зеркало из https://github.com/mozilla/pjs.git
Bug 466745: Upgraded NSS to NSS_3_12_3_BETA3.
This commit is contained in:
Родитель
ea4bf7f811
Коммит
d20cedab70
|
@ -165,6 +165,10 @@ endif
|
|||
# Purify requires /FIXED:NO when linking EXEs.
|
||||
LDFLAGS += /FIXED:NO
|
||||
endif
|
||||
# Convert certain deadly warnings to errors (see list at end of file)
|
||||
OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 \
|
||||
-we4013 -we4015 -we4033 -we4035 -we4045 -we4053 -we4054 -we4063 \
|
||||
-we4064 -we4078 -we4087 -we4098 -we4390 -we4551 -we4553 -we4715
|
||||
endif # NS_USE_GCC
|
||||
|
||||
ifdef USE_64
|
||||
|
@ -306,3 +310,28 @@ ifndef TARGETS
|
|||
TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
|
||||
endif
|
||||
|
||||
# list of MSVC warnings converted to errors above:
|
||||
# 4002: too many actual parameters for macro 'identifier'
|
||||
# 4003: not enough actual parameters for macro 'identifier'
|
||||
# 4004: incorrect construction after 'defined'
|
||||
# 4006: #undef expected an identifier
|
||||
# 4009: string too big; trailing characters truncated
|
||||
# 4015: 'identifier' : type of bit field must be integral
|
||||
# 4033: 'function' must return a value
|
||||
# 4035: 'function' : no return value
|
||||
# 4045: 'identifier' : array bounds overflow
|
||||
# 4053: one void operand for '?:'
|
||||
# 4054: 'conversion' : from function pointer 'type1' to data pointer 'type2'
|
||||
# 4059: pascal string too big, length byte is length % 256
|
||||
# 4063: case 'identifier' is not a valid value for switch of enum 'identifier'
|
||||
# 4064: switch of incomplete enum 'identifier'
|
||||
# 4078: case constant 'value' too big for the type of the switch expression
|
||||
# 4087: 'function' : declared with 'void' parameter list
|
||||
# 4098: 'function' : void function returning a value
|
||||
# 4390: ';' : empty controlled statement found; is this the intent?
|
||||
# 4541: RTTI train wreck
|
||||
# 4715: not all control paths return a value
|
||||
# 4013: function undefined; assuming extern returning int
|
||||
# 4553: '==' : operator has no effect; did you intend '='?
|
||||
# 4551: function call missing argument list
|
||||
|
||||
|
|
|
@ -42,3 +42,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -3267,6 +3267,11 @@ int main(int argc, char **argv)
|
|||
SECU_PrintPRandOSError(progName);
|
||||
return -1;
|
||||
}
|
||||
rv = BL_Init();
|
||||
if (rv != SECSuccess) {
|
||||
SECU_PrintPRandOSError(progName);
|
||||
return -1;
|
||||
}
|
||||
RNG_SystemInfoForRNG();
|
||||
|
||||
rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* A lexical scanner generated by flex */
|
||||
|
||||
/* Scanner skeleton version:
|
||||
* $Header: /cvsroot/mozilla/security/nss/cmd/crlutil/crlgen_lex.c,v 1.1 2005/04/12 02:24:14 alexei.volkov.bugs%sun.com Exp $
|
||||
* $Header: /cvsroot/mozilla/security/nss/cmd/crlutil/crlgen_lex.c,v 1.2 2009/02/04 23:23:40 alexei.volkov.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#define FLEX_SCANNER
|
||||
|
@ -9,11 +9,12 @@
|
|||
#define YY_FLEX_MINOR_VERSION 5
|
||||
|
||||
#include <stdio.h>
|
||||
#ifndef _WIN32
|
||||
#ifdef _WIN32
|
||||
#include <io.h>
|
||||
#else
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
|
||||
/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
|
||||
#ifdef c_plusplus
|
||||
#ifndef __cplusplus
|
||||
|
@ -21,7 +22,6 @@
|
|||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
#include <stdlib.h>
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
/<unistd.h>/ {
|
||||
i #ifndef _WIN32
|
||||
i #ifdef _WIN32
|
||||
i #include <io.h>
|
||||
i #else
|
||||
a #endif
|
||||
}
|
||||
|
|
|
@ -360,15 +360,14 @@ CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle,
|
|||
PRFileDesc *inFile, PRInt32 decodeOptions,
|
||||
PRInt32 importOptions)
|
||||
{
|
||||
SECItem crlDER;
|
||||
SECItem crlDER = {0, NULL, 0};
|
||||
CERTSignedCrl *signCrl = NULL;
|
||||
CERTSignedCrl *modCrl = NULL;
|
||||
PRArenaPool *modArena = NULL;
|
||||
SECStatus rv = SECSuccess;
|
||||
|
||||
PORT_Assert(arena != NULL && certHandle != NULL &&
|
||||
certNickName != NULL);
|
||||
if (!arena || !certHandle || !certNickName) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n");
|
||||
return NULL;
|
||||
}
|
||||
|
@ -444,7 +443,9 @@ CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle,
|
|||
signCrl->arena = arena;
|
||||
|
||||
loser:
|
||||
SECITEM_FreeItem(&crlDER, PR_FALSE);
|
||||
if (crlDER.data) {
|
||||
SECITEM_FreeItem(&crlDER, PR_FALSE);
|
||||
}
|
||||
if (modCrl)
|
||||
SEC_DestroyCrl(modCrl);
|
||||
if (rv != SECSuccess && signCrl) {
|
||||
|
@ -466,8 +467,8 @@ CreateNewCrl(PRArenaPool *arena, CERTCertDBHandle *certHandle,
|
|||
|
||||
/* if the CERTSignedCrl structure changes, this function will need to be
|
||||
updated as well */
|
||||
PORT_Assert(cert != NULL);
|
||||
if (!cert || !arena) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
SECU_PrintError(progName, "invalid args for function "
|
||||
"CreateNewCrl\n");
|
||||
return NULL;
|
||||
|
@ -531,8 +532,8 @@ UpdateCrl(CERTSignedCrl *signCrl, PRFileDesc *inCrlInitFile)
|
|||
CRLGENGeneratorData *crlGenData = NULL;
|
||||
SECStatus rv;
|
||||
|
||||
PORT_Assert(signCrl != NULL && inCrlInitFile != NULL);
|
||||
if (!signCrl || !inCrlInitFile) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
SECU_PrintError(progName, "invalid args for function "
|
||||
"CreateNewCrl\n");
|
||||
return SECFailure;
|
||||
|
|
|
@ -741,6 +741,18 @@ int main(int argc, char **argv)
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
if (doForkTests)
|
||||
{
|
||||
/* In this next test, we fork and try to re-initialize softoken in
|
||||
* the child. This should now work because softoken has the ability
|
||||
* to hard reset.
|
||||
*/
|
||||
/* try to fork with softoken both loaded and initialized */
|
||||
crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
|
||||
if (crv != CKR_OK)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
crv = PKM_ShowInfo(pFunctionList, slotID);
|
||||
if (crv == CKR_OK) {
|
||||
PKM_LogIt("PKM_ShowInfo succeeded\n");
|
||||
|
|
|
@ -114,7 +114,7 @@ Usage(const char *progName)
|
|||
"\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
|
||||
"\t-s method flags\t Sets revocation flags for the method it follows.\n"
|
||||
"\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
|
||||
"\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failInNoInfo\".\n",
|
||||
"\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failIfNoInfo\".\n",
|
||||
progName);
|
||||
exit(1);
|
||||
}
|
||||
|
@ -258,7 +258,7 @@ getCert(const char *name, PRBool isAscii, const char * progName)
|
|||
#define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
|
||||
#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
|
||||
#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
|
||||
#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failInNoInfo"
|
||||
#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failIfNoInfo"
|
||||
|
||||
#define REV_METHOD_INDEX_MAX 4
|
||||
|
||||
|
@ -680,10 +680,6 @@ breakout:
|
|||
cvin[inParamIndex].value.scalar.b = certFetching;
|
||||
inParamIndex++;
|
||||
|
||||
cvin[inParamIndex].type = cert_pi_date;
|
||||
cvin[inParamIndex].value.scalar.time = time;
|
||||
inParamIndex++;
|
||||
|
||||
rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
|
||||
rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
|
||||
secStatus = configureRevocationParams(&rev);
|
||||
|
@ -696,6 +692,10 @@ breakout:
|
|||
cvin[inParamIndex].value.pointer.revocation = &rev;
|
||||
inParamIndex++;
|
||||
|
||||
cvin[inParamIndex].type = cert_pi_date;
|
||||
cvin[inParamIndex].value.scalar.time = time;
|
||||
inParamIndex++;
|
||||
|
||||
cvin[inParamIndex].type = cert_pi_end;
|
||||
|
||||
cvout[0].type = cert_po_trustAnchor;
|
||||
|
|
|
@ -54,7 +54,7 @@ typedef struct NameToKindStr {
|
|||
/* local type for directory string--could be printable_string or utf8 */
|
||||
#define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER
|
||||
|
||||
/* Add new entries to this table, and maybe to function CERT_ParseRFC1485AVA */
|
||||
/* Add new entries to this table, and maybe to function ParseRFC1485AVA */
|
||||
static const NameToKind name2kinds[] = {
|
||||
/* IANA registered type names
|
||||
* (See: http://www.iana.org/assignments/ldap-parameters)
|
||||
|
@ -361,10 +361,15 @@ loser:
|
|||
return SECFailure;
|
||||
}
|
||||
|
||||
|
||||
CERTAVA *
|
||||
CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
|
||||
PRBool singleAVA)
|
||||
/* Parses one AVA, starting at *pbp. Stops at endptr.
|
||||
* Advances *pbp past parsed AVA and trailing separator (if present).
|
||||
* On any error, returns NULL and *pbp is undefined.
|
||||
* On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was
|
||||
* the last character parsed. *pbp is either equal to endptr or
|
||||
* points to first character after separator.
|
||||
*/
|
||||
static CERTAVA *
|
||||
ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr)
|
||||
{
|
||||
CERTAVA *a;
|
||||
const NameToKind *n2k;
|
||||
|
@ -374,6 +379,7 @@ CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
|
|||
SECOidTag kind = SEC_OID_UNKNOWN;
|
||||
SECStatus rv = SECFailure;
|
||||
SECItem derOid = { 0, NULL, 0 };
|
||||
char sep = 0;
|
||||
|
||||
char tagBuf[32];
|
||||
char valBuf[384];
|
||||
|
@ -384,17 +390,15 @@ CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
/* insist that if we haven't finished we've stopped on a separator */
|
||||
bp = *pbp;
|
||||
if (bp < endptr) {
|
||||
if (singleAVA || (*bp != ',' && *bp != ';')) {
|
||||
*pbp = bp;
|
||||
goto loser;
|
||||
}
|
||||
/* ok, skip over separator */
|
||||
bp++;
|
||||
sep = *bp++; /* skip over separator */
|
||||
}
|
||||
*pbp = bp;
|
||||
/* if we haven't finished, insist that we've stopped on a separator */
|
||||
if (sep && sep != ',' && sep != ';' && sep != '+') {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* is this a dotted decimal OID attribute type ? */
|
||||
if (!PL_strncasecmp("oid.", tagBuf, 4)) {
|
||||
|
@ -459,7 +463,7 @@ ParseRFC1485Name(char *buf, int len)
|
|||
CERTName *name;
|
||||
char *bp, *e;
|
||||
CERTAVA *ava;
|
||||
CERTRDN *rdn;
|
||||
CERTRDN *rdn = NULL;
|
||||
|
||||
name = CERT_CreateName(NULL);
|
||||
if (name == NULL) {
|
||||
|
@ -469,12 +473,21 @@ ParseRFC1485Name(char *buf, int len)
|
|||
e = buf + len;
|
||||
bp = buf;
|
||||
while (bp < e) {
|
||||
ava = CERT_ParseRFC1485AVA(name->arena, &bp, e, PR_FALSE);
|
||||
if (ava == 0) goto loser;
|
||||
rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);
|
||||
if (rdn == 0) goto loser;
|
||||
rv = CERT_AddRDN(name, rdn);
|
||||
if (rv) goto loser;
|
||||
ava = ParseRFC1485AVA(name->arena, &bp, e);
|
||||
if (ava == 0)
|
||||
goto loser;
|
||||
if (!rdn) {
|
||||
rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);
|
||||
if (rdn == 0)
|
||||
goto loser;
|
||||
rv = CERT_AddRDN(name, rdn);
|
||||
} else {
|
||||
rv = CERT_AddAVA(name->arena, rdn, ava);
|
||||
}
|
||||
if (rv)
|
||||
goto loser;
|
||||
if (bp[-1] != '+')
|
||||
rdn = NULL; /* done with this RDN */
|
||||
skipSpace(&bp, e);
|
||||
}
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
/*
|
||||
* Certificate handling code
|
||||
*
|
||||
* $Id: certdb.c,v 1.95 2008/12/02 23:24:48 nelson%bolyard.com Exp $
|
||||
* $Id: certdb.c,v 1.96 2009/02/09 07:51:30 nelson%bolyard.com Exp $
|
||||
*/
|
||||
|
||||
#include "nssilock.h"
|
||||
|
@ -938,15 +938,15 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
/* determine if this is a root cert */
|
||||
cert->isRoot = cert_IsRootCert(cert);
|
||||
|
||||
/* initialize the certType */
|
||||
rv = cert_GetCertType(cert);
|
||||
if ( rv != SECSuccess ) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* determine if this is a root cert */
|
||||
cert->isRoot = cert_IsRootCert(cert);
|
||||
|
||||
tmpname = CERT_NameToAscii(&cert->subject);
|
||||
if ( tmpname != NULL ) {
|
||||
cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Moved from secpkcs7.c
|
||||
*
|
||||
* $Id: crl.c,v 1.60 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
|
||||
* $Id: crl.c,v 1.62 2009/02/05 20:31:26 nelson%bolyard.com Exp $
|
||||
*/
|
||||
|
||||
#include "cert.h"
|
||||
|
@ -732,6 +732,10 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
|
|||
crl = newCrl;
|
||||
crl->slot = PK11_ReferenceSlot(slot);
|
||||
crl->pkcs11ID = oldCrl->pkcs11ID;
|
||||
if (oldCrl->url && !url)
|
||||
url = oldCrl->url;
|
||||
if (url)
|
||||
crl->url = PORT_ArenaStrdup(crl->arena, url);
|
||||
goto done;
|
||||
}
|
||||
if (!SEC_CrlIsNewer(&newCrl->crl,&oldCrl->crl)) {
|
||||
|
@ -754,7 +758,7 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
|
|||
}
|
||||
|
||||
/* if we have a url in the database, use that one */
|
||||
if (oldCrl->url) {
|
||||
if (oldCrl->url && !url) {
|
||||
url = oldCrl->url;
|
||||
}
|
||||
|
||||
|
@ -1644,7 +1648,7 @@ static SECStatus DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate,
|
|||
rv = CachedCrl_Destroy(returned);
|
||||
returned = NULL;
|
||||
}
|
||||
else
|
||||
else if (vfdate)
|
||||
{
|
||||
rv = CachedCrl_Verify(cache, returned, vfdate, wincx);
|
||||
}
|
||||
|
|
|
@ -566,7 +566,7 @@ cert_CreatePkixProcessingParams(
|
|||
PKIX_PROCESSINGPARAMSSETDATEFAILED);
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_RevocationChecker_Create(date,
|
||||
PKIX_RevocationChecker_Create(
|
||||
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
|
||||
PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
|
||||
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
|
||||
|
@ -1650,13 +1650,8 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
|||
chainIMFlags =
|
||||
flags->chainTests.cert_rev_method_independent_flags;
|
||||
|
||||
error = PKIX_ProcessingParams_GetDate(procParams, &date, plContext);
|
||||
if (error != NULL) {
|
||||
errCode = SEC_ERROR_INVALID_TIME;
|
||||
}
|
||||
|
||||
error =
|
||||
PKIX_RevocationChecker_Create(date, leafIMFlags, chainIMFlags,
|
||||
PKIX_RevocationChecker_Create(leafIMFlags, chainIMFlags,
|
||||
&revChecker, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: crypto.c,v $ $Revision: 1.3 $ $Date: 2006/04/22 05:30:18 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: crypto.c,v $ $Revision: 1.4 $ $Date: 2009/02/09 07:55:51 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -101,7 +101,7 @@ nssCKFWCryptoOperation_Create(
|
|||
{
|
||||
NSSCKFWCryptoOperation *fwOperation;
|
||||
fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWCryptoOperation *)NULL;
|
||||
}
|
||||
|
@ -126,7 +126,7 @@ nssCKFWCryptoOperation_Destroy
|
|||
)
|
||||
{
|
||||
if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) {
|
||||
if ((void *) NULL != (void *)fwOperation->mdOperation->Destroy) {
|
||||
if (fwOperation->mdOperation->Destroy) {
|
||||
fwOperation->mdOperation->Destroy(
|
||||
fwOperation->mdOperation,
|
||||
fwOperation,
|
||||
|
@ -171,7 +171,7 @@ nssCKFWCryptoOperation_GetFinalLength
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->GetFinalLength) {
|
||||
if (!fwOperation->mdOperation->GetFinalLength) {
|
||||
*pError = CKR_FUNCTION_FAILED;
|
||||
return 0;
|
||||
}
|
||||
|
@ -198,7 +198,7 @@ nssCKFWCryptoOperation_GetOperationLength
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->GetOperationLength) {
|
||||
if (!fwOperation->mdOperation->GetOperationLength) {
|
||||
*pError = CKR_FUNCTION_FAILED;
|
||||
return 0;
|
||||
}
|
||||
|
@ -225,7 +225,7 @@ nssCKFWCryptoOperation_Final
|
|||
NSSItem *outputBuffer
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->Final) {
|
||||
if (!fwOperation->mdOperation->Final) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
return fwOperation->mdOperation->Final(
|
||||
|
@ -251,7 +251,7 @@ nssCKFWCryptoOperation_Update
|
|||
NSSItem *outputBuffer
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->Update) {
|
||||
if (!fwOperation->mdOperation->Update) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
return fwOperation->mdOperation->Update(
|
||||
|
@ -277,7 +277,7 @@ nssCKFWCryptoOperation_DigestUpdate
|
|||
NSSItem *inputBuffer
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->DigestUpdate) {
|
||||
if (!fwOperation->mdOperation->DigestUpdate) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
return fwOperation->mdOperation->DigestUpdate(
|
||||
|
@ -304,7 +304,7 @@ nssCKFWCryptoOperation_DigestKey
|
|||
{
|
||||
NSSCKMDObject *mdObject;
|
||||
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->DigestKey) {
|
||||
if (!fwOperation->mdOperation->DigestKey) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
mdObject = nssCKFWObject_GetMDObject(fwObject);
|
||||
|
@ -330,7 +330,7 @@ nssCKFWCryptoOperation_UpdateFinal
|
|||
NSSItem *outputBuffer
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->UpdateFinal) {
|
||||
if (!fwOperation->mdOperation->UpdateFinal) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
return fwOperation->mdOperation->UpdateFinal(
|
||||
|
@ -358,7 +358,7 @@ nssCKFWCryptoOperation_UpdateCombo
|
|||
NSSItem *outputBuffer
|
||||
)
|
||||
{
|
||||
if ((void *) NULL == (void *)fwOperation->mdOperation->UpdateCombo) {
|
||||
if (!fwOperation->mdOperation->UpdateCombo) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
return fwOperation->mdOperation->UpdateCombo(
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: find.c,v $ $Revision: 1.8 $ $Date: 2006/04/20 00:03:33 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: find.c,v $ $Revision: 1.9 $ $Date: 2009/02/09 07:55:52 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -147,7 +147,7 @@ nssCKFWFindObjects_Create
|
|||
mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
|
||||
|
||||
fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects);
|
||||
if( (NSSCKFWFindObjects *)NULL == fwFindObjects ) {
|
||||
if (!fwFindObjects) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -162,7 +162,7 @@ nssCKFWFindObjects_Create
|
|||
fwFindObjects->mdInstance = mdInstance;
|
||||
|
||||
fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError);
|
||||
if( (NSSCKFWMutex *)NULL == fwFindObjects->mutex ) {
|
||||
if (!fwFindObjects->mutex) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -222,8 +222,8 @@ nssCKFWFindObjects_Destroy
|
|||
|
||||
(void)nssCKFWMutex_Destroy(fwFindObjects->mutex);
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo1 ) {
|
||||
if( (void *)NULL != (void *)fwFindObjects->mdfo1->Final ) {
|
||||
if (fwFindObjects->mdfo1) {
|
||||
if (fwFindObjects->mdfo1->Final) {
|
||||
fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
|
||||
fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
|
||||
fwFindObjects->mdSession, fwFindObjects->fwSession,
|
||||
|
@ -232,8 +232,8 @@ nssCKFWFindObjects_Destroy
|
|||
}
|
||||
}
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo2 ) {
|
||||
if( (void *)NULL != (void *)fwFindObjects->mdfo2->Final ) {
|
||||
if (fwFindObjects->mdfo2) {
|
||||
if (fwFindObjects->mdfo2->Final) {
|
||||
fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
|
||||
fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
|
||||
fwFindObjects->mdSession, fwFindObjects->fwSession,
|
||||
|
@ -287,7 +287,7 @@ nssCKFWFindObjects_Next
|
|||
NSSArena *objArena;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -302,15 +302,15 @@ nssCKFWFindObjects_Next
|
|||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo1 ) {
|
||||
if( (void *)NULL != (void *)fwFindObjects->mdfo1->Next ) {
|
||||
if (fwFindObjects->mdfo1) {
|
||||
if (fwFindObjects->mdfo1->Next) {
|
||||
fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
|
||||
mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1,
|
||||
fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
|
||||
fwFindObjects->mdToken, fwFindObjects->fwToken,
|
||||
fwFindObjects->mdInstance, fwFindObjects->fwInstance,
|
||||
arenaOpt, pError);
|
||||
if( (NSSCKMDObject *)NULL == mdObject ) {
|
||||
if (!mdObject) {
|
||||
if( CKR_OK != *pError ) {
|
||||
goto done;
|
||||
}
|
||||
|
@ -327,15 +327,15 @@ nssCKFWFindObjects_Next
|
|||
}
|
||||
}
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo2 ) {
|
||||
if( (void *)NULL != (void *)fwFindObjects->mdfo2->Next ) {
|
||||
if (fwFindObjects->mdfo2) {
|
||||
if (fwFindObjects->mdfo2->Next) {
|
||||
fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
|
||||
mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2,
|
||||
fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
|
||||
fwFindObjects->mdToken, fwFindObjects->fwToken,
|
||||
fwFindObjects->mdInstance, fwFindObjects->fwInstance,
|
||||
arenaOpt, pError);
|
||||
if( (NSSCKMDObject *)NULL == mdObject ) {
|
||||
if (!mdObject) {
|
||||
if( CKR_OK != *pError ) {
|
||||
goto done;
|
||||
}
|
||||
|
@ -373,7 +373,7 @@ nssCKFWFindObjects_Next
|
|||
* but it depends on nssCKFWObject_Create caching all objects.
|
||||
*/
|
||||
objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError);
|
||||
if( (NSSArena *)NULL == objArena ) {
|
||||
if (!objArena) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
}
|
||||
|
@ -383,7 +383,7 @@ nssCKFWFindObjects_Next
|
|||
fwObject = nssCKFWObject_Create(objArena, mdObject,
|
||||
NULL, fwFindObjects->fwToken,
|
||||
fwFindObjects->fwInstance, pError);
|
||||
if( (NSSCKFWObject *)NULL == fwObject ) {
|
||||
if (!fwObject) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: hash.c,v $ $Revision: 1.3 $ $Date: 2005/01/20 02:25:45 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: hash.c,v $ $Revision: 1.4 $ $Date: 2009/02/09 07:55:52 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -104,7 +104,7 @@ nssCKFWHash_Create
|
|||
nssCKFWHash *rv;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (nssCKFWHash *)NULL;
|
||||
}
|
||||
|
||||
|
@ -115,13 +115,13 @@ nssCKFWHash_Create
|
|||
#endif /* NSSDEBUG */
|
||||
|
||||
rv = nss_ZNEW(arena, nssCKFWHash);
|
||||
if( (nssCKFWHash *)NULL == rv ) {
|
||||
if (!rv) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (nssCKFWHash *)NULL;
|
||||
}
|
||||
|
||||
rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
|
||||
if( (NSSCKFWMutex *)NULL == rv->mutex ) {
|
||||
if (!rv->mutex) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -130,7 +130,7 @@ nssCKFWHash_Create
|
|||
|
||||
rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
|
||||
PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
|
||||
if( (PLHashTable *)NULL == rv->plHashTable ) {
|
||||
if (!rv->plHashTable) {
|
||||
(void)nssCKFWMutex_Destroy(rv->mutex);
|
||||
(void)nss_ZFreeIf(rv);
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
|
@ -178,7 +178,7 @@ nssCKFWHash_Add
|
|||
}
|
||||
|
||||
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
|
||||
if( (PLHashEntry *)NULL == he ) {
|
||||
if (!he) {
|
||||
error = CKR_HOST_MEMORY;
|
||||
} else {
|
||||
hash->count++;
|
||||
|
@ -259,7 +259,7 @@ nssCKFWHash_Exists
|
|||
|
||||
(void)nssCKFWMutex_Unlock(hash->mutex);
|
||||
|
||||
if( (void *)NULL == value ) {
|
||||
if (!value) {
|
||||
return CK_FALSE;
|
||||
} else {
|
||||
return CK_TRUE;
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: instance.c,v $ $Revision: 1.11 $ $Date: 2006/10/09 22:16:59 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: instance.c,v $ $Revision: 1.12 $ $Date: 2009/02/09 07:55:52 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -208,20 +208,20 @@ nssCKFWInstance_Create
|
|||
return (NSSCKFWInstance *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKMDInstance *)NULL == mdInstance ) {
|
||||
if (!mdInstance) {
|
||||
*pError = CKR_ARGUMENTS_BAD;
|
||||
return (NSSCKFWInstance *)NULL;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
arena = NSSArena_Create();
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWInstance *)NULL;
|
||||
}
|
||||
|
||||
fwInstance = nss_ZNEW(arena, NSSCKFWInstance);
|
||||
if( (NSSCKFWInstance *)NULL == fwInstance ) {
|
||||
if (!fwInstance) {
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
|
@ -244,14 +244,14 @@ nssCKFWInstance_Create
|
|||
|
||||
fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena,
|
||||
pError);
|
||||
if( (NSSCKFWMutex *)NULL == fwInstance->mutex ) {
|
||||
if (!fwInstance->mutex) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)mdInstance->Initialize ) {
|
||||
if (mdInstance->Initialize) {
|
||||
*pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData);
|
||||
if( CKR_OK != *pError ) {
|
||||
goto loser;
|
||||
|
@ -260,14 +260,14 @@ nssCKFWInstance_Create
|
|||
called_Initialize = CK_TRUE;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)mdInstance->ModuleHandlesSessionObjects ) {
|
||||
if (mdInstance->ModuleHandlesSessionObjects) {
|
||||
fwInstance->moduleHandlesSessionObjects =
|
||||
mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
|
||||
} else {
|
||||
fwInstance->moduleHandlesSessionObjects = CK_FALSE;
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)mdInstance->GetNSlots ) {
|
||||
if (!mdInstance->GetNSlots) {
|
||||
/* That routine is required */
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
goto loser;
|
||||
|
@ -294,17 +294,17 @@ nssCKFWInstance_Create
|
|||
|
||||
fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance,
|
||||
fwInstance->arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwInstance->sessionHandleHash ) {
|
||||
if (!fwInstance->sessionHandleHash) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance,
|
||||
fwInstance->arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwInstance->objectHandleHash ) {
|
||||
if (!fwInstance->objectHandleHash) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)mdInstance->GetSlots ) {
|
||||
if (!mdInstance->GetSlots) {
|
||||
/* That routine is required */
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
goto loser;
|
||||
|
@ -318,7 +318,7 @@ nssCKFWInstance_Create
|
|||
for( i = 0; i < fwInstance->nSlots; i++ ) {
|
||||
NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i];
|
||||
|
||||
if( (NSSCKMDSlot *)NULL == mdSlot ) {
|
||||
if (!mdSlot) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -333,7 +333,7 @@ nssCKFWInstance_Create
|
|||
|
||||
for( j = i; j < fwInstance->nSlots; j++ ) {
|
||||
NSSCKMDSlot *mds = fwInstance->mdSlotList[j];
|
||||
if( (void *)NULL != (void *)mds->Destroy ) {
|
||||
if (mds->Destroy) {
|
||||
mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance);
|
||||
}
|
||||
}
|
||||
|
@ -362,7 +362,7 @@ nssCKFWInstance_Create
|
|||
loser:
|
||||
|
||||
if( CK_TRUE == called_Initialize ) {
|
||||
if( (void *)NULL != (void *)mdInstance->Finalize ) {
|
||||
if (mdInstance->Finalize) {
|
||||
mdInstance->Finalize(mdInstance, fwInstance);
|
||||
}
|
||||
}
|
||||
|
@ -401,7 +401,7 @@ nssCKFWInstance_Destroy
|
|||
(void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwInstance->mdInstance->Finalize ) {
|
||||
if (fwInstance->mdInstance->Finalize) {
|
||||
fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance);
|
||||
}
|
||||
|
||||
|
@ -452,7 +452,7 @@ nssCKFWInstance_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
@ -500,7 +500,7 @@ nssCKFWInstance_CreateMutex
|
|||
NSSCKFWMutex *mutex;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWMutex *)NULL;
|
||||
}
|
||||
|
||||
|
@ -512,7 +512,7 @@ nssCKFWInstance_CreateMutex
|
|||
|
||||
mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState,
|
||||
arena, pError);
|
||||
if( (NSSCKFWMutex *)NULL == mutex ) {
|
||||
if (!mutex) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -576,7 +576,7 @@ nssCKFWInstance_CreateSessionHandle
|
|||
CK_SESSION_HANDLE hSession;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_SESSION_HANDLE)0;
|
||||
}
|
||||
|
||||
|
@ -720,7 +720,7 @@ nssCKFWInstance_CreateObjectHandle
|
|||
CK_OBJECT_HANDLE hObject;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_OBJECT_HANDLE)0;
|
||||
}
|
||||
|
||||
|
@ -905,7 +905,7 @@ nssCKFWInstance_GetNSlots
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -949,7 +949,7 @@ nssCKFWInstance_GetCryptokiVersion
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwInstance->mdInstance->GetCryptokiVersion ) {
|
||||
if (fwInstance->mdInstance->GetCryptokiVersion) {
|
||||
fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
|
||||
fwInstance->mdInstance, fwInstance);
|
||||
} else {
|
||||
|
@ -993,11 +993,11 @@ nssCKFWInstance_GetManufacturerID
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwInstance->manufacturerID ) {
|
||||
if( (void *)NULL != (void *)fwInstance->mdInstance->GetManufacturerID ) {
|
||||
if (!fwInstance->manufacturerID) {
|
||||
if (fwInstance->mdInstance->GetManufacturerID) {
|
||||
fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID(
|
||||
fwInstance->mdInstance, fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwInstance->manufacturerID) && (CKR_OK != error) ) {
|
||||
if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -1062,11 +1062,11 @@ nssCKFWInstance_GetLibraryDescription
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwInstance->libraryDescription ) {
|
||||
if( (void *)NULL != (void *)fwInstance->mdInstance->GetLibraryDescription ) {
|
||||
if (!fwInstance->libraryDescription) {
|
||||
if (fwInstance->mdInstance->GetLibraryDescription) {
|
||||
fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription(
|
||||
fwInstance->mdInstance, fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwInstance->libraryDescription) && (CKR_OK != error) ) {
|
||||
if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -1112,7 +1112,7 @@ nssCKFWInstance_GetLibraryVersion
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwInstance->mdInstance->GetLibraryVersion ) {
|
||||
if (fwInstance->mdInstance->GetLibraryVersion) {
|
||||
fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
|
||||
fwInstance->mdInstance, fwInstance);
|
||||
} else {
|
||||
|
@ -1157,7 +1157,7 @@ nssCKFWInstance_GetSlots
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWSlot **)NULL;
|
||||
}
|
||||
|
||||
|
@ -1187,7 +1187,7 @@ nssCKFWInstance_WaitForSlotEvent
|
|||
CK_ULONG i, n;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1206,7 +1206,7 @@ nssCKFWInstance_WaitForSlotEvent
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwInstance->mdInstance->WaitForSlotEvent ) {
|
||||
if (!fwInstance->mdInstance->WaitForSlotEvent) {
|
||||
*pError = CKR_NO_EVENT;
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
@ -1218,7 +1218,7 @@ nssCKFWInstance_WaitForSlotEvent
|
|||
pError
|
||||
);
|
||||
|
||||
if( (NSSCKMDSlot *)NULL == mdSlot ) {
|
||||
if (!mdSlot) {
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1234,7 +1234,7 @@ nssCKFWInstance_WaitForSlotEvent
|
|||
}
|
||||
}
|
||||
|
||||
if( (NSSCKFWSlot *)NULL == fwSlot ) {
|
||||
if (!fwSlot) {
|
||||
/* Internal error */
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
|
@ -1274,7 +1274,7 @@ NSSCKFWInstance_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1319,7 +1319,7 @@ NSSCKFWInstance_CreateMutex
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWMutex *)NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mechanism.c,v $ $Revision: 1.5 $ $Date: 2007/12/12 00:50:58 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mechanism.c,v $ $Revision: 1.6 $ $Date: 2009/02/09 07:55:52 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -118,7 +118,7 @@ nssCKFWMechanism_Create
|
|||
|
||||
|
||||
fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
|
||||
if ((NSSCKFWMechanism *)NULL == fwMechanism) {
|
||||
if (!fwMechanism) {
|
||||
return (NSSCKFWMechanism *)NULL;
|
||||
}
|
||||
fwMechanism->mdMechanism = mdMechanism;
|
||||
|
@ -141,7 +141,7 @@ nssCKFWMechanism_Destroy
|
|||
{
|
||||
/* destroy any fw resources held by nssCKFWMechanism (currently none) */
|
||||
|
||||
if ((void *)NULL == (void *)fwMechanism->mdMechanism->Destroy) {
|
||||
if (!fwMechanism->mdMechanism->Destroy) {
|
||||
/* destroys it's parent as well */
|
||||
fwMechanism->mdMechanism->Destroy(
|
||||
fwMechanism->mdMechanism,
|
||||
|
@ -178,7 +178,7 @@ nssCKFWMechanism_GetMinKeySize
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GetMinKeySize) {
|
||||
if (!fwMechanism->mdMechanism->GetMinKeySize) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -198,7 +198,7 @@ nssCKFWMechanism_GetMaxKeySize
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GetMaxKeySize) {
|
||||
if (!fwMechanism->mdMechanism->GetMaxKeySize) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -218,7 +218,7 @@ nssCKFWMechanism_GetInHardware
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GetInHardware) {
|
||||
if (!fwMechanism->mdMechanism->GetInHardware) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -243,7 +243,7 @@ nssCKFWMechanism_GetCanEncrypt
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->EncryptInit) {
|
||||
if (!fwMechanism->mdMechanism->EncryptInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -260,7 +260,7 @@ nssCKFWMechanism_GetCanDecrypt
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DecryptInit) {
|
||||
if (!fwMechanism->mdMechanism->DecryptInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -277,7 +277,7 @@ nssCKFWMechanism_GetCanDigest
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DigestInit) {
|
||||
if (!fwMechanism->mdMechanism->DigestInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -294,7 +294,7 @@ nssCKFWMechanism_GetCanSign
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignInit) {
|
||||
if (!fwMechanism->mdMechanism->SignInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -311,7 +311,7 @@ nssCKFWMechanism_GetCanSignRecover
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignRecoverInit) {
|
||||
if (!fwMechanism->mdMechanism->SignRecoverInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -328,7 +328,7 @@ nssCKFWMechanism_GetCanVerify
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyInit) {
|
||||
if (!fwMechanism->mdMechanism->VerifyInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -345,7 +345,7 @@ nssCKFWMechanism_GetCanVerifyRecover
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyRecoverInit) {
|
||||
if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -362,7 +362,7 @@ nssCKFWMechanism_GetCanGenerate
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKey) {
|
||||
if (!fwMechanism->mdMechanism->GenerateKey) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -379,7 +379,7 @@ nssCKFWMechanism_GetCanGenerateKeyPair
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKeyPair) {
|
||||
if (!fwMechanism->mdMechanism->GenerateKeyPair) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -396,7 +396,7 @@ nssCKFWMechanism_GetCanUnwrap
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->UnwrapKey) {
|
||||
if (!fwMechanism->mdMechanism->UnwrapKey) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -413,7 +413,7 @@ nssCKFWMechanism_GetCanWrap
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->WrapKey) {
|
||||
if (!fwMechanism->mdMechanism->WrapKey) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -430,7 +430,7 @@ nssCKFWMechanism_GetCanDerive
|
|||
CK_RV *pError
|
||||
)
|
||||
{
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DeriveKey) {
|
||||
if (!fwMechanism->mdMechanism->DeriveKey) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
return CK_TRUE;
|
||||
|
@ -462,11 +462,11 @@ nssCKFWMechanism_EncryptInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_EncryptDecrypt);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->EncryptInit) {
|
||||
if (!fwMechanism->mdMechanism->EncryptInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -486,7 +486,7 @@ nssCKFWMechanism_EncryptInit
|
|||
fwObject,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -494,7 +494,7 @@ nssCKFWMechanism_EncryptInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_Encrypt, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_EncryptDecrypt);
|
||||
}
|
||||
|
@ -525,11 +525,11 @@ nssCKFWMechanism_DecryptInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_EncryptDecrypt);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DecryptInit) {
|
||||
if (!fwMechanism->mdMechanism->DecryptInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -549,7 +549,7 @@ nssCKFWMechanism_DecryptInit
|
|||
fwObject,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -557,7 +557,7 @@ nssCKFWMechanism_DecryptInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_Decrypt, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_EncryptDecrypt);
|
||||
}
|
||||
|
@ -586,11 +586,11 @@ nssCKFWMechanism_DigestInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_Digest);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DigestInit) {
|
||||
if (!fwMechanism->mdMechanism->DigestInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -607,7 +607,7 @@ nssCKFWMechanism_DigestInit
|
|||
fwMechanism->fwInstance,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -615,7 +615,7 @@ nssCKFWMechanism_DigestInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_Digest, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_Digest);
|
||||
}
|
||||
|
@ -646,11 +646,11 @@ nssCKFWMechanism_SignInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignInit) {
|
||||
if (!fwMechanism->mdMechanism->SignInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -670,7 +670,7 @@ nssCKFWMechanism_SignInit
|
|||
fwObject,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -678,7 +678,7 @@ nssCKFWMechanism_SignInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_Sign, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
}
|
||||
|
@ -709,11 +709,11 @@ nssCKFWMechanism_VerifyInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyInit) {
|
||||
if (!fwMechanism->mdMechanism->VerifyInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -733,7 +733,7 @@ nssCKFWMechanism_VerifyInit
|
|||
fwObject,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -741,7 +741,7 @@ nssCKFWMechanism_VerifyInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_Verify, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
}
|
||||
|
@ -772,11 +772,11 @@ nssCKFWMechanism_SignRecoverInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignRecoverInit) {
|
||||
if (!fwMechanism->mdMechanism->SignRecoverInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -796,7 +796,7 @@ nssCKFWMechanism_SignRecoverInit
|
|||
fwObject,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -804,7 +804,7 @@ nssCKFWMechanism_SignRecoverInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_SignRecover, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
}
|
||||
|
@ -835,11 +835,11 @@ nssCKFWMechanism_VerifyRecoverInit
|
|||
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyRecoverInit) {
|
||||
if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -859,7 +859,7 @@ nssCKFWMechanism_VerifyRecoverInit
|
|||
fwObject,
|
||||
&error
|
||||
);
|
||||
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
|
||||
if (!mdOperation) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -867,7 +867,7 @@ nssCKFWMechanism_VerifyRecoverInit
|
|||
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
|
||||
fwMechanism->mdInstance, fwMechanism->fwInstance,
|
||||
NSSCKFWCryptoOperationType_VerifyRecover, &error);
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
|
||||
if (fwOperation) {
|
||||
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
|
||||
NSSCKFWCryptoOperationState_SignVerify);
|
||||
}
|
||||
|
@ -895,13 +895,13 @@ nssCKFWMechanism_GenerateKey
|
|||
NSSCKFWObject *fwObject = NULL;
|
||||
NSSArena *arena;
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKey) {
|
||||
if (!fwMechanism->mdMechanism->GenerateKey) {
|
||||
*pError = CKR_FUNCTION_FAILED;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
|
||||
if ((NSSArena *)NULL == arena) {
|
||||
if (!arena) {
|
||||
if (CKR_OK == *pError) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -923,7 +923,7 @@ nssCKFWMechanism_GenerateKey
|
|||
ulAttributeCount,
|
||||
pError);
|
||||
|
||||
if ((NSSCKMDObject *)NULL == mdObject) {
|
||||
if (!mdObject) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -956,12 +956,12 @@ nssCKFWMechanism_GenerateKeyPair
|
|||
NSSArena *arena;
|
||||
CK_RV error = CKR_OK;
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKey) {
|
||||
if (!fwMechanism->mdMechanism->GenerateKey) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
|
||||
if ((NSSArena *)NULL == arena) {
|
||||
if (!arena) {
|
||||
if (CKR_OK == error) {
|
||||
error = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -992,7 +992,7 @@ nssCKFWMechanism_GenerateKeyPair
|
|||
|
||||
*fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
|
||||
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
|
||||
if ((NSSCKFWObject *)NULL == *fwPublicKeyObject) {
|
||||
if (!*fwPublicKeyObject) {
|
||||
return error;
|
||||
}
|
||||
*fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
|
||||
|
@ -1019,7 +1019,7 @@ nssCKFWMechanism_GetWrapKeyLength
|
|||
NSSCKMDObject *mdWrappingKeyObject;
|
||||
NSSCKMDObject *mdKeyObject;
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->WrapKey) {
|
||||
if (!fwMechanism->mdMechanism->WrapKey) {
|
||||
*pError = CKR_FUNCTION_FAILED;
|
||||
return (CK_ULONG) 0;
|
||||
}
|
||||
|
@ -1062,7 +1062,7 @@ nssCKFWMechanism_WrapKey
|
|||
NSSCKMDObject *mdWrappingKeyObject;
|
||||
NSSCKMDObject *mdKeyObject;
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->WrapKey) {
|
||||
if (!fwMechanism->mdMechanism->WrapKey) {
|
||||
return CKR_FUNCTION_FAILED;
|
||||
}
|
||||
|
||||
|
@ -1108,7 +1108,7 @@ nssCKFWMechanism_UnwrapKey
|
|||
NSSCKFWObject *fwObject = NULL;
|
||||
NSSArena *arena;
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->UnwrapKey) {
|
||||
if (!fwMechanism->mdMechanism->UnwrapKey) {
|
||||
/* we could simulate UnwrapKey using Decrypt and Create object, but
|
||||
* 1) it's not clear that would work well, and 2) the low level token
|
||||
* may want to restrict unwrap key for a reason, so just fail it it
|
||||
|
@ -1118,7 +1118,7 @@ nssCKFWMechanism_UnwrapKey
|
|||
}
|
||||
|
||||
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
|
||||
if ((NSSArena *)NULL == arena) {
|
||||
if (!arena) {
|
||||
if (CKR_OK == *pError) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1144,7 +1144,7 @@ nssCKFWMechanism_UnwrapKey
|
|||
ulAttributeCount,
|
||||
pError);
|
||||
|
||||
if ((NSSCKMDObject *)NULL == mdObject) {
|
||||
if (!mdObject) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1175,13 +1175,13 @@ nssCKFWMechanism_DeriveKey
|
|||
NSSCKFWObject *fwObject = NULL;
|
||||
NSSArena *arena;
|
||||
|
||||
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DeriveKey) {
|
||||
if (!fwMechanism->mdMechanism->DeriveKey) {
|
||||
*pError = CKR_FUNCTION_FAILED;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
|
||||
if ((NSSArena *)NULL == arena) {
|
||||
if (!arena) {
|
||||
if (CKR_OK == *pError) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1206,7 +1206,7 @@ nssCKFWMechanism_DeriveKey
|
|||
ulAttributeCount,
|
||||
pError);
|
||||
|
||||
if ((NSSCKMDObject *)NULL == mdObject) {
|
||||
if (!mdObject) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mutex.c,v $ $Revision: 1.8 $ $Date: 2008/06/06 01:15:32 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: mutex.c,v $ $Revision: 1.9 $ $Date: 2009/02/09 07:55:52 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -127,7 +127,7 @@ nssCKFWMutex_Create
|
|||
NSSCKFWMutex *mutex;
|
||||
|
||||
mutex = nss_ZNEW(arena, NSSCKFWMutex);
|
||||
if( (NSSCKFWMutex *)NULL == mutex ) {
|
||||
if (!mutex) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWMutex *)NULL;
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: object.c,v $ $Revision: 1.15 $ $Date: 2007/12/12 00:41:37 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: object.c,v $ $Revision: 1.16 $ $Date: 2009/02/09 07:55:53 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -159,7 +159,7 @@ nssCKFWObject_Create
|
|||
nssCKFWHash *mdObjectHash;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -169,12 +169,12 @@ nssCKFWObject_Create
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (NSSCKFWToken *)NULL == fwToken ) {
|
||||
if (!fwToken) {
|
||||
*pError = CKR_ARGUMENTS_BAD;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
|
||||
if( (nssCKFWHash *)NULL == mdObjectHash ) {
|
||||
if (!mdObjectHash) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -185,7 +185,7 @@ nssCKFWObject_Create
|
|||
}
|
||||
|
||||
fwObject = nss_ZNEW(arena, NSSCKFWObject);
|
||||
if( (NSSCKFWObject *)NULL == fwObject ) {
|
||||
if (!fwObject) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -194,7 +194,7 @@ nssCKFWObject_Create
|
|||
fwObject->mdObject = mdObject;
|
||||
fwObject->fwSession = fwSession;
|
||||
|
||||
if( (NSSCKFWSession *)NULL != fwSession ) {
|
||||
if (fwSession) {
|
||||
fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
|
||||
}
|
||||
|
||||
|
@ -203,7 +203,7 @@ nssCKFWObject_Create
|
|||
fwObject->fwInstance = fwInstance;
|
||||
fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
|
||||
fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
|
||||
if( (NSSCKFWMutex *)NULL == fwObject->mutex ) {
|
||||
if (!fwObject->mutex) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -250,7 +250,7 @@ nssCKFWObject_Finalize
|
|||
|
||||
(void)nssCKFWMutex_Destroy(fwObject->mutex);
|
||||
|
||||
if( (void *)NULL != (void *)fwObject->mdObject->Finalize ) {
|
||||
if (fwObject->mdObject->Finalize) {
|
||||
fwObject->mdObject->Finalize(fwObject->mdObject, fwObject,
|
||||
fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
|
||||
fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
|
||||
|
@ -258,7 +258,7 @@ nssCKFWObject_Finalize
|
|||
|
||||
if (removeFromHash) {
|
||||
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
|
||||
if( (nssCKFWHash *)NULL != mdObjectHash ) {
|
||||
if (mdObjectHash) {
|
||||
nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
|
||||
}
|
||||
}
|
||||
|
@ -295,14 +295,14 @@ nssCKFWObject_Destroy
|
|||
|
||||
(void)nssCKFWMutex_Destroy(fwObject->mutex);
|
||||
|
||||
if( (void *)NULL != (void *)fwObject->mdObject->Destroy ) {
|
||||
if (fwObject->mdObject->Destroy) {
|
||||
fwObject->mdObject->Destroy(fwObject->mdObject, fwObject,
|
||||
fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
|
||||
fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
|
||||
}
|
||||
|
||||
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
|
||||
if( (nssCKFWHash *)NULL != mdObjectHash ) {
|
||||
if (mdObjectHash) {
|
||||
nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
|
||||
}
|
||||
|
||||
|
@ -349,7 +349,7 @@ nssCKFWObject_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
@ -430,7 +430,7 @@ nssCKFWObject_IsTokenObject
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->IsTokenObject ) {
|
||||
if (!fwObject->mdObject->IsTokenObject) {
|
||||
NSSItem item;
|
||||
NSSItem *pItem;
|
||||
CK_RV rv = CKR_OK;
|
||||
|
@ -440,7 +440,7 @@ nssCKFWObject_IsTokenObject
|
|||
|
||||
pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item,
|
||||
(NSSArena *)NULL, &rv);
|
||||
if( (NSSItem *)NULL == pItem ) {
|
||||
if (!pItem) {
|
||||
/* Error of some type */
|
||||
b = CK_FALSE;
|
||||
goto done;
|
||||
|
@ -471,7 +471,7 @@ nssCKFWObject_GetAttributeCount
|
|||
CK_ULONG rv;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -481,7 +481,7 @@ nssCKFWObject_GetAttributeCount
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeCount ) {
|
||||
if (!fwObject->mdObject->GetAttributeCount) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
@ -525,7 +525,7 @@ nssCKFWObject_GetAttributeTypes
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeTypes ) {
|
||||
if (!fwObject->mdObject->GetAttributeTypes) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
||||
|
@ -558,7 +558,7 @@ nssCKFWObject_GetAttributeSize
|
|||
CK_ULONG rv;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -568,7 +568,7 @@ nssCKFWObject_GetAttributeSize
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeSize ) {
|
||||
if (!fwObject->mdObject->GetAttributeSize) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (CK_ULONG )0;
|
||||
}
|
||||
|
@ -611,7 +611,7 @@ nssCKFWObject_GetAttribute
|
|||
NSSCKFWItem mdItem;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSItem *)NULL;
|
||||
}
|
||||
|
||||
|
@ -621,7 +621,7 @@ nssCKFWObject_GetAttribute
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->GetAttribute ) {
|
||||
if (!fwObject->mdObject->GetAttribute) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSItem *)NULL;
|
||||
}
|
||||
|
@ -636,7 +636,7 @@ nssCKFWObject_GetAttribute
|
|||
fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
|
||||
attribute, pError);
|
||||
|
||||
if( (NSSItem *)NULL == mdItem.item ) {
|
||||
if (!mdItem.item) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -644,9 +644,9 @@ nssCKFWObject_GetAttribute
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == itemOpt ) {
|
||||
if (!itemOpt) {
|
||||
rv = nss_ZNEW(arenaOpt, NSSItem);
|
||||
if( (NSSItem *)NULL == rv ) {
|
||||
if (!rv) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
@ -654,12 +654,12 @@ nssCKFWObject_GetAttribute
|
|||
rv = itemOpt;
|
||||
}
|
||||
|
||||
if( (void *)NULL == rv->data ) {
|
||||
if (!rv->data) {
|
||||
rv->size = mdItem.item->size;
|
||||
rv->data = nss_ZAlloc(arenaOpt, rv->size);
|
||||
if( (void *)NULL == rv->data ) {
|
||||
if (!rv->data) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
if( (NSSItem *)NULL == itemOpt ) {
|
||||
if (!itemOpt) {
|
||||
nss_ZFreeIf(rv);
|
||||
}
|
||||
rv = (NSSItem *)NULL;
|
||||
|
@ -729,7 +729,7 @@ nssCKFWObject_SetAttribute
|
|||
|
||||
newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject,
|
||||
&a, 1, &error);
|
||||
if( (NSSCKFWObject *)NULL == newFwObject ) {
|
||||
if (!newFwObject) {
|
||||
if( CKR_OK == error ) {
|
||||
error = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -799,7 +799,7 @@ nssCKFWObject_SetAttribute
|
|||
/*
|
||||
* An "ordinary" change.
|
||||
*/
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->SetAttribute ) {
|
||||
if (!fwObject->mdObject->SetAttribute) {
|
||||
/* We could fake it with copying, like above.. later */
|
||||
return CKR_ATTRIBUTE_READ_ONLY;
|
||||
}
|
||||
|
@ -834,7 +834,7 @@ nssCKFWObject_GetObjectSize
|
|||
CK_ULONG rv;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -844,7 +844,7 @@ nssCKFWObject_GetObjectSize
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwObject->mdObject->GetObjectSize ) {
|
||||
if (!fwObject->mdObject->GetObjectSize) {
|
||||
*pError = CKR_INFORMATION_SENSITIVE;
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
@ -894,7 +894,7 @@ NSSCKFWObject_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
@ -938,7 +938,7 @@ NSSCKFWObject_GetAttributeCount
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -992,7 +992,7 @@ NSSCKFWObject_GetAttributeSize
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -1020,7 +1020,7 @@ NSSCKFWObject_GetAttribute
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSItem *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1045,7 +1045,7 @@ NSSCKFWObject_GetObjectSize
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: session.c,v $ $Revision: 1.12 $ $Date: 2007/10/06 01:41:28 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: session.c,v $ $Revision: 1.13 $ $Date: 2009/02/09 07:55:53 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -179,7 +179,7 @@ nssCKFWSession_Create
|
|||
NSSCKFWSlot *fwSlot;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWSession *)NULL;
|
||||
}
|
||||
|
||||
|
@ -190,13 +190,13 @@ nssCKFWSession_Create
|
|||
#endif /* NSSDEBUG */
|
||||
|
||||
arena = NSSArena_Create();
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWSession *)NULL;
|
||||
}
|
||||
|
||||
fwSession = nss_ZNEW(arena, NSSCKFWSession);
|
||||
if( (NSSCKFWSession *)NULL == fwSession ) {
|
||||
if (!fwSession) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -217,7 +217,7 @@ nssCKFWSession_Create
|
|||
fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
|
||||
|
||||
fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwSession->sessionObjectHash ) {
|
||||
if (!fwSession->sessionObjectHash) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -234,8 +234,8 @@ nssCKFWSession_Create
|
|||
return fwSession;
|
||||
|
||||
loser:
|
||||
if( (NSSArena *)NULL != arena ) {
|
||||
if( fwSession && (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
|
||||
if (arena) {
|
||||
if (fwSession && fwSession->sessionObjectHash) {
|
||||
(void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
|
||||
}
|
||||
NSSArena_Destroy(arena);
|
||||
|
@ -294,7 +294,7 @@ nssCKFWSession_Destroy
|
|||
(void *)NULL);
|
||||
|
||||
for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) {
|
||||
if ((NSSCKFWCryptoOperation *)NULL != fwSession->fwOperationArray[i]) {
|
||||
if (fwSession->fwOperationArray[i]) {
|
||||
nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
|
||||
}
|
||||
}
|
||||
|
@ -339,7 +339,7 @@ nssCKFWSession_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
@ -500,8 +500,8 @@ nssCKFWSession_SetFWFindObjects
|
|||
/* fwFindObjects may be null */
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( ((NSSCKFWFindObjects *)NULL != fwSession->fwFindObjects) &&
|
||||
((NSSCKFWFindObjects *)NULL != fwFindObjects) ) {
|
||||
if ((fwSession->fwFindObjects) &&
|
||||
(fwFindObjects)) {
|
||||
return CKR_OPERATION_ACTIVE;
|
||||
}
|
||||
|
||||
|
@ -522,7 +522,7 @@ nssCKFWSession_GetFWFindObjects
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWFindObjects *)NULL;
|
||||
}
|
||||
|
||||
|
@ -532,7 +532,7 @@ nssCKFWSession_GetFWFindObjects
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (NSSCKFWFindObjects *)NULL == fwSession->fwFindObjects ) {
|
||||
if (!fwSession->fwFindObjects) {
|
||||
*pError = CKR_OPERATION_NOT_INITIALIZED;
|
||||
return (NSSCKFWFindObjects *)NULL;
|
||||
}
|
||||
|
@ -561,12 +561,12 @@ nssCKFWSession_SetMDSession
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == mdSession ) {
|
||||
if (!mdSession) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (NSSCKMDSession *)NULL != fwSession->mdSession ) {
|
||||
if (fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
||||
|
@ -644,7 +644,7 @@ nssCKFWSession_RegisterSessionObject
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
|
||||
if (fwSession->sessionObjectHash) {
|
||||
rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
|
||||
}
|
||||
|
||||
|
@ -668,7 +668,7 @@ nssCKFWSession_DeregisterSessionObject
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
|
||||
if (fwSession->sessionObjectHash) {
|
||||
nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
|
||||
}
|
||||
|
||||
|
@ -690,12 +690,12 @@ nssCKFWSession_GetDeviceError
|
|||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->GetDeviceError ) {
|
||||
if (!fwSession->mdSession->GetDeviceError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -734,13 +734,13 @@ nssCKFWSession_Login
|
|||
return CKR_USER_TYPE_INVALID;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == pin ) {
|
||||
if (!pin) {
|
||||
if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -802,7 +802,7 @@ nssCKFWSession_Login
|
|||
* Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
|
||||
*/
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->Login ) {
|
||||
if (!fwSession->mdSession->Login) {
|
||||
/*
|
||||
* The Module doesn't want to be informed (or check the pin)
|
||||
* it'll just rely on the Framework as needed.
|
||||
|
@ -841,7 +841,7 @@ nssCKFWSession_Logout
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -874,7 +874,7 @@ nssCKFWSession_Logout
|
|||
* Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
|
||||
*/
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->Logout ) {
|
||||
if (!fwSession->mdSession->Logout) {
|
||||
/*
|
||||
* The Module doesn't want to be informed. Okay.
|
||||
*/
|
||||
|
@ -916,7 +916,7 @@ nssCKFWSession_InitPIN
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -926,14 +926,14 @@ nssCKFWSession_InitPIN
|
|||
return CKR_USER_NOT_LOGGED_IN;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == pin ) {
|
||||
if (!pin) {
|
||||
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
||||
if( CK_TRUE != has ) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->InitPIN ) {
|
||||
if (!fwSession->mdSession->InitPIN) {
|
||||
return CKR_TOKEN_WRITE_PROTECTED;
|
||||
}
|
||||
|
||||
|
@ -964,26 +964,26 @@ nssCKFWSession_SetPIN
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (NSSItem *)NULL == newPin ) {
|
||||
if (!newPin) {
|
||||
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
||||
if( CK_TRUE != has ) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == oldPin ) {
|
||||
if (!oldPin) {
|
||||
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
|
||||
if( CK_TRUE != has ) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->SetPIN ) {
|
||||
if (!fwSession->mdSession->SetPIN) {
|
||||
return CKR_TOKEN_WRITE_PROTECTED;
|
||||
}
|
||||
|
||||
|
@ -1009,7 +1009,7 @@ nssCKFWSession_GetOperationStateLen
|
|||
CK_ULONG fwAmt;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
|
@ -1018,13 +1018,13 @@ nssCKFWSession_GetOperationStateLen
|
|||
return (CK_ULONG)0;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->GetOperationStateLen ) {
|
||||
if (!fwSession->mdSession->GetOperationStateLen) {
|
||||
*pError = CKR_STATE_UNSAVEABLE;
|
||||
return (CK_ULONG)0;
|
||||
}
|
||||
|
@ -1072,20 +1072,20 @@ nssCKFWSession_GetOperationState
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == buffer ) {
|
||||
if (!buffer) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (void *)NULL == buffer->data ) {
|
||||
if (!buffer->data) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->GetOperationState ) {
|
||||
if (!fwSession->mdSession->GetOperationState) {
|
||||
return CKR_STATE_UNSAVEABLE;
|
||||
}
|
||||
|
||||
|
@ -1159,29 +1159,29 @@ nssCKFWSession_SetOperationState
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == state ) {
|
||||
if (!state) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (void *)NULL == state->data ) {
|
||||
if (!state->data) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (NSSCKFWObject *)NULL != encryptionKey ) {
|
||||
if (encryptionKey) {
|
||||
error = nssCKFWObject_verifyPointer(encryptionKey);
|
||||
if( CKR_OK != error ) {
|
||||
return error;
|
||||
}
|
||||
}
|
||||
|
||||
if( (NSSCKFWObject *)NULL != authenticationKey ) {
|
||||
if (authenticationKey) {
|
||||
error = nssCKFWObject_verifyPointer(authenticationKey);
|
||||
if( CKR_OK != error ) {
|
||||
return error;
|
||||
}
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -1200,20 +1200,20 @@ nssCKFWSession_SetOperationState
|
|||
return CKR_SAVED_STATE_INVALID;
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->SetOperationState ) {
|
||||
if (!fwSession->mdSession->SetOperationState) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
||||
s.size = state->size - 2*sizeof(CK_ULONG);
|
||||
s.data = (void *)&ulBuffer[2];
|
||||
|
||||
if( (NSSCKFWObject *)NULL != encryptionKey ) {
|
||||
if (encryptionKey) {
|
||||
mdek = nssCKFWObject_GetMDObject(encryptionKey);
|
||||
} else {
|
||||
mdek = (NSSCKMDObject *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKFWObject *)NULL != authenticationKey ) {
|
||||
if (authenticationKey) {
|
||||
mdak = nssCKFWObject_GetMDObject(authenticationKey);
|
||||
} else {
|
||||
mdak = (NSSCKMDObject *)NULL;
|
||||
|
@ -1278,7 +1278,7 @@ nssCKFWSession_CreateObject
|
|||
CK_BBOOL isTokenObject;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1292,7 +1292,7 @@ nssCKFWSession_CreateObject
|
|||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -1306,13 +1306,13 @@ nssCKFWSession_CreateObject
|
|||
if( CK_TRUE == isTokenObject ) {
|
||||
/* === TOKEN OBJECT === */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) {
|
||||
if (!fwSession->mdSession->CreateObject) {
|
||||
*pError = CKR_TOKEN_WRITE_PROTECTED;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1324,7 +1324,7 @@ nssCKFWSession_CreateObject
|
|||
/* === SESSION OBJECT === */
|
||||
|
||||
arena = nssCKFWSession_GetArena(fwSession, pError);
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1335,7 +1335,7 @@ nssCKFWSession_CreateObject
|
|||
fwSession->fwInstance) ) {
|
||||
/* --- module handles the session object -- */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) {
|
||||
if (!fwSession->mdSession->CreateObject) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -1356,7 +1356,7 @@ nssCKFWSession_CreateObject
|
|||
ulAttributeCount, pError);
|
||||
|
||||
gotmdobject:
|
||||
if( (NSSCKMDObject *)NULL == mdObject ) {
|
||||
if (!mdObject) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1366,12 +1366,12 @@ nssCKFWSession_CreateObject
|
|||
fwObject = nssCKFWObject_Create(arena, mdObject,
|
||||
isTokenObject ? NULL : fwSession,
|
||||
fwSession->fwToken, fwSession->fwInstance, pError);
|
||||
if( (NSSCKFWObject *)NULL == fwObject ) {
|
||||
if (!fwObject) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)mdObject->Destroy ) {
|
||||
if (mdObject->Destroy) {
|
||||
(void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
|
||||
fwSession->mdSession, fwSession, fwSession->mdToken,
|
||||
fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
|
||||
|
@ -1413,7 +1413,7 @@ nssCKFWSession_CopyObject
|
|||
NSSCKFWObject *rv;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1427,7 +1427,7 @@ nssCKFWSession_CopyObject
|
|||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -1437,7 +1437,7 @@ nssCKFWSession_CopyObject
|
|||
* Sanity-check object
|
||||
*/
|
||||
|
||||
if( (NSSCKFWObject *)NULL == fwObject ) {
|
||||
if (!fwObject) {
|
||||
*pError = CKR_ARGUMENTS_BAD;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -1458,7 +1458,7 @@ nssCKFWSession_CopyObject
|
|||
* and old object are token objects, use CopyObject if it exists.
|
||||
*/
|
||||
|
||||
if( ((void *)NULL != (void *)fwSession->mdSession->CopyObject) &&
|
||||
if ((fwSession->mdSession->CopyObject) &&
|
||||
(((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
|
||||
(CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
|
||||
fwSession->fwInstance))) ) {
|
||||
|
@ -1474,7 +1474,7 @@ nssCKFWSession_CopyObject
|
|||
} else {
|
||||
arena = nssCKFWSession_GetArena(fwSession, pError);
|
||||
}
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1485,7 +1485,7 @@ nssCKFWSession_CopyObject
|
|||
fwSession, fwSession->mdToken, fwSession->fwToken,
|
||||
fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
|
||||
fwObject, arena, pTemplate, ulAttributeCount, pError);
|
||||
if( (NSSCKMDObject *)NULL == mdObject ) {
|
||||
if (!mdObject) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1516,7 +1516,7 @@ nssCKFWSession_CopyObject
|
|||
NSSCKFWObject *rv;
|
||||
|
||||
tmpArena = NSSArena_Create();
|
||||
if( (NSSArena *)NULL == tmpArena ) {
|
||||
if (!tmpArena) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWObject *)NULL;
|
||||
}
|
||||
|
@ -1587,7 +1587,7 @@ nssCKFWSession_CopyObject
|
|||
item.data = (void *)NULL;
|
||||
it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
|
||||
&item, tmpArena, pError);
|
||||
if( (NSSItem *)NULL == it ) {
|
||||
if (!it) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1603,7 +1603,7 @@ nssCKFWSession_CopyObject
|
|||
/* assert that k == newLength */
|
||||
|
||||
rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
|
||||
if( (NSSCKFWObject *)NULL == rv ) {
|
||||
if (!rv) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1633,7 +1633,7 @@ nssCKFWSession_FindObjectsInit
|
|||
NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWFindObjects *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1647,7 +1647,7 @@ nssCKFWSession_FindObjectsInit
|
|||
return (NSSCKFWFindObjects *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWFindObjects *)NULL;
|
||||
}
|
||||
|
@ -1674,7 +1674,7 @@ nssCKFWSession_FindObjectsInit
|
|||
|
||||
if( CK_TRUE == isToken ) {
|
||||
/* Pass it on to the module's search routine */
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->FindObjectsInit ) {
|
||||
if (!fwSession->mdSession->FindObjectsInit) {
|
||||
goto wrap;
|
||||
}
|
||||
|
||||
|
@ -1688,7 +1688,7 @@ nssCKFWSession_FindObjectsInit
|
|||
pTemplate, ulAttributeCount, pError);
|
||||
}
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
|
||||
if (!mdfo1) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1706,7 +1706,7 @@ nssCKFWSession_FindObjectsInit
|
|||
fwSession->mdInstance, fwSession->fwInstance,
|
||||
pTemplate, ulAttributeCount, pError);
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
|
||||
if (!mdfo1) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1715,11 +1715,11 @@ nssCKFWSession_FindObjectsInit
|
|||
|
||||
mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
|
||||
pTemplate, ulAttributeCount, pError);
|
||||
if( (NSSCKMDFindObjects *)NULL == mdfo2 ) {
|
||||
if (!mdfo2) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
if( (void *)NULL != (void *)mdfo1->Final ) {
|
||||
if (mdfo1->Final) {
|
||||
mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
|
||||
fwSession, fwSession->mdToken, fwSession->fwToken,
|
||||
fwSession->mdInstance, fwSession->fwInstance);
|
||||
|
@ -1737,7 +1737,7 @@ nssCKFWSession_FindObjectsInit
|
|||
fwSession->mdInstance, fwSession->fwInstance,
|
||||
pTemplate, ulAttributeCount, pError);
|
||||
|
||||
if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
|
||||
if (!mdfo1) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1771,11 +1771,11 @@ nssCKFWSession_SeedRandom
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == seed ) {
|
||||
if (!seed) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (void *)NULL == seed->data ) {
|
||||
if (!seed->data) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
|
@ -1783,12 +1783,12 @@ nssCKFWSession_SeedRandom
|
|||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->SeedRandom ) {
|
||||
if (!fwSession->mdSession->SeedRandom) {
|
||||
return CKR_RANDOM_SEED_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
|
@ -1818,20 +1818,20 @@ nssCKFWSession_GetRandom
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == buffer ) {
|
||||
if (!buffer) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (void *)NULL == buffer->data ) {
|
||||
if (!buffer->data) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSession->mdSession->GetRandom ) {
|
||||
if (!fwSession->mdSession->GetRandom) {
|
||||
if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
} else {
|
||||
|
@ -1873,7 +1873,7 @@ nssCKFWSession_SetCurrentCryptoOperation
|
|||
return;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -1902,7 +1902,7 @@ nssCKFWSession_GetCurrentCryptoOperation
|
|||
return (NSSCKFWCryptoOperation *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return (NSSCKFWCryptoOperation *)NULL;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -1932,14 +1932,14 @@ nssCKFWSession_Final
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
/* make sure we have a valid operation initialized */
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2012,14 +2012,14 @@ nssCKFWSession_Update
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
/* make sure we have a valid operation initialized */
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2077,14 +2077,14 @@ nssCKFWSession_DigestUpdate
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
/* make sure we have a valid operation initialized */
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2121,7 +2121,7 @@ nssCKFWSession_DigestKey
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -2129,7 +2129,7 @@ nssCKFWSession_DigestKey
|
|||
/* make sure we have a valid operation initialized */
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_Digest);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2146,7 +2146,7 @@ nssCKFWSession_DigestKey
|
|||
|
||||
/* no machine depended way for this to happen, do it by hand */
|
||||
inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
|
||||
if ((NSSItem *)NULL == inputBuffer) {
|
||||
if (!inputBuffer) {
|
||||
/* couldn't get the value, just fail then */
|
||||
return error;
|
||||
}
|
||||
|
@ -2182,14 +2182,14 @@ nssCKFWSession_UpdateFinal
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
/* make sure we have a valid operation initialized */
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2289,7 +2289,7 @@ nssCKFWSession_UpdateCombo
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
|
||||
if (!fwSession->mdSession) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
@ -2297,7 +2297,7 @@ nssCKFWSession_UpdateCombo
|
|||
/* make sure we have a valid operation initialized */
|
||||
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
NSSCKFWCryptoOperationState_EncryptDecrypt);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
|
||||
if (!fwOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2308,7 +2308,7 @@ nssCKFWSession_UpdateCombo
|
|||
/* make sure we have a valid operation initialized */
|
||||
fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
|
||||
digestState);
|
||||
if ((NSSCKFWCryptoOperation *)NULL == fwPeerOperation) {
|
||||
if (!fwPeerOperation) {
|
||||
return CKR_OPERATION_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
|
@ -2397,7 +2397,7 @@ NSSCKFWSession_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: sessobj.c,v $ $Revision: 1.13 $ $Date: 2007/01/05 00:23:14 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: sessobj.c,v $ $Revision: 1.14 $ $Date: 2009/02/09 07:55:53 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -271,14 +271,14 @@ nssCKMDSessionObject_Create
|
|||
*pError = CKR_OK;
|
||||
|
||||
mdso = nss_ZNEW(arena, nssCKMDSessionObject);
|
||||
if( (nssCKMDSessionObject *)NULL == mdso ) {
|
||||
if (!mdso) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
mdso->arena = arena;
|
||||
mdso->n = ulCount;
|
||||
mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount);
|
||||
if( (NSSItem *)NULL == mdso->attributes ) {
|
||||
if (!mdso->attributes) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -290,7 +290,7 @@ nssCKMDSessionObject_Create
|
|||
mdso->types[i] = attributes[i].type;
|
||||
mdso->attributes[i].size = attributes[i].ulValueLen;
|
||||
mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen);
|
||||
if( (void *)NULL == mdso->attributes[i].data ) {
|
||||
if (!mdso->attributes[i].data) {
|
||||
goto loser;
|
||||
}
|
||||
(void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue,
|
||||
|
@ -298,7 +298,7 @@ nssCKMDSessionObject_Create
|
|||
}
|
||||
|
||||
mdObject = nss_ZNEW(arena, NSSCKMDObject);
|
||||
if( (NSSCKMDObject *)NULL == mdObject ) {
|
||||
if (!mdObject) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -314,7 +314,7 @@ nssCKMDSessionObject_Create
|
|||
mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize;
|
||||
|
||||
hash = nssCKFWToken_GetSessionObjectHash(fwToken);
|
||||
if( (nssCKFWHash *)NULL == hash ) {
|
||||
if (!hash) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -335,8 +335,8 @@ nssCKMDSessionObject_Create
|
|||
return mdObject;
|
||||
|
||||
loser:
|
||||
if( (nssCKMDSessionObject *)NULL != mdso ) {
|
||||
if( (NSSItem *)NULL != mdso->attributes ) {
|
||||
if (mdso) {
|
||||
if (mdso->attributes) {
|
||||
for( i = 0; i < ulCount; i++ ) {
|
||||
nss_ZFreeIf(mdso->attributes[i].data);
|
||||
}
|
||||
|
@ -475,7 +475,7 @@ nss_ckmdSessionObject_GetAttributeCount
|
|||
nssCKMDSessionObject *obj;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -560,7 +560,7 @@ nss_ckmdSessionObject_GetAttributeSize
|
|||
CK_ULONG i;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -610,7 +610,7 @@ nss_ckmdSessionObject_GetAttribute
|
|||
item.needsFreeing = PR_FALSE;
|
||||
item.item = NULL;
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return item;
|
||||
}
|
||||
|
||||
|
@ -684,7 +684,7 @@ nss_ckmdSessionObject_SetAttribute
|
|||
|
||||
n.size = value->size;
|
||||
n.data = nss_ZAlloc(obj->arena, n.size);
|
||||
if( (void *)NULL == n.data ) {
|
||||
if (!n.data) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
(void)nsslibc_memcpy(n.data, value->data, n.size);
|
||||
|
@ -702,7 +702,7 @@ nss_ckmdSessionObject_SetAttribute
|
|||
*/
|
||||
|
||||
ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1));
|
||||
if( (NSSItem *)NULL == ra ) {
|
||||
if (!ra) {
|
||||
nss_ZFreeIf(n.data);
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
|
@ -711,7 +711,7 @@ nss_ckmdSessionObject_SetAttribute
|
|||
if( (CK_ATTRIBUTE_TYPE_PTR)NULL == rt ) {
|
||||
nss_ZFreeIf(n.data);
|
||||
obj->attributes = (NSSItem *)nss_ZRealloc(ra, sizeof(NSSItem) * obj->n);
|
||||
if( (NSSItem *)NULL == obj->attributes ) {
|
||||
if (!obj->attributes) {
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
return CKR_HOST_MEMORY;
|
||||
|
@ -749,7 +749,7 @@ nss_ckmdSessionObject_GetObjectSize
|
|||
CK_ULONG rv = (CK_ULONG)0;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -967,7 +967,7 @@ nssCKMDFindSessionObjects_Create
|
|||
NSSCKMDFindObjects *rv;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKMDFindObjects *)NULL;
|
||||
}
|
||||
|
||||
|
@ -985,19 +985,19 @@ nssCKMDFindSessionObjects_Create
|
|||
*pError = CKR_OK;
|
||||
|
||||
hash = nssCKFWToken_GetSessionObjectHash(fwToken);
|
||||
if( (nssCKFWHash *)NULL == hash ) {
|
||||
if (!hash) {
|
||||
*pError= CKR_GENERAL_ERROR;
|
||||
return (NSSCKMDFindObjects *)NULL;
|
||||
}
|
||||
|
||||
arena = NSSArena_Create();
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKMDFindObjects *)NULL;
|
||||
}
|
||||
|
||||
mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects);
|
||||
if( (nssCKMDFindSessionObjects *)NULL == mdfso ) {
|
||||
if (!mdfso) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
|
@ -1097,7 +1097,7 @@ nss_ckmdFindSessionObjects_Next
|
|||
|
||||
mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
|
||||
|
||||
while( (NSSCKMDObject *)NULL == rv ) {
|
||||
while (!rv) {
|
||||
if( (struct nodeStr *)NULL == mdfso->list ) {
|
||||
*pError = CKR_OK;
|
||||
return (NSSCKMDObject *)NULL;
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.6 $ $Date: 2005/01/20 02:25:45 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.7 $ $Date: 2009/02/09 07:55:53 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -172,7 +172,7 @@ nssCKFWSlot_Create
|
|||
NSSArena *arena;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
||||
|
@ -183,20 +183,20 @@ nssCKFWSlot_Create
|
|||
#endif /* NSSDEBUG */
|
||||
|
||||
mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
|
||||
if( (NSSCKMDInstance *)NULL == mdInstance ) {
|
||||
if (!mdInstance) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
||||
arena = nssCKFWInstance_GetArena(fwInstance, pError);
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
fwSlot = nss_ZNEW(arena, NSSCKFWSlot);
|
||||
if( (NSSCKFWSlot *)NULL == fwSlot ) {
|
||||
if (!fwSlot) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
@ -207,7 +207,7 @@ nssCKFWSlot_Create
|
|||
fwSlot->slotID = slotID;
|
||||
|
||||
fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
|
||||
if( (NSSCKFWMutex *)NULL == fwSlot->mutex ) {
|
||||
if (!fwSlot->mutex) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -215,7 +215,7 @@ nssCKFWSlot_Create
|
|||
return (NSSCKFWSlot *)NULL;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)mdSlot->Initialize ) {
|
||||
if (mdSlot->Initialize) {
|
||||
*pError = CKR_OK;
|
||||
*pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance);
|
||||
if( CKR_OK != *pError ) {
|
||||
|
@ -228,7 +228,7 @@ nssCKFWSlot_Create
|
|||
#ifdef DEBUG
|
||||
*pError = slot_add_pointer(fwSlot);
|
||||
if( CKR_OK != *pError ) {
|
||||
if( (void *)NULL != (void *)mdSlot->Destroy ) {
|
||||
if (mdSlot->Destroy) {
|
||||
mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance);
|
||||
}
|
||||
|
||||
|
@ -265,7 +265,7 @@ nssCKFWSlot_Destroy
|
|||
|
||||
(void)nssCKFWMutex_Destroy(fwSlot->mutex);
|
||||
|
||||
if( (void *)NULL != (void *)fwSlot->mdSlot->Destroy ) {
|
||||
if (fwSlot->mdSlot->Destroy) {
|
||||
fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
|
||||
fwSlot->mdInstance, fwSlot->fwInstance);
|
||||
}
|
||||
|
@ -384,12 +384,12 @@ nssCKFWSlot_GetSlotDescription
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwSlot->slotDescription ) {
|
||||
if( (void *)NULL != (void *)fwSlot->mdSlot->GetSlotDescription ) {
|
||||
if (!fwSlot->slotDescription) {
|
||||
if (fwSlot->mdSlot->GetSlotDescription) {
|
||||
fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription(
|
||||
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
|
||||
fwSlot->fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwSlot->slotDescription) && (CKR_OK != error) ) {
|
||||
if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -434,12 +434,12 @@ nssCKFWSlot_GetManufacturerID
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwSlot->manufacturerID ) {
|
||||
if( (void *)NULL != (void *)fwSlot->mdSlot->GetManufacturerID ) {
|
||||
if (!fwSlot->manufacturerID) {
|
||||
if (fwSlot->mdSlot->GetManufacturerID) {
|
||||
fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID(
|
||||
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
|
||||
fwSlot->fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwSlot->manufacturerID) && (CKR_OK != error) ) {
|
||||
if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -471,7 +471,7 @@ nssCKFWSlot_GetTokenPresent
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSlot->mdSlot->GetTokenPresent ) {
|
||||
if (!fwSlot->mdSlot->GetTokenPresent) {
|
||||
return CK_TRUE;
|
||||
}
|
||||
|
||||
|
@ -495,7 +495,7 @@ nssCKFWSlot_GetRemovableDevice
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSlot->mdSlot->GetRemovableDevice ) {
|
||||
if (!fwSlot->mdSlot->GetRemovableDevice) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -519,7 +519,7 @@ nssCKFWSlot_GetHardwareSlot
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwSlot->mdSlot->GetHardwareSlot ) {
|
||||
if (!fwSlot->mdSlot->GetHardwareSlot) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -557,7 +557,7 @@ nssCKFWSlot_GetHardwareVersion
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwSlot->mdSlot->GetHardwareVersion ) {
|
||||
if (fwSlot->mdSlot->GetHardwareVersion) {
|
||||
fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
|
||||
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
|
||||
} else {
|
||||
|
@ -601,7 +601,7 @@ nssCKFWSlot_GetFirmwareVersion
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwSlot->mdSlot->GetFirmwareVersion ) {
|
||||
if (fwSlot->mdSlot->GetFirmwareVersion) {
|
||||
fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
|
||||
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
|
||||
} else {
|
||||
|
@ -630,7 +630,7 @@ nssCKFWSlot_GetToken
|
|||
NSSCKFWToken *fwToken;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWToken *)NULL;
|
||||
}
|
||||
|
||||
|
@ -645,8 +645,8 @@ nssCKFWSlot_GetToken
|
|||
return (NSSCKFWToken *)NULL;
|
||||
}
|
||||
|
||||
if( (NSSCKFWToken *)NULL == fwSlot->fwToken ) {
|
||||
if( (void *)NULL == (void *)fwSlot->mdSlot->GetToken ) {
|
||||
if (!fwSlot->fwToken) {
|
||||
if (!fwSlot->mdSlot->GetToken) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
fwToken = (NSSCKFWToken *)NULL;
|
||||
goto done;
|
||||
|
@ -654,7 +654,7 @@ nssCKFWSlot_GetToken
|
|||
|
||||
mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot,
|
||||
fwSlot->mdInstance, fwSlot->fwInstance, pError);
|
||||
if( (NSSCKMDToken *)NULL == mdToken ) {
|
||||
if (!mdToken) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.12 $ $Date: 2007/10/06 01:41:28 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.13 $ $Date: 2009/02/09 07:55:53 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -218,13 +218,13 @@ nssCKFWToken_Create
|
|||
*/
|
||||
|
||||
arena = NSSArena_Create();
|
||||
if( (NSSArena *)NULL == arena ) {
|
||||
if (!arena) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
||||
fwToken = nss_ZNEW(arena, NSSCKFWToken);
|
||||
if( (NSSCKFWToken *)NULL == fwToken ) {
|
||||
if (!fwToken) {
|
||||
*pError = CKR_HOST_MEMORY;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -239,7 +239,7 @@ nssCKFWToken_Create
|
|||
fwToken->rwSessionCount = 0;
|
||||
|
||||
fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
|
||||
if( (NSSCKFWMutex *)NULL == fwToken->mutex ) {
|
||||
if (!fwToken->mutex) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -247,7 +247,7 @@ nssCKFWToken_Create
|
|||
}
|
||||
|
||||
fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwToken->sessions ) {
|
||||
if (!fwToken->sessions) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -258,7 +258,7 @@ nssCKFWToken_Create
|
|||
fwToken->fwInstance) ) {
|
||||
fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
|
||||
arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwToken->sessionObjectHash ) {
|
||||
if (!fwToken->sessionObjectHash) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -268,7 +268,7 @@ nssCKFWToken_Create
|
|||
|
||||
fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
|
||||
arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwToken->mdObjectHash ) {
|
||||
if (!fwToken->mdObjectHash) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -277,7 +277,7 @@ nssCKFWToken_Create
|
|||
|
||||
fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance,
|
||||
arena, pError);
|
||||
if( (nssCKFWHash *)NULL == fwToken->mdMechanismHash ) {
|
||||
if (!fwToken->mdMechanismHash) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -286,7 +286,7 @@ nssCKFWToken_Create
|
|||
|
||||
/* More here */
|
||||
|
||||
if( (void *)NULL != (void *)mdToken->Setup ) {
|
||||
if (mdToken->Setup) {
|
||||
*pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
|
||||
if( CKR_OK != *pError ) {
|
||||
goto loser;
|
||||
|
@ -308,12 +308,12 @@ nssCKFWToken_Create
|
|||
loser:
|
||||
|
||||
if( CK_TRUE == called_setup ) {
|
||||
if( (void *)NULL != (void *)mdToken->Invalidate ) {
|
||||
if (mdToken->Invalidate) {
|
||||
mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
|
||||
}
|
||||
}
|
||||
|
||||
if( (NSSArena *)NULL != arena ) {
|
||||
if (arena) {
|
||||
(void)NSSArena_Destroy(arena);
|
||||
}
|
||||
|
||||
|
@ -373,7 +373,7 @@ nssCKFWToken_Destroy
|
|||
|
||||
(void)nssCKFWMutex_Destroy(fwToken->mutex);
|
||||
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->Invalidate ) {
|
||||
if (fwToken->mdToken->Invalidate) {
|
||||
fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
|
||||
fwToken->mdInstance, fwToken->fwInstance);
|
||||
}
|
||||
|
@ -440,7 +440,7 @@ nssCKFWToken_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
@ -552,12 +552,12 @@ nssCKFWToken_InitToken
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->InitToken ) {
|
||||
if (!fwToken->mdToken->InitToken) {
|
||||
error = CKR_DEVICE_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if( (NSSItem *)NULL == pin ) {
|
||||
if (!pin) {
|
||||
if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
|
||||
; /* okay */
|
||||
} else {
|
||||
|
@ -566,7 +566,7 @@ nssCKFWToken_InitToken
|
|||
}
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == label ) {
|
||||
if (!label) {
|
||||
label = (NSSUTF8 *) "";
|
||||
}
|
||||
|
||||
|
@ -607,11 +607,11 @@ nssCKFWToken_GetLabel
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwToken->label ) {
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->GetLabel ) {
|
||||
if (!fwToken->label) {
|
||||
if (fwToken->mdToken->GetLabel) {
|
||||
fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
|
||||
fwToken->mdInstance, fwToken->fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwToken->label) && (CKR_OK != error) ) {
|
||||
if ((!fwToken->label) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -656,11 +656,11 @@ nssCKFWToken_GetManufacturerID
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwToken->manufacturerID ) {
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->GetManufacturerID ) {
|
||||
if (!fwToken->manufacturerID) {
|
||||
if (fwToken->mdToken->GetManufacturerID) {
|
||||
fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
|
||||
fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwToken->manufacturerID) && (CKR_OK != error) ) {
|
||||
if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -705,11 +705,11 @@ nssCKFWToken_GetModel
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwToken->model ) {
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->GetModel ) {
|
||||
if (!fwToken->model) {
|
||||
if (fwToken->mdToken->GetModel) {
|
||||
fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
|
||||
fwToken->mdInstance, fwToken->fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwToken->model) && (CKR_OK != error) ) {
|
||||
if ((!fwToken->model) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -754,11 +754,11 @@ nssCKFWToken_GetSerialNumber
|
|||
return error;
|
||||
}
|
||||
|
||||
if( (NSSUTF8 *)NULL == fwToken->serialNumber ) {
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->GetSerialNumber ) {
|
||||
if (!fwToken->serialNumber) {
|
||||
if (fwToken->mdToken->GetSerialNumber) {
|
||||
fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
|
||||
fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
|
||||
if( ((NSSUTF8 *)NULL == fwToken->serialNumber) && (CKR_OK != error) ) {
|
||||
if ((!fwToken->serialNumber) && (CKR_OK != error)) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
|
@ -791,7 +791,7 @@ nssCKFWToken_GetHasRNG
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetHasRNG ) {
|
||||
if (!fwToken->mdToken->GetHasRNG) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -815,7 +815,7 @@ nssCKFWToken_GetIsWriteProtected
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetIsWriteProtected ) {
|
||||
if (!fwToken->mdToken->GetIsWriteProtected) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -839,7 +839,7 @@ nssCKFWToken_GetLoginRequired
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetLoginRequired ) {
|
||||
if (!fwToken->mdToken->GetLoginRequired) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -863,7 +863,7 @@ nssCKFWToken_GetUserPinInitialized
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetUserPinInitialized ) {
|
||||
if (!fwToken->mdToken->GetUserPinInitialized) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -887,7 +887,7 @@ nssCKFWToken_GetRestoreKeyNotNeeded
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetRestoreKeyNotNeeded ) {
|
||||
if (!fwToken->mdToken->GetRestoreKeyNotNeeded) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -911,7 +911,7 @@ nssCKFWToken_GetHasClockOnToken
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetHasClockOnToken ) {
|
||||
if (!fwToken->mdToken->GetHasClockOnToken) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -935,7 +935,7 @@ nssCKFWToken_GetHasProtectedAuthenticationPath
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetHasProtectedAuthenticationPath ) {
|
||||
if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -959,7 +959,7 @@ nssCKFWToken_GetSupportsDualCryptoOperations
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetSupportsDualCryptoOperations ) {
|
||||
if (!fwToken->mdToken->GetSupportsDualCryptoOperations) {
|
||||
return CK_FALSE;
|
||||
}
|
||||
|
||||
|
@ -983,7 +983,7 @@ nssCKFWToken_GetMaxSessionCount
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMaxSessionCount ) {
|
||||
if (!fwToken->mdToken->GetMaxSessionCount) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1007,7 +1007,7 @@ nssCKFWToken_GetMaxRwSessionCount
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMaxRwSessionCount ) {
|
||||
if (!fwToken->mdToken->GetMaxRwSessionCount) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1031,7 +1031,7 @@ nssCKFWToken_GetMaxPinLen
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMaxPinLen ) {
|
||||
if (!fwToken->mdToken->GetMaxPinLen) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1055,7 +1055,7 @@ nssCKFWToken_GetMinPinLen
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMinPinLen ) {
|
||||
if (!fwToken->mdToken->GetMinPinLen) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1079,7 +1079,7 @@ nssCKFWToken_GetTotalPublicMemory
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetTotalPublicMemory ) {
|
||||
if (!fwToken->mdToken->GetTotalPublicMemory) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1103,7 +1103,7 @@ nssCKFWToken_GetFreePublicMemory
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetFreePublicMemory ) {
|
||||
if (!fwToken->mdToken->GetFreePublicMemory) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1127,7 +1127,7 @@ nssCKFWToken_GetTotalPrivateMemory
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetTotalPrivateMemory ) {
|
||||
if (!fwToken->mdToken->GetTotalPrivateMemory) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1151,7 +1151,7 @@ nssCKFWToken_GetFreePrivateMemory
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetFreePrivateMemory ) {
|
||||
if (!fwToken->mdToken->GetFreePrivateMemory) {
|
||||
return CK_UNAVAILABLE_INFORMATION;
|
||||
}
|
||||
|
||||
|
@ -1189,7 +1189,7 @@ nssCKFWToken_GetHardwareVersion
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->GetHardwareVersion ) {
|
||||
if (fwToken->mdToken->GetHardwareVersion) {
|
||||
fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
|
||||
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
|
||||
} else {
|
||||
|
@ -1234,7 +1234,7 @@ nssCKFWToken_GetFirmwareVersion
|
|||
goto done;
|
||||
}
|
||||
|
||||
if( (void *)NULL != (void *)fwToken->mdToken->GetFirmwareVersion ) {
|
||||
if (fwToken->mdToken->GetFirmwareVersion) {
|
||||
fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
|
||||
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
|
||||
} else {
|
||||
|
@ -1279,7 +1279,7 @@ nssCKFWToken_GetUTCTime
|
|||
return CKR_OK;
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetUTCTime ) {
|
||||
if (!fwToken->mdToken->GetUTCTime) {
|
||||
/* It said it had one! */
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1355,7 +1355,7 @@ nssCKFWToken_OpenSession
|
|||
NSSCKMDSession *mdSession;
|
||||
|
||||
#ifdef NSSDEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSCKFWSession *)NULL;
|
||||
}
|
||||
|
||||
|
@ -1395,7 +1395,7 @@ nssCKFWToken_OpenSession
|
|||
|
||||
/* We could compare sesion counts to any limits we know of, I guess.. */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->OpenSession ) {
|
||||
if (!fwToken->mdToken->OpenSession) {
|
||||
/*
|
||||
* I'm not sure that the Module actually needs to implement
|
||||
* mdSessions -- the Framework can keep track of everything
|
||||
|
@ -1406,7 +1406,7 @@ nssCKFWToken_OpenSession
|
|||
}
|
||||
|
||||
fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
|
||||
if( (NSSCKFWSession *)NULL == fwSession ) {
|
||||
if (!fwSession) {
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1416,7 +1416,7 @@ nssCKFWToken_OpenSession
|
|||
mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
|
||||
fwToken->mdInstance, fwToken->fwInstance, fwSession,
|
||||
rw, pError);
|
||||
if( (NSSCKMDSession *)NULL == mdSession ) {
|
||||
if (!mdSession) {
|
||||
(void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
|
||||
if( CKR_OK == *pError ) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
|
@ -1426,7 +1426,7 @@ nssCKFWToken_OpenSession
|
|||
|
||||
*pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
|
||||
if( CKR_OK != *pError ) {
|
||||
if( (void *)NULL != (void *)mdSession->Close ) {
|
||||
if (mdSession->Close) {
|
||||
mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
|
||||
fwToken->mdInstance, fwToken->fwInstance);
|
||||
}
|
||||
|
@ -1462,7 +1462,7 @@ nssCKFWToken_GetMechanismCount
|
|||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMechanismCount ) {
|
||||
if (!fwToken->mdToken->GetMechanismCount) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1486,12 +1486,12 @@ nssCKFWToken_GetMechanismTypes
|
|||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
|
||||
if( (CK_MECHANISM_TYPE *)NULL == types ) {
|
||||
if (!types) {
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
}
|
||||
#endif /* NSSDEBUG */
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMechanismTypes ) {
|
||||
if (!fwToken->mdToken->GetMechanismTypes) {
|
||||
/*
|
||||
* This should only be called with a sufficiently-large
|
||||
* "types" array, which can only be done if GetMechanismCount
|
||||
|
@ -1519,12 +1519,12 @@ nssCKFWToken_GetMechanism
|
|||
)
|
||||
{
|
||||
NSSCKMDMechanism *mdMechanism;
|
||||
if ((nssCKFWHash *)NULL == fwToken->mdMechanismHash) {
|
||||
if (!fwToken->mdMechanismHash) {
|
||||
*pError = CKR_GENERAL_ERROR;
|
||||
return (NSSCKFWMechanism *)NULL;
|
||||
}
|
||||
|
||||
if( (void *)NULL == (void *)fwToken->mdToken->GetMechanism ) {
|
||||
if (!fwToken->mdToken->GetMechanism) {
|
||||
/*
|
||||
* If we don't implement any GetMechanism function, then we must
|
||||
* not support any.
|
||||
|
@ -1536,7 +1536,7 @@ nssCKFWToken_GetMechanism
|
|||
/* lookup in hash table */
|
||||
mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken,
|
||||
fwToken->mdInstance, fwToken->fwInstance, which, pError);
|
||||
if ((NSSCKMDMechanism *)NULL == mdMechanism) {
|
||||
if (!mdMechanism) {
|
||||
return (NSSCKFWMechanism *) NULL;
|
||||
}
|
||||
/* store in hash table */
|
||||
|
@ -1665,7 +1665,7 @@ nssCKFWToken_CloseAllSessions
|
|||
nssCKFWHash_Destroy(fwToken->sessions);
|
||||
|
||||
fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
|
||||
if( (nssCKFWHash *)NULL == fwToken->sessions ) {
|
||||
if (!fwToken->sessions) {
|
||||
if( CKR_OK == error ) {
|
||||
error = CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
@ -1854,7 +1854,7 @@ NSSCKFWToken_GetArena
|
|||
)
|
||||
{
|
||||
#ifdef DEBUG
|
||||
if( (CK_RV *)NULL == pError ) {
|
||||
if (!pError) {
|
||||
return (NSSArena *)NULL;
|
||||
}
|
||||
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.38 $ $Date: 2008/09/30 04:09:02 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.39 $ $Date: 2009/01/22 01:29:24 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
|
@ -133,8 +133,8 @@ nssCKObject_GetAttributes (
|
|||
/* Allocate memory for each attribute. */
|
||||
for (i=0; i<count; i++) {
|
||||
CK_ULONG ulValueLen = obj_template[i].ulValueLen;
|
||||
if (ulValueLen == 0) continue;
|
||||
if (ulValueLen == (CK_ULONG) -1) {
|
||||
if (ulValueLen == 0 || ulValueLen == (CK_ULONG) -1) {
|
||||
obj_template[i].pValue = NULL;
|
||||
obj_template[i].ulValueLen = 0;
|
||||
continue;
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: blapi.h,v 1.28 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
/* $Id: blapi.h,v 1.29 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#ifndef _BLAPI_H_
|
||||
#define _BLAPI_H_
|
||||
|
@ -53,6 +53,8 @@ SEC_BEGIN_PROTOS
|
|||
** buffer must be at least the size of the public key modulus.
|
||||
*/
|
||||
|
||||
extern SECStatus BL_Init(void);
|
||||
|
||||
/*
|
||||
** Generate and return a new RSA public and private key.
|
||||
** Both keys are encoded in a single RSAPrivateKey structure.
|
||||
|
@ -1193,6 +1195,8 @@ PRBool BLAPI_VerifySelf(const char *name);
|
|||
/*********************************************************************/
|
||||
extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
|
||||
|
||||
extern void BL_SetForkState(PRBool forked);
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _BLAPI_H_ */
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* blapii.h - private data structures and prototypes for the crypto library
|
||||
*
|
||||
* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Network Security Services Library.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Sun Microsystems, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2009
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef _BLAPII_H_
|
||||
#define _BLAPII_H_
|
||||
|
||||
#include "blapit.h"
|
||||
|
||||
SEC_BEGIN_PROTOS
|
||||
|
||||
#if defined(XP_UNIX) && !defined(NO_CHECK_FORK)
|
||||
|
||||
extern PRBool parentForkedAfterC_Initialize;
|
||||
|
||||
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
|
||||
|
||||
#else
|
||||
|
||||
#define SKIP_AFTER_FORK(x) x
|
||||
|
||||
#endif
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _BLAPII_H_ */
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
|
@ -85,6 +84,10 @@ SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_
|
|||
RES = $(OBJDIR)/$(LIBRARY_NAME).res
|
||||
RESNAME = freebl.rc
|
||||
|
||||
ifndef WINCE
|
||||
OS_LIBS += shell32.lib
|
||||
endif
|
||||
|
||||
ifdef NS_USE_GCC
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(DIST)/lib \
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ldvector.c,v 1.19 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
/* $Id: ldvector.c,v 1.20 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
extern int FREEBL_InitStubs(void);
|
||||
|
@ -249,10 +249,14 @@ static const struct FREEBLVectorStr vector =
|
|||
SEED_CreateContext,
|
||||
SEED_DestroyContext,
|
||||
SEED_Encrypt,
|
||||
SEED_Decrypt
|
||||
SEED_Decrypt,
|
||||
|
||||
/* End of Version 3.011. */
|
||||
|
||||
BL_Init,
|
||||
BL_SetForkState
|
||||
|
||||
/* End of Version 3.012. */
|
||||
};
|
||||
|
||||
const FREEBLVector *
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: loader.c,v 1.40 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
/* $Id: loader.c,v 1.41 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#include "loader.h"
|
||||
#include "prmem.h"
|
||||
|
@ -198,6 +198,13 @@ freebl_RunLoaderOnce( void )
|
|||
return status;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
BL_Init(void)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_BL_Init)();
|
||||
}
|
||||
|
||||
RSAPrivateKey *
|
||||
RSA_NewKey(int keySizeInBits, SECItem * publicExponent)
|
||||
|
@ -1641,3 +1648,10 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
|
|||
return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
void BL_SetForkState(PRBool forked)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return;
|
||||
(vector->p_BL_SetForkState)(forked);
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: loader.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
/* $Id: loader.h,v 1.23 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#ifndef _LOADER_H_
|
||||
#define _LOADER_H_ 1
|
||||
|
@ -518,6 +518,10 @@ struct FREEBLVectorStr {
|
|||
|
||||
/* Version 3.011 came to here */
|
||||
|
||||
SECStatus (* p_BL_Init)(void);
|
||||
void ( * p_BL_SetForkState)(PRBool);
|
||||
|
||||
/* Version 3.012 came to here */
|
||||
};
|
||||
|
||||
typedef struct FREEBLVectorStr FREEBLVector;
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: prng_fips1861.c,v 1.28 2008/11/18 19:48:23 rrelyea%redhat.com Exp $ */
|
||||
/* $Id: prng_fips1861.c,v 1.29 2009/02/03 05:34:41 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
|
@ -53,6 +53,7 @@
|
|||
#include "sha256.h"
|
||||
#include "secrng.h" /* for RNG_GetNoise() */
|
||||
#include "secmpi.h"
|
||||
#include "blapii.h"
|
||||
|
||||
/*
|
||||
* The minimum amount of seed data required before the generator will
|
||||
|
@ -188,7 +189,7 @@ freeRNGContext()
|
|||
SECStatus rv;
|
||||
|
||||
/* destroy context lock */
|
||||
PZ_DestroyLock(globalrng->lock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(globalrng->lock));
|
||||
|
||||
/* zero global RNG context except for XKEY to preserve entropy */
|
||||
rv = SHA256_HashBuf(inputhash, globalrng->XKEY, BSIZE);
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* RSA key generation, public key op, private key op.
|
||||
*
|
||||
* $Id: rsa.c,v 1.38 2008/11/18 19:48:24 rrelyea%redhat.com Exp $
|
||||
* $Id: rsa.c,v 1.39 2009/02/03 05:34:41 julien.pierre.boogz%sun.com Exp $
|
||||
*/
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
|
@ -54,6 +54,7 @@
|
|||
#include "mplogic.h"
|
||||
#include "secmpi.h"
|
||||
#include "secitem.h"
|
||||
#include "blapii.h"
|
||||
|
||||
/*
|
||||
** Number of times to attempt to generate a prime (p or q) from a random
|
||||
|
@ -602,10 +603,8 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
|
|||
struct RSABlindingParamsStr *rsabp = NULL;
|
||||
/* Init the list if neccessary (the init function is only called once!) */
|
||||
if (blindingParamsList.lock == NULL) {
|
||||
if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
/* Acquire the list lock */
|
||||
PZ_Lock(blindingParamsList.lock);
|
||||
|
@ -921,6 +920,20 @@ cleanup:
|
|||
return rv;
|
||||
}
|
||||
|
||||
static SECStatus RSA_Init(void)
|
||||
{
|
||||
if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus BL_Init(void)
|
||||
{
|
||||
return RSA_Init();
|
||||
}
|
||||
|
||||
/* cleanup at shutdown */
|
||||
void RSA_Cleanup(void)
|
||||
{
|
||||
|
@ -940,7 +953,7 @@ void RSA_Cleanup(void)
|
|||
|
||||
if (blindingParamsList.lock)
|
||||
{
|
||||
PZ_DestroyLock(blindingParamsList.lock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(blindingParamsList.lock));
|
||||
blindingParamsList.lock = NULL;
|
||||
}
|
||||
|
||||
|
@ -958,3 +971,14 @@ void BL_Cleanup(void)
|
|||
{
|
||||
RSA_Cleanup();
|
||||
}
|
||||
|
||||
PRBool parentForkedAfterC_Initialize;
|
||||
|
||||
/*
|
||||
* Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms.
|
||||
*/
|
||||
void BL_SetForkState(PRBool forked)
|
||||
{
|
||||
parentForkedAfterC_Initialize = forked;
|
||||
}
|
||||
|
||||
|
|
|
@ -36,8 +36,10 @@
|
|||
|
||||
#include "secrng.h"
|
||||
#include "secerr.h"
|
||||
|
||||
#ifdef XP_WIN
|
||||
#include <windows.h>
|
||||
#include <shlobj.h> /* for CSIDL constants */
|
||||
|
||||
#if defined(_WIN32_WCE)
|
||||
#include <stdlib.h> /* Win CE puts lots of stuff here. */
|
||||
|
@ -49,13 +51,6 @@
|
|||
#include <sys/stat.h>
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
|
||||
#ifndef _WIN32
|
||||
#define VTD_Device_ID 5
|
||||
#define OP_OVERRIDE _asm _emit 0x66
|
||||
#include <dos.h>
|
||||
#endif
|
||||
|
||||
#include "prio.h"
|
||||
#include "prerror.h"
|
||||
|
||||
|
@ -67,7 +62,6 @@ static DWORD dwNumFiles, dwReadEvery;
|
|||
static BOOL
|
||||
CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
|
||||
{
|
||||
#ifdef _WIN32
|
||||
LARGE_INTEGER liCount;
|
||||
|
||||
if (!QueryPerformanceCounter(&liCount))
|
||||
|
@ -76,57 +70,6 @@ CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
|
|||
*lpdwHigh = liCount.u.HighPart;
|
||||
*lpdwLow = liCount.u.LowPart;
|
||||
return TRUE;
|
||||
|
||||
#else /* is WIN16 */
|
||||
BOOL bRetVal;
|
||||
FARPROC lpAPI;
|
||||
WORD w1, w2, w3, w4;
|
||||
|
||||
// Get direct access to the VTD and query the current clock tick time
|
||||
_asm {
|
||||
xor di, di
|
||||
mov es, di
|
||||
mov ax, 1684h
|
||||
mov bx, VTD_Device_ID
|
||||
int 2fh
|
||||
mov ax, es
|
||||
or ax, di
|
||||
jz EnumerateFailed
|
||||
|
||||
; VTD API is available. First store the API address (the address actually
|
||||
; contains an instruction that causes a fault, the fault handler then
|
||||
; makes the ring transition and calls the API in the VxD)
|
||||
mov word ptr lpAPI, di
|
||||
mov word ptr lpAPI+2, es
|
||||
mov ax, 100h ; API function to VTD_Get_Real_Time
|
||||
; call dword ptr [lpAPI]
|
||||
call [lpAPI]
|
||||
|
||||
; Result is in EDX:EAX which we will get 16-bits at a time
|
||||
mov w2, dx
|
||||
OP_OVERRIDE
|
||||
shr dx,10h ; really "shr edx, 16"
|
||||
mov w1, dx
|
||||
|
||||
mov w4, ax
|
||||
OP_OVERRIDE
|
||||
shr ax,10h ; really "shr eax, 16"
|
||||
mov w3, ax
|
||||
|
||||
mov bRetVal, 1 ; return TRUE
|
||||
jmp EnumerateExit
|
||||
|
||||
EnumerateFailed:
|
||||
mov bRetVal, 0 ; return FALSE
|
||||
|
||||
EnumerateExit:
|
||||
}
|
||||
|
||||
*lpdwHigh = MAKELONG(w2, w1);
|
||||
*lpdwLow = MAKELONG(w4, w3);
|
||||
|
||||
return bRetVal;
|
||||
#endif /* is WIN16 */
|
||||
}
|
||||
|
||||
size_t RNG_GetNoise(void *buf, size_t maxbuf)
|
||||
|
@ -168,125 +111,100 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
|
|||
if (maxbuf <= 0)
|
||||
return n;
|
||||
|
||||
{
|
||||
#if defined(_WIN32_WCE)
|
||||
{
|
||||
// get the number of milliseconds elapsed since Windows CE was started.
|
||||
DWORD tickCount = GetTickCount();
|
||||
nBytes = (sizeof tickCount) > maxbuf ? maxbuf : (sizeof tickCount);
|
||||
memcpy(((char *)buf) + n, &tickCount, nBytes);
|
||||
n += nBytes;
|
||||
}
|
||||
FILETIME sTime;
|
||||
SYSTEMTIME st;
|
||||
GetSystemTime(&st);
|
||||
SystemTimeToFileTime(&st,&sTime);
|
||||
#else
|
||||
{
|
||||
time_t sTime;
|
||||
// get the time in seconds since midnight Jan 1, 1970
|
||||
time(&sTime);
|
||||
#endif
|
||||
nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
|
||||
memcpy(((char *)buf) + n, &sTime, nBytes);
|
||||
n += nBytes;
|
||||
}
|
||||
#endif
|
||||
|
||||
return n;
|
||||
}
|
||||
|
||||
#if defined(_WIN32_WCE)
|
||||
static BOOL
|
||||
EnumSystemFilesWithNSPR(const char * dirName,
|
||||
BOOL recursive,
|
||||
PRInt32 (*func)(const char *))
|
||||
typedef PRInt32 (* Handler)(const char *);
|
||||
#define MAX_DEPTH 2
|
||||
|
||||
static void
|
||||
EnumSystemFilesInFolder(Handler func, PRUnichar* szSysDir, int maxDepth)
|
||||
{
|
||||
PRDir * pDir;
|
||||
PRDirEntry * pEntry;
|
||||
BOOL rv = FALSE;
|
||||
|
||||
pDir = PR_OpenDir(dirName);
|
||||
if (!pDir)
|
||||
return rv;
|
||||
while ((pEntry = PR_ReadDir(pDir, PR_SKIP_BOTH|PR_SKIP_HIDDEN)) != NULL) {
|
||||
PRStatus status;
|
||||
PRInt32 count;
|
||||
PRInt32 stop;
|
||||
PRFileInfo fileInfo;
|
||||
char szFileName[_MAX_PATH];
|
||||
|
||||
count = (PRInt32)PR_snprintf(szFileName, sizeof szFileName, "%s\\%s",
|
||||
dirName, PR_DirName(pEntry));
|
||||
if (count < 1)
|
||||
continue;
|
||||
status = PR_GetFileInfo(szFileName, &fileInfo);
|
||||
if (status != PR_SUCCESS)
|
||||
continue;
|
||||
if (fileInfo.type == PR_FILE_FILE) {
|
||||
stop = (*func)(szFileName);
|
||||
rv = TRUE;
|
||||
if (stop)
|
||||
break;
|
||||
continue;
|
||||
}
|
||||
if (recursive && fileInfo.type == PR_FILE_DIRECTORY) {
|
||||
rv |= EnumSystemFilesWithNSPR(szFileName, recursive, func);
|
||||
}
|
||||
}
|
||||
PR_CloseDir(pDir);
|
||||
return rv;
|
||||
}
|
||||
#endif
|
||||
|
||||
static BOOL
|
||||
EnumSystemFiles(PRInt32 (*func)(const char *))
|
||||
{
|
||||
#if defined(_WIN32_WCE)
|
||||
BOOL rv = FALSE;
|
||||
rv |= EnumSystemFilesWithNSPR("\\Windows\\Temporary Internet Files", TRUE, func);
|
||||
rv |= EnumSystemFilesWithNSPR("\\Temp", FALSE, func);
|
||||
rv |= EnumSystemFilesWithNSPR("\\Windows", FALSE, func);
|
||||
return rv;
|
||||
#else
|
||||
int iStatus;
|
||||
char szSysDir[_MAX_PATH];
|
||||
char szFileName[_MAX_PATH];
|
||||
#ifdef _WIN32
|
||||
WIN32_FIND_DATA fdData;
|
||||
int iContinue;
|
||||
HANDLE lFindHandle;
|
||||
#else
|
||||
struct _find_t fdData;
|
||||
#endif
|
||||
|
||||
if (!GetSystemDirectory(szSysDir, sizeof(szSysDir)))
|
||||
return FALSE;
|
||||
WIN32_FIND_DATAW fdData;
|
||||
PRUnichar szFileName[_MAX_PATH];
|
||||
char narrowFileName[_MAX_PATH];
|
||||
|
||||
if (maxDepth < 0)
|
||||
return;
|
||||
// tack *.* on the end so we actually look for files. this will
|
||||
// not overflow
|
||||
strcpy(szFileName, szSysDir);
|
||||
strcat(szFileName, "\\*.*");
|
||||
wcscpy(szFileName, szSysDir);
|
||||
wcscat(szFileName, L"\\*.*");
|
||||
|
||||
#ifdef _WIN32
|
||||
lFindHandle = FindFirstFile(szFileName, &fdData);
|
||||
lFindHandle = FindFirstFileW(szFileName, &fdData);
|
||||
if (lFindHandle == INVALID_HANDLE_VALUE)
|
||||
return FALSE;
|
||||
return;
|
||||
do {
|
||||
// pass the full pathname to the callback
|
||||
sprintf(szFileName, "%s\\%s", szSysDir, fdData.cFileName);
|
||||
(*func)(szFileName);
|
||||
iStatus = FindNextFile(lFindHandle, &fdData);
|
||||
} while (iStatus != 0);
|
||||
iContinue = 1;
|
||||
if (wcscmp(fdData.cFileName, L".") == 0 ||
|
||||
wcscmp(fdData.cFileName, L"..") == 0) {
|
||||
// skip "." and ".."
|
||||
} else {
|
||||
// pass the full pathname to the callback
|
||||
_snwprintf(szFileName, _MAX_PATH, L"%s\\%s", szSysDir,
|
||||
fdData.cFileName);
|
||||
if (fdData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
|
||||
EnumSystemFilesInFolder(func, szFileName, maxDepth - 1);
|
||||
} else {
|
||||
iContinue = WideCharToMultiByte(CP_ACP, 0, szFileName, -1,
|
||||
narrowFileName, _MAX_PATH,
|
||||
NULL, NULL);
|
||||
if (iContinue)
|
||||
iContinue = !(*func)(narrowFileName);
|
||||
}
|
||||
}
|
||||
if (iContinue)
|
||||
iContinue = FindNextFileW(lFindHandle, &fdData);
|
||||
} while (iContinue);
|
||||
FindClose(lFindHandle);
|
||||
#else
|
||||
if (_dos_findfirst(szFileName,
|
||||
_A_NORMAL | _A_RDONLY | _A_ARCH | _A_SUBDIR, &fdData) != 0)
|
||||
return FALSE;
|
||||
do {
|
||||
// pass the full pathname to the callback
|
||||
sprintf(szFileName, "%s\\%s", szSysDir, fdData.name);
|
||||
(*func)(szFileName);
|
||||
iStatus = _dos_findnext(&fdData);
|
||||
} while (iStatus == 0);
|
||||
_dos_findclose(&fdData);
|
||||
#endif
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
static BOOL
|
||||
EnumSystemFiles(Handler func)
|
||||
{
|
||||
PRUnichar szSysDir[_MAX_PATH];
|
||||
static const int folders[] = {
|
||||
CSIDL_BITBUCKET,
|
||||
CSIDL_RECENT,
|
||||
#ifndef WINCE
|
||||
CSIDL_INTERNET_CACHE,
|
||||
CSIDL_COMPUTERSNEARME,
|
||||
CSIDL_HISTORY,
|
||||
#endif
|
||||
0
|
||||
};
|
||||
int i = 0;
|
||||
if (_MAX_PATH > (i = GetTempPathW(_MAX_PATH, szSysDir))) {
|
||||
if (i > 0 && szSysDir[i-1] == L'\\')
|
||||
szSysDir[i-1] = L'\0'; // we need to lop off the trailing slash
|
||||
EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH);
|
||||
}
|
||||
for(i = 0; folders[i]; i++) {
|
||||
DWORD rv = SHGetSpecialFolderPathW(NULL, szSysDir, folders[i], 0);
|
||||
if (szSysDir[0])
|
||||
EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH);
|
||||
szSysDir[0] = L'\0';
|
||||
}
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
static PRInt32
|
||||
|
@ -342,7 +260,6 @@ void RNG_SystemInfoForRNG(void)
|
|||
DWORD dwVal;
|
||||
char buffer[256];
|
||||
int nBytes;
|
||||
#ifdef _WIN32
|
||||
MEMORYSTATUS sMem;
|
||||
HANDLE hVal;
|
||||
#if !defined(_WIN32_WCE)
|
||||
|
@ -352,17 +269,10 @@ void RNG_SystemInfoForRNG(void)
|
|||
char volName[128];
|
||||
DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
|
||||
#endif
|
||||
#else
|
||||
int iVal;
|
||||
HTASK hTask;
|
||||
WORD wDS, wCS;
|
||||
LPSTR lpszEnv;
|
||||
#endif
|
||||
|
||||
nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
|
||||
RNG_RandomUpdate(buffer, nBytes);
|
||||
|
||||
#ifdef _WIN32
|
||||
sMem.dwLength = sizeof(sMem);
|
||||
GlobalMemoryStatus(&sMem); // assorted memory stats
|
||||
RNG_RandomUpdate(&sMem, sizeof(sMem));
|
||||
|
@ -370,47 +280,12 @@ void RNG_SystemInfoForRNG(void)
|
|||
dwVal = GetLogicalDrives();
|
||||
RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
|
||||
#endif
|
||||
#else
|
||||
dwVal = GetFreeSpace(0);
|
||||
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
|
||||
|
||||
_asm mov wDS, ds;
|
||||
_asm mov wCS, cs;
|
||||
RNG_RandomUpdate(&wDS, sizeof(wDS));
|
||||
RNG_RandomUpdate(&wCS, sizeof(wCS));
|
||||
#endif
|
||||
|
||||
#ifdef _WIN32
|
||||
#if !defined(_WIN32_WCE)
|
||||
dwVal = sizeof(buffer);
|
||||
if (GetComputerName(buffer, &dwVal))
|
||||
RNG_RandomUpdate(buffer, dwVal);
|
||||
#endif
|
||||
/* XXX This is code that got yanked because of NSPR20. We should put it
|
||||
* back someday.
|
||||
*/
|
||||
#ifdef notdef
|
||||
{
|
||||
POINT ptVal;
|
||||
GetCursorPos(&ptVal);
|
||||
RNG_RandomUpdate(&ptVal, sizeof(ptVal));
|
||||
}
|
||||
|
||||
dwVal = GetQueueStatus(QS_ALLINPUT); // high and low significant
|
||||
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
|
||||
|
||||
{
|
||||
HWND hWnd;
|
||||
hWnd = GetClipboardOwner(); // 2 or 4 bytes
|
||||
RNG_RandomUpdate((void *)&hWnd, sizeof(hWnd));
|
||||
}
|
||||
|
||||
{
|
||||
UUID sUuid;
|
||||
UuidCreate(&sUuid); // this will fail on machines with no ethernet
|
||||
RNG_RandomUpdate(&sUuid, sizeof(sUuid)); // boards. shove the bits in regardless
|
||||
}
|
||||
#endif
|
||||
|
||||
hVal = GetCurrentProcess(); // 4 or 8 byte pseudo handle (a
|
||||
// constant!) of current process
|
||||
|
@ -440,27 +315,14 @@ void RNG_SystemInfoForRNG(void)
|
|||
RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags));
|
||||
RNG_RandomUpdate(buffer, strlen(buffer));
|
||||
|
||||
if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters, &dwNumClusters)) {
|
||||
if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters,
|
||||
&dwNumClusters)) {
|
||||
RNG_RandomUpdate(&dwSectors, sizeof(dwSectors));
|
||||
RNG_RandomUpdate(&dwBytes, sizeof(dwBytes));
|
||||
RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
|
||||
RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
|
||||
}
|
||||
#endif
|
||||
#else /* is WIN16 */
|
||||
hTask = GetCurrentTask();
|
||||
RNG_RandomUpdate((void *)&hTask, sizeof(hTask));
|
||||
|
||||
iVal = GetNumTasks();
|
||||
RNG_RandomUpdate(&iVal, sizeof(iVal)); // number of running tasks
|
||||
|
||||
lpszEnv = GetDOSEnvironment();
|
||||
while (*lpszEnv != '\0') {
|
||||
RNG_RandomUpdate(lpszEnv, strlen(lpszEnv));
|
||||
|
||||
lpszEnv += strlen(lpszEnv) + 1;
|
||||
}
|
||||
#endif /* is WIN16 */
|
||||
|
||||
// now let's do some files
|
||||
ReadSystemFiles();
|
||||
|
@ -477,12 +339,7 @@ void RNG_FileForRNG(const char *filename)
|
|||
PRFileInfo infoBuf;
|
||||
unsigned char buffer[1024];
|
||||
|
||||
/* windows doesn't initialize all the bytes in the stat buf,
|
||||
* so initialize them all here to avoid UMRs.
|
||||
*/
|
||||
memset(&infoBuf, 0, sizeof infoBuf);
|
||||
|
||||
if (PR_GetFileInfo(filename, &infoBuf) < 0)
|
||||
if (PR_GetFileInfo(filename, &infoBuf) != PR_SUCCESS)
|
||||
return;
|
||||
|
||||
RNG_RandomUpdate((unsigned char*)&infoBuf, sizeof(infoBuf));
|
||||
|
@ -508,6 +365,25 @@ void RNG_FileForRNG(const char *filename)
|
|||
RNG_RandomUpdate(buffer, nBytes);
|
||||
}
|
||||
|
||||
/*
|
||||
* The Windows CE and Windows Mobile FIPS Security Policy, page 13,
|
||||
* (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp825.pdf)
|
||||
* says CeGenRandom is the right function to call for creating a seed
|
||||
* for a random number generator.
|
||||
*/
|
||||
size_t RNG_SystemRNG(void *dest, size_t maxLen)
|
||||
{
|
||||
size_t bytes = 0;
|
||||
if (CeGenRandom(maxLen, dest)) {
|
||||
bytes = maxLen;
|
||||
}
|
||||
if (bytes == 0) {
|
||||
PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
|
||||
}
|
||||
return bytes;
|
||||
}
|
||||
|
||||
|
||||
#else /* not WinCE */
|
||||
|
||||
void RNG_FileForRNG(const char *filename)
|
||||
|
@ -550,8 +426,6 @@ void RNG_FileForRNG(const char *filename)
|
|||
RNG_RandomUpdate(buffer, nBytes);
|
||||
}
|
||||
|
||||
#endif /* not WinCE */
|
||||
|
||||
/*
|
||||
* CryptoAPI requires Windows NT 4.0 or Windows 95 OSR2 and later.
|
||||
* Until we drop support for Windows 95, we need to emulate some
|
||||
|
@ -644,5 +518,6 @@ done:
|
|||
FreeLibrary(hModule);
|
||||
return bytes;
|
||||
}
|
||||
#endif /* not WinCE */
|
||||
|
||||
#endif /* is XP_WIN */
|
||||
|
|
|
@ -346,6 +346,7 @@ typedef PKIX_Error *
|
|||
PKIX_PL_Cert *cert,
|
||||
PKIX_PL_Cert *issuer,
|
||||
PKIX_PL_Date *date,
|
||||
PKIX_Boolean delayCrlSigCheck,
|
||||
PKIX_UInt32 *reasonCode,
|
||||
PKIX_RevocationStatus *revStatus,
|
||||
void *plContext);
|
||||
|
|
|
@ -240,6 +240,7 @@ PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPKALGIDFAILED,pkix_CertSelector_Match_SubjP
|
|||
PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPUBKEYFAILED,pkix_CertSelector_Match_SubjPubKey failed,0),
|
||||
PKIX_ERRORENTRY(CERTSELECTORSELECTFAILED,pkix_CertSelector_Select failed,0),
|
||||
PKIX_ERRORENTRY(CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_SetCommonCertSelectorParams failed,0),
|
||||
PKIX_ERRORENTRY(CERTSETASTRUSTANCHORFAILED, PKIX_PL_Cert_SetAsTrustAnchor failed, 0),
|
||||
PKIX_ERRORENTRY(CERTSETCACHEFLAGFAILED,PKIX_PL_Cert_SetCacheFlag failed,0),
|
||||
PKIX_ERRORENTRY(CERTSETTRUSTCERTSTOREFAILED,PKIX_PL_Cert_SetTrustCertStore failed,0),
|
||||
PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFAILED,PKIX_CertStore_CertContinue failed,0),
|
||||
|
@ -435,6 +436,7 @@ PKIX_ERRORENTRY(DERUTCTIMETOASCIIFAILED,DER_UTCTimeToAscii failed,0),
|
|||
PKIX_ERRORENTRY(DESTROYSPKIFAILED,pkix_pl_DestroySPKI failed,0),
|
||||
PKIX_ERRORENTRY(DIRECTORYNAMECREATEFAILED,pkix_pl_DirectoryName_Create failed,0),
|
||||
PKIX_ERRORENTRY(DUPLICATEIMMUTABLEFAILED,pkix_duplicateImmutable failed,0),
|
||||
PKIX_ERRORENTRY(CANNOTSORTIMMUTABLELIST,pkix_List_BubbleSort can not sort immutable list,0),
|
||||
PKIX_ERRORENTRY(EKUCHECKERGETREQUIREDEKUFAILED,pkix_pl_EkuChecker_GetRequiredEku failed,0),
|
||||
PKIX_ERRORENTRY(EKUCHECKERINITIALIZEFAILED,PKIX_PL_EkuChecker_Initialize failed,0),
|
||||
PKIX_ERRORENTRY(EKUCHECKERSTATECREATEFAILED,pkix_pl_EkuCheckerState_Create failed,0),
|
||||
|
@ -477,6 +479,7 @@ PKIX_ERRORENTRY(EXTRACTPARAMETERSFAILED,pkix_ExtractParameters failed,0),
|
|||
PKIX_ERRORENTRY(FAILEDINENCODINGSEARCHREQUEST,failed in encoding searchRequest,SEC_ERROR_FAILED_TO_ENCODE_DATA),
|
||||
PKIX_ERRORENTRY(FAILEDTOGETNSSTRUSTANCHORS,Failed to get nss trusted roots,0),
|
||||
PKIX_ERRORENTRY(FAILEDTOGETTRUST, failed to get trust from the cert,0),
|
||||
PKIX_ERRORENTRY(FAILTOSELECTCERTSFROMANCHORS,failed to select certs from anchors,0),
|
||||
PKIX_ERRORENTRY(FAILUREHASHINGCERT,Failure hashing Cert,0),
|
||||
PKIX_ERRORENTRY(FAILUREHASHINGERROR,Failure hashing Error,0),
|
||||
PKIX_ERRORENTRY(FAILUREHASHINGLISTEXPECTEDPOLICYSET,Failure hashing PKIX_List expectedPolicySet,0),
|
||||
|
@ -674,6 +677,7 @@ PKIX_ERRORENTRY(LISTGETLENGTHFAILED,PKIX_List_GetLength failed,0),
|
|||
PKIX_ERRORENTRY(LISTHASHCODEFAILED,pkix_List_Hashcode failed,0),
|
||||
PKIX_ERRORENTRY(LISTINSERTITEMFAILED,PKIX_List_InsertItem failed,0),
|
||||
PKIX_ERRORENTRY(LISTISEMPTYFAILED,PKIX_List_IsEmpty failed,0),
|
||||
PKIX_ERRORENTRY(LISTMERGEFAILED,pkix_List_MergeList failed,0),
|
||||
PKIX_ERRORENTRY(LISTQUICKSORTFAILED,pkix_List_QuickSort failed,0),
|
||||
PKIX_ERRORENTRY(LISTREMOVEFAILED,pkix_List_Remove failed,0),
|
||||
PKIX_ERRORENTRY(LISTREMOVEITEMSFAILED,pkix_List_RemoveItems failed,0),
|
||||
|
|
|
@ -1511,6 +1511,8 @@ PKIX_PL_Cert_VerifySignature(
|
|||
* "cert"
|
||||
* Address of Cert whose trustworthiness is to be determined. Must be
|
||||
* non-NULL.
|
||||
* "trustOnlyUserAnchors"
|
||||
* States that we can only trust explicitly defined user trust anchors.
|
||||
* "pTrusted"
|
||||
* Address where the Boolean value will be stored. Must be non-NULL.
|
||||
* "plContext"
|
||||
|
@ -1525,9 +1527,15 @@ PKIX_PL_Cert_VerifySignature(
|
|||
PKIX_Error *
|
||||
PKIX_PL_Cert_IsCertTrusted(
|
||||
PKIX_PL_Cert *cert,
|
||||
PKIX_Boolean trustOnlyUserAnchors,
|
||||
PKIX_Boolean *pTrusted,
|
||||
void *plContext);
|
||||
|
||||
/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
|
||||
PKIX_Error*
|
||||
PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
|
||||
void *plContext);
|
||||
|
||||
/*
|
||||
* FUNCTION: PKIX_PL_Cert_GetCacheFlag
|
||||
* DESCRIPTION:
|
||||
|
|
|
@ -126,7 +126,6 @@ extern "C" {
|
|||
*/
|
||||
PKIX_Error *
|
||||
PKIX_RevocationChecker_Create(
|
||||
PKIX_PL_Date *revDate,
|
||||
PKIX_UInt32 leafMethodListFlags,
|
||||
PKIX_UInt32 chainMethodListFlags,
|
||||
PKIX_RevocationChecker **pChecker,
|
||||
|
|
|
@ -226,7 +226,8 @@ pkix_CrlChecker_CheckLocal(
|
|||
pkix_RevocationMethod *checkerObject,
|
||||
PKIX_ProcessingParams *procParams,
|
||||
PKIX_UInt32 methodFlags,
|
||||
PKIX_RevocationStatus *revStatus,
|
||||
PKIX_Boolean chainVerificationState,
|
||||
PKIX_RevocationStatus *pRevStatus,
|
||||
PKIX_UInt32 *pReasonCode,
|
||||
void *plContext)
|
||||
{
|
||||
|
@ -237,6 +238,7 @@ pkix_CrlChecker_CheckLocal(
|
|||
PKIX_UInt32 crlStoreIndex = 0;
|
||||
PKIX_UInt32 numCrlStores = 0;
|
||||
PKIX_Boolean storeIsLocal = PKIX_FALSE;
|
||||
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
|
||||
|
||||
PKIX_ENTER(CERTCHAINCHECKER, "pkix_CrlChecker_CheckLocal");
|
||||
PKIX_NULLCHECK_FOUR(cert, issuer, checkerObject, checkerObject);
|
||||
|
@ -268,10 +270,14 @@ pkix_CrlChecker_CheckLocal(
|
|||
if (storeCheckRevocationFn) {
|
||||
PKIX_CHECK(
|
||||
storeCheckRevocationFn(certStore, cert, issuer,
|
||||
date, &reasonCode,
|
||||
revStatus, plContext),
|
||||
date,
|
||||
/* delay sig check if building
|
||||
* a chain */
|
||||
!chainVerificationState,
|
||||
&reasonCode,
|
||||
&revStatus, plContext),
|
||||
PKIX_CERTSTORECRLCHECKFAILED);
|
||||
if (*revStatus == PKIX_RevStatus_Revoked) {
|
||||
if (revStatus == PKIX_RevStatus_Revoked) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -280,6 +286,7 @@ pkix_CrlChecker_CheckLocal(
|
|||
} /* while */
|
||||
|
||||
cleanup:
|
||||
*pRevStatus = revStatus;
|
||||
PKIX_DECREF(certStore);
|
||||
|
||||
PKIX_RETURN(CERTCHAINCHECKER);
|
||||
|
@ -426,6 +433,7 @@ pkix_CrlChecker_CheckExternal(
|
|||
|
||||
PKIX_CHECK(
|
||||
storeCheckRevocationFn(certStore, cert, issuer, date,
|
||||
PKIX_FALSE /* do not delay sig check */,
|
||||
&reasonCode, &revStatus, plContext),
|
||||
PKIX_CERTSTORECRLCHECKFAILED);
|
||||
if (revStatus != PKIX_RevStatus_NoInfo) {
|
||||
|
|
|
@ -62,6 +62,7 @@ pkix_CrlChecker_CheckLocal(
|
|||
pkix_RevocationMethod *checkerObject,
|
||||
PKIX_ProcessingParams *procParams,
|
||||
PKIX_UInt32 methodFlags,
|
||||
PKIX_Boolean chainVerificationState,
|
||||
PKIX_RevocationStatus *pRevStatus,
|
||||
PKIX_UInt32 *reasonCode,
|
||||
void *plContext);
|
||||
|
|
|
@ -165,6 +165,7 @@ pkix_OcspChecker_CheckLocal(
|
|||
pkix_RevocationMethod *checkerObject,
|
||||
PKIX_ProcessingParams *procParams,
|
||||
PKIX_UInt32 methodFlags,
|
||||
PKIX_Boolean chainVerificationState,
|
||||
PKIX_RevocationStatus *pRevStatus,
|
||||
PKIX_UInt32 *pReasonCode,
|
||||
void *plContext)
|
||||
|
@ -203,6 +204,11 @@ pkix_OcspChecker_CheckLocal(
|
|||
|
||||
cleanup:
|
||||
*pRevStatus = revStatus;
|
||||
|
||||
/* ocsp carries only tree statuses: good, bad, and unknown.
|
||||
* revStatus is used to pass them. reasonCode is always set
|
||||
* to be unknown. */
|
||||
*pReasonCode = crlEntryReasonUnspecified;
|
||||
PKIX_DECREF(cid);
|
||||
|
||||
PKIX_RETURN(OCSPCHECKER);
|
||||
|
@ -314,7 +320,6 @@ pkix_OcspChecker_CheckExternal(
|
|||
goto cleanup;
|
||||
}
|
||||
if (passed == PKIX_FALSE) {
|
||||
resultCode = PORT_GetError();
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
@ -336,6 +341,11 @@ cleanup:
|
|||
}
|
||||
*pRevStatus = revStatus;
|
||||
|
||||
/* ocsp carries only tree statuses: good, bad, and unknown.
|
||||
* revStatus is used to pass them. reasonCode is always set
|
||||
* to be unknown. */
|
||||
*pReasonCode = crlEntryReasonUnspecified;
|
||||
|
||||
if (!passed && cid && cid->certID) {
|
||||
/* We still own the certID object, which means that
|
||||
* it did not get consumed to create a cache entry.
|
||||
|
|
|
@ -61,6 +61,7 @@ pkix_OcspChecker_CheckLocal(
|
|||
pkix_RevocationMethod *checkerObject,
|
||||
PKIX_ProcessingParams *procParams,
|
||||
PKIX_UInt32 methodFlags,
|
||||
PKIX_Boolean chainVerificationState,
|
||||
PKIX_RevocationStatus *pRevStatus,
|
||||
PKIX_UInt32 *reasonCode,
|
||||
void *plContext);
|
||||
|
|
|
@ -67,7 +67,6 @@ pkix_RevocationChecker_Destroy(
|
|||
|
||||
checker = (PKIX_RevocationChecker *)object;
|
||||
|
||||
PKIX_DECREF(checker->date);
|
||||
PKIX_DECREF(checker->leafMethodList);
|
||||
PKIX_DECREF(checker->chainMethodList);
|
||||
|
||||
|
@ -116,8 +115,7 @@ pkix_RevocationChecker_Duplicate(
|
|||
}
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_RevocationChecker_Create(checker->date,
|
||||
checker->leafMethodListFlags,
|
||||
PKIX_RevocationChecker_Create(checker->leafMethodListFlags,
|
||||
checker->chainMethodListFlags,
|
||||
&checkerDuplicate,
|
||||
plContext),
|
||||
|
@ -201,7 +199,6 @@ pkix_RevocationChecker_SortComparator(
|
|||
*/
|
||||
PKIX_Error *
|
||||
PKIX_RevocationChecker_Create(
|
||||
PKIX_PL_Date *revDate,
|
||||
PKIX_UInt32 leafMethodListFlags,
|
||||
PKIX_UInt32 chainMethodListFlags,
|
||||
PKIX_RevocationChecker **pChecker,
|
||||
|
@ -219,9 +216,6 @@ PKIX_RevocationChecker_Create(
|
|||
plContext),
|
||||
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
|
||||
|
||||
PKIX_INCREF(revDate);
|
||||
checker->date = revDate;
|
||||
|
||||
checker->leafMethodListFlags = leafMethodListFlags;
|
||||
checker->chainMethodListFlags = chainMethodListFlags;
|
||||
checker->leafMethodList = NULL;
|
||||
|
@ -341,12 +335,13 @@ PKIX_RevocationChecker_Check(
|
|||
PKIX_Boolean onlyUseRemoteMethods = PKIX_FALSE;
|
||||
PKIX_UInt32 revFlags = 0;
|
||||
PKIX_List *revList = NULL;
|
||||
PKIX_PL_Date *date = NULL;
|
||||
pkix_RevocationMethod *method = NULL;
|
||||
void *nbioContext;
|
||||
int tries;
|
||||
|
||||
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Check");
|
||||
PKIX_NULLCHECK_ONE(revChecker);
|
||||
PKIX_NULLCHECK_TWO(revChecker, procParams);
|
||||
|
||||
nbioContext = *pNbioContext;
|
||||
*pNbioContext = NULL;
|
||||
|
@ -366,6 +361,8 @@ PKIX_RevocationChecker_Check(
|
|||
PORT_Memset(methodStatus, PKIX_RevStatus_NoInfo,
|
||||
sizeof(PKIX_RevocationStatus) * PKIX_RevocationMethod_MAX);
|
||||
|
||||
date = procParams->date;
|
||||
|
||||
/* Need to have two loops if we testing all local info first:
|
||||
* first we are going to test all local(cached) info
|
||||
* second, all remote info(fetching) */
|
||||
|
@ -392,22 +389,24 @@ PKIX_RevocationChecker_Check(
|
|||
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
|
||||
|
||||
pkixErrorResult =
|
||||
(*method->localRevChecker)(cert, issuer,
|
||||
revChecker->date,
|
||||
(*method->localRevChecker)(cert, issuer, date,
|
||||
method, procParams,
|
||||
methodFlags, &revStatus,
|
||||
methodFlags,
|
||||
chainVerificationState,
|
||||
&revStatus,
|
||||
pReasonCode, plContext);
|
||||
methodStatus[methodNum] = revStatus;
|
||||
if (revStatus == PKIX_RevStatus_Revoked) {
|
||||
/* if error was generated use it as final error. */
|
||||
overallStatus = PKIX_RevStatus_Revoked;
|
||||
goto cleanup;
|
||||
}
|
||||
if (pkixErrorResult) {
|
||||
/* Disregard errors. Only returned revStatus matters. */
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
|
||||
plContext);
|
||||
pkixErrorResult = NULL;
|
||||
}
|
||||
if (revStatus == PKIX_RevStatus_Revoked) {
|
||||
overallStatus = PKIX_RevStatus_Revoked;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
if ((!(revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST) ||
|
||||
onlyUseRemoteMethods) &&
|
||||
|
@ -416,23 +415,23 @@ PKIX_RevocationChecker_Check(
|
|||
if (!(methodFlags & PKIX_REV_M_FORBID_NETWORK_FETCHING)) {
|
||||
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
|
||||
pkixErrorResult =
|
||||
(*method->externalRevChecker)(cert, issuer,
|
||||
revChecker->date,
|
||||
(*method->externalRevChecker)(cert, issuer, date,
|
||||
method,
|
||||
procParams, methodFlags,
|
||||
&revStatus, pReasonCode,
|
||||
&nbioContext, plContext);
|
||||
methodStatus[methodNum] = revStatus;
|
||||
if (revStatus == PKIX_RevStatus_Revoked) {
|
||||
/* if error was generated use it as final error. */
|
||||
overallStatus = PKIX_RevStatus_Revoked;
|
||||
goto cleanup;
|
||||
}
|
||||
if (pkixErrorResult) {
|
||||
/* Disregard errors. Only returned revStatus matters. */
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
|
||||
plContext);
|
||||
pkixErrorResult = NULL;
|
||||
}
|
||||
if (revStatus == PKIX_RevStatus_Revoked) {
|
||||
overallStatus = PKIX_RevStatus_Revoked;
|
||||
goto cleanup;
|
||||
}
|
||||
} else if (methodFlags &
|
||||
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
|
||||
/* Info is not in the local cache. Network fetching is not
|
||||
|
|
|
@ -166,7 +166,6 @@ extern "C" {
|
|||
/* Defines check time for the cert, revocation methods lists and
|
||||
* flags for leaf and chain certs revocation tests. */
|
||||
struct PKIX_RevocationCheckerStruct {
|
||||
PKIX_PL_Date *date;
|
||||
PKIX_List *leafMethodList;
|
||||
PKIX_List *chainMethodList;
|
||||
PKIX_UInt32 leafMethodListFlags;
|
||||
|
|
|
@ -62,6 +62,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
|
|||
pkix_RevocationMethod *checkerObject,
|
||||
PKIX_ProcessingParams *procParams,
|
||||
PKIX_UInt32 methodFlags,
|
||||
PKIX_Boolean chainVerificationState,
|
||||
PKIX_RevocationStatus *pRevStatus,
|
||||
PKIX_UInt32 *reasonCode,
|
||||
void *plContext);
|
||||
|
|
|
@ -567,9 +567,12 @@ PKIX_ProcessingParams_Create(
|
|||
PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
|
||||
PKIX_LISTSETIMMUTABLEFAILED);
|
||||
|
||||
PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
|
||||
(NULL, ¶ms->date, plContext),
|
||||
PKIX_DATECREATEUTCTIMEFAILED);
|
||||
|
||||
params->hintCerts = NULL;
|
||||
params->constraints = NULL;
|
||||
params->date = NULL;
|
||||
params->initialPolicies = NULL;
|
||||
params->initialPolicyMappingInhibit = PKIX_FALSE;
|
||||
params->initialAnyPolicyInhibit = PKIX_FALSE;
|
||||
|
|
|
@ -393,6 +393,10 @@ PKIX_TrustAnchor_CreateWithCert(
|
|||
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
|
||||
|
||||
/* initialize fields */
|
||||
PKIX_CHECK(
|
||||
PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
|
||||
PKIX_CERTSETASTRUSTANCHORFAILED);
|
||||
|
||||
PKIX_INCREF(cert);
|
||||
anchor->trustedCert = cert;
|
||||
|
||||
|
|
|
@ -1203,7 +1203,7 @@ pkix_VerifyNode_FindError(
|
|||
}
|
||||
}
|
||||
|
||||
if (node->error) {
|
||||
if (node->error && node->error->plErr) {
|
||||
PKIX_INCREF(node->error);
|
||||
*error = node->error;
|
||||
}
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -66,7 +66,6 @@ typedef enum {
|
|||
BUILD_CHECKTRUSTED,
|
||||
BUILD_CHECKTRUSTED2,
|
||||
BUILD_ADDTOCHAIN,
|
||||
BUILD_CHECKWITHANCHORS,
|
||||
BUILD_CRL2PREP,
|
||||
BUILD_CRL2,
|
||||
BUILD_VALCHAIN,
|
||||
|
@ -112,14 +111,12 @@ struct PKIX_ForwardBuilderStateStruct{
|
|||
PKIX_UInt32 numAias;
|
||||
PKIX_UInt32 certIndex;
|
||||
PKIX_UInt32 aiaIndex;
|
||||
PKIX_UInt32 anchorIndex;
|
||||
PKIX_UInt32 certCheckedIndex;
|
||||
PKIX_UInt32 checkerIndex;
|
||||
PKIX_UInt32 hintCertIndex;
|
||||
PKIX_UInt32 numFanout;
|
||||
PKIX_UInt32 numDepth;
|
||||
PKIX_UInt32 reasonCode;
|
||||
PKIX_Boolean dsaParamsNeeded;
|
||||
PKIX_Boolean revCheckDelayed;
|
||||
PKIX_Boolean canBeCached;
|
||||
PKIX_Boolean useOnlyLocal;
|
||||
|
|
|
@ -728,7 +728,6 @@ pkix_CheckChain(
|
|||
void *plContext)
|
||||
{
|
||||
PKIX_UInt32 j = 0;
|
||||
SECErrorCodes reasonCode = 0;
|
||||
PKIX_Boolean revChecking = PKIX_FALSE;
|
||||
PKIX_Error *checkCertError = NULL;
|
||||
void *nbioContext = NULL;
|
||||
|
@ -793,23 +792,29 @@ pkix_CheckChain(
|
|||
|
||||
if (revChecking == PKIX_TRUE) {
|
||||
PKIX_RevocationStatus revStatus;
|
||||
PKIX_CHECK(
|
||||
pkixErrorResult =
|
||||
PKIX_RevocationChecker_Check(
|
||||
cert, issuer, revChecker,
|
||||
procParams, PKIX_TRUE,
|
||||
(j == 0) ? PKIX_TRUE : PKIX_FALSE,
|
||||
&revStatus, &reasonCode,
|
||||
&nbioContext, plContext),
|
||||
PKIX_REVCHECKCERTFAILED);
|
||||
(j == numCerts - 1) ? PKIX_TRUE : PKIX_FALSE,
|
||||
&revStatus, pReasonCode,
|
||||
&nbioContext, plContext);
|
||||
if (nbioContext != NULL) {
|
||||
*pCertCheckedIndex = j;
|
||||
*pRevChecking = revChecking;
|
||||
*pNBIOContext = nbioContext;
|
||||
goto cleanup;
|
||||
}
|
||||
if (revStatus == PKIX_RevStatus_Revoked) {
|
||||
PKIX_ERROR_CREATE(VALIDATE, PKIX_CERTIFICATEREVOKED,
|
||||
pkixErrorResult);
|
||||
if (revStatus == PKIX_RevStatus_Revoked ||
|
||||
pkixErrorResult) {
|
||||
if (!pkixErrorResult) {
|
||||
/* if pkixErrorResult is returned then
|
||||
* use it as it has a detailed revocation
|
||||
* error code. Otherwise create a new error */
|
||||
PKIX_ERROR_CREATE(VALIDATE,
|
||||
PKIX_CERTIFICATEREVOKED,
|
||||
pkixErrorResult);
|
||||
}
|
||||
goto cleanup;
|
||||
}
|
||||
revChecking = PKIX_FALSE;
|
||||
|
@ -825,7 +830,6 @@ pkix_CheckChain(
|
|||
(checkers, pFinalSubjPubKey, pPolicyTree, plContext),
|
||||
PKIX_RETRIEVEOUTPUTSFAILED);
|
||||
|
||||
*pReasonCode = (PKIX_UInt32)reasonCode;
|
||||
*pNBIOContext = NULL;
|
||||
|
||||
cleanup:
|
||||
|
|
|
@ -1225,7 +1225,10 @@ pkix_List_BubbleSort(
|
|||
|
||||
PKIX_ENTER(BUILD, "pkix_List_BubbleSort");
|
||||
PKIX_NULLCHECK_THREE(fromList, comparator, pSortedList);
|
||||
|
||||
|
||||
if (fromList->immutable) {
|
||||
PKIX_ERROR(PKIX_CANNOTSORTIMMUTABLELIST);
|
||||
}
|
||||
PKIX_CHECK(pkix_List_Duplicate
|
||||
((PKIX_PL_Object *) fromList,
|
||||
(PKIX_PL_Object **) &sortedList,
|
||||
|
|
|
@ -573,11 +573,13 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
|
|||
PKIX_PL_Cert *pkixCert,
|
||||
PKIX_PL_Cert *pkixIssuer,
|
||||
PKIX_PL_Date *date,
|
||||
PKIX_Boolean delayCrlSigCheck,
|
||||
PKIX_UInt32 *pReasonCode,
|
||||
PKIX_RevocationStatus *pStatus,
|
||||
void *plContext)
|
||||
{
|
||||
CERTCRLEntryReasonCode revReason = crlEntryReasonUnspecified;
|
||||
PKIX_RevocationStatus status = PKIX_RevStatus_NoInfo;
|
||||
PRTime time = 0;
|
||||
void *wincx = NULL;
|
||||
PRBool lockedwrite = PR_FALSE;
|
||||
|
@ -610,23 +612,29 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
|
|||
PKIX_ERROR(PKIX_CRLISSUECERTEXPIRED);
|
||||
}
|
||||
|
||||
rv = AcquireDPCache(issuer, &issuer->derSubject, NULL, time,
|
||||
rv = AcquireDPCache(issuer, &issuer->derSubject, NULL,
|
||||
/* AcquireDPCache will not validate the signature
|
||||
* on the crl if time is not specified. */
|
||||
delayCrlSigCheck ? 0: time,
|
||||
wincx, &dpcache, &lockedwrite);
|
||||
|
||||
if (rv == SECFailure) {
|
||||
PKIX_ERROR(PKIX_CERTCHECKCRLFAILED);
|
||||
}
|
||||
if (!dpcache->ncrls) {
|
||||
*pStatus = PKIX_RevStatus_NoInfo;
|
||||
if ((delayCrlSigCheck && dpcache->invalid) ||
|
||||
/* obtained cache is invalid due to delayed signature check */
|
||||
!dpcache->ncrls) {
|
||||
goto cleanup;
|
||||
}
|
||||
/* now look up the certificate SN in the DP cache's CRL */
|
||||
rv = DPCache_Lookup(dpcache, &cert->serialNumber, &entry);
|
||||
if (SECSuccess == rv && entry) {
|
||||
if (rv == SECFailure) {
|
||||
PKIX_ERROR(PKIX_CERTCHECKCRLFAILED);
|
||||
}
|
||||
if (entry) {
|
||||
/* check the time if we have one */
|
||||
if (entry->revocationDate.data && entry->revocationDate.len) {
|
||||
PRTime revocationDate = 0;
|
||||
|
||||
|
||||
if (SECSuccess == DER_DecodeTimeChoice(&revocationDate,
|
||||
&entry->revocationDate)) {
|
||||
/* we got a good revocation date, only consider the
|
||||
|
@ -645,20 +653,18 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
|
|||
rv = SECFailure;
|
||||
}
|
||||
if (SECFailure == rv) {
|
||||
CERTCRLEntryReasonCode reasonCode = crlEntryReasonUnspecified;
|
||||
|
||||
/* Find real revocation reason */
|
||||
CERT_FindCRLEntryReasonExten(entry, &reasonCode);
|
||||
*pReasonCode = (PKIX_UInt32)reasonCode;
|
||||
*pStatus = PKIX_RevStatus_Revoked;
|
||||
CERT_FindCRLEntryReasonExten(entry, &revReason);
|
||||
status = PKIX_RevStatus_Revoked;
|
||||
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
|
||||
}
|
||||
} else {
|
||||
*pReasonCode = revReason;
|
||||
*pStatus = PKIX_RevStatus_Success;
|
||||
status = PKIX_RevStatus_Success;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
*pStatus = status;
|
||||
*pReasonCode = revReason;
|
||||
if (dpcache) {
|
||||
ReleaseDPCache(dpcache, lockedwrite);
|
||||
}
|
||||
|
@ -763,9 +769,6 @@ pkix_pl_Pk11CertStore_GetCert(
|
|||
/* Don't throw away the list if one cert was bad! */
|
||||
pkixTempErrorReceived = PKIX_FALSE;
|
||||
|
||||
PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
|
||||
PKIX_LISTSETIMMUTABLEFAILED);
|
||||
|
||||
*pCertList = filtered;
|
||||
filtered = NULL;
|
||||
|
||||
|
@ -855,9 +858,6 @@ pkix_pl_Pk11CertStore_GetCRL(
|
|||
/* Don't throw away the list if one CRL was bad! */
|
||||
pkixTempErrorReceived = PKIX_FALSE;
|
||||
|
||||
PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
|
||||
PKIX_LISTSETIMMUTABLEFAILED);
|
||||
|
||||
*pCrlList = filtered;
|
||||
filtered = NULL;
|
||||
|
||||
|
|
|
@ -1490,6 +1490,7 @@ pkix_pl_Cert_CreateWithNSSCert(
|
|||
cert->store = NULL;
|
||||
cert->authorityInfoAccess = NULL;
|
||||
cert->subjectInfoAccess = NULL;
|
||||
cert->isUserTrustAnchor = PKIX_FALSE;
|
||||
|
||||
*pCert = cert;
|
||||
|
||||
|
@ -3252,6 +3253,7 @@ cleanup:
|
|||
PKIX_Error *
|
||||
PKIX_PL_Cert_IsCertTrusted(
|
||||
PKIX_PL_Cert *cert,
|
||||
PKIX_Boolean trustOnlyUserAnchors,
|
||||
PKIX_Boolean *pTrusted,
|
||||
void *plContext)
|
||||
{
|
||||
|
@ -3268,6 +3270,11 @@ PKIX_PL_Cert_IsCertTrusted(
|
|||
PKIX_ENTER(CERT, "pkix_pl_Cert_IsCertTrusted");
|
||||
PKIX_NULLCHECK_TWO(cert, pTrusted);
|
||||
|
||||
if (trustOnlyUserAnchors) {
|
||||
*pTrusted = cert->isUserTrustAnchor;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* no key usage information and store is not trusted */
|
||||
if (plContext == NULL || cert->store == NULL) {
|
||||
*pTrusted = PKIX_FALSE;
|
||||
|
@ -3322,6 +3329,19 @@ cleanup:
|
|||
PKIX_RETURN(CERT);
|
||||
}
|
||||
|
||||
/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
|
||||
PKIX_Error*
|
||||
PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
|
||||
void *plContext)
|
||||
{
|
||||
PKIX_ENTER(CERT, "PKIX_PL_Cert_SetAsTrustAnchor");
|
||||
PKIX_NULLCHECK_ONE(cert);
|
||||
|
||||
cert->isUserTrustAnchor = PKIX_TRUE;
|
||||
|
||||
PKIX_RETURN(CERT);
|
||||
}
|
||||
|
||||
/*
|
||||
* FUNCTION: PKIX_PL_Cert_GetCacheFlag (see comments in pkix_pl_pki.h)
|
||||
*/
|
||||
|
|
|
@ -85,6 +85,7 @@ struct PKIX_PL_CertStruct {
|
|||
PKIX_CertStore *store;
|
||||
PKIX_List *authorityInfoAccess; /* list of PKIX_PL_InfoAccess */
|
||||
PKIX_List *subjectInfoAccess; /* list of PKIX_PL_InfoAccess */
|
||||
PKIX_Boolean isUserTrustAnchor;
|
||||
};
|
||||
|
||||
/* see source file for function documentation */
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.65 $ $Date: 2008/06/14 04:38:32 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.66 $ $Date: 2009/02/09 07:51:27 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSPKI_H
|
||||
|
@ -317,6 +317,9 @@ nssCertificate_GetDecoding (
|
|||
)
|
||||
{
|
||||
nssDecodedCert* deco = NULL;
|
||||
if (c->type == NSSCertificateType_PKIX) {
|
||||
(void)STAN_GetCERTCertificate(c);
|
||||
}
|
||||
nssPKIObject_Lock(&c->object);
|
||||
if (!c->decoding) {
|
||||
deco = nssDecodedCert_Create(NULL, &c->encoding, c->type);
|
||||
|
|
|
@ -105,7 +105,7 @@ void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
|
|||
"phObject=%p)=0x%08lX%s",
|
||||
(PRUint32)hSession, pTemplate, (PRUint32)ulCount,
|
||||
phObject, (PRUint32)rv, shObject);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
|
||||
|
@ -124,7 +124,7 @@ void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
|
|||
"pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
|
||||
(PRUint32)hSession, (PRUint32)hObject,
|
||||
pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
|
||||
}
|
||||
|
||||
/* WARNING: hObject has been destroyed and can only be printed. */
|
||||
|
@ -138,7 +138,7 @@ void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
|
|||
PR_snprintf(msg, sizeof msg,
|
||||
"C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
|
||||
(PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
|
||||
|
@ -153,7 +153,7 @@ void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
|
|||
"pulSize=%p)=0x%08lX",
|
||||
(PRUint32)hSession, (PRUint32)hObject,
|
||||
pulSize, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
|
||||
|
@ -169,7 +169,7 @@ void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
|
|||
"pTemplate=%p, ulCount=%lu)=0x%08lX",
|
||||
(PRUint32)hSession, (PRUint32)hObject,
|
||||
pTemplate, (PRUint32)ulCount, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
|
||||
|
@ -185,7 +185,7 @@ void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
|
|||
"pTemplate=%p, ulCount=%lu)=0x%08lX",
|
||||
(PRUint32)hSession, (PRUint32)hObject,
|
||||
pTemplate, (PRUint32)ulCount, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
|
||||
|
@ -202,7 +202,7 @@ void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
|
|||
"hKey=0x%08lX)=0x%08lX",
|
||||
opName, (PRUint32)hSession, mech,
|
||||
(PRUint32)hKey, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
|
||||
|
@ -222,7 +222,7 @@ void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
|
|||
"pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
|
||||
(PRUint32)hSession, mech,
|
||||
pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
|
||||
|
@ -252,7 +252,7 @@ void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
|
|||
pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
|
||||
pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
|
||||
phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
|
||||
|
@ -271,7 +271,7 @@ void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
|
|||
"hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
|
||||
(PRUint32)hSession, mech, (PRUint32)hWrappingKey,
|
||||
(PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
|
||||
|
@ -295,7 +295,7 @@ void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
|
|||
(PRUint32)hSession, mech,
|
||||
(PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
|
||||
pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
|
||||
|
@ -334,7 +334,7 @@ void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
|
|||
(PRUint32)hSession, mech,
|
||||
(PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
|
||||
phKey, (PRUint32)rv, shKey, sTlsKeys);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
|
||||
}
|
||||
|
||||
void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
|
||||
|
@ -347,5 +347,5 @@ void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
|
|||
PR_snprintf(msg, sizeof msg,
|
||||
"C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
|
||||
(PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
|
||||
}
|
||||
|
|
|
@ -74,8 +74,13 @@
|
|||
#include <pthread.h>
|
||||
#include <dlfcn.h>
|
||||
#define LIBAUDIT_NAME "libaudit.so.0"
|
||||
#ifndef AUDIT_USER
|
||||
#define AUDIT_USER 1005 /* message type: message from userspace */
|
||||
#ifndef AUDIT_CRYPTO_TEST_USER
|
||||
#define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */
|
||||
#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
|
||||
#define AUDIT_CRYPTO_LOGIN 2402 /* Logged in as crypto officer */
|
||||
#define AUDIT_CRYPTO_LOGOUT 2403 /* Logged out from crypto */
|
||||
#define AUDIT_CRYPTO_KEY_USER 2404 /* Create,delete,negotiate */
|
||||
#define AUDIT_CRYPTO_FAILURE_USER 2405 /* Fail decrypt,encrypt,randomize */
|
||||
#endif
|
||||
static void *libaudit_handle;
|
||||
static int (*audit_open_func)(void);
|
||||
|
@ -321,6 +326,47 @@ sftk_get_object_class_and_fipsCheck(CK_SESSION_HANDLE hSession,
|
|||
return rv;
|
||||
}
|
||||
|
||||
#ifdef LINUX
|
||||
|
||||
int
|
||||
sftk_mapLinuxAuditType(NSSAuditSeverity severity, NSSAuditType auditType)
|
||||
{
|
||||
switch (auditType) {
|
||||
case NSS_AUDIT_ACCESS_KEY:
|
||||
case NSS_AUDIT_CHANGE_KEY:
|
||||
case NSS_AUDIT_COPY_KEY:
|
||||
case NSS_AUDIT_DERIVE_KEY:
|
||||
case NSS_AUDIT_DESTROY_KEY:
|
||||
case NSS_AUDIT_DIGEST_KEY:
|
||||
case NSS_AUDIT_GENERATE_KEY:
|
||||
case NSS_AUDIT_LOAD_KEY:
|
||||
case NSS_AUDIT_UNWRAP_KEY:
|
||||
case NSS_AUDIT_WRAP_KEY:
|
||||
return AUDIT_CRYPTO_KEY_USER;
|
||||
case NSS_AUDIT_CRYPT:
|
||||
return (severity == NSS_AUDIT_ERROR) ? AUDIT_CRYPTO_FAILURE_USER :
|
||||
AUDIT_CRYPTO_KEY_USER;
|
||||
case NSS_AUDIT_FIPS_STATE:
|
||||
case NSS_AUDIT_INIT_PIN:
|
||||
case NSS_AUDIT_INIT_TOKEN:
|
||||
case NSS_AUDIT_SET_PIN:
|
||||
return AUDIT_CRYPTO_PARAM_CHANGE_USER;
|
||||
case NSS_AUDIT_SELF_TEST:
|
||||
return AUDIT_CRYPTO_TEST_USER;
|
||||
case NSS_AUDIT_LOGIN:
|
||||
return AUDIT_CRYPTO_LOGIN;
|
||||
case NSS_AUDIT_LOGOUT:
|
||||
return AUDIT_CRYPTO_LOGOUT;
|
||||
/* we skip the fault case here so we can get compiler
|
||||
* warnings if new 'NSSAuditType's are added without
|
||||
* added them to this list, defaults fall through */
|
||||
}
|
||||
/* default */
|
||||
return AUDIT_CRYPTO_PARAM_CHANGE_USER;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/**********************************************************************
|
||||
*
|
||||
* FIPS 140 auditable event logging
|
||||
|
@ -344,7 +390,8 @@ PRBool sftk_audit_enabled = PR_FALSE;
|
|||
* - for assuming a role, the type of role, and the location of the request
|
||||
*/
|
||||
void
|
||||
sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg)
|
||||
sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType,
|
||||
const char *msg)
|
||||
{
|
||||
#ifdef NSS_AUDIT_WITH_SYSLOG
|
||||
int level;
|
||||
|
@ -370,6 +417,7 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg)
|
|||
}
|
||||
if (libaudit_handle) {
|
||||
int audit_fd;
|
||||
int linuxAuditType;
|
||||
int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
|
||||
char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
|
||||
if (!message) {
|
||||
|
@ -380,11 +428,12 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg)
|
|||
PR_smprintf_free(message);
|
||||
return;
|
||||
}
|
||||
linuxAuditType = sftk_mapLinuxAuditType(severity, auditType);
|
||||
if (audit_log_user_message_func) {
|
||||
audit_log_user_message_func(audit_fd, AUDIT_USER, message,
|
||||
audit_log_user_message_func(audit_fd, linuxAuditType, message,
|
||||
NULL, NULL, NULL, result);
|
||||
} else {
|
||||
audit_send_user_message_func(audit_fd, AUDIT_USER, message);
|
||||
audit_send_user_message_func(audit_fd, linuxAuditType, message);
|
||||
}
|
||||
audit_close_func(audit_fd);
|
||||
PR_smprintf_free(message);
|
||||
|
@ -446,7 +495,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
|
|||
const char *envp;
|
||||
CK_RV crv;
|
||||
|
||||
CHECK_FORK();
|
||||
sftk_ForkReset(pReserved, &crv);
|
||||
|
||||
if (nsf_init) {
|
||||
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
|
||||
|
@ -476,7 +525,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
|
|||
"C_Initialize()=0x%08lX "
|
||||
"power-up self-tests failed",
|
||||
(PRUint32)crv);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
|
||||
}
|
||||
return crv;
|
||||
}
|
||||
|
@ -489,12 +538,16 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
|
|||
CK_RV FC_Finalize (CK_VOID_PTR pReserved) {
|
||||
CK_RV crv;
|
||||
|
||||
CHECK_FORK();
|
||||
if (sftk_ForkReset(pReserved, &crv)) {
|
||||
return crv;
|
||||
}
|
||||
|
||||
if (!nsf_init) {
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
crv = nsc_CommonFinalize (pReserved, PR_TRUE);
|
||||
|
||||
nsf_init = (PRBool) !(crv == CKR_OK);
|
||||
return crv;
|
||||
}
|
||||
|
@ -580,7 +633,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
|||
PR_snprintf(msg,sizeof msg,
|
||||
"C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX",
|
||||
(PRUint32)slotID,pLabel,(PRUint32)crv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_TOKEN, msg);
|
||||
}
|
||||
return crv;
|
||||
}
|
||||
|
@ -604,7 +657,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
|||
PR_snprintf(msg,sizeof msg,
|
||||
"C_InitPIN(hSession=0x%08lX)=0x%08lX",
|
||||
(PRUint32)hSession,(PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_PIN, msg);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -629,7 +682,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
|||
PR_snprintf(msg,sizeof msg,
|
||||
"C_SetPIN(hSession=0x%08lX)=0x%08lX",
|
||||
(PRUint32)hSession,(PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_SET_PIN, msg);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -699,7 +752,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
|||
PR_snprintf(msg,sizeof msg,
|
||||
"C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
|
||||
(PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_LOGIN, msg);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -721,7 +774,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
|||
PR_snprintf(msg,sizeof msg,
|
||||
"C_Logout(hSession=0x%08lX)=0x%08lX",
|
||||
(PRUint32)hSession,(PRUint32)rv);
|
||||
sftk_LogAuditMessage(severity, msg);
|
||||
sftk_LogAuditMessage(severity, NSS_AUDIT_LOGOUT, msg);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -1416,7 +1469,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
|
|||
"self-test: continuous RNG test failed",
|
||||
(PRUint32)hSession,pRandomData,
|
||||
(PRUint32)ulRandomLen,(PRUint32)crv);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
|
||||
}
|
||||
}
|
||||
return crv;
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: keydb.c,v 1.10 2008/06/06 01:16:25 wtc%google.com Exp $ */
|
||||
/* $Id: keydb.c,v 1.11 2009/02/03 05:34:44 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#include "lowkeyi.h"
|
||||
#include "secasn1.h"
|
||||
|
@ -1051,7 +1051,7 @@ nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle)
|
|||
SECITEM_FreeItem(handle->global_salt,PR_TRUE);
|
||||
}
|
||||
if (handle->lock != NULL) {
|
||||
PZ_DestroyLock(handle->lock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(handle->lock));
|
||||
}
|
||||
|
||||
PORT_Free(handle);
|
||||
|
@ -2194,11 +2194,11 @@ keydb_Close(NSSLOWKEYDBHandle *kdb)
|
|||
DB *db = kdb->db;
|
||||
|
||||
PORT_Assert(kdbLock != NULL);
|
||||
PZ_Lock(kdbLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(kdbLock));
|
||||
|
||||
(* db->close)(db);
|
||||
|
||||
prstat = PZ_Unlock(kdbLock);
|
||||
SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock));
|
||||
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -195,4 +195,22 @@ CK_RV lg_PutMetaData(SDB *sdb, const char *id,
|
|||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#ifndef XP_UNIX
|
||||
|
||||
#define NO_CHECK_FORK
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef NO_CHECK_FORK
|
||||
|
||||
extern PRBool parentForkedAfterC_Initialize;
|
||||
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
|
||||
|
||||
#else
|
||||
|
||||
#define SKIP_AFTER_FORK(x) x
|
||||
|
||||
#endif /* NO_CHECK_FORK */
|
||||
|
||||
#endif /* _LGDB_H_ */
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: lginit.c,v 1.12 2008/02/16 04:38:07 julien.pierre.boogz%sun.com Exp $ */
|
||||
/* $Id: lginit.c,v 1.14 2009/02/03 23:18:48 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#include "lowkeyi.h"
|
||||
#include "pcert.h"
|
||||
|
@ -429,14 +429,14 @@ void
|
|||
lg_DBLock(SDB *sdb)
|
||||
{
|
||||
LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
|
||||
PR_Lock(lgdb_p->dbLock);
|
||||
SKIP_AFTER_FORK(PR_Lock(lgdb_p->dbLock));
|
||||
}
|
||||
|
||||
void
|
||||
lg_DBUnlock(SDB *sdb)
|
||||
{
|
||||
LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
|
||||
PR_Unlock(lgdb_p->dbLock);
|
||||
SKIP_AFTER_FORK(PR_Unlock(lgdb_p->dbLock));
|
||||
}
|
||||
|
||||
PLHashTable *
|
||||
|
@ -462,6 +462,13 @@ lg_getKeyDB(SDB *sdb)
|
|||
return lgdb_p->keyDB;
|
||||
}
|
||||
|
||||
PRBool parentForkedAfterC_Initialize;
|
||||
|
||||
void lg_SetForkState(PRBool forked)
|
||||
{
|
||||
parentForkedAfterC_Initialize = forked;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
lg_Close(SDB *sdb)
|
||||
{
|
||||
|
@ -474,7 +481,7 @@ lg_Close(SDB *sdb)
|
|||
nsslowkey_CloseKeyDB(lgdb_p->keyDB);
|
||||
}
|
||||
if (lgdb_p->dbLock) {
|
||||
PR_DestroyLock(lgdb_p->dbLock);
|
||||
SKIP_AFTER_FORK(PR_DestroyLock(lgdb_p->dbLock));
|
||||
}
|
||||
if (lgdb_p->hashTable) {
|
||||
PL_HashTableDestroy(lgdb_p->hashTable);
|
||||
|
@ -499,7 +506,6 @@ lg_CompareValues(const void *v1, const void *v2)
|
|||
return (value1 == value2);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle
|
||||
* with and sdb structure.
|
||||
|
@ -551,7 +557,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr,
|
|||
sdb->sdb_Abort = lg_Abort;
|
||||
sdb->sdb_Reset = lg_Reset;
|
||||
sdb->sdb_Close = lg_Close;
|
||||
|
||||
sdb->sdb_SetForkState = lg_SetForkState;
|
||||
|
||||
*pSdb = sdb;
|
||||
return CKR_OK;
|
||||
|
@ -654,10 +660,13 @@ loser:
|
|||
}
|
||||
|
||||
CK_RV
|
||||
legacy_Shutdown(void)
|
||||
legacy_Shutdown(PRBool forked)
|
||||
{
|
||||
lg_SetForkState(forked);
|
||||
nsslowcert_DestroyFreeLists();
|
||||
nsslowcert_DestroyGlobalLocks();
|
||||
SECOID_Shutdown();
|
||||
lg_SetForkState(PR_FALSE);
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Permanent Certificate database handling code
|
||||
*
|
||||
* $Id: pcertdb.c,v 1.6 2007/11/16 02:04:57 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: pcertdb.c,v 1.7 2009/02/03 05:34:44 julien.pierre.boogz%sun.com Exp $
|
||||
*/
|
||||
#include "lowkeyti.h"
|
||||
#include "pcert.h"
|
||||
|
@ -223,7 +223,7 @@ nsslowcert_LockFreeList(void)
|
|||
{
|
||||
PORT_Assert(freeListLock != NULL);
|
||||
|
||||
PZ_Lock(freeListLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(freeListLock));
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -233,11 +233,11 @@ nsslowcert_LockFreeList(void)
|
|||
static void
|
||||
nsslowcert_UnlockFreeList(void)
|
||||
{
|
||||
PRStatus prstat;
|
||||
PRStatus prstat = PR_SUCCESS;
|
||||
|
||||
PORT_Assert(freeListLock != NULL);
|
||||
|
||||
prstat = PZ_Unlock(freeListLock);
|
||||
SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
|
||||
|
||||
PORT_Assert(prstat == PR_SUCCESS);
|
||||
|
||||
|
@ -344,14 +344,14 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
|
|||
static void
|
||||
certdb_Close(DB *db)
|
||||
{
|
||||
PRStatus prstat;
|
||||
PRStatus prstat = PR_SUCCESS;
|
||||
|
||||
PORT_Assert(dbLock != NULL);
|
||||
PZ_Lock(dbLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(dbLock));
|
||||
|
||||
(* db->close)(db);
|
||||
|
||||
prstat = PZ_Unlock(dbLock);
|
||||
SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock));
|
||||
|
||||
return;
|
||||
}
|
||||
|
@ -5269,7 +5269,7 @@ nsslowcert_DestroyFreeLists(void)
|
|||
DestroyCertEntryFreeList();
|
||||
DestroyTrustFreeList();
|
||||
DestroyCertFreeList();
|
||||
PZ_DestroyLock(freeListLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(freeListLock));
|
||||
freeListLock = NULL;
|
||||
}
|
||||
|
||||
|
@ -5277,15 +5277,15 @@ void
|
|||
nsslowcert_DestroyGlobalLocks(void)
|
||||
{
|
||||
if (dbLock) {
|
||||
PZ_DestroyLock(dbLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(dbLock));
|
||||
dbLock = NULL;
|
||||
}
|
||||
if (certRefCountLock) {
|
||||
PZ_DestroyLock(certRefCountLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(certRefCountLock));
|
||||
certRefCountLock = NULL;
|
||||
}
|
||||
if (certTrustLock) {
|
||||
PZ_DestroyLock(certTrustLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(certTrustLock));
|
||||
certTrustLock = NULL;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
#include "prenv.h"
|
||||
#include "lgglue.h"
|
||||
#include "secerr.h"
|
||||
#include "softoken.h"
|
||||
|
||||
static LGOpenFunc legacy_glue_open = NULL;
|
||||
static LGReadSecmodFunc legacy_glue_readSecmod = NULL;
|
||||
|
@ -411,7 +412,10 @@ sftkdbCall_Shutdown(void)
|
|||
return CKR_OK;
|
||||
}
|
||||
if (legacy_glue_shutdown) {
|
||||
crv = (*legacy_glue_shutdown)();
|
||||
#ifdef NO_FORK_CHECK
|
||||
PRBool parentForkedAfterC_Initialize = PR_FALSE;
|
||||
#endif
|
||||
crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
|
||||
}
|
||||
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
|
||||
if (!disableUnload) {
|
||||
|
|
|
@ -66,10 +66,10 @@ typedef SECStatus (*LGDeleteSecmodFunc)(const char *appName,
|
|||
typedef SECStatus (*LGAddSecmodFunc)(const char *appName,
|
||||
const char *filename,
|
||||
const char *dbname, char *params, PRBool rw);
|
||||
typedef SECStatus (*LGShutdownFunc)(void);
|
||||
typedef SECStatus (*LGShutdownFunc)(PRBool forked);
|
||||
typedef void (*LGSetForkStateFunc)(PRBool);
|
||||
typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
|
||||
|
||||
|
||||
/*
|
||||
* Softoken Glue Functions
|
||||
*/
|
||||
|
|
|
@ -68,6 +68,8 @@
|
|||
#include "sftkdb.h"
|
||||
#include "sftkpars.h"
|
||||
|
||||
PRBool parentForkedAfterC_Initialize;
|
||||
|
||||
#ifndef NO_FORK_CHECK
|
||||
|
||||
#if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED)
|
||||
|
@ -484,7 +486,8 @@ static const struct mechanismList mechanisms[] = {
|
|||
};
|
||||
static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
|
||||
|
||||
static PRBool nsc_init = PR_FALSE;
|
||||
/* sigh global so fipstokn can read it */
|
||||
PRBool nsc_init = PR_FALSE;
|
||||
|
||||
#if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED)
|
||||
|
||||
|
@ -1190,6 +1193,21 @@ validateSecretKey(SFTKSession *session, SFTKObject *object,
|
|||
attribute->attrib.ulValueLen);
|
||||
sftk_FreeAttribute(attribute);
|
||||
break;
|
||||
case CKK_AES:
|
||||
attribute = sftk_FindAttribute(object,CKA_VALUE);
|
||||
/* shouldn't happen */
|
||||
if (attribute == NULL)
|
||||
return CKR_TEMPLATE_INCOMPLETE;
|
||||
if (attribute->attrib.ulValueLen != 16 &&
|
||||
attribute->attrib.ulValueLen != 24 &&
|
||||
attribute->attrib.ulValueLen != 32) {
|
||||
sftk_FreeAttribute(attribute);
|
||||
return CKR_KEY_SIZE_RANGE;
|
||||
}
|
||||
crv = sftk_forceAttribute(object, CKA_VALUE_LEN,
|
||||
&attribute->attrib.ulValueLen, sizeof(CK_ULONG));
|
||||
sftk_FreeAttribute(attribute);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -2224,12 +2242,12 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot)
|
|||
|
||||
/* first log out the card */
|
||||
handle = sftk_getKeyDB(slot);
|
||||
PZ_Lock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
|
||||
slot->isLoggedIn = PR_FALSE;
|
||||
if (handle) {
|
||||
sftkdb_ClearPassword(handle);
|
||||
}
|
||||
PZ_Unlock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
|
||||
if (handle) {
|
||||
sftk_freeDB(handle);
|
||||
}
|
||||
|
@ -2242,7 +2260,7 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot)
|
|||
for (i=0; i < slot->sessHashSize; i++) {
|
||||
PZLock *lock = SFTK_SESSION_LOCK(slot,i);
|
||||
do {
|
||||
PZ_Lock(lock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(lock));
|
||||
session = slot->head[i];
|
||||
/* hand deque */
|
||||
/* this duplicates function of NSC_close session functions, but
|
||||
|
@ -2252,15 +2270,15 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot)
|
|||
slot->head[i] = session->next;
|
||||
if (session->next) session->next->prev = NULL;
|
||||
session->next = session->prev = NULL;
|
||||
PZ_Unlock(lock);
|
||||
PZ_Lock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(lock));
|
||||
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
|
||||
--slot->sessionCount;
|
||||
PZ_Unlock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
|
||||
if (session->info.flags & CKF_RW_SESSION) {
|
||||
PR_AtomicDecrement(&slot->rwSessionCount);
|
||||
}
|
||||
} else {
|
||||
PZ_Unlock(lock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(lock));
|
||||
}
|
||||
if (session) sftk_FreeSession(session);
|
||||
} while (session != NULL);
|
||||
|
@ -2283,12 +2301,12 @@ sftk_DBShutdown(SFTKSlot *slot)
|
|||
{
|
||||
SFTKDBHandle *certHandle;
|
||||
SFTKDBHandle *keyHandle;
|
||||
PZ_Lock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
|
||||
certHandle = slot->certDB;
|
||||
slot->certDB = NULL;
|
||||
keyHandle = slot->keyDB;
|
||||
slot->keyDB = NULL;
|
||||
PZ_Unlock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
|
||||
if (certHandle) {
|
||||
sftk_freeDB(certHandle);
|
||||
}
|
||||
|
@ -2355,12 +2373,12 @@ SFTK_DestroySlotData(SFTKSlot *slot)
|
|||
|
||||
/* OK everything has been disassembled, now we can finally get rid
|
||||
* of the locks */
|
||||
PZ_DestroyLock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(slot->slotLock));
|
||||
slot->slotLock = NULL;
|
||||
if (slot->sessionLock) {
|
||||
for (i=0; i < slot->numSessionLocks; i++) {
|
||||
if (slot->sessionLock[i]) {
|
||||
PZ_DestroyLock(slot->sessionLock[i]);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(slot->sessionLock[i]));
|
||||
slot->sessionLock[i] = NULL;
|
||||
}
|
||||
}
|
||||
|
@ -2368,11 +2386,11 @@ SFTK_DestroySlotData(SFTKSlot *slot)
|
|||
slot->sessionLock = NULL;
|
||||
}
|
||||
if (slot->objectLock) {
|
||||
PZ_DestroyLock(slot->objectLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(slot->objectLock));
|
||||
slot->objectLock = NULL;
|
||||
}
|
||||
if (slot->pwCheckLock) {
|
||||
PR_DestroyLock(slot->pwCheckLock);
|
||||
SKIP_AFTER_FORK(PR_DestroyLock(slot->pwCheckLock));
|
||||
slot->pwCheckLock = NULL;
|
||||
}
|
||||
PORT_Free(slot);
|
||||
|
@ -2514,6 +2532,11 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
|
|||
crv = CKR_DEVICE_ERROR;
|
||||
return crv;
|
||||
}
|
||||
rv = BL_Init(); /* initialize freebl engine */
|
||||
if (rv != SECSuccess) {
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
return crv;
|
||||
}
|
||||
RNG_SystemInfoForRNG();
|
||||
|
||||
|
||||
|
@ -2523,7 +2546,7 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
|
|||
* off from the rest on NSS.
|
||||
*/
|
||||
|
||||
/* initialize the key and cert db's */
|
||||
/* initialize the key and cert db's */
|
||||
if (init_args && (!(init_args->flags & CKF_OS_LOCKING_OK))) {
|
||||
if (init_args->CreateMutex && init_args->DestroyMutex &&
|
||||
init_args->LockMutex && init_args->UnlockMutex) {
|
||||
|
@ -2562,9 +2585,11 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
|
|||
sftk_closePeer(isFIPS);
|
||||
if (sftk_audit_enabled) {
|
||||
if (isFIPS && nsc_init) {
|
||||
sftk_LogAuditMessage(NSS_AUDIT_INFO, "enabled FIPS mode");
|
||||
sftk_LogAuditMessage(NSS_AUDIT_INFO, NSS_AUDIT_FIPS_STATE,
|
||||
"enabled FIPS mode");
|
||||
} else {
|
||||
sftk_LogAuditMessage(NSS_AUDIT_INFO, "disabled FIPS mode");
|
||||
sftk_LogAuditMessage(NSS_AUDIT_INFO, NSS_AUDIT_FIPS_STATE,
|
||||
"disabled FIPS mode");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -2627,7 +2652,7 @@ CK_RV NSC_Initialize(CK_VOID_PTR pReserved)
|
|||
{
|
||||
CK_RV crv;
|
||||
|
||||
CHECK_FORK();
|
||||
sftk_ForkReset(pReserved, &crv);
|
||||
|
||||
if (nsc_init) {
|
||||
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
|
||||
|
@ -2642,9 +2667,13 @@ CK_RV NSC_Initialize(CK_VOID_PTR pReserved)
|
|||
* Cryptoki library.*/
|
||||
CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS)
|
||||
{
|
||||
/* propagate the fork status to freebl and util */
|
||||
BL_SetForkState(parentForkedAfterC_Initialize);
|
||||
UTIL_SetForkState(parentForkedAfterC_Initialize);
|
||||
|
||||
nscFreeAllSlots(isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE);
|
||||
|
||||
/* don't muck with the globals is our peer is still initialized */
|
||||
/* don't muck with the globals if our peer is still initialized */
|
||||
if (isFIPS && nsc_init) {
|
||||
return CKR_OK;
|
||||
}
|
||||
|
@ -2660,33 +2689,77 @@ CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS)
|
|||
|
||||
/* tell freeBL to clean up after itself */
|
||||
BL_Cleanup();
|
||||
/* unload freeBL shared library from memory */
|
||||
|
||||
/* reset fork status in freebl. We must do this before BL_Unload so that
|
||||
* this call doesn't force freebl to be reloaded. */
|
||||
BL_SetForkState(PR_FALSE);
|
||||
|
||||
/* unload freeBL shared library from memory. This may only decrement the
|
||||
* OS refcount if it's been loaded multiple times, eg. by libssl */
|
||||
BL_Unload();
|
||||
|
||||
/* clean up the default OID table */
|
||||
SECOID_Shutdown();
|
||||
|
||||
/* reset fork status in util */
|
||||
UTIL_SetForkState(PR_FALSE);
|
||||
|
||||
nsc_init = PR_FALSE;
|
||||
|
||||
#ifdef SOLARIS
|
||||
#ifdef CHECK_FORK_MIXED
|
||||
if (!usePthread_atfork) {
|
||||
myPid = 0; /* allow CHECK_FORK in the next softoken initialization to
|
||||
* succeed */
|
||||
} else {
|
||||
forked = PR_FALSE; /* allow reinitialization */
|
||||
}
|
||||
#elif defined(XP_UNIX) && !defined(LINUX)
|
||||
#elif defined(CHECK_FORK_GETPID)
|
||||
myPid = 0; /* allow reinitialization */
|
||||
#elif defined (CHECK_FORK_PTHREAD)
|
||||
forked = PR_FALSE; /* allow reinitialization */
|
||||
#endif
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
/* Hard-reset the entire softoken PKCS#11 module if the parent process forked
|
||||
* while it was initialized. */
|
||||
PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv)
|
||||
{
|
||||
#ifndef NO_FORK_CHECK
|
||||
if (PARENT_FORKED()) {
|
||||
parentForkedAfterC_Initialize = PR_TRUE;
|
||||
if (nsc_init) {
|
||||
/* finalize non-FIPS token */
|
||||
*crv = nsc_CommonFinalize(pReserved, PR_FALSE);
|
||||
PORT_Assert(CKR_OK == *crv);
|
||||
nsc_init = (PRBool) !(*crv == CKR_OK);
|
||||
}
|
||||
if (nsf_init) {
|
||||
/* finalize FIPS token */
|
||||
*crv = nsc_CommonFinalize(pReserved, PR_TRUE);
|
||||
PORT_Assert(CKR_OK == *crv);
|
||||
nsf_init = (PRBool) !(*crv == CKR_OK);
|
||||
}
|
||||
parentForkedAfterC_Initialize = PR_FALSE;
|
||||
return PR_TRUE;
|
||||
}
|
||||
#endif
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
/* NSC_Finalize indicates that an application is done with the
|
||||
* Cryptoki library.*/
|
||||
CK_RV NSC_Finalize (CK_VOID_PTR pReserved)
|
||||
{
|
||||
CK_RV crv;
|
||||
|
||||
CHECK_FORK();
|
||||
/* reset entire PKCS#11 module upon fork */
|
||||
if (sftk_ForkReset(pReserved, &crv)) {
|
||||
return crv;
|
||||
}
|
||||
|
||||
if (!nsc_init) {
|
||||
return CKR_OK;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
crv = nsc_CommonFinalize (pReserved, PR_FALSE);
|
||||
|
@ -3347,7 +3420,12 @@ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID)
|
|||
{
|
||||
SFTKSlot *slot;
|
||||
|
||||
CHECK_FORK();
|
||||
#ifndef NO_CHECK_FORK
|
||||
/* skip fork check if we are being called from C_Initialize or C_Finalize */
|
||||
if (!parentForkedAfterC_Initialize) {
|
||||
CHECK_FORK();
|
||||
}
|
||||
#endif
|
||||
|
||||
slot = sftk_SlotFromID(slotID, PR_FALSE);
|
||||
if (slot == NULL) return CKR_SLOT_ID_INVALID;
|
||||
|
|
|
@ -4126,7 +4126,7 @@ ecgn_done:
|
|||
"self-test: pair-wise consistency test failed",
|
||||
(PRUint32)hSession,(PRUint32)pMechanism->mechanism,
|
||||
(PRUint32)crv);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
|
||||
}
|
||||
return crv;
|
||||
}
|
||||
|
|
|
@ -584,6 +584,7 @@ SEC_BEGIN_PROTOS
|
|||
extern PRBool nsf_init;
|
||||
extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
|
||||
extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
|
||||
extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv);
|
||||
extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
|
||||
CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
|
||||
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
#include "secerr.h"
|
||||
#include "prnetdb.h" /* for PR_ntohl */
|
||||
#include "sftkdb.h"
|
||||
#include "softoken.h"
|
||||
|
||||
/*
|
||||
* ******************** Attribute Utilities *******************************
|
||||
|
@ -843,12 +844,12 @@ sftk_lookupTokenKeyByHandle(SFTKSlot *slot, CK_OBJECT_HANDLE handle)
|
|||
*/
|
||||
static void
|
||||
sftk_tokenKeyLock(SFTKSlot *slot) {
|
||||
PZ_Lock(slot->objectLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(slot->objectLock));
|
||||
}
|
||||
|
||||
static void
|
||||
sftk_tokenKeyUnlock(SFTKSlot *slot) {
|
||||
PZ_Unlock(slot->objectLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(slot->objectLock));
|
||||
}
|
||||
|
||||
static PRIntn
|
||||
|
@ -966,7 +967,7 @@ sftk_CleanupFreeList(SFTKObjectFreeList *list, PRBool isSessionList)
|
|||
if (!list->lock) {
|
||||
return;
|
||||
}
|
||||
PZ_Lock(list->lock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(list->lock));
|
||||
for (object= list->head; object != NULL;
|
||||
object = sftk_freeObjectData(object)) {
|
||||
PZ_DestroyLock(object->refLock);
|
||||
|
@ -976,8 +977,8 @@ sftk_CleanupFreeList(SFTKObjectFreeList *list, PRBool isSessionList)
|
|||
}
|
||||
list->count = 0;
|
||||
list->head = NULL;
|
||||
PZ_Unlock(list->lock);
|
||||
PZ_DestroyLock(list->lock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(list->lock));
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(list->lock));
|
||||
list->lock = NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -1653,6 +1653,14 @@ static int tableExists(sqlite3 *sqlDB, const char *tableName)
|
|||
return (sqlerr == SQLITE_OK) ? 1 : 0;
|
||||
}
|
||||
|
||||
void sdb_SetForkState(PRBool forked)
|
||||
{
|
||||
/* XXXright now this is a no-op. The global fork state in the softokn3
|
||||
* shared library is already taken care of at the PKCS#11 level.
|
||||
* If and when we add fork state to the sqlite shared library and extern
|
||||
* interface, we will need to set it and reset it from here */
|
||||
}
|
||||
|
||||
/*
|
||||
* initialize a single database
|
||||
*/
|
||||
|
@ -1900,6 +1908,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
|
|||
sdb->sdb_Commit = sdb_Commit;
|
||||
sdb->sdb_Abort = sdb_Abort;
|
||||
sdb->sdb_Close = sdb_Close;
|
||||
sdb->sdb_SetForkState = sdb_SetForkState;
|
||||
|
||||
if (inTransaction) {
|
||||
sqlerr = sqlite3_exec(sqlDB, COMMIT_CMD, NULL, 0, NULL);
|
||||
|
|
|
@ -94,6 +94,7 @@ struct SDBStr {
|
|||
CK_RV (*sdb_Abort)(SDB *sdb);
|
||||
CK_RV (*sdb_Reset)(SDB *sdb);
|
||||
CK_RV (*sdb_Close)(SDB *sdb);
|
||||
void (*sdb_SetForkState)(PRBool forked);
|
||||
};
|
||||
|
||||
CK_RV s_open(const char *directory, const char *certPrefix,
|
||||
|
|
|
@ -60,6 +60,7 @@
|
|||
#include "lgglue.h"
|
||||
#include "sftkpars.h"
|
||||
#include "secerr.h"
|
||||
#include "softoken.h"
|
||||
|
||||
/*
|
||||
* We want all databases to have the same binary representation independent of
|
||||
|
@ -76,11 +77,18 @@ static PRBool
|
|||
sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type)
|
||||
{
|
||||
switch(type) {
|
||||
case CKA_CLASS:
|
||||
case CKA_CERTIFICATE_TYPE:
|
||||
case CKA_CERTIFICATE_CATEGORY:
|
||||
case CKA_KEY_TYPE:
|
||||
case CKA_CERTIFICATE_TYPE:
|
||||
case CKA_CLASS:
|
||||
case CKA_JAVA_MIDP_SECURITY_DOMAIN:
|
||||
case CKA_KEY_GEN_MECHANISM:
|
||||
case CKA_KEY_TYPE:
|
||||
case CKA_MECHANISM_TYPE:
|
||||
case CKA_MODULUS_BITS:
|
||||
case CKA_PRIME_BITS:
|
||||
case CKA_SUBPRIME_BITS:
|
||||
case CKA_VALUE_BITS:
|
||||
case CKA_VALUE_LEN:
|
||||
|
||||
case CKA_TRUST_DIGITAL_SIGNATURE:
|
||||
case CKA_TRUST_NON_REPUDIATION:
|
||||
|
@ -873,12 +881,12 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
|
|||
/* fetch the subject of the source. For creation and merge, this should
|
||||
* be found in the template */
|
||||
attr2 = sftkdb_getAttributeFromConstTemplate(CKA_SUBJECT, ptemplate, len);
|
||||
if ((attr2 == NULL) || (attr2->ulValueLen == 0)) {
|
||||
if (sourceID == CK_INVALID_HANDLE) {
|
||||
if (sourceID == CK_INVALID_HANDLE) {
|
||||
if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen < 0)) {
|
||||
crv = CKR_TEMPLATE_INCOMPLETE;
|
||||
goto done;
|
||||
}
|
||||
|
||||
} else if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen <= 0)) {
|
||||
/* sourceID is set if we are trying to modify an existing entry instead
|
||||
* of creating a new one. In this case the subject may not be (probably
|
||||
* isn't) in the template, we have to read it from the database */
|
||||
|
@ -889,11 +897,11 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
|
|||
if (crv != CKR_OK) {
|
||||
goto done;
|
||||
}
|
||||
if (subject.ulValueLen <= 0) {
|
||||
if ((CK_LONG)subject.ulValueLen < 0) {
|
||||
crv = CKR_DEVICE_ERROR; /* closest pkcs11 error to corrupted DB */
|
||||
goto done;
|
||||
}
|
||||
temp1 = subject.pValue = PORT_Alloc(subject.ulValueLen);
|
||||
temp1 = subject.pValue = PORT_Alloc(++subject.ulValueLen);
|
||||
if (temp1 == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
goto done;
|
||||
|
@ -934,7 +942,7 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
|
|||
* source subject is too big, and therefore not a match. GetAttributeValue
|
||||
* will return CKR_BUFFER_TOO_SMALL. Otherwise it should be exactly enough
|
||||
* space (or enough space to be able to compare the result. */
|
||||
temp2 = findTemplate[0].pValue = PORT_Alloc(attr2->ulValueLen);
|
||||
temp2 = findTemplate[0].pValue = PORT_Alloc(++findTemplate[0].ulValueLen);
|
||||
if (temp2 == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
goto done;
|
||||
|
@ -954,7 +962,9 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
|
|||
/* Ok, we have both subjects, make sure they are the same.
|
||||
* Compare the subjects */
|
||||
if ((findTemplate[0].ulValueLen != attr2->ulValueLen) ||
|
||||
(PORT_Memcmp(findTemplate[0].pValue,attr2->pValue,attr2->ulValueLen) != 0)) {
|
||||
(attr2->ulValueLen > 0 &&
|
||||
PORT_Memcmp(findTemplate[0].pValue, attr2->pValue, attr2->ulValueLen)
|
||||
!= 0)) {
|
||||
crv = CKR_ATTRIBUTE_VALUE_INVALID;
|
||||
goto loser;
|
||||
}
|
||||
|
@ -1392,17 +1402,26 @@ loser:
|
|||
CK_RV
|
||||
sftkdb_CloseDB(SFTKDBHandle *handle)
|
||||
{
|
||||
#ifdef NO_FORK_CHECK
|
||||
PRBool parentForkedAfterC_Initialize = PR_FALSE;
|
||||
#endif
|
||||
if (handle == NULL) {
|
||||
return CKR_OK;
|
||||
}
|
||||
if (handle->update) {
|
||||
if (handle->db->sdb_SetForkState) {
|
||||
(*handle->db->sdb_SetForkState)(parentForkedAfterC_Initialize);
|
||||
}
|
||||
(*handle->update->sdb_Close)(handle->update);
|
||||
}
|
||||
if (handle->db) {
|
||||
if (handle->db->sdb_SetForkState) {
|
||||
(*handle->db->sdb_SetForkState)(parentForkedAfterC_Initialize);
|
||||
}
|
||||
(*handle->db->sdb_Close)(handle->db);
|
||||
}
|
||||
if (handle->passwordLock) {
|
||||
PZ_DestroyLock(handle->passwordLock);
|
||||
SKIP_AFTER_FORK(PZ_DestroyLock(handle->passwordLock));
|
||||
}
|
||||
if (handle->updatePasswordKey) {
|
||||
SECITEM_FreeItem(handle->updatePasswordKey, PR_TRUE);
|
||||
|
@ -1750,7 +1769,7 @@ typedef enum {
|
|||
} sftkdbUpdateStatus;
|
||||
|
||||
/*
|
||||
* helper function to reconsile a single trust entry.
|
||||
* helper function to reconcile a single trust entry.
|
||||
* Identify which trust entry we want to keep.
|
||||
* If we don't need to do anything (the records are already equal).
|
||||
* return SFTKDB_DO_NOTHING.
|
||||
|
@ -1765,7 +1784,7 @@ typedef enum {
|
|||
* any SFTKDB_MODIFY_OBJECT returns.
|
||||
*/
|
||||
sftkdbUpdateStatus
|
||||
sftkdb_reconsileTrustEntry(PRArenaPool *arena, CK_ATTRIBUTE *target,
|
||||
sftkdb_reconcileTrustEntry(PRArenaPool *arena, CK_ATTRIBUTE *target,
|
||||
CK_ATTRIBUTE *source)
|
||||
{
|
||||
CK_ULONG targetTrust = sftkdb_getULongFromTemplate(target->type,
|
||||
|
@ -1849,12 +1868,12 @@ const CK_ATTRIBUTE_TYPE sftkdb_trustList[] =
|
|||
#define SFTK_TRUST_TEMPLATE_COUNT \
|
||||
(sizeof(sftkdb_trustList)/sizeof(sftkdb_trustList[0]))
|
||||
/*
|
||||
* Run through the list of known trust types, and reconsile each trust
|
||||
* Run through the list of known trust types, and reconcile each trust
|
||||
* entry one by one. Keep track of we really need to write out the source
|
||||
* trust object (overwriting the existing one).
|
||||
*/
|
||||
static sftkdbUpdateStatus
|
||||
sftkdb_reconsileTrust(PRArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
|
||||
sftkdb_reconcileTrust(PRArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
|
||||
CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
|
||||
{
|
||||
CK_ATTRIBUTE trustTemplate[SFTK_TRUST_TEMPLATE_COUNT];
|
||||
|
@ -1900,7 +1919,7 @@ sftkdb_reconsileTrust(PRArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
|
|||
continue;
|
||||
|
||||
}
|
||||
status = sftkdb_reconsileTrustEntry(arena, &trustTemplate[i], attr);
|
||||
status = sftkdb_reconcileTrustEntry(arena, &trustTemplate[i], attr);
|
||||
if (status == SFTKDB_MODIFY_OBJECT) {
|
||||
update = SFTKDB_MODIFY_OBJECT;
|
||||
} else if (status == SFTKDB_DROP_ATTRIBUTE) {
|
||||
|
@ -2062,9 +2081,9 @@ sftkdb_updateObjectTemplate(PRArenaPool *arena, SDB *db,
|
|||
return sftkdb_handleIDAndName(arena, db, id, ptemplate, plen);
|
||||
case CKO_NSS_TRUST:
|
||||
/* if we have conflicting trust object types,
|
||||
* we need to reconsile them */
|
||||
* we need to reconcile them */
|
||||
*targetID = id;
|
||||
return sftkdb_reconsileTrust(arena, db, id, ptemplate, plen);
|
||||
return sftkdb_reconcileTrust(arena, db, id, ptemplate, plen);
|
||||
case CKO_SECRET_KEY:
|
||||
/* secret keys in the old database are all sdr keys,
|
||||
* unfortunately they all appear to have the same CKA_ID,
|
||||
|
@ -2364,12 +2383,12 @@ sftk_getKeyDB(SFTKSlot *slot)
|
|||
{
|
||||
SFTKDBHandle *dbHandle;
|
||||
|
||||
PZ_Lock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
|
||||
dbHandle = slot->keyDB;
|
||||
if (dbHandle) {
|
||||
PR_AtomicIncrement(&dbHandle->ref);
|
||||
}
|
||||
PZ_Unlock(slot->slotLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
|
||||
return dbHandle;
|
||||
}
|
||||
|
||||
|
|
|
@ -66,7 +66,7 @@
|
|||
#include "prsystem.h"
|
||||
#include "lgglue.h"
|
||||
#include "secerr.h"
|
||||
|
||||
#include "softoken.h"
|
||||
|
||||
/******************************************************************
|
||||
*
|
||||
|
@ -540,14 +540,14 @@ sftkdb_switchKeys(SFTKDBHandle *keydb, SECItem *passKey)
|
|||
}
|
||||
|
||||
/* an atomic pointer set would be nice */
|
||||
PZ_Lock(keydb->passwordLock);
|
||||
SKIP_AFTER_FORK(PZ_Lock(keydb->passwordLock));
|
||||
data = keydb->passwordKey.data;
|
||||
len = keydb->passwordKey.len;
|
||||
keydb->passwordKey.data = passKey->data;
|
||||
keydb->passwordKey.len = passKey->len;
|
||||
passKey->data = data;
|
||||
passKey->len = len;
|
||||
PZ_Unlock(keydb->passwordLock);
|
||||
SKIP_AFTER_FORK(PZ_Unlock(keydb->passwordLock));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: softoken.h,v 1.20 2008/11/19 00:16:56 julien.pierre.boogz%sun.com Exp $ */
|
||||
/* $Id: softoken.h,v 1.22 2009/02/03 05:34:43 julien.pierre.boogz%sun.com Exp $ */
|
||||
|
||||
#ifndef _SOFTOKEN_H_
|
||||
#define _SOFTOKEN_H_
|
||||
|
@ -189,7 +189,8 @@ unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
|
|||
*/
|
||||
extern PRBool sftk_audit_enabled;
|
||||
|
||||
extern void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg);
|
||||
extern void sftk_LogAuditMessage(NSSAuditSeverity severity,
|
||||
NSSAuditType, const char *msg);
|
||||
|
||||
extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
|
@ -325,41 +326,41 @@ extern PRBool usePthread_atfork;
|
|||
extern pid_t myPid;
|
||||
extern PRBool forked;
|
||||
|
||||
#define CHECK_FORK() \
|
||||
do { \
|
||||
if (usePthread_atfork ? forked : (myPid && myPid != getpid()) ) { \
|
||||
FORK_ASSERT(); \
|
||||
return CKR_DEVICE_ERROR; \
|
||||
} \
|
||||
} while (0)
|
||||
#define PARENT_FORKED() usePthread_atfork ? forked : (myPid && myPid != getpid())
|
||||
|
||||
#elif defined(CHECK_FORK_PTHREAD)
|
||||
|
||||
extern PRBool forked;
|
||||
|
||||
#define CHECK_FORK() \
|
||||
do { if (forked) { FORK_ASSERT(); return CKR_DEVICE_ERROR; } } while (0)
|
||||
#define PARENT_FORKED() forked
|
||||
|
||||
#else
|
||||
#elif defined(CHECK_FORK_GETPID)
|
||||
|
||||
#include <unistd.h>
|
||||
extern pid_t myPid;
|
||||
|
||||
#define PARENT_FORKED() myPid && myPid != getpid()
|
||||
|
||||
#endif
|
||||
|
||||
extern PRBool parentForkedAfterC_Initialize;
|
||||
|
||||
#define CHECK_FORK() \
|
||||
do { \
|
||||
if (myPid && myPid != getpid()) { \
|
||||
if (PARENT_FORKED()) { \
|
||||
FORK_ASSERT(); \
|
||||
return CKR_DEVICE_ERROR; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#endif
|
||||
|
||||
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
|
||||
|
||||
#else
|
||||
|
||||
/* non-Unix platforms, or fork check disabled */
|
||||
|
||||
#define CHECK_FORK()
|
||||
#define SKIP_AFTER_FORK(x) x
|
||||
|
||||
#ifndef NO_FORK_CHECK
|
||||
#define NO_FORK_CHECK
|
||||
|
@ -367,6 +368,7 @@ extern pid_t myPid;
|
|||
|
||||
#endif
|
||||
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _SOFTOKEN_H_ */
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: softoknt.h,v 1.4 2006/05/05 20:02:47 wtchang%redhat.com Exp $ */
|
||||
/* $Id: softoknt.h,v 1.5 2009/01/27 23:13:21 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef _SOFTOKNT_H_
|
||||
#define _SOFTOKNT_H_
|
||||
|
@ -70,4 +70,25 @@ typedef enum {
|
|||
NSS_AUDIT_INFO = 1 /* informational messages */
|
||||
} NSSAuditSeverity;
|
||||
|
||||
typedef enum {
|
||||
NSS_AUDIT_ACCESS_KEY = 0,
|
||||
NSS_AUDIT_CHANGE_KEY,
|
||||
NSS_AUDIT_COPY_KEY,
|
||||
NSS_AUDIT_CRYPT,
|
||||
NSS_AUDIT_DERIVE_KEY,
|
||||
NSS_AUDIT_DESTROY_KEY,
|
||||
NSS_AUDIT_DIGEST_KEY,
|
||||
NSS_AUDIT_FIPS_STATE,
|
||||
NSS_AUDIT_GENERATE_KEY,
|
||||
NSS_AUDIT_INIT_PIN,
|
||||
NSS_AUDIT_INIT_TOKEN,
|
||||
NSS_AUDIT_LOAD_KEY,
|
||||
NSS_AUDIT_LOGIN,
|
||||
NSS_AUDIT_LOGOUT,
|
||||
NSS_AUDIT_SELF_TEST,
|
||||
NSS_AUDIT_SET_PIN,
|
||||
NSS_AUDIT_UNWRAP_KEY,
|
||||
NSS_AUDIT_WRAP_KEY,
|
||||
} NSSAuditType;
|
||||
|
||||
#endif /* _SOFTOKNT_H_ */
|
||||
|
|
|
@ -235,6 +235,7 @@ NSS_Get_sgn_DigestInfoTemplate_Util;
|
|||
;+NSSUTIL_3.12.3 { # NSS Utilities 3.12.3 release
|
||||
;+ global:
|
||||
SECITEM_ReallocItem;
|
||||
UTIL_SetForkState;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
|
|
|
@ -1931,6 +1931,11 @@ SECOID_FindOIDTagDescription(SECOidTag tagnum)
|
|||
return oidData ? oidData->desc : 0;
|
||||
}
|
||||
|
||||
/* for now, this is only used in a single place, so it can remain static */
|
||||
static PRBool parentForkedAfterC_Initialize;
|
||||
|
||||
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
|
||||
|
||||
/*
|
||||
* free up the oid tables.
|
||||
*/
|
||||
|
@ -1951,7 +1956,7 @@ SECOID_Shutdown(void)
|
|||
** the destruction of data that probably isn't initialized anyway.
|
||||
*/
|
||||
if (dynOidLock) {
|
||||
NSSRWLock_LockWrite(dynOidLock);
|
||||
SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock));
|
||||
if (dynOidHash) {
|
||||
PL_HashTableDestroy(dynOidHash);
|
||||
dynOidHash = NULL;
|
||||
|
@ -1967,8 +1972,8 @@ SECOID_Shutdown(void)
|
|||
dynOidEntriesAllocated = 0;
|
||||
dynOidEntriesUsed = 0;
|
||||
|
||||
NSSRWLock_UnlockWrite(dynOidLock);
|
||||
NSSRWLock_Destroy(dynOidLock);
|
||||
SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock));
|
||||
SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock));
|
||||
dynOidLock = NULL;
|
||||
} else {
|
||||
/* Since dynOidLock doesn't exist, then all the data it protects
|
||||
|
@ -1985,3 +1990,10 @@ SECOID_Shutdown(void)
|
|||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
void UTIL_SetForkState(PRBool forked)
|
||||
{
|
||||
parentForkedAfterC_Initialize = forked;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
/*
|
||||
* secoid.h - public data structures and prototypes for ASN.1 OID functions
|
||||
*
|
||||
* $Id: secoid.h,v 1.10 2008/06/14 14:20:38 wtc%google.com Exp $
|
||||
* $Id: secoid.h,v 1.11 2009/02/03 05:34:47 julien.pierre.boogz%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "plarena.h"
|
||||
|
@ -147,6 +147,8 @@ extern SECStatus SECOID_Shutdown(void);
|
|||
extern SECStatus SEC_StringToOID(PLArenaPool *pool, SECItem *to,
|
||||
const char *from, PRUint32 len);
|
||||
|
||||
extern void UTIL_SetForkState(PRBool forked);
|
||||
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _SECOID_H_ */
|
||||
|
|
|
@ -71,12 +71,15 @@ chains_init()
|
|||
|
||||
CHAINS_SCENARIOS="${QADIR}/chains/scenarios/scenarios"
|
||||
|
||||
CERT_SN=$(date '+%m%d%H%M%S')
|
||||
PK7_NONCE=$CERT_SN;
|
||||
CERT_SN_CNT=$(date '+%m%d%H%M%S')
|
||||
CERT_SN_FIX=$(expr ${CERT_SN_CNT} - 1000)
|
||||
|
||||
PK7_NONCE=$CERT_SN_CNT;
|
||||
|
||||
AIA_FILES="${HOSTDIR}/aiafiles"
|
||||
|
||||
CU_DATA=${HOSTDIR}/cu_data
|
||||
CRL_DATA=${HOSTDIR}/crl_data
|
||||
|
||||
html_head "Certificate Chains Tests"
|
||||
}
|
||||
|
@ -102,6 +105,22 @@ print_cu_data()
|
|||
echo "==="
|
||||
}
|
||||
|
||||
set_cert_sn()
|
||||
{
|
||||
if [ -z "${SERIAL}" ]; then
|
||||
CERT_SN_CNT=$(expr ${CERT_SN_CNT} + 1)
|
||||
CERT_SN=${CERT_SN_CNT}
|
||||
else
|
||||
echo ${SERIAL} | cut -b 1 | grep '+' > /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
CERT_SN=$(echo ${SERIAL} | cut -b 2-)
|
||||
CERT_SN=$(expr ${CERT_SN_FIX} + ${CERT_SN})
|
||||
else
|
||||
CERT_SN=${SERIAL}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
############################# create_db ################################
|
||||
# local shell function to create certificate database
|
||||
########################################################################
|
||||
|
@ -119,8 +138,6 @@ create_db()
|
|||
echo "certutil -N -d ${DB} -f ${DB}/dbpasswd"
|
||||
${BINDIR}/certutil -N -d ${DB} -f ${DB}/dbpasswd
|
||||
html_msg $? 0 "${SCENARIO}${TESTNAME}"
|
||||
|
||||
TESTDB=${DB}
|
||||
}
|
||||
|
||||
########################### create_root_ca #############################
|
||||
|
@ -131,7 +148,7 @@ create_root_ca()
|
|||
ENTITY=$1
|
||||
ENTITY_DB=${ENTITY}DB
|
||||
|
||||
CERT_SN=$(expr ${CERT_SN} + 1)
|
||||
set_cert_sn
|
||||
date >> ${NOISE_FILE} 2>&1
|
||||
|
||||
CTYPE_OPT=
|
||||
|
@ -399,7 +416,7 @@ sign_cert()
|
|||
REQ=${ENTITY}Req.der
|
||||
CERT=${ENTITY}${ISSUER}.der
|
||||
|
||||
CERT_SN=$(expr ${CERT_SN} + 1)
|
||||
set_cert_sn
|
||||
|
||||
EMAIL_OPT=
|
||||
if [ "${TYPE}" = "Bridge" ]; then
|
||||
|
@ -478,16 +495,83 @@ import_cert()
|
|||
html_msg $? 0 "${SCENARIO}${TESTNAME}"
|
||||
}
|
||||
|
||||
import_crl()
|
||||
{
|
||||
IMPORT=$1
|
||||
DB=$2
|
||||
|
||||
CRL_NICK=`echo ${IMPORT} | cut -d: -f1`
|
||||
CRL_FILE=${CRL_NICK}.crl
|
||||
|
||||
if [ ! -f "${CRL_FILE}" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
TESTNAME="Importing CRL ${CRL_FILE} to ${DB} database"
|
||||
echo "${SCRIPTNAME}: ${TESTNAME}"
|
||||
echo "crlutil -I -d ${DB} -f ${DB}/dbpasswd -i ${CRL_FILE}"
|
||||
${BINDIR}/crlutil -I -d ${DB} -f ${DB}/dbpasswd -i ${CRL_FILE}
|
||||
html_msg $? 0 "${SCENARIO}${TESTNAME}"
|
||||
}
|
||||
|
||||
create_crl()
|
||||
{
|
||||
ISSUER=$1
|
||||
ISSUER_DB=${ISSUER}DB
|
||||
|
||||
CRL=${ISSUER}.crl
|
||||
|
||||
DATE=$(date -u '+%Y%m%d%H%M%SZ')
|
||||
UPDATE=$(expr $(date -u '+%Y') + 1)$(date -u '+%m%d%H%M%SZ')
|
||||
|
||||
echo "update=${DATE}" > ${CRL_DATA}
|
||||
echo "nextupdate=${UPDATE}" >> ${CRL_DATA}
|
||||
|
||||
TESTNAME="Create CRL for ${ISSUER_DB}"
|
||||
echo "${SCRIPTNAME}: ${TESTNAME}"
|
||||
echo "crlutil -G -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL}"
|
||||
echo "=== Crlutil input data ==="
|
||||
cat ${CRL_DATA}
|
||||
echo "==="
|
||||
${BINDIR}/crlutil -G -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL} < ${CRL_DATA}
|
||||
html_msg $? 0 "${SCENARIO}${TESTNAME}"
|
||||
}
|
||||
|
||||
revoke_cert()
|
||||
{
|
||||
ISSUER=$1
|
||||
ISSUER_DB=${ISSUER}DB
|
||||
|
||||
CRL=${ISSUER}.crl
|
||||
|
||||
set_cert_sn
|
||||
|
||||
sleep 1
|
||||
DATE=$(date -u '+%Y%m%d%H%M%SZ')
|
||||
echo "update=${DATE}" > ${CRL_DATA}
|
||||
echo "addcert ${CERT_SN} ${DATE}" >> ${CRL_DATA}
|
||||
|
||||
TESTNAME="Revoking certificate with SN ${CERT_SN} issued by ${ISSUER}"
|
||||
echo "${SCRIPTNAME}: ${TESTNAME}"
|
||||
echo "crlutil -M -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL}"
|
||||
echo "=== Crlutil input data ==="
|
||||
cat ${CRL_DATA}
|
||||
echo "==="
|
||||
${BINDIR}/crlutil -M -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL} < ${CRL_DATA}
|
||||
html_msg $? 0 "${SCENARIO}${TESTNAME}"
|
||||
}
|
||||
|
||||
########################################################################
|
||||
# List of global variables related to certificate verification:
|
||||
#
|
||||
# Generated by parse_config:
|
||||
# TESTDB - DB used for testing
|
||||
# DB - DB used for testing
|
||||
# FETCH - fetch flag (used with AIA extension)
|
||||
# POLICY - list of policies
|
||||
# TRUST - trust anchor
|
||||
# VERIFY - list of certificates to use as vfychain parameters
|
||||
# EXP_RESULT - expected result
|
||||
# REV_OPTS - revocation options
|
||||
########################################################################
|
||||
|
||||
############################# verify_cert ##############################
|
||||
|
@ -502,8 +586,8 @@ verify_cert()
|
|||
VFY_CERTS=
|
||||
VFY_LIST=
|
||||
|
||||
if [ -n "${TESTDB}" ]; then
|
||||
DB_OPT="-d ${TESTDB}"
|
||||
if [ -n "${DB}" ]; then
|
||||
DB_OPT="-d ${DB}"
|
||||
fi
|
||||
|
||||
if [ -n "${FETCH}" ]; then
|
||||
|
@ -546,15 +630,15 @@ verify_cert()
|
|||
fi
|
||||
done
|
||||
|
||||
TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${DB_OPT} ${FETCH_OPT} ${POLICY_OPT} ${TRUST_OPT}"
|
||||
TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${REV_OPTS} ${DB_OPT} ${FETCH_OPT} ${POLICY_OPT} ${TRUST_OPT}"
|
||||
echo "${SCRIPTNAME}: ${TESTNAME}"
|
||||
echo "vfychain ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
|
||||
echo "vfychain ${DB_OPT} -pp -vv ${REV_OPTS} ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
|
||||
|
||||
if [ -z "${MEMLEAK_DBG}" ]; then
|
||||
${BINDIR}/vfychain ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}
|
||||
${BINDIR}/vfychain ${DB_OPT} -pp -vv ${REV_OPTS} ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}
|
||||
RESULT=$?
|
||||
else
|
||||
${RUN_COMMAND_DBG} ${BINDIR}/vfychain ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT} 2>> ${LOGFILE}
|
||||
${RUN_COMMAND_DBG} ${BINDIR}/vfychain ${REV_OPTS} ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT} 2>> ${LOGFILE}
|
||||
RESULT=$?
|
||||
fi
|
||||
|
||||
|
@ -661,6 +745,17 @@ parse_config()
|
|||
"import")
|
||||
IMPORT="${VALUE}"
|
||||
import_cert "${IMPORT}" "${DB}"
|
||||
import_crl "${IMPORT}" "${DB}"
|
||||
;;
|
||||
"crl")
|
||||
ISSUER="${VALUE}"
|
||||
create_crl "${ISSUER}"
|
||||
;;
|
||||
"revoke")
|
||||
REVOKE="${VALUE}"
|
||||
;;
|
||||
"serial")
|
||||
SERIAL="${VALUE}"
|
||||
;;
|
||||
"verify")
|
||||
VERIFY="${VALUE}"
|
||||
|
@ -668,15 +763,16 @@ parse_config()
|
|||
POLICY=
|
||||
FETCH=
|
||||
EXP_RESULT=
|
||||
REV_OPTS=
|
||||
;;
|
||||
"cert")
|
||||
VERIFY="${VERIFY} ${VALUE}"
|
||||
;;
|
||||
"testdb")
|
||||
if [ -n "${VALUE}" ]; then
|
||||
TESTDB="${VALUE}DB"
|
||||
DB="${VALUE}DB"
|
||||
else
|
||||
TESTDB=
|
||||
DB=
|
||||
fi
|
||||
;;
|
||||
"trust")
|
||||
|
@ -689,6 +785,18 @@ parse_config()
|
|||
EXP_RESULT="${VALUE}"
|
||||
parse_result
|
||||
;;
|
||||
"rev_type")
|
||||
REV_OPTS="${REV_OPTS} -g ${VALUE}"
|
||||
;;
|
||||
"rev_flags")
|
||||
REV_OPTS="${REV_OPTS} -h ${VALUE}"
|
||||
;;
|
||||
"rev_mtype")
|
||||
REV_OPTS="${REV_OPTS} -m ${VALUE}"
|
||||
;;
|
||||
"rev_mflags")
|
||||
REV_OPTS="${REV_OPTS} -s ${VALUE}"
|
||||
;;
|
||||
"scenario")
|
||||
SCENARIO="${VALUE}: "
|
||||
|
||||
|
@ -701,6 +809,9 @@ parse_config()
|
|||
LOGFILE="${LOGDIR}/${LOGNAME}"
|
||||
fi
|
||||
;;
|
||||
"break")
|
||||
break
|
||||
;;
|
||||
"")
|
||||
if [ -n "${ENTITY}" ]; then
|
||||
if [ -z "${DB}" ]; then
|
||||
|
@ -717,6 +828,11 @@ parse_config()
|
|||
verify_cert
|
||||
VERIFY=
|
||||
fi
|
||||
|
||||
if [ -n "${REVOKE}" ]; then
|
||||
revoke_cert "${REVOKE}" "${DB}"
|
||||
REVOKE=
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
if [ `echo ${KEY} | cut -b 1` != "#" ]; then
|
||||
|
|
|
@ -8,6 +8,7 @@ import TestUser51:x:
|
|||
import PayPalRootCA:x:CT,C,C
|
||||
import PayPalICA:x:
|
||||
import PayPalEE:x:
|
||||
import BrAirWaysBadSig:x:
|
||||
|
||||
verify TestUser50:x
|
||||
result pass
|
||||
|
@ -19,3 +20,6 @@ verify PayPalEE:x
|
|||
policy OID.2.16.840.1.113733.1.7.23.6
|
||||
result pass
|
||||
|
||||
verify BrAirWaysBadSig:x
|
||||
result fail
|
||||
|
||||
|
|
|
@ -0,0 +1,82 @@
|
|||
scenario Revocation
|
||||
|
||||
entity Root
|
||||
type Root
|
||||
serial 10
|
||||
|
||||
entity CA0
|
||||
type Intermediate
|
||||
issuer Root
|
||||
serial 11
|
||||
|
||||
entity CA1
|
||||
type Intermediate
|
||||
issuer CA0
|
||||
serial 12
|
||||
|
||||
entity EE11
|
||||
type EE
|
||||
issuer CA1
|
||||
serial 13
|
||||
|
||||
entity EE12
|
||||
type EE
|
||||
issuer CA1
|
||||
serial 14
|
||||
|
||||
entity CA2
|
||||
type Intermediate
|
||||
issuer CA0
|
||||
serial 15
|
||||
|
||||
entity EE21
|
||||
type EE
|
||||
issuer CA2
|
||||
serial 16
|
||||
|
||||
crl Root
|
||||
crl CA0
|
||||
crl CA1
|
||||
crl CA2
|
||||
|
||||
revoke CA1
|
||||
serial 14
|
||||
|
||||
revoke CA0
|
||||
serial 15
|
||||
|
||||
db All
|
||||
|
||||
import Root::CTu,CTu,CTu
|
||||
import CA0:Root:
|
||||
import CA1:CA0:
|
||||
import CA2:CA0:
|
||||
|
||||
# EE11 - not revoked
|
||||
verify EE11:CA1
|
||||
trust Root:
|
||||
rev_type leaf
|
||||
rev_mtype crl
|
||||
result pass
|
||||
|
||||
# EE12 - revoked
|
||||
verify EE12:CA1
|
||||
trust Root:
|
||||
rev_type leaf
|
||||
rev_mtype crl
|
||||
result fail
|
||||
|
||||
# EE11 - CA1 not revoked
|
||||
verify EE11:CA1
|
||||
trust Root:
|
||||
rev_type chain
|
||||
rev_mtype crl
|
||||
result pass
|
||||
|
||||
# EE21 - CA2 revoked
|
||||
verify EE21:CA2
|
||||
trust Root:
|
||||
rev_type chain
|
||||
rev_mtype crl
|
||||
result fail
|
||||
|
|
@ -12,3 +12,4 @@ bridgewithhalfaia.cfg
|
|||
bridgewithpolicyextensionandmapping.cfg
|
||||
realcerts.cfg
|
||||
dsa.cfg
|
||||
revoc.cfg
|
||||
|
|
Двоичный файл не отображается.
Двоичные данные
security/nss/tests/libpkix/certs/PayPalEE.cert
Двоичные данные
security/nss/tests/libpkix/certs/PayPalEE.cert
Двоичный файл не отображается.
Загрузка…
Ссылка в новой задаче