BUG 802429: Respect cipherOrder when evaluating which module to use to perform operations.

r=rrelyea
author: ryan.sleevi%gmail.com <devnull@localhost> 2012-11-16 03:41:20 +0000
committer: ryan.sleevi%gmail.com <devnull@localhost> 2012-11-16 03:41:20 +0000
commit: 7ae43a0e47560cab044a9eb7c41421222afb70cc (patch)
tree: 017f1bb3deba741c30ea4211d7fbbcccb56fe26a
parent: e554282b5c8d8574f2335b32d11415a98549b76d (diff)
download: nss-hg-7ae43a0e47560cab044a9eb7c41421222afb70cc.tar.gz
4 files changed, 40 insertions, 18 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index 329a2e7f1..b2c91b2f1 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -2663,7 +2663,7 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg)
 	nssCryptokiObject *instance = *ip;
 	PK11SlotInfo *slot = instance->token->pk11slot;
 	if (slot) {
-	    PK11_AddSlotToList(slotList, slot);
+	    PK11_AddSlotToList(slotList, slot, PR_TRUE);
 	    found = PR_TRUE;
 	}
     }
diff --git a/security/nss/lib/pk11wrap/pk11priv.h b/security/nss/lib/pk11wrap/pk11priv.h
index 2c70cb0e4..c5b7a27c4 100644
--- a/security/nss/lib/pk11wrap/pk11priv.h
+++ b/security/nss/lib/pk11wrap/pk11priv.h
@@ -28,7 +28,7 @@ SEC_BEGIN_PROTOS
 PK11SlotList * PK11_NewSlotList(void);
 PK11SlotList * PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type,
 						PRBool needRW,void *wincx);
-SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot);
+SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot, PRBool sorted);
 SECStatus PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le);
 PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list,
 							PK11SlotInfo *slot);
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index 4d8d0ecf3..6d6aeb095 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -171,11 +171,16 @@ PK11_FreeSlotList(PK11SlotList *list)
 
 /*
  * add a slot to a list
+ * "slot" is the slot to be added. Ownership is not transferred.
+ * "sorted" indicates whether or not the slot should be inserted according to
+ *   cipherOrder of the associated module. PR_FALSE indicates that the slot
+ *   should be inserted to the head of the list.
  */
 SECStatus
-PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot)
+PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot, PRBool sorted)
 {
     PK11SlotListElement *le;
+    PK11SlotListElement *element;
 
     le = (PK11SlotListElement *) PORT_Alloc(sizeof(PK11SlotListElement));
     if (le == NULL) return SECFailure;
@@ -184,9 +189,23 @@ PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot)
     le->prev = NULL;
     le->refCount = 1;
     PZ_Lock(list->lock);
-    if (list->head) list->head->prev = le; else list->tail = le;
-    le->next = list->head;
-    list->head = le;
+    element = list->head;
+    /* Insertion sort, with higher cipherOrders are sorted first in the list */
+    while (element && sorted && (element->slot->module->cipherOrder >
+                                 le->slot->module->cipherOrder)) {
+        element = element->next;
+    }
+    if (element) {
+        le->prev = element->prev;
+        element->prev = le;
+        le->next = element;
+    } else {
+        le->prev = list->tail;
+        le->next = NULL;
+        list->tail = le;
+    }
+    if (le->prev) le->prev->next = le;
+    if (list->head == element) list->head = le;
     PZ_Unlock(list->lock);
 
     return SECSuccess;
@@ -208,11 +227,12 @@ PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le)
 }
 
 /*
- * Move a list to the end of the target list. NOTE: There is no locking
- * here... This assumes BOTH lists are private copy lists.
+ * Move a list to the end of the target list.
+ * NOTE: There is no locking here... This assumes BOTH lists are private copy
+ * lists. It also does not re-sort the target list.
  */
 SECStatus
-PK11_MoveListToList(PK11SlotList *target,PK11SlotList *src)
+pk11_MoveListToList(PK11SlotList *target,PK11SlotList *src)
 {
     if (src->head == NULL) return SECSuccess;
 
@@ -511,7 +531,7 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName,
         ((NULL == slotName) || (0 == *slotName)) &&
         ((NULL == tokenName) || (0 == *tokenName)) ) {
         /* default to softoken */
-        PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot());
+        PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot(), PR_TRUE);
         return slotList;
     }
 
@@ -539,7 +559,7 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName,
                     ( (!slotName) || (tmpSlot->slot_name &&
                     (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) {
                     if (tmpSlot) {
-                        PK11_AddSlotToList(slotList, tmpSlot);
+                        PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE);
                         slotcount++;
                     }
                 }
@@ -910,7 +930,7 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
 	    CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
 	    PK11SlotList *slotList = PK11_GetSlotList(mechanism);
 
-	    if (slotList) PK11_AddSlotToList(slotList,slot);
+	    if (slotList) PK11_AddSlotToList(slotList,slot,PR_FALSE);
 	}
     }
 
@@ -937,7 +957,7 @@ PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
         
         /* add this slot to the list */
         if (slotList!=NULL)
-            result = PK11_AddSlotToList(slotList, slot);
+            result = PK11_AddSlotToList(slotList, slot, PR_FALSE);
         
     } else { /* trying to turn off */
             
@@ -1910,12 +1930,12 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
 					|| PK11_DoesMechanism(slot, type)) {
 		    if (pk11_LoginStillRequired(slot,wincx)) {
 			if (PK11_IsFriendly(slot)) {
-			    PK11_AddSlotToList(friendlyList, slot);
+			    PK11_AddSlotToList(friendlyList, slot, PR_TRUE);
 			} else {
-			    PK11_AddSlotToList(loginList, slot);
+			    PK11_AddSlotToList(loginList, slot, PR_TRUE);
 			}
 		    } else {
-			PK11_AddSlotToList(list, slot);
+			PK11_AddSlotToList(list, slot, PR_TRUE);
 		    }
 		}
 	    }
@@ -1923,9 +1943,9 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
     }
     SECMOD_ReleaseReadLock(moduleLock);
 
-    PK11_MoveListToList(list,friendlyList);
+    pk11_MoveListToList(list,friendlyList);
     PK11_FreeSlotList(friendlyList);
-    PK11_MoveListToList(list,loginList);
+    pk11_MoveListToList(list,loginList);
     PK11_FreeSlotList(loginList);
 
     return list;
diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c
index 41d7ea2c5..6b633a4d3 100644
--- a/security/nss/lib/util/utilpars.c
+++ b/security/nss/lib/util/utilpars.c
@@ -543,6 +543,8 @@ static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
 	NSSUTIL_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
 	NSSUTIL_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
 	NSSUTIL_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
+	NSSUTIL_ARG_ENTRY(SHA256,SECMOD_SHA256_FLAG),
+	NSSUTIL_ARG_ENTRY(SHA512,SECMOD_SHA512_FLAG),
 	NSSUTIL_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
 	NSSUTIL_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
 	NSSUTIL_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
author	ryan.sleevi%gmail.com <devnull@localhost>	2012-11-16 03:41:20 +0000
committer	ryan.sleevi%gmail.com <devnull@localhost>	2012-11-16 03:41:20 +0000
commit	7ae43a0e47560cab044a9eb7c41421222afb70cc (patch)
tree	017f1bb3deba741c30ea4211d7fbbcccb56fe26a
parent	e554282b5c8d8574f2335b32d11415a98549b76d (diff)
download	nss-hg-7ae43a0e47560cab044a9eb7c41421222afb70cc.tar.gz