diff options
author | ryan.sleevi%gmail.com <devnull@localhost> | 2012-11-16 03:41:20 +0000 |
---|---|---|
committer | ryan.sleevi%gmail.com <devnull@localhost> | 2012-11-16 03:41:20 +0000 |
commit | 7ae43a0e47560cab044a9eb7c41421222afb70cc (patch) | |
tree | 017f1bb3deba741c30ea4211d7fbbcccb56fe26a | |
parent | e554282b5c8d8574f2335b32d11415a98549b76d (diff) | |
download | nss-hg-7ae43a0e47560cab044a9eb7c41421222afb70cc.tar.gz |
BUG 802429: Respect cipherOrder when evaluating which module to use to perform operations.
r=rrelyea
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 2 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11priv.h | 2 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 52 | ||||
-rw-r--r-- | security/nss/lib/util/utilpars.c | 2 |
4 files changed, 40 insertions, 18 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 329a2e7f1..b2c91b2f1 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -2663,7 +2663,7 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg) nssCryptokiObject *instance = *ip; PK11SlotInfo *slot = instance->token->pk11slot; if (slot) { - PK11_AddSlotToList(slotList, slot); + PK11_AddSlotToList(slotList, slot, PR_TRUE); found = PR_TRUE; } } diff --git a/security/nss/lib/pk11wrap/pk11priv.h b/security/nss/lib/pk11wrap/pk11priv.h index 2c70cb0e4..c5b7a27c4 100644 --- a/security/nss/lib/pk11wrap/pk11priv.h +++ b/security/nss/lib/pk11wrap/pk11priv.h @@ -28,7 +28,7 @@ SEC_BEGIN_PROTOS PK11SlotList * PK11_NewSlotList(void); PK11SlotList * PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type, PRBool needRW,void *wincx); -SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot); +SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot, PRBool sorted); SECStatus PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le); PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list, PK11SlotInfo *slot); diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 4d8d0ecf3..6d6aeb095 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -171,11 +171,16 @@ PK11_FreeSlotList(PK11SlotList *list) /* * add a slot to a list + * "slot" is the slot to be added. Ownership is not transferred. + * "sorted" indicates whether or not the slot should be inserted according to + * cipherOrder of the associated module. PR_FALSE indicates that the slot + * should be inserted to the head of the list. */ SECStatus -PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot) +PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot, PRBool sorted) { PK11SlotListElement *le; + PK11SlotListElement *element; le = (PK11SlotListElement *) PORT_Alloc(sizeof(PK11SlotListElement)); if (le == NULL) return SECFailure; @@ -184,9 +189,23 @@ PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot) le->prev = NULL; le->refCount = 1; PZ_Lock(list->lock); - if (list->head) list->head->prev = le; else list->tail = le; - le->next = list->head; - list->head = le; + element = list->head; + /* Insertion sort, with higher cipherOrders are sorted first in the list */ + while (element && sorted && (element->slot->module->cipherOrder > + le->slot->module->cipherOrder)) { + element = element->next; + } + if (element) { + le->prev = element->prev; + element->prev = le; + le->next = element; + } else { + le->prev = list->tail; + le->next = NULL; + list->tail = le; + } + if (le->prev) le->prev->next = le; + if (list->head == element) list->head = le; PZ_Unlock(list->lock); return SECSuccess; @@ -208,11 +227,12 @@ PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le) } /* - * Move a list to the end of the target list. NOTE: There is no locking - * here... This assumes BOTH lists are private copy lists. + * Move a list to the end of the target list. + * NOTE: There is no locking here... This assumes BOTH lists are private copy + * lists. It also does not re-sort the target list. */ SECStatus -PK11_MoveListToList(PK11SlotList *target,PK11SlotList *src) +pk11_MoveListToList(PK11SlotList *target,PK11SlotList *src) { if (src->head == NULL) return SECSuccess; @@ -511,7 +531,7 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, ((NULL == slotName) || (0 == *slotName)) && ((NULL == tokenName) || (0 == *tokenName)) ) { /* default to softoken */ - PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot()); + PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot(), PR_TRUE); return slotList; } @@ -539,7 +559,7 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, ( (!slotName) || (tmpSlot->slot_name && (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { if (tmpSlot) { - PK11_AddSlotToList(slotList, tmpSlot); + PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); slotcount++; } } @@ -910,7 +930,7 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count) CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism; PK11SlotList *slotList = PK11_GetSlotList(mechanism); - if (slotList) PK11_AddSlotToList(slotList,slot); + if (slotList) PK11_AddSlotToList(slotList,slot,PR_FALSE); } } @@ -937,7 +957,7 @@ PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry, /* add this slot to the list */ if (slotList!=NULL) - result = PK11_AddSlotToList(slotList, slot); + result = PK11_AddSlotToList(slotList, slot, PR_FALSE); } else { /* trying to turn off */ @@ -1910,12 +1930,12 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts, || PK11_DoesMechanism(slot, type)) { if (pk11_LoginStillRequired(slot,wincx)) { if (PK11_IsFriendly(slot)) { - PK11_AddSlotToList(friendlyList, slot); + PK11_AddSlotToList(friendlyList, slot, PR_TRUE); } else { - PK11_AddSlotToList(loginList, slot); + PK11_AddSlotToList(loginList, slot, PR_TRUE); } } else { - PK11_AddSlotToList(list, slot); + PK11_AddSlotToList(list, slot, PR_TRUE); } } } @@ -1923,9 +1943,9 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts, } SECMOD_ReleaseReadLock(moduleLock); - PK11_MoveListToList(list,friendlyList); + pk11_MoveListToList(list,friendlyList); PK11_FreeSlotList(friendlyList); - PK11_MoveListToList(list,loginList); + pk11_MoveListToList(list,loginList); PK11_FreeSlotList(loginList); return list; diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c index 41d7ea2c5..6b633a4d3 100644 --- a/security/nss/lib/util/utilpars.c +++ b/security/nss/lib/util/utilpars.c @@ -543,6 +543,8 @@ static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = { NSSUTIL_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG), NSSUTIL_ARG_ENTRY(RC5,SECMOD_RC5_FLAG), NSSUTIL_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG), + NSSUTIL_ARG_ENTRY(SHA256,SECMOD_SHA256_FLAG), + NSSUTIL_ARG_ENTRY(SHA512,SECMOD_SHA512_FLAG), NSSUTIL_ARG_ENTRY(MD5,SECMOD_MD5_FLAG), NSSUTIL_ARG_ENTRY(MD2,SECMOD_MD2_FLAG), NSSUTIL_ARG_ENTRY(SSL,SECMOD_SSL_FLAG), |