OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * The following code handles the storage of PKCS 11 modules used by the | 5 * The following code handles the storage of PKCS 11 modules used by the |
6 * NSS. For the rest of NSS, only one kind of database handle exists: | 6 * NSS. For the rest of NSS, only one kind of database handle exists: |
7 * | 7 * |
8 * SFTKDBHandle | 8 * SFTKDBHandle |
9 * | 9 * |
10 * There is one SFTKDBHandle for the each key database and one for each cert | 10 * There is one SFTKDBHandle for the each key database and one for each cert |
(...skipping 846 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
857 sftkdb_PWCached(SFTKDBHandle *keydb) | 857 sftkdb_PWCached(SFTKDBHandle *keydb) |
858 { | 858 { |
859 return keydb->passwordKey.data ? SECSuccess : SECFailure; | 859 return keydb->passwordKey.data ? SECSuccess : SECFailure; |
860 } | 860 } |
861 | 861 |
862 | 862 |
863 static CK_RV | 863 static CK_RV |
864 sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, | 864 sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, |
865 CK_OBJECT_HANDLE id, SECItem *newKey) | 865 CK_OBJECT_HANDLE id, SECItem *newKey) |
866 { | 866 { |
867 CK_RV crv = CKR_OK; | |
868 CK_RV crv2; | |
869 CK_ATTRIBUTE authAttrs[] = { | 867 CK_ATTRIBUTE authAttrs[] = { |
870 {CKA_MODULUS, NULL, 0}, | 868 {CKA_MODULUS, NULL, 0}, |
871 {CKA_PUBLIC_EXPONENT, NULL, 0}, | 869 {CKA_PUBLIC_EXPONENT, NULL, 0}, |
872 {CKA_CERT_SHA1_HASH, NULL, 0}, | 870 {CKA_CERT_SHA1_HASH, NULL, 0}, |
873 {CKA_CERT_MD5_HASH, NULL, 0}, | 871 {CKA_CERT_MD5_HASH, NULL, 0}, |
874 {CKA_TRUST_SERVER_AUTH, NULL, 0}, | 872 {CKA_TRUST_SERVER_AUTH, NULL, 0}, |
875 {CKA_TRUST_CLIENT_AUTH, NULL, 0}, | 873 {CKA_TRUST_CLIENT_AUTH, NULL, 0}, |
876 {CKA_TRUST_EMAIL_PROTECTION, NULL, 0}, | 874 {CKA_TRUST_EMAIL_PROTECTION, NULL, 0}, |
877 {CKA_TRUST_CODE_SIGNING, NULL, 0}, | 875 {CKA_TRUST_CODE_SIGNING, NULL, 0}, |
878 {CKA_TRUST_STEP_UP_APPROVED, NULL, 0}, | 876 {CKA_TRUST_STEP_UP_APPROVED, NULL, 0}, |
879 {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, | 877 {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, |
880 }; | 878 }; |
881 CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); | 879 CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); |
882 int i, count; | 880 unsigned int i, count; |
883 SFTKDBHandle *keyHandle = handle; | 881 SFTKDBHandle *keyHandle = handle; |
884 SDB *keyTarget = NULL; | 882 SDB *keyTarget = NULL; |
885 | 883 |
886 id &= SFTK_OBJ_ID_MASK; | 884 id &= SFTK_OBJ_ID_MASK; |
887 | 885 |
888 if (handle->type != SFTK_KEYDB_TYPE) { | 886 if (handle->type != SFTK_KEYDB_TYPE) { |
889 keyHandle = handle->peerDB; | 887 keyHandle = handle->peerDB; |
890 } | 888 } |
891 | 889 |
892 if (keyHandle == NULL) { | 890 if (keyHandle == NULL) { |
893 return CKR_OK; | 891 return CKR_OK; |
894 } | 892 } |
895 | 893 |
896 /* old DB's don't have meta data, finished with MACs */ | 894 /* old DB's don't have meta data, finished with MACs */ |
897 keyTarget = SFTK_GET_SDB(keyHandle); | 895 keyTarget = SFTK_GET_SDB(keyHandle); |
898 if ((keyTarget->sdb_flags &SDB_HAS_META) == 0) { | 896 if ((keyTarget->sdb_flags &SDB_HAS_META) == 0) { |
899 return CKR_OK; | 897 return CKR_OK; |
900 } | 898 } |
901 | 899 |
902 /* | 900 /* |
903 * STEP 1: find the MACed attributes of this object | 901 * STEP 1: find the MACed attributes of this object |
904 */ | 902 */ |
905 crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); | 903 (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); |
906 count = 0; | 904 count = 0; |
907 /* allocate space for the attributes */ | 905 /* allocate space for the attributes */ |
908 for (i=0; i < authAttrCount; i++) { | 906 for (i=0; i < authAttrCount; i++) { |
909 if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)){ | 907 if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)){ |
910 continue; | 908 continue; |
911 } | 909 } |
912 count++; | 910 count++; |
913 authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); | 911 authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); |
914 if (authAttrs[i].pValue == NULL) { | 912 if (authAttrs[i].pValue == NULL) { |
915 crv = CKR_HOST_MEMORY; | |
916 break; | 913 break; |
917 } | 914 } |
918 } | 915 } |
919 | 916 |
920 /* if count was zero, none were found, finished with MACs */ | 917 /* if count was zero, none were found, finished with MACs */ |
921 if (count == 0) { | 918 if (count == 0) { |
922 return CKR_OK; | 919 return CKR_OK; |
923 } | 920 } |
924 | 921 |
925 crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); | 922 (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); |
926 /* ignore error code, we expect some possible errors */ | 923 /* ignore error code, we expect some possible errors */ |
927 | 924 |
928 /* GetAttributeValue just verified the old macs, safe to write | 925 /* GetAttributeValue just verified the old macs, safe to write |
929 * them out then... */ | 926 * them out then... */ |
930 for (i=0; i < authAttrCount; i++) { | 927 for (i=0; i < authAttrCount; i++) { |
931 SECItem *signText; | 928 SECItem *signText; |
932 SECItem plainText; | 929 SECItem plainText; |
933 SECStatus rv; | 930 SECStatus rv; |
934 | 931 |
935 if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)){ | 932 if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)){ |
(...skipping 26 matching lines...) Expand all Loading... |
962 CK_ATTRIBUTE *first, *last; | 959 CK_ATTRIBUTE *first, *last; |
963 CK_ATTRIBUTE privAttrs[] = { | 960 CK_ATTRIBUTE privAttrs[] = { |
964 {CKA_VALUE, NULL, 0}, | 961 {CKA_VALUE, NULL, 0}, |
965 {CKA_PRIVATE_EXPONENT, NULL, 0}, | 962 {CKA_PRIVATE_EXPONENT, NULL, 0}, |
966 {CKA_PRIME_1, NULL, 0}, | 963 {CKA_PRIME_1, NULL, 0}, |
967 {CKA_PRIME_2, NULL, 0}, | 964 {CKA_PRIME_2, NULL, 0}, |
968 {CKA_EXPONENT_1, NULL, 0}, | 965 {CKA_EXPONENT_1, NULL, 0}, |
969 {CKA_EXPONENT_2, NULL, 0}, | 966 {CKA_EXPONENT_2, NULL, 0}, |
970 {CKA_COEFFICIENT, NULL, 0} }; | 967 {CKA_COEFFICIENT, NULL, 0} }; |
971 CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); | 968 CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); |
972 int i, count; | 969 unsigned int i, count; |
973 | 970 |
974 /* | 971 /* |
975 * STEP 1. Read the old attributes in the clear. | 972 * STEP 1. Read the old attributes in the clear. |
976 */ | 973 */ |
977 | 974 |
978 /* Get the attribute sizes. | 975 /* Get the attribute sizes. |
979 * ignore the error code, we will have unknown attributes here */ | 976 * ignore the error code, we will have unknown attributes here */ |
980 crv2 = sftkdb_GetAttributeValue(keydb, id, privAttrs, privAttrCount); | 977 crv2 = sftkdb_GetAttributeValue(keydb, id, privAttrs, privAttrCount); |
981 | 978 |
982 /* | 979 /* |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1106 * must be called with the old key active. | 1103 * must be called with the old key active. |
1107 */ | 1104 */ |
1108 CK_RV | 1105 CK_RV |
1109 sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, | 1106 sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, |
1110 CK_ULONG count, SECItem *newKey) | 1107 CK_ULONG count, SECItem *newKey) |
1111 { | 1108 { |
1112 SDBFind *find = NULL; | 1109 SDBFind *find = NULL; |
1113 CK_ULONG idCount = SFTK_MAX_IDS; | 1110 CK_ULONG idCount = SFTK_MAX_IDS; |
1114 CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; | 1111 CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; |
1115 CK_RV crv, crv2; | 1112 CK_RV crv, crv2; |
1116 int i; | 1113 unsigned int i; |
1117 | 1114 |
1118 crv = sftkdb_FindObjectsInit(handle, template, count, &find); | 1115 crv = sftkdb_FindObjectsInit(handle, template, count, &find); |
1119 | 1116 |
1120 if (crv != CKR_OK) { | 1117 if (crv != CKR_OK) { |
1121 return crv; | 1118 return crv; |
1122 } | 1119 } |
1123 while ((crv == CKR_OK) && (idCount == SFTK_MAX_IDS)) { | 1120 while ((crv == CKR_OK) && (idCount == SFTK_MAX_IDS)) { |
1124 crv = sftkdb_FindObjects(handle, find, ids, SFTK_MAX_IDS, &idCount); | 1121 crv = sftkdb_FindObjects(handle, find, ids, SFTK_MAX_IDS, &idCount); |
1125 for (i=0; (crv == CKR_OK) && (i < idCount); i++) { | 1122 for (i=0; (crv == CKR_OK) && (i < idCount); i++) { |
1126 crv = sftk_convertAttributes(handle, ids[i], newKey); | 1123 crv = sftk_convertAttributes(handle, ids[i], newKey); |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1240 | 1237 |
1241 keydb->newKey = NULL; | 1238 keydb->newKey = NULL; |
1242 | 1239 |
1243 sftkdb_switchKeys(keydb, &newKey); | 1240 sftkdb_switchKeys(keydb, &newKey); |
1244 | 1241 |
1245 loser: | 1242 loser: |
1246 if (newKey.data) { | 1243 if (newKey.data) { |
1247 PORT_ZFree(newKey.data,newKey.len); | 1244 PORT_ZFree(newKey.data,newKey.len); |
1248 } | 1245 } |
1249 if (result) { | 1246 if (result) { |
1250 » SECITEM_FreeItem(result, PR_FALSE); | 1247 » SECITEM_FreeItem(result, PR_TRUE); |
1251 } | 1248 } |
1252 if (rv != SECSuccess) { | 1249 if (rv != SECSuccess) { |
1253 (*keydb->db->sdb_Abort)(keydb->db); | 1250 (*keydb->db->sdb_Abort)(keydb->db); |
1254 } | 1251 } |
1255 | 1252 |
1256 return rv; | 1253 return rv; |
1257 } | 1254 } |
1258 | 1255 |
1259 /* | 1256 /* |
1260 * lose our cached password | 1257 * lose our cached password |
1261 */ | 1258 */ |
1262 SECStatus | 1259 SECStatus |
1263 sftkdb_ClearPassword(SFTKDBHandle *keydb) | 1260 sftkdb_ClearPassword(SFTKDBHandle *keydb) |
1264 { | 1261 { |
1265 SECItem oldKey; | 1262 SECItem oldKey; |
1266 oldKey.data = NULL; | 1263 oldKey.data = NULL; |
1267 oldKey.len = 0; | 1264 oldKey.len = 0; |
1268 sftkdb_switchKeys(keydb, &oldKey); | 1265 sftkdb_switchKeys(keydb, &oldKey); |
1269 if (oldKey.data) { | 1266 if (oldKey.data) { |
1270 PORT_ZFree(oldKey.data, oldKey.len); | 1267 PORT_ZFree(oldKey.data, oldKey.len); |
1271 } | 1268 } |
1272 return SECSuccess; | 1269 return SECSuccess; |
1273 } | 1270 } |
1274 | 1271 |
1275 | 1272 |
OLD | NEW |