PK11_DecryptWithSymKey and PK11_EncryptWithSymKey have been

mozilla/security/nss/lib/pk11wrap/pk11obj.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file manages object type indepentent functions.
  */
 #include "seccomon.h"
 #include "secmod.h"
 #include "secmodi.h"
 #include "secmodti.h"
@@ skipping 805 matching lines @@
     pk11_CloseSession(slot,session,owner);
     sig->len = len;
     if (crv != CKR_OK) {
         PORT_SetError( PK11_MapError(crv) );
         return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
-PK11_EncryptWithSymKey(PK11SymKey *symKey,
-                       CK_MECHANISM_TYPE mechanism, SECItem *param,
-                       unsigned char *out, unsigned int *outLen,
-                       unsigned int maxLen,
-                       const unsigned char *data, unsigned dataLen)
+PK11_Decrypt(PK11SymKey *symKey,
+             CK_MECHANISM_TYPE mechanism, SECItem *param,
+             unsigned char *out, unsigned int *outLen,
+             unsigned int maxLen,
+             const unsigned char *enc, unsigned encLen)
 {
     PK11SlotInfo *slot = symKey->slot;
     CK_MECHANISM mech = {0, NULL, 0 };
     CK_ULONG len = maxLen;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     PRBool haslock = PR_FALSE;
     CK_RV crv;
 
     mech.mechanism = mechanism;
     if (param) {
         mech.pParameter = param->data;
         mech.ulParameterLen = param->len;
     }
 
     session = pk11_GetNewSession(slot, &owner);
     haslock = (!owner || !slot->isThreadSafe);
     if (haslock) PK11_EnterSlotMonitor(slot);
-    crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech, symKey->objectID);
+    crv = PK11_GETTAB(slot)->C_DecryptInit(session, &mech, symKey->objectID);
     if (crv != CKR_OK) {
         if (haslock) PK11_ExitSlotMonitor(slot);
-        pk11_CloseSession(slot,session,owner);
+        pk11_CloseSession(slot, session, owner);
         PORT_SetError( PK11_MapError(crv) );
         return SECFailure;
     }
-    crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data,
-                                       dataLen, out, &len);
+
+    crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
+                                       out, &len);
     if (haslock) PK11_ExitSlotMonitor(slot);
-    pk11_CloseSession(slot,session,owner);
+    pk11_CloseSession(slot, session, owner);
     *outLen = len;
     if (crv != CKR_OK) {
         PORT_SetError( PK11_MapError(crv) );
         return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
-PK11_DecryptWithSymKey(PK11SymKey *symKey,
-                       CK_MECHANISM_TYPE mechanism, SECItem *param,
-                       unsigned char *out, unsigned int *outLen,
-                       unsigned int maxLen,
-                       const unsigned char *enc, unsigned encLen)
+PK11_Encrypt(PK11SymKey *symKey,
+             CK_MECHANISM_TYPE mechanism, SECItem *param,
+             unsigned char *out, unsigned int *outLen,
+             unsigned int maxLen,
+             const unsigned char *data, unsigned int dataLen)
 {
     PK11SlotInfo *slot = symKey->slot;
     CK_MECHANISM mech = {0, NULL, 0 };
     CK_ULONG len = maxLen;
     PRBool owner = PR_TRUE;
     CK_SESSION_HANDLE session;
     PRBool haslock = PR_FALSE;
     CK_RV crv;
 
     mech.mechanism = mechanism;
     if (param) {
         mech.pParameter = param->data;
         mech.ulParameterLen = param->len;
     }
 
     session = pk11_GetNewSession(slot, &owner);
     haslock = (!owner || !slot->isThreadSafe);
     if (haslock) PK11_EnterSlotMonitor(slot);
-    crv = PK11_GETTAB(slot)->C_DecryptInit(session, &mech, symKey->objectID);
+    crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech, symKey->objectID);
     if (crv != CKR_OK) {
         if (haslock) PK11_ExitSlotMonitor(slot);
-        pk11_CloseSession(slot, session, owner);
+        pk11_CloseSession(slot,session,owner);
         PORT_SetError( PK11_MapError(crv) );
         return SECFailure;
     }
-
-    crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
-                                       out, &len);
+    crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data,
+                                       dataLen, out, &len);
     if (haslock) PK11_ExitSlotMonitor(slot);
-    pk11_CloseSession(slot, session, owner);
+    pk11_CloseSession(slot,session,owner);
     *outLen = len;

[ramant (doing other things), 2013/03/29 19:35:10]

nit: why delete spaces between arguments in line# 903?

[wtc, 2013/03/29 20:52:19]

What I did here was to reorder the PK11_Encrypt and PK11_Decrypt
functions, listing PK11_Decrypt before Pk11_Encrypt.
In one function there were no spaces between the arguments.

NSS doesn't have a good Style Guide, so this kind of
inconsistency is common.

     if (crv != CKR_OK) {
         PORT_SetError( PK11_MapError(crv) );
         return SECFailure;
     }
     return SECSuccess;
 }
 
 /*
  * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use
  * RSA keys, or they'll fail. We do the checks up front. If anyone comes
@@ skipping 1052 matching lines @@
         PORT_SetError( PK11_MapError(crv) );
         return NULL;
     }
 
     item->data = (unsigned char*) theTemplate[0].pValue;
     item->len =theTemplate[0].ulValueLen;
 
     return item;
 }