser:
+    secmod_freeParams(&paramStrings);
+    sftk_FreeAttribute(attribute);
+
+    return crv;
+}
+
 
 /* NSC_CreateObject creates a new object. */
 CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession,
@@ -3670,6 +3782,7 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession,
     SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
     SFTKSession *session;
     SFTKObject *object;
+    CK_OBJECT_CLASS class;
     CK_RV crv;
     int i;
 
@@ -3691,6 +3804,9 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession,
 	    sftk_FreeObject(object);
 	    return crv;
 	}
+	if ((pTemplate[i].type == CKA_CLASS) && pTemplate[i].pValue) {
+	    class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+	}
     }
 
     /* get the session */
@@ -3700,11 +3816,20 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession,
         return CKR_SESSION_HANDLE_INVALID;
     }
 
+    /*
+     * handle pseudo objects (CKO_NEWSLOT)
+     */
+    if (class == CKO_NETSCAPE_NEWSLOT) {
+	crv = sftk_CreateNewSlot(slot, object);
+	goto done;
+    } 
+
     /*
      * handle the base object stuff
      */
     crv = sftk_handleObject(object,session);
     *phObject = object->handle;
+done:
     sftk_FreeSession(session);
     sftk_FreeObject(object);
 
@@ -3712,6 +3837,7 @@ CK_RV NSC_CreateObject(CK_SESSION_HANDLE hSession,
 }
 
 
+
 /* NSC_CopyObject copies an object, creating a new object for the copy. */
 CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession,
        CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,

security/nss/lib/softoken/pkcs11f.h

@@ -14,7 +14,7 @@
  * The Original Code is the Netscape security libraries.
  *
  * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
+ * RSA Security INC.
  * Portions created by the Initial Developer are Copyright (C) 1994-2000
  * the Initial Developer. All Rights Reserved.
  *
@@ -152,10 +152,10 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
 /* C_InitToken initializes a token. */
 CK_PKCS11_FUNCTION_INFO(C_InitToken)
 #ifdef CK_NEED_ARG_LIST
-(
 /* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
+(
   CK_SLOT_ID         slotID,    /* ID of the token's slot */
-  CK_CHAR_PTR        pPin,      /* the SO's initial PIN */
+  CK_UTF8CHAR_PTR    pPin,      /* the SO's initial PIN */
   CK_ULONG           ulPinLen,  /* length in bytes of the PIN */
   CK_UTF8CHAR_PTR    pLabel     /* 32-byte token label (blank padded) */
 );
@@ -167,7 +167,7 @@ CK_PKCS11_FUNCTION_INFO(C_InitPIN)
 #ifdef CK_NEED_ARG_LIST
 (
   CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_CHAR_PTR       pPin,      /* the normal user's PIN */
+  CK_UTF8CHAR_PTR   pPin,      /* the normal user's PIN */
   CK_ULONG          ulPinLen   /* length in bytes of the PIN */
 );
 #endif
@@ -178,9 +178,9 @@ CK_PKCS11_FUNCTION_INFO(C_SetPIN)
 #ifdef CK_NEED_ARG_LIST
 (
   CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_CHAR_PTR       pOldPin,   /* the old PIN */
+  CK_UTF8CHAR_PTR   pOldPin,   /* the old PIN */
   CK_ULONG          ulOldLen,  /* length of the old PIN */
-  CK_CHAR_PTR       pNewPin,   /* the new PIN */
+  CK_UTF8CHAR_PTR   pNewPin,   /* the new PIN */
   CK_ULONG          ulNewLen   /* length of the new PIN */
 );
 #endif

security/nss/lib/softoken/pkcs11i.h

@@ -411,6 +411,10 @@ struct SFTKSSLMACInfoStr {
 #define NETSCAPE_SLOT_ID 1
 #define PRIVATE_KEY_SLOT_ID 2
 #define FIPS_SLOT_ID 3
+#define MIN_USER_SLOT_ID 4
+#define MAX_USER_SLOT_ID 100
+#define MIN_FIPS_USER_SLOT_ID 101
+#define MAX_FIPS_USER_SLOT_ID 127
 
 /* slot helper macros */
 #define sftk_SlotFromSession(sp) ((sp)->slot)
@@ -539,8 +543,10 @@ extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, 
 	CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
 /* shared functions between PKCS11.c and SFTKFIPS.c */
-extern CK_RV SFTK_SlotInit(char *configdir,sftk_token_parameters *params, 
-							int moduleIndex);
+extern CK_RV SFTK_SlotInit(SFTKSlot *slot, char *configdir,
+			sftk_token_parameters *params, int moduleIndex);
+extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot, PRBool freeit);
+
 
 /* internal utility functions used by pkcs11.c */
 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,

security/nss/lib/softoken/pkcs11n.h

@@ -39,7 +39,7 @@
 #define _PKCS11N_H_
 
 #ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.12 $ $Date: 2005-01-20 02:25:50 $";
+static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.13 $ $Date: 2005-08-01 18:23:56 $";
 #endif /* DEBUG */
 
 /*
@@ -73,6 +73,7 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.12 $
 #define CKO_NETSCAPE_SMIME              (CKO_NETSCAPE + 2)
 #define CKO_NETSCAPE_TRUST              (CKO_NETSCAPE + 3)
 #define CKO_NETSCAPE_BUILTIN_ROOT_LIST  (CKO_NETSCAPE + 4)
+#define CKO_NETSCAPE_NEWSLOT            (CKO_NETSCAPE + 5)
 
 /*
  * Netscape-defined key types
@@ -106,6 +107,7 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.12 $
 #define CKA_NETSCAPE_PQG_SEED           (CKA_NETSCAPE +  21)
 #define CKA_NETSCAPE_PQG_H              (CKA_NETSCAPE +  22)
 #define CKA_NETSCAPE_PQG_SEED_BITS      (CKA_NETSCAPE +  23)
+#define CKA_NETSCAPE_MODULE_SPEC        (CKA_NETSCAPE +  24)
 
 /*
  * Trust attributes: