| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * The following handles the loading, unloading and management of | 5 * The following handles the loading, unloading and management of |
| 6 * various PCKS #11 modules | 6 * various PCKS #11 modules |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include <ctype.h> | 9 #include <ctype.h> |
| 10 #include "pkcs11.h" | 10 #include "pkcs11.h" |
| 11 #include "seccomon.h" | 11 #include "seccomon.h" |
| 12 #include "secmod.h" | 12 #include "secmod.h" |
| 13 #include "secmodi.h" | 13 #include "secmodi.h" |
| 14 #include "secmodti.h" | 14 #include "secmodti.h" |
| 15 #include "pki3hack.h" | 15 #include "pki3hack.h" |
| 16 #include "secerr.h" | 16 #include "secerr.h" |
| 17 | 17 |
| 18 #include "pk11pars.h" | 18 #include "utilpars.h" |
| 19 | 19 |
| 20 /* create a new module */ | 20 /* create a new module */ |
| 21 static SECMODModule * | 21 static SECMODModule * |
| 22 secmod_NewModule(void) | 22 secmod_NewModule(void) |
| 23 { | 23 { |
| 24 SECMODModule *newMod; | 24 SECMODModule *newMod; |
| 25 PRArenaPool *arena; | 25 PRArenaPool *arena; |
| 26 | 26 |
| 27 | 27 |
| 28 /* create an arena in which dllName and commonName can be | 28 /* create an arena in which dllName and commonName can be |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 if (mod == NULL) return NULL; | 141 if (mod == NULL) return NULL; |
| 142 | 142 |
| 143 mod->commonName = PORT_ArenaStrdup(mod->arena,moduleName ? moduleName : ""); | 143 mod->commonName = PORT_ArenaStrdup(mod->arena,moduleName ? moduleName : ""); |
| 144 if (library) { | 144 if (library) { |
| 145 mod->dllName = PORT_ArenaStrdup(mod->arena,library); | 145 mod->dllName = PORT_ArenaStrdup(mod->arena,library); |
| 146 } | 146 } |
| 147 /* new field */ | 147 /* new field */ |
| 148 if (parameters) { | 148 if (parameters) { |
| 149 mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); | 149 mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); |
| 150 } | 150 } |
| 151 mod->internal = secmod_argHasFlag("flags","internal",nssc); | 151 mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); |
| 152 mod->isFIPS = secmod_argHasFlag("flags","FIPS",nssc); | 152 mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); |
| 153 mod->isCritical = secmod_argHasFlag("flags","critical",nssc); | 153 mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); |
| 154 slotParams = secmod_argGetParamValue("slotParams",nssc); | 154 slotParams = NSSUTIL_ArgGetParamValue("slotParams",nssc); |
| 155 mod->slotInfo = secmod_argParseSlotInfo(mod->arena,slotParams, | 155 mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams, |
| 156 &mod->slotInfoCount); | 156 &mod->slotInfoCount); |
| 157 if (slotParams) PORT_Free(slotParams); | 157 if (slotParams) PORT_Free(slotParams); |
| 158 /* new field */ | 158 /* new field */ |
| 159 mod->trustOrder = secmod_argReadLong("trustOrder",nssc, | 159 mod->trustOrder = NSSUTIL_ArgReadLong("trustOrder",nssc, |
| 160 » » » » » SECMOD_DEFAULT_TRUST_ORDER,NULL); | 160 » » » » » NSSUTIL_DEFAULT_TRUST_ORDER,NULL); |
| 161 /* new field */ | 161 /* new field */ |
| 162 mod->cipherOrder = secmod_argReadLong("cipherOrder",nssc, | 162 mod->cipherOrder = NSSUTIL_ArgReadLong("cipherOrder",nssc, |
| 163 » » » » » SECMOD_DEFAULT_CIPHER_ORDER,NULL); | 163 » » » » » NSSUTIL_DEFAULT_CIPHER_ORDER,NULL); |
| 164 /* new field */ | 164 /* new field */ |
| 165 mod->isModuleDB = secmod_argHasFlag("flags","moduleDB",nssc); | 165 mod->isModuleDB = NSSUTIL_ArgHasFlag("flags","moduleDB",nssc); |
| 166 mod->moduleDBOnly = secmod_argHasFlag("flags","moduleDBOnly",nssc); | 166 mod->moduleDBOnly = NSSUTIL_ArgHasFlag("flags","moduleDBOnly",nssc); |
| 167 if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE; | 167 if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE; |
| 168 | 168 |
| 169 /* we need more bits, but we also want to preserve binary compatibility | 169 /* we need more bits, but we also want to preserve binary compatibility |
| 170 * so we overload the isModuleDB PRBool with additional flags. | 170 * so we overload the isModuleDB PRBool with additional flags. |
| 171 * These flags are only valid if mod->isModuleDB is already set. | 171 * These flags are only valid if mod->isModuleDB is already set. |
| 172 * NOTE: this depends on the fact that PRBool is at least a char on | 172 * NOTE: this depends on the fact that PRBool is at least a char on |
| 173 * all platforms. These flags are only valid if moduleDB is set, so | 173 * all platforms. These flags are only valid if moduleDB is set, so |
| 174 * code checking if (mod->isModuleDB) will continue to work correctly. */ | 174 * code checking if (mod->isModuleDB) will continue to work correctly. */ |
| 175 if (mod->isModuleDB) { | 175 if (mod->isModuleDB) { |
| 176 char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB; | 176 char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB; |
| 177 » if (secmod_argHasFlag("flags","skipFirst",nssc)) { | 177 » if (NSSUTIL_ArgHasFlag("flags","skipFirst",nssc)) { |
| 178 flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST; | 178 flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST; |
| 179 } | 179 } |
| 180 » if (secmod_argHasFlag("flags","defaultModDB",nssc)) { | 180 » if (NSSUTIL_ArgHasFlag("flags","defaultModDB",nssc)) { |
| 181 flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB; | 181 flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB; |
| 182 } | 182 } |
| 183 /* additional moduleDB flags could be added here in the future */ | 183 /* additional moduleDB flags could be added here in the future */ |
| 184 mod->isModuleDB = (PRBool) flags; | 184 mod->isModuleDB = (PRBool) flags; |
| 185 } | 185 } |
| 186 | 186 |
| 187 if (mod->internal) { | 187 if (mod->internal) { |
| 188 char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL; | 188 char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL; |
| 189 | 189 |
| 190 » if (secmod_argHasFlag("flags", "internalKeySlot", nssc)) { | 190 » if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) { |
| 191 flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; | 191 flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; |
| 192 } | 192 } |
| 193 mod->internal = (PRBool) flags; | 193 mod->internal = (PRBool) flags; |
| 194 } | 194 } |
| 195 | 195 |
| 196 ciphers = secmod_argGetParamValue("ciphers",nssc); | 196 ciphers = NSSUTIL_ArgGetParamValue("ciphers",nssc); |
| 197 secmod_argSetNewCipherFlags(&mod->ssl[0],ciphers); | 197 NSSUTIL_ArgParseCipherFlags(&mod->ssl[0],ciphers); |
| 198 if (ciphers) PORT_Free(ciphers); | 198 if (ciphers) PORT_Free(ciphers); |
| 199 | 199 |
| 200 secmod_PrivateModuleCount++; | 200 secmod_PrivateModuleCount++; |
| 201 | 201 |
| 202 return mod; | 202 return mod; |
| 203 } | 203 } |
| 204 | 204 |
| 205 PRBool | 205 PRBool |
| 206 SECMOD_GetSkipFirstFlag(SECMODModule *mod) | 206 SECMOD_GetSkipFirstFlag(SECMODModule *mod) |
| 207 { | 207 { |
| (...skipping 24 matching lines...) Expand all Loading... |
| 232 char flags = (char) mod->internal; | 232 char flags = (char) mod->internal; |
| 233 | 233 |
| 234 if (val) { | 234 if (val) { |
| 235 flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; | 235 flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; |
| 236 } else { | 236 } else { |
| 237 flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT; | 237 flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT; |
| 238 } | 238 } |
| 239 mod->internal = flags; | 239 mod->internal = flags; |
| 240 } | 240 } |
| 241 | 241 |
| 242 /* forward declarations */ | |
| 243 static int secmod_escapeSize(const char *string, char quote); | |
| 244 static char *secmod_addEscape(const char *string, char quote); | |
| 245 | |
| 246 /* | 242 /* |
| 247 * copy desc and value into target. Target is known to be big enough to | 243 * copy desc and value into target. Target is known to be big enough to |
| 248 * hold desc +2 +value, which is good because the result of this will be | 244 * hold desc +2 +value, which is good because the result of this will be |
| 249 * *desc"*value". We may, however, have to add some escapes for special | 245 * *desc"*value". We may, however, have to add some escapes for special |
| 250 * characters imbedded into value (rare). This string potentially comes from | 246 * characters imbedded into value (rare). This string potentially comes from |
| 251 * a user, so we don't want the user overflowing the target buffer by using | 247 * a user, so we don't want the user overflowing the target buffer by using |
| 252 * excessive escapes. To prevent this we count the escapes we need to add and | 248 * excessive escapes. To prevent this we count the escapes we need to add and |
| 253 * try to expand the buffer with Realloc. | 249 * try to expand the buffer with Realloc. |
| 254 */ | 250 */ |
| 255 static char * | 251 static char * |
| 256 secmod_doDescCopy(char *target, int *targetLen, const char *desc, | 252 secmod_doDescCopy(char *target, int *targetLen, const char *desc, |
| 257 int descLen, char *value) | 253 int descLen, char *value) |
| 258 { | 254 { |
| 259 int diff, esc_len; | 255 int diff, esc_len; |
| 260 | 256 |
| 261 esc_len = secmod_escapeSize(value, '\"') - 1; | 257 esc_len = NSSUTIL_EscapeSize(value, '\"') - 1; |
| 262 diff = esc_len - strlen(value); | 258 diff = esc_len - strlen(value); |
| 263 if (diff > 0) { | 259 if (diff > 0) { |
| 264 /* we need to escape... expand newSpecPtr as well to make sure | 260 /* we need to escape... expand newSpecPtr as well to make sure |
| 265 * we don't overflow it */ | 261 * we don't overflow it */ |
| 266 char *newPtr = PORT_Realloc(target, *targetLen * diff); | 262 char *newPtr = PORT_Realloc(target, *targetLen * diff); |
| 267 if (!newPtr) { | 263 if (!newPtr) { |
| 268 return target; /* not enough space, just drop the whole copy */ | 264 return target; /* not enough space, just drop the whole copy */ |
| 269 } | 265 } |
| 270 *targetLen += diff; | 266 *targetLen += diff; |
| 271 target = newPtr; | 267 target = newPtr; |
| 272 » value = secmod_addEscape(value, '\"'); | 268 » value = NSSUTIL_Escape(value, '\"'); |
| 273 if (value == NULL) { | 269 if (value == NULL) { |
| 274 return target; /* couldn't escape value, just drop the copy */ | 270 return target; /* couldn't escape value, just drop the copy */ |
| 275 } | 271 } |
| 276 } | 272 } |
| 277 PORT_Memcpy(target, desc, descLen); | 273 PORT_Memcpy(target, desc, descLen); |
| 278 target += descLen; | 274 target += descLen; |
| 279 *target++='\"'; | 275 *target++='\"'; |
| 280 PORT_Memcpy(target, value, esc_len); | 276 PORT_Memcpy(target, value, esc_len); |
| 281 target += esc_len; | 277 target += esc_len; |
| 282 *target++='\"'; | 278 *target++='\"'; |
| 279 if (diff > 0) { |
| 280 PORT_Free(value); |
| 281 } |
| 283 return target; | 282 return target; |
| 284 } | 283 } |
| 285 | 284 |
| 286 #define SECMOD_SPEC_COPY(new, start, end) \ | 285 #define SECMOD_SPEC_COPY(new, start, end) \ |
| 287 if (end > start) { \ | 286 if (end > start) { \ |
| 288 int _cnt = end - start; \ | 287 int _cnt = end - start; \ |
| 289 PORT_Memcpy(new, start, _cnt); \ | 288 PORT_Memcpy(new, start, _cnt); \ |
| 290 new += _cnt; \ | 289 new += _cnt; \ |
| 291 } | 290 } |
| 292 #define SECMOD_TOKEN_DESCRIPTION "tokenDescription=" | 291 #define SECMOD_TOKEN_DESCRIPTION "tokenDescription=" |
| (...skipping 27 matching lines...) Expand all Loading... |
| 320 int i; | 319 int i; |
| 321 | 320 |
| 322 if (newSpec == NULL) { | 321 if (newSpec == NULL) { |
| 323 return NULL; | 322 return NULL; |
| 324 } | 323 } |
| 325 | 324 |
| 326 *children = NULL; | 325 *children = NULL; |
| 327 if (ids) { | 326 if (ids) { |
| 328 *ids = NULL; | 327 *ids = NULL; |
| 329 } | 328 } |
| 330 moduleSpec = secmod_argStrip(moduleSpec); | 329 moduleSpec = NSSUTIL_ArgStrip(moduleSpec); |
| 331 SECMOD_SPEC_COPY(newSpecPtr, modulePrev, moduleSpec); | 330 SECMOD_SPEC_COPY(newSpecPtr, modulePrev, moduleSpec); |
| 332 | 331 |
| 333 /* Notes on 'convert' and 'isFIPS' flags: The base parameters for opening | 332 /* Notes on 'convert' and 'isFIPS' flags: The base parameters for opening |
| 334 * a new softoken module takes the following parameters to name the | 333 * a new softoken module takes the following parameters to name the |
| 335 * various tokens: | 334 * various tokens: |
| 336 * | 335 * |
| 337 * cryptoTokenDescription: name of the non-fips crypto token. | 336 * cryptoTokenDescription: name of the non-fips crypto token. |
| 338 * cryptoSlotDescription: name of the non-fips crypto slot. | 337 * cryptoSlotDescription: name of the non-fips crypto slot. |
| 339 * dbTokenDescription: name of the non-fips db token. | 338 * dbTokenDescription: name of the non-fips db token. |
| 340 * dbSlotDescription: name of the non-fips db slot. | 339 * dbSlotDescription: name of the non-fips db slot. |
| (...skipping 11 matching lines...) Expand all Loading... |
| 352 * (either db or FIPS based on the isFIPS flag) to tokenDescription and | 351 * (either db or FIPS based on the isFIPS flag) to tokenDescription and |
| 353 * slotDescription). | 352 * slotDescription). |
| 354 */ | 353 */ |
| 355 /* | 354 /* |
| 356 * walk down the list. if we find a tokens= argument, save it, | 355 * walk down the list. if we find a tokens= argument, save it, |
| 357 * otherise copy the argument. | 356 * otherise copy the argument. |
| 358 */ | 357 */ |
| 359 while (*moduleSpec) { | 358 while (*moduleSpec) { |
| 360 int next; | 359 int next; |
| 361 modulePrev = moduleSpec; | 360 modulePrev = moduleSpec; |
| 362 » SECMOD_HANDLE_STRING_ARG(moduleSpec, target, "tokens=", | 361 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, target, "tokens=", |
| 363 modulePrev = moduleSpec; /* skip copying */ ) | 362 modulePrev = moduleSpec; /* skip copying */ ) |
| 364 » SECMOD_HANDLE_STRING_ARG(moduleSpec, tmp, "cryptoTokenDescription=", | 363 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "cryptoTokenDescription=", |
| 365 if (convert) { modulePrev = moduleSpec; } ); | 364 if (convert) { modulePrev = moduleSpec; } ); |
| 366 » SECMOD_HANDLE_STRING_ARG(moduleSpec, tmp, "cryptoSlotDescription=", | 365 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "cryptoSlotDescription=", |
| 367 if (convert) { modulePrev = moduleSpec; } ); | 366 if (convert) { modulePrev = moduleSpec; } ); |
| 368 » SECMOD_HANDLE_STRING_ARG(moduleSpec, tmp, "dbTokenDescription=", | 367 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "dbTokenDescription=", |
| 369 if (convert) { | 368 if (convert) { |
| 370 modulePrev = moduleSpec; | 369 modulePrev = moduleSpec; |
| 371 if (!isFIPS) { | 370 if (!isFIPS) { |
| 372 newSpecPtr = secmod_doDescCopy(newSpecPtr, | 371 newSpecPtr = secmod_doDescCopy(newSpecPtr, |
| 373 &newSpecLen, SECMOD_TOKEN_DESCRIPTION, | 372 &newSpecLen, SECMOD_TOKEN_DESCRIPTION, |
| 374 sizeof(SECMOD_TOKEN_DESCRIPTION)-1, tmp); | 373 sizeof(SECMOD_TOKEN_DESCRIPTION)-1, tmp); |
| 375 } | 374 } |
| 376 }); | 375 }); |
| 377 » SECMOD_HANDLE_STRING_ARG(moduleSpec, tmp, "dbSlotDescription=", | 376 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "dbSlotDescription=", |
| 378 if (convert) { | 377 if (convert) { |
| 379 modulePrev = moduleSpec; /* skip copying */ | 378 modulePrev = moduleSpec; /* skip copying */ |
| 380 if (!isFIPS) { | 379 if (!isFIPS) { |
| 381 newSpecPtr = secmod_doDescCopy(newSpecPtr, | 380 newSpecPtr = secmod_doDescCopy(newSpecPtr, |
| 382 &newSpecLen, SECMOD_SLOT_DESCRIPTION, | 381 &newSpecLen, SECMOD_SLOT_DESCRIPTION, |
| 383 sizeof(SECMOD_SLOT_DESCRIPTION)-1, tmp); | 382 sizeof(SECMOD_SLOT_DESCRIPTION)-1, tmp); |
| 384 } | 383 } |
| 385 } ); | 384 } ); |
| 386 » SECMOD_HANDLE_STRING_ARG(moduleSpec, tmp, "FIPSTokenDescription=", | 385 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "FIPSTokenDescription=", |
| 387 if (convert) { | 386 if (convert) { |
| 388 modulePrev = moduleSpec; /* skip copying */ | 387 modulePrev = moduleSpec; /* skip copying */ |
| 389 if (isFIPS) { | 388 if (isFIPS) { |
| 390 newSpecPtr = secmod_doDescCopy(newSpecPtr, | 389 newSpecPtr = secmod_doDescCopy(newSpecPtr, |
| 391 &newSpecLen, SECMOD_TOKEN_DESCRIPTION, | 390 &newSpecLen, SECMOD_TOKEN_DESCRIPTION, |
| 392 sizeof(SECMOD_TOKEN_DESCRIPTION)-1, tmp); | 391 sizeof(SECMOD_TOKEN_DESCRIPTION)-1, tmp); |
| 393 } | 392 } |
| 394 } ); | 393 } ); |
| 395 » SECMOD_HANDLE_STRING_ARG(moduleSpec, tmp, "FIPSSlotDescription=", | 394 » NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "FIPSSlotDescription=", |
| 396 if (convert) { | 395 if (convert) { |
| 397 modulePrev = moduleSpec; /* skip copying */ | 396 modulePrev = moduleSpec; /* skip copying */ |
| 398 if (isFIPS) { | 397 if (isFIPS) { |
| 399 newSpecPtr = secmod_doDescCopy(newSpecPtr, | 398 newSpecPtr = secmod_doDescCopy(newSpecPtr, |
| 400 &newSpecLen, SECMOD_SLOT_DESCRIPTION, | 399 &newSpecLen, SECMOD_SLOT_DESCRIPTION, |
| 401 sizeof(SECMOD_SLOT_DESCRIPTION)-1, tmp); | 400 sizeof(SECMOD_SLOT_DESCRIPTION)-1, tmp); |
| 402 } | 401 } |
| 403 } ); | 402 } ); |
| 404 » SECMOD_HANDLE_FINAL_ARG(moduleSpec) | 403 » NSSUTIL_HANDLE_FINAL_ARG(moduleSpec) |
| 405 SECMOD_SPEC_COPY(newSpecPtr, modulePrev, moduleSpec); | 404 SECMOD_SPEC_COPY(newSpecPtr, modulePrev, moduleSpec); |
| 406 } | 405 } |
| 407 if (tmp) { | 406 if (tmp) { |
| 408 PORT_Free(tmp); | 407 PORT_Free(tmp); |
| 409 tmp = NULL; | 408 tmp = NULL; |
| 410 } | 409 } |
| 411 *newSpecPtr = 0; | 410 *newSpecPtr = 0; |
| 412 | 411 |
| 413 /* no target found, return the newSpec */ | 412 /* no target found, return the newSpec */ |
| 414 if (target == NULL) { | 413 if (target == NULL) { |
| 415 return newSpec; | 414 return newSpec; |
| 416 } | 415 } |
| 417 | 416 |
| 418 /* now build the child array from target */ | 417 /* now build the child array from target */ |
| 419 /*first count them */ | 418 /*first count them */ |
| 420 for (tokenIndex = secmod_argStrip(target); *tokenIndex; | 419 for (tokenIndex = NSSUTIL_ArgStrip(target); *tokenIndex; |
| 421 » tokenIndex = secmod_argStrip(secmod_argSkipParameter(tokenIndex))) { | 420 » tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) { |
| 422 tokenCount++; | 421 tokenCount++; |
| 423 } | 422 } |
| 424 | 423 |
| 425 childArray = PORT_NewArray(char *, tokenCount+1); | 424 childArray = PORT_NewArray(char *, tokenCount+1); |
| 426 if (childArray == NULL) { | 425 if (childArray == NULL) { |
| 427 /* just return the spec as is then */ | 426 /* just return the spec as is then */ |
| 428 PORT_Free(target); | 427 PORT_Free(target); |
| 429 return newSpec; | 428 return newSpec; |
| 430 } | 429 } |
| 431 if (ids) { | 430 if (ids) { |
| 432 idArray = PORT_NewArray(CK_SLOT_ID, tokenCount+1); | 431 idArray = PORT_NewArray(CK_SLOT_ID, tokenCount+1); |
| 433 if (idArray == NULL) { | 432 if (idArray == NULL) { |
| 434 PORT_Free(childArray); | 433 PORT_Free(childArray); |
| 435 PORT_Free(target); | 434 PORT_Free(target); |
| 436 return newSpec; | 435 return newSpec; |
| 437 } | 436 } |
| 438 } | 437 } |
| 439 | 438 |
| 440 /* now fill them in */ | 439 /* now fill them in */ |
| 441 for (tokenIndex = secmod_argStrip(target), i=0 ; | 440 for (tokenIndex = NSSUTIL_ArgStrip(target), i=0 ; |
| 442 *tokenIndex && (i < tokenCount); | 441 *tokenIndex && (i < tokenCount); |
| 443 » » » tokenIndex=secmod_argStrip(tokenIndex)) { | 442 » » » tokenIndex=NSSUTIL_ArgStrip(tokenIndex)) { |
| 444 int next; | 443 int next; |
| 445 » char *name = secmod_argGetName(tokenIndex, &next); | 444 » char *name = NSSUTIL_ArgGetLabel(tokenIndex, &next); |
| 446 tokenIndex += next; | 445 tokenIndex += next; |
| 447 | 446 |
| 448 if (idArray) { | 447 if (idArray) { |
| 449 » idArray[i] = secmod_argDecodeNumber(name); | 448 » idArray[i] = NSSUTIL_ArgDecodeNumber(name); |
| 450 } | 449 } |
| 451 | 450 |
| 452 PORT_Free(name); /* drop the explicit number */ | 451 PORT_Free(name); /* drop the explicit number */ |
| 453 | 452 |
| 454 /* if anything is left, copy the args to the child array */ | 453 /* if anything is left, copy the args to the child array */ |
| 455 » if (!secmod_argIsBlank(*tokenIndex)) { | 454 » if (!NSSUTIL_ArgIsBlank(*tokenIndex)) { |
| 456 » childArray[i++] = secmod_argFetchValue(tokenIndex, &next); | 455 » childArray[i++] = NSSUTIL_ArgFetchValue(tokenIndex, &next); |
| 457 tokenIndex += next; | 456 tokenIndex += next; |
| 458 } | 457 } |
| 459 } | 458 } |
| 460 | 459 |
| 461 PORT_Free(target); | 460 PORT_Free(target); |
| 462 childArray[i] = 0; | 461 childArray[i] = 0; |
| 463 if (idArray) { | 462 if (idArray) { |
| 464 idArray[i] = 0; | 463 idArray[i] = 0; |
| 465 } | 464 } |
| 466 | 465 |
| 467 /* return it */ | 466 /* return it */ |
| 468 *children = childArray; | 467 *children = childArray; |
| 469 if (ids) { | 468 if (ids) { |
| 470 *ids = idArray; | 469 *ids = idArray; |
| 471 } | 470 } |
| 472 return newSpec; | 471 return newSpec; |
| 473 } | 472 } |
| 474 | 473 |
| 475 /* get the database and flags from the spec */ | 474 /* get the database and flags from the spec */ |
| 476 static char * | 475 static char * |
| 477 secmod_getConfigDir(char *spec, char **certPrefix, char **keyPrefix, | 476 secmod_getConfigDir(char *spec, char **certPrefix, char **keyPrefix, |
| 478 PRBool *readOnly) | 477 PRBool *readOnly) |
| 479 { | 478 { |
| 480 char * config = NULL; | 479 char * config = NULL; |
| 481 | 480 |
| 482 *certPrefix = NULL; | 481 *certPrefix = NULL; |
| 483 *keyPrefix = NULL; | 482 *keyPrefix = NULL; |
| 484 *readOnly = secmod_argHasFlag("flags","readOnly",spec); | 483 *readOnly = NSSUTIL_ArgHasFlag("flags","readOnly",spec); |
| 485 | 484 |
| 486 spec = secmod_argStrip(spec); | 485 spec = NSSUTIL_ArgStrip(spec); |
| 487 while (*spec) { | 486 while (*spec) { |
| 488 int next; | 487 int next; |
| 489 » SECMOD_HANDLE_STRING_ARG(spec, config, "configdir=", ;) | 488 » NSSUTIL_HANDLE_STRING_ARG(spec, config, "configdir=", ;) |
| 490 » SECMOD_HANDLE_STRING_ARG(spec, *certPrefix, "certPrefix=", ;) | 489 » NSSUTIL_HANDLE_STRING_ARG(spec, *certPrefix, "certPrefix=", ;) |
| 491 » SECMOD_HANDLE_STRING_ARG(spec, *keyPrefix, "keyPrefix=", ;) | 490 » NSSUTIL_HANDLE_STRING_ARG(spec, *keyPrefix, "keyPrefix=", ;) |
| 492 » SECMOD_HANDLE_FINAL_ARG(spec) | 491 » NSSUTIL_HANDLE_FINAL_ARG(spec) |
| 493 } | 492 } |
| 494 return config; | 493 return config; |
| 495 } | 494 } |
| 496 | 495 |
| 497 struct SECMODConfigListStr { | 496 struct SECMODConfigListStr { |
| 498 char *config; | 497 char *config; |
| 499 char *certPrefix; | 498 char *certPrefix; |
| 500 char *keyPrefix; | 499 char *keyPrefix; |
| 501 PRBool isReadOnly; | 500 PRBool isReadOnly; |
| 502 }; | 501 }; |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 663 for (thisChild = children; thisChild && *thisChild; thisChild++ ) { | 662 for (thisChild = children; thisChild && *thisChild; thisChild++ ) { |
| 664 PORT_Free(*thisChild); | 663 PORT_Free(*thisChild); |
| 665 } | 664 } |
| 666 PORT_Free(children); | 665 PORT_Free(children); |
| 667 if (ids) { | 666 if (ids) { |
| 668 PORT_Free(ids); | 667 PORT_Free(ids); |
| 669 } | 668 } |
| 670 return; | 669 return; |
| 671 } | 670 } |
| 672 | 671 |
| 673 | |
| 674 static int | |
| 675 secmod_escapeSize(const char *string, char quote) | |
| 676 { | |
| 677 int escapes = 0, size = 0; | |
| 678 const char *src; | |
| 679 for (src=string; *src ; src++) { | |
| 680 if ((*src == quote) || (*src == '\\')) escapes++; | |
| 681 size++; | |
| 682 } | |
| 683 | |
| 684 return escapes+size+1; | |
| 685 } | |
| 686 | |
| 687 | |
| 688 /* | |
| 689 * add escapes to protect quote characters... | |
| 690 */ | |
| 691 static char * | |
| 692 secmod_addEscape(const char *string, char quote) | |
| 693 { | |
| 694 char *newString = 0; | |
| 695 int size = 0; | |
| 696 const char *src; | |
| 697 char *dest; | |
| 698 | |
| 699 | |
| 700 size = secmod_escapeSize(string,quote); | |
| 701 newString = PORT_ZAlloc(size); | |
| 702 if (newString == NULL) { | |
| 703 return NULL; | |
| 704 } | |
| 705 | |
| 706 for (src=string, dest=newString; *src; src++,dest++) { | |
| 707 if ((*src == '\\') || (*src == quote)) { | |
| 708 *dest++ = '\\'; | |
| 709 } | |
| 710 *dest = *src; | |
| 711 } | |
| 712 | |
| 713 return newString; | |
| 714 } | |
| 715 | |
| 716 static int | |
| 717 secmod_doubleEscapeSize(const char *string, char quote1, char quote2) | |
| 718 { | |
| 719 int escapes = 0, size = 0; | |
| 720 const char *src; | |
| 721 for (src=string; *src ; src++) { | |
| 722 if (*src == '\\') escapes+=3; /* \\\\ */ | |
| 723 if (*src == quote1) escapes+=2; /* \\quote1 */ | |
| 724 if (*src == quote2) escapes++; /* \quote2 */ | |
| 725 size++; | |
| 726 } | |
| 727 | |
| 728 return escapes+size+1; | |
| 729 } | |
| 730 | |
| 731 char * | |
| 732 secmod_DoubleEscape(const char *string, char quote1, char quote2) | |
| 733 { | |
| 734 char *round1 = NULL; | |
| 735 char *retValue = NULL; | |
| 736 if (string == NULL) { | |
| 737 goto done; | |
| 738 } | |
| 739 round1 = secmod_addEscape(string,quote1); | |
| 740 if (round1) { | |
| 741 retValue = secmod_addEscape(round1,quote2); | |
| 742 PORT_Free(round1); | |
| 743 } | |
| 744 | |
| 745 done: | |
| 746 if (retValue == NULL) { | |
| 747 retValue = PORT_Strdup(""); | |
| 748 } | |
| 749 return retValue; | |
| 750 } | |
| 751 | |
| 752 | |
| 753 /* | 672 /* |
| 754 * caclulate the length of each child record: | 673 * caclulate the length of each child record: |
| 755 * " 0x{id}=<{escaped_child}>" | 674 * " 0x{id}=<{escaped_child}>" |
| 756 */ | 675 */ |
| 757 static int | 676 static int |
| 758 secmod_getChildLength(char *child, CK_SLOT_ID id) | 677 secmod_getChildLength(char *child, CK_SLOT_ID id) |
| 759 { | 678 { |
| 760 int length = secmod_doubleEscapeSize(child, '>', ']'); | 679 int length = NSSUTIL_DoubleEscapeSize(child, '>', ']'); |
| 761 if (id == 0) { | 680 if (id == 0) { |
| 762 length++; | 681 length++; |
| 763 } | 682 } |
| 764 while (id) { | 683 while (id) { |
| 765 length++; | 684 length++; |
| 766 id = id >> 4; | 685 id = id >> 4; |
| 767 } | 686 } |
| 768 length += 6; /* {sp}0x[id]=<{child}> */ | 687 length += 6; /* {sp}0x[id]=<{child}> */ |
| 769 return length; | 688 return length; |
| 770 } | 689 } |
| 771 | 690 |
| 772 /* | 691 /* |
| 773 * Build a child record: | 692 * Build a child record: |
| 774 * " 0x{id}=<{escaped_child}>" | 693 * " 0x{id}=<{escaped_child}>" |
| 775 */ | 694 */ |
| 776 static SECStatus | 695 static SECStatus |
| 777 secmod_mkTokenChild(char **next, int *length, char *child, CK_SLOT_ID id) | 696 secmod_mkTokenChild(char **next, int *length, char *child, CK_SLOT_ID id) |
| 778 { | 697 { |
| 779 int len; | 698 int len; |
| 780 char *escSpec; | 699 char *escSpec; |
| 781 | 700 |
| 782 len = PR_snprintf(*next, *length, " 0x%x=<",id); | 701 len = PR_snprintf(*next, *length, " 0x%x=<",id); |
| 783 if (len < 0) { | 702 if (len < 0) { |
| 784 return SECFailure; | 703 return SECFailure; |
| 785 } | 704 } |
| 786 *next += len; | 705 *next += len; |
| 787 *length -= len; | 706 *length -= len; |
| 788 escSpec = secmod_DoubleEscape(child, '>', ']'); | 707 escSpec = NSSUTIL_DoubleEscape(child, '>', ']'); |
| 789 if (escSpec == NULL) { | 708 if (escSpec == NULL) { |
| 790 return SECFailure; | 709 return SECFailure; |
| 791 } | 710 } |
| 792 if (*child && (*escSpec == 0)) { | 711 if (*child && (*escSpec == 0)) { |
| 793 PORT_Free(escSpec); | 712 PORT_Free(escSpec); |
| 794 return SECFailure; | 713 return SECFailure; |
| 795 } | 714 } |
| 796 len = strlen(escSpec); | 715 len = strlen(escSpec); |
| 797 if (len+1 > *length) { | 716 if (len+1 > *length) { |
| 798 PORT_Free(escSpec); | 717 PORT_Free(escSpec); |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 944 goto loser; | 863 goto loser; |
| 945 } | 864 } |
| 946 | 865 |
| 947 | 866 |
| 948 /* build the slot info strings */ | 867 /* build the slot info strings */ |
| 949 if (module->slotCount) { | 868 if (module->slotCount) { |
| 950 for (i=0, si= 0; i < module->slotCount; i++) { | 869 for (i=0, si= 0; i < module->slotCount; i++) { |
| 951 if (module->slots[i]->defaultFlags) { | 870 if (module->slots[i]->defaultFlags) { |
| 952 PORT_Assert(si < slotCount); | 871 PORT_Assert(si < slotCount); |
| 953 if (si >= slotCount) break; | 872 if (si >= slotCount) break; |
| 954 » » slotStrings[si] = secmod_mkSlotString(module->slots[i]->slotID, | 873 » » slotStrings[si] = NSSUTIL_MkSlotString(module->slots[i]->slotID, |
| 955 module->slots[i]->defaultFlags, | 874 module->slots[i]->defaultFlags, |
| 956 module->slots[i]->timeout, | 875 module->slots[i]->timeout, |
| 957 module->slots[i]->askpw, | 876 module->slots[i]->askpw, |
| 958 module->slots[i]->hasRootCerts, | 877 module->slots[i]->hasRootCerts, |
| 959 module->slots[i]->hasRootTrust); | 878 module->slots[i]->hasRootTrust); |
| 960 si++; | 879 si++; |
| 961 } | 880 } |
| 962 } | 881 } |
| 963 } else { | 882 } else { |
| 964 for (i=0; i < slotCount; i++) { | 883 for (i=0; i < slotCount; i++) { |
| 965 » » slotStrings[i] = secmod_mkSlotString(module->slotInfo[i].slotID, | 884 » » slotStrings[i] = NSSUTIL_MkSlotString( |
| 885 » » » module->slotInfo[i].slotID, |
| 966 module->slotInfo[i].defaultFlags, | 886 module->slotInfo[i].defaultFlags, |
| 967 module->slotInfo[i].timeout, | 887 module->slotInfo[i].timeout, |
| 968 module->slotInfo[i].askpw, | 888 module->slotInfo[i].askpw, |
| 969 module->slotInfo[i].hasRootCerts, | 889 module->slotInfo[i].hasRootCerts, |
| 970 module->slotInfo[i].hasRootTrust); | 890 module->slotInfo[i].hasRootTrust); |
| 971 } | 891 } |
| 972 } | 892 } |
| 973 | 893 |
| 974 SECMOD_ReleaseReadLock(moduleLock); | 894 SECMOD_ReleaseReadLock(moduleLock); |
| 975 nss = secmod_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS, | 895 nss = NSSUTIL_MkNSSString(slotStrings,slotCount,module->internal, |
| 976 » » module->isModuleDB, module->moduleDBOnly, | 896 » » module->isFIPS, module->isModuleDB, |
| 977 » » module->isCritical, module->trustOrder, | 897 » » module->moduleDBOnly, module->isCritical, |
| 978 » » module->cipherOrder,module->ssl[0],module->ssl[1]); | 898 » » module->trustOrder, module->cipherOrder, |
| 979 modSpec= secmod_mkNewModuleSpec(module->dllName,module->commonName, | 899 » » module->ssl[0],module->ssl[1]); |
| 900 modSpec= NSSUTIL_MkModuleSpec(module->dllName,module->commonName, |
| 980 module->libraryParams,nss); | 901 module->libraryParams,nss); |
| 981 PORT_Free(slotStrings); | 902 PORT_Free(slotStrings); |
| 982 PR_smprintf_free(nss); | 903 PR_smprintf_free(nss); |
| 983 loser: | 904 loser: |
| 984 return (modSpec); | 905 return (modSpec); |
| 985 } | 906 } |
| 986 | 907 |
| 987 | 908 |
| 988 char ** | 909 char ** |
| 989 SECMOD_GetModuleSpecList(SECMODModule *module) | 910 SECMOD_GetModuleSpecList(SECMODModule *module) |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1057 { | 978 { |
| 1058 char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL; | 979 char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL; |
| 1059 SECStatus status; | 980 SECStatus status; |
| 1060 SECMODModule *module = NULL; | 981 SECMODModule *module = NULL; |
| 1061 SECMODModule *oldModule = NULL; | 982 SECMODModule *oldModule = NULL; |
| 1062 SECStatus rv; | 983 SECStatus rv; |
| 1063 | 984 |
| 1064 /* initialize the underlying module structures */ | 985 /* initialize the underlying module structures */ |
| 1065 SECMOD_Init(); | 986 SECMOD_Init(); |
| 1066 | 987 |
| 1067 status = secmod_argParseModuleSpec(modulespec, &library, &moduleName, | 988 status = NSSUTIL_ArgParseModuleSpec(modulespec, &library, &moduleName, |
| 1068 ¶meters, &nss); | 989 ¶meters, &nss); |
| 1069 if (status != SECSuccess) { | 990 if (status != SECSuccess) { |
| 1070 goto loser; | 991 goto loser; |
| 1071 } | 992 } |
| 1072 | 993 |
| 1073 module = SECMOD_CreateModule(library, moduleName, parameters, nss); | 994 module = SECMOD_CreateModule(library, moduleName, parameters, nss); |
| 1074 if (library) PORT_Free(library); | 995 if (library) PORT_Free(library); |
| 1075 if (moduleName) PORT_Free(moduleName); | 996 if (moduleName) PORT_Free(moduleName); |
| 1076 if (parameters) PORT_Free(parameters); | 997 if (parameters) PORT_Free(parameters); |
| 1077 if (nss) PORT_Free(nss); | 998 if (nss) PORT_Free(nss); |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1204 | 1125 |
| 1205 SECMOD_GetReadLock(moduleLock); | 1126 SECMOD_GetReadLock(moduleLock); |
| 1206 rv = STAN_RemoveModuleFromDefaultTrustDomain(mod); | 1127 rv = STAN_RemoveModuleFromDefaultTrustDomain(mod); |
| 1207 SECMOD_ReleaseReadLock(moduleLock); | 1128 SECMOD_ReleaseReadLock(moduleLock); |
| 1208 if (SECSuccess != rv) { | 1129 if (SECSuccess != rv) { |
| 1209 return SECFailure; | 1130 return SECFailure; |
| 1210 } | 1131 } |
| 1211 return SECMOD_DeleteModuleEx(NULL, mod, &atype, PR_FALSE); | 1132 return SECMOD_DeleteModuleEx(NULL, mod, &atype, PR_FALSE); |
| 1212 } | 1133 } |
| 1213 | 1134 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11362174:
Update NSS to NSS 3.14 pre-release snapshot 2012-06-28 01:00:00 PDT. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/