diff options
author | nelson%bolyard.com <devnull@localhost> | 2008-09-30 04:17:48 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2008-09-30 04:17:48 +0000 |
commit | d3144124ff36de9e06bcd9260c153aa59472fe2a (patch) | |
tree | d7d645d025c2b1a32a23095f9f05589844125c40 | |
parent | 0577fd47a1e0336a5cf72558a1613e602725cd36 (diff) | |
download | nss-hg-d3144124ff36de9e06bcd9260c153aa59472fe2a.tar.gz |
Remove dead functions for bug 311483. r=wtc
-rw-r--r-- | security/nss/lib/pkcs12/p12.h | 6 | ||||
-rw-r--r-- | security/nss/lib/pkcs12/p12e.c | 314 |
2 files changed, 0 insertions, 320 deletions
diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h index d2d17165e..8d1d4696d 100644 --- a/security/nss/lib/pkcs12/p12.h +++ b/security/nss/lib/pkcs12/p12.h @@ -151,12 +151,6 @@ SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, void *keySafe, void *keyNestedDest, PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm); -extern SECStatus -SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt, - void *certSafe, void *certNestedDest, SECItem *derCert, - void *keySafe, void *keyNestedDest, - SECKEYEncryptedPrivateKeyInfo *epki, char *nickname); - extern void * SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt, void *baseSafe, void *nestedDest); diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 7bb167ca0..9e7d62dfa 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -1180,97 +1180,6 @@ loser: return SECFailure; } -/* SEC_PKCS12AddEncryptedKey - * Extracts the key associated with a particular certificate and exports - * it. - * - * p12ctxt - the export context - * safe - the safeInfo to place the key in - * nestedDest - the nested safeContents to place a key - * cert - the certificate which the key belongs to - * shroudKey - encrypt the private key for export. This value should - * always be true. lower level code will not allow the export - * of unencrypted private keys. - * algorithm - the algorithm with which to encrypt the private key - * pwitem - the password to encrypted the private key with - * keyId - the keyID attribute - * nickName - the nickname attribute - */ -static SECStatus -SEC_PKCS12AddEncryptedKey(SEC_PKCS12ExportContext *p12ctxt, - SECKEYEncryptedPrivateKeyInfo *epki, SEC_PKCS12SafeInfo *safe, - void *nestedDest, SECItem *keyId, SECItem *nickName) -{ - void *mark; - void *keyItem; - SECOidTag keyType; - SECStatus rv = SECFailure; - sec_PKCS12SafeBag *returnBag; - - if(!p12ctxt || !safe || !epki) { - return SECFailure; - } - - mark = PORT_ArenaMark(p12ctxt->arena); - - keyItem = PORT_ArenaZAlloc(p12ctxt->arena, - sizeof(SECKEYEncryptedPrivateKeyInfo)); - if(!keyItem) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto loser; - } - - rv = SECKEY_CopyEncryptedPrivateKeyInfo(p12ctxt->arena, - (SECKEYEncryptedPrivateKeyInfo *)keyItem, - epki); - keyType = SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID; - - if(rv != SECSuccess) { - goto loser; - } - - /* create the safe bag and set any attributes */ - returnBag = sec_PKCS12CreateSafeBag(p12ctxt, keyType, keyItem); - if(!returnBag) { - rv = SECFailure; - goto loser; - } - - if(nickName) { - if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, - SEC_OID_PKCS9_FRIENDLY_NAME, nickName) - != SECSuccess) { - goto loser; - } - } - - if(keyId) { - if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, - SEC_OID_PKCS9_LOCAL_KEY_ID, - keyId) != SECSuccess) { - goto loser; - } - } - - if(nestedDest) { - rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena, - (sec_PKCS12SafeContents*)nestedDest, - returnBag); - } else { - rv = sec_pkcs12_append_bag(p12ctxt, safe, returnBag); - } - -loser: - - if (rv != SECSuccess) { - PORT_ArenaRelease(p12ctxt->arena, mark); - } else { - PORT_ArenaUnmark(p12ctxt->arena, mark); - } - - return rv; -} - /* SEC_PKCS12AddKeyForCert * Extracts the key associated with a particular certificate and exports * it. @@ -1425,89 +1334,6 @@ loser: return rv; } -/* SEC_PKCS12AddCertAndEncryptedKey - * Add a certificate and key pair to be exported. - * - * p12ctxt - the export context - * certSafe - the safeInfo where the cert is stored - * certNestedDest - the nested safeContents to store the cert - * keySafe - the safeInfo where the key is stored - * keyNestedDest - the nested safeContents to store the key - * shroudKey - extract the private key encrypted? - * pwitem - the password with which the key is encrypted - * algorithm - the algorithm with which the key is encrypted - */ -SECStatus -SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt, - void *certSafe, void *certNestedDest, - SECItem *derCert, void *keySafe, - void *keyNestedDest, SECKEYEncryptedPrivateKeyInfo *epki, - char *nickname) -{ - SECStatus rv = SECFailure; - SGNDigestInfo *digest = NULL; - void *mark = NULL; - CERTCertificate *cert; - SECItem nick = {siBuffer, NULL,0}, *nickPtr = NULL; - - if(!p12ctxt || !certSafe || !keySafe || !derCert) { - return SECFailure; - } - - mark = PORT_ArenaMark(p12ctxt->arena); - - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), - derCert, NULL, PR_FALSE, PR_FALSE); - if(!cert) { - PORT_ArenaRelease(p12ctxt->arena, mark); - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - cert->nickname = nickname; - - /* generate the thumbprint of the cert to use as a keyId */ - digest = sec_pkcs12_compute_thumbprint(&cert->derCert); - if(!digest) { - CERT_DestroyCertificate(cert); - return SECFailure; - } - - /* add the certificate */ - rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe, - certNestedDest, cert, NULL, - &digest->digest, PR_FALSE); - if(rv != SECSuccess) { - goto loser; - } - - if(nickname) { - nick.data = (unsigned char *)nickname; - nick.len = PORT_Strlen(nickname); - nickPtr = &nick; - } else { - nickPtr = NULL; - } - - /* add the key */ - rv = SEC_PKCS12AddEncryptedKey(p12ctxt, epki, (SEC_PKCS12SafeInfo*)keySafe, - keyNestedDest, &digest->digest, nickPtr ); - if(rv != SECSuccess) { - goto loser; - } - - SGN_DestroyDigestInfo(digest); - - PORT_ArenaUnmark(p12ctxt->arena, mark); - return SECSuccess; - -loser: - SGN_DestroyDigestInfo(digest); - CERT_DestroyCertificate(cert); - PORT_ArenaRelease(p12ctxt->arena, mark); - - return SECFailure; -} - /* SEC_PKCS12AddCertAndKey * Add a certificate and key pair to be exported. * @@ -2231,143 +2057,3 @@ SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12ecx) PORT_FreeArena(p12ecx->arena, PR_TRUE); } - -/********************************* - * All-in-one routines for exporting certificates - *********************************/ -struct inPlaceEncodeInfo { - PRBool error; - SECItem outItem; -}; - -static void -sec_pkcs12_in_place_encoder_output(void *arg, const char *buf, unsigned long len) -{ - struct inPlaceEncodeInfo *outInfo = (struct inPlaceEncodeInfo*)arg; - - if(!outInfo || !len || outInfo->error) { - return; - } - - if(!outInfo->outItem.data) { - outInfo->outItem.data = (unsigned char*)PORT_ZAlloc(len); - outInfo->outItem.len = 0; - } else { - if(!PORT_Realloc(&(outInfo->outItem.data), (outInfo->outItem.len + len))) { - SECITEM_ZfreeItem(&(outInfo->outItem), PR_FALSE); - outInfo->outItem.data = NULL; - PORT_SetError(SEC_ERROR_NO_MEMORY); - outInfo->error = PR_TRUE; - return; - } - } - - PORT_Memcpy(&(outInfo->outItem.data[outInfo->outItem.len]), buf, len); - outInfo->outItem.len += len; - - return; -} - -/* - * SEC_PKCS12ExportCertifcateAndKeyUsingPassword - * Exports a certificate/key pair using password-based encryption and - * authentication. - * - * pwfn, pwfnarg - password function and argument for the key database - * cert - the certificate to export - * certDb - certificate database - * pwitem - the password to use - * shroudKey - encrypt the key externally, - * keyShroudAlg - encryption algorithm for key - * encryptionAlg - the algorithm with which data is encrypted - * integrityAlg - the algorithm for integrity - */ -SECItem * -SEC_PKCS12ExportCertificateAndKeyUsingPassword( - SECKEYGetPasswordKey pwfn, void *pwfnarg, - CERTCertificate *cert, PK11SlotInfo *slot, - CERTCertDBHandle *certDb, SECItem *pwitem, - PRBool shroudKey, SECOidTag shroudAlg, - PRBool encryptCert, SECOidTag certEncAlg, - SECOidTag integrityAlg, void *wincx) -{ - struct inPlaceEncodeInfo outInfo; - SEC_PKCS12ExportContext *p12ecx = NULL; - SEC_PKCS12SafeInfo *keySafe, *certSafe; - SECItem *returnItem = NULL; - - if(!cert || !pwitem || !slot) { - return NULL; - } - - outInfo.error = PR_FALSE; - outInfo.outItem.data = NULL; - outInfo.outItem.len = 0; - - p12ecx = SEC_PKCS12CreateExportContext(pwfn, pwfnarg, slot, wincx); - if(!p12ecx) { - return NULL; - } - - /* set up cert safe */ - if(encryptCert) { - certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, certEncAlg); - } else { - certSafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx); - } - if(!certSafe) { - goto loser; - } - - /* set up key safe */ - if(shroudKey) { - keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx); - } else { - keySafe = certSafe; - } - if(!keySafe) { - goto loser; - } - - /* add integrity mode */ - if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, integrityAlg) - != SECSuccess) { - goto loser; - } - - /* add cert and key pair */ - if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert, certDb, - keySafe, NULL, shroudKey, pwitem, shroudAlg) - != SECSuccess) { - goto loser; - } - - /* encode the puppy */ - if(SEC_PKCS12Encode(p12ecx, sec_pkcs12_in_place_encoder_output, &outInfo) - != SECSuccess) { - goto loser; - } - if(outInfo.error) { - goto loser; - } - - SEC_PKCS12DestroyExportContext(p12ecx); - - returnItem = SECITEM_DupItem(&outInfo.outItem); - SECITEM_ZfreeItem(&outInfo.outItem, PR_FALSE); - - return returnItem; - -loser: - if(outInfo.outItem.data) { - SECITEM_ZfreeItem(&(outInfo.outItem), PR_TRUE); - } - - if(p12ecx) { - SEC_PKCS12DestroyExportContext(p12ecx); - } - - return NULL; -} - - |