Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 13:51:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 466745: Upgraded NSS to NSS_3_12_3_BETA3.

Browse Source
This commit is contained in:
Wan-Teh Chang 2009-02-10 09:18:32 -08:00
parent 314e952d65
commit feb9d03878
83 changed files with 1807 additions and 1904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
security/coreconf/WIN32.mk
View File

@ -165,6 +165,10 @@ endif
# Purify requires /FIXED:NO when linking EXEs.
LDFLAGS += /FIXED:NO
endif
# Convert certain deadly warnings to errors (see list at end of file)
OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 \
-we4013 -we4015 -we4033 -we4035 -we4045 -we4053 -we4054 -we4063 \
-we4064 -we4078 -we4087 -we4098 -we4390 -we4551 -we4553 -we4715
endif # NS_USE_GCC
ifdef USE_64
@ -306,3 +310,28 @@ ifndef TARGETS
TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
endif
# list of MSVC warnings converted to errors above:
# 4002: too many actual parameters for macro 'identifier'
# 4003: not enough actual parameters for macro 'identifier'
# 4004: incorrect construction after 'defined'
# 4006: #undef expected an identifier
# 4009: string too big; trailing characters truncated
# 4015: 'identifier' : type of bit field must be integral
# 4033: 'function' must return a value
# 4035: 'function' : no return value
# 4045: 'identifier' : array bounds overflow
# 4053: one void operand for '?:'
# 4054: 'conversion' : from function pointer 'type1' to data pointer 'type2'
# 4059: pascal string too big, length byte is length % 256
# 4063: case 'identifier' is not a valid value for switch of enum 'identifier'
# 4064: switch of incomplete enum 'identifier'
# 4078: case constant 'value' too big for the type of the switch expression
# 4087: 'function' : declared with 'void' parameter list
# 4098: 'function' : void function returning a value
# 4390: ';' : empty controlled statement found; is this the intent?
# 4541: RTTI train wreck
# 4715: not all control paths return a value
# 4013: function undefined; assuming extern returning int
# 4553: '==' : operator has no effect; did you intend '='?
# 4551: function call missing argument list

1
security/coreconf/coreconf.dep
View File

@ -42,3 +42,4 @@
*/
#error "Do not include this header file."

5
security/nss/cmd/bltest/blapitest.c
View File

@ -3267,6 +3267,11 @@ int main(int argc, char **argv)
SECU_PrintPRandOSError(progName);
return -1;
}
rv = BL_Init();
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
return -1;
}
RNG_SystemInfoForRNG();
rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);

8
security/nss/cmd/crlutil/crlgen_lex.c
View File

@ -1,7 +1,7 @@
/* A lexical scanner generated by flex */
/* Scanner skeleton version:
* $Header: /cvsroot/mozilla/security/nss/cmd/crlutil/crlgen_lex.c,v 1.1 2005/04/12 02:24:14 alexei.volkov.bugs%sun.com Exp $
* $Header: /cvsroot/mozilla/security/nss/cmd/crlutil/crlgen_lex.c,v 1.2 2009/02/04 23:23:40 alexei.volkov.bugs%sun.com Exp $
*/
#define FLEX_SCANNER
@ -9,11 +9,12 @@
#define YY_FLEX_MINOR_VERSION 5
#include <stdio.h>
#ifndef _WIN32
#ifdef _WIN32
#include <io.h>
#else
#include <unistd.h>
#endif
/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
#ifdef c_plusplus
#ifndef __cplusplus
@ -21,7 +22,6 @@
#endif
#endif
#ifdef __cplusplus
#include <stdlib.h>

4
security/nss/cmd/crlutil/crlgen_lex_fix.sed
View File

@ -1,4 +1,6 @@
/<unistd.h>/ {
i #ifndef _WIN32
i #ifdef _WIN32
i #include <io.h>
i #else
a #endif
}

13
security/nss/cmd/crlutil/crlutil.c
View File

@ -360,15 +360,14 @@ CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle,
PRFileDesc *inFile, PRInt32 decodeOptions,
PRInt32 importOptions)
{
SECItem crlDER;
SECItem crlDER = {0, NULL, 0};
CERTSignedCrl *signCrl = NULL;
CERTSignedCrl *modCrl = NULL;
PRArenaPool *modArena = NULL;
SECStatus rv = SECSuccess;
PORT_Assert(arena != NULL && certHandle != NULL &&
certNickName != NULL);
if (!arena || !certHandle || !certNickName) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n");
return NULL;
}
@ -444,7 +443,9 @@ CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle,
signCrl->arena = arena;
loser:
SECITEM_FreeItem(&crlDER, PR_FALSE);
if (crlDER.data) {
SECITEM_FreeItem(&crlDER, PR_FALSE);
}
if (modCrl)
SEC_DestroyCrl(modCrl);
if (rv != SECSuccess && signCrl) {
@ -466,8 +467,8 @@ CreateNewCrl(PRArenaPool *arena, CERTCertDBHandle *certHandle,
/* if the CERTSignedCrl structure changes, this function will need to be
updated as well */
PORT_Assert(cert != NULL);
if (!cert || !arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
SECU_PrintError(progName, "invalid args for function "
"CreateNewCrl\n");
return NULL;
@ -531,8 +532,8 @@ UpdateCrl(CERTSignedCrl *signCrl, PRFileDesc *inCrlInitFile)
CRLGENGeneratorData *crlGenData = NULL;
SECStatus rv;
PORT_Assert(signCrl != NULL && inCrlInitFile != NULL);
if (!signCrl || !inCrlInitFile) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
SECU_PrintError(progName, "invalid args for function "
"CreateNewCrl\n");
return SECFailure;

12
security/nss/cmd/pk11mode/pk11mode.c
View File

@ -741,6 +741,18 @@ int main(int argc, char **argv)
goto cleanup;
}
if (doForkTests)
{
/* In this next test, we fork and try to re-initialize softoken in
* the child. This should now work because softoken has the ability
* to hard reset.
*/
/* try to fork with softoken both loaded and initialized */
crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
if (crv != CKR_OK)
goto cleanup;
}
crv = PKM_ShowInfo(pFunctionList, slotID);
if (crv == CKR_OK) {
PKM_LogIt("PKM_ShowInfo succeeded\n");

12
security/nss/cmd/vfychain/vfychain.c
View File

@ -114,7 +114,7 @@ Usage(const char *progName)
"\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
"\t-s method flags\t Sets revocation flags for the method it follows.\n"
"\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
"\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failInNoInfo\".\n",
"\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failIfNoInfo\".\n",
progName);
exit(1);
}
@ -258,7 +258,7 @@ getCert(const char *name, PRBool isAscii, const char * progName)
#define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failInNoInfo"
#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failIfNoInfo"
#define REV_METHOD_INDEX_MAX 4
@ -680,10 +680,6 @@ breakout:
cvin[inParamIndex].value.scalar.b = certFetching;
inParamIndex++;
cvin[inParamIndex].type = cert_pi_date;
cvin[inParamIndex].value.scalar.time = time;
inParamIndex++;
rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
secStatus = configureRevocationParams(&rev);
@ -696,6 +692,10 @@ breakout:
cvin[inParamIndex].value.pointer.revocation = &rev;
inParamIndex++;
cvin[inParamIndex].type = cert_pi_date;
cvin[inParamIndex].value.scalar.time = time;
inParamIndex++;
cvin[inParamIndex].type = cert_pi_end;
cvout[0].type = cert_po_trustAnchor;

51
security/nss/lib/certdb/alg1485.c
View File

@ -54,7 +54,7 @@ typedef struct NameToKindStr {
/* local type for directory string--could be printable_string or utf8 */
#define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER
/* Add new entries to this table, and maybe to function CERT_ParseRFC1485AVA */
/* Add new entries to this table, and maybe to function ParseRFC1485AVA */
static const NameToKind name2kinds[] = {
/* IANA registered type names
* (See: http://www.iana.org/assignments/ldap-parameters)
@ -361,10 +361,15 @@ loser:
return SECFailure;
}
CERTAVA *
CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
PRBool singleAVA)
/* Parses one AVA, starting at *pbp. Stops at endptr.
* Advances *pbp past parsed AVA and trailing separator (if present).
* On any error, returns NULL and *pbp is undefined.
* On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was
* the last character parsed. *pbp is either equal to endptr or
* points to first character after separator.
*/
static CERTAVA *
ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr)
{
CERTAVA *a;
const NameToKind *n2k;
@ -374,6 +379,7 @@ CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
SECOidTag kind = SEC_OID_UNKNOWN;
SECStatus rv = SECFailure;
SECItem derOid = { 0, NULL, 0 };
char sep = 0;
char tagBuf[32];
char valBuf[384];
@ -384,17 +390,15 @@ CERT_ParseRFC1485AVA(PRArenaPool *arena, char **pbp, char *endptr,
goto loser;
}
/* insist that if we haven't finished we've stopped on a separator */
bp = *pbp;
if (bp < endptr) {
if (singleAVA || (*bp != ',' && *bp != ';')) {
*pbp = bp;
goto loser;
}
/* ok, skip over separator */
bp++;
sep = *bp++; /* skip over separator */
}
*pbp = bp;
/* if we haven't finished, insist that we've stopped on a separator */
if (sep && sep != ',' && sep != ';' && sep != '+') {
goto loser;
}
/* is this a dotted decimal OID attribute type ? */
if (!PL_strncasecmp("oid.", tagBuf, 4)) {
@ -459,7 +463,7 @@ ParseRFC1485Name(char *buf, int len)
CERTName *name;
char *bp, *e;
CERTAVA *ava;
CERTRDN *rdn;
CERTRDN *rdn = NULL;
name = CERT_CreateName(NULL);
if (name == NULL) {
@ -469,12 +473,21 @@ ParseRFC1485Name(char *buf, int len)
e = buf + len;
bp = buf;
while (bp < e) {
ava = CERT_ParseRFC1485AVA(name->arena, &bp, e, PR_FALSE);
if (ava == 0) goto loser;
rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);
if (rdn == 0) goto loser;
rv = CERT_AddRDN(name, rdn);
if (rv) goto loser;
ava = ParseRFC1485AVA(name->arena, &bp, e);
if (ava == 0)
goto loser;
if (!rdn) {
rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);
if (rdn == 0)
goto loser;
rv = CERT_AddRDN(name, rdn);
} else {
rv = CERT_AddAVA(name->arena, rdn, ava);
}
if (rv)
goto loser;
if (bp[-1] != '+')
rdn = NULL; /* done with this RDN */
skipSpace(&bp, e);
}

8
security/nss/lib/certdb/certdb.c
View File

@ -38,7 +38,7 @@
/*
* Certificate handling code
*
* $Id: certdb.c,v 1.95 2008/12/02 23:24:48 nelson%bolyard.com Exp $
* $Id: certdb.c,v 1.96 2009/02/09 07:51:30 nelson%bolyard.com Exp $
*/
#include "nssilock.h"
@ -938,15 +938,15 @@ CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
goto loser;
}
/* determine if this is a root cert */
cert->isRoot = cert_IsRootCert(cert);
/* initialize the certType */
rv = cert_GetCertType(cert);
if ( rv != SECSuccess ) {
goto loser;
}
/* determine if this is a root cert */
cert->isRoot = cert_IsRootCert(cert);
tmpname = CERT_NameToAscii(&cert->subject);
if ( tmpname != NULL ) {
cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);

10
security/nss/lib/certdb/crl.c
View File

@ -37,7 +37,7 @@
/*
* Moved from secpkcs7.c
*
* $Id: crl.c,v 1.60 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
* $Id: crl.c,v 1.62 2009/02/05 20:31:26 nelson%bolyard.com Exp $
*/
#include "cert.h"
@ -732,6 +732,10 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
crl = newCrl;
crl->slot = PK11_ReferenceSlot(slot);
crl->pkcs11ID = oldCrl->pkcs11ID;
if (oldCrl->url && !url)
url = oldCrl->url;
if (url)
crl->url = PORT_ArenaStrdup(crl->arena, url);
goto done;
}
if (!SEC_CrlIsNewer(&newCrl->crl,&oldCrl->crl)) {
@ -754,7 +758,7 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
}
/* if we have a url in the database, use that one */
if (oldCrl->url) {
if (oldCrl->url && !url) {
url = oldCrl->url;
}
@ -1644,7 +1648,7 @@ static SECStatus DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate,
rv = CachedCrl_Destroy(returned);
returned = NULL;
}
else
else if (vfdate)
{
rv = CachedCrl_Verify(cache, returned, vfdate, wincx);
}

9
security/nss/lib/certhigh/certvfypkix.c
View File

@ -566,7 +566,7 @@ cert_CreatePkixProcessingParams(
PKIX_PROCESSINGPARAMSSETDATEFAILED);
PKIX_CHECK(
PKIX_RevocationChecker_Create(date,
PKIX_RevocationChecker_Create(
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
@ -1650,13 +1650,8 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
chainIMFlags =
flags->chainTests.cert_rev_method_independent_flags;
error = PKIX_ProcessingParams_GetDate(procParams, &date, plContext);
if (error != NULL) {
errCode = SEC_ERROR_INVALID_TIME;
}
error =
PKIX_RevocationChecker_Create(date, leafIMFlags, chainIMFlags,
PKIX_RevocationChecker_Create(leafIMFlags, chainIMFlags,
&revChecker, plContext);
if (error) {
break;

22
security/nss/lib/ckfw/crypto.c
View File

@ -36,7 +36,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: crypto.c,v $ $Revision: 1.3 $ $Date: 2006/04/22 05:30:18 $";
static const char CVS_ID[] = "@(#) $RCSfile: crypto.c,v $ $Revision: 1.4 $ $Date: 2009/02/09 07:55:51 $";
#endif /* DEBUG */
/*
@ -101,7 +101,7 @@ nssCKFWCryptoOperation_Create(
{
NSSCKFWCryptoOperation *fwOperation;
fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWCryptoOperation *)NULL;
}
@ -126,7 +126,7 @@ nssCKFWCryptoOperation_Destroy
)
{
if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) {
if ((void *) NULL != (void *)fwOperation->mdOperation->Destroy) {
if (fwOperation->mdOperation->Destroy) {
fwOperation->mdOperation->Destroy(
fwOperation->mdOperation,
fwOperation,
@ -171,7 +171,7 @@ nssCKFWCryptoOperation_GetFinalLength
CK_RV *pError
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->GetFinalLength) {
if (!fwOperation->mdOperation->GetFinalLength) {
*pError = CKR_FUNCTION_FAILED;
return 0;
}
@ -198,7 +198,7 @@ nssCKFWCryptoOperation_GetOperationLength
CK_RV *pError
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->GetOperationLength) {
if (!fwOperation->mdOperation->GetOperationLength) {
*pError = CKR_FUNCTION_FAILED;
return 0;
}
@ -225,7 +225,7 @@ nssCKFWCryptoOperation_Final
NSSItem *outputBuffer
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->Final) {
if (!fwOperation->mdOperation->Final) {
return CKR_FUNCTION_FAILED;
}
return fwOperation->mdOperation->Final(
@ -251,7 +251,7 @@ nssCKFWCryptoOperation_Update
NSSItem *outputBuffer
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->Update) {
if (!fwOperation->mdOperation->Update) {
return CKR_FUNCTION_FAILED;
}
return fwOperation->mdOperation->Update(
@ -277,7 +277,7 @@ nssCKFWCryptoOperation_DigestUpdate
NSSItem *inputBuffer
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->DigestUpdate) {
if (!fwOperation->mdOperation->DigestUpdate) {
return CKR_FUNCTION_FAILED;
}
return fwOperation->mdOperation->DigestUpdate(
@ -304,7 +304,7 @@ nssCKFWCryptoOperation_DigestKey
{
NSSCKMDObject *mdObject;
if ((void *) NULL == (void *)fwOperation->mdOperation->DigestKey) {
if (!fwOperation->mdOperation->DigestKey) {
return CKR_FUNCTION_FAILED;
}
mdObject = nssCKFWObject_GetMDObject(fwObject);
@ -330,7 +330,7 @@ nssCKFWCryptoOperation_UpdateFinal
NSSItem *outputBuffer
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->UpdateFinal) {
if (!fwOperation->mdOperation->UpdateFinal) {
return CKR_FUNCTION_FAILED;
}
return fwOperation->mdOperation->UpdateFinal(
@ -358,7 +358,7 @@ nssCKFWCryptoOperation_UpdateCombo
NSSItem *outputBuffer
)
{
if ((void *) NULL == (void *)fwOperation->mdOperation->UpdateCombo) {
if (!fwOperation->mdOperation->UpdateCombo) {
return CKR_FUNCTION_FAILED;
}
return fwOperation->mdOperation->UpdateCombo(

32
security/nss/lib/ckfw/find.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: find.c,v $ $Revision: 1.8 $ $Date: 2006/04/20 00:03:33 $";
static const char CVS_ID[] = "@(#) $RCSfile: find.c,v $ $Revision: 1.9 $ $Date: 2009/02/09 07:55:52 $";
#endif /* DEBUG */
/*
@ -147,7 +147,7 @@ nssCKFWFindObjects_Create
mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects);
if( (NSSCKFWFindObjects *)NULL == fwFindObjects ) {
if (!fwFindObjects) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
@ -162,7 +162,7 @@ nssCKFWFindObjects_Create
fwFindObjects->mdInstance = mdInstance;
fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError);
if( (NSSCKFWMutex *)NULL == fwFindObjects->mutex ) {
if (!fwFindObjects->mutex) {
goto loser;
}
@ -222,8 +222,8 @@ nssCKFWFindObjects_Destroy
(void)nssCKFWMutex_Destroy(fwFindObjects->mutex);
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo1 ) {
if( (void *)NULL != (void *)fwFindObjects->mdfo1->Final ) {
if (fwFindObjects->mdfo1) {
if (fwFindObjects->mdfo1->Final) {
fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
fwFindObjects->mdSession, fwFindObjects->fwSession,
@ -232,8 +232,8 @@ nssCKFWFindObjects_Destroy
}
}
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo2 ) {
if( (void *)NULL != (void *)fwFindObjects->mdfo2->Final ) {
if (fwFindObjects->mdfo2) {
if (fwFindObjects->mdfo2->Final) {
fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
fwFindObjects->mdSession, fwFindObjects->fwSession,
@ -287,7 +287,7 @@ nssCKFWFindObjects_Next
NSSArena *objArena;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWObject *)NULL;
}
@ -302,15 +302,15 @@ nssCKFWFindObjects_Next
return (NSSCKFWObject *)NULL;
}
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo1 ) {
if( (void *)NULL != (void *)fwFindObjects->mdfo1->Next ) {
if (fwFindObjects->mdfo1) {
if (fwFindObjects->mdfo1->Next) {
fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1,
fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
fwFindObjects->mdToken, fwFindObjects->fwToken,
fwFindObjects->mdInstance, fwFindObjects->fwInstance,
arenaOpt, pError);
if( (NSSCKMDObject *)NULL == mdObject ) {
if (!mdObject) {
if( CKR_OK != *pError ) {
goto done;
}
@ -327,15 +327,15 @@ nssCKFWFindObjects_Next
}
}
if( (NSSCKMDFindObjects *)NULL != fwFindObjects->mdfo2 ) {
if( (void *)NULL != (void *)fwFindObjects->mdfo2->Next ) {
if (fwFindObjects->mdfo2) {
if (fwFindObjects->mdfo2->Next) {
fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2,
fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
fwFindObjects->mdToken, fwFindObjects->fwToken,
fwFindObjects->mdInstance, fwFindObjects->fwInstance,
arenaOpt, pError);
if( (NSSCKMDObject *)NULL == mdObject ) {
if (!mdObject) {
if( CKR_OK != *pError ) {
goto done;
}
@ -373,7 +373,7 @@ nssCKFWFindObjects_Next
* but it depends on nssCKFWObject_Create caching all objects.
*/
objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError);
if( (NSSArena *)NULL == objArena ) {
if (!objArena) {
if( CKR_OK == *pError ) {
*pError = CKR_HOST_MEMORY;
}
@ -383,7 +383,7 @@ nssCKFWFindObjects_Next
fwObject = nssCKFWObject_Create(objArena, mdObject,
NULL, fwFindObjects->fwToken,
fwFindObjects->fwInstance, pError);
if( (NSSCKFWObject *)NULL == fwObject ) {
if (!fwObject) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}

14
security/nss/lib/ckfw/hash.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: hash.c,v $ $Revision: 1.3 $ $Date: 2005/01/20 02:25:45 $";
static const char CVS_ID[] = "@(#) $RCSfile: hash.c,v $ $Revision: 1.4 $ $Date: 2009/02/09 07:55:52 $";
#endif /* DEBUG */
/*
@ -104,7 +104,7 @@ nssCKFWHash_Create
nssCKFWHash *rv;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (nssCKFWHash *)NULL;
}
@ -115,13 +115,13 @@ nssCKFWHash_Create
#endif /* NSSDEBUG */
rv = nss_ZNEW(arena, nssCKFWHash);
if( (nssCKFWHash *)NULL == rv ) {
if (!rv) {
*pError = CKR_HOST_MEMORY;
return (nssCKFWHash *)NULL;
}
rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
if( (NSSCKFWMutex *)NULL == rv->mutex ) {
if (!rv->mutex) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -130,7 +130,7 @@ nssCKFWHash_Create
rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
if( (PLHashTable *)NULL == rv->plHashTable ) {
if (!rv->plHashTable) {
(void)nssCKFWMutex_Destroy(rv->mutex);
(void)nss_ZFreeIf(rv);
*pError = CKR_HOST_MEMORY;
@ -178,7 +178,7 @@ nssCKFWHash_Add
}
he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
if( (PLHashEntry *)NULL == he ) {
if (!he) {
error = CKR_HOST_MEMORY;
} else {
hash->count++;
@ -259,7 +259,7 @@ nssCKFWHash_Exists
(void)nssCKFWMutex_Unlock(hash->mutex);
if( (void *)NULL == value ) {
if (!value) {
return CK_FALSE;
} else {
return CK_TRUE;

72
security/nss/lib/ckfw/instance.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: instance.c,v $ $Revision: 1.11 $ $Date: 2006/10/09 22:16:59 $";
static const char CVS_ID[] = "@(#) $RCSfile: instance.c,v $ $Revision: 1.12 $ $Date: 2009/02/09 07:55:52 $";
#endif /* DEBUG */
/*
@ -208,20 +208,20 @@ nssCKFWInstance_Create
return (NSSCKFWInstance *)NULL;
}
if( (NSSCKMDInstance *)NULL == mdInstance ) {
if (!mdInstance) {
*pError = CKR_ARGUMENTS_BAD;
return (NSSCKFWInstance *)NULL;
}
#endif /* NSSDEBUG */
arena = NSSArena_Create();
if( (NSSArena *)NULL == arena ) {
if (!arena) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWInstance *)NULL;
}
fwInstance = nss_ZNEW(arena, NSSCKFWInstance);
if( (NSSCKFWInstance *)NULL == fwInstance ) {
if (!fwInstance) {
goto nomem;
}
@ -244,14 +244,14 @@ nssCKFWInstance_Create
fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena,
pError);
if( (NSSCKFWMutex *)NULL == fwInstance->mutex ) {
if (!fwInstance->mutex) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
goto loser;
}
if( (void *)NULL != (void *)mdInstance->Initialize ) {
if (mdInstance->Initialize) {
*pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData);
if( CKR_OK != *pError ) {
goto loser;
@ -260,14 +260,14 @@ nssCKFWInstance_Create
called_Initialize = CK_TRUE;
}
if( (void *)NULL != (void *)mdInstance->ModuleHandlesSessionObjects ) {
if (mdInstance->ModuleHandlesSessionObjects) {
fwInstance->moduleHandlesSessionObjects =
mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
} else {
fwInstance->moduleHandlesSessionObjects = CK_FALSE;
}
if( (void *)NULL == (void *)mdInstance->GetNSlots ) {
if (!mdInstance->GetNSlots) {
/* That routine is required */
*pError = CKR_GENERAL_ERROR;
goto loser;
@ -294,17 +294,17 @@ nssCKFWInstance_Create
fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance,
fwInstance->arena, pError);
if( (nssCKFWHash *)NULL == fwInstance->sessionHandleHash ) {
if (!fwInstance->sessionHandleHash) {
goto loser;
}
fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance,
fwInstance->arena, pError);
if( (nssCKFWHash *)NULL == fwInstance->objectHandleHash ) {
if (!fwInstance->objectHandleHash) {
goto loser;
}
if( (void *)NULL == (void *)mdInstance->GetSlots ) {
if (!mdInstance->GetSlots) {
/* That routine is required */
*pError = CKR_GENERAL_ERROR;
goto loser;
@ -318,7 +318,7 @@ nssCKFWInstance_Create
for( i = 0; i < fwInstance->nSlots; i++ ) {
NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i];
if( (NSSCKMDSlot *)NULL == mdSlot ) {
if (!mdSlot) {
*pError = CKR_GENERAL_ERROR;
goto loser;
}
@ -333,7 +333,7 @@ nssCKFWInstance_Create
for( j = i; j < fwInstance->nSlots; j++ ) {
NSSCKMDSlot *mds = fwInstance->mdSlotList[j];
if( (void *)NULL != (void *)mds->Destroy ) {
if (mds->Destroy) {
mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance);
}
}
@ -362,7 +362,7 @@ nssCKFWInstance_Create
loser:
if( CK_TRUE == called_Initialize ) {
if( (void *)NULL != (void *)mdInstance->Finalize ) {
if (mdInstance->Finalize) {
mdInstance->Finalize(mdInstance, fwInstance);
}
}
@ -401,7 +401,7 @@ nssCKFWInstance_Destroy
(void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
}
if( (void *)NULL != (void *)fwInstance->mdInstance->Finalize ) {
if (fwInstance->mdInstance->Finalize) {
fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance);
}
@ -452,7 +452,7 @@ nssCKFWInstance_GetArena
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}
@ -500,7 +500,7 @@ nssCKFWInstance_CreateMutex
NSSCKFWMutex *mutex;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWMutex *)NULL;
}
@ -512,7 +512,7 @@ nssCKFWInstance_CreateMutex
mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState,
arena, pError);
if( (NSSCKFWMutex *)NULL == mutex ) {
if (!mutex) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -576,7 +576,7 @@ nssCKFWInstance_CreateSessionHandle
CK_SESSION_HANDLE hSession;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_SESSION_HANDLE)0;
}
@ -720,7 +720,7 @@ nssCKFWInstance_CreateObjectHandle
CK_OBJECT_HANDLE hObject;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_OBJECT_HANDLE)0;
}
@ -905,7 +905,7 @@ nssCKFWInstance_GetNSlots
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -949,7 +949,7 @@ nssCKFWInstance_GetCryptokiVersion
goto done;
}
if( (void *)NULL != (void *)fwInstance->mdInstance->GetCryptokiVersion ) {
if (fwInstance->mdInstance->GetCryptokiVersion) {
fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
fwInstance->mdInstance, fwInstance);
} else {
@ -993,11 +993,11 @@ nssCKFWInstance_GetManufacturerID
return error;
}
if( (NSSUTF8 *)NULL == fwInstance->manufacturerID ) {
if( (void *)NULL != (void *)fwInstance->mdInstance->GetManufacturerID ) {
if (!fwInstance->manufacturerID) {
if (fwInstance->mdInstance->GetManufacturerID) {
fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID(
fwInstance->mdInstance, fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwInstance->manufacturerID) && (CKR_OK != error) ) {
if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
goto done;
}
} else {
@ -1062,11 +1062,11 @@ nssCKFWInstance_GetLibraryDescription
return error;
}
if( (NSSUTF8 *)NULL == fwInstance->libraryDescription ) {
if( (void *)NULL != (void *)fwInstance->mdInstance->GetLibraryDescription ) {
if (!fwInstance->libraryDescription) {
if (fwInstance->mdInstance->GetLibraryDescription) {
fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription(
fwInstance->mdInstance, fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwInstance->libraryDescription) && (CKR_OK != error) ) {
if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
goto done;
}
} else {
@ -1112,7 +1112,7 @@ nssCKFWInstance_GetLibraryVersion
goto done;
}
if( (void *)NULL != (void *)fwInstance->mdInstance->GetLibraryVersion ) {
if (fwInstance->mdInstance->GetLibraryVersion) {
fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
fwInstance->mdInstance, fwInstance);
} else {
@ -1157,7 +1157,7 @@ nssCKFWInstance_GetSlots
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWSlot **)NULL;
}
@ -1187,7 +1187,7 @@ nssCKFWInstance_WaitForSlotEvent
CK_ULONG i, n;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWSlot *)NULL;
}
@ -1206,7 +1206,7 @@ nssCKFWInstance_WaitForSlotEvent
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwInstance->mdInstance->WaitForSlotEvent ) {
if (!fwInstance->mdInstance->WaitForSlotEvent) {
*pError = CKR_NO_EVENT;
return (NSSCKFWSlot *)NULL;
}
@ -1218,7 +1218,7 @@ nssCKFWInstance_WaitForSlotEvent
pError
);
if( (NSSCKMDSlot *)NULL == mdSlot ) {
if (!mdSlot) {
return (NSSCKFWSlot *)NULL;
}
@ -1234,7 +1234,7 @@ nssCKFWInstance_WaitForSlotEvent
}
}
if( (NSSCKFWSlot *)NULL == fwSlot ) {
if (!fwSlot) {
/* Internal error */
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWSlot *)NULL;
@ -1274,7 +1274,7 @@ NSSCKFWInstance_GetArena
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}
@ -1319,7 +1319,7 @@ NSSCKFWInstance_CreateMutex
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWMutex *)NULL;
}

120
security/nss/lib/ckfw/mechanism.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mechanism.c,v $ $Revision: 1.5 $ $Date: 2007/12/12 00:50:58 $";
static const char CVS_ID[] = "@(#) $RCSfile: mechanism.c,v $ $Revision: 1.6 $ $Date: 2009/02/09 07:55:52 $";
#endif /* DEBUG */
/*
@ -118,7 +118,7 @@ nssCKFWMechanism_Create
fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
if ((NSSCKFWMechanism *)NULL == fwMechanism) {
if (!fwMechanism) {
return (NSSCKFWMechanism *)NULL;
}
fwMechanism->mdMechanism = mdMechanism;
@ -141,7 +141,7 @@ nssCKFWMechanism_Destroy
{
/* destroy any fw resources held by nssCKFWMechanism (currently none) */
if ((void *)NULL == (void *)fwMechanism->mdMechanism->Destroy) {
if (!fwMechanism->mdMechanism->Destroy) {
/* destroys it's parent as well */
fwMechanism->mdMechanism->Destroy(
fwMechanism->mdMechanism,
@ -178,7 +178,7 @@ nssCKFWMechanism_GetMinKeySize
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GetMinKeySize) {
if (!fwMechanism->mdMechanism->GetMinKeySize) {
return 0;
}
@ -198,7 +198,7 @@ nssCKFWMechanism_GetMaxKeySize
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GetMaxKeySize) {
if (!fwMechanism->mdMechanism->GetMaxKeySize) {
return 0;
}
@ -218,7 +218,7 @@ nssCKFWMechanism_GetInHardware
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GetInHardware) {
if (!fwMechanism->mdMechanism->GetInHardware) {
return CK_FALSE;
}
@ -243,7 +243,7 @@ nssCKFWMechanism_GetCanEncrypt
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->EncryptInit) {
if (!fwMechanism->mdMechanism->EncryptInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -260,7 +260,7 @@ nssCKFWMechanism_GetCanDecrypt
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DecryptInit) {
if (!fwMechanism->mdMechanism->DecryptInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -277,7 +277,7 @@ nssCKFWMechanism_GetCanDigest
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DigestInit) {
if (!fwMechanism->mdMechanism->DigestInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -294,7 +294,7 @@ nssCKFWMechanism_GetCanSign
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignInit) {
if (!fwMechanism->mdMechanism->SignInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -311,7 +311,7 @@ nssCKFWMechanism_GetCanSignRecover
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignRecoverInit) {
if (!fwMechanism->mdMechanism->SignRecoverInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -328,7 +328,7 @@ nssCKFWMechanism_GetCanVerify
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyInit) {
if (!fwMechanism->mdMechanism->VerifyInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -345,7 +345,7 @@ nssCKFWMechanism_GetCanVerifyRecover
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyRecoverInit) {
if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
return CK_FALSE;
}
return CK_TRUE;
@ -362,7 +362,7 @@ nssCKFWMechanism_GetCanGenerate
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKey) {
if (!fwMechanism->mdMechanism->GenerateKey) {
return CK_FALSE;
}
return CK_TRUE;
@ -379,7 +379,7 @@ nssCKFWMechanism_GetCanGenerateKeyPair
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKeyPair) {
if (!fwMechanism->mdMechanism->GenerateKeyPair) {
return CK_FALSE;
}
return CK_TRUE;
@ -396,7 +396,7 @@ nssCKFWMechanism_GetCanUnwrap
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->UnwrapKey) {
if (!fwMechanism->mdMechanism->UnwrapKey) {
return CK_FALSE;
}
return CK_TRUE;
@ -413,7 +413,7 @@ nssCKFWMechanism_GetCanWrap
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->WrapKey) {
if (!fwMechanism->mdMechanism->WrapKey) {
return CK_FALSE;
}
return CK_TRUE;
@ -430,7 +430,7 @@ nssCKFWMechanism_GetCanDerive
CK_RV *pError
)
{
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DeriveKey) {
if (!fwMechanism->mdMechanism->DeriveKey) {
return CK_FALSE;
}
return CK_TRUE;
@ -462,11 +462,11 @@ nssCKFWMechanism_EncryptInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_EncryptDecrypt);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->EncryptInit) {
if (!fwMechanism->mdMechanism->EncryptInit) {
return CKR_FUNCTION_FAILED;
}
@ -486,7 +486,7 @@ nssCKFWMechanism_EncryptInit
fwObject,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -494,7 +494,7 @@ nssCKFWMechanism_EncryptInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_Encrypt, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_EncryptDecrypt);
}
@ -525,11 +525,11 @@ nssCKFWMechanism_DecryptInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_EncryptDecrypt);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DecryptInit) {
if (!fwMechanism->mdMechanism->DecryptInit) {
return CKR_FUNCTION_FAILED;
}
@ -549,7 +549,7 @@ nssCKFWMechanism_DecryptInit
fwObject,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -557,7 +557,7 @@ nssCKFWMechanism_DecryptInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_Decrypt, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_EncryptDecrypt);
}
@ -586,11 +586,11 @@ nssCKFWMechanism_DigestInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_Digest);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DigestInit) {
if (!fwMechanism->mdMechanism->DigestInit) {
return CKR_FUNCTION_FAILED;
}
@ -607,7 +607,7 @@ nssCKFWMechanism_DigestInit
fwMechanism->fwInstance,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -615,7 +615,7 @@ nssCKFWMechanism_DigestInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_Digest, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_Digest);
}
@ -646,11 +646,11 @@ nssCKFWMechanism_SignInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_SignVerify);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignInit) {
if (!fwMechanism->mdMechanism->SignInit) {
return CKR_FUNCTION_FAILED;
}
@ -670,7 +670,7 @@ nssCKFWMechanism_SignInit
fwObject,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -678,7 +678,7 @@ nssCKFWMechanism_SignInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_Sign, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_SignVerify);
}
@ -709,11 +709,11 @@ nssCKFWMechanism_VerifyInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_SignVerify);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyInit) {
if (!fwMechanism->mdMechanism->VerifyInit) {
return CKR_FUNCTION_FAILED;
}
@ -733,7 +733,7 @@ nssCKFWMechanism_VerifyInit
fwObject,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -741,7 +741,7 @@ nssCKFWMechanism_VerifyInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_Verify, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_SignVerify);
}
@ -772,11 +772,11 @@ nssCKFWMechanism_SignRecoverInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_SignVerify);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->SignRecoverInit) {
if (!fwMechanism->mdMechanism->SignRecoverInit) {
return CKR_FUNCTION_FAILED;
}
@ -796,7 +796,7 @@ nssCKFWMechanism_SignRecoverInit
fwObject,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -804,7 +804,7 @@ nssCKFWMechanism_SignRecoverInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_SignRecover, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_SignVerify);
}
@ -835,11 +835,11 @@ nssCKFWMechanism_VerifyRecoverInit
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_SignVerify);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
return CKR_OPERATION_ACTIVE;
}
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->VerifyRecoverInit) {
if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
return CKR_FUNCTION_FAILED;
}
@ -859,7 +859,7 @@ nssCKFWMechanism_VerifyRecoverInit
fwObject,
&error
);
if ((NSSCKMDCryptoOperation *)NULL == mdOperation) {
if (!mdOperation) {
goto loser;
}
@ -867,7 +867,7 @@ nssCKFWMechanism_VerifyRecoverInit
mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
fwMechanism->mdInstance, fwMechanism->fwInstance,
NSSCKFWCryptoOperationType_VerifyRecover, &error);
if ((NSSCKFWCryptoOperation *)NULL != fwOperation) {
if (fwOperation) {
nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
NSSCKFWCryptoOperationState_SignVerify);
}
@ -895,13 +895,13 @@ nssCKFWMechanism_GenerateKey
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKey) {
if (!fwMechanism->mdMechanism->GenerateKey) {
*pError = CKR_FUNCTION_FAILED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if ((NSSArena *)NULL == arena) {
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
@ -923,7 +923,7 @@ nssCKFWMechanism_GenerateKey
ulAttributeCount,
pError);
if ((NSSCKMDObject *)NULL == mdObject) {
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}
@ -956,12 +956,12 @@ nssCKFWMechanism_GenerateKeyPair
NSSArena *arena;
CK_RV error = CKR_OK;
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->GenerateKey) {
if (!fwMechanism->mdMechanism->GenerateKey) {
return CKR_FUNCTION_FAILED;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
if ((NSSArena *)NULL == arena) {
if (!arena) {
if (CKR_OK == error) {
error = CKR_GENERAL_ERROR;
}
@ -992,7 +992,7 @@ nssCKFWMechanism_GenerateKeyPair
*fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
if ((NSSCKFWObject *)NULL == *fwPublicKeyObject) {
if (!*fwPublicKeyObject) {
return error;
}
*fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
@ -1019,7 +1019,7 @@ nssCKFWMechanism_GetWrapKeyLength
NSSCKMDObject *mdWrappingKeyObject;
NSSCKMDObject *mdKeyObject;
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->WrapKey) {
if (!fwMechanism->mdMechanism->WrapKey) {
*pError = CKR_FUNCTION_FAILED;
return (CK_ULONG) 0;
}
@ -1062,7 +1062,7 @@ nssCKFWMechanism_WrapKey
NSSCKMDObject *mdWrappingKeyObject;
NSSCKMDObject *mdKeyObject;
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->WrapKey) {
if (!fwMechanism->mdMechanism->WrapKey) {
return CKR_FUNCTION_FAILED;
}
@ -1108,7 +1108,7 @@ nssCKFWMechanism_UnwrapKey
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->UnwrapKey) {
if (!fwMechanism->mdMechanism->UnwrapKey) {
/* we could simulate UnwrapKey using Decrypt and Create object, but
* 1) it's not clear that would work well, and 2) the low level token
* may want to restrict unwrap key for a reason, so just fail it it
@ -1118,7 +1118,7 @@ nssCKFWMechanism_UnwrapKey
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if ((NSSArena *)NULL == arena) {
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
@ -1144,7 +1144,7 @@ nssCKFWMechanism_UnwrapKey
ulAttributeCount,
pError);
if ((NSSCKMDObject *)NULL == mdObject) {
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}
@ -1175,13 +1175,13 @@ nssCKFWMechanism_DeriveKey
NSSCKFWObject *fwObject = NULL;
NSSArena *arena;
if ( (void *)NULL == (void *)fwMechanism->mdMechanism->DeriveKey) {
if (!fwMechanism->mdMechanism->DeriveKey) {
*pError = CKR_FUNCTION_FAILED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
if ((NSSArena *)NULL == arena) {
if (!arena) {
if (CKR_OK == *pError) {
*pError = CKR_GENERAL_ERROR;
}
@ -1206,7 +1206,7 @@ nssCKFWMechanism_DeriveKey
ulAttributeCount,
pError);
if ((NSSCKMDObject *)NULL == mdObject) {
if (!mdObject) {
return (NSSCKFWObject *)NULL;
}

4
security/nss/lib/ckfw/mutex.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: mutex.c,v $ $Revision: 1.8 $ $Date: 2008/06/06 01:15:32 $";
static const char CVS_ID[] = "@(#) $RCSfile: mutex.c,v $ $Revision: 1.9 $ $Date: 2009/02/09 07:55:52 $";
#endif /* DEBUG */
/*
@ -127,7 +127,7 @@ nssCKFWMutex_Create
NSSCKFWMutex *mutex;
mutex = nss_ZNEW(arena, NSSCKFWMutex);
if( (NSSCKFWMutex *)NULL == mutex ) {
if (!mutex) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWMutex *)NULL;
}

72
security/nss/lib/ckfw/object.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: object.c,v $ $Revision: 1.15 $ $Date: 2007/12/12 00:41:37 $";
static const char CVS_ID[] = "@(#) $RCSfile: object.c,v $ $Revision: 1.16 $ $Date: 2009/02/09 07:55:53 $";
#endif /* DEBUG */
/*
@ -159,7 +159,7 @@ nssCKFWObject_Create
nssCKFWHash *mdObjectHash;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWObject *)NULL;
}
@ -169,12 +169,12 @@ nssCKFWObject_Create
}
#endif /* NSSDEBUG */
if( (NSSCKFWToken *)NULL == fwToken ) {
if (!fwToken) {
*pError = CKR_ARGUMENTS_BAD;
return (NSSCKFWObject *)NULL;
}
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
if( (nssCKFWHash *)NULL == mdObjectHash ) {
if (!mdObjectHash) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWObject *)NULL;
}
@ -185,7 +185,7 @@ nssCKFWObject_Create
}
fwObject = nss_ZNEW(arena, NSSCKFWObject);
if( (NSSCKFWObject *)NULL == fwObject ) {
if (!fwObject) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWObject *)NULL;
}
@ -194,7 +194,7 @@ nssCKFWObject_Create
fwObject->mdObject = mdObject;
fwObject->fwSession = fwSession;
if( (NSSCKFWSession *)NULL != fwSession ) {
if (fwSession) {
fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
}
@ -203,7 +203,7 @@ nssCKFWObject_Create
fwObject->fwInstance = fwInstance;
fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
if( (NSSCKFWMutex *)NULL == fwObject->mutex ) {
if (!fwObject->mutex) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -250,7 +250,7 @@ nssCKFWObject_Finalize
(void)nssCKFWMutex_Destroy(fwObject->mutex);
if( (void *)NULL != (void *)fwObject->mdObject->Finalize ) {
if (fwObject->mdObject->Finalize) {
fwObject->mdObject->Finalize(fwObject->mdObject, fwObject,
fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
@ -258,7 +258,7 @@ nssCKFWObject_Finalize
if (removeFromHash) {
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
if( (nssCKFWHash *)NULL != mdObjectHash ) {
if (mdObjectHash) {
nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
}
}
@ -295,14 +295,14 @@ nssCKFWObject_Destroy
(void)nssCKFWMutex_Destroy(fwObject->mutex);
if( (void *)NULL != (void *)fwObject->mdObject->Destroy ) {
if (fwObject->mdObject->Destroy) {
fwObject->mdObject->Destroy(fwObject->mdObject, fwObject,
fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
}
mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
if( (nssCKFWHash *)NULL != mdObjectHash ) {
if (mdObjectHash) {
nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
}
@ -349,7 +349,7 @@ nssCKFWObject_GetArena
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}
@ -430,7 +430,7 @@ nssCKFWObject_IsTokenObject
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwObject->mdObject->IsTokenObject ) {
if (!fwObject->mdObject->IsTokenObject) {
NSSItem item;
NSSItem *pItem;
CK_RV rv = CKR_OK;
@ -440,7 +440,7 @@ nssCKFWObject_IsTokenObject
pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item,
(NSSArena *)NULL, &rv);
if( (NSSItem *)NULL == pItem ) {
if (!pItem) {
/* Error of some type */
b = CK_FALSE;
goto done;
@ -471,7 +471,7 @@ nssCKFWObject_GetAttributeCount
CK_ULONG rv;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -481,7 +481,7 @@ nssCKFWObject_GetAttributeCount
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeCount ) {
if (!fwObject->mdObject->GetAttributeCount) {
*pError = CKR_GENERAL_ERROR;
return (CK_ULONG)0;
}
@ -525,7 +525,7 @@ nssCKFWObject_GetAttributeTypes
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeTypes ) {
if (!fwObject->mdObject->GetAttributeTypes) {
return CKR_GENERAL_ERROR;
}
@ -558,7 +558,7 @@ nssCKFWObject_GetAttributeSize
CK_ULONG rv;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -568,7 +568,7 @@ nssCKFWObject_GetAttributeSize
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwObject->mdObject->GetAttributeSize ) {
if (!fwObject->mdObject->GetAttributeSize) {
*pError = CKR_GENERAL_ERROR;
return (CK_ULONG )0;
}
@ -611,7 +611,7 @@ nssCKFWObject_GetAttribute
NSSCKFWItem mdItem;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSItem *)NULL;
}
@ -621,7 +621,7 @@ nssCKFWObject_GetAttribute
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwObject->mdObject->GetAttribute ) {
if (!fwObject->mdObject->GetAttribute) {
*pError = CKR_GENERAL_ERROR;
return (NSSItem *)NULL;
}
@ -636,7 +636,7 @@ nssCKFWObject_GetAttribute
fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
attribute, pError);
if( (NSSItem *)NULL == mdItem.item ) {
if (!mdItem.item) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -644,9 +644,9 @@ nssCKFWObject_GetAttribute
goto done;
}
if( (NSSItem *)NULL == itemOpt ) {
if (!itemOpt) {
rv = nss_ZNEW(arenaOpt, NSSItem);
if( (NSSItem *)NULL == rv ) {
if (!rv) {
*pError = CKR_HOST_MEMORY;
goto done;
}
@ -654,12 +654,12 @@ nssCKFWObject_GetAttribute
rv = itemOpt;
}
if( (void *)NULL == rv->data ) {
if (!rv->data) {
rv->size = mdItem.item->size;
rv->data = nss_ZAlloc(arenaOpt, rv->size);
if( (void *)NULL == rv->data ) {
if (!rv->data) {
*pError = CKR_HOST_MEMORY;
if( (NSSItem *)NULL == itemOpt ) {
if (!itemOpt) {
nss_ZFreeIf(rv);
}
rv = (NSSItem *)NULL;
@ -729,7 +729,7 @@ nssCKFWObject_SetAttribute
newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject,
&a, 1, &error);
if( (NSSCKFWObject *)NULL == newFwObject ) {
if (!newFwObject) {
if( CKR_OK == error ) {
error = CKR_GENERAL_ERROR;
}
@ -799,7 +799,7 @@ nssCKFWObject_SetAttribute
/*
* An "ordinary" change.
*/
if( (void *)NULL == (void *)fwObject->mdObject->SetAttribute ) {
if (!fwObject->mdObject->SetAttribute) {
/* We could fake it with copying, like above.. later */
return CKR_ATTRIBUTE_READ_ONLY;
}
@ -834,7 +834,7 @@ nssCKFWObject_GetObjectSize
CK_ULONG rv;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -844,7 +844,7 @@ nssCKFWObject_GetObjectSize
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwObject->mdObject->GetObjectSize ) {
if (!fwObject->mdObject->GetObjectSize) {
*pError = CKR_INFORMATION_SENSITIVE;
return (CK_ULONG)0;
}
@ -894,7 +894,7 @@ NSSCKFWObject_GetArena
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}
@ -938,7 +938,7 @@ NSSCKFWObject_GetAttributeCount
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -992,7 +992,7 @@ NSSCKFWObject_GetAttributeSize
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -1020,7 +1020,7 @@ NSSCKFWObject_GetAttribute
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSItem *)NULL;
}
@ -1045,7 +1045,7 @@ NSSCKFWObject_GetObjectSize
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}

194
security/nss/lib/ckfw/session.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: session.c,v $ $Revision: 1.12 $ $Date: 2007/10/06 01:41:28 $";
static const char CVS_ID[] = "@(#) $RCSfile: session.c,v $ $Revision: 1.13 $ $Date: 2009/02/09 07:55:53 $";
#endif /* DEBUG */
/*
@ -179,7 +179,7 @@ nssCKFWSession_Create
NSSCKFWSlot *fwSlot;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWSession *)NULL;
}
@ -190,13 +190,13 @@ nssCKFWSession_Create
#endif /* NSSDEBUG */
arena = NSSArena_Create();
if( (NSSArena *)NULL == arena ) {
if (!arena) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWSession *)NULL;
}
fwSession = nss_ZNEW(arena, NSSCKFWSession);
if( (NSSCKFWSession *)NULL == fwSession ) {
if (!fwSession) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
@ -217,7 +217,7 @@ nssCKFWSession_Create
fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
if( (nssCKFWHash *)NULL == fwSession->sessionObjectHash ) {
if (!fwSession->sessionObjectHash) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -234,8 +234,8 @@ nssCKFWSession_Create
return fwSession;
loser:
if( (NSSArena *)NULL != arena ) {
if( fwSession && (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
if (arena) {
if (fwSession && fwSession->sessionObjectHash) {
(void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
}
NSSArena_Destroy(arena);
@ -294,7 +294,7 @@ nssCKFWSession_Destroy
(void *)NULL);
for (i=0; i < NSSCKFWCryptoOperationState_Max; i++) {
if ((NSSCKFWCryptoOperation *)NULL != fwSession->fwOperationArray[i]) {
if (fwSession->fwOperationArray[i]) {
nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
}
}
@ -339,7 +339,7 @@ nssCKFWSession_GetArena
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}
@ -500,8 +500,8 @@ nssCKFWSession_SetFWFindObjects
/* fwFindObjects may be null */
#endif /* NSSDEBUG */
if( ((NSSCKFWFindObjects *)NULL != fwSession->fwFindObjects) &&
((NSSCKFWFindObjects *)NULL != fwFindObjects) ) {
if ((fwSession->fwFindObjects) &&
(fwFindObjects)) {
return CKR_OPERATION_ACTIVE;
}
@ -522,7 +522,7 @@ nssCKFWSession_GetFWFindObjects
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWFindObjects *)NULL;
}
@ -532,7 +532,7 @@ nssCKFWSession_GetFWFindObjects
}
#endif /* NSSDEBUG */
if( (NSSCKFWFindObjects *)NULL == fwSession->fwFindObjects ) {
if (!fwSession->fwFindObjects) {
*pError = CKR_OPERATION_NOT_INITIALIZED;
return (NSSCKFWFindObjects *)NULL;
}
@ -561,12 +561,12 @@ nssCKFWSession_SetMDSession
return error;
}
if( (NSSCKMDSession *)NULL == mdSession ) {
if (!mdSession) {
return CKR_ARGUMENTS_BAD;
}
#endif /* NSSDEBUG */
if( (NSSCKMDSession *)NULL != fwSession->mdSession ) {
if (fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
@ -644,7 +644,7 @@ nssCKFWSession_RegisterSessionObject
}
#endif /* NSSDEBUG */
if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
if (fwSession->sessionObjectHash) {
rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
}
@ -668,7 +668,7 @@ nssCKFWSession_DeregisterSessionObject
}
#endif /* NSSDEBUG */
if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) {
if (fwSession->sessionObjectHash) {
nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
}
@ -690,12 +690,12 @@ nssCKFWSession_GetDeviceError
return (CK_ULONG)0;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return (CK_ULONG)0;
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSession->mdSession->GetDeviceError ) {
if (!fwSession->mdSession->GetDeviceError) {
return (CK_ULONG)0;
}
@ -734,13 +734,13 @@ nssCKFWSession_Login
return CKR_USER_TYPE_INVALID;
}
if( (NSSItem *)NULL == pin ) {
if (!pin) {
if( CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken) ) {
return CKR_ARGUMENTS_BAD;
}
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
@ -802,7 +802,7 @@ nssCKFWSession_Login
* Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
*/
if( (void *)NULL == (void *)fwSession->mdSession->Login ) {
if (!fwSession->mdSession->Login) {
/*
* The Module doesn't want to be informed (or check the pin)
* it'll just rely on the Framework as needed.
@ -841,7 +841,7 @@ nssCKFWSession_Logout
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
@ -874,7 +874,7 @@ nssCKFWSession_Logout
* Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
*/
if( (void *)NULL == (void *)fwSession->mdSession->Logout ) {
if (!fwSession->mdSession->Logout) {
/*
* The Module doesn't want to be informed. Okay.
*/
@ -916,7 +916,7 @@ nssCKFWSession_InitPIN
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
@ -926,14 +926,14 @@ nssCKFWSession_InitPIN
return CKR_USER_NOT_LOGGED_IN;
}
if( (NSSItem *)NULL == pin ) {
if (!pin) {
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
if( CK_TRUE != has ) {
return CKR_ARGUMENTS_BAD;
}
}
if( (void *)NULL == (void *)fwSession->mdSession->InitPIN ) {
if (!fwSession->mdSession->InitPIN) {
return CKR_TOKEN_WRITE_PROTECTED;
}
@ -964,26 +964,26 @@ nssCKFWSession_SetPIN
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
if( (NSSItem *)NULL == newPin ) {
if (!newPin) {
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
if( CK_TRUE != has ) {
return CKR_ARGUMENTS_BAD;
}
}
if( (NSSItem *)NULL == oldPin ) {
if (!oldPin) {
CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
if( CK_TRUE != has ) {
return CKR_ARGUMENTS_BAD;
}
}
if( (void *)NULL == (void *)fwSession->mdSession->SetPIN ) {
if (!fwSession->mdSession->SetPIN) {
return CKR_TOKEN_WRITE_PROTECTED;
}
@ -1009,7 +1009,7 @@ nssCKFWSession_GetOperationStateLen
CK_ULONG fwAmt;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (CK_ULONG)0;
}
@ -1018,13 +1018,13 @@ nssCKFWSession_GetOperationStateLen
return (CK_ULONG)0;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
*pError = CKR_GENERAL_ERROR;
return (CK_ULONG)0;
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSession->mdSession->GetOperationStateLen ) {
if (!fwSession->mdSession->GetOperationStateLen) {
*pError = CKR_STATE_UNSAVEABLE;
return (CK_ULONG)0;
}
@ -1072,20 +1072,20 @@ nssCKFWSession_GetOperationState
return error;
}
if( (NSSItem *)NULL == buffer ) {
if (!buffer) {
return CKR_ARGUMENTS_BAD;
}
if( (void *)NULL == buffer->data ) {
if (!buffer->data) {
return CKR_ARGUMENTS_BAD;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSession->mdSession->GetOperationState ) {
if (!fwSession->mdSession->GetOperationState) {
return CKR_STATE_UNSAVEABLE;
}
@ -1159,29 +1159,29 @@ nssCKFWSession_SetOperationState
return error;
}
if( (NSSItem *)NULL == state ) {
if (!state) {
return CKR_ARGUMENTS_BAD;
}
if( (void *)NULL == state->data ) {
if (!state->data) {
return CKR_ARGUMENTS_BAD;
}
if( (NSSCKFWObject *)NULL != encryptionKey ) {
if (encryptionKey) {
error = nssCKFWObject_verifyPointer(encryptionKey);
if( CKR_OK != error ) {
return error;
}
}
if( (NSSCKFWObject *)NULL != authenticationKey ) {
if (authenticationKey) {
error = nssCKFWObject_verifyPointer(authenticationKey);
if( CKR_OK != error ) {
return error;
}
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
@ -1200,20 +1200,20 @@ nssCKFWSession_SetOperationState
return CKR_SAVED_STATE_INVALID;
}
if( (void *)NULL == (void *)fwSession->mdSession->SetOperationState ) {
if (!fwSession->mdSession->SetOperationState) {
return CKR_GENERAL_ERROR;
}
s.size = state->size - 2*sizeof(CK_ULONG);
s.data = (void *)&ulBuffer[2];
if( (NSSCKFWObject *)NULL != encryptionKey ) {
if (encryptionKey) {
mdek = nssCKFWObject_GetMDObject(encryptionKey);
} else {
mdek = (NSSCKMDObject *)NULL;
}
if( (NSSCKFWObject *)NULL != authenticationKey ) {
if (authenticationKey) {
mdak = nssCKFWObject_GetMDObject(authenticationKey);
} else {
mdak = (NSSCKMDObject *)NULL;
@ -1278,7 +1278,7 @@ nssCKFWSession_CreateObject
CK_BBOOL isTokenObject;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWObject *)NULL;
}
@ -1292,7 +1292,7 @@ nssCKFWSession_CreateObject
return (NSSCKFWObject *)NULL;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWObject *)NULL;
}
@ -1306,13 +1306,13 @@ nssCKFWSession_CreateObject
if( CK_TRUE == isTokenObject ) {
/* === TOKEN OBJECT === */
if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) {
if (!fwSession->mdSession->CreateObject) {
*pError = CKR_TOKEN_WRITE_PROTECTED;
return (NSSCKFWObject *)NULL;
}
arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
if( (NSSArena *)NULL == arena ) {
if (!arena) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1324,7 +1324,7 @@ nssCKFWSession_CreateObject
/* === SESSION OBJECT === */
arena = nssCKFWSession_GetArena(fwSession, pError);
if( (NSSArena *)NULL == arena ) {
if (!arena) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1335,7 +1335,7 @@ nssCKFWSession_CreateObject
fwSession->fwInstance) ) {
/* --- module handles the session object -- */
if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) {
if (!fwSession->mdSession->CreateObject) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWObject *)NULL;
}
@ -1356,7 +1356,7 @@ nssCKFWSession_CreateObject
ulAttributeCount, pError);
gotmdobject:
if( (NSSCKMDObject *)NULL == mdObject ) {
if (!mdObject) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1366,12 +1366,12 @@ nssCKFWSession_CreateObject
fwObject = nssCKFWObject_Create(arena, mdObject,
isTokenObject ? NULL : fwSession,
fwSession->fwToken, fwSession->fwInstance, pError);
if( (NSSCKFWObject *)NULL == fwObject ) {
if (!fwObject) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
if( (void *)NULL != (void *)mdObject->Destroy ) {
if (mdObject->Destroy) {
(void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
fwSession->mdSession, fwSession, fwSession->mdToken,
fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
@ -1413,7 +1413,7 @@ nssCKFWSession_CopyObject
NSSCKFWObject *rv;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWObject *)NULL;
}
@ -1427,7 +1427,7 @@ nssCKFWSession_CopyObject
return (NSSCKFWObject *)NULL;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWObject *)NULL;
}
@ -1437,7 +1437,7 @@ nssCKFWSession_CopyObject
* Sanity-check object
*/
if( (NSSCKFWObject *)NULL == fwObject ) {
if (!fwObject) {
*pError = CKR_ARGUMENTS_BAD;
return (NSSCKFWObject *)NULL;
}
@ -1458,7 +1458,7 @@ nssCKFWSession_CopyObject
* and old object are token objects, use CopyObject if it exists.
*/
if( ((void *)NULL != (void *)fwSession->mdSession->CopyObject) &&
if ((fwSession->mdSession->CopyObject) &&
(((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
(CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
fwSession->fwInstance))) ) {
@ -1474,7 +1474,7 @@ nssCKFWSession_CopyObject
} else {
arena = nssCKFWSession_GetArena(fwSession, pError);
}
if( (NSSArena *)NULL == arena ) {
if (!arena) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1485,7 +1485,7 @@ nssCKFWSession_CopyObject
fwSession, fwSession->mdToken, fwSession->fwToken,
fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
fwObject, arena, pTemplate, ulAttributeCount, pError);
if( (NSSCKMDObject *)NULL == mdObject ) {
if (!mdObject) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1516,7 +1516,7 @@ nssCKFWSession_CopyObject
NSSCKFWObject *rv;
tmpArena = NSSArena_Create();
if( (NSSArena *)NULL == tmpArena ) {
if (!tmpArena) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWObject *)NULL;
}
@ -1587,7 +1587,7 @@ nssCKFWSession_CopyObject
item.data = (void *)NULL;
it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
&item, tmpArena, pError);
if( (NSSItem *)NULL == it ) {
if (!it) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1603,7 +1603,7 @@ nssCKFWSession_CopyObject
/* assert that k == newLength */
rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
if( (NSSCKFWObject *)NULL == rv ) {
if (!rv) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1633,7 +1633,7 @@ nssCKFWSession_FindObjectsInit
NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWFindObjects *)NULL;
}
@ -1647,7 +1647,7 @@ nssCKFWSession_FindObjectsInit
return (NSSCKFWFindObjects *)NULL;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWFindObjects *)NULL;
}
@ -1674,7 +1674,7 @@ nssCKFWSession_FindObjectsInit
if( CK_TRUE == isToken ) {
/* Pass it on to the module's search routine */
if( (void *)NULL == (void *)fwSession->mdSession->FindObjectsInit ) {
if (!fwSession->mdSession->FindObjectsInit) {
goto wrap;
}
@ -1688,7 +1688,7 @@ nssCKFWSession_FindObjectsInit
pTemplate, ulAttributeCount, pError);
}
if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
if (!mdfo1) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1706,7 +1706,7 @@ nssCKFWSession_FindObjectsInit
fwSession->mdInstance, fwSession->fwInstance,
pTemplate, ulAttributeCount, pError);
if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
if (!mdfo1) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1715,11 +1715,11 @@ nssCKFWSession_FindObjectsInit
mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
pTemplate, ulAttributeCount, pError);
if( (NSSCKMDFindObjects *)NULL == mdfo2 ) {
if (!mdfo2) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
if( (void *)NULL != (void *)mdfo1->Final ) {
if (mdfo1->Final) {
mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
fwSession, fwSession->mdToken, fwSession->fwToken,
fwSession->mdInstance, fwSession->fwInstance);
@ -1737,7 +1737,7 @@ nssCKFWSession_FindObjectsInit
fwSession->mdInstance, fwSession->fwInstance,
pTemplate, ulAttributeCount, pError);
if( (NSSCKMDFindObjects *)NULL == mdfo1 ) {
if (!mdfo1) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1771,11 +1771,11 @@ nssCKFWSession_SeedRandom
return error;
}
if( (NSSItem *)NULL == seed ) {
if (!seed) {
return CKR_ARGUMENTS_BAD;
}
if( (void *)NULL == seed->data ) {
if (!seed->data) {
return CKR_ARGUMENTS_BAD;
}
@ -1783,12 +1783,12 @@ nssCKFWSession_SeedRandom
return CKR_ARGUMENTS_BAD;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSession->mdSession->SeedRandom ) {
if (!fwSession->mdSession->SeedRandom) {
return CKR_RANDOM_SEED_NOT_SUPPORTED;
}
@ -1818,20 +1818,20 @@ nssCKFWSession_GetRandom
return error;
}
if( (NSSItem *)NULL == buffer ) {
if (!buffer) {
return CKR_ARGUMENTS_BAD;
}
if( (void *)NULL == buffer->data ) {
if (!buffer->data) {
return CKR_ARGUMENTS_BAD;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSession->mdSession->GetRandom ) {
if (!fwSession->mdSession->GetRandom) {
if( CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken) ) {
return CKR_GENERAL_ERROR;
} else {
@ -1873,7 +1873,7 @@ nssCKFWSession_SetCurrentCryptoOperation
return;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return;
}
#endif /* NSSDEBUG */
@ -1902,7 +1902,7 @@ nssCKFWSession_GetCurrentCryptoOperation
return (NSSCKFWCryptoOperation *)NULL;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return (NSSCKFWCryptoOperation *)NULL;
}
#endif /* NSSDEBUG */
@ -1932,14 +1932,14 @@ nssCKFWSession_Final
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
/* make sure we have a valid operation initialized */
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2012,14 +2012,14 @@ nssCKFWSession_Update
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
/* make sure we have a valid operation initialized */
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2077,14 +2077,14 @@ nssCKFWSession_DigestUpdate
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
/* make sure we have a valid operation initialized */
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2121,7 +2121,7 @@ nssCKFWSession_DigestKey
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
@ -2129,7 +2129,7 @@ nssCKFWSession_DigestKey
/* make sure we have a valid operation initialized */
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_Digest);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2146,7 +2146,7 @@ nssCKFWSession_DigestKey
/* no machine depended way for this to happen, do it by hand */
inputBuffer=nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
if ((NSSItem *)NULL == inputBuffer) {
if (!inputBuffer) {
/* couldn't get the value, just fail then */
return error;
}
@ -2182,14 +2182,14 @@ nssCKFWSession_UpdateFinal
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
/* make sure we have a valid operation initialized */
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2289,7 +2289,7 @@ nssCKFWSession_UpdateCombo
return error;
}
if( (NSSCKMDSession *)NULL == fwSession->mdSession ) {
if (!fwSession->mdSession) {
return CKR_GENERAL_ERROR;
}
#endif /* NSSDEBUG */
@ -2297,7 +2297,7 @@ nssCKFWSession_UpdateCombo
/* make sure we have a valid operation initialized */
fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
NSSCKFWCryptoOperationState_EncryptDecrypt);
if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
if (!fwOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2308,7 +2308,7 @@ nssCKFWSession_UpdateCombo
/* make sure we have a valid operation initialized */
fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
digestState);
if ((NSSCKFWCryptoOperation *)NULL == fwPeerOperation) {
if (!fwPeerOperation) {
return CKR_OPERATION_NOT_INITIALIZED;
}
@ -2397,7 +2397,7 @@ NSSCKFWSession_GetArena
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}

40
security/nss/lib/ckfw/sessobj.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: sessobj.c,v $ $Revision: 1.13 $ $Date: 2007/01/05 00:23:14 $";
static const char CVS_ID[] = "@(#) $RCSfile: sessobj.c,v $ $Revision: 1.14 $ $Date: 2009/02/09 07:55:53 $";
#endif /* DEBUG */
/*
@ -271,14 +271,14 @@ nssCKMDSessionObject_Create
*pError = CKR_OK;
mdso = nss_ZNEW(arena, nssCKMDSessionObject);
if( (nssCKMDSessionObject *)NULL == mdso ) {
if (!mdso) {
goto loser;
}
mdso->arena = arena;
mdso->n = ulCount;
mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount);
if( (NSSItem *)NULL == mdso->attributes ) {
if (!mdso->attributes) {
goto loser;
}
@ -290,7 +290,7 @@ nssCKMDSessionObject_Create
mdso->types[i] = attributes[i].type;
mdso->attributes[i].size = attributes[i].ulValueLen;
mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen);
if( (void *)NULL == mdso->attributes[i].data ) {
if (!mdso->attributes[i].data) {
goto loser;
}
(void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue,
@ -298,7 +298,7 @@ nssCKMDSessionObject_Create
}
mdObject = nss_ZNEW(arena, NSSCKMDObject);
if( (NSSCKMDObject *)NULL == mdObject ) {
if (!mdObject) {
goto loser;
}
@ -314,7 +314,7 @@ nssCKMDSessionObject_Create
mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize;
hash = nssCKFWToken_GetSessionObjectHash(fwToken);
if( (nssCKFWHash *)NULL == hash ) {
if (!hash) {
*pError = CKR_GENERAL_ERROR;
goto loser;
}
@ -335,8 +335,8 @@ nssCKMDSessionObject_Create
return mdObject;
loser:
if( (nssCKMDSessionObject *)NULL != mdso ) {
if( (NSSItem *)NULL != mdso->attributes ) {
if (mdso) {
if (mdso->attributes) {
for( i = 0; i < ulCount; i++ ) {
nss_ZFreeIf(mdso->attributes[i].data);
}
@ -475,7 +475,7 @@ nss_ckmdSessionObject_GetAttributeCount
nssCKMDSessionObject *obj;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return 0;
}
@ -560,7 +560,7 @@ nss_ckmdSessionObject_GetAttributeSize
CK_ULONG i;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return 0;
}
@ -610,7 +610,7 @@ nss_ckmdSessionObject_GetAttribute
item.needsFreeing = PR_FALSE;
item.item = NULL;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return item;
}
@ -684,7 +684,7 @@ nss_ckmdSessionObject_SetAttribute
n.size = value->size;
n.data = nss_ZAlloc(obj->arena, n.size);
if( (void *)NULL == n.data ) {
if (!n.data) {
return CKR_HOST_MEMORY;
}
(void)nsslibc_memcpy(n.data, value->data, n.size);
@ -702,7 +702,7 @@ nss_ckmdSessionObject_SetAttribute
*/
ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1));
if( (NSSItem *)NULL == ra ) {
if (!ra) {
nss_ZFreeIf(n.data);
return CKR_HOST_MEMORY;
}
@ -711,7 +711,7 @@ nss_ckmdSessionObject_SetAttribute
if( (CK_ATTRIBUTE_TYPE_PTR)NULL == rt ) {
nss_ZFreeIf(n.data);
obj->attributes = (NSSItem *)nss_ZRealloc(ra, sizeof(NSSItem) * obj->n);
if( (NSSItem *)NULL == obj->attributes ) {
if (!obj->attributes) {
return CKR_GENERAL_ERROR;
}
return CKR_HOST_MEMORY;
@ -749,7 +749,7 @@ nss_ckmdSessionObject_GetObjectSize
CK_ULONG rv = (CK_ULONG)0;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return 0;
}
@ -967,7 +967,7 @@ nssCKMDFindSessionObjects_Create
NSSCKMDFindObjects *rv;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKMDFindObjects *)NULL;
}
@ -985,19 +985,19 @@ nssCKMDFindSessionObjects_Create
*pError = CKR_OK;
hash = nssCKFWToken_GetSessionObjectHash(fwToken);
if( (nssCKFWHash *)NULL == hash ) {
if (!hash) {
*pError= CKR_GENERAL_ERROR;
return (NSSCKMDFindObjects *)NULL;
}
arena = NSSArena_Create();
if( (NSSArena *)NULL == arena ) {
if (!arena) {
*pError = CKR_HOST_MEMORY;
return (NSSCKMDFindObjects *)NULL;
}
mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects);
if( (nssCKMDFindSessionObjects *)NULL == mdfso ) {
if (!mdfso) {
goto loser;
}
@ -1097,7 +1097,7 @@ nss_ckmdFindSessionObjects_Next
mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
while( (NSSCKMDObject *)NULL == rv ) {
while (!rv) {
if( (struct nodeStr *)NULL == mdfso->list ) {
*pError = CKR_OK;
return (NSSCKMDObject *)NULL;

48
security/nss/lib/ckfw/slot.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.6 $ $Date: 2005/01/20 02:25:45 $";
static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.7 $ $Date: 2009/02/09 07:55:53 $";
#endif /* DEBUG */
/*
@ -172,7 +172,7 @@ nssCKFWSlot_Create
NSSArena *arena;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWSlot *)NULL;
}
@ -183,20 +183,20 @@ nssCKFWSlot_Create
#endif /* NSSDEBUG */
mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
if( (NSSCKMDInstance *)NULL == mdInstance ) {
if (!mdInstance) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWSlot *)NULL;
}
arena = nssCKFWInstance_GetArena(fwInstance, pError);
if( (NSSArena *)NULL == arena ) {
if (!arena) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
}
fwSlot = nss_ZNEW(arena, NSSCKFWSlot);
if( (NSSCKFWSlot *)NULL == fwSlot ) {
if (!fwSlot) {
*pError = CKR_HOST_MEMORY;
return (NSSCKFWSlot *)NULL;
}
@ -207,7 +207,7 @@ nssCKFWSlot_Create
fwSlot->slotID = slotID;
fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
if( (NSSCKFWMutex *)NULL == fwSlot->mutex ) {
if (!fwSlot->mutex) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -215,7 +215,7 @@ nssCKFWSlot_Create
return (NSSCKFWSlot *)NULL;
}
if( (void *)NULL != (void *)mdSlot->Initialize ) {
if (mdSlot->Initialize) {
*pError = CKR_OK;
*pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance);
if( CKR_OK != *pError ) {
@ -228,7 +228,7 @@ nssCKFWSlot_Create
#ifdef DEBUG
*pError = slot_add_pointer(fwSlot);
if( CKR_OK != *pError ) {
if( (void *)NULL != (void *)mdSlot->Destroy ) {
if (mdSlot->Destroy) {
mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance);
}
@ -265,7 +265,7 @@ nssCKFWSlot_Destroy
(void)nssCKFWMutex_Destroy(fwSlot->mutex);
if( (void *)NULL != (void *)fwSlot->mdSlot->Destroy ) {
if (fwSlot->mdSlot->Destroy) {
fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
fwSlot->mdInstance, fwSlot->fwInstance);
}
@ -384,12 +384,12 @@ nssCKFWSlot_GetSlotDescription
return error;
}
if( (NSSUTF8 *)NULL == fwSlot->slotDescription ) {
if( (void *)NULL != (void *)fwSlot->mdSlot->GetSlotDescription ) {
if (!fwSlot->slotDescription) {
if (fwSlot->mdSlot->GetSlotDescription) {
fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription(
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
fwSlot->fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwSlot->slotDescription) && (CKR_OK != error) ) {
if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
goto done;
}
} else {
@ -434,12 +434,12 @@ nssCKFWSlot_GetManufacturerID
return error;
}
if( (NSSUTF8 *)NULL == fwSlot->manufacturerID ) {
if( (void *)NULL != (void *)fwSlot->mdSlot->GetManufacturerID ) {
if (!fwSlot->manufacturerID) {
if (fwSlot->mdSlot->GetManufacturerID) {
fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID(
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
fwSlot->fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwSlot->manufacturerID) && (CKR_OK != error) ) {
if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
goto done;
}
} else {
@ -471,7 +471,7 @@ nssCKFWSlot_GetTokenPresent
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSlot->mdSlot->GetTokenPresent ) {
if (!fwSlot->mdSlot->GetTokenPresent) {
return CK_TRUE;
}
@ -495,7 +495,7 @@ nssCKFWSlot_GetRemovableDevice
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSlot->mdSlot->GetRemovableDevice ) {
if (!fwSlot->mdSlot->GetRemovableDevice) {
return CK_FALSE;
}
@ -519,7 +519,7 @@ nssCKFWSlot_GetHardwareSlot
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwSlot->mdSlot->GetHardwareSlot ) {
if (!fwSlot->mdSlot->GetHardwareSlot) {
return CK_FALSE;
}
@ -557,7 +557,7 @@ nssCKFWSlot_GetHardwareVersion
goto done;
}
if( (void *)NULL != (void *)fwSlot->mdSlot->GetHardwareVersion ) {
if (fwSlot->mdSlot->GetHardwareVersion) {
fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
} else {
@ -601,7 +601,7 @@ nssCKFWSlot_GetFirmwareVersion
goto done;
}
if( (void *)NULL != (void *)fwSlot->mdSlot->GetFirmwareVersion ) {
if (fwSlot->mdSlot->GetFirmwareVersion) {
fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
} else {
@ -630,7 +630,7 @@ nssCKFWSlot_GetToken
NSSCKFWToken *fwToken;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWToken *)NULL;
}
@ -645,8 +645,8 @@ nssCKFWSlot_GetToken
return (NSSCKFWToken *)NULL;
}
if( (NSSCKFWToken *)NULL == fwSlot->fwToken ) {
if( (void *)NULL == (void *)fwSlot->mdSlot->GetToken ) {
if (!fwSlot->fwToken) {
if (!fwSlot->mdSlot->GetToken) {
*pError = CKR_GENERAL_ERROR;
fwToken = (NSSCKFWToken *)NULL;
goto done;
@ -654,7 +654,7 @@ nssCKFWSlot_GetToken
mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot,
fwSlot->mdInstance, fwSlot->fwInstance, pError);
if( (NSSCKMDToken *)NULL == mdToken ) {
if (!mdToken) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}

120
security/nss/lib/ckfw/token.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.12 $ $Date: 2007/10/06 01:41:28 $";
static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.13 $ $Date: 2009/02/09 07:55:53 $";
#endif /* DEBUG */
/*
@ -218,13 +218,13 @@ nssCKFWToken_Create
*/
arena = NSSArena_Create();
if( (NSSArena *)NULL == arena ) {
if (!arena) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
fwToken = nss_ZNEW(arena, NSSCKFWToken);
if( (NSSCKFWToken *)NULL == fwToken ) {
if (!fwToken) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
@ -239,7 +239,7 @@ nssCKFWToken_Create
fwToken->rwSessionCount = 0;
fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
if( (NSSCKFWMutex *)NULL == fwToken->mutex ) {
if (!fwToken->mutex) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -247,7 +247,7 @@ nssCKFWToken_Create
}
fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
if( (nssCKFWHash *)NULL == fwToken->sessions ) {
if (!fwToken->sessions) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -258,7 +258,7 @@ nssCKFWToken_Create
fwToken->fwInstance) ) {
fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
arena, pError);
if( (nssCKFWHash *)NULL == fwToken->sessionObjectHash ) {
if (!fwToken->sessionObjectHash) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -268,7 +268,7 @@ nssCKFWToken_Create
fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
arena, pError);
if( (nssCKFWHash *)NULL == fwToken->mdObjectHash ) {
if (!fwToken->mdObjectHash) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -277,7 +277,7 @@ nssCKFWToken_Create
fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance,
arena, pError);
if( (nssCKFWHash *)NULL == fwToken->mdMechanismHash ) {
if (!fwToken->mdMechanismHash) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -286,7 +286,7 @@ nssCKFWToken_Create
/* More here */
if( (void *)NULL != (void *)mdToken->Setup ) {
if (mdToken->Setup) {
*pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
if( CKR_OK != *pError ) {
goto loser;
@ -308,12 +308,12 @@ nssCKFWToken_Create
loser:
if( CK_TRUE == called_setup ) {
if( (void *)NULL != (void *)mdToken->Invalidate ) {
if (mdToken->Invalidate) {
mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
}
}
if( (NSSArena *)NULL != arena ) {
if (arena) {
(void)NSSArena_Destroy(arena);
}
@ -373,7 +373,7 @@ nssCKFWToken_Destroy
(void)nssCKFWMutex_Destroy(fwToken->mutex);
if( (void *)NULL != (void *)fwToken->mdToken->Invalidate ) {
if (fwToken->mdToken->Invalidate) {
fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
fwToken->mdInstance, fwToken->fwInstance);
}
@ -440,7 +440,7 @@ nssCKFWToken_GetArena
)
{
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}
@ -552,12 +552,12 @@ nssCKFWToken_InitToken
goto done;
}
if( (void *)NULL == (void *)fwToken->mdToken->InitToken ) {
if (!fwToken->mdToken->InitToken) {
error = CKR_DEVICE_ERROR;
goto done;
}
if( (NSSItem *)NULL == pin ) {
if (!pin) {
if( nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken) ) {
; /* okay */
} else {
@ -566,7 +566,7 @@ nssCKFWToken_InitToken
}
}
if( (NSSUTF8 *)NULL == label ) {
if (!label) {
label = (NSSUTF8 *) "";
}
@ -607,11 +607,11 @@ nssCKFWToken_GetLabel
return error;
}
if( (NSSUTF8 *)NULL == fwToken->label ) {
if( (void *)NULL != (void *)fwToken->mdToken->GetLabel ) {
if (!fwToken->label) {
if (fwToken->mdToken->GetLabel) {
fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
fwToken->mdInstance, fwToken->fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwToken->label) && (CKR_OK != error) ) {
if ((!fwToken->label) && (CKR_OK != error)) {
goto done;
}
} else {
@ -656,11 +656,11 @@ nssCKFWToken_GetManufacturerID
return error;
}
if( (NSSUTF8 *)NULL == fwToken->manufacturerID ) {
if( (void *)NULL != (void *)fwToken->mdToken->GetManufacturerID ) {
if (!fwToken->manufacturerID) {
if (fwToken->mdToken->GetManufacturerID) {
fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwToken->manufacturerID) && (CKR_OK != error) ) {
if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
goto done;
}
} else {
@ -705,11 +705,11 @@ nssCKFWToken_GetModel
return error;
}
if( (NSSUTF8 *)NULL == fwToken->model ) {
if( (void *)NULL != (void *)fwToken->mdToken->GetModel ) {
if (!fwToken->model) {
if (fwToken->mdToken->GetModel) {
fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
fwToken->mdInstance, fwToken->fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwToken->model) && (CKR_OK != error) ) {
if ((!fwToken->model) && (CKR_OK != error)) {
goto done;
}
} else {
@ -754,11 +754,11 @@ nssCKFWToken_GetSerialNumber
return error;
}
if( (NSSUTF8 *)NULL == fwToken->serialNumber ) {
if( (void *)NULL != (void *)fwToken->mdToken->GetSerialNumber ) {
if (!fwToken->serialNumber) {
if (fwToken->mdToken->GetSerialNumber) {
fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
if( ((NSSUTF8 *)NULL == fwToken->serialNumber) && (CKR_OK != error) ) {
if ((!fwToken->serialNumber) && (CKR_OK != error)) {
goto done;
}
} else {
@ -791,7 +791,7 @@ nssCKFWToken_GetHasRNG
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetHasRNG ) {
if (!fwToken->mdToken->GetHasRNG) {
return CK_FALSE;
}
@ -815,7 +815,7 @@ nssCKFWToken_GetIsWriteProtected
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetIsWriteProtected ) {
if (!fwToken->mdToken->GetIsWriteProtected) {
return CK_FALSE;
}
@ -839,7 +839,7 @@ nssCKFWToken_GetLoginRequired
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetLoginRequired ) {
if (!fwToken->mdToken->GetLoginRequired) {
return CK_FALSE;
}
@ -863,7 +863,7 @@ nssCKFWToken_GetUserPinInitialized
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetUserPinInitialized ) {
if (!fwToken->mdToken->GetUserPinInitialized) {
return CK_FALSE;
}
@ -887,7 +887,7 @@ nssCKFWToken_GetRestoreKeyNotNeeded
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetRestoreKeyNotNeeded ) {
if (!fwToken->mdToken->GetRestoreKeyNotNeeded) {
return CK_FALSE;
}
@ -911,7 +911,7 @@ nssCKFWToken_GetHasClockOnToken
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetHasClockOnToken ) {
if (!fwToken->mdToken->GetHasClockOnToken) {
return CK_FALSE;
}
@ -935,7 +935,7 @@ nssCKFWToken_GetHasProtectedAuthenticationPath
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetHasProtectedAuthenticationPath ) {
if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) {
return CK_FALSE;
}
@ -959,7 +959,7 @@ nssCKFWToken_GetSupportsDualCryptoOperations
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetSupportsDualCryptoOperations ) {
if (!fwToken->mdToken->GetSupportsDualCryptoOperations) {
return CK_FALSE;
}
@ -983,7 +983,7 @@ nssCKFWToken_GetMaxSessionCount
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetMaxSessionCount ) {
if (!fwToken->mdToken->GetMaxSessionCount) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1007,7 +1007,7 @@ nssCKFWToken_GetMaxRwSessionCount
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetMaxRwSessionCount ) {
if (!fwToken->mdToken->GetMaxRwSessionCount) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1031,7 +1031,7 @@ nssCKFWToken_GetMaxPinLen
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetMaxPinLen ) {
if (!fwToken->mdToken->GetMaxPinLen) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1055,7 +1055,7 @@ nssCKFWToken_GetMinPinLen
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetMinPinLen ) {
if (!fwToken->mdToken->GetMinPinLen) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1079,7 +1079,7 @@ nssCKFWToken_GetTotalPublicMemory
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetTotalPublicMemory ) {
if (!fwToken->mdToken->GetTotalPublicMemory) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1103,7 +1103,7 @@ nssCKFWToken_GetFreePublicMemory
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetFreePublicMemory ) {
if (!fwToken->mdToken->GetFreePublicMemory) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1127,7 +1127,7 @@ nssCKFWToken_GetTotalPrivateMemory
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetTotalPrivateMemory ) {
if (!fwToken->mdToken->GetTotalPrivateMemory) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1151,7 +1151,7 @@ nssCKFWToken_GetFreePrivateMemory
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetFreePrivateMemory ) {
if (!fwToken->mdToken->GetFreePrivateMemory) {
return CK_UNAVAILABLE_INFORMATION;
}
@ -1189,7 +1189,7 @@ nssCKFWToken_GetHardwareVersion
goto done;
}
if( (void *)NULL != (void *)fwToken->mdToken->GetHardwareVersion ) {
if (fwToken->mdToken->GetHardwareVersion) {
fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
} else {
@ -1234,7 +1234,7 @@ nssCKFWToken_GetFirmwareVersion
goto done;
}
if( (void *)NULL != (void *)fwToken->mdToken->GetFirmwareVersion ) {
if (fwToken->mdToken->GetFirmwareVersion) {
fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
} else {
@ -1279,7 +1279,7 @@ nssCKFWToken_GetUTCTime
return CKR_OK;
}
if( (void *)NULL == (void *)fwToken->mdToken->GetUTCTime ) {
if (!fwToken->mdToken->GetUTCTime) {
/* It said it had one! */
return CKR_GENERAL_ERROR;
}
@ -1355,7 +1355,7 @@ nssCKFWToken_OpenSession
NSSCKMDSession *mdSession;
#ifdef NSSDEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSCKFWSession *)NULL;
}
@ -1395,7 +1395,7 @@ nssCKFWToken_OpenSession
/* We could compare sesion counts to any limits we know of, I guess.. */
if( (void *)NULL == (void *)fwToken->mdToken->OpenSession ) {
if (!fwToken->mdToken->OpenSession) {
/*
* I'm not sure that the Module actually needs to implement
* mdSessions -- the Framework can keep track of everything
@ -1406,7 +1406,7 @@ nssCKFWToken_OpenSession
}
fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
if( (NSSCKFWSession *)NULL == fwSession ) {
if (!fwSession) {
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
}
@ -1416,7 +1416,7 @@ nssCKFWToken_OpenSession
mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
fwToken->mdInstance, fwToken->fwInstance, fwSession,
rw, pError);
if( (NSSCKMDSession *)NULL == mdSession ) {
if (!mdSession) {
(void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
if( CKR_OK == *pError ) {
*pError = CKR_GENERAL_ERROR;
@ -1426,7 +1426,7 @@ nssCKFWToken_OpenSession
*pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
if( CKR_OK != *pError ) {
if( (void *)NULL != (void *)mdSession->Close ) {
if (mdSession->Close) {
mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
fwToken->mdInstance, fwToken->fwInstance);
}
@ -1462,7 +1462,7 @@ nssCKFWToken_GetMechanismCount
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetMechanismCount ) {
if (!fwToken->mdToken->GetMechanismCount) {
return 0;
}
@ -1486,12 +1486,12 @@ nssCKFWToken_GetMechanismTypes
return CKR_ARGUMENTS_BAD;
}
if( (CK_MECHANISM_TYPE *)NULL == types ) {
if (!types) {
return CKR_ARGUMENTS_BAD;
}
#endif /* NSSDEBUG */
if( (void *)NULL == (void *)fwToken->mdToken->GetMechanismTypes ) {
if (!fwToken->mdToken->GetMechanismTypes) {
/*
* This should only be called with a sufficiently-large
* "types" array, which can only be done if GetMechanismCount
@ -1519,12 +1519,12 @@ nssCKFWToken_GetMechanism
)
{
NSSCKMDMechanism *mdMechanism;
if ((nssCKFWHash *)NULL == fwToken->mdMechanismHash) {
if (!fwToken->mdMechanismHash) {
*pError = CKR_GENERAL_ERROR;
return (NSSCKFWMechanism *)NULL;
}
if( (void *)NULL == (void *)fwToken->mdToken->GetMechanism ) {
if (!fwToken->mdToken->GetMechanism) {
/*
* If we don't implement any GetMechanism function, then we must
* not support any.
@ -1536,7 +1536,7 @@ nssCKFWToken_GetMechanism
/* lookup in hash table */
mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken,
fwToken->mdInstance, fwToken->fwInstance, which, pError);
if ((NSSCKMDMechanism *)NULL == mdMechanism) {
if (!mdMechanism) {
return (NSSCKFWMechanism *) NULL;
}
/* store in hash table */
@ -1665,7 +1665,7 @@ nssCKFWToken_CloseAllSessions
nssCKFWHash_Destroy(fwToken->sessions);
fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
if( (nssCKFWHash *)NULL == fwToken->sessions ) {
if (!fwToken->sessions) {
if( CKR_OK == error ) {
error = CKR_GENERAL_ERROR;
}
@ -1854,7 +1854,7 @@ NSSCKFWToken_GetArena
)
{
#ifdef DEBUG
if( (CK_RV *)NULL == pError ) {
if (!pError) {
return (NSSArena *)NULL;
}

390
security/nss/lib/ckfw/wrap.c
View File

File diff suppressed because it is too large Load Diff

6
security/nss/lib/dev/ckhelper.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.38 $ $Date: 2008/09/30 04:09:02 $";
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.39 $ $Date: 2009/01/22 01:29:24 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -133,8 +133,8 @@ nssCKObject_GetAttributes (
/* Allocate memory for each attribute. */
for (i=0; i<count; i++) {
CK_ULONG ulValueLen = obj_template[i].ulValueLen;
if (ulValueLen == 0) continue;
if (ulValueLen == (CK_ULONG) -1) {
if (ulValueLen == 0 || ulValueLen == (CK_ULONG) -1) {
obj_template[i].pValue = NULL;
obj_template[i].ulValueLen = 0;
continue;
}

6
security/nss/lib/freebl/blapi.h
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapi.h,v 1.28 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
/* $Id: blapi.h,v 1.29 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
#ifndef _BLAPI_H_
#define _BLAPI_H_
@ -53,6 +53,8 @@ SEC_BEGIN_PROTOS
** buffer must be at least the size of the public key modulus.
*/
extern SECStatus BL_Init(void);
/*
** Generate and return a new RSA public and private key.
** Both keys are encoded in a single RSAPrivateKey structure.
@ -1193,6 +1195,8 @@ PRBool BLAPI_VerifySelf(const char *name);
/*********************************************************************/
extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
extern void BL_SetForkState(PRBool forked);
SEC_END_PROTOS
#endif /* _BLAPI_H_ */

60
security/nss/lib/freebl/blapii.h Normal file
View File

@ -0,0 +1,60 @@
/*
* blapii.h - private data structures and prototypes for the crypto library
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Network Security Services Library.
*
* The Initial Developer of the Original Code is
* Sun Microsystems, Inc.
* Portions created by the Initial Developer are Copyright (C) 2009
* the Initial Developer. All Rights Reserved.
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef _BLAPII_H_
#define _BLAPII_H_
#include "blapit.h"
SEC_BEGIN_PROTOS
#if defined(XP_UNIX) && !defined(NO_CHECK_FORK)
extern PRBool parentForkedAfterC_Initialize;
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
#else
#define SKIP_AFTER_FORK(x) x
#endif
SEC_END_PROTOS
#endif /* _BLAPII_H_ */

5
security/nss/lib/freebl/config.mk
View File

@ -1,4 +1,3 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
@ -85,6 +84,10 @@ SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_
RES = $(OBJDIR)/$(LIBRARY_NAME).res
RESNAME = freebl.rc
ifndef WINCE
OS_LIBS += shell32.lib
endif
ifdef NS_USE_GCC
EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \

8
security/nss/lib/freebl/ldvector.c
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ldvector.c,v 1.19 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
/* $Id: ldvector.c,v 1.20 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
#ifdef FREEBL_NO_DEPEND
extern int FREEBL_InitStubs(void);
@ -249,10 +249,14 @@ static const struct FREEBLVectorStr vector =
SEED_CreateContext,
SEED_DestroyContext,
SEED_Encrypt,
SEED_Decrypt
SEED_Decrypt,
/* End of Version 3.011. */
BL_Init,
BL_SetForkState
/* End of Version 3.012. */
};
const FREEBLVector *

16
security/nss/lib/freebl/loader.c
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: loader.c,v 1.40 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
/* $Id: loader.c,v 1.41 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
#include "loader.h"
#include "prmem.h"
@ -198,6 +198,13 @@ freebl_RunLoaderOnce( void )
return status;
}
SECStatus
BL_Init(void)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_BL_Init)();
}
RSAPrivateKey *
RSA_NewKey(int keySizeInBits, SECItem * publicExponent)
@ -1641,3 +1648,10 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
input, inputLen);
}
void BL_SetForkState(PRBool forked)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return;
(vector->p_BL_SetForkState)(forked);
}

6
security/nss/lib/freebl/loader.h
View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: loader.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
/* $Id: loader.h,v 1.23 2009/02/03 05:34:40 julien.pierre.boogz%sun.com Exp $ */
#ifndef _LOADER_H_
#define _LOADER_H_ 1
@ -518,6 +518,10 @@ struct FREEBLVectorStr {
/* Version 3.011 came to here */
SECStatus (* p_BL_Init)(void);
void ( * p_BL_SetForkState)(PRBool);
/* Version 3.012 came to here */
};
typedef struct FREEBLVectorStr FREEBLVector;

5
security/nss/lib/freebl/prng_fips1861.c
View File

@ -35,7 +35,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: prng_fips1861.c,v 1.28 2008/11/18 19:48:23 rrelyea%redhat.com Exp $ */
/* $Id: prng_fips1861.c,v 1.29 2009/02/03 05:34:41 julien.pierre.boogz%sun.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -53,6 +53,7 @@
#include "sha256.h"
#include "secrng.h" /* for RNG_GetNoise() */
#include "secmpi.h"
#include "blapii.h"
/*
* The minimum amount of seed data required before the generator will
@ -188,7 +189,7 @@ freeRNGContext()
SECStatus rv;
/* destroy context lock */
PZ_DestroyLock(globalrng->lock);
SKIP_AFTER_FORK(PZ_DestroyLock(globalrng->lock));
/* zero global RNG context except for XKEY to preserve entropy */
rv = SHA256_HashBuf(inputhash, globalrng->XKEY, BSIZE);

36
security/nss/lib/freebl/rsa.c
View File

@ -37,7 +37,7 @@
/*
* RSA key generation, public key op, private key op.
*
* $Id: rsa.c,v 1.38 2008/11/18 19:48:24 rrelyea%redhat.com Exp $
* $Id: rsa.c,v 1.39 2009/02/03 05:34:41 julien.pierre.boogz%sun.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -54,6 +54,7 @@
#include "mplogic.h"
#include "secmpi.h"
#include "secitem.h"
#include "blapii.h"
/*
** Number of times to attempt to generate a prime (p or q) from a random
@ -602,10 +603,8 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
struct RSABlindingParamsStr *rsabp = NULL;
/* Init the list if neccessary (the init function is only called once!) */
if (blindingParamsList.lock == NULL) {
if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* Acquire the list lock */
PZ_Lock(blindingParamsList.lock);
@ -921,6 +920,20 @@ cleanup:
return rv;
}
static SECStatus RSA_Init(void)
{
if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
return SECSuccess;
}
SECStatus BL_Init(void)
{
return RSA_Init();
}
/* cleanup at shutdown */
void RSA_Cleanup(void)
{
@ -940,7 +953,7 @@ void RSA_Cleanup(void)
if (blindingParamsList.lock)
{
PZ_DestroyLock(blindingParamsList.lock);
SKIP_AFTER_FORK(PZ_DestroyLock(blindingParamsList.lock));
blindingParamsList.lock = NULL;
}
@ -958,3 +971,14 @@ void BL_Cleanup(void)
{
RSA_Cleanup();
}
PRBool parentForkedAfterC_Initialize;
/*
* Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms.
*/
void BL_SetForkState(PRBool forked)
{
parentForkedAfterC_Initialize = forked;
}

313
security/nss/lib/freebl/win_rand.c
View File

@ -36,8 +36,10 @@
#include "secrng.h"
#include "secerr.h"
#ifdef XP_WIN
#include <windows.h>
#include <shlobj.h> /* for CSIDL constants */
#if defined(_WIN32_WCE)
#include <stdlib.h> /* Win CE puts lots of stuff here. */
@ -49,13 +51,6 @@
#include <sys/stat.h>
#endif
#include <stdio.h>
#ifndef _WIN32
#define VTD_Device_ID 5
#define OP_OVERRIDE _asm _emit 0x66
#include <dos.h>
#endif
#include "prio.h"
#include "prerror.h"
@ -67,7 +62,6 @@ static DWORD dwNumFiles, dwReadEvery;
static BOOL
CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
{
#ifdef _WIN32
LARGE_INTEGER liCount;
if (!QueryPerformanceCounter(&liCount))
@ -76,57 +70,6 @@ CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
*lpdwHigh = liCount.u.HighPart;
*lpdwLow = liCount.u.LowPart;
return TRUE;
#else /* is WIN16 */
BOOL bRetVal;
FARPROC lpAPI;
WORD w1, w2, w3, w4;
// Get direct access to the VTD and query the current clock tick time
_asm {
xor di, di
mov es, di
mov ax, 1684h
mov bx, VTD_Device_ID
int 2fh
mov ax, es
or ax, di
jz EnumerateFailed
; VTD API is available. First store the API address (the address actually
; contains an instruction that causes a fault, the fault handler then
; makes the ring transition and calls the API in the VxD)
mov word ptr lpAPI, di
mov word ptr lpAPI+2, es
mov ax, 100h ; API function to VTD_Get_Real_Time
; call dword ptr [lpAPI]
call [lpAPI]
; Result is in EDX:EAX which we will get 16-bits at a time
mov w2, dx
OP_OVERRIDE
shr dx,10h ; really "shr edx, 16"
mov w1, dx
mov w4, ax
OP_OVERRIDE
shr ax,10h ; really "shr eax, 16"
mov w3, ax
mov bRetVal, 1 ; return TRUE
jmp EnumerateExit
EnumerateFailed:
mov bRetVal, 0 ; return FALSE
EnumerateExit:
}
*lpdwHigh = MAKELONG(w2, w1);
*lpdwLow = MAKELONG(w4, w3);
return bRetVal;
#endif /* is WIN16 */
}
size_t RNG_GetNoise(void *buf, size_t maxbuf)
@ -168,125 +111,100 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
if (maxbuf <= 0)
return n;
{
#if defined(_WIN32_WCE)
{
// get the number of milliseconds elapsed since Windows CE was started.
DWORD tickCount = GetTickCount();
nBytes = (sizeof tickCount) > maxbuf ? maxbuf : (sizeof tickCount);
memcpy(((char *)buf) + n, &tickCount, nBytes);
n += nBytes;
}
FILETIME sTime;
SYSTEMTIME st;
GetSystemTime(&st);
SystemTimeToFileTime(&st,&sTime);
#else
{
time_t sTime;
// get the time in seconds since midnight Jan 1, 1970
time(&sTime);
#endif
nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
memcpy(((char *)buf) + n, &sTime, nBytes);
n += nBytes;
}
#endif
return n;
}
#if defined(_WIN32_WCE)
static BOOL
EnumSystemFilesWithNSPR(const char * dirName,
BOOL recursive,
PRInt32 (*func)(const char *))
typedef PRInt32 (* Handler)(const char *);
#define MAX_DEPTH 2
static void
EnumSystemFilesInFolder(Handler func, PRUnichar* szSysDir, int maxDepth)
{
PRDir * pDir;
PRDirEntry * pEntry;
BOOL rv = FALSE;
pDir = PR_OpenDir(dirName);
if (!pDir)
return rv;
while ((pEntry = PR_ReadDir(pDir, PR_SKIP_BOTH|PR_SKIP_HIDDEN)) != NULL) {
PRStatus status;
PRInt32 count;
PRInt32 stop;
PRFileInfo fileInfo;
char szFileName[_MAX_PATH];
count = (PRInt32)PR_snprintf(szFileName, sizeof szFileName, "%s\\%s",
dirName, PR_DirName(pEntry));
if (count < 1)
continue;
status = PR_GetFileInfo(szFileName, &fileInfo);
if (status != PR_SUCCESS)
continue;
if (fileInfo.type == PR_FILE_FILE) {
stop = (*func)(szFileName);
rv = TRUE;
if (stop)
break;
continue;
}
if (recursive && fileInfo.type == PR_FILE_DIRECTORY) {
rv |= EnumSystemFilesWithNSPR(szFileName, recursive, func);
}
}
PR_CloseDir(pDir);
return rv;
}
#endif
static BOOL
EnumSystemFiles(PRInt32 (*func)(const char *))
{
#if defined(_WIN32_WCE)
BOOL rv = FALSE;
rv |= EnumSystemFilesWithNSPR("\\Windows\\Temporary Internet Files", TRUE, func);
rv |= EnumSystemFilesWithNSPR("\\Temp", FALSE, func);
rv |= EnumSystemFilesWithNSPR("\\Windows", FALSE, func);
return rv;
#else
int iStatus;
char szSysDir[_MAX_PATH];
char szFileName[_MAX_PATH];
#ifdef _WIN32
WIN32_FIND_DATA fdData;
int iContinue;
HANDLE lFindHandle;
#else
struct _find_t fdData;
#endif
if (!GetSystemDirectory(szSysDir, sizeof(szSysDir)))
return FALSE;
WIN32_FIND_DATAW fdData;
PRUnichar szFileName[_MAX_PATH];
char narrowFileName[_MAX_PATH];
if (maxDepth < 0)
return;
// tack *.* on the end so we actually look for files. this will
// not overflow
strcpy(szFileName, szSysDir);
strcat(szFileName, "\\*.*");
wcscpy(szFileName, szSysDir);
wcscat(szFileName, L"\\*.*");
#ifdef _WIN32
lFindHandle = FindFirstFile(szFileName, &fdData);
lFindHandle = FindFirstFileW(szFileName, &fdData);
if (lFindHandle == INVALID_HANDLE_VALUE)
return FALSE;
return;
do {
// pass the full pathname to the callback
sprintf(szFileName, "%s\\%s", szSysDir, fdData.cFileName);
(*func)(szFileName);
iStatus = FindNextFile(lFindHandle, &fdData);
} while (iStatus != 0);
iContinue = 1;
if (wcscmp(fdData.cFileName, L".") == 0 ||
wcscmp(fdData.cFileName, L"..") == 0) {
// skip "." and ".."
} else {
// pass the full pathname to the callback
_snwprintf(szFileName, _MAX_PATH, L"%s\\%s", szSysDir,
fdData.cFileName);
if (fdData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
EnumSystemFilesInFolder(func, szFileName, maxDepth - 1);
} else {
iContinue = WideCharToMultiByte(CP_ACP, 0, szFileName, -1,
narrowFileName, _MAX_PATH,
NULL, NULL);
if (iContinue)
iContinue = !(*func)(narrowFileName);
}
}
if (iContinue)
iContinue = FindNextFileW(lFindHandle, &fdData);
} while (iContinue);
FindClose(lFindHandle);
#else
if (_dos_findfirst(szFileName,
_A_NORMAL | _A_RDONLY | _A_ARCH | _A_SUBDIR, &fdData) != 0)
return FALSE;
do {
// pass the full pathname to the callback
sprintf(szFileName, "%s\\%s", szSysDir, fdData.name);
(*func)(szFileName);
iStatus = _dos_findnext(&fdData);
} while (iStatus == 0);
_dos_findclose(&fdData);
#endif
}
return TRUE;
static BOOL
EnumSystemFiles(Handler func)
{
PRUnichar szSysDir[_MAX_PATH];
static const int folders[] = {
CSIDL_BITBUCKET,
CSIDL_RECENT,
#ifndef WINCE
CSIDL_INTERNET_CACHE,
CSIDL_COMPUTERSNEARME,
CSIDL_HISTORY,
#endif
0
};
int i = 0;
if (_MAX_PATH > (i = GetTempPathW(_MAX_PATH, szSysDir))) {
if (i > 0 && szSysDir[i-1] == L'\\')
szSysDir[i-1] = L'\0'; // we need to lop off the trailing slash
EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH);
}
for(i = 0; folders[i]; i++) {
DWORD rv = SHGetSpecialFolderPathW(NULL, szSysDir, folders[i], 0);
if (szSysDir[0])
EnumSystemFilesInFolder(func, szSysDir, MAX_DEPTH);
szSysDir[0] = L'\0';
}
return PR_TRUE;
}
static PRInt32
@ -342,7 +260,6 @@ void RNG_SystemInfoForRNG(void)
DWORD dwVal;
char buffer[256];
int nBytes;
#ifdef _WIN32
MEMORYSTATUS sMem;
HANDLE hVal;
#if !defined(_WIN32_WCE)
@ -352,17 +269,10 @@ void RNG_SystemInfoForRNG(void)
char volName[128];
DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
#endif
#else
int iVal;
HTASK hTask;
WORD wDS, wCS;
LPSTR lpszEnv;
#endif
nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
RNG_RandomUpdate(buffer, nBytes);
#ifdef _WIN32
sMem.dwLength = sizeof(sMem);
GlobalMemoryStatus(&sMem); // assorted memory stats
RNG_RandomUpdate(&sMem, sizeof(sMem));
@ -370,47 +280,12 @@ void RNG_SystemInfoForRNG(void)
dwVal = GetLogicalDrives();
RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
#endif
#else
dwVal = GetFreeSpace(0);
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
_asm mov wDS, ds;
_asm mov wCS, cs;
RNG_RandomUpdate(&wDS, sizeof(wDS));
RNG_RandomUpdate(&wCS, sizeof(wCS));
#endif
#ifdef _WIN32
#if !defined(_WIN32_WCE)
dwVal = sizeof(buffer);
if (GetComputerName(buffer, &dwVal))
RNG_RandomUpdate(buffer, dwVal);
#endif
/* XXX This is code that got yanked because of NSPR20. We should put it
* back someday.
*/
#ifdef notdef
{
POINT ptVal;
GetCursorPos(&ptVal);
RNG_RandomUpdate(&ptVal, sizeof(ptVal));
}
dwVal = GetQueueStatus(QS_ALLINPUT); // high and low significant
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
{
HWND hWnd;
hWnd = GetClipboardOwner(); // 2 or 4 bytes
RNG_RandomUpdate((void *)&hWnd, sizeof(hWnd));
}
{
UUID sUuid;
UuidCreate(&sUuid); // this will fail on machines with no ethernet
RNG_RandomUpdate(&sUuid, sizeof(sUuid)); // boards. shove the bits in regardless
}
#endif
hVal = GetCurrentProcess(); // 4 or 8 byte pseudo handle (a
// constant!) of current process
@ -440,27 +315,14 @@ void RNG_SystemInfoForRNG(void)
RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags));
RNG_RandomUpdate(buffer, strlen(buffer));
if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters, &dwNumClusters)) {
if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters,
&dwNumClusters)) {
RNG_RandomUpdate(&dwSectors, sizeof(dwSectors));
RNG_RandomUpdate(&dwBytes, sizeof(dwBytes));
RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
}
#endif
#else /* is WIN16 */
hTask = GetCurrentTask();
RNG_RandomUpdate((void *)&hTask, sizeof(hTask));
iVal = GetNumTasks();
RNG_RandomUpdate(&iVal, sizeof(iVal)); // number of running tasks
lpszEnv = GetDOSEnvironment();
while (*lpszEnv != '\0') {
RNG_RandomUpdate(lpszEnv, strlen(lpszEnv));
lpszEnv += strlen(lpszEnv) + 1;
}
#endif /* is WIN16 */
// now let's do some files
ReadSystemFiles();
@ -477,12 +339,7 @@ void RNG_FileForRNG(const char *filename)
PRFileInfo infoBuf;
unsigned char buffer[1024];
/* windows doesn't initialize all the bytes in the stat buf,
* so initialize them all here to avoid UMRs.
*/
memset(&infoBuf, 0, sizeof infoBuf);
if (PR_GetFileInfo(filename, &infoBuf) < 0)
if (PR_GetFileInfo(filename, &infoBuf) != PR_SUCCESS)
return;
RNG_RandomUpdate((unsigned char*)&infoBuf, sizeof(infoBuf));
@ -508,6 +365,25 @@ void RNG_FileForRNG(const char *filename)
RNG_RandomUpdate(buffer, nBytes);
}
/*
* The Windows CE and Windows Mobile FIPS Security Policy, page 13,
* (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp825.pdf)
* says CeGenRandom is the right function to call for creating a seed
* for a random number generator.
*/
size_t RNG_SystemRNG(void *dest, size_t maxLen)
{
size_t bytes = 0;
if (CeGenRandom(maxLen, dest)) {
bytes = maxLen;
}
if (bytes == 0) {
PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
}
return bytes;
}
#else /* not WinCE */
void RNG_FileForRNG(const char *filename)
@ -550,8 +426,6 @@ void RNG_FileForRNG(const char *filename)
RNG_RandomUpdate(buffer, nBytes);
}
#endif /* not WinCE */
/*
* CryptoAPI requires Windows NT 4.0 or Windows 95 OSR2 and later.
* Until we drop support for Windows 95, we need to emulate some
@ -644,5 +518,6 @@ done:
FreeLibrary(hModule);
return bytes;
}
#endif /* not WinCE */
#endif /* is XP_WIN */

1
security/nss/lib/libpkix/include/pkix_certstore.h
View File

@ -346,6 +346,7 @@ typedef PKIX_Error *
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
PKIX_Boolean delayCrlSigCheck,
PKIX_UInt32 *reasonCode,
PKIX_RevocationStatus *revStatus,
void *plContext);

4
security/nss/lib/libpkix/include/pkix_errorstrings.h
View File

@ -240,6 +240,7 @@ PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPKALGIDFAILED,pkix_CertSelector_Match_SubjP
PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPUBKEYFAILED,pkix_CertSelector_Match_SubjPubKey failed,0),
PKIX_ERRORENTRY(CERTSELECTORSELECTFAILED,pkix_CertSelector_Select failed,0),
PKIX_ERRORENTRY(CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_SetCommonCertSelectorParams failed,0),
PKIX_ERRORENTRY(CERTSETASTRUSTANCHORFAILED, PKIX_PL_Cert_SetAsTrustAnchor failed, 0),
PKIX_ERRORENTRY(CERTSETCACHEFLAGFAILED,PKIX_PL_Cert_SetCacheFlag failed,0),
PKIX_ERRORENTRY(CERTSETTRUSTCERTSTOREFAILED,PKIX_PL_Cert_SetTrustCertStore failed,0),
PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFAILED,PKIX_CertStore_CertContinue failed,0),
@ -435,6 +436,7 @@ PKIX_ERRORENTRY(DERUTCTIMETOASCIIFAILED,DER_UTCTimeToAscii failed,0),
PKIX_ERRORENTRY(DESTROYSPKIFAILED,pkix_pl_DestroySPKI failed,0),
PKIX_ERRORENTRY(DIRECTORYNAMECREATEFAILED,pkix_pl_DirectoryName_Create failed,0),
PKIX_ERRORENTRY(DUPLICATEIMMUTABLEFAILED,pkix_duplicateImmutable failed,0),
PKIX_ERRORENTRY(CANNOTSORTIMMUTABLELIST,pkix_List_BubbleSort can not sort immutable list,0),
PKIX_ERRORENTRY(EKUCHECKERGETREQUIREDEKUFAILED,pkix_pl_EkuChecker_GetRequiredEku failed,0),
PKIX_ERRORENTRY(EKUCHECKERINITIALIZEFAILED,PKIX_PL_EkuChecker_Initialize failed,0),
PKIX_ERRORENTRY(EKUCHECKERSTATECREATEFAILED,pkix_pl_EkuCheckerState_Create failed,0),
@ -477,6 +479,7 @@ PKIX_ERRORENTRY(EXTRACTPARAMETERSFAILED,pkix_ExtractParameters failed,0),
PKIX_ERRORENTRY(FAILEDINENCODINGSEARCHREQUEST,failed in encoding searchRequest,SEC_ERROR_FAILED_TO_ENCODE_DATA),
PKIX_ERRORENTRY(FAILEDTOGETNSSTRUSTANCHORS,Failed to get nss trusted roots,0),
PKIX_ERRORENTRY(FAILEDTOGETTRUST, failed to get trust from the cert,0),
PKIX_ERRORENTRY(FAILTOSELECTCERTSFROMANCHORS,failed to select certs from anchors,0),
PKIX_ERRORENTRY(FAILUREHASHINGCERT,Failure hashing Cert,0),
PKIX_ERRORENTRY(FAILUREHASHINGERROR,Failure hashing Error,0),
PKIX_ERRORENTRY(FAILUREHASHINGLISTEXPECTEDPOLICYSET,Failure hashing PKIX_List expectedPolicySet,0),
@ -674,6 +677,7 @@ PKIX_ERRORENTRY(LISTGETLENGTHFAILED,PKIX_List_GetLength failed,0),
PKIX_ERRORENTRY(LISTHASHCODEFAILED,pkix_List_Hashcode failed,0),
PKIX_ERRORENTRY(LISTINSERTITEMFAILED,PKIX_List_InsertItem failed,0),
PKIX_ERRORENTRY(LISTISEMPTYFAILED,PKIX_List_IsEmpty failed,0),
PKIX_ERRORENTRY(LISTMERGEFAILED,pkix_List_MergeList failed,0),
PKIX_ERRORENTRY(LISTQUICKSORTFAILED,pkix_List_QuickSort failed,0),
PKIX_ERRORENTRY(LISTREMOVEFAILED,pkix_List_Remove failed,0),
PKIX_ERRORENTRY(LISTREMOVEITEMSFAILED,pkix_List_RemoveItems failed,0),

8
security/nss/lib/libpkix/include/pkix_pl_pki.h
View File

@ -1511,6 +1511,8 @@ PKIX_PL_Cert_VerifySignature(
* "cert"
* Address of Cert whose trustworthiness is to be determined. Must be
* non-NULL.
* "trustOnlyUserAnchors"
* States that we can only trust explicitly defined user trust anchors.
* "pTrusted"
* Address where the Boolean value will be stored. Must be non-NULL.
* "plContext"
@ -1525,9 +1527,15 @@ PKIX_PL_Cert_VerifySignature(
PKIX_Error *
PKIX_PL_Cert_IsCertTrusted(
PKIX_PL_Cert *cert,
PKIX_Boolean trustOnlyUserAnchors,
PKIX_Boolean *pTrusted,
void *plContext);
/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
PKIX_Error*
PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
void *plContext);
/*
* FUNCTION: PKIX_PL_Cert_GetCacheFlag
* DESCRIPTION:

1
security/nss/lib/libpkix/include/pkix_revchecker.h
View File

@ -126,7 +126,6 @@ extern "C" {
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_PL_Date *revDate,
PKIX_UInt32 leafMethodListFlags,
PKIX_UInt32 chainMethodListFlags,
PKIX_RevocationChecker **pChecker,

16
security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
View File

@ -226,7 +226,8 @@ pkix_CrlChecker_CheckLocal(
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *revStatus,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
PKIX_UInt32 *pReasonCode,
void *plContext)
{
@ -237,6 +238,7 @@ pkix_CrlChecker_CheckLocal(
PKIX_UInt32 crlStoreIndex = 0;
PKIX_UInt32 numCrlStores = 0;
PKIX_Boolean storeIsLocal = PKIX_FALSE;
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_CrlChecker_CheckLocal");
PKIX_NULLCHECK_FOUR(cert, issuer, checkerObject, checkerObject);
@ -268,10 +270,14 @@ pkix_CrlChecker_CheckLocal(
if (storeCheckRevocationFn) {
PKIX_CHECK(
storeCheckRevocationFn(certStore, cert, issuer,
date, &reasonCode,
revStatus, plContext),
date,
/* delay sig check if building
* a chain */
!chainVerificationState,
&reasonCode,
&revStatus, plContext),
PKIX_CERTSTORECRLCHECKFAILED);
if (*revStatus == PKIX_RevStatus_Revoked) {
if (revStatus == PKIX_RevStatus_Revoked) {
break;
}
}
@ -280,6 +286,7 @@ pkix_CrlChecker_CheckLocal(
} /* while */
cleanup:
*pRevStatus = revStatus;
PKIX_DECREF(certStore);
PKIX_RETURN(CERTCHAINCHECKER);
@ -426,6 +433,7 @@ pkix_CrlChecker_CheckExternal(
PKIX_CHECK(
storeCheckRevocationFn(certStore, cert, issuer, date,
PKIX_FALSE /* do not delay sig check */,
&reasonCode, &revStatus, plContext),
PKIX_CERTSTORECRLCHECKFAILED);
if (revStatus != PKIX_RevStatus_NoInfo) {

1
security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h
View File

@ -62,6 +62,7 @@ pkix_CrlChecker_CheckLocal(
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
PKIX_UInt32 *reasonCode,
void *plContext);

12
security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
View File

@ -165,6 +165,7 @@ pkix_OcspChecker_CheckLocal(
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
PKIX_UInt32 *pReasonCode,
void *plContext)
@ -203,6 +204,11 @@ pkix_OcspChecker_CheckLocal(
cleanup:
*pRevStatus = revStatus;
/* ocsp carries only tree statuses: good, bad, and unknown.
* revStatus is used to pass them. reasonCode is always set
* to be unknown. */
*pReasonCode = crlEntryReasonUnspecified;
PKIX_DECREF(cid);
PKIX_RETURN(OCSPCHECKER);
@ -314,7 +320,6 @@ pkix_OcspChecker_CheckExternal(
goto cleanup;
}
if (passed == PKIX_FALSE) {
resultCode = PORT_GetError();
goto cleanup;
}
@ -336,6 +341,11 @@ cleanup:
}
*pRevStatus = revStatus;
/* ocsp carries only tree statuses: good, bad, and unknown.
* revStatus is used to pass them. reasonCode is always set
* to be unknown. */
*pReasonCode = crlEntryReasonUnspecified;
if (!passed && cid && cid->certID) {
/* We still own the certID object, which means that
* it did not get consumed to create a cache entry.

1
security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
View File

@ -61,6 +61,7 @@ pkix_OcspChecker_CheckLocal(
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
PKIX_UInt32 *reasonCode,
void *plContext);

41
security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c
View File

@ -67,7 +67,6 @@ pkix_RevocationChecker_Destroy(
checker = (PKIX_RevocationChecker *)object;
PKIX_DECREF(checker->date);
PKIX_DECREF(checker->leafMethodList);
PKIX_DECREF(checker->chainMethodList);
@ -116,8 +115,7 @@ pkix_RevocationChecker_Duplicate(
}
PKIX_CHECK(
PKIX_RevocationChecker_Create(checker->date,
checker->leafMethodListFlags,
PKIX_RevocationChecker_Create(checker->leafMethodListFlags,
checker->chainMethodListFlags,
&checkerDuplicate,
plContext),
@ -201,7 +199,6 @@ pkix_RevocationChecker_SortComparator(
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_PL_Date *revDate,
PKIX_UInt32 leafMethodListFlags,
PKIX_UInt32 chainMethodListFlags,
PKIX_RevocationChecker **pChecker,
@ -219,9 +216,6 @@ PKIX_RevocationChecker_Create(
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
PKIX_INCREF(revDate);
checker->date = revDate;
checker->leafMethodListFlags = leafMethodListFlags;
checker->chainMethodListFlags = chainMethodListFlags;
checker->leafMethodList = NULL;
@ -341,12 +335,13 @@ PKIX_RevocationChecker_Check(
PKIX_Boolean onlyUseRemoteMethods = PKIX_FALSE;
PKIX_UInt32 revFlags = 0;
PKIX_List *revList = NULL;
PKIX_PL_Date *date = NULL;
pkix_RevocationMethod *method = NULL;
void *nbioContext;
int tries;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Check");
PKIX_NULLCHECK_ONE(revChecker);
PKIX_NULLCHECK_TWO(revChecker, procParams);
nbioContext = *pNbioContext;
*pNbioContext = NULL;
@ -366,6 +361,8 @@ PKIX_RevocationChecker_Check(
PORT_Memset(methodStatus, PKIX_RevStatus_NoInfo,
sizeof(PKIX_RevocationStatus) * PKIX_RevocationMethod_MAX);
date = procParams->date;
/* Need to have two loops if we testing all local info first:
* first we are going to test all local(cached) info
* second, all remote info(fetching) */
@ -392,22 +389,24 @@ PKIX_RevocationChecker_Check(
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
pkixErrorResult =
(*method->localRevChecker)(cert, issuer,
revChecker->date,
(*method->localRevChecker)(cert, issuer, date,
method, procParams,
methodFlags, &revStatus,
methodFlags,
chainVerificationState,
&revStatus,
pReasonCode, plContext);
methodStatus[methodNum] = revStatus;
if (revStatus == PKIX_RevStatus_Revoked) {
/* if error was generated use it as final error. */
overallStatus = PKIX_RevStatus_Revoked;
goto cleanup;
}
if (pkixErrorResult) {
/* Disregard errors. Only returned revStatus matters. */
PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
plContext);
pkixErrorResult = NULL;
}
if (revStatus == PKIX_RevStatus_Revoked) {
overallStatus = PKIX_RevStatus_Revoked;
goto cleanup;
}
}
if ((!(revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST) ||
onlyUseRemoteMethods) &&
@ -416,23 +415,23 @@ PKIX_RevocationChecker_Check(
if (!(methodFlags & PKIX_REV_M_FORBID_NETWORK_FETCHING)) {
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
pkixErrorResult =
(*method->externalRevChecker)(cert, issuer,
revChecker->date,
(*method->externalRevChecker)(cert, issuer, date,
method,
procParams, methodFlags,
&revStatus, pReasonCode,
&nbioContext, plContext);
methodStatus[methodNum] = revStatus;
if (revStatus == PKIX_RevStatus_Revoked) {
/* if error was generated use it as final error. */
overallStatus = PKIX_RevStatus_Revoked;
goto cleanup;
}
if (pkixErrorResult) {
/* Disregard errors. Only returned revStatus matters. */
PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
plContext);
pkixErrorResult = NULL;
}
if (revStatus == PKIX_RevStatus_Revoked) {
overallStatus = PKIX_RevStatus_Revoked;
goto cleanup;
}
} else if (methodFlags &
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
/* Info is not in the local cache. Network fetching is not

1
security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h
View File

@ -166,7 +166,6 @@ extern "C" {
/* Defines check time for the cert, revocation methods lists and
* flags for leaf and chain certs revocation tests. */
struct PKIX_RevocationCheckerStruct {
PKIX_PL_Date *date;
PKIX_List *leafMethodList;
PKIX_List *chainMethodList;
PKIX_UInt32 leafMethodListFlags;

1
security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h
View File

@ -62,6 +62,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
PKIX_UInt32 *reasonCode,
void *plContext);

5
security/nss/lib/libpkix/pkix/params/pkix_procparams.c
View File

@ -567,9 +567,12 @@ PKIX_ProcessingParams_Create(
PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
(NULL, &params->date, plContext),
PKIX_DATECREATEUTCTIMEFAILED);
params->hintCerts = NULL;
params->constraints = NULL;
params->date = NULL;
params->initialPolicies = NULL;
params->initialPolicyMappingInhibit = PKIX_FALSE;
params->initialAnyPolicyInhibit = PKIX_FALSE;

4
security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
View File

@ -393,6 +393,10 @@ PKIX_TrustAnchor_CreateWithCert(
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
PKIX_CHECK(
PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
PKIX_CERTSETASTRUSTANCHORFAILED);
PKIX_INCREF(cert);
anchor->trustedCert = cert;

2
security/nss/lib/libpkix/pkix/results/pkix_verifynode.c
View File

@ -1203,7 +1203,7 @@ pkix_VerifyNode_FindError(
}
}
if (node->error) {
if (node->error && node->error->plErr) {
PKIX_INCREF(node->error);
*error = node->error;
}

1050
security/nss/lib/libpkix/pkix/top/pkix_build.c
View File

File diff suppressed because it is too large Load Diff

3
security/nss/lib/libpkix/pkix/top/pkix_build.h
View File

@ -66,7 +66,6 @@ typedef enum {
BUILD_CHECKTRUSTED,
BUILD_CHECKTRUSTED2,
BUILD_ADDTOCHAIN,
BUILD_CHECKWITHANCHORS,
BUILD_CRL2PREP,
BUILD_CRL2,
BUILD_VALCHAIN,
@ -112,14 +111,12 @@ struct PKIX_ForwardBuilderStateStruct{
PKIX_UInt32 numAias;
PKIX_UInt32 certIndex;
PKIX_UInt32 aiaIndex;
PKIX_UInt32 anchorIndex;
PKIX_UInt32 certCheckedIndex;
PKIX_UInt32 checkerIndex;
PKIX_UInt32 hintCertIndex;
PKIX_UInt32 numFanout;
PKIX_UInt32 numDepth;
PKIX_UInt32 reasonCode;
PKIX_Boolean dsaParamsNeeded;
PKIX_Boolean revCheckDelayed;
PKIX_Boolean canBeCached;
PKIX_Boolean useOnlyLocal;

24
security/nss/lib/libpkix/pkix/top/pkix_validate.c
View File

@ -728,7 +728,6 @@ pkix_CheckChain(
void *plContext)
{
PKIX_UInt32 j = 0;
SECErrorCodes reasonCode = 0;
PKIX_Boolean revChecking = PKIX_FALSE;
PKIX_Error *checkCertError = NULL;
void *nbioContext = NULL;
@ -793,23 +792,29 @@ pkix_CheckChain(
if (revChecking == PKIX_TRUE) {
PKIX_RevocationStatus revStatus;
PKIX_CHECK(
pkixErrorResult =
PKIX_RevocationChecker_Check(
cert, issuer, revChecker,
procParams, PKIX_TRUE,
(j == 0) ? PKIX_TRUE : PKIX_FALSE,
&revStatus, &reasonCode,
&nbioContext, plContext),
PKIX_REVCHECKCERTFAILED);
(j == numCerts - 1) ? PKIX_TRUE : PKIX_FALSE,
&revStatus, pReasonCode,
&nbioContext, plContext);
if (nbioContext != NULL) {
*pCertCheckedIndex = j;
*pRevChecking = revChecking;
*pNBIOContext = nbioContext;
goto cleanup;
}
if (revStatus == PKIX_RevStatus_Revoked) {
PKIX_ERROR_CREATE(VALIDATE, PKIX_CERTIFICATEREVOKED,
pkixErrorResult);
if (revStatus == PKIX_RevStatus_Revoked ||
pkixErrorResult) {
if (!pkixErrorResult) {
/* if pkixErrorResult is returned then
* use it as it has a detailed revocation
* error code. Otherwise create a new error */
PKIX_ERROR_CREATE(VALIDATE,
PKIX_CERTIFICATEREVOKED,
pkixErrorResult);
}
goto cleanup;
}
revChecking = PKIX_FALSE;
@ -825,7 +830,6 @@ pkix_CheckChain(
(checkers, pFinalSubjPubKey, pPolicyTree, plContext),
PKIX_RETRIEVEOUTPUTSFAILED);
*pReasonCode = (PKIX_UInt32)reasonCode;
*pNBIOContext = NULL;
cleanup:

5
security/nss/lib/libpkix/pkix/util/pkix_list.c
View File

@ -1225,7 +1225,10 @@ pkix_List_BubbleSort(
PKIX_ENTER(BUILD, "pkix_List_BubbleSort");
PKIX_NULLCHECK_THREE(fromList, comparator, pSortedList);
if (fromList->immutable) {
PKIX_ERROR(PKIX_CANNOTSORTIMMUTABLELIST);
}
PKIX_CHECK(pkix_List_Duplicate
((PKIX_PL_Object *) fromList,
(PKIX_PL_Object **) &sortedList,

38
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
View File

@ -573,11 +573,13 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
PKIX_PL_Cert *pkixCert,
PKIX_PL_Cert *pkixIssuer,
PKIX_PL_Date *date,
PKIX_Boolean delayCrlSigCheck,
PKIX_UInt32 *pReasonCode,
PKIX_RevocationStatus *pStatus,
void *plContext)
{
CERTCRLEntryReasonCode revReason = crlEntryReasonUnspecified;
PKIX_RevocationStatus status = PKIX_RevStatus_NoInfo;
PRTime time = 0;
void *wincx = NULL;
PRBool lockedwrite = PR_FALSE;
@ -610,23 +612,29 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
PKIX_ERROR(PKIX_CRLISSUECERTEXPIRED);
}
rv = AcquireDPCache(issuer, &issuer->derSubject, NULL, time,
rv = AcquireDPCache(issuer, &issuer->derSubject, NULL,
/* AcquireDPCache will not validate the signature
* on the crl if time is not specified. */
delayCrlSigCheck ? 0: time,
wincx, &dpcache, &lockedwrite);
if (rv == SECFailure) {
PKIX_ERROR(PKIX_CERTCHECKCRLFAILED);
}
if (!dpcache->ncrls) {
*pStatus = PKIX_RevStatus_NoInfo;
if ((delayCrlSigCheck && dpcache->invalid) ||
/* obtained cache is invalid due to delayed signature check */
!dpcache->ncrls) {
goto cleanup;
}
/* now look up the certificate SN in the DP cache's CRL */
rv = DPCache_Lookup(dpcache, &cert->serialNumber, &entry);
if (SECSuccess == rv && entry) {
if (rv == SECFailure) {
PKIX_ERROR(PKIX_CERTCHECKCRLFAILED);
}
if (entry) {
/* check the time if we have one */
if (entry->revocationDate.data && entry->revocationDate.len) {
PRTime revocationDate = 0;
if (SECSuccess == DER_DecodeTimeChoice(&revocationDate,
&entry->revocationDate)) {
/* we got a good revocation date, only consider the
@ -645,20 +653,18 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
rv = SECFailure;
}
if (SECFailure == rv) {
CERTCRLEntryReasonCode reasonCode = crlEntryReasonUnspecified;
/* Find real revocation reason */
CERT_FindCRLEntryReasonExten(entry, &reasonCode);
*pReasonCode = (PKIX_UInt32)reasonCode;
*pStatus = PKIX_RevStatus_Revoked;
CERT_FindCRLEntryReasonExten(entry, &revReason);
status = PKIX_RevStatus_Revoked;
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
}
} else {
*pReasonCode = revReason;
*pStatus = PKIX_RevStatus_Success;
status = PKIX_RevStatus_Success;
}
cleanup:
*pStatus = status;
*pReasonCode = revReason;
if (dpcache) {
ReleaseDPCache(dpcache, lockedwrite);
}
@ -763,9 +769,6 @@ pkix_pl_Pk11CertStore_GetCert(
/* Don't throw away the list if one cert was bad! */
pkixTempErrorReceived = PKIX_FALSE;
PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
*pCertList = filtered;
filtered = NULL;
@ -855,9 +858,6 @@ pkix_pl_Pk11CertStore_GetCRL(
/* Don't throw away the list if one CRL was bad! */
pkixTempErrorReceived = PKIX_FALSE;
PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
*pCrlList = filtered;
filtered = NULL;

20
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
View File

@ -1490,6 +1490,7 @@ pkix_pl_Cert_CreateWithNSSCert(
cert->store = NULL;
cert->authorityInfoAccess = NULL;
cert->subjectInfoAccess = NULL;
cert->isUserTrustAnchor = PKIX_FALSE;
*pCert = cert;
@ -3252,6 +3253,7 @@ cleanup:
PKIX_Error *
PKIX_PL_Cert_IsCertTrusted(
PKIX_PL_Cert *cert,
PKIX_Boolean trustOnlyUserAnchors,
PKIX_Boolean *pTrusted,
void *plContext)
{
@ -3268,6 +3270,11 @@ PKIX_PL_Cert_IsCertTrusted(
PKIX_ENTER(CERT, "pkix_pl_Cert_IsCertTrusted");
PKIX_NULLCHECK_TWO(cert, pTrusted);
if (trustOnlyUserAnchors) {
*pTrusted = cert->isUserTrustAnchor;
goto cleanup;
}
/* no key usage information and store is not trusted */
if (plContext == NULL || cert->store == NULL) {
*pTrusted = PKIX_FALSE;
@ -3322,6 +3329,19 @@ cleanup:
PKIX_RETURN(CERT);
}
/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
PKIX_Error*
PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
void *plContext)
{
PKIX_ENTER(CERT, "PKIX_PL_Cert_SetAsTrustAnchor");
PKIX_NULLCHECK_ONE(cert);
cert->isUserTrustAnchor = PKIX_TRUE;
PKIX_RETURN(CERT);
}
/*
* FUNCTION: PKIX_PL_Cert_GetCacheFlag (see comments in pkix_pl_pki.h)
*/

1
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h
View File

@ -85,6 +85,7 @@ struct PKIX_PL_CertStruct {
PKIX_CertStore *store;
PKIX_List *authorityInfoAccess; /* list of PKIX_PL_InfoAccess */
PKIX_List *subjectInfoAccess; /* list of PKIX_PL_InfoAccess */
PKIX_Boolean isUserTrustAnchor;
};
/* see source file for function documentation */

5
security/nss/lib/pki/certificate.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.65 $ $Date: 2008/06/14 04:38:32 $";
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.66 $ $Date: 2009/02/09 07:51:27 $";
#endif /* DEBUG */
#ifndef NSSPKI_H
@ -317,6 +317,9 @@ nssCertificate_GetDecoding (
)
{
nssDecodedCert* deco = NULL;
if (c->type == NSSCertificateType_PKIX) {
(void)STAN_GetCERTCertificate(c);
}
nssPKIObject_Lock(&c->object);
if (!c->decoding) {
deco = nssDecodedCert_Create(NULL, &c->encoding, c->type);

26
security/nss/lib/softoken/fipsaudt.c
View File

@ -105,7 +105,7 @@ void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
"phObject=%p)=0x%08lX%s",
(PRUint32)hSession, pTemplate, (PRUint32)ulCount,
phObject, (PRUint32)rv, shObject);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
}
void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
@ -124,7 +124,7 @@ void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
"pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
(PRUint32)hSession, (PRUint32)hObject,
pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
}
/* WARNING: hObject has been destroyed and can only be printed. */
@ -138,7 +138,7 @@ void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
PR_snprintf(msg, sizeof msg,
"C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
(PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
}
void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
@ -153,7 +153,7 @@ void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
"pulSize=%p)=0x%08lX",
(PRUint32)hSession, (PRUint32)hObject,
pulSize, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
}
void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
@ -169,7 +169,7 @@ void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
"pTemplate=%p, ulCount=%lu)=0x%08lX",
(PRUint32)hSession, (PRUint32)hObject,
pTemplate, (PRUint32)ulCount, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
}
void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
@ -185,7 +185,7 @@ void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
"pTemplate=%p, ulCount=%lu)=0x%08lX",
(PRUint32)hSession, (PRUint32)hObject,
pTemplate, (PRUint32)ulCount, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
}
void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
@ -202,7 +202,7 @@ void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
"hKey=0x%08lX)=0x%08lX",
opName, (PRUint32)hSession, mech,
(PRUint32)hKey, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
}
void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
@ -222,7 +222,7 @@ void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
"pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
(PRUint32)hSession, mech,
pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
}
void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
@ -252,7 +252,7 @@ void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
}
void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
@ -271,7 +271,7 @@ void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
"hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
(PRUint32)hSession, mech, (PRUint32)hWrappingKey,
(PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
}
void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
@ -295,7 +295,7 @@ void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
(PRUint32)hSession, mech,
(PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
}
void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
@ -334,7 +334,7 @@ void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
(PRUint32)hSession, mech,
(PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
phKey, (PRUint32)rv, shKey, sTlsKeys);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
}
void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
@ -347,5 +347,5 @@ void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
PR_snprintf(msg, sizeof msg,
"C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
(PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
}

81
security/nss/lib/softoken/fipstokn.c
View File

@ -74,8 +74,13 @@
#include <pthread.h>
#include <dlfcn.h>
#define LIBAUDIT_NAME "libaudit.so.0"
#ifndef AUDIT_USER
#define AUDIT_USER 1005 /* message type: message from userspace */
#ifndef AUDIT_CRYPTO_TEST_USER
#define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */
#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
#define AUDIT_CRYPTO_LOGIN 2402 /* Logged in as crypto officer */
#define AUDIT_CRYPTO_LOGOUT 2403 /* Logged out from crypto */
#define AUDIT_CRYPTO_KEY_USER 2404 /* Create,delete,negotiate */
#define AUDIT_CRYPTO_FAILURE_USER 2405 /* Fail decrypt,encrypt,randomize */
#endif
static void *libaudit_handle;
static int (*audit_open_func)(void);
@ -321,6 +326,47 @@ sftk_get_object_class_and_fipsCheck(CK_SESSION_HANDLE hSession,
return rv;
}
#ifdef LINUX
int
sftk_mapLinuxAuditType(NSSAuditSeverity severity, NSSAuditType auditType)
{
switch (auditType) {
case NSS_AUDIT_ACCESS_KEY:
case NSS_AUDIT_CHANGE_KEY:
case NSS_AUDIT_COPY_KEY:
case NSS_AUDIT_DERIVE_KEY:
case NSS_AUDIT_DESTROY_KEY:
case NSS_AUDIT_DIGEST_KEY:
case NSS_AUDIT_GENERATE_KEY:
case NSS_AUDIT_LOAD_KEY:
case NSS_AUDIT_UNWRAP_KEY:
case NSS_AUDIT_WRAP_KEY:
return AUDIT_CRYPTO_KEY_USER;
case NSS_AUDIT_CRYPT:
return (severity == NSS_AUDIT_ERROR) ? AUDIT_CRYPTO_FAILURE_USER :
AUDIT_CRYPTO_KEY_USER;
case NSS_AUDIT_FIPS_STATE:
case NSS_AUDIT_INIT_PIN:
case NSS_AUDIT_INIT_TOKEN:
case NSS_AUDIT_SET_PIN:
return AUDIT_CRYPTO_PARAM_CHANGE_USER;
case NSS_AUDIT_SELF_TEST:
return AUDIT_CRYPTO_TEST_USER;
case NSS_AUDIT_LOGIN:
return AUDIT_CRYPTO_LOGIN;
case NSS_AUDIT_LOGOUT:
return AUDIT_CRYPTO_LOGOUT;
/* we skip the fault case here so we can get compiler
* warnings if new 'NSSAuditType's are added without
* added them to this list, defaults fall through */
}
/* default */
return AUDIT_CRYPTO_PARAM_CHANGE_USER;
}
#endif
/**********************************************************************
*
* FIPS 140 auditable event logging
@ -344,7 +390,8 @@ PRBool sftk_audit_enabled = PR_FALSE;
* - for assuming a role, the type of role, and the location of the request
*/
void
sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg)
sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType,
const char *msg)
{
#ifdef NSS_AUDIT_WITH_SYSLOG
int level;
@ -370,6 +417,7 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg)
}
if (libaudit_handle) {
int audit_fd;
int linuxAuditType;
int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
if (!message) {
@ -380,11 +428,12 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg)
PR_smprintf_free(message);
return;
}
linuxAuditType = sftk_mapLinuxAuditType(severity, auditType);
if (audit_log_user_message_func) {
audit_log_user_message_func(audit_fd, AUDIT_USER, message,
audit_log_user_message_func(audit_fd, linuxAuditType, message,
NULL, NULL, NULL, result);
} else {
audit_send_user_message_func(audit_fd, AUDIT_USER, message);
audit_send_user_message_func(audit_fd, linuxAuditType, message);
}
audit_close_func(audit_fd);
PR_smprintf_free(message);
@ -446,7 +495,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
const char *envp;
CK_RV crv;
CHECK_FORK();
sftk_ForkReset(pReserved, &crv);
if (nsf_init) {
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
@ -476,7 +525,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
"C_Initialize()=0x%08lX "
"power-up self-tests failed",
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}
return crv;
}
@ -489,12 +538,16 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
CK_RV FC_Finalize (CK_VOID_PTR pReserved) {
CK_RV crv;
CHECK_FORK();
if (sftk_ForkReset(pReserved, &crv)) {
return crv;
}
if (!nsf_init) {
return CKR_OK;
}
crv = nsc_CommonFinalize (pReserved, PR_TRUE);
nsf_init = (PRBool) !(crv == CKR_OK);
return crv;
}
@ -580,7 +633,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
PR_snprintf(msg,sizeof msg,
"C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX",
(PRUint32)slotID,pLabel,(PRUint32)crv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_TOKEN, msg);
}
return crv;
}
@ -604,7 +657,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
PR_snprintf(msg,sizeof msg,
"C_InitPIN(hSession=0x%08lX)=0x%08lX",
(PRUint32)hSession,(PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_PIN, msg);
}
return rv;
}
@ -629,7 +682,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
PR_snprintf(msg,sizeof msg,
"C_SetPIN(hSession=0x%08lX)=0x%08lX",
(PRUint32)hSession,(PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_SET_PIN, msg);
}
return rv;
}
@ -699,7 +752,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
PR_snprintf(msg,sizeof msg,
"C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
(PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_LOGIN, msg);
}
return rv;
}
@ -721,7 +774,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
PR_snprintf(msg,sizeof msg,
"C_Logout(hSession=0x%08lX)=0x%08lX",
(PRUint32)hSession,(PRUint32)rv);
sftk_LogAuditMessage(severity, msg);
sftk_LogAuditMessage(severity, NSS_AUDIT_LOGOUT, msg);
}
return rv;
}
@ -1416,7 +1469,7 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
"self-test: continuous RNG test failed",
(PRUint32)hSession,pRandomData,
(PRUint32)ulRandomLen,(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}
}
return crv;

8
security/nss/lib/softoken/legacydb/keydb.c
View File

@ -34,7 +34,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: keydb.c,v 1.10 2008/06/06 01:16:25 wtc%google.com Exp $ */
/* $Id: keydb.c,v 1.11 2009/02/03 05:34:44 julien.pierre.boogz%sun.com Exp $ */
#include "lowkeyi.h"
#include "secasn1.h"
@ -1051,7 +1051,7 @@ nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle)
SECITEM_FreeItem(handle->global_salt,PR_TRUE);
}
if (handle->lock != NULL) {
PZ_DestroyLock(handle->lock);
SKIP_AFTER_FORK(PZ_DestroyLock(handle->lock));
}
PORT_Free(handle);
@ -2194,11 +2194,11 @@ keydb_Close(NSSLOWKEYDBHandle *kdb)
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
PZ_Lock(kdbLock);
SKIP_AFTER_FORK(PZ_Lock(kdbLock));
(* db->close)(db);
prstat = PZ_Unlock(kdbLock);
SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock));
return;
}

18
security/nss/lib/softoken/legacydb/lgdb.h
View File

@ -195,4 +195,22 @@ CK_RV lg_PutMetaData(SDB *sdb, const char *id,
SEC_END_PROTOS
#ifndef XP_UNIX
#define NO_CHECK_FORK
#endif
#ifndef NO_CHECK_FORK
extern PRBool parentForkedAfterC_Initialize;
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
#else
#define SKIP_AFTER_FORK(x) x
#endif /* NO_CHECK_FORK */
#endif /* _LGDB_H_ */

23
security/nss/lib/softoken/legacydb/lginit.c
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: lginit.c,v 1.12 2008/02/16 04:38:07 julien.pierre.boogz%sun.com Exp $ */
/* $Id: lginit.c,v 1.14 2009/02/03 23:18:48 julien.pierre.boogz%sun.com Exp $ */
#include "lowkeyi.h"
#include "pcert.h"
@ -429,14 +429,14 @@ void
lg_DBLock(SDB *sdb)
{
LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
PR_Lock(lgdb_p->dbLock);
SKIP_AFTER_FORK(PR_Lock(lgdb_p->dbLock));
}
void
lg_DBUnlock(SDB *sdb)
{
LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
PR_Unlock(lgdb_p->dbLock);
SKIP_AFTER_FORK(PR_Unlock(lgdb_p->dbLock));
}
PLHashTable *
@ -462,6 +462,13 @@ lg_getKeyDB(SDB *sdb)
return lgdb_p->keyDB;
}
PRBool parentForkedAfterC_Initialize;
void lg_SetForkState(PRBool forked)
{
parentForkedAfterC_Initialize = forked;
}
CK_RV
lg_Close(SDB *sdb)
{
@ -474,7 +481,7 @@ lg_Close(SDB *sdb)
nsslowkey_CloseKeyDB(lgdb_p->keyDB);
}
if (lgdb_p->dbLock) {
PR_DestroyLock(lgdb_p->dbLock);
SKIP_AFTER_FORK(PR_DestroyLock(lgdb_p->dbLock));
}
if (lgdb_p->hashTable) {
PL_HashTableDestroy(lgdb_p->hashTable);
@ -499,7 +506,6 @@ lg_CompareValues(const void *v1, const void *v2)
return (value1 == value2);
}
/*
* helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle
* with and sdb structure.
@ -551,7 +557,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr,
sdb->sdb_Abort = lg_Abort;
sdb->sdb_Reset = lg_Reset;
sdb->sdb_Close = lg_Close;
sdb->sdb_SetForkState = lg_SetForkState;
*pSdb = sdb;
return CKR_OK;
@ -654,10 +660,13 @@ loser:
}
CK_RV
legacy_Shutdown(void)
legacy_Shutdown(PRBool forked)
{
lg_SetForkState(forked);
nsslowcert_DestroyFreeLists();
nsslowcert_DestroyGlobalLocks();
SECOID_Shutdown();
lg_SetForkState(PR_FALSE);
return CKR_OK;
}

22
security/nss/lib/softoken/legacydb/pcertdb.c
View File

@ -37,7 +37,7 @@
/*
* Permanent Certificate database handling code
*
* $Id: pcertdb.c,v 1.6 2007/11/16 02:04:57 julien.pierre.boogz%sun.com Exp $
* $Id: pcertdb.c,v 1.7 2009/02/03 05:34:44 julien.pierre.boogz%sun.com Exp $
*/
#include "lowkeyti.h"
#include "pcert.h"
@ -223,7 +223,7 @@ nsslowcert_LockFreeList(void)
{
PORT_Assert(freeListLock != NULL);
PZ_Lock(freeListLock);
SKIP_AFTER_FORK(PZ_Lock(freeListLock));
return;
}
@ -233,11 +233,11 @@ nsslowcert_LockFreeList(void)
static void
nsslowcert_UnlockFreeList(void)
{
PRStatus prstat;
PRStatus prstat = PR_SUCCESS;
PORT_Assert(freeListLock != NULL);
prstat = PZ_Unlock(freeListLock);
SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
PORT_Assert(prstat == PR_SUCCESS);
@ -344,14 +344,14 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
static void
certdb_Close(DB *db)
{
PRStatus prstat;
PRStatus prstat = PR_SUCCESS;
PORT_Assert(dbLock != NULL);
PZ_Lock(dbLock);
SKIP_AFTER_FORK(PZ_Lock(dbLock));
(* db->close)(db);
prstat = PZ_Unlock(dbLock);
SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock));
return;
}
@ -5269,7 +5269,7 @@ nsslowcert_DestroyFreeLists(void)
DestroyCertEntryFreeList();
DestroyTrustFreeList();
DestroyCertFreeList();
PZ_DestroyLock(freeListLock);
SKIP_AFTER_FORK(PZ_DestroyLock(freeListLock));
freeListLock = NULL;
}
@ -5277,15 +5277,15 @@ void
nsslowcert_DestroyGlobalLocks(void)
{
if (dbLock) {
PZ_DestroyLock(dbLock);
SKIP_AFTER_FORK(PZ_DestroyLock(dbLock));
dbLock = NULL;
}
if (certRefCountLock) {
PZ_DestroyLock(certRefCountLock);
SKIP_AFTER_FORK(PZ_DestroyLock(certRefCountLock));
certRefCountLock = NULL;
}
if (certTrustLock) {
PZ_DestroyLock(certTrustLock);
SKIP_AFTER_FORK(PZ_DestroyLock(certTrustLock));
certTrustLock = NULL;
}
}

6
security/nss/lib/softoken/lgglue.c
View File

@ -46,6 +46,7 @@
#include "prenv.h"
#include "lgglue.h"
#include "secerr.h"
#include "softoken.h"
static LGOpenFunc legacy_glue_open = NULL;
static LGReadSecmodFunc legacy_glue_readSecmod = NULL;
@ -411,7 +412,10 @@ sftkdbCall_Shutdown(void)
return CKR_OK;
}
if (legacy_glue_shutdown) {
crv = (*legacy_glue_shutdown)();
#ifdef NO_FORK_CHECK
PRBool parentForkedAfterC_Initialize = PR_FALSE;
#endif
crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
}
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
if (!disableUnload) {

4
security/nss/lib/softoken/lgglue.h
View File

@ -66,10 +66,10 @@ typedef SECStatus (*LGDeleteSecmodFunc)(const char *appName,
typedef SECStatus (*LGAddSecmodFunc)(const char *appName,
const char *filename,
const char *dbname, char *params, PRBool rw);
typedef SECStatus (*LGShutdownFunc)(void);
typedef SECStatus (*LGShutdownFunc)(PRBool forked);
typedef void (*LGSetForkStateFunc)(PRBool);
typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
/*
* Softoken Glue Functions
*/

128
security/nss/lib/softoken/pkcs11.c
View File

@ -68,6 +68,8 @@
#include "sftkdb.h"
#include "sftkpars.h"
PRBool parentForkedAfterC_Initialize;
#ifndef NO_FORK_CHECK
#if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED)
@ -484,7 +486,8 @@ static const struct mechanismList mechanisms[] = {
};
static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
static PRBool nsc_init = PR_FALSE;
/* sigh global so fipstokn can read it */
PRBool nsc_init = PR_FALSE;
#if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED)
@ -1190,6 +1193,21 @@ validateSecretKey(SFTKSession *session, SFTKObject *object,
attribute->attrib.ulValueLen);
sftk_FreeAttribute(attribute);
break;
case CKK_AES:
attribute = sftk_FindAttribute(object,CKA_VALUE);
/* shouldn't happen */
if (attribute == NULL)
return CKR_TEMPLATE_INCOMPLETE;
if (attribute->attrib.ulValueLen != 16 &&
attribute->attrib.ulValueLen != 24 &&
attribute->attrib.ulValueLen != 32) {
sftk_FreeAttribute(attribute);
return CKR_KEY_SIZE_RANGE;
}
crv = sftk_forceAttribute(object, CKA_VALUE_LEN,
&attribute->attrib.ulValueLen, sizeof(CK_ULONG));
sftk_FreeAttribute(attribute);
break;
default:
break;
}
@ -2224,12 +2242,12 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot)
/* first log out the card */
handle = sftk_getKeyDB(slot);
PZ_Lock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
slot->isLoggedIn = PR_FALSE;
if (handle) {
sftkdb_ClearPassword(handle);
}
PZ_Unlock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
if (handle) {
sftk_freeDB(handle);
}
@ -2242,7 +2260,7 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot)
for (i=0; i < slot->sessHashSize; i++) {
PZLock *lock = SFTK_SESSION_LOCK(slot,i);
do {
PZ_Lock(lock);
SKIP_AFTER_FORK(PZ_Lock(lock));
session = slot->head[i];
/* hand deque */
/* this duplicates function of NSC_close session functions, but
@ -2252,15 +2270,15 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot)
slot->head[i] = session->next;
if (session->next) session->next->prev = NULL;
session->next = session->prev = NULL;
PZ_Unlock(lock);
PZ_Lock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Unlock(lock));
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
--slot->sessionCount;
PZ_Unlock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
if (session->info.flags & CKF_RW_SESSION) {
PR_AtomicDecrement(&slot->rwSessionCount);
}
} else {
PZ_Unlock(lock);
SKIP_AFTER_FORK(PZ_Unlock(lock));
}
if (session) sftk_FreeSession(session);
} while (session != NULL);
@ -2283,12 +2301,12 @@ sftk_DBShutdown(SFTKSlot *slot)
{
SFTKDBHandle *certHandle;
SFTKDBHandle *keyHandle;
PZ_Lock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
certHandle = slot->certDB;
slot->certDB = NULL;
keyHandle = slot->keyDB;
slot->keyDB = NULL;
PZ_Unlock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
if (certHandle) {
sftk_freeDB(certHandle);
}
@ -2355,12 +2373,12 @@ SFTK_DestroySlotData(SFTKSlot *slot)
/* OK everything has been disassembled, now we can finally get rid
* of the locks */
PZ_DestroyLock(slot->slotLock);
SKIP_AFTER_FORK(PZ_DestroyLock(slot->slotLock));
slot->slotLock = NULL;
if (slot->sessionLock) {
for (i=0; i < slot->numSessionLocks; i++) {
if (slot->sessionLock[i]) {
PZ_DestroyLock(slot->sessionLock[i]);
SKIP_AFTER_FORK(PZ_DestroyLock(slot->sessionLock[i]));
slot->sessionLock[i] = NULL;
}
}
@ -2368,11 +2386,11 @@ SFTK_DestroySlotData(SFTKSlot *slot)
slot->sessionLock = NULL;
}
if (slot->objectLock) {
PZ_DestroyLock(slot->objectLock);
SKIP_AFTER_FORK(PZ_DestroyLock(slot->objectLock));
slot->objectLock = NULL;
}
if (slot->pwCheckLock) {
PR_DestroyLock(slot->pwCheckLock);
SKIP_AFTER_FORK(PR_DestroyLock(slot->pwCheckLock));
slot->pwCheckLock = NULL;
}
PORT_Free(slot);
@ -2514,6 +2532,11 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
crv = CKR_DEVICE_ERROR;
return crv;
}
rv = BL_Init(); /* initialize freebl engine */
if (rv != SECSuccess) {
crv = CKR_DEVICE_ERROR;
return crv;
}
RNG_SystemInfoForRNG();
@ -2523,7 +2546,7 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
* off from the rest on NSS.
*/
/* initialize the key and cert db's */
/* initialize the key and cert db's */
if (init_args && (!(init_args->flags & CKF_OS_LOCKING_OK))) {
if (init_args->CreateMutex && init_args->DestroyMutex &&
init_args->LockMutex && init_args->UnlockMutex) {
@ -2562,9 +2585,11 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
sftk_closePeer(isFIPS);
if (sftk_audit_enabled) {
if (isFIPS && nsc_init) {
sftk_LogAuditMessage(NSS_AUDIT_INFO, "enabled FIPS mode");
sftk_LogAuditMessage(NSS_AUDIT_INFO, NSS_AUDIT_FIPS_STATE,
"enabled FIPS mode");
} else {
sftk_LogAuditMessage(NSS_AUDIT_INFO, "disabled FIPS mode");
sftk_LogAuditMessage(NSS_AUDIT_INFO, NSS_AUDIT_FIPS_STATE,
"disabled FIPS mode");
}
}
}
@ -2627,7 +2652,7 @@ CK_RV NSC_Initialize(CK_VOID_PTR pReserved)
{
CK_RV crv;
CHECK_FORK();
sftk_ForkReset(pReserved, &crv);
if (nsc_init) {
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
@ -2642,9 +2667,13 @@ CK_RV NSC_Initialize(CK_VOID_PTR pReserved)
* Cryptoki library.*/
CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS)
{
/* propagate the fork status to freebl and util */
BL_SetForkState(parentForkedAfterC_Initialize);
UTIL_SetForkState(parentForkedAfterC_Initialize);
nscFreeAllSlots(isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE);
/* don't muck with the globals is our peer is still initialized */
/* don't muck with the globals if our peer is still initialized */
if (isFIPS && nsc_init) {
return CKR_OK;
}
@ -2660,33 +2689,77 @@ CK_RV nsc_CommonFinalize (CK_VOID_PTR pReserved, PRBool isFIPS)
/* tell freeBL to clean up after itself */
BL_Cleanup();
/* unload freeBL shared library from memory */
/* reset fork status in freebl. We must do this before BL_Unload so that
* this call doesn't force freebl to be reloaded. */
BL_SetForkState(PR_FALSE);
/* unload freeBL shared library from memory. This may only decrement the
* OS refcount if it's been loaded multiple times, eg. by libssl */
BL_Unload();
/* clean up the default OID table */
SECOID_Shutdown();
/* reset fork status in util */
UTIL_SetForkState(PR_FALSE);
nsc_init = PR_FALSE;
#ifdef SOLARIS
#ifdef CHECK_FORK_MIXED
if (!usePthread_atfork) {
myPid = 0; /* allow CHECK_FORK in the next softoken initialization to
* succeed */
} else {
forked = PR_FALSE; /* allow reinitialization */
}
#elif defined(XP_UNIX) && !defined(LINUX)
#elif defined(CHECK_FORK_GETPID)
myPid = 0; /* allow reinitialization */
#elif defined (CHECK_FORK_PTHREAD)
forked = PR_FALSE; /* allow reinitialization */
#endif
return CKR_OK;
}
/* Hard-reset the entire softoken PKCS#11 module if the parent process forked
* while it was initialized. */
PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv)
{
#ifndef NO_FORK_CHECK
if (PARENT_FORKED()) {
parentForkedAfterC_Initialize = PR_TRUE;
if (nsc_init) {
/* finalize non-FIPS token */
*crv = nsc_CommonFinalize(pReserved, PR_FALSE);
PORT_Assert(CKR_OK == *crv);
nsc_init = (PRBool) !(*crv == CKR_OK);
}
if (nsf_init) {
/* finalize FIPS token */
*crv = nsc_CommonFinalize(pReserved, PR_TRUE);
PORT_Assert(CKR_OK == *crv);
nsf_init = (PRBool) !(*crv == CKR_OK);
}
parentForkedAfterC_Initialize = PR_FALSE;
return PR_TRUE;
}
#endif
return PR_FALSE;
}
/* NSC_Finalize indicates that an application is done with the
* Cryptoki library.*/
CK_RV NSC_Finalize (CK_VOID_PTR pReserved)
{
CK_RV crv;
CHECK_FORK();
/* reset entire PKCS#11 module upon fork */
if (sftk_ForkReset(pReserved, &crv)) {
return crv;
}
if (!nsc_init) {
return CKR_OK;
return CKR_OK;
}
crv = nsc_CommonFinalize (pReserved, PR_FALSE);
@ -3347,7 +3420,12 @@ CK_RV NSC_CloseAllSessions (CK_SLOT_ID slotID)
{
SFTKSlot *slot;
CHECK_FORK();
#ifndef NO_CHECK_FORK
/* skip fork check if we are being called from C_Initialize or C_Finalize */
if (!parentForkedAfterC_Initialize) {
CHECK_FORK();
}
#endif
slot = sftk_SlotFromID(slotID, PR_FALSE);
if (slot == NULL) return CKR_SLOT_ID_INVALID;

2
security/nss/lib/softoken/pkcs11c.c
View File

@ -4126,7 +4126,7 @@ ecgn_done:
"self-test: pair-wise consistency test failed",
(PRUint32)hSession,(PRUint32)pMechanism->mechanism,
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}
return crv;
}

1
security/nss/lib/softoken/pkcs11i.h
View File

@ -584,6 +584,7 @@ SEC_BEGIN_PROTOS
extern PRBool nsf_init;
extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv);
extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);

11
security/nss/lib/softoken/pkcs11u.c
View File

@ -45,6 +45,7 @@
#include "secerr.h"
#include "prnetdb.h" /* for PR_ntohl */
#include "sftkdb.h"
#include "softoken.h"
/*
* ******************** Attribute Utilities *******************************
@ -843,12 +844,12 @@ sftk_lookupTokenKeyByHandle(SFTKSlot *slot, CK_OBJECT_HANDLE handle)
*/
static void
sftk_tokenKeyLock(SFTKSlot *slot) {
PZ_Lock(slot->objectLock);
SKIP_AFTER_FORK(PZ_Lock(slot->objectLock));
}
static void
sftk_tokenKeyUnlock(SFTKSlot *slot) {
PZ_Unlock(slot->objectLock);
SKIP_AFTER_FORK(PZ_Unlock(slot->objectLock));
}
static PRIntn
@ -966,7 +967,7 @@ sftk_CleanupFreeList(SFTKObjectFreeList *list, PRBool isSessionList)
if (!list->lock) {
return;
}
PZ_Lock(list->lock);
SKIP_AFTER_FORK(PZ_Lock(list->lock));
for (object= list->head; object != NULL;
object = sftk_freeObjectData(object)) {
PZ_DestroyLock(object->refLock);
@ -976,8 +977,8 @@ sftk_CleanupFreeList(SFTKObjectFreeList *list, PRBool isSessionList)
}
list->count = 0;
list->head = NULL;
PZ_Unlock(list->lock);
PZ_DestroyLock(list->lock);
SKIP_AFTER_FORK(PZ_Unlock(list->lock));
SKIP_AFTER_FORK(PZ_DestroyLock(list->lock));
list->lock = NULL;
}

9
security/nss/lib/softoken/sdb.c
View File

@ -1653,6 +1653,14 @@ static int tableExists(sqlite3 *sqlDB, const char *tableName)
return (sqlerr == SQLITE_OK) ? 1 : 0;
}
void sdb_SetForkState(PRBool forked)
{
/* XXXright now this is a no-op. The global fork state in the softokn3
* shared library is already taken care of at the PKCS#11 level.
* If and when we add fork state to the sqlite shared library and extern
* interface, we will need to set it and reset it from here */
}
/*
* initialize a single database
*/
@ -1900,6 +1908,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
sdb->sdb_Commit = sdb_Commit;
sdb->sdb_Abort = sdb_Abort;
sdb->sdb_Close = sdb_Close;
sdb->sdb_SetForkState = sdb_SetForkState;
if (inTransaction) {
sqlerr = sqlite3_exec(sqlDB, COMMIT_CMD, NULL, 0, NULL);

1
security/nss/lib/softoken/sdb.h
View File

@ -94,6 +94,7 @@ struct SDBStr {
CK_RV (*sdb_Abort)(SDB *sdb);
CK_RV (*sdb_Reset)(SDB *sdb);
CK_RV (*sdb_Close)(SDB *sdb);
void (*sdb_SetForkState)(PRBool forked);
};
CK_RV s_open(const char *directory, const char *certPrefix,

59
security/nss/lib/softoken/sftkdb.c
View File

@ -60,6 +60,7 @@
#include "lgglue.h"
#include "sftkpars.h"
#include "secerr.h"
#include "softoken.h"
/*
* We want all databases to have the same binary representation independent of
@ -76,11 +77,18 @@ static PRBool
sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type)
{
switch(type) {
case CKA_CLASS:
case CKA_CERTIFICATE_TYPE:
case CKA_CERTIFICATE_CATEGORY:
case CKA_KEY_TYPE:
case CKA_CERTIFICATE_TYPE:
case CKA_CLASS:
case CKA_JAVA_MIDP_SECURITY_DOMAIN:
case CKA_KEY_GEN_MECHANISM:
case CKA_KEY_TYPE:
case CKA_MECHANISM_TYPE:
case CKA_MODULUS_BITS:
case CKA_PRIME_BITS:
case CKA_SUBPRIME_BITS:
case CKA_VALUE_BITS:
case CKA_VALUE_LEN:
case CKA_TRUST_DIGITAL_SIGNATURE:
case CKA_TRUST_NON_REPUDIATION:
@ -873,12 +881,12 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
/* fetch the subject of the source. For creation and merge, this should
* be found in the template */
attr2 = sftkdb_getAttributeFromConstTemplate(CKA_SUBJECT, ptemplate, len);
if ((attr2 == NULL) || (attr2->ulValueLen == 0)) {
if (sourceID == CK_INVALID_HANDLE) {
if (sourceID == CK_INVALID_HANDLE) {
if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen < 0)) {
crv = CKR_TEMPLATE_INCOMPLETE;
goto done;
}
} else if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen <= 0)) {
/* sourceID is set if we are trying to modify an existing entry instead
* of creating a new one. In this case the subject may not be (probably
* isn't) in the template, we have to read it from the database */
@ -889,11 +897,11 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
if (crv != CKR_OK) {
goto done;
}
if (subject.ulValueLen <= 0) {
if ((CK_LONG)subject.ulValueLen < 0) {
crv = CKR_DEVICE_ERROR; /* closest pkcs11 error to corrupted DB */
goto done;
}
temp1 = subject.pValue = PORT_Alloc(subject.ulValueLen);
temp1 = subject.pValue = PORT_Alloc(++subject.ulValueLen);
if (temp1 == NULL) {
crv = CKR_HOST_MEMORY;
goto done;
@ -934,7 +942,7 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
* source subject is too big, and therefore not a match. GetAttributeValue
* will return CKR_BUFFER_TOO_SMALL. Otherwise it should be exactly enough
* space (or enough space to be able to compare the result. */
temp2 = findTemplate[0].pValue = PORT_Alloc(attr2->ulValueLen);
temp2 = findTemplate[0].pValue = PORT_Alloc(++findTemplate[0].ulValueLen);
if (temp2 == NULL) {
crv = CKR_HOST_MEMORY;
goto done;
@ -954,7 +962,9 @@ sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
/* Ok, we have both subjects, make sure they are the same.
* Compare the subjects */
if ((findTemplate[0].ulValueLen != attr2->ulValueLen) ||
(PORT_Memcmp(findTemplate[0].pValue,attr2->pValue,attr2->ulValueLen) != 0)) {
(attr2->ulValueLen > 0 &&
PORT_Memcmp(findTemplate[0].pValue, attr2->pValue, attr2->ulValueLen)
!= 0)) {
crv = CKR_ATTRIBUTE_VALUE_INVALID;
goto loser;
}
@ -1392,17 +1402,26 @@ loser:
CK_RV
sftkdb_CloseDB(SFTKDBHandle *handle)
{
#ifdef NO_FORK_CHECK
PRBool parentForkedAfterC_Initialize = PR_FALSE;
#endif
if (handle == NULL) {
return CKR_OK;
}
if (handle->update) {
if (handle->db->sdb_SetForkState) {
(*handle->db->sdb_SetForkState)(parentForkedAfterC_Initialize);
}
(*handle->update->sdb_Close)(handle->update);
}
if (handle->db) {
if (handle->db->sdb_SetForkState) {
(*handle->db->sdb_SetForkState)(parentForkedAfterC_Initialize);
}
(*handle->db->sdb_Close)(handle->db);
}
if (handle->passwordLock) {
PZ_DestroyLock(handle->passwordLock);
SKIP_AFTER_FORK(PZ_DestroyLock(handle->passwordLock));
}
if (handle->updatePasswordKey) {
SECITEM_FreeItem(handle->updatePasswordKey, PR_TRUE);
@ -1750,7 +1769,7 @@ typedef enum {
} sftkdbUpdateStatus;
/*
* helper function to reconsile a single trust entry.
* helper function to reconcile a single trust entry.
* Identify which trust entry we want to keep.
* If we don't need to do anything (the records are already equal).
* return SFTKDB_DO_NOTHING.
@ -1765,7 +1784,7 @@ typedef enum {
* any SFTKDB_MODIFY_OBJECT returns.
*/
sftkdbUpdateStatus
sftkdb_reconsileTrustEntry(PRArenaPool *arena, CK_ATTRIBUTE *target,
sftkdb_reconcileTrustEntry(PRArenaPool *arena, CK_ATTRIBUTE *target,
CK_ATTRIBUTE *source)
{
CK_ULONG targetTrust = sftkdb_getULongFromTemplate(target->type,
@ -1849,12 +1868,12 @@ const CK_ATTRIBUTE_TYPE sftkdb_trustList[] =
#define SFTK_TRUST_TEMPLATE_COUNT \
(sizeof(sftkdb_trustList)/sizeof(sftkdb_trustList[0]))
/*
* Run through the list of known trust types, and reconsile each trust
* Run through the list of known trust types, and reconcile each trust
* entry one by one. Keep track of we really need to write out the source
* trust object (overwriting the existing one).
*/
static sftkdbUpdateStatus
sftkdb_reconsileTrust(PRArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
sftkdb_reconcileTrust(PRArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
{
CK_ATTRIBUTE trustTemplate[SFTK_TRUST_TEMPLATE_COUNT];
@ -1900,7 +1919,7 @@ sftkdb_reconsileTrust(PRArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
continue;
}
status = sftkdb_reconsileTrustEntry(arena, &trustTemplate[i], attr);
status = sftkdb_reconcileTrustEntry(arena, &trustTemplate[i], attr);
if (status == SFTKDB_MODIFY_OBJECT) {
update = SFTKDB_MODIFY_OBJECT;
} else if (status == SFTKDB_DROP_ATTRIBUTE) {
@ -2062,9 +2081,9 @@ sftkdb_updateObjectTemplate(PRArenaPool *arena, SDB *db,
return sftkdb_handleIDAndName(arena, db, id, ptemplate, plen);
case CKO_NSS_TRUST:
/* if we have conflicting trust object types,
* we need to reconsile them */
* we need to reconcile them */
*targetID = id;
return sftkdb_reconsileTrust(arena, db, id, ptemplate, plen);
return sftkdb_reconcileTrust(arena, db, id, ptemplate, plen);
case CKO_SECRET_KEY:
/* secret keys in the old database are all sdr keys,
* unfortunately they all appear to have the same CKA_ID,
@ -2364,12 +2383,12 @@ sftk_getKeyDB(SFTKSlot *slot)
{
SFTKDBHandle *dbHandle;
PZ_Lock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
dbHandle = slot->keyDB;
if (dbHandle) {
PR_AtomicIncrement(&dbHandle->ref);
}
PZ_Unlock(slot->slotLock);
SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
return dbHandle;
}

6
security/nss/lib/softoken/sftkpwd.c
View File

@ -66,7 +66,7 @@
#include "prsystem.h"
#include "lgglue.h"
#include "secerr.h"
#include "softoken.h"
/******************************************************************
*
@ -540,14 +540,14 @@ sftkdb_switchKeys(SFTKDBHandle *keydb, SECItem *passKey)
}
/* an atomic pointer set would be nice */
PZ_Lock(keydb->passwordLock);
SKIP_AFTER_FORK(PZ_Lock(keydb->passwordLock));
data = keydb->passwordKey.data;
len = keydb->passwordKey.len;
keydb->passwordKey.data = passKey->data;
keydb->passwordKey.len = passKey->len;
passKey->data = data;
passKey->len = len;
PZ_Unlock(keydb->passwordLock);
SKIP_AFTER_FORK(PZ_Unlock(keydb->passwordLock));
}
/*

32
security/nss/lib/softoken/softoken.h
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: softoken.h,v 1.20 2008/11/19 00:16:56 julien.pierre.boogz%sun.com Exp $ */
/* $Id: softoken.h,v 1.22 2009/02/03 05:34:43 julien.pierre.boogz%sun.com Exp $ */
#ifndef _SOFTOKEN_H_
#define _SOFTOKEN_H_
@ -189,7 +189,8 @@ unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
*/
extern PRBool sftk_audit_enabled;
extern void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg);
extern void sftk_LogAuditMessage(NSSAuditSeverity severity,
NSSAuditType, const char *msg);
extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
@ -325,41 +326,41 @@ extern PRBool usePthread_atfork;
extern pid_t myPid;
extern PRBool forked;
#define CHECK_FORK() \
do { \
if (usePthread_atfork ? forked : (myPid && myPid != getpid()) ) { \
FORK_ASSERT(); \
return CKR_DEVICE_ERROR; \
} \
} while (0)
#define PARENT_FORKED() usePthread_atfork ? forked : (myPid && myPid != getpid())
#elif defined(CHECK_FORK_PTHREAD)
extern PRBool forked;
#define CHECK_FORK() \
do { if (forked) { FORK_ASSERT(); return CKR_DEVICE_ERROR; } } while (0)
#define PARENT_FORKED() forked
#else
#elif defined(CHECK_FORK_GETPID)
#include <unistd.h>
extern pid_t myPid;
#define PARENT_FORKED() myPid && myPid != getpid()
#endif
extern PRBool parentForkedAfterC_Initialize;
#define CHECK_FORK() \
do { \
if (myPid && myPid != getpid()) { \
if (PARENT_FORKED()) { \
FORK_ASSERT(); \
return CKR_DEVICE_ERROR; \
} \
} while (0)
#endif
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
#else
/* non-Unix platforms, or fork check disabled */
#define CHECK_FORK()
#define SKIP_AFTER_FORK(x) x
#ifndef NO_FORK_CHECK
#define NO_FORK_CHECK
@ -367,6 +368,7 @@ extern pid_t myPid;
#endif
SEC_END_PROTOS
#endif /* _SOFTOKEN_H_ */

23
security/nss/lib/softoken/softoknt.h
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: softoknt.h,v 1.4 2006/05/05 20:02:47 wtchang%redhat.com Exp $ */
/* $Id: softoknt.h,v 1.5 2009/01/27 23:13:21 rrelyea%redhat.com Exp $ */
#ifndef _SOFTOKNT_H_
#define _SOFTOKNT_H_
@ -70,4 +70,25 @@ typedef enum {
NSS_AUDIT_INFO = 1 /* informational messages */
} NSSAuditSeverity;
typedef enum {
NSS_AUDIT_ACCESS_KEY = 0,
NSS_AUDIT_CHANGE_KEY,
NSS_AUDIT_COPY_KEY,
NSS_AUDIT_CRYPT,
NSS_AUDIT_DERIVE_KEY,
NSS_AUDIT_DESTROY_KEY,
NSS_AUDIT_DIGEST_KEY,
NSS_AUDIT_FIPS_STATE,
NSS_AUDIT_GENERATE_KEY,
NSS_AUDIT_INIT_PIN,
NSS_AUDIT_INIT_TOKEN,
NSS_AUDIT_LOAD_KEY,
NSS_AUDIT_LOGIN,
NSS_AUDIT_LOGOUT,
NSS_AUDIT_SELF_TEST,
NSS_AUDIT_SET_PIN,
NSS_AUDIT_UNWRAP_KEY,
NSS_AUDIT_WRAP_KEY,
} NSSAuditType;
#endif /* _SOFTOKNT_H_ */

1
security/nss/lib/util/nssutil.def
View File

@ -235,6 +235,7 @@ NSS_Get_sgn_DigestInfoTemplate_Util;
;+NSSUTIL_3.12.3 { # NSS Utilities 3.12.3 release
;+ global:
SECITEM_ReallocItem;
UTIL_SetForkState;
;+ local:
;+ *;
;+};

18
security/nss/lib/util/secoid.c
View File

@ -1931,6 +1931,11 @@ SECOID_FindOIDTagDescription(SECOidTag tagnum)
return oidData ? oidData->desc : 0;
}
/* for now, this is only used in a single place, so it can remain static */
static PRBool parentForkedAfterC_Initialize;
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
/*
* free up the oid tables.
*/
@ -1951,7 +1956,7 @@ SECOID_Shutdown(void)
** the destruction of data that probably isn't initialized anyway.
*/
if (dynOidLock) {
NSSRWLock_LockWrite(dynOidLock);
SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock));
if (dynOidHash) {
PL_HashTableDestroy(dynOidHash);
dynOidHash = NULL;
@ -1967,8 +1972,8 @@ SECOID_Shutdown(void)
dynOidEntriesAllocated = 0;
dynOidEntriesUsed = 0;
NSSRWLock_UnlockWrite(dynOidLock);
NSSRWLock_Destroy(dynOidLock);
SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock));
SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock));
dynOidLock = NULL;
} else {
/* Since dynOidLock doesn't exist, then all the data it protects
@ -1985,3 +1990,10 @@ SECOID_Shutdown(void)
}
return SECSuccess;
}
void UTIL_SetForkState(PRBool forked)
{
parentForkedAfterC_Initialize = forked;
}

4
security/nss/lib/util/secoid.h
View File

@ -42,7 +42,7 @@
/*
* secoid.h - public data structures and prototypes for ASN.1 OID functions
*
* $Id: secoid.h,v 1.10 2008/06/14 14:20:38 wtc%google.com Exp $
* $Id: secoid.h,v 1.11 2009/02/03 05:34:47 julien.pierre.boogz%sun.com Exp $
*/
#include "plarena.h"
@ -147,6 +147,8 @@ extern SECStatus SECOID_Shutdown(void);
extern SECStatus SEC_StringToOID(PLArenaPool *pool, SECItem *to,
const char *from, PRUint32 len);
extern void UTIL_SetForkState(PRBool forked);
SEC_END_PROTOS
#endif /* _SECOID_H_ */

146
security/nss/tests/chains/chains.sh
View File

@ -71,12 +71,15 @@ chains_init()
CHAINS_SCENARIOS="${QADIR}/chains/scenarios/scenarios"
CERT_SN=$(date '+%m%d%H%M%S')
PK7_NONCE=$CERT_SN;
CERT_SN_CNT=$(date '+%m%d%H%M%S')
CERT_SN_FIX=$(expr ${CERT_SN_CNT} - 1000)
PK7_NONCE=$CERT_SN_CNT;
AIA_FILES="${HOSTDIR}/aiafiles"
CU_DATA=${HOSTDIR}/cu_data
CRL_DATA=${HOSTDIR}/crl_data
html_head "Certificate Chains Tests"
}
@ -102,6 +105,22 @@ print_cu_data()
echo "==="
}
set_cert_sn()
{
if [ -z "${SERIAL}" ]; then
CERT_SN_CNT=$(expr ${CERT_SN_CNT} + 1)
CERT_SN=${CERT_SN_CNT}
else
echo ${SERIAL} | cut -b 1 | grep '+' > /dev/null
if [ $? -eq 0 ]; then
CERT_SN=$(echo ${SERIAL} | cut -b 2-)
CERT_SN=$(expr ${CERT_SN_FIX} + ${CERT_SN})
else
CERT_SN=${SERIAL}
fi
fi
}
############################# create_db ################################
# local shell function to create certificate database
########################################################################
@ -119,8 +138,6 @@ create_db()
echo "certutil -N -d ${DB} -f ${DB}/dbpasswd"
${BINDIR}/certutil -N -d ${DB} -f ${DB}/dbpasswd
html_msg $? 0 "${SCENARIO}${TESTNAME}"
TESTDB=${DB}
}
########################### create_root_ca #############################
@ -131,7 +148,7 @@ create_root_ca()
ENTITY=$1
ENTITY_DB=${ENTITY}DB
CERT_SN=$(expr ${CERT_SN} + 1)
set_cert_sn
date >> ${NOISE_FILE} 2>&1
CTYPE_OPT=
@ -399,7 +416,7 @@ sign_cert()
REQ=${ENTITY}Req.der
CERT=${ENTITY}${ISSUER}.der
CERT_SN=$(expr ${CERT_SN} + 1)
set_cert_sn
EMAIL_OPT=
if [ "${TYPE}" = "Bridge" ]; then
@ -478,16 +495,83 @@ import_cert()
html_msg $? 0 "${SCENARIO}${TESTNAME}"
}
import_crl()
{
IMPORT=$1
DB=$2
CRL_NICK=`echo ${IMPORT} | cut -d: -f1`
CRL_FILE=${CRL_NICK}.crl
if [ ! -f "${CRL_FILE}" ]; then
return
fi
TESTNAME="Importing CRL ${CRL_FILE} to ${DB} database"
echo "${SCRIPTNAME}: ${TESTNAME}"
echo "crlutil -I -d ${DB} -f ${DB}/dbpasswd -i ${CRL_FILE}"
${BINDIR}/crlutil -I -d ${DB} -f ${DB}/dbpasswd -i ${CRL_FILE}
html_msg $? 0 "${SCENARIO}${TESTNAME}"
}
create_crl()
{
ISSUER=$1
ISSUER_DB=${ISSUER}DB
CRL=${ISSUER}.crl
DATE=$(date -u '+%Y%m%d%H%M%SZ')
UPDATE=$(expr $(date -u '+%Y') + 1)$(date -u '+%m%d%H%M%SZ')
echo "update=${DATE}" > ${CRL_DATA}
echo "nextupdate=${UPDATE}" >> ${CRL_DATA}
TESTNAME="Create CRL for ${ISSUER_DB}"
echo "${SCRIPTNAME}: ${TESTNAME}"
echo "crlutil -G -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL}"
echo "=== Crlutil input data ==="
cat ${CRL_DATA}
echo "==="
${BINDIR}/crlutil -G -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL} < ${CRL_DATA}
html_msg $? 0 "${SCENARIO}${TESTNAME}"
}
revoke_cert()
{
ISSUER=$1
ISSUER_DB=${ISSUER}DB
CRL=${ISSUER}.crl
set_cert_sn
sleep 1
DATE=$(date -u '+%Y%m%d%H%M%SZ')
echo "update=${DATE}" > ${CRL_DATA}
echo "addcert ${CERT_SN} ${DATE}" >> ${CRL_DATA}
TESTNAME="Revoking certificate with SN ${CERT_SN} issued by ${ISSUER}"
echo "${SCRIPTNAME}: ${TESTNAME}"
echo "crlutil -M -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL}"
echo "=== Crlutil input data ==="
cat ${CRL_DATA}
echo "==="
${BINDIR}/crlutil -M -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL} < ${CRL_DATA}
html_msg $? 0 "${SCENARIO}${TESTNAME}"
}
########################################################################
# List of global variables related to certificate verification:
#
# Generated by parse_config:
# TESTDB - DB used for testing
# DB - DB used for testing
# FETCH - fetch flag (used with AIA extension)
# POLICY - list of policies
# TRUST - trust anchor
# VERIFY - list of certificates to use as vfychain parameters
# EXP_RESULT - expected result
# REV_OPTS - revocation options
########################################################################
############################# verify_cert ##############################
@ -502,8 +586,8 @@ verify_cert()
VFY_CERTS=
VFY_LIST=
if [ -n "${TESTDB}" ]; then
DB_OPT="-d ${TESTDB}"
if [ -n "${DB}" ]; then
DB_OPT="-d ${DB}"
fi
if [ -n "${FETCH}" ]; then
@ -546,15 +630,15 @@ verify_cert()
fi
done
TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${DB_OPT} ${FETCH_OPT} ${POLICY_OPT} ${TRUST_OPT}"
TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${REV_OPTS} ${DB_OPT} ${FETCH_OPT} ${POLICY_OPT} ${TRUST_OPT}"
echo "${SCRIPTNAME}: ${TESTNAME}"
echo "vfychain ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
echo "vfychain ${DB_OPT} -pp -vv ${REV_OPTS} ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
if [ -z "${MEMLEAK_DBG}" ]; then
${BINDIR}/vfychain ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}
${BINDIR}/vfychain ${DB_OPT} -pp -vv ${REV_OPTS} ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}
RESULT=$?
else
${RUN_COMMAND_DBG} ${BINDIR}/vfychain ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT} 2>> ${LOGFILE}
${RUN_COMMAND_DBG} ${BINDIR}/vfychain ${REV_OPTS} ${DB_OPT} -pp -vv ${FETCH_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT} 2>> ${LOGFILE}
RESULT=$?
fi
@ -661,6 +745,17 @@ parse_config()
"import")
IMPORT="${VALUE}"
import_cert "${IMPORT}" "${DB}"
import_crl "${IMPORT}" "${DB}"
;;
"crl")
ISSUER="${VALUE}"
create_crl "${ISSUER}"
;;
"revoke")
REVOKE="${VALUE}"
;;
"serial")
SERIAL="${VALUE}"
;;
"verify")
VERIFY="${VALUE}"
@ -668,15 +763,16 @@ parse_config()
POLICY=
FETCH=
EXP_RESULT=
REV_OPTS=
;;
"cert")
VERIFY="${VERIFY} ${VALUE}"
;;
"testdb")
if [ -n "${VALUE}" ]; then
TESTDB="${VALUE}DB"
DB="${VALUE}DB"
else
TESTDB=
DB=
fi
;;
"trust")
@ -689,6 +785,18 @@ parse_config()
EXP_RESULT="${VALUE}"
parse_result
;;
"rev_type")
REV_OPTS="${REV_OPTS} -g ${VALUE}"
;;
"rev_flags")
REV_OPTS="${REV_OPTS} -h ${VALUE}"
;;
"rev_mtype")
REV_OPTS="${REV_OPTS} -m ${VALUE}"
;;
"rev_mflags")
REV_OPTS="${REV_OPTS} -s ${VALUE}"
;;
"scenario")
SCENARIO="${VALUE}: "
@ -701,6 +809,9 @@ parse_config()
LOGFILE="${LOGDIR}/${LOGNAME}"
fi
;;
"break")
break
;;
"")
if [ -n "${ENTITY}" ]; then
if [ -z "${DB}" ]; then
@ -717,6 +828,11 @@ parse_config()
verify_cert
VERIFY=
fi
if [ -n "${REVOKE}" ]; then
revoke_cert "${REVOKE}" "${DB}"
REVOKE=
fi
;;
*)
if [ `echo ${KEY} | cut -b 1` != "#" ]; then

4
security/nss/tests/chains/scenarios/realcerts.cfg
View File

@ -8,6 +8,7 @@ import TestUser51:x:
import PayPalRootCA:x:CT,C,C
import PayPalICA:x:
import PayPalEE:x:
import BrAirWaysBadSig:x:
verify TestUser50:x
result pass
@ -19,3 +20,6 @@ verify PayPalEE:x
policy OID.2.16.840.1.113733.1.7.23.6
result pass
verify BrAirWaysBadSig:x
result fail

82
security/nss/tests/chains/scenarios/revoc.cfg Normal file
View File

@ -0,0 +1,82 @@
scenario Revocation
entity Root
type Root
serial 10
entity CA0
type Intermediate
issuer Root
serial 11
entity CA1
type Intermediate
issuer CA0
serial 12
entity EE11
type EE
issuer CA1
serial 13
entity EE12
type EE
issuer CA1
serial 14
entity CA2
type Intermediate
issuer CA0
serial 15
entity EE21
type EE
issuer CA2
serial 16
crl Root
crl CA0
crl CA1
crl CA2
revoke CA1
serial 14
revoke CA0
serial 15
db All
import Root::CTu,CTu,CTu
import CA0:Root:
import CA1:CA0:
import CA2:CA0:
# EE11 - not revoked
verify EE11:CA1
trust Root:
rev_type leaf
rev_mtype crl
result pass
# EE12 - revoked
verify EE12:CA1
trust Root:
rev_type leaf
rev_mtype crl
result fail
# EE11 - CA1 not revoked
verify EE11:CA1
trust Root:
rev_type chain
rev_mtype crl
result pass
# EE21 - CA2 revoked
verify EE21:CA2
trust Root:
rev_type chain
rev_mtype crl
result fail

1
security/nss/tests/chains/scenarios/scenarios
View File

@ -12,3 +12,4 @@ bridgewithhalfaia.cfg
bridgewithpolicyextensionandmapping.cfg
realcerts.cfg
dsa.cfg
revoc.cfg

BIN
security/nss/tests/libpkix/certs/BrAirWaysBadSig.cert Normal file
View File

Binary file not shown.

BIN
security/nss/tests/libpkix/certs/PayPalEE.cert
View File

Binary file not shown.