| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* | 4 /* |
| 5 * This file manages PKCS #11 instances of certificates. | 5 * This file manages PKCS #11 instances of certificates. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "secport.h" | 8 #include "secport.h" |
| 9 #include "seccomon.h" | 9 #include "seccomon.h" |
| 10 #include "secmod.h" | 10 #include "secmod.h" |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 136 SECKEYPublicKey *pubKey= CERT_ExtractPublicKey(cert); | 136 SECKEYPublicKey *pubKey= CERT_ExtractPublicKey(cert); |
| 137 CK_ATTRIBUTE theTemplate; | 137 CK_ATTRIBUTE theTemplate; |
| 138 | 138 |
| 139 if (pubKey == NULL) { | 139 if (pubKey == NULL) { |
| 140 return PR_FALSE; | 140 return PR_FALSE; |
| 141 } | 141 } |
| 142 | 142 |
| 143 PK11_SETATTRS(&theTemplate,0,NULL,0); | 143 PK11_SETATTRS(&theTemplate,0,NULL,0); |
| 144 switch (pubKey->keyType) { | 144 switch (pubKey->keyType) { |
| 145 case rsaKey: | 145 case rsaKey: |
| 146 case rsaPssKey: |
| 147 case rsaOaepKey: |
| 146 PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data, | 148 PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data, |
| 147 pubKey->u.rsa.modulus.len); | 149 pubKey->u.rsa.modulus.len); |
| 148 break; | 150 break; |
| 149 case dsaKey: | 151 case dsaKey: |
| 150 PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dsa.publicValue.data
, | 152 PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dsa.publicValue.data
, |
| 151 pubKey->u.dsa.publicValue.len); | 153 pubKey->u.dsa.publicValue.len); |
| 152 break; | 154 break; |
| 153 case dhKey: | 155 case dhKey: |
| 154 PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dh.publicValue.data, | 156 PK11_SETATTRS(&theTemplate,CKA_VALUE, pubKey->u.dh.publicValue.data, |
| 155 pubKey->u.dh.publicValue.len); | 157 pubKey->u.dh.publicValue.len); |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 221 */ | 223 */ |
| 222 static CERTCertificate * | 224 static CERTCertificate * |
| 223 pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, | 225 pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, |
| 224 CK_ATTRIBUTE *privateLabel, char **nickptr) | 226 CK_ATTRIBUTE *privateLabel, char **nickptr) |
| 225 { | 227 { |
| 226 NSSCertificate *c; | 228 NSSCertificate *c; |
| 227 nssCryptokiObject *co = NULL; | 229 nssCryptokiObject *co = NULL; |
| 228 nssPKIObject *pkio; | 230 nssPKIObject *pkio; |
| 229 NSSToken *token; | 231 NSSToken *token; |
| 230 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); | 232 NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); |
| 231 PRStatus status; | |
| 232 | 233 |
| 233 /* Get the cryptoki object from the handle */ | 234 /* Get the cryptoki object from the handle */ |
| 234 token = PK11Slot_GetNSSToken(slot); | 235 token = PK11Slot_GetNSSToken(slot); |
| 235 if (token->defaultSession) { | 236 if (token->defaultSession) { |
| 236 co = nssCryptokiObject_Create(token, token->defaultSession, certID); | 237 co = nssCryptokiObject_Create(token, token->defaultSession, certID); |
| 237 } else { | 238 } else { |
| 238 PORT_SetError(SEC_ERROR_NO_TOKEN); | 239 PORT_SetError(SEC_ERROR_NO_TOKEN); |
| 239 } | 240 } |
| 240 if (!co) { | 241 if (!co) { |
| 241 return NULL; | 242 return NULL; |
| (...skipping 29 matching lines...) Expand all Loading... |
| 271 id.ulValueLen = c->id.size; | 272 id.ulValueLen = c->id.size; |
| 272 | 273 |
| 273 *nickptr = pk11_buildNickname(slot, &label, privateLabel, &id); | 274 *nickptr = pk11_buildNickname(slot, &label, privateLabel, &id); |
| 274 } | 275 } |
| 275 | 276 |
| 276 /* This function may destroy the cert in "c" and all its subordinate | 277 /* This function may destroy the cert in "c" and all its subordinate |
| 277 * structures, and replace the value in "c" with the address of a | 278 * structures, and replace the value in "c" with the address of a |
| 278 * different NSSCertificate that it found in the cache. | 279 * different NSSCertificate that it found in the cache. |
| 279 * Presumably, the nickname which we just output above remains valid. :) | 280 * Presumably, the nickname which we just output above remains valid. :) |
| 280 */ | 281 */ |
| 281 status = nssTrustDomain_AddCertsToCache(td, &c, 1); | 282 (void)nssTrustDomain_AddCertsToCache(td, &c, 1); |
| 282 return STAN_GetCERTCertificateOrRelease(c); | 283 return STAN_GetCERTCertificateOrRelease(c); |
| 283 } | 284 } |
| 284 | 285 |
| 285 /* | 286 /* |
| 286 * Build an CERTCertificate structure from a PKCS#11 object ID.... certID | 287 * Build an CERTCertificate structure from a PKCS#11 object ID.... certID |
| 287 * Must be a CertObject. This code does not explicitly checks that. | 288 * Must be a CertObject. This code does not explicitly checks that. |
| 288 */ | 289 */ |
| 289 CERTCertificate * | 290 CERTCertificate * |
| 290 PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, | 291 PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, |
| 291 CK_ATTRIBUTE *privateLabel) | 292 CK_ATTRIBUTE *privateLabel) |
| (...skipping 1081 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1373 * and moduleID is used as its key, with the slot series as its value. | 1374 * and moduleID is used as its key, with the slot series as its value. |
| 1374 */ | 1375 */ |
| 1375 slotid = SECITEM_AllocItem(NULL, NULL, | 1376 slotid = SECITEM_AllocItem(NULL, NULL, |
| 1376 sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID)); | 1377 sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID)); |
| 1377 if (!slotid) { | 1378 if (!slotid) { |
| 1378 PORT_SetError(SEC_ERROR_NO_MEMORY); | 1379 PORT_SetError(SEC_ERROR_NO_MEMORY); |
| 1379 return PR_FAILURE; | 1380 return PR_FAILURE; |
| 1380 } | 1381 } |
| 1381 moduleLock = SECMOD_GetDefaultModuleListLock(); | 1382 moduleLock = SECMOD_GetDefaultModuleListLock(); |
| 1382 if (!moduleLock) { | 1383 if (!moduleLock) { |
| 1384 SECITEM_FreeItem(slotid, PR_TRUE); |
| 1383 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); | 1385 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
| 1384 return PR_FAILURE; | 1386 return PR_FAILURE; |
| 1385 } | 1387 } |
| 1386 SECMOD_GetReadLock(moduleLock); | 1388 SECMOD_GetReadLock(moduleLock); |
| 1387 modules = SECMOD_GetDefaultModuleList(); | 1389 modules = SECMOD_GetDefaultModuleList(); |
| 1388 for (mlp = modules; mlp; mlp = mlp->next) { | 1390 for (mlp = modules; mlp; mlp = mlp->next) { |
| 1389 for (i = 0; i < mlp->module->slotCount; i++) { | 1391 for (i = 0; i < mlp->module->slotCount; i++) { |
| 1390 memcpy(slotid->data, &mlp->module->slots[i]->slotID, | 1392 memcpy(slotid->data, &mlp->module->slots[i]->slotID, |
| 1391 sizeof(CK_SLOT_ID)); | 1393 sizeof(CK_SLOT_ID)); |
| 1392 memcpy(&slotid->data[sizeof(CK_SLOT_ID)], &mlp->module->moduleID, | 1394 memcpy(&slotid->data[sizeof(CK_SLOT_ID)], &mlp->module->moduleID, |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1432 * slot, initially. Let's check for new tokens... | 1434 * slot, initially. Let's check for new tokens... |
| 1433 */ | 1435 */ |
| 1434 PK11SlotList *sl = PK11_GetAllTokens(CKM_INVALID_MECHANISM, | 1436 PK11SlotList *sl = PK11_GetAllTokens(CKM_INVALID_MECHANISM, |
| 1435 PR_FALSE, PR_FALSE, pwarg); | 1437 PR_FALSE, PR_FALSE, pwarg); |
| 1436 if (sl) { | 1438 if (sl) { |
| 1437 PK11SlotListElement *le; | 1439 PK11SlotListElement *le; |
| 1438 SECItem *slotid = SECITEM_AllocItem(NULL, NULL, | 1440 SECItem *slotid = SECITEM_AllocItem(NULL, NULL, |
| 1439 sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID)); | 1441 sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID)); |
| 1440 if (!slotid) { | 1442 if (!slotid) { |
| 1441 PORT_SetError(SEC_ERROR_NO_MEMORY); | 1443 PORT_SetError(SEC_ERROR_NO_MEMORY); |
| 1444 PK11_FreeSlotList(sl); |
| 1442 return NULL; | 1445 return NULL; |
| 1443 } | 1446 } |
| 1444 for (le = sl->head; le; le = le->next) { | 1447 for (le = sl->head; le; le = le->next) { |
| 1445 memcpy(slotid->data, &le->slot->slotID, | 1448 memcpy(slotid->data, &le->slot->slotID, |
| 1446 sizeof(CK_SLOT_ID)); | 1449 sizeof(CK_SLOT_ID)); |
| 1447 memcpy(&slotid->data[sizeof(CK_SLOT_ID)], | 1450 memcpy(&slotid->data[sizeof(CK_SLOT_ID)], |
| 1448 &le->slot->module->moduleID, | 1451 &le->slot->module->moduleID, |
| 1449 sizeof(SECMODModuleID)); | 1452 sizeof(SECMODModuleID)); |
| 1450 /* | 1453 /* |
| 1451 * Any changes with the slot since our last check? | 1454 * Any changes with the slot since our last check? |
| (...skipping 546 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1998 } | 2001 } |
| 1999 nssCertificateArray_Destroy(certs); | 2002 nssCertificateArray_Destroy(certs); |
| 2000 } | 2003 } |
| 2001 return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure; | 2004 return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure; |
| 2002 } | 2005 } |
| 2003 | 2006 |
| 2004 SECStatus | 2007 SECStatus |
| 2005 PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, | 2008 PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, |
| 2006 SECStatus(* callback)(CERTCertificate*, void *), void *arg) | 2009 SECStatus(* callback)(CERTCertificate*, void *), void *arg) |
| 2007 { | 2010 { |
| 2008 struct nss3_cert_cbstr pk11cb; | |
| 2009 PRStatus nssrv = PR_SUCCESS; | 2011 PRStatus nssrv = PR_SUCCESS; |
| 2010 NSSToken *token; | 2012 NSSToken *token; |
| 2011 NSSTrustDomain *td; | 2013 NSSTrustDomain *td; |
| 2012 NSSUTF8 *nick; | 2014 NSSUTF8 *nick; |
| 2013 PRBool created = PR_FALSE; | 2015 PRBool created = PR_FALSE; |
| 2014 nssCryptokiObject **instances; | 2016 nssCryptokiObject **instances; |
| 2015 nssPKIObjectCollection *collection = NULL; | 2017 nssPKIObjectCollection *collection = NULL; |
| 2016 NSSCertificate **certs; | 2018 NSSCertificate **certs; |
| 2017 nssList *nameList = NULL; | 2019 nssList *nameList = NULL; |
| 2018 nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; | 2020 nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; |
| 2019 pk11cb.callback = callback; | |
| 2020 pk11cb.arg = arg; | |
| 2021 token = PK11Slot_GetNSSToken(slot); | 2021 token = PK11Slot_GetNSSToken(slot); |
| 2022 if (!nssToken_IsPresent(token)) { | 2022 if (!nssToken_IsPresent(token)) { |
| 2023 return SECSuccess; | 2023 return SECSuccess; |
| 2024 } | 2024 } |
| 2025 if (nickname->data[nickname->len-1] != '\0') { | 2025 if (nickname->data[nickname->len-1] != '\0') { |
| 2026 nick = nssUTF8_Create(NULL, nssStringType_UTF8String, | 2026 nick = nssUTF8_Create(NULL, nssStringType_UTF8String, |
| 2027 nickname->data, nickname->len); | 2027 nickname->data, nickname->len); |
| 2028 created = PR_TRUE; | 2028 created = PR_TRUE; |
| 2029 } else { | 2029 } else { |
| 2030 nick = (NSSUTF8 *)nickname->data; | 2030 nick = (NSSUTF8 *)nickname->data; |
| (...skipping 662 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2693 * Use of the API should be limited to short-lived tools, which will exit immedi
ately | 2693 * Use of the API should be limited to short-lived tools, which will exit immedi
ately |
| 2694 * after using this API. | 2694 * after using this API. |
| 2695 * | 2695 * |
| 2696 * If you ignore this warning, your process is TAINTED and will most likely misb
ehave. | 2696 * If you ignore this warning, your process is TAINTED and will most likely misb
ehave. |
| 2697 */ | 2697 */ |
| 2698 SECStatus | 2698 SECStatus |
| 2699 __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) | 2699 __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) |
| 2700 { | 2700 { |
| 2701 /* Can't set nickname of temp cert. */ | 2701 /* Can't set nickname of temp cert. */ |
| 2702 if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { | 2702 if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { |
| 2703 return SEC_ERROR_INVALID_ARGS; | 2703 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 2704 return SECFailure; |
| 2704 } | 2705 } |
| 2705 return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); | 2706 return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); |
| 2706 } | 2707 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1504923011:
Update NSS to 3.21 RTM and NSPR to 4.11 RTM (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/nss