diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-02-05 22:55:59 +0100 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-02-05 22:55:59 +0100 |
commit | ac260f7767f05afb1b79b27e46353499fdbddaa2 (patch) | |
tree | 633c98bbfb8ab71ba3bdf76cf08bfcc28e428348 | |
parent | 39d0f24cad325d64cb2d989cb42590e4079d2ae1 (diff) | |
download | nss-hg-NSS_3_23_BETA3.tar.gz |
Bug 1244152 - NSS clang-format: lib/dev, r=kaieNSS_3_23_BETA3
-rw-r--r-- | lib/dev/ckhelper.c | 596 | ||||
-rw-r--r-- | lib/dev/ckhelper.h | 153 | ||||
-rw-r--r-- | lib/dev/dev.h | 873 | ||||
-rw-r--r-- | lib/dev/devm.h | 202 | ||||
-rw-r--r-- | lib/dev/devslot.c | 178 | ||||
-rw-r--r-- | lib/dev/devt.h | 89 | ||||
-rw-r--r-- | lib/dev/devtm.h | 2 | ||||
-rw-r--r-- | lib/dev/devtoken.c | 1539 | ||||
-rw-r--r-- | lib/dev/devutil.c | 1013 | ||||
-rw-r--r-- | lib/dev/nssdev.h | 12 |
10 files changed, 2205 insertions, 2452 deletions
diff --git a/lib/dev/ckhelper.c b/lib/dev/ckhelper.c index 0ca56547d..f58594228 100644 --- a/lib/dev/ckhelper.c +++ b/lib/dev/ckhelper.c @@ -16,51 +16,49 @@ extern const NSSError NSS_ERROR_DEVICE_ERROR; static const CK_BBOOL s_true = CK_TRUE; NSS_IMPLEMENT_DATA const NSSItem -g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) }; + g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) }; static const CK_BBOOL s_false = CK_FALSE; NSS_IMPLEMENT_DATA const NSSItem -g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) }; + g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) }; static const CK_OBJECT_CLASS s_class_cert = CKO_CERTIFICATE; NSS_IMPLEMENT_DATA const NSSItem -g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) }; + g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) }; static const CK_OBJECT_CLASS s_class_pubkey = CKO_PUBLIC_KEY; NSS_IMPLEMENT_DATA const NSSItem -g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) }; + g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) }; static const CK_OBJECT_CLASS s_class_privkey = CKO_PRIVATE_KEY; NSS_IMPLEMENT_DATA const NSSItem -g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) }; + g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) }; static PRBool -is_string_attribute ( - CK_ATTRIBUTE_TYPE aType -) +is_string_attribute( + CK_ATTRIBUTE_TYPE aType) { PRBool isString; switch (aType) { - case CKA_LABEL: - case CKA_NSS_EMAIL: - isString = PR_TRUE; - break; - default: - isString = PR_FALSE; - break; + case CKA_LABEL: + case CKA_NSS_EMAIL: + isString = PR_TRUE; + break; + default: + isString = PR_FALSE; + break; } return isString; } -NSS_IMPLEMENT PRStatus -nssCKObject_GetAttributes ( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR obj_template, - CK_ULONG count, - NSSArena *arenaOpt, - nssSession *session, - NSSSlot *slot -) +NSS_IMPLEMENT PRStatus +nssCKObject_GetAttributes( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG count, + NSSArena *arenaOpt, + nssSession *session, + NSSSlot *slot) { nssArenaMark *mark = NULL; CK_SESSION_HANDLE hSession; @@ -69,114 +67,112 @@ nssCKObject_GetAttributes ( PRStatus nssrv; PRBool alloced = PR_FALSE; void *epv = nssSlot_GetCryptokiEPV(slot); - hSession = session->handle; + hSession = session->handle; if (arenaOpt) { - mark = nssArena_Mark(arenaOpt); - if (!mark) { - goto loser; - } + mark = nssArena_Mark(arenaOpt); + if (!mark) { + goto loser; + } } nssSession_EnterMonitor(session); /* XXX kinda hacky, if the storage size is already in the first template * item, then skip the alloc portion */ if (obj_template[0].ulValueLen == 0) { - /* Get the storage size needed for each attribute */ - ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, - object, obj_template, count); - if (ckrv != CKR_OK && - ckrv != CKR_ATTRIBUTE_TYPE_INVALID && - ckrv != CKR_ATTRIBUTE_SENSITIVE) - { - nssSession_ExitMonitor(session); - nss_SetError(NSS_ERROR_DEVICE_ERROR); - goto loser; - } - /* Allocate memory for each attribute. */ - for (i=0; i<count; i++) { - CK_ULONG ulValueLen = obj_template[i].ulValueLen; - if (ulValueLen == 0 || ulValueLen == (CK_ULONG) -1) { - obj_template[i].pValue = NULL; - obj_template[i].ulValueLen = 0; - continue; - } - if (is_string_attribute(obj_template[i].type)) { - ulValueLen++; - } - obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen); - if (!obj_template[i].pValue) { - nssSession_ExitMonitor(session); - goto loser; - } - } - alloced = PR_TRUE; + /* Get the storage size needed for each attribute */ + ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, + object, obj_template, count); + if (ckrv != CKR_OK && + ckrv != CKR_ATTRIBUTE_TYPE_INVALID && + ckrv != CKR_ATTRIBUTE_SENSITIVE) { + nssSession_ExitMonitor(session); + nss_SetError(NSS_ERROR_DEVICE_ERROR); + goto loser; + } + /* Allocate memory for each attribute. */ + for (i = 0; i < count; i++) { + CK_ULONG ulValueLen = obj_template[i].ulValueLen; + if (ulValueLen == 0 || ulValueLen == (CK_ULONG)-1) { + obj_template[i].pValue = NULL; + obj_template[i].ulValueLen = 0; + continue; + } + if (is_string_attribute(obj_template[i].type)) { + ulValueLen++; + } + obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen); + if (!obj_template[i].pValue) { + nssSession_ExitMonitor(session); + goto loser; + } + } + alloced = PR_TRUE; } /* Obtain the actual attribute values. */ ckrv = CKAPI(epv)->C_GetAttributeValue(hSession, object, obj_template, count); nssSession_ExitMonitor(session); - if (ckrv != CKR_OK && + if (ckrv != CKR_OK && ckrv != CKR_ATTRIBUTE_TYPE_INVALID && - ckrv != CKR_ATTRIBUTE_SENSITIVE) - { - nss_SetError(NSS_ERROR_DEVICE_ERROR); - goto loser; + ckrv != CKR_ATTRIBUTE_SENSITIVE) { + nss_SetError(NSS_ERROR_DEVICE_ERROR); + goto loser; } if (alloced && arenaOpt) { - nssrv = nssArena_Unmark(arenaOpt, mark); - if (nssrv != PR_SUCCESS) { - goto loser; - } - } - - if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || - (ckrv == CKR_ATTRIBUTE_SENSITIVE))) { - /* old tokens would keep the length of '0' and not deal with any - * of the attributes we passed. For those tokens read them one at - * a time */ - for (i=0; i < count; i++) { - if ((obj_template[i].ulValueLen == 0) - || (obj_template[i].ulValueLen == -1)) { - obj_template[i].ulValueLen=0; - (void) nssCKObject_GetAttributes(object,&obj_template[i], 1, - arenaOpt, session, slot); - } - } + nssrv = nssArena_Unmark(arenaOpt, mark); + if (nssrv != PR_SUCCESS) { + goto loser; + } + } + + if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || + (ckrv == CKR_ATTRIBUTE_SENSITIVE))) { + /* old tokens would keep the length of '0' and not deal with any + * of the attributes we passed. For those tokens read them one at + * a time */ + for (i = 0; i < count; i++) { + if ((obj_template[i].ulValueLen == 0) || + (obj_template[i].ulValueLen == -1)) { + obj_template[i].ulValueLen = 0; + (void)nssCKObject_GetAttributes(object, &obj_template[i], 1, + arenaOpt, session, slot); + } + } } return PR_SUCCESS; loser: if (alloced) { - if (arenaOpt) { - /* release all arena memory allocated before the failure. */ - (void)nssArena_Release(arenaOpt, mark); - } else { - CK_ULONG j; - /* free each heap object that was allocated before the failure. */ - for (j=0; j<i; j++) { - nss_ZFreeIf(obj_template[j].pValue); - } - } + if (arenaOpt) { + /* release all arena memory allocated before the failure. */ + (void)nssArena_Release(arenaOpt, mark); + } + else { + CK_ULONG j; + /* free each heap object that was allocated before the failure. */ + for (j = 0; j < i; j++) { + nss_ZFreeIf(obj_template[j].pValue); + } + } } return PR_FAILURE; } NSS_IMPLEMENT PRStatus -nssCKObject_GetAttributeItem ( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_TYPE attribute, - NSSArena *arenaOpt, - nssSession *session, - NSSSlot *slot, - NSSItem *rvItem -) +nssCKObject_GetAttributeItem( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_TYPE attribute, + NSSArena *arenaOpt, + nssSession *session, + NSSSlot *slot, + NSSItem *rvItem) { CK_ATTRIBUTE attr = { 0, NULL, 0 }; PRStatus nssrv; attr.type = attribute; - nssrv = nssCKObject_GetAttributes(object, &attr, 1, + nssrv = nssCKObject_GetAttributes(object, &attr, 1, arenaOpt, session, slot); if (nssrv != PR_SUCCESS) { - return nssrv; + return nssrv; } rvItem->data = (void *)attr.pValue; rvItem->size = (PRUint32)attr.ulValueLen; @@ -184,13 +180,12 @@ nssCKObject_GetAttributeItem ( } NSS_IMPLEMENT PRBool -nssCKObject_IsAttributeTrue ( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_TYPE attribute, - nssSession *session, - NSSSlot *slot, - PRStatus *rvStatus -) +nssCKObject_IsAttributeTrue( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_TYPE attribute, + nssSession *session, + NSSSlot *slot, + PRStatus *rvStatus) { CK_BBOOL bool; CK_ATTRIBUTE_PTR attr; @@ -200,50 +195,49 @@ nssCKObject_IsAttributeTrue ( attr = &atemplate; NSS_CK_SET_ATTRIBUTE_VAR(attr, attribute, bool); nssSession_EnterMonitor(session); - ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object, + ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object, &atemplate, 1); nssSession_ExitMonitor(session); if (ckrv != CKR_OK) { - *rvStatus = PR_FAILURE; - return PR_FALSE; + *rvStatus = PR_FAILURE; + return PR_FALSE; } *rvStatus = PR_SUCCESS; return (PRBool)(bool == CK_TRUE); } -NSS_IMPLEMENT PRStatus -nssCKObject_SetAttributes ( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR obj_template, - CK_ULONG count, - nssSession *session, - NSSSlot *slot -) +NSS_IMPLEMENT PRStatus +nssCKObject_SetAttributes( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG count, + nssSession *session, + NSSSlot *slot) { CK_RV ckrv; void *epv = nssSlot_GetCryptokiEPV(slot); nssSession_EnterMonitor(session); - ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object, + ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object, obj_template, count); nssSession_ExitMonitor(session); if (ckrv == CKR_OK) { - return PR_SUCCESS; - } else { - return PR_FAILURE; + return PR_SUCCESS; + } + else { + return PR_FAILURE; } } NSS_IMPLEMENT PRBool -nssCKObject_IsTokenObjectTemplate ( - CK_ATTRIBUTE_PTR objectTemplate, - CK_ULONG otsize -) +nssCKObject_IsTokenObjectTemplate( + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize) { CK_ULONG ul; - for (ul=0; ul<otsize; ul++) { - if (objectTemplate[ul].type == CKA_TOKEN) { - return (*((CK_BBOOL*)objectTemplate[ul].pValue) == CK_TRUE); - } + for (ul = 0; ul < otsize; ul++) { + if (objectTemplate[ul].type == CKA_TOKEN) { + return (*((CK_BBOOL *)objectTemplate[ul].pValue) == CK_TRUE); + } } return PR_FALSE; } @@ -253,32 +247,31 @@ nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) { CK_CERTIFICATE_TYPE ckCertType; if (!attrib->pValue) { - /* default to PKIX */ - return NSSCertificateType_PKIX; + /* default to PKIX */ + return NSSCertificateType_PKIX; } ckCertType = *((CK_ULONG *)attrib->pValue); switch (ckCertType) { - case CKC_X_509: - return NSSCertificateType_PKIX; - default: - break; + case CKC_X_509: + return NSSCertificateType_PKIX; + default: + break; } return NSSCertificateType_Unknown; } /* incoming pointers must be valid */ NSS_IMPLEMENT PRStatus -nssCryptokiCertificate_GetAttributes ( - nssCryptokiObject *certObject, - nssSession *sessionOpt, - NSSArena *arenaOpt, - NSSCertificateType *certTypeOpt, - NSSItem *idOpt, - NSSDER *encodingOpt, - NSSDER *issuerOpt, - NSSDER *serialOpt, - NSSDER *subjectOpt -) +nssCryptokiCertificate_GetAttributes( + nssCryptokiObject *certObject, + nssSession *sessionOpt, + NSSArena *arenaOpt, + NSSCertificateType *certTypeOpt, + NSSItem *idOpt, + NSSDER *encodingOpt, + NSSDER *issuerOpt, + NSSDER *serialOpt, + NSSDER *subjectOpt) { PRStatus status; PRUint32 i; @@ -290,27 +283,27 @@ nssCryptokiCertificate_GetAttributes ( /* Set up a template of all options chosen by caller */ NSS_CK_TEMPLATE_START(cert_template, attr, template_size); if (certTypeOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE); } if (idOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID); } if (encodingOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); } if (issuerOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER); } if (serialOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER); } if (subjectOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); } NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size); if (template_size == 0) { - /* caller didn't want anything */ - return PR_SUCCESS; + /* caller didn't want anything */ + return PR_SUCCESS; } status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt, @@ -318,77 +311,92 @@ nssCryptokiCertificate_GetAttributes ( cert_template, template_size); if (status != PR_SUCCESS) { - session = sessionOpt ? - sessionOpt : - nssToken_GetDefaultSession(certObject->token); - if (!session) { - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); - return PR_FAILURE; - } - - slot = nssToken_GetSlot(certObject->token); - status = nssCKObject_GetAttributes(certObject->handle, - cert_template, template_size, - arenaOpt, session, slot); - nssSlot_Destroy(slot); - if (status != PR_SUCCESS) { - return status; - } - } - - i=0; + session = sessionOpt ? + sessionOpt + : + nssToken_GetDefaultSession(certObject->token); + if (!session) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } + + slot = nssToken_GetSlot(certObject->token); + status = nssCKObject_GetAttributes(certObject->handle, + cert_template, template_size, + arenaOpt, session, slot); + nssSlot_Destroy(slot); + if (status != PR_SUCCESS) { + return status; + } + } + + i = 0; if (certTypeOpt) { - *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); i++; + *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); + i++; } if (idOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); + i++; } if (encodingOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); + i++; } if (issuerOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); + i++; } if (serialOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); + i++; } if (subjectOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); + i++; } return PR_SUCCESS; } -static nssTrustLevel -get_nss_trust ( - CK_TRUST ckt -) +static nssTrustLevel +get_nss_trust( + CK_TRUST ckt) { nssTrustLevel t; switch (ckt) { - case CKT_NSS_NOT_TRUSTED: t = nssTrustLevel_NotTrusted; break; - case CKT_NSS_TRUSTED_DELEGATOR: t = nssTrustLevel_TrustedDelegator; - break; - case CKT_NSS_VALID_DELEGATOR: t = nssTrustLevel_ValidDelegator; break; - case CKT_NSS_TRUSTED: t = nssTrustLevel_Trusted; break; - case CKT_NSS_MUST_VERIFY_TRUST: t = nssTrustLevel_MustVerify; break; - case CKT_NSS_TRUST_UNKNOWN: - default: - t = nssTrustLevel_Unknown; break; + case CKT_NSS_NOT_TRUSTED: + t = nssTrustLevel_NotTrusted; + break; + case CKT_NSS_TRUSTED_DELEGATOR: + t = nssTrustLevel_TrustedDelegator; + break; + case CKT_NSS_VALID_DELEGATOR: + t = nssTrustLevel_ValidDelegator; + break; + case CKT_NSS_TRUSTED: + t = nssTrustLevel_Trusted; + break; + case CKT_NSS_MUST_VERIFY_TRUST: + t = nssTrustLevel_MustVerify; + break; + case CKT_NSS_TRUST_UNKNOWN: + default: + t = nssTrustLevel_Unknown; + break; } return t; } NSS_IMPLEMENT PRStatus -nssCryptokiTrust_GetAttributes ( - nssCryptokiObject *trustObject, - nssSession *sessionOpt, - NSSItem *sha1_hash, - nssTrustLevel *serverAuth, - nssTrustLevel *clientAuth, - nssTrustLevel *codeSigning, - nssTrustLevel *emailProtection, - PRBool *stepUpApproved -) +nssCryptokiTrust_GetAttributes( + nssCryptokiObject *trustObject, + nssSession *sessionOpt, + NSSItem *sha1_hash, + nssTrustLevel *serverAuth, + nssTrustLevel *clientAuth, + nssTrustLevel *codeSigning, + nssTrustLevel *emailProtection, + PRBool *stepUpApproved) { PRStatus status; NSSSlot *slot; @@ -406,42 +414,43 @@ nssCryptokiTrust_GetAttributes ( /* Use the trust object to find the trust settings */ NSS_CK_TEMPLATE_START(trust_template, attr, trust_size); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp); sha1_hash_attr = attr; - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash); NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL, - trustObject, + trustObject, CKO_NSS_TRUST, trust_template, trust_size); if (status != PR_SUCCESS) { - session = sessionOpt ? - sessionOpt : - nssToken_GetDefaultSession(trustObject->token); - if (!session) { - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); - return PR_FAILURE; - } - - slot = nssToken_GetSlot(trustObject->token); - status = nssCKObject_GetAttributes(trustObject->handle, - trust_template, trust_size, - NULL, session, slot); - nssSlot_Destroy(slot); - if (status != PR_SUCCESS) { - return status; - } + session = sessionOpt ? + sessionOpt + : + nssToken_GetDefaultSession(trustObject->token); + if (!session) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } + + slot = nssToken_GetSlot(trustObject->token); + status = nssCKObject_GetAttributes(trustObject->handle, + trust_template, trust_size, + NULL, session, slot); + nssSlot_Destroy(slot); + if (status != PR_SUCCESS) { + return status; + } } if (sha1_hash_attr->ulValueLen == -1) { - /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */ - sha1_hash_attr->ulValueLen = 0; + /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */ + sha1_hash_attr->ulValueLen = 0; } sha1_hash->size = sha1_hash_attr->ulValueLen; *serverAuth = get_nss_trust(saTrust); @@ -453,16 +462,15 @@ nssCryptokiTrust_GetAttributes ( } NSS_IMPLEMENT PRStatus -nssCryptokiCRL_GetAttributes ( - nssCryptokiObject *crlObject, - nssSession *sessionOpt, - NSSArena *arenaOpt, - NSSItem *encodingOpt, - NSSItem *subjectOpt, - CK_ULONG* crl_class, - NSSUTF8 **urlOpt, - PRBool *isKRLOpt -) +nssCryptokiCRL_GetAttributes( + nssCryptokiObject *crlObject, + nssSession *sessionOpt, + NSSArena *arenaOpt, + NSSItem *encodingOpt, + NSSItem *subjectOpt, + CK_ULONG *crl_class, + NSSUTF8 **urlOpt, + PRBool *isKRLOpt) { PRStatus status; NSSSlot *slot; @@ -477,69 +485,74 @@ nssCryptokiCRL_GetAttributes ( NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS); } if (encodingOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); } if (urlOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL); } if (isKRLOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL); } if (subjectOpt) { - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT); } NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size); status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL, - crlObject, + crlObject, CKO_NSS_CRL, crl_template, crl_size); if (status != PR_SUCCESS) { - session = sessionOpt ? - sessionOpt : - nssToken_GetDefaultSession(crlObject->token); - if (session == NULL) { - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); - return PR_FAILURE; - } - - slot = nssToken_GetSlot(crlObject->token); - status = nssCKObject_GetAttributes(crlObject->handle, - crl_template, crl_size, - arenaOpt, session, slot); - nssSlot_Destroy(slot); - if (status != PR_SUCCESS) { - return status; - } - } - - i=0; + session = sessionOpt ? + sessionOpt + : + nssToken_GetDefaultSession(crlObject->token); + if (session == NULL) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } + + slot = nssToken_GetSlot(crlObject->token); + status = nssCKObject_GetAttributes(crlObject->handle, + crl_template, crl_size, + arenaOpt, session, slot); + nssSlot_Destroy(slot); + if (status != PR_SUCCESS) { + return status; + } + } + + i = 0; if (crl_class) { - NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); i++; + NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); + i++; } if (encodingOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); + i++; } if (urlOpt) { - NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); i++; + NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); + i++; } if (isKRLOpt) { - NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); i++; + NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); + i++; } if (subjectOpt) { - NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); i++; + NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); + i++; } return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -nssCryptokiPrivateKey_SetCertificate ( - nssCryptokiObject *keyObject, - nssSession *sessionOpt, - const NSSUTF8 *nickname, - NSSItem *id, - NSSDER *subject -) +nssCryptokiPrivateKey_SetCertificate( + nssCryptokiObject *keyObject, + nssSession *sessionOpt, + const NSSUTF8 *nickname, + NSSItem *id, + NSSDER *subject) { CK_RV ckrv; CK_ATTRIBUTE_PTR attr; @@ -558,20 +571,22 @@ nssCryptokiPrivateKey_SetCertificate ( NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size); if (sessionOpt) { - if (!nssSession_IsReadWrite(sessionOpt)) { - return PR_FAILURE; - } - session = sessionOpt; - } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { - session = defaultSession; - } else { - NSSSlot *slot = nssToken_GetSlot(token); - session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); - nssSlot_Destroy(slot); - if (!session) { - return PR_FAILURE; - } - createdSession = PR_TRUE; + if (!nssSession_IsReadWrite(sessionOpt)) { + return PR_FAILURE; + } + session = sessionOpt; + } + else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { + session = defaultSession; + } + else { + NSSSlot *slot = nssToken_GetSlot(token); + session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); + nssSlot_Destroy(slot); + if (!session) { + return PR_FAILURE; + } + createdSession = PR_TRUE; } ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, @@ -580,9 +595,8 @@ nssCryptokiPrivateKey_SetCertificate ( key_size); if (createdSession) { - nssSession_Destroy(session); + nssSession_Destroy(session); } return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; } - diff --git a/lib/dev/ckhelper.h b/lib/dev/ckhelper.h index cb4b662e1..a2927f8cb 100644 --- a/lib/dev/ckhelper.h +++ b/lib/dev/ckhelper.h @@ -26,38 +26,39 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_cert; NSS_EXTERN_DATA const NSSItem g_ck_class_pubkey; NSS_EXTERN_DATA const NSSItem g_ck_class_privkey; -#define NSS_CK_TEMPLATE_START(_template, attr, size) \ - attr = _template; \ +#define NSS_CK_TEMPLATE_START(_template, attr, size) \ + attr = _template; \ size = 0; -#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item) \ - (pattr)->type = kind; \ - (pattr)->pValue = (CK_VOID_PTR)(item)->data; \ - (pattr)->ulValueLen = (CK_ULONG)(item)->size; \ +#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item) \ + (pattr)->type = kind; \ + (pattr)->pValue = (CK_VOID_PTR)(item)->data; \ + (pattr)->ulValueLen = (CK_ULONG)(item)->size; \ (pattr)++; -#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8) \ - (pattr)->type = kind; \ - (pattr)->pValue = (CK_VOID_PTR)utf8; \ +#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8) \ + (pattr)->type = kind; \ + (pattr)->pValue = (CK_VOID_PTR)utf8; \ (pattr)->ulValueLen = (CK_ULONG)nssUTF8_Size(utf8, NULL); \ - if ((pattr)->ulValueLen) ((pattr)->ulValueLen)--; \ + if ((pattr)->ulValueLen) \ + ((pattr)->ulValueLen)--; \ (pattr)++; -#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var) \ - (pattr)->type = kind; \ - (pattr)->pValue = (CK_VOID_PTR)&var; \ - (pattr)->ulValueLen = (CK_ULONG)sizeof(var); \ +#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var) \ + (pattr)->type = kind; \ + (pattr)->pValue = (CK_VOID_PTR)&var; \ + (pattr)->ulValueLen = (CK_ULONG)sizeof(var); \ (pattr)++; -#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \ - (pattr)->type = kind; \ - (pattr)->pValue = (CK_VOID_PTR)NULL; \ - (pattr)->ulValueLen = 0; \ +#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \ + (pattr)->type = kind; \ + (pattr)->pValue = (CK_VOID_PTR)NULL; \ + (pattr)->ulValueLen = 0; \ (pattr)++; #define NSS_CK_TEMPLATE_FINISH(_template, attr, size) \ size = (attr) - (_template); \ - PR_ASSERT(size <= sizeof(_template)/sizeof(_template[0])); + PR_ASSERT(size <= sizeof(_template) / sizeof(_template[0])); /* NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item) * @@ -65,92 +66,84 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey; */ #define NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item) \ if ((CK_LONG)(attrib)->ulValueLen > 0) { \ - (item)->data = (void *)(attrib)->pValue; \ - (item)->size = (PRUint32)(attrib)->ulValueLen; \ - } else { \ - (item)->data = 0; \ - (item)->size = 0; \ + (item)->data = (void *)(attrib)->pValue; \ + (item)->size = (PRUint32)(attrib)->ulValueLen; \ + } \ + else { \ + (item)->data = 0; \ + (item)->size = 0; \ } -#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar) \ - if ((attrib)->ulValueLen > 0) { \ - if (*((CK_BBOOL*)(attrib)->pValue) == CK_TRUE) { \ - boolvar = PR_TRUE; \ - } else { \ - boolvar = PR_FALSE; \ - } \ +#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar) \ + if ((attrib)->ulValueLen > 0) { \ + if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \ + boolvar = PR_TRUE; \ + } \ + else { \ + boolvar = PR_FALSE; \ + } \ } -#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar) \ - if ((attrib)->ulValueLen > 0) { \ - ulongvar = *((CK_ULONG*)(attrib)->pValue); \ +#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar) \ + if ((attrib)->ulValueLen > 0) { \ + ulongvar = *((CK_ULONG *)(attrib)->pValue); \ } /* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) * * Convert a CK_ATTRIBUTE to a string. */ -#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \ +#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \ str = (NSSUTF8 *)((attrib)->pValue); /* NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) * * Convert an NSSItem to a CK_ATTRIBUTE. */ -#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) \ - (attrib)->pValue = (CK_VOID_PTR)(item)->data; \ - (attrib)->ulValueLen = (CK_ULONG)(item)->size; \ +#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib) \ + (attrib)->pValue = (CK_VOID_PTR)(item)->data; \ + (attrib)->ulValueLen = (CK_ULONG)(item)->size; /* Get an array of attributes from an object. */ -NSS_EXTERN PRStatus -nssCKObject_GetAttributes -( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR obj_template, - CK_ULONG count, - NSSArena *arenaOpt, - nssSession *session, - NSSSlot *slot -); +NSS_EXTERN PRStatus +nssCKObject_GetAttributes( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG count, + NSSArena *arenaOpt, + nssSession *session, + NSSSlot *slot); /* Get a single attribute as an item. */ NSS_EXTERN PRStatus -nssCKObject_GetAttributeItem -( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_TYPE attribute, - NSSArena *arenaOpt, - nssSession *session, - NSSSlot *slot, - NSSItem *rvItem -); +nssCKObject_GetAttributeItem( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_TYPE attribute, + NSSArena *arenaOpt, + nssSession *session, + NSSSlot *slot, + NSSItem *rvItem); NSS_EXTERN PRBool -nssCKObject_IsAttributeTrue -( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_TYPE attribute, - nssSession *session, - NSSSlot *slot, - PRStatus *rvStatus -); - -NSS_EXTERN PRStatus -nssCKObject_SetAttributes -( - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR obj_template, - CK_ULONG count, - nssSession *session, - NSSSlot *slot -); +nssCKObject_IsAttributeTrue( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_TYPE attribute, + nssSession *session, + NSSSlot *slot, + PRStatus *rvStatus); + +NSS_EXTERN PRStatus +nssCKObject_SetAttributes( + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG count, + nssSession *session, + NSSSlot *slot); NSS_EXTERN PRBool -nssCKObject_IsTokenObjectTemplate -( - CK_ATTRIBUTE_PTR objectTemplate, - CK_ULONG otsize -); +nssCKObject_IsTokenObjectTemplate( + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize); PR_END_EXTERN_C diff --git a/lib/dev/dev.h b/lib/dev/dev.h index fa6242abc..7e64e7612 100644 --- a/lib/dev/dev.h +++ b/lib/dev/dev.h @@ -40,64 +40,44 @@ PR_BEGIN_EXTERN_C */ NSS_EXTERN PRStatus -nss_InitializeGlobalModuleList -( - void -); +nss_InitializeGlobalModuleList( + void); NSS_EXTERN PRStatus -nss_DestroyGlobalModuleList -( - void -); +nss_DestroyGlobalModuleList( + void); NSS_EXTERN NSSModule ** -nss_GetLoadedModules -( - void -); +nss_GetLoadedModules( + void); NSS_EXTERN PRStatus -nssGlobalModuleList_Add -( - NSSModule *module -); +nssGlobalModuleList_Add( + NSSModule *module); NSS_EXTERN PRStatus -nssGlobalModuleList_Remove -( - NSSModule *module -); +nssGlobalModuleList_Remove( + NSSModule *module); NSS_EXTERN NSSModule * -nssGlobalModuleList_FindModuleByName -( - NSSUTF8 *moduleName -); +nssGlobalModuleList_FindModuleByName( + NSSUTF8 *moduleName); NSS_EXTERN NSSSlot * -nssGlobalModuleList_FindSlotByName -( - NSSUTF8 *slotName -); +nssGlobalModuleList_FindSlotByName( + NSSUTF8 *slotName); NSS_EXTERN NSSToken * -nssGlobalModuleList_FindTokenByName -( - NSSUTF8 *tokenName -); +nssGlobalModuleList_FindTokenByName( + NSSUTF8 *tokenName); NSS_EXTERN NSSToken * -nss_GetDefaultCryptoToken -( - void -); +nss_GetDefaultCryptoToken( + void); NSS_EXTERN NSSToken * -nss_GetDefaultDatabaseToken -( - void -); +nss_GetDefaultDatabaseToken( + void); /* * |-----------|<---> NSSSlot <--> NSSToken @@ -118,66 +98,48 @@ nss_GetDefaultDatabaseToken */ NSS_EXTERN NSSModule * -nssModule_Create -( - NSSUTF8 *moduleOpt, - NSSUTF8 *uriOpt, - NSSUTF8 *opaqueOpt, - void *reserved -); +nssModule_Create( + NSSUTF8 *moduleOpt, + NSSUTF8 *uriOpt, + NSSUTF8 *opaqueOpt, + void *reserved); /* This is to use the new loading mechanism. */ NSS_EXTERN NSSModule * -nssModule_CreateFromSpec -( - NSSUTF8 *moduleSpec, - NSSModule *parent, - PRBool loadSubModules -); +nssModule_CreateFromSpec( + NSSUTF8 *moduleSpec, + NSSModule *parent, + PRBool loadSubModules); NSS_EXTERN PRStatus -nssModule_Destroy -( - NSSModule *mod -); +nssModule_Destroy( + NSSModule *mod); NSS_EXTERN NSSModule * -nssModule_AddRef -( - NSSModule *mod -); +nssModule_AddRef( + NSSModule *mod); NSS_EXTERN NSSUTF8 * -nssModule_GetName -( - NSSModule *mod -); +nssModule_GetName( + NSSModule *mod); NSS_EXTERN NSSSlot ** -nssModule_GetSlots -( - NSSModule *mod -); +nssModule_GetSlots( + NSSModule *mod); NSS_EXTERN NSSSlot * -nssModule_FindSlotByName -( - NSSModule *mod, - NSSUTF8 *slotName -); +nssModule_FindSlotByName( + NSSModule *mod, + NSSUTF8 *slotName); NSS_EXTERN NSSToken * -nssModule_FindTokenByName -( - NSSModule *mod, - NSSUTF8 *tokenName -); +nssModule_FindTokenByName( + NSSModule *mod, + NSSUTF8 *tokenName); NSS_EXTERN PRInt32 -nssModule_GetCertOrder -( - NSSModule *module -); +nssModule_GetCertOrder( + NSSModule *module); /* NSSSlot * @@ -199,127 +161,89 @@ nssModule_GetCertOrder */ NSS_EXTERN PRStatus -nssSlot_Destroy -( - NSSSlot *slot -); +nssSlot_Destroy( + NSSSlot *slot); NSS_EXTERN NSSSlot * -nssSlot_AddRef -( - NSSSlot *slot -); +nssSlot_AddRef( + NSSSlot *slot); NSS_EXTERN void -nssSlot_ResetDelay -( - NSSSlot *slot -); +nssSlot_ResetDelay( + NSSSlot *slot); NSS_EXTERN NSSUTF8 * -nssSlot_GetName -( - NSSSlot *slot -); +nssSlot_GetName( + NSSSlot *slot); NSS_EXTERN NSSUTF8 * -nssSlot_GetTokenName -( - NSSSlot *slot -); +nssSlot_GetTokenName( + NSSSlot *slot); NSS_EXTERN NSSModule * -nssSlot_GetModule -( - NSSSlot *slot -); +nssSlot_GetModule( + NSSSlot *slot); NSS_EXTERN NSSToken * -nssSlot_GetToken -( - NSSSlot *slot -); +nssSlot_GetToken( + NSSSlot *slot); NSS_EXTERN PRBool -nssSlot_IsTokenPresent -( - NSSSlot *slot -); +nssSlot_IsTokenPresent( + NSSSlot *slot); NSS_EXTERN PRBool -nssSlot_IsPermanent -( - NSSSlot *slot -); +nssSlot_IsPermanent( + NSSSlot *slot); NSS_EXTERN PRBool -nssSlot_IsFriendly -( - NSSSlot *slot -); +nssSlot_IsFriendly( + NSSSlot *slot); NSS_EXTERN PRBool -nssSlot_IsHardware -( - NSSSlot *slot -); +nssSlot_IsHardware( + NSSSlot *slot); NSS_EXTERN PRBool -nssSlot_IsLoggedIn -( - NSSSlot *slot -); +nssSlot_IsLoggedIn( + NSSSlot *slot); NSS_EXTERN PRStatus -nssSlot_Refresh -( - NSSSlot *slot -); +nssSlot_Refresh( + NSSSlot *slot); NSS_EXTERN PRStatus -nssSlot_Login -( - NSSSlot *slot, - NSSCallback *pwcb -); +nssSlot_Login( + NSSSlot *slot, + NSSCallback *pwcb); extern const NSSError NSS_ERROR_INVALID_PASSWORD; extern const NSSError NSS_ERROR_USER_CANCELED; NSS_EXTERN PRStatus -nssSlot_Logout -( - NSSSlot *slot, - nssSession *sessionOpt -); +nssSlot_Logout( + NSSSlot *slot, + nssSession *sessionOpt); NSS_EXTERN void -nssSlot_EnterMonitor -( - NSSSlot *slot -); +nssSlot_EnterMonitor( + NSSSlot *slot); NSS_EXTERN void -nssSlot_ExitMonitor -( - NSSSlot *slot -); +nssSlot_ExitMonitor( + NSSSlot *slot); #define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1 -#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0 +#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0 NSS_EXTERN void -nssSlot_SetPasswordDefaults -( - NSSSlot *slot, - PRInt32 askPasswordTimeout -); +nssSlot_SetPasswordDefaults( + NSSSlot *slot, + PRInt32 askPasswordTimeout); NSS_EXTERN PRStatus -nssSlot_SetPassword -( - NSSSlot *slot, - NSSUTF8 *oldPasswordOpt, - NSSUTF8 *newPassword -); +nssSlot_SetPassword( + NSSSlot *slot, + NSSUTF8 *oldPasswordOpt, + NSSUTF8 *newPassword); extern const NSSError NSS_ERROR_INVALID_PASSWORD; extern const NSSError NSS_ERROR_USER_CANCELED; @@ -328,12 +252,11 @@ extern const NSSError NSS_ERROR_USER_CANCELED; */ NSS_EXTERN nssSession * -nssSlot_CreateSession -( - NSSSlot *slot, - NSSArena *arenaOpt, - PRBool readWrite /* so far, this is the only flag used */ -); +nssSlot_CreateSession( + NSSSlot *slot, + NSSArena *arenaOpt, + PRBool readWrite /* so far, this is the only flag used */ + ); /* NSSToken * @@ -366,251 +289,199 @@ nssSlot_CreateSession */ NSS_EXTERN PRStatus -nssToken_Destroy -( - NSSToken *tok -); +nssToken_Destroy( + NSSToken *tok); NSS_EXTERN NSSToken * -nssToken_AddRef -( - NSSToken *tok -); +nssToken_AddRef( + NSSToken *tok); NSS_EXTERN NSSUTF8 * -nssToken_GetName -( - NSSToken *tok -); +nssToken_GetName( + NSSToken *tok); NSS_EXTERN NSSModule * -nssToken_GetModule -( - NSSToken *token -); +nssToken_GetModule( + NSSToken *token); NSS_EXTERN NSSSlot * -nssToken_GetSlot -( - NSSToken *tok -); +nssToken_GetSlot( + NSSToken *tok); NSS_EXTERN PRBool -nssToken_NeedsPINInitialization -( - NSSToken *token -); +nssToken_NeedsPINInitialization( + NSSToken *token); NSS_EXTERN nssCryptokiObject * -nssToken_ImportCertificate -( - NSSToken *tok, - nssSession *sessionOpt, - NSSCertificateType certType, - NSSItem *id, - const NSSUTF8 *nickname, - NSSDER *encoding, - NSSDER *issuer, - NSSDER *subject, - NSSDER *serial, - NSSASCII7 *emailAddr, - PRBool asTokenObject -); +nssToken_ImportCertificate( + NSSToken *tok, + nssSession *sessionOpt, + NSSCertificateType certType, + NSSItem *id, + const NSSUTF8 *nickname, + NSSDER *encoding, + NSSDER *issuer, + NSSDER *subject, + NSSDER *serial, + NSSASCII7 *emailAddr, + PRBool asTokenObject); NSS_EXTERN nssCryptokiObject * -nssToken_ImportTrust -( - NSSToken *tok, - nssSession *sessionOpt, - NSSDER *certEncoding, - NSSDER *certIssuer, - NSSDER *certSerial, - nssTrustLevel serverAuth, - nssTrustLevel clientAuth, - nssTrustLevel codeSigning, - nssTrustLevel emailProtection, - PRBool stepUpApproved, - PRBool asTokenObject -); +nssToken_ImportTrust( + NSSToken *tok, + nssSession *sessionOpt, + NSSDER *certEncoding, + NSSDER *certIssuer, + NSSDER *certSerial, + nssTrustLevel serverAuth, + nssTrustLevel clientAuth, + nssTrustLevel codeSigning, + nssTrustLevel emailProtection, + PRBool stepUpApproved, + PRBool asTokenObject); NSS_EXTERN nssCryptokiObject * -nssToken_ImportCRL -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - NSSDER *encoding, - PRBool isKRL, - NSSUTF8 *url, - PRBool asTokenObject -); +nssToken_ImportCRL( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + NSSDER *encoding, + PRBool isKRL, + NSSUTF8 *url, + PRBool asTokenObject); /* Permanently remove an object from the token. */ NSS_EXTERN PRStatus -nssToken_DeleteStoredObject -( - nssCryptokiObject *instance -); +nssToken_DeleteStoredObject( + nssCryptokiObject *instance); NSS_EXTERN nssCryptokiObject ** -nssToken_FindObjects -( - NSSToken *token, - nssSession *sessionOpt, - CK_OBJECT_CLASS objclass, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindObjects( + NSSToken *token, + nssSession *sessionOpt, + CK_OBJECT_CLASS objclass, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject ** -nssToken_FindCertificatesBySubject -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindCertificatesBySubject( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject ** -nssToken_FindCertificatesByNickname -( - NSSToken *token, - nssSession *sessionOpt, - const NSSUTF8 *name, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindCertificatesByNickname( + NSSToken *token, + nssSession *sessionOpt, + const NSSUTF8 *name, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject ** -nssToken_FindCertificatesByEmail -( - NSSToken *token, - nssSession *sessionOpt, - NSSASCII7 *email, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindCertificatesByEmail( + NSSToken *token, + nssSession *sessionOpt, + NSSASCII7 *email, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject ** -nssToken_FindCertificatesByID -( - NSSToken *token, - nssSession *sessionOpt, - NSSItem *id, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindCertificatesByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *id, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject * -nssToken_FindCertificateByIssuerAndSerialNumber -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *issuer, - NSSDER *serial, - nssTokenSearchType searchType, - PRStatus *statusOpt -); +nssToken_FindCertificateByIssuerAndSerialNumber( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *issuer, + NSSDER *serial, + nssTokenSearchType searchType, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject * -nssToken_FindCertificateByEncodedCertificate -( - NSSToken *token, - nssSession *sessionOpt, - NSSBER *encodedCertificate, - nssTokenSearchType searchType, - PRStatus *statusOpt -); +nssToken_FindCertificateByEncodedCertificate( + NSSToken *token, + nssSession *sessionOpt, + NSSBER *encodedCertificate, + nssTokenSearchType searchType, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject * -nssToken_FindTrustForCertificate -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *certEncoding, - NSSDER *certIssuer, - NSSDER *certSerial, - nssTokenSearchType searchType -); +nssToken_FindTrustForCertificate( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *certEncoding, + NSSDER *certIssuer, + NSSDER *certSerial, + nssTokenSearchType searchType); NSS_EXTERN nssCryptokiObject ** -nssToken_FindCRLsBySubject -( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindCRLsBySubject( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject ** -nssToken_FindPrivateKeys -( - NSSToken *token, - nssSession *sessionOpt, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssToken_FindPrivateKeys( + NSSToken *token, + nssSession *sessionOpt, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN nssCryptokiObject * -nssToken_FindPrivateKeyByID -( - NSSToken *token, - nssSession *sessionOpt, - NSSItem *keyID -); +nssToken_FindPrivateKeyByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *keyID); NSS_EXTERN nssCryptokiObject * -nssToken_FindPublicKeyByID -( - NSSToken *token, - nssSession *sessionOpt, - NSSItem *keyID -); +nssToken_FindPublicKeyByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *keyID); NSS_EXTERN NSSItem * -nssToken_Digest -( - NSSToken *tok, - nssSession *sessionOpt, - NSSAlgorithmAndParameters *ap, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +nssToken_Digest( + NSSToken *tok, + nssSession *sessionOpt, + NSSAlgorithmAndParameters *ap, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt); NSS_EXTERN PRStatus -nssToken_BeginDigest -( - NSSToken *tok, - nssSession *sessionOpt, - NSSAlgorithmAndParameters *ap -); +nssToken_BeginDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSAlgorithmAndParameters *ap); NSS_EXTERN PRStatus -nssToken_ContinueDigest -( - NSSToken *tok, - nssSession *sessionOpt, - NSSItem *item -); +nssToken_ContinueDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSItem *item); NSS_EXTERN NSSItem * -nssToken_FinishDigest -( - NSSToken *tok, - nssSession *sessionOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -); +nssToken_FinishDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); /* nssSession * @@ -621,36 +492,28 @@ nssToken_FinishDigest */ NSS_EXTERN PRStatus -nssSession_Destroy -( - nssSession *s -); +nssSession_Destroy( + nssSession *s); /* would like to inline */ NSS_EXTERN PRStatus -nssSession_EnterMonitor -( - nssSession *s -); +nssSession_EnterMonitor( + nssSession *s); /* would like to inline */ NSS_EXTERN PRStatus -nssSession_ExitMonitor -( - nssSession *s -); +nssSession_ExitMonitor( + nssSession *s); /* would like to inline */ NSS_EXTERN PRBool -nssSession_IsReadWrite -( - nssSession *s -); +nssSession_IsReadWrite( + nssSession *s); /* nssCryptokiObject * * An object living on a cryptoki token. - * Not really proper to mix up the object types just because + * Not really proper to mix up the object types just because * nssCryptokiObject itself is generic, but doing so anyway. * * nssCryptokiObject_Destroy @@ -664,83 +527,67 @@ nssSession_IsReadWrite */ NSS_EXTERN void -nssCryptokiObject_Destroy -( - nssCryptokiObject *object -); +nssCryptokiObject_Destroy( + nssCryptokiObject *object); NSS_EXTERN PRBool -nssCryptokiObject_Equal -( - nssCryptokiObject *object1, - nssCryptokiObject *object2 -); +nssCryptokiObject_Equal( + nssCryptokiObject *object1, + nssCryptokiObject *object2); NSS_EXTERN nssCryptokiObject * -nssCryptokiObject_Clone -( - nssCryptokiObject *object -); +nssCryptokiObject_Clone( + nssCryptokiObject *object); NSS_EXTERN PRStatus -nssCryptokiCertificate_GetAttributes -( - nssCryptokiObject *object, - nssSession *sessionOpt, - NSSArena *arenaOpt, - NSSCertificateType *certTypeOpt, - NSSItem *idOpt, - NSSDER *encodingOpt, - NSSDER *issuerOpt, - NSSDER *serialOpt, - NSSDER *subjectOpt -); +nssCryptokiCertificate_GetAttributes( + nssCryptokiObject *object, + nssSession *sessionOpt, + NSSArena *arenaOpt, + NSSCertificateType *certTypeOpt, + NSSItem *idOpt, + NSSDER *encodingOpt, + NSSDER *issuerOpt, + NSSDER *serialOpt, + NSSDER *subjectOpt); NSS_EXTERN PRStatus -nssCryptokiTrust_GetAttributes -( - nssCryptokiObject *trustObject, - nssSession *sessionOpt, - NSSItem *sha1_hash, - nssTrustLevel *serverAuth, - nssTrustLevel *clientAuth, - nssTrustLevel *codeSigning, - nssTrustLevel *emailProtection, - PRBool *stepUpApproved -); +nssCryptokiTrust_GetAttributes( + nssCryptokiObject *trustObject, + nssSession *sessionOpt, + NSSItem *sha1_hash, + nssTrustLevel *serverAuth, + nssTrustLevel *clientAuth, + nssTrustLevel *codeSigning, + nssTrustLevel *emailProtection, + PRBool *stepUpApproved); NSS_EXTERN PRStatus -nssCryptokiCRL_GetAttributes -( - nssCryptokiObject *crlObject, - nssSession *sessionOpt, - NSSArena *arenaOpt, - NSSItem *encodingOpt, - NSSItem * subjectOpt, - CK_ULONG * crl_class, - NSSUTF8 **urlOpt, - PRBool *isKRLOpt -); +nssCryptokiCRL_GetAttributes( + nssCryptokiObject *crlObject, + nssSession *sessionOpt, + NSSArena *arenaOpt, + NSSItem *encodingOpt, + NSSItem *subjectOpt, + CK_ULONG *crl_class, + NSSUTF8 **urlOpt, + PRBool *isKRLOpt); /* I'm including this to handle import of certificates in NSS 3.5. This * function will set the cert-related attributes of a key, in order to * associate it with a cert. Does it stay like this for 4.0? */ NSS_EXTERN PRStatus -nssCryptokiPrivateKey_SetCertificate -( - nssCryptokiObject *keyObject, - nssSession *sessionOpt, - const NSSUTF8 *nickname, - NSSItem *id, - NSSDER *subject -); +nssCryptokiPrivateKey_SetCertificate( + nssCryptokiObject *keyObject, + nssSession *sessionOpt, + const NSSUTF8 *nickname, + NSSItem *id, + NSSDER *subject); NSS_EXTERN void -nssModuleArray_Destroy -( - NSSModule **modules -); +nssModuleArray_Destroy( + NSSModule **modules); /* nssSlotArray * @@ -748,10 +595,8 @@ nssModuleArray_Destroy */ NSS_EXTERN void -nssSlotArray_Destroy -( - NSSSlot **slots -); +nssSlotArray_Destroy( + NSSSlot **slots); /* nssTokenArray * @@ -759,23 +604,19 @@ nssSlotArray_Destroy */ NSS_EXTERN void -nssTokenArray_Destroy -( - NSSToken **tokens -); +nssTokenArray_Destroy( + NSSToken **tokens); /* nssCryptokiObjectArray * * nssCryptokiObjectArray_Destroy */ NSS_EXTERN void -nssCryptokiObjectArray_Destroy -( - nssCryptokiObject **object -); +nssCryptokiObjectArray_Destroy( + nssCryptokiObject **object); /* nssSlotList -* + * * An ordered list of slots. The order can be anything, it is set in the * Add methods. Perhaps it should be CreateInCertOrder, ...? * @@ -794,30 +635,24 @@ nssCryptokiObjectArray_Destroy /* nssSlotList_Create */ NSS_EXTERN nssSlotList * -nssSlotList_Create -( - NSSArena *arenaOpt -); +nssSlotList_Create( + NSSArena *arenaOpt); /* nssSlotList_Destroy */ NSS_EXTERN void -nssSlotList_Destroy -( - nssSlotList *slotList -); +nssSlotList_Destroy( + nssSlotList *slotList); /* nssSlotList_Add * * Add the given slot in the given order. */ NSS_EXTERN PRStatus -nssSlotList_Add -( - nssSlotList *slotList, - NSSSlot *slot, - PRUint32 order -); +nssSlotList_Add( + nssSlotList *slotList, + NSSSlot *slot, + PRUint32 order); /* nssSlotList_AddModuleSlots * @@ -825,38 +660,30 @@ nssSlotList_Add * equal weight). */ NSS_EXTERN PRStatus -nssSlotList_AddModuleSlots -( - nssSlotList *slotList, - NSSModule *module, - PRUint32 order -); +nssSlotList_AddModuleSlots( + nssSlotList *slotList, + NSSModule *module, + PRUint32 order); /* nssSlotList_GetSlots */ NSS_EXTERN NSSSlot ** -nssSlotList_GetSlots -( - nssSlotList *slotList -); +nssSlotList_GetSlots( + nssSlotList *slotList); /* nssSlotList_FindSlotByName */ NSS_EXTERN NSSSlot * -nssSlotList_FindSlotByName -( - nssSlotList *slotList, - NSSUTF8 *slotName -); +nssSlotList_FindSlotByName( + nssSlotList *slotList, + NSSUTF8 *slotName); /* nssSlotList_FindTokenByName */ NSS_EXTERN NSSToken * -nssSlotList_FindTokenByName -( - nssSlotList *slotList, - NSSUTF8 *tokenName -); +nssSlotList_FindTokenByName( + nssSlotList *slotList, + NSSUTF8 *tokenName); /* nssSlotList_GetBestSlot * @@ -864,74 +691,56 @@ nssSlotList_FindTokenByName * list. */ NSS_EXTERN NSSSlot * -nssSlotList_GetBestSlot -( - nssSlotList *slotList -); +nssSlotList_GetBestSlot( + nssSlotList *slotList); /* nssSlotList_GetBestSlotForAlgorithmAndParameters * * Highest-ranking slot than can handle algorithm/parameters. */ NSS_EXTERN NSSSlot * -nssSlotList_GetBestSlotForAlgorithmAndParameters -( - nssSlotList *slotList, - NSSAlgorithmAndParameters *ap -); +nssSlotList_GetBestSlotForAlgorithmAndParameters( + nssSlotList *slotList, + NSSAlgorithmAndParameters *ap); /* nssSlotList_GetBestSlotForAlgorithmsAndParameters * * Highest-ranking slot than can handle all algorithms/parameters. */ NSS_EXTERN NSSSlot * -nssSlotList_GetBestSlotForAlgorithmsAndParameters -( - nssSlotList *slotList, - NSSAlgorithmAndParameters **ap -); +nssSlotList_GetBestSlotForAlgorithmsAndParameters( + nssSlotList *slotList, + NSSAlgorithmAndParameters **ap); NSS_EXTERN PRBool -nssToken_IsPresent -( - NSSToken *token -); +nssToken_IsPresent( + NSSToken *token); NSS_EXTERN nssSession * -nssToken_GetDefaultSession -( - NSSToken *token -); +nssToken_GetDefaultSession( + NSSToken *token); NSS_EXTERN PRStatus -nssToken_GetTrustOrder -( - NSSToken *tok -); +nssToken_GetTrustOrder( + NSSToken *tok); NSS_EXTERN PRStatus -nssToken_NotifyCertsNotVisible -( - NSSToken *tok -); +nssToken_NotifyCertsNotVisible( + NSSToken *tok); NSS_EXTERN PRStatus -nssToken_TraverseCertificates -( - NSSToken *token, - nssSession *sessionOpt, - nssTokenSearchType searchType, - PRStatus (* callback)(nssCryptokiObject *instance, void *arg), - void *arg -); +nssToken_TraverseCertificates( + NSSToken *token, + nssSession *sessionOpt, + nssTokenSearchType searchType, + PRStatus (*callback)(nssCryptokiObject *instance, void *arg), + void *arg); NSS_EXTERN PRBool -nssToken_IsPrivateKeyAvailable -( - NSSToken *token, - NSSCertificate *c, - nssCryptokiObject *instance -); +nssToken_IsPrivateKeyAvailable( + NSSToken *token, + NSSCertificate *c, + nssCryptokiObject *instance); PR_END_EXTERN_C diff --git a/lib/dev/devm.h b/lib/dev/devm.h index 6485ae2ad..16acf649f 100644 --- a/lib/dev/devm.h +++ b/lib/dev/devm.h @@ -24,181 +24,133 @@ PR_BEGIN_EXTERN_C ((CK_FUNCTION_LIST_PTR)(epv)) NSS_EXTERN void -nssDevice_AddRef -( - struct nssDeviceBaseStr *device -); +nssDevice_AddRef( + struct nssDeviceBaseStr *device); NSS_EXTERN PRBool -nssDevice_Destroy -( - struct nssDeviceBaseStr *device -); +nssDevice_Destroy( + struct nssDeviceBaseStr *device); NSS_EXTERN PRBool -nssModule_IsThreadSafe -( - NSSModule *module -); +nssModule_IsThreadSafe( + NSSModule *module); NSS_EXTERN PRBool -nssModule_IsInternal -( - NSSModule *mod -); +nssModule_IsInternal( + NSSModule *mod); NSS_EXTERN PRBool -nssModule_IsModuleDBOnly -( - NSSModule *mod -); +nssModule_IsModuleDBOnly( + NSSModule *mod); NSS_EXTERN void * -nssModule_GetCryptokiEPV -( - NSSModule *mod -); +nssModule_GetCryptokiEPV( + NSSModule *mod); NSS_EXTERN NSSSlot * -nssSlot_Create -( - CK_SLOT_ID slotId, - NSSModule *parent -); +nssSlot_Create( + CK_SLOT_ID slotId, + NSSModule *parent); NSS_EXTERN void * -nssSlot_GetCryptokiEPV -( - NSSSlot *slot -); +nssSlot_GetCryptokiEPV( + NSSSlot *slot); NSS_EXTERN NSSToken * -nssToken_Create -( - CK_SLOT_ID slotID, - NSSSlot *peer -); +nssToken_Create( + CK_SLOT_ID slotID, + NSSSlot *peer); NSS_EXTERN void * -nssToken_GetCryptokiEPV -( - NSSToken *token -); +nssToken_GetCryptokiEPV( + NSSToken *token); NSS_EXTERN nssSession * -nssToken_GetDefaultSession -( - NSSToken *token -); +nssToken_GetDefaultSession( + NSSToken *token); NSS_EXTERN PRBool -nssToken_IsLoginRequired -( - NSSToken *token -); +nssToken_IsLoginRequired( + NSSToken *token); NSS_EXTERN void -nssToken_Remove -( - NSSToken *token -); +nssToken_Remove( + NSSToken *token); NSS_EXTERN nssCryptokiObject * -nssCryptokiObject_Create -( - NSSToken *t, - nssSession *session, - CK_OBJECT_HANDLE h -); +nssCryptokiObject_Create( + NSSToken *t, + nssSession *session, + CK_OBJECT_HANDLE h); NSS_EXTERN nssTokenObjectCache * -nssTokenObjectCache_Create -( - NSSToken *token, - PRBool cacheCerts, - PRBool cacheTrust, - PRBool cacheCRLs -); +nssTokenObjectCache_Create( + NSSToken *token, + PRBool cacheCerts, + PRBool cacheTrust, + PRBool cacheCRLs); NSS_EXTERN void -nssTokenObjectCache_Destroy -( - nssTokenObjectCache *cache -); +nssTokenObjectCache_Destroy( + nssTokenObjectCache *cache); NSS_EXTERN void -nssTokenObjectCache_Clear -( - nssTokenObjectCache *cache -); +nssTokenObjectCache_Clear( + nssTokenObjectCache *cache); NSS_EXTERN PRBool -nssTokenObjectCache_HaveObjectClass -( - nssTokenObjectCache *cache, - CK_OBJECT_CLASS objclass -); +nssTokenObjectCache_HaveObjectClass( + nssTokenObjectCache *cache, + CK_OBJECT_CLASS objclass); NSS_EXTERN nssCryptokiObject ** -nssTokenObjectCache_FindObjectsByTemplate -( - nssTokenObjectCache *cache, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR otemplate, - CK_ULONG otlen, - PRUint32 maximumOpt, - PRStatus *statusOpt -); +nssTokenObjectCache_FindObjectsByTemplate( + nssTokenObjectCache *cache, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR otemplate, + CK_ULONG otlen, + PRUint32 maximumOpt, + PRStatus *statusOpt); NSS_EXTERN PRStatus -nssTokenObjectCache_GetObjectAttributes -( - nssTokenObjectCache *cache, - NSSArena *arenaOpt, - nssCryptokiObject *object, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR atemplate, - CK_ULONG atlen -); +nssTokenObjectCache_GetObjectAttributes( + nssTokenObjectCache *cache, + NSSArena *arenaOpt, + nssCryptokiObject *object, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR atemplate, + CK_ULONG atlen); NSS_EXTERN PRStatus -nssTokenObjectCache_ImportObject -( - nssTokenObjectCache *cache, - nssCryptokiObject *object, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR ot, - CK_ULONG otlen -); +nssTokenObjectCache_ImportObject( + nssTokenObjectCache *cache, + nssCryptokiObject *object, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR ot, + CK_ULONG otlen); NSS_EXTERN void -nssTokenObjectCache_RemoveObject -( - nssTokenObjectCache *cache, - nssCryptokiObject *object -); +nssTokenObjectCache_RemoveObject( + nssTokenObjectCache *cache, + nssCryptokiObject *object); /* XXX allows peek back into token */ NSS_EXTERN PRStatus -nssToken_GetCachedObjectAttributes -( - NSSToken *token, - NSSArena *arenaOpt, - nssCryptokiObject *object, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR atemplate, - CK_ULONG atlen -); +nssToken_GetCachedObjectAttributes( + NSSToken *token, + NSSArena *arenaOpt, + nssCryptokiObject *object, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR atemplate, + CK_ULONG atlen); /* PKCS#11 stores strings in a fixed-length buffer padded with spaces. This * function gets the length of the actual string. */ NSS_EXTERN PRUint32 -nssPKCS11String_Length -( - CK_CHAR *pkcs11str, - PRUint32 bufLen -); +nssPKCS11String_Length( + CK_CHAR *pkcs11str, + PRUint32 bufLen); PR_END_EXTERN_C diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c index f49915ee1..5b0bb371a 100644 --- a/lib/dev/devslot.c +++ b/lib/dev/devslot.c @@ -20,21 +20,20 @@ /* this should track global and per-transaction login information */ #define NSSSLOT_IS_FRIENDLY(slot) \ - (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY) + (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY) /* measured as interval */ static PRIntervalTime s_token_delay_time = 0; NSS_IMPLEMENT PRStatus -nssSlot_Destroy ( - NSSSlot *slot -) +nssSlot_Destroy( + NSSSlot *slot) { if (slot) { - if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) { - PZ_DestroyLock(slot->base.lock); - return nssArena_Destroy(slot->base.arena); - } + if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) { + PZ_DestroyLock(slot->base.lock); + return nssArena_Destroy(slot->base.arena); + } } return PR_SUCCESS; } @@ -43,7 +42,7 @@ void nssSlot_EnterMonitor(NSSSlot *slot) { if (slot->lock) { - PZ_Lock(slot->lock); + PZ_Lock(slot->lock); } } @@ -51,47 +50,42 @@ void nssSlot_ExitMonitor(NSSSlot *slot) { if (slot->lock) { - PZ_Unlock(slot->lock); + PZ_Unlock(slot->lock); } } NSS_IMPLEMENT void -NSSSlot_Destroy ( - NSSSlot *slot -) +NSSSlot_Destroy( + NSSSlot *slot) { (void)nssSlot_Destroy(slot); } NSS_IMPLEMENT NSSSlot * -nssSlot_AddRef ( - NSSSlot *slot -) +nssSlot_AddRef( + NSSSlot *slot) { PR_ATOMIC_INCREMENT(&slot->base.refCount); return slot; } NSS_IMPLEMENT NSSUTF8 * -nssSlot_GetName ( - NSSSlot *slot -) +nssSlot_GetName( + NSSSlot *slot) { return slot->base.name; } NSS_IMPLEMENT NSSUTF8 * -nssSlot_GetTokenName ( - NSSSlot *slot -) +nssSlot_GetTokenName( + NSSSlot *slot) { return nssToken_GetName(slot->token); } NSS_IMPLEMENT void -nssSlot_ResetDelay ( - NSSSlot *slot -) +nssSlot_ResetDelay( + NSSSlot *slot) { slot->lastTokenPing = 0; } @@ -102,21 +96,20 @@ within_token_delay_period(NSSSlot *slot) PRIntervalTime time, lastTime; /* Set the delay time for checking the token presence */ if (s_token_delay_time == 0) { - s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME); + s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME); } time = PR_IntervalNow(); lastTime = slot->lastTokenPing; if ((lastTime) && ((time - lastTime) < s_token_delay_time)) { - return PR_TRUE; + return PR_TRUE; } slot->lastTokenPing = time; return PR_FALSE; } NSS_IMPLEMENT PRBool -nssSlot_IsTokenPresent ( - NSSSlot *slot -) +nssSlot_IsTokenPresent( + NSSSlot *slot) { CK_RV ckrv; PRStatus nssrv; @@ -126,75 +119,77 @@ nssSlot_IsTokenPresent ( void *epv; /* permanent slots are always present unless they're disabled */ if (nssSlot_IsPermanent(slot)) { - return !PK11_IsDisabled(slot->pk11slot); + return !PK11_IsDisabled(slot->pk11slot); } /* avoid repeated calls to check token status within set interval */ if (within_token_delay_period(slot)) { - return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0); + return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0); } /* First obtain the slot info */ epv = slot->epv; if (!epv) { - return PR_FALSE; + return PR_FALSE; } nssSlot_EnterMonitor(slot); ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo); nssSlot_ExitMonitor(slot); if (ckrv != CKR_OK) { - slot->token->base.name[0] = 0; /* XXX */ - return PR_FALSE; + slot->token->base.name[0] = 0; /* XXX */ + return PR_FALSE; } slot->ckFlags = slotInfo.flags; /* check for the presence of the token */ if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) { - if (!slot->token) { - /* token was never present */ - return PR_FALSE; - } - session = nssToken_GetDefaultSession(slot->token); - if (session) { - nssSession_EnterMonitor(session); - /* token is not present */ - if (session->handle != CK_INVALID_SESSION) { - /* session is valid, close and invalidate it */ - CKAPI(epv)->C_CloseSession(session->handle); - session->handle = CK_INVALID_SESSION; - } - nssSession_ExitMonitor(session); - } - if (slot->token->base.name[0] != 0) { - /* notify the high-level cache that the token is removed */ - slot->token->base.name[0] = 0; /* XXX */ - nssToken_NotifyCertsNotVisible(slot->token); - } - slot->token->base.name[0] = 0; /* XXX */ - /* clear the token cache */ - nssToken_Remove(slot->token); - return PR_FALSE; + if (!slot->token) { + /* token was never present */ + return PR_FALSE; + } + session = nssToken_GetDefaultSession(slot->token); + if (session) { + nssSession_EnterMonitor(session); + /* token is not present */ + if (session->handle != CK_INVALID_SESSION) { + /* session is valid, close and invalidate it */ + CKAPI(epv) + ->C_CloseSession(session->handle); + session->handle = CK_INVALID_SESSION; + } + nssSession_ExitMonitor(session); + } + if (slot->token->base.name[0] != 0) { + /* notify the high-level cache that the token is removed */ + slot->token->base.name[0] = 0; /* XXX */ + nssToken_NotifyCertsNotVisible(slot->token); + } + slot->token->base.name[0] = 0; /* XXX */ + /* clear the token cache */ + nssToken_Remove(slot->token); + return PR_FALSE; } /* token is present, use the session info to determine if the card * has been removed and reinserted. */ session = nssToken_GetDefaultSession(slot->token); if (session) { - PRBool isPresent = PR_FALSE; - nssSession_EnterMonitor(session); - if (session->handle != CK_INVALID_SESSION) { - CK_SESSION_INFO sessionInfo; - ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo); - if (ckrv != CKR_OK) { - /* session is screwy, close and invalidate it */ - CKAPI(epv)->C_CloseSession(session->handle); - session->handle = CK_INVALID_SESSION; - } - } - isPresent = session->handle != CK_INVALID_SESSION; - nssSession_ExitMonitor(session); - /* token not removed, finished */ - if (isPresent) - return PR_TRUE; - } + PRBool isPresent = PR_FALSE; + nssSession_EnterMonitor(session); + if (session->handle != CK_INVALID_SESSION) { + CK_SESSION_INFO sessionInfo; + ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo); + if (ckrv != CKR_OK) { + /* session is screwy, close and invalidate it */ + CKAPI(epv) + ->C_CloseSession(session->handle); + session->handle = CK_INVALID_SESSION; + } + } + isPresent = session->handle != CK_INVALID_SESSION; + nssSession_ExitMonitor(session); + /* token not removed, finished */ + if (isPresent) + return PR_TRUE; + } /* the token has been removed, and reinserted, or the slot contains * a token it doesn't recognize. invalidate all the old * information we had on this token, if we can't refresh, clear @@ -212,46 +207,41 @@ nssSlot_IsTokenPresent ( } NSS_IMPLEMENT void * -nssSlot_GetCryptokiEPV ( - NSSSlot *slot -) +nssSlot_GetCryptokiEPV( + NSSSlot *slot) { return slot->epv; } NSS_IMPLEMENT NSSToken * -nssSlot_GetToken ( - NSSSlot *slot -) +nssSlot_GetToken( + NSSSlot *slot) { if (nssSlot_IsTokenPresent(slot)) { - return nssToken_AddRef(slot->token); + return nssToken_AddRef(slot->token); } return (NSSToken *)NULL; } NSS_IMPLEMENT PRStatus -nssSession_EnterMonitor ( - nssSession *s -) +nssSession_EnterMonitor( + nssSession *s) { - if (s->lock) PZ_Lock(s->lock); + if (s->lock) + PZ_Lock(s->lock); return PR_SUCCESS; } NSS_IMPLEMENT PRStatus -nssSession_ExitMonitor ( - nssSession *s -) +nssSession_ExitMonitor( + nssSession *s) { return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS; } NSS_EXTERN PRBool -nssSession_IsReadWrite ( - nssSession *s -) +nssSession_IsReadWrite( + nssSession *s) { return s->isRW; } - diff --git a/lib/dev/devt.h b/lib/dev/devt.h index c67811418..db93deb12 100644 --- a/lib/dev/devt.h +++ b/lib/dev/devt.h @@ -34,22 +34,20 @@ PR_BEGIN_EXTERN_C typedef struct nssSessionStr nssSession; /* XXX until NSSTokenStr is moved */ -struct nssDeviceBaseStr -{ - NSSArena *arena; - PZLock *lock; - PRInt32 refCount; - NSSUTF8 *name; - PRUint32 flags; +struct nssDeviceBaseStr { + NSSArena *arena; + PZLock *lock; + PRInt32 refCount; + NSSUTF8 *name; + PRUint32 flags; }; typedef struct nssTokenObjectCacheStr nssTokenObjectCache; /* XXX until devobject.c goes away */ -struct NSSTokenStr -{ +struct NSSTokenStr { struct nssDeviceBaseStr base; - NSSSlot *slot; /* Parent (or peer, if you will) */ + NSSSlot *slot; /* Parent (or peer, if you will) */ CK_FLAGS ckFlags; /* from CK_TOKEN_INFO.flags */ PRUint32 flags; void *epv; @@ -61,40 +59,36 @@ struct NSSTokenStr }; typedef enum { - nssSlotAskPasswordTimes_FirstTime = 0, - nssSlotAskPasswordTimes_EveryTime = 1, - nssSlotAskPasswordTimes_Timeout = 2 -} -nssSlotAskPasswordTimes; - -struct nssSlotAuthInfoStr -{ - PRTime lastLogin; - nssSlotAskPasswordTimes askTimes; - PRIntervalTime askPasswordTimeout; + nssSlotAskPasswordTimes_FirstTime = 0, + nssSlotAskPasswordTimes_EveryTime = 1, + nssSlotAskPasswordTimes_Timeout = 2 +} nssSlotAskPasswordTimes; + +struct nssSlotAuthInfoStr { + PRTime lastLogin; + nssSlotAskPasswordTimes askTimes; + PRIntervalTime askPasswordTimeout; }; -struct NSSSlotStr -{ - struct nssDeviceBaseStr base; - NSSModule *module; /* Parent */ - NSSToken *token; /* Peer */ - CK_SLOT_ID slotID; - CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */ - struct nssSlotAuthInfoStr authInfo; - PRIntervalTime lastTokenPing; - PZLock *lock; - void *epv; - PK11SlotInfo *pk11slot; +struct NSSSlotStr { + struct nssDeviceBaseStr base; + NSSModule *module; /* Parent */ + NSSToken *token; /* Peer */ + CK_SLOT_ID slotID; + CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */ + struct nssSlotAuthInfoStr authInfo; + PRIntervalTime lastTokenPing; + PZLock *lock; + void *epv; + PK11SlotInfo *pk11slot; }; -struct nssSessionStr -{ - PZLock *lock; - CK_SESSION_HANDLE handle; - NSSSlot *slot; - PRBool isRW; - PRBool ownLock; +struct nssSessionStr { + PZLock *lock; + CK_SESSION_HANDLE handle; + NSSSlot *slot; + PRBool isRW; + PRBool ownLock; }; typedef enum { @@ -113,8 +107,7 @@ typedef enum { typedef struct nssCryptokiInstanceStr nssCryptokiInstance; -struct nssCryptokiInstanceStr -{ +struct nssCryptokiInstanceStr { CK_OBJECT_HANDLE handle; NSSToken *token; PRBool isTokenObject; @@ -132,22 +125,20 @@ typedef enum { nssTokenSearchType_TokenForced = 3 } nssTokenSearchType; -struct nssTokenCertSearchStr -{ +struct nssTokenCertSearchStr { nssTokenSearchType searchType; - PRStatus (* callback)(NSSCertificate *c, void *arg); + PRStatus (*callback)(NSSCertificate *c, void *arg); void *cbarg; nssList *cached; - /* TODO: add a cache query callback if the list would be large - * (traversal) + /* TODO: add a cache query callback if the list would be large + * (traversal) */ }; struct nssSlotListStr; typedef struct nssSlotListStr nssSlotList; -struct NSSAlgorithmAndParametersStr -{ +struct NSSAlgorithmAndParametersStr { CK_MECHANISM mechanism; }; diff --git a/lib/dev/devtm.h b/lib/dev/devtm.h index f55c45b2a..ef3c4c076 100644 --- a/lib/dev/devtm.h +++ b/lib/dev/devtm.h @@ -8,7 +8,7 @@ /* * devtm.h * - * This file contains module-private definitions for the low-level + * This file contains module-private definitions for the low-level * cryptoki devices. */ diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c index 7223e489b..ded7b51d6 100644 --- a/lib/dev/devtoken.c +++ b/lib/dev/devtoken.c @@ -24,115 +24,103 @@ extern const NSSError NSS_ERROR_PKCS11; #define OBJECT_STACK_SIZE 16 NSS_IMPLEMENT PRStatus -nssToken_Destroy ( - NSSToken *tok -) +nssToken_Destroy( + NSSToken *tok) { if (tok) { - if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) { - PZ_DestroyLock(tok->base.lock); - nssTokenObjectCache_Destroy(tok->cache); - /* The token holds the first/last reference to the slot. - * When the token is actually destroyed, that ref must go too. - */ - (void)nssSlot_Destroy(tok->slot); - return nssArena_Destroy(tok->base.arena); - } + if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) { + PZ_DestroyLock(tok->base.lock); + nssTokenObjectCache_Destroy(tok->cache); + /* The token holds the first/last reference to the slot. + * When the token is actually destroyed, that ref must go too. + */ + (void)nssSlot_Destroy(tok->slot); + return nssArena_Destroy(tok->base.arena); + } } return PR_SUCCESS; } NSS_IMPLEMENT void -nssToken_Remove ( - NSSToken *tok -) +nssToken_Remove( + NSSToken *tok) { nssTokenObjectCache_Clear(tok->cache); } NSS_IMPLEMENT void -NSSToken_Destroy ( - NSSToken *tok -) +NSSToken_Destroy( + NSSToken *tok) { (void)nssToken_Destroy(tok); } NSS_IMPLEMENT NSSToken * -nssToken_AddRef ( - NSSToken *tok -) +nssToken_AddRef( + NSSToken *tok) { PR_ATOMIC_INCREMENT(&tok->base.refCount); return tok; } NSS_IMPLEMENT NSSSlot * -nssToken_GetSlot ( - NSSToken *tok -) +nssToken_GetSlot( + NSSToken *tok) { return nssSlot_AddRef(tok->slot); } NSS_IMPLEMENT void * -nssToken_GetCryptokiEPV ( - NSSToken *token -) +nssToken_GetCryptokiEPV( + NSSToken *token) { return nssSlot_GetCryptokiEPV(token->slot); } NSS_IMPLEMENT nssSession * -nssToken_GetDefaultSession ( - NSSToken *token -) +nssToken_GetDefaultSession( + NSSToken *token) { return token->defaultSession; } NSS_IMPLEMENT NSSUTF8 * -nssToken_GetName ( - NSSToken *tok -) +nssToken_GetName( + NSSToken *tok) { if (tok == NULL) { - return ""; + return ""; } if (tok->base.name[0] == 0) { - (void) nssSlot_IsTokenPresent(tok->slot); - } + (void)nssSlot_IsTokenPresent(tok->slot); + } return tok->base.name; } NSS_IMPLEMENT NSSUTF8 * -NSSToken_GetName ( - NSSToken *token -) +NSSToken_GetName( + NSSToken *token) { return nssToken_GetName(token); } NSS_IMPLEMENT PRBool -nssToken_IsLoginRequired ( - NSSToken *token -) +nssToken_IsLoginRequired( + NSSToken *token) { return (token->ckFlags & CKF_LOGIN_REQUIRED); } NSS_IMPLEMENT PRBool -nssToken_NeedsPINInitialization ( - NSSToken *token -) +nssToken_NeedsPINInitialization( + NSSToken *token) { return (!(token->ckFlags & CKF_USER_PIN_INITIALIZED)); } NSS_IMPLEMENT PRStatus -nssToken_DeleteStoredObject ( - nssCryptokiObject *instance -) +nssToken_DeleteStoredObject( + nssCryptokiObject *instance) { CK_RV ckrv; PRStatus status; @@ -141,43 +129,43 @@ nssToken_DeleteStoredObject ( nssSession *session = NULL; void *epv = nssToken_GetCryptokiEPV(instance->token); if (token->cache) { - nssTokenObjectCache_RemoveObject(token->cache, instance); + nssTokenObjectCache_RemoveObject(token->cache, instance); } if (instance->isTokenObject) { - if (token->defaultSession && - nssSession_IsReadWrite(token->defaultSession)) { - session = token->defaultSession; - } else { - session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); - createdSession = PR_TRUE; - } + if (token->defaultSession && + nssSession_IsReadWrite(token->defaultSession)) { + session = token->defaultSession; + } + else { + session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } } if (session == NULL) { - return PR_FAILURE; + return PR_FAILURE; } nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle); nssSession_ExitMonitor(session); if (createdSession) { - nssSession_Destroy(session); + nssSession_Destroy(session); } status = PR_SUCCESS; if (ckrv != CKR_OK) { - status = PR_FAILURE; - /* use the error stack to pass the PKCS #11 error out */ - nss_SetError(ckrv); - nss_SetError(NSS_ERROR_PKCS11); + status = PR_FAILURE; + /* use the error stack to pass the PKCS #11 error out */ + nss_SetError(ckrv); + nss_SetError(NSS_ERROR_PKCS11); } return status; } static nssCryptokiObject * -import_object ( - NSSToken *tok, - nssSession *sessionOpt, - CK_ATTRIBUTE_PTR objectTemplate, - CK_ULONG otsize -) +import_object( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize) { nssSession *session = NULL; PRBool createdSession = PR_FALSE; @@ -186,79 +174,81 @@ import_object ( CK_RV ckrv; void *epv = nssToken_GetCryptokiEPV(tok); if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) { - if (sessionOpt) { - if (!nssSession_IsReadWrite(sessionOpt)) { - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); - return NULL; - } - session = sessionOpt; - } else if (tok->defaultSession && - nssSession_IsReadWrite(tok->defaultSession)) { - session = tok->defaultSession; - } else { - session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); - createdSession = PR_TRUE; - } - } else { - session = (sessionOpt) ? sessionOpt : tok->defaultSession; + if (sessionOpt) { + if (!nssSession_IsReadWrite(sessionOpt)) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return NULL; + } + session = sessionOpt; + } + else if (tok->defaultSession && + nssSession_IsReadWrite(tok->defaultSession)) { + session = tok->defaultSession; + } + else { + session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } + else { + session = (sessionOpt) ? sessionOpt : tok->defaultSession; } if (session == NULL) { - nss_SetError(NSS_ERROR_INVALID_ARGUMENT); - return NULL; + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return NULL; } nssSession_EnterMonitor(session); - ckrv = CKAPI(epv)->C_CreateObject(session->handle, + ckrv = CKAPI(epv)->C_CreateObject(session->handle, objectTemplate, otsize, &handle); nssSession_ExitMonitor(session); if (ckrv == CKR_OK) { - object = nssCryptokiObject_Create(tok, session, handle); - } else { - nss_SetError(ckrv); - nss_SetError(NSS_ERROR_PKCS11); + object = nssCryptokiObject_Create(tok, session, handle); + } + else { + nss_SetError(ckrv); + nss_SetError(NSS_ERROR_PKCS11); } if (createdSession) { - nssSession_Destroy(session); + nssSession_Destroy(session); } return object; } static nssCryptokiObject ** -create_objects_from_handles ( - NSSToken *tok, - nssSession *session, - CK_OBJECT_HANDLE *handles, - PRUint32 numH -) +create_objects_from_handles( + NSSToken *tok, + nssSession *session, + CK_OBJECT_HANDLE *handles, + PRUint32 numH) { nssCryptokiObject **objects; objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numH + 1); if (objects) { - PRInt32 i; - for (i=0; i<(PRInt32)numH; i++) { - objects[i] = nssCryptokiObject_Create(tok, session, handles[i]); - if (!objects[i]) { - for (--i; i>0; --i) { - nssCryptokiObject_Destroy(objects[i]); - } - nss_ZFreeIf(objects); - objects = NULL; - break; - } - } + PRInt32 i; + for (i = 0; i < (PRInt32)numH; i++) { + objects[i] = nssCryptokiObject_Create(tok, session, handles[i]); + if (!objects[i]) { + for (--i; i > 0; --i) { + nssCryptokiObject_Destroy(objects[i]); + } + nss_ZFreeIf(objects); + objects = NULL; + break; + } + } } return objects; } static nssCryptokiObject ** -find_objects ( - NSSToken *tok, - nssSession *sessionOpt, - CK_ATTRIBUTE_PTR obj_template, - CK_ULONG otsize, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +find_objects( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG otsize, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_RV ckrv = CKR_OK; CK_ULONG count; @@ -271,166 +261,174 @@ find_objects ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - ckrv = CKR_SESSION_HANDLE_INVALID; - goto loser; + ckrv = CKR_SESSION_HANDLE_INVALID; + goto loser; } /* the arena is only for the array of object handles */ if (maximumOpt > 0) { - arraySize = maximumOpt; - } else { - arraySize = OBJECT_STACK_SIZE; + arraySize = maximumOpt; + } + else { + arraySize = OBJECT_STACK_SIZE; } numHandles = 0; if (arraySize <= OBJECT_STACK_SIZE) { - objectHandles = staticObjects; - } else { - objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize); + objectHandles = staticObjects; + } + else { + objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize); } if (!objectHandles) { - ckrv = CKR_HOST_MEMORY; - goto loser; + ckrv = CKR_HOST_MEMORY; + goto loser; } nssSession_EnterMonitor(session); /* ==== session lock === */ /* Initialize the find with the template */ - ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, + ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, obj_template, otsize); if (ckrv != CKR_OK) { - nssSession_ExitMonitor(session); - goto loser; + nssSession_ExitMonitor(session); + goto loser; } while (PR_TRUE) { - /* Issue the find for up to arraySize - numHandles objects */ - ckrv = CKAPI(epv)->C_FindObjects(session->handle, - objectHandles + numHandles, - arraySize - numHandles, - &count); - if (ckrv != CKR_OK) { - nssSession_ExitMonitor(session); - goto loser; - } - /* bump the number of found objects */ - numHandles += count; - if (maximumOpt > 0 || numHandles < arraySize) { - /* When a maximum is provided, the search is done all at once, - * so the search is finished. If the number returned was less - * than the number sought, the search is finished. - */ - break; - } - /* the array is filled, double it and continue */ - arraySize *= 2; - if (objectHandles == staticObjects) { - objectHandles = nss_ZNEWARRAY(NULL,CK_OBJECT_HANDLE, arraySize); - if (objectHandles) { - PORT_Memcpy(objectHandles, staticObjects, - OBJECT_STACK_SIZE * sizeof(objectHandles[1])); - } - } else { - objectHandles = nss_ZREALLOCARRAY(objectHandles, - CK_OBJECT_HANDLE, - arraySize); - } - if (!objectHandles) { - nssSession_ExitMonitor(session); - ckrv = CKR_HOST_MEMORY; - goto loser; - } + /* Issue the find for up to arraySize - numHandles objects */ + ckrv = CKAPI(epv)->C_FindObjects(session->handle, + objectHandles + numHandles, + arraySize - numHandles, + &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + /* bump the number of found objects */ + numHandles += count; + if (maximumOpt > 0 || numHandles < arraySize) { + /* When a maximum is provided, the search is done all at once, + * so the search is finished. If the number returned was less + * than the number sought, the search is finished. + */ + break; + } + /* the array is filled, double it and continue */ + arraySize *= 2; + if (objectHandles == staticObjects) { + objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize); + if (objectHandles) { + PORT_Memcpy(objectHandles, staticObjects, + OBJECT_STACK_SIZE * sizeof(objectHandles[1])); + } + } + else { + objectHandles = nss_ZREALLOCARRAY(objectHandles, + CK_OBJECT_HANDLE, + arraySize); + } + if (!objectHandles) { + nssSession_ExitMonitor(session); + ckrv = CKR_HOST_MEMORY; + goto loser; + } } ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle); nssSession_ExitMonitor(session); /* ==== end session lock === */ if (ckrv != CKR_OK) { - goto loser; + goto loser; } if (numHandles > 0) { - objects = create_objects_from_handles(tok, session, - objectHandles, numHandles); - } else { - nss_SetError(NSS_ERROR_NOT_FOUND); - objects = NULL; + objects = create_objects_from_handles(tok, session, + objectHandles, numHandles); + } + else { + nss_SetError(NSS_ERROR_NOT_FOUND); + objects = NULL; } if (objectHandles && objectHandles != staticObjects) { - nss_ZFreeIf(objectHandles); + nss_ZFreeIf(objectHandles); } - if (statusOpt) *statusOpt = PR_SUCCESS; + if (statusOpt) + *statusOpt = PR_SUCCESS; return objects; loser: if (objectHandles && objectHandles != staticObjects) { - nss_ZFreeIf(objectHandles); + nss_ZFreeIf(objectHandles); } /* * These errors should be treated the same as if the objects just weren't * found.. */ if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || - (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) || - (ckrv == CKR_DATA_INVALID) || - (ckrv == CKR_DATA_LEN_RANGE) || - (ckrv == CKR_FUNCTION_NOT_SUPPORTED) || - (ckrv == CKR_TEMPLATE_INCOMPLETE) || - (ckrv == CKR_TEMPLATE_INCONSISTENT)) { - - nss_SetError(NSS_ERROR_NOT_FOUND); - if (statusOpt) *statusOpt = PR_SUCCESS; - } else { - nss_SetError(ckrv); - nss_SetError(NSS_ERROR_PKCS11); - if (statusOpt) *statusOpt = PR_FAILURE; + (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) || + (ckrv == CKR_DATA_INVALID) || + (ckrv == CKR_DATA_LEN_RANGE) || + (ckrv == CKR_FUNCTION_NOT_SUPPORTED) || + (ckrv == CKR_TEMPLATE_INCOMPLETE) || + (ckrv == CKR_TEMPLATE_INCONSISTENT)) { + + nss_SetError(NSS_ERROR_NOT_FOUND); + if (statusOpt) + *statusOpt = PR_SUCCESS; + } + else { + nss_SetError(ckrv); + nss_SetError(NSS_ERROR_PKCS11); + if (statusOpt) + *statusOpt = PR_FAILURE; } return (nssCryptokiObject **)NULL; } static nssCryptokiObject ** -find_objects_by_template ( - NSSToken *token, - nssSession *sessionOpt, - CK_ATTRIBUTE_PTR obj_template, - CK_ULONG otsize, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +find_objects_by_template( + NSSToken *token, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG otsize, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_OBJECT_CLASS objclass = (CK_OBJECT_CLASS)-1; nssCryptokiObject **objects = NULL; PRUint32 i; if (!token) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - if (statusOpt) - *statusOpt = PR_FAILURE; - return NULL; + PORT_SetError(SEC_ERROR_NO_TOKEN); + if (statusOpt) + *statusOpt = PR_FAILURE; + return NULL; } - for (i=0; i<otsize; i++) { - if (obj_template[i].type == CKA_CLASS) { - objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue; - break; - } + for (i = 0; i < otsize; i++) { + if (obj_template[i].type == CKA_CLASS) { + objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue; + break; + } } PR_ASSERT(i < otsize); if (i == otsize) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - if (statusOpt) *statusOpt = PR_FAILURE; - return NULL; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + if (statusOpt) + *statusOpt = PR_FAILURE; + return NULL; } /* If these objects are being cached, try looking there first */ - if (token->cache && - nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) - { - PRStatus status; - objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache, - objclass, - obj_template, - otsize, - maximumOpt, - &status); - if (status == PR_SUCCESS) { - if (statusOpt) *statusOpt = status; - return objects; - } + if (token->cache && + nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) { + PRStatus status; + objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache, + objclass, + obj_template, + otsize, + maximumOpt, + &status); + if (status == PR_SUCCESS) { + if (statusOpt) + *statusOpt = status; + return objects; + } } /* Either they are not cached, or cache failed; look on token. */ - objects = find_objects(token, sessionOpt, - obj_template, otsize, + objects = find_objects(token, sessionOpt, + obj_template, otsize, maximumOpt, statusOpt); return objects; } @@ -438,19 +436,18 @@ find_objects_by_template ( extern const NSSError NSS_ERROR_INVALID_CERTIFICATE; NSS_IMPLEMENT nssCryptokiObject * -nssToken_ImportCertificate ( - NSSToken *tok, - nssSession *sessionOpt, - NSSCertificateType certType, - NSSItem *id, - const NSSUTF8 *nickname, - NSSDER *encoding, - NSSDER *issuer, - NSSDER *subject, - NSSDER *serial, - NSSASCII7 *email, - PRBool asTokenObject -) +nssToken_ImportCertificate( + NSSToken *tok, + nssSession *sessionOpt, + NSSCertificateType certType, + NSSItem *id, + const NSSUTF8 *nickname, + NSSDER *encoding, + NSSDER *issuer, + NSSDER *subject, + NSSDER *serial, + NSSASCII7 *email, + PRBool asTokenObject) { PRStatus status; CK_CERTIFICATE_TYPE cert_type; @@ -461,32 +458,34 @@ nssToken_ImportCertificate ( nssCryptokiObject *rvObject = NULL; if (!tok) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return NULL; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return NULL; } if (certType == NSSCertificateType_PKIX) { - cert_type = CKC_X_509; - } else { - return (nssCryptokiObject *)NULL; + cert_type = CKC_X_509; + } + else { + return (nssCryptokiObject *)NULL; } NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); if (asTokenObject) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); - searchType = nssTokenSearchType_TokenOnly; - } else { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - searchType = nssTokenSearchType_SessionOnly; - } - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); - NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE, cert_type); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); - NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + searchType = nssTokenSearchType_TokenOnly; + } + else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + searchType = nssTokenSearchType_SessionOnly; + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CERTIFICATE_TYPE, cert_type); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); if (email) { - NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email); } NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); /* see if the cert is already there */ @@ -497,67 +496,68 @@ nssToken_ImportCertificate ( searchType, NULL); if (rvObject) { - NSSItem existingDER; - NSSSlot *slot = nssToken_GetSlot(tok); - nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE); - if (!session) { - nssCryptokiObject_Destroy(rvObject); - nssSlot_Destroy(slot); - return (nssCryptokiObject *)NULL; - } - /* Reject any attempt to import a new cert that has the same - * issuer/serial as an existing cert, but does not have the - * same encoding - */ - NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); - NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); - NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); - status = nssCKObject_GetAttributes(rvObject->handle, - cert_tmpl, ctsize, NULL, - session, slot); - NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER); - if (status == PR_SUCCESS) { - if (!nssItem_Equal(encoding, &existingDER, NULL)) { - nss_SetError(NSS_ERROR_INVALID_CERTIFICATE); - status = PR_FAILURE; - } - nss_ZFreeIf(existingDER.data); - } - if (status == PR_FAILURE) { - nssCryptokiObject_Destroy(rvObject); - nssSession_Destroy(session); - nssSlot_Destroy(slot); - return (nssCryptokiObject *)NULL; - } - /* according to PKCS#11, label, ID, issuer, and serial number - * may change after the object has been created. For PKIX, the - * last two attributes can't change, so for now we'll only worry - * about the first two. - */ - NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); - NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); - NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); - /* reset the mutable attributes on the token */ - nssCKObject_SetAttributes(rvObject->handle, - cert_tmpl, ctsize, - session, slot); - if (!rvObject->label && nickname) { - rvObject->label = nssUTF8_Duplicate(nickname, NULL); - } - nssSession_Destroy(session); - nssSlot_Destroy(slot); - } else { - /* Import the certificate onto the token */ - rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize); + NSSItem existingDER; + NSSSlot *slot = nssToken_GetSlot(tok); + nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE); + if (!session) { + nssCryptokiObject_Destroy(rvObject); + nssSlot_Destroy(slot); + return (nssCryptokiObject *)NULL; + } + /* Reject any attempt to import a new cert that has the same + * issuer/serial as an existing cert, but does not have the + * same encoding + */ + NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); + NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); + NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); + status = nssCKObject_GetAttributes(rvObject->handle, + cert_tmpl, ctsize, NULL, + session, slot); + NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER); + if (status == PR_SUCCESS) { + if (!nssItem_Equal(encoding, &existingDER, NULL)) { + nss_SetError(NSS_ERROR_INVALID_CERTIFICATE); + status = PR_FAILURE; + } + nss_ZFreeIf(existingDER.data); + } + if (status == PR_FAILURE) { + nssCryptokiObject_Destroy(rvObject); + nssSession_Destroy(session); + nssSlot_Destroy(slot); + return (nssCryptokiObject *)NULL; + } + /* according to PKCS#11, label, ID, issuer, and serial number + * may change after the object has been created. For PKIX, the + * last two attributes can't change, so for now we'll only worry + * about the first two. + */ + NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); + NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); + /* reset the mutable attributes on the token */ + nssCKObject_SetAttributes(rvObject->handle, + cert_tmpl, ctsize, + session, slot); + if (!rvObject->label && nickname) { + rvObject->label = nssUTF8_Duplicate(nickname, NULL); + } + nssSession_Destroy(session); + nssSlot_Destroy(slot); + } + else { + /* Import the certificate onto the token */ + rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize); } if (rvObject && tok->cache) { - /* The cache will overwrite the attributes if the object already - * exists. - */ - nssTokenObjectCache_ImportObject(tok->cache, rvObject, - CKO_CERTIFICATE, - cert_tmpl, ctsize); + /* The cache will overwrite the attributes if the object already + * exists. + */ + nssTokenObjectCache_ImportObject(tok->cache, rvObject, + CKO_CERTIFICATE, + cert_tmpl, ctsize); } return rvObject; } @@ -566,14 +566,13 @@ nssToken_ImportCertificate ( * if the token has been marked as "traversable" */ NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindObjects ( - NSSToken *token, - nssSession *sessionOpt, - CK_OBJECT_CLASS objclass, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindObjects( + NSSToken *token, + nssSession *sessionOpt, + CK_OBJECT_CLASS objclass, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE obj_template[2]; @@ -582,35 +581,36 @@ nssToken_FindObjects ( NSS_CK_TEMPLATE_START(obj_template, attr, obj_size); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly || - searchType == nssTokenSearchType_TokenForced) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly || + searchType == nssTokenSearchType_TokenForced) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } - NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, objclass); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass); NSS_CK_TEMPLATE_FINISH(obj_template, attr, obj_size); if (searchType == nssTokenSearchType_TokenForced) { - objects = find_objects(token, sessionOpt, - obj_template, obj_size, - maximumOpt, statusOpt); - } else { - objects = find_objects_by_template(token, sessionOpt, - obj_template, obj_size, - maximumOpt, statusOpt); + objects = find_objects(token, sessionOpt, + obj_template, obj_size, + maximumOpt, statusOpt); + } + else { + objects = find_objects_by_template(token, sessionOpt, + obj_template, obj_size, + maximumOpt, statusOpt); } return objects; } NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindCertificatesBySubject ( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindCertificatesBySubject( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE subj_template[3]; @@ -619,9 +619,10 @@ nssToken_FindCertificatesBySubject ( NSS_CK_TEMPLATE_START(subj_template, attr, stsize); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); @@ -634,14 +635,13 @@ nssToken_FindCertificatesBySubject ( } NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindCertificatesByNickname ( - NSSToken *token, - nssSession *sessionOpt, - const NSSUTF8 *name, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindCertificatesByNickname( + NSSToken *token, + nssSession *sessionOpt, + const NSSUTF8 *name, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE nick_template[3]; @@ -651,27 +651,28 @@ nssToken_FindCertificatesByNickname ( NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize); /* now locate the token certs matching this template */ objects = find_objects_by_template(token, sessionOpt, - nick_template, ntsize, + nick_template, ntsize, maximumOpt, statusOpt); if (!objects) { - /* This is to workaround the fact that PKCS#11 doesn't specify - * whether the '\0' should be included. XXX Is that still true? - * im - this is not needed by the current softoken. However, I'm - * leaving it in until I have surveyed more tokens to see if it needed. - * well, its needed by the builtin token... - */ - nick_template[0].ulValueLen++; - objects = find_objects_by_template(token, sessionOpt, - nick_template, ntsize, - maximumOpt, statusOpt); + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + * im - this is not needed by the current softoken. However, I'm + * leaving it in until I have surveyed more tokens to see if it needed. + * well, its needed by the builtin token... + */ + nick_template[0].ulValueLen++; + objects = find_objects_by_template(token, sessionOpt, + nick_template, ntsize, + maximumOpt, statusOpt); } return objects; } @@ -683,14 +684,13 @@ nssToken_FindCertificatesByNickname ( * it just won't return a value for it. */ NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindCertificatesByEmail ( - NSSToken *token, - nssSession *sessionOpt, - NSSASCII7 *email, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindCertificatesByEmail( + NSSToken *token, + nssSession *sessionOpt, + NSSASCII7 *email, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE email_template[3]; @@ -700,9 +700,10 @@ nssToken_FindCertificatesByEmail ( NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize); @@ -711,29 +712,28 @@ nssToken_FindCertificatesByEmail ( email_template, etsize, maximumOpt, statusOpt); if (!objects) { - /* This is to workaround the fact that PKCS#11 doesn't specify - * whether the '\0' should be included. XXX Is that still true? - * im - this is not needed by the current softoken. However, I'm - * leaving it in until I have surveyed more tokens to see if it needed. - * well, its needed by the builtin token... - */ - email_template[0].ulValueLen++; - objects = find_objects(token, sessionOpt, - email_template, etsize, - maximumOpt, statusOpt); + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + * im - this is not needed by the current softoken. However, I'm + * leaving it in until I have surveyed more tokens to see if it needed. + * well, its needed by the builtin token... + */ + email_template[0].ulValueLen++; + objects = find_objects(token, sessionOpt, + email_template, etsize, + maximumOpt, statusOpt); } return objects; } NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindCertificatesByID ( - NSSToken *token, - nssSession *sessionOpt, - NSSItem *id, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindCertificatesByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *id, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE id_template[3]; @@ -743,9 +743,10 @@ nssToken_FindCertificatesByID ( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize); @@ -767,46 +768,45 @@ nssToken_decodeSerialItem(NSSItem *serial, NSSItem *serialDecode) int data_left, data_len, index; if ((serial->size >= 3) && (data[0] == 0x2)) { - /* remove the der encoding of the serial number before generating the - * key.. */ - data_left = serial->size-2; - data_len = data[1]; - index = 2; - - /* extended length ? (not very likely for a serial number) */ - if (data_len & 0x80) { - int len_count = data_len & 0x7f; - - data_len = 0; - data_left -= len_count; - if (data_left > 0) { - while (len_count --) { - data_len = (data_len << 8) | data[index++]; - } - } - } - /* XXX leaving any leading zeros on the serial number for backwards - * compatibility - */ - /* not a valid der, must be just an unlucky serial number value */ - if (data_len == data_left) { - serialDecode->size = data_len; - serialDecode->data = &data[index]; - return PR_SUCCESS; - } + /* remove the der encoding of the serial number before generating the + * key.. */ + data_left = serial->size - 2; + data_len = data[1]; + index = 2; + + /* extended length ? (not very likely for a serial number) */ + if (data_len & 0x80) { + int len_count = data_len & 0x7f; + + data_len = 0; + data_left -= len_count; + if (data_left > 0) { + while (len_count--) { + data_len = (data_len << 8) | data[index++]; + } + } + } + /* XXX leaving any leading zeros on the serial number for backwards + * compatibility + */ + /* not a valid der, must be just an unlucky serial number value */ + if (data_len == data_left) { + serialDecode->size = data_len; + serialDecode->data = &data[index]; + return PR_SUCCESS; + } } return PR_FAILURE; } NSS_IMPLEMENT nssCryptokiObject * -nssToken_FindCertificateByIssuerAndSerialNumber ( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *issuer, - NSSDER *serial, - nssTokenSearchType searchType, - PRStatus *statusOpt -) +nssToken_FindCertificateByIssuerAndSerialNumber( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *issuer, + NSSDER *serial, + nssTokenSearchType searchType, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE_PTR serialAttr; @@ -817,37 +817,39 @@ nssToken_FindCertificateByIssuerAndSerialNumber ( NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); if (!token) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - if (statusOpt) - *statusOpt = PR_FAILURE; - return NULL; + PORT_SetError(SEC_ERROR_NO_TOKEN); + if (statusOpt) + *statusOpt = PR_FAILURE; + return NULL; } /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if ((searchType == nssTokenSearchType_TokenOnly) || - (searchType == nssTokenSearchType_TokenForced)) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if ((searchType == nssTokenSearchType_TokenOnly) || + (searchType == nssTokenSearchType_TokenForced)) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } /* Set the unique id */ - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); serialAttr = attr; - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); /* get the object handle */ if (searchType == nssTokenSearchType_TokenForced) { - objects = find_objects(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); - } else { - objects = find_objects_by_template(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); + objects = find_objects(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); + } + else { + objects = find_objects_by_template(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); } if (objects) { - rvObject = objects[0]; - nss_ZFreeIf(objects); + rvObject = objects[0]; + nss_ZFreeIf(objects); } /* @@ -855,39 +857,39 @@ nssToken_FindCertificateByIssuerAndSerialNumber ( * because of this old tokens have decoded serial numbers. */ if (!objects) { - NSSItem serialDecode; - PRStatus status; - - status = nssToken_decodeSerialItem(serial, &serialDecode); - if (status != PR_SUCCESS) { - return NULL; - } - NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr,CKA_SERIAL_NUMBER,&serialDecode); - if (searchType == nssTokenSearchType_TokenForced) { - objects = find_objects(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); - } else { - objects = find_objects_by_template(token, sessionOpt, - cert_template, ctsize, - 1, statusOpt); - } - if (objects) { - rvObject = objects[0]; - nss_ZFreeIf(objects); - } + NSSItem serialDecode; + PRStatus status; + + status = nssToken_decodeSerialItem(serial, &serialDecode); + if (status != PR_SUCCESS) { + return NULL; + } + NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr, CKA_SERIAL_NUMBER, &serialDecode); + if (searchType == nssTokenSearchType_TokenForced) { + objects = find_objects(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); + } + else { + objects = find_objects_by_template(token, sessionOpt, + cert_template, ctsize, + 1, statusOpt); + } + if (objects) { + rvObject = objects[0]; + nss_ZFreeIf(objects); + } } return rvObject; } NSS_IMPLEMENT nssCryptokiObject * -nssToken_FindCertificateByEncodedCertificate ( - NSSToken *token, - nssSession *sessionOpt, - NSSBER *encodedCertificate, - nssTokenSearchType searchType, - PRStatus *statusOpt -) +nssToken_FindCertificateByEncodedCertificate( + NSSToken *token, + nssSession *sessionOpt, + NSSBER *encodedCertificate, + nssTokenSearchType searchType, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE cert_template[3]; @@ -897,9 +899,10 @@ nssToken_FindCertificateByEncodedCertificate ( NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate); @@ -909,20 +912,19 @@ nssToken_FindCertificateByEncodedCertificate ( cert_template, ctsize, 1, statusOpt); if (objects) { - rvObject = objects[0]; - nss_ZFreeIf(objects); + rvObject = objects[0]; + nss_ZFreeIf(objects); } return rvObject; } NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindPrivateKeys ( - NSSToken *token, - nssSession *sessionOpt, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindPrivateKeys( + NSSToken *token, + nssSession *sessionOpt, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE key_template[2]; @@ -932,25 +934,25 @@ nssToken_FindPrivateKeys ( NSS_CK_TEMPLATE_START(key_template, attr, ktsize); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey); if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); objects = find_objects_by_template(token, sessionOpt, - key_template, ktsize, + key_template, ktsize, maximumOpt, statusOpt); return objects; } /* XXX ?there are no session cert objects, so only search token objects */ NSS_IMPLEMENT nssCryptokiObject * -nssToken_FindPrivateKeyByID ( - NSSToken *token, - nssSession *sessionOpt, - NSSItem *keyID -) +nssToken_FindPrivateKeyByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *keyID) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE key_template[3]; @@ -965,22 +967,21 @@ nssToken_FindPrivateKeyByID ( NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); objects = find_objects_by_template(token, sessionOpt, - key_template, ktsize, + key_template, ktsize, 1, NULL); if (objects) { - rvKey = objects[0]; - nss_ZFreeIf(objects); + rvKey = objects[0]; + nss_ZFreeIf(objects); } return rvKey; } /* XXX ?there are no session cert objects, so only search token objects */ NSS_IMPLEMENT nssCryptokiObject * -nssToken_FindPublicKeyByID ( - NSSToken *token, - nssSession *sessionOpt, - NSSItem *keyID -) +nssToken_FindPublicKeyByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *keyID) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE key_template[3]; @@ -995,11 +996,11 @@ nssToken_FindPublicKeyByID ( NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); objects = find_objects_by_template(token, sessionOpt, - key_template, ktsize, + key_template, ktsize, 1, NULL); if (objects) { - rvKey = objects[0]; - nss_ZFreeIf(objects); + rvKey = objects[0]; + nss_ZFreeIf(objects); } return rvKey; } @@ -1029,38 +1030,47 @@ md5_hash(NSSItem *input, NSSItem *output) } static CK_TRUST -get_ck_trust ( - nssTrustLevel nssTrust -) +get_ck_trust( + nssTrustLevel nssTrust) { CK_TRUST t; switch (nssTrust) { - case nssTrustLevel_NotTrusted: t = CKT_NSS_NOT_TRUSTED; break; - case nssTrustLevel_TrustedDelegator: t = CKT_NSS_TRUSTED_DELEGATOR; - break; - case nssTrustLevel_ValidDelegator: t = CKT_NSS_VALID_DELEGATOR; break; - case nssTrustLevel_Trusted: t = CKT_NSS_TRUSTED; break; - case nssTrustLevel_MustVerify: t = CKT_NSS_MUST_VERIFY_TRUST; break; - case nssTrustLevel_Unknown: - default: t = CKT_NSS_TRUST_UNKNOWN; break; + case nssTrustLevel_NotTrusted: + t = CKT_NSS_NOT_TRUSTED; + break; + case nssTrustLevel_TrustedDelegator: + t = CKT_NSS_TRUSTED_DELEGATOR; + break; + case nssTrustLevel_ValidDelegator: + t = CKT_NSS_VALID_DELEGATOR; + break; + case nssTrustLevel_Trusted: + t = CKT_NSS_TRUSTED; + break; + case nssTrustLevel_MustVerify: + t = CKT_NSS_MUST_VERIFY_TRUST; + break; + case nssTrustLevel_Unknown: + default: + t = CKT_NSS_TRUST_UNKNOWN; + break; } return t; } - + NSS_IMPLEMENT nssCryptokiObject * -nssToken_ImportTrust ( - NSSToken *tok, - nssSession *sessionOpt, - NSSDER *certEncoding, - NSSDER *certIssuer, - NSSDER *certSerial, - nssTrustLevel serverAuth, - nssTrustLevel clientAuth, - nssTrustLevel codeSigning, - nssTrustLevel emailProtection, - PRBool stepUpApproved, - PRBool asTokenObject -) +nssToken_ImportTrust( + NSSToken *tok, + nssSession *sessionOpt, + NSSDER *certEncoding, + NSSDER *certIssuer, + NSSDER *certSerial, + nssTrustLevel serverAuth, + nssTrustLevel clientAuth, + nssTrustLevel codeSigning, + nssTrustLevel emailProtection, + PRBool stepUpApproved, + PRBool asTokenObject) { nssCryptokiObject *object; CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST; @@ -1071,8 +1081,10 @@ nssToken_ImportTrust ( PRUint8 sha1[20]; /* this is cheating... */ PRUint8 md5[16]; NSSItem sha1_result, md5_result; - sha1_result.data = sha1; sha1_result.size = sizeof sha1; - md5_result.data = md5; md5_result.size = sizeof md5; + sha1_result.data = sha1; + sha1_result.size = sizeof sha1; + md5_result.data = md5; + md5_result.size = sizeof md5; sha1_hash(certEncoding, &sha1_result); md5_hash(certEncoding, &md5_result); ckSA = get_ck_trust(serverAuth); @@ -1081,46 +1093,47 @@ nssToken_ImportTrust ( ckEP = get_ck_trust(emailProtection); NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize); if (asTokenObject) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); - } else { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); } - NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result); /* now set the trust values */ - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, ckSA); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, ckSA); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS); NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP); if (stepUpApproved) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, - &g_ck_true); - } else { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, - &g_ck_false); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, + &g_ck_true); + } + else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, + &g_ck_false); } NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize); /* import the trust object onto the token */ object = import_object(tok, sessionOpt, trust_tmpl, tsize); if (object && tok->cache) { - nssTokenObjectCache_ImportObject(tok->cache, object, tobjc, - trust_tmpl, tsize); + nssTokenObjectCache_ImportObject(tok->cache, object, tobjc, + trust_tmpl, tsize); } return object; } NSS_IMPLEMENT nssCryptokiObject * -nssToken_FindTrustForCertificate ( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *certEncoding, - NSSDER *certIssuer, - NSSDER *certSerial, - nssTokenSearchType searchType -) +nssToken_FindTrustForCertificate( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *certEncoding, + NSSDER *certIssuer, + NSSDER *certSerial, + nssTokenSearchType searchType) { CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST; CK_ATTRIBUTE_PTR attr; @@ -1131,38 +1144,37 @@ nssToken_FindTrustForCertificate ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return object; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return object; } NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); if (searchType == nssTokenSearchType_TokenOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } - NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial); NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); objects = find_objects_by_template(token, session, tobj_template, tobj_size, 1, NULL); if (objects) { - object = objects[0]; - nss_ZFreeIf(objects); + object = objects[0]; + nss_ZFreeIf(objects); } return object; } - + NSS_IMPLEMENT nssCryptokiObject * -nssToken_ImportCRL ( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - NSSDER *encoding, - PRBool isKRL, - NSSUTF8 *url, - PRBool asTokenObject -) +nssToken_ImportCRL( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + NSSDER *encoding, + PRBool isKRL, + NSSUTF8 *url, + PRBool asTokenObject) { nssCryptokiObject *object; CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL; @@ -1172,39 +1184,40 @@ nssToken_ImportCRL ( NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize); if (asTokenObject) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); - } else { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); } - NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding); NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url); if (isKRL) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true); - } else { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true); + } + else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false); } NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize); /* import the crl object onto the token */ object = import_object(token, sessionOpt, crl_tmpl, crlsize); if (object && token->cache) { - nssTokenObjectCache_ImportObject(token->cache, object, crlobjc, - crl_tmpl, crlsize); + nssTokenObjectCache_ImportObject(token->cache, object, crlobjc, + crl_tmpl, crlsize); } return object; } NSS_IMPLEMENT nssCryptokiObject ** -nssToken_FindCRLsBySubject ( - NSSToken *token, - nssSession *sessionOpt, - NSSDER *subject, - nssTokenSearchType searchType, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssToken_FindCRLsBySubject( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt) { CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL; CK_ATTRIBUTE_PTR attr; @@ -1215,18 +1228,19 @@ nssToken_FindCRLsBySubject ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return objects; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return objects; } NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size); if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly || - searchType == nssTokenSearchType_TokenForced) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly || + searchType == nssTokenSearchType_TokenForced) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } - NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size); @@ -1237,17 +1251,16 @@ nssToken_FindCRLsBySubject ( } NSS_IMPLEMENT PRStatus -nssToken_GetCachedObjectAttributes ( - NSSToken *token, - NSSArena *arenaOpt, - nssCryptokiObject *object, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR atemplate, - CK_ULONG atlen -) +nssToken_GetCachedObjectAttributes( + NSSToken *token, + NSSArena *arenaOpt, + nssCryptokiObject *object, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR atemplate, + CK_ULONG atlen) { if (!token->cache) { - return PR_FAILURE; + return PR_FAILURE; } return nssTokenObjectCache_GetObjectAttributes(token->cache, arenaOpt, object, objclass, @@ -1255,14 +1268,13 @@ nssToken_GetCachedObjectAttributes ( } NSS_IMPLEMENT NSSItem * -nssToken_Digest ( - NSSToken *tok, - nssSession *sessionOpt, - NSSAlgorithmAndParameters *ap, - NSSItem *data, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +nssToken_Digest( + NSSToken *tok, + nssSession *sessionOpt, + NSSAlgorithmAndParameters *ap, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt) { CK_RV ckrv; CK_ULONG digestLen; @@ -1273,15 +1285,15 @@ nssToken_Digest ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return rvItem; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return rvItem; } nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism); if (ckrv != CKR_OK) { - nssSession_ExitMonitor(session); - return NULL; + nssSession_ExitMonitor(session); + return NULL; } #if 0 /* XXX the standard says this should work, but it doesn't */ @@ -1294,45 +1306,44 @@ nssToken_Digest ( digestLen = 0; /* XXX for now */ digest = NULL; if (rvOpt) { - if (rvOpt->size > 0 && rvOpt->size < digestLen) { - nssSession_ExitMonitor(session); - /* the error should be bad args */ - return NULL; - } - if (rvOpt->data) { - digest = rvOpt->data; - } - digestLen = rvOpt->size; + if (rvOpt->size > 0 && rvOpt->size < digestLen) { + nssSession_ExitMonitor(session); + /* the error should be bad args */ + return NULL; + } + if (rvOpt->data) { + digest = rvOpt->data; + } + digestLen = rvOpt->size; } if (!digest) { - digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen); - if (!digest) { - nssSession_ExitMonitor(session); - return NULL; - } - } - ckrv = CKAPI(epv)->C_Digest(session->handle, - (CK_BYTE_PTR)data->data, + digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen); + if (!digest) { + nssSession_ExitMonitor(session); + return NULL; + } + } + ckrv = CKAPI(epv)->C_Digest(session->handle, + (CK_BYTE_PTR)data->data, (CK_ULONG)data->size, (CK_BYTE_PTR)digest, &digestLen); nssSession_ExitMonitor(session); if (ckrv != CKR_OK) { - nss_ZFreeIf(digest); - return NULL; + nss_ZFreeIf(digest); + return NULL; } if (!rvOpt) { - rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest); + rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest); } return rvItem; } NSS_IMPLEMENT PRStatus -nssToken_BeginDigest ( - NSSToken *tok, - nssSession *sessionOpt, - NSSAlgorithmAndParameters *ap -) +nssToken_BeginDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSAlgorithmAndParameters *ap) { CK_RV ckrv; void *epv = nssToken_GetCryptokiEPV(tok); @@ -1340,8 +1351,8 @@ nssToken_BeginDigest ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return PR_FAILURE; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return PR_FAILURE; } nssSession_EnterMonitor(session); @@ -1351,11 +1362,10 @@ nssToken_BeginDigest ( } NSS_IMPLEMENT PRStatus -nssToken_ContinueDigest ( - NSSToken *tok, - nssSession *sessionOpt, - NSSItem *item -) +nssToken_ContinueDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSItem *item) { CK_RV ckrv; void *epv = nssToken_GetCryptokiEPV(tok); @@ -1363,25 +1373,24 @@ nssToken_ContinueDigest ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return PR_FAILURE; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return PR_FAILURE; } nssSession_EnterMonitor(session); - ckrv = CKAPI(epv)->C_DigestUpdate(session->handle, - (CK_BYTE_PTR)item->data, + ckrv = CKAPI(epv)->C_DigestUpdate(session->handle, + (CK_BYTE_PTR)item->data, (CK_ULONG)item->size); nssSession_ExitMonitor(session); return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; } NSS_IMPLEMENT NSSItem * -nssToken_FinishDigest ( - NSSToken *tok, - nssSession *sessionOpt, - NSSItem *rvOpt, - NSSArena *arenaOpt -) +nssToken_FinishDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt) { CK_RV ckrv; CK_ULONG digestLen; @@ -1392,72 +1401,70 @@ nssToken_FinishDigest ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return NULL; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return NULL; } nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen); if (ckrv != CKR_OK || digestLen == 0) { - nssSession_ExitMonitor(session); - return NULL; + nssSession_ExitMonitor(session); + return NULL; } digest = NULL; if (rvOpt) { - if (rvOpt->size > 0 && rvOpt->size < digestLen) { - nssSession_ExitMonitor(session); - /* the error should be bad args */ - return NULL; - } - if (rvOpt->data) { - digest = rvOpt->data; - } - digestLen = rvOpt->size; + if (rvOpt->size > 0 && rvOpt->size < digestLen) { + nssSession_ExitMonitor(session); + /* the error should be bad args */ + return NULL; + } + if (rvOpt->data) { + digest = rvOpt->data; + } + digestLen = rvOpt->size; } if (!digest) { - digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen); - if (!digest) { - nssSession_ExitMonitor(session); - return NULL; - } + digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen); + if (!digest) { + nssSession_ExitMonitor(session); + return NULL; + } } ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen); nssSession_ExitMonitor(session); if (ckrv != CKR_OK) { - nss_ZFreeIf(digest); - return NULL; + nss_ZFreeIf(digest); + return NULL; } if (!rvOpt) { - rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest); + rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest); } return rvItem; } NSS_IMPLEMENT PRBool -nssToken_IsPresent ( - NSSToken *token -) +nssToken_IsPresent( + NSSToken *token) { return nssSlot_IsTokenPresent(token->slot); } /* Sigh. The methods to find objects declared above cause problems with - * the low-level object cache in the softoken -- the objects are found in - * toto, then one wave of GetAttributes is done, then another. Having a - * large number of objects causes the cache to be thrashed, as the objects + * the low-level object cache in the softoken -- the objects are found in + * toto, then one wave of GetAttributes is done, then another. Having a + * large number of objects causes the cache to be thrashed, as the objects * are gone before there's any chance to ask for their attributes. - * So, for now, bringing back traversal methods for certs. This way all of + * So, for now, bringing back traversal methods for certs. This way all of * the cert's attributes can be grabbed immediately after finding it, * increasing the likelihood that the cache takes care of it. */ NSS_IMPLEMENT PRStatus -nssToken_TraverseCertificates ( - NSSToken *token, - nssSession *sessionOpt, - nssTokenSearchType searchType, - PRStatus (* callback)(nssCryptokiObject *instance, void *arg), - void *arg -) +nssToken_TraverseCertificates( + NSSToken *token, + nssSession *sessionOpt, + nssTokenSearchType searchType, + PRStatus (*callback)(nssCryptokiObject *instance, void *arg), + void *arg) { CK_RV ckrv; CK_ULONG count; @@ -1473,17 +1480,18 @@ nssToken_TraverseCertificates ( /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { - PORT_SetError(SEC_ERROR_NO_TOKEN); - return PR_FAILURE; + PORT_SetError(SEC_ERROR_NO_TOKEN); + return PR_FAILURE; } /* template for all certs */ NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); if (searchType == nssTokenSearchType_SessionOnly) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); - } else if (searchType == nssTokenSearchType_TokenOnly || - searchType == nssTokenSearchType_TokenForced) { - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + else if (searchType == nssTokenSearchType_TokenOnly || + searchType == nssTokenSearchType_TokenForced) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); @@ -1491,62 +1499,62 @@ nssToken_TraverseCertificates ( /* the arena is only for the array of object handles */ arena = nssArena_Create(); if (!arena) { - return PR_FAILURE; + return PR_FAILURE; } arraySize = OBJECT_STACK_SIZE; numHandles = 0; objectHandles = nss_ZNEWARRAY(arena, CK_OBJECT_HANDLE, arraySize); if (!objectHandles) { - goto loser; + goto loser; } nssSession_EnterMonitor(session); /* ==== session lock === */ /* Initialize the find with the template */ - ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, + ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, cert_template, ctsize); if (ckrv != CKR_OK) { - nssSession_ExitMonitor(session); - goto loser; + nssSession_ExitMonitor(session); + goto loser; } while (PR_TRUE) { - /* Issue the find for up to arraySize - numHandles objects */ - ckrv = CKAPI(epv)->C_FindObjects(session->handle, - objectHandles + numHandles, - arraySize - numHandles, - &count); - if (ckrv != CKR_OK) { - nssSession_ExitMonitor(session); - goto loser; - } - /* bump the number of found objects */ - numHandles += count; - if (numHandles < arraySize) { - break; - } - /* the array is filled, double it and continue */ - arraySize *= 2; - objectHandles = nss_ZREALLOCARRAY(objectHandles, - CK_OBJECT_HANDLE, - arraySize); - if (!objectHandles) { - nssSession_ExitMonitor(session); - goto loser; - } + /* Issue the find for up to arraySize - numHandles objects */ + ckrv = CKAPI(epv)->C_FindObjects(session->handle, + objectHandles + numHandles, + arraySize - numHandles, + &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + /* bump the number of found objects */ + numHandles += count; + if (numHandles < arraySize) { + break; + } + /* the array is filled, double it and continue */ + arraySize *= 2; + objectHandles = nss_ZREALLOCARRAY(objectHandles, + CK_OBJECT_HANDLE, + arraySize); + if (!objectHandles) { + nssSession_ExitMonitor(session); + goto loser; + } } ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle); nssSession_ExitMonitor(session); /* ==== end session lock === */ if (ckrv != CKR_OK) { - goto loser; + goto loser; } if (numHandles > 0) { - objects = create_objects_from_handles(token, session, - objectHandles, numHandles); - if (objects) { - nssCryptokiObject **op; - for (op = objects; *op; op++) { - (void)(*callback)(*op, arg); - } - nss_ZFreeIf(objects); - } + objects = create_objects_from_handles(token, session, + objectHandles, numHandles); + if (objects) { + nssCryptokiObject **op; + for (op = objects; *op; op++) { + (void)(*callback)(*op, arg); + } + nss_ZFreeIf(objects); + } } nssArena_Destroy(arena); return PR_SUCCESS; @@ -1556,24 +1564,25 @@ loser: } NSS_IMPLEMENT PRBool -nssToken_IsPrivateKeyAvailable ( - NSSToken *token, - NSSCertificate *c, - nssCryptokiObject *instance -) +nssToken_IsPrivateKeyAvailable( + NSSToken *token, + NSSCertificate *c, + nssCryptokiObject *instance) { CK_OBJECT_CLASS theClass; - if (token == NULL) return PR_FALSE; - if (c == NULL) return PR_FALSE; + if (token == NULL) + return PR_FALSE; + if (c == NULL) + return PR_FALSE; theClass = CKO_PRIVATE_KEY; if (!nssSlot_IsLoggedIn(token->slot)) { - theClass = CKO_PUBLIC_KEY; + theClass = CKO_PUBLIC_KEY; } - if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) - != CK_INVALID_HANDLE) { - return PR_TRUE; + if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) != + CK_INVALID_HANDLE) { + return PR_TRUE; } return PR_FALSE; } diff --git a/lib/dev/devutil.c b/lib/dev/devutil.c index 400b69d7c..980aa2852 100644 --- a/lib/dev/devutil.c +++ b/lib/dev/devutil.c @@ -11,31 +11,30 @@ #endif /* CKHELPER_H */ NSS_IMPLEMENT nssCryptokiObject * -nssCryptokiObject_Create ( - NSSToken *t, - nssSession *session, - CK_OBJECT_HANDLE h -) +nssCryptokiObject_Create( + NSSToken *t, + nssSession *session, + CK_OBJECT_HANDLE h) { PRStatus status; NSSSlot *slot; nssCryptokiObject *object; CK_BBOOL *isTokenObject; CK_ATTRIBUTE cert_template[] = { - { CKA_TOKEN, NULL, 0 }, - { CKA_LABEL, NULL, 0 } + { CKA_TOKEN, NULL, 0 }, + { CKA_LABEL, NULL, 0 } }; slot = nssToken_GetSlot(t); status = nssCKObject_GetAttributes(h, cert_template, 2, NULL, session, slot); nssSlot_Destroy(slot); if (status != PR_SUCCESS) { - /* a failure here indicates a device error */ - return (nssCryptokiObject *)NULL; + /* a failure here indicates a device error */ + return (nssCryptokiObject *)NULL; } object = nss_ZNEW(NULL, nssCryptokiObject); if (!object) { - return (nssCryptokiObject *)NULL; + return (nssCryptokiObject *)NULL; } object->handle = h; object->token = nssToken_AddRef(t); @@ -47,40 +46,37 @@ nssCryptokiObject_Create ( } NSS_IMPLEMENT void -nssCryptokiObject_Destroy ( - nssCryptokiObject *object -) +nssCryptokiObject_Destroy( + nssCryptokiObject *object) { if (object) { - nssToken_Destroy(object->token); - nss_ZFreeIf(object->label); - nss_ZFreeIf(object); + nssToken_Destroy(object->token); + nss_ZFreeIf(object->label); + nss_ZFreeIf(object); } } NSS_IMPLEMENT nssCryptokiObject * -nssCryptokiObject_Clone ( - nssCryptokiObject *object -) +nssCryptokiObject_Clone( + nssCryptokiObject *object) { nssCryptokiObject *rvObject; rvObject = nss_ZNEW(NULL, nssCryptokiObject); if (rvObject) { - rvObject->handle = object->handle; - rvObject->token = nssToken_AddRef(object->token); - rvObject->isTokenObject = object->isTokenObject; - if (object->label) { - rvObject->label = nssUTF8_Duplicate(object->label, NULL); - } + rvObject->handle = object->handle; + rvObject->token = nssToken_AddRef(object->token); + rvObject->isTokenObject = object->isTokenObject; + if (object->label) { + rvObject->label = nssUTF8_Duplicate(object->label, NULL); + } } return rvObject; } NSS_EXTERN PRBool -nssCryptokiObject_Equal ( - nssCryptokiObject *o1, - nssCryptokiObject *o2 -) +nssCryptokiObject_Equal( + nssCryptokiObject *o1, + nssCryptokiObject *o2) { return (o1->token == o2->token && o1->handle == o2->handle); } @@ -89,9 +85,10 @@ NSS_IMPLEMENT PRUint32 nssPKCS11String_Length(CK_CHAR *pkcs11Str, PRUint32 bufLen) { PRInt32 i; - for (i = bufLen - 1; i>=0; ) { - if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0') break; - --i; + for (i = bufLen - 1; i >= 0;) { + if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0') + break; + --i; } return (PRUint32)(i + 1); } @@ -101,126 +98,118 @@ nssPKCS11String_Length(CK_CHAR *pkcs11Str, PRUint32 bufLen) */ NSS_IMPLEMENT NSSSlot ** -nssSlotArray_Clone ( - NSSSlot **slots -) +nssSlotArray_Clone( + NSSSlot **slots) { NSSSlot **rvSlots = NULL; NSSSlot **sp = slots; PRUint32 count = 0; - while (sp && *sp) count++; + while (sp && *sp) + count++; if (count > 0) { - rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1); - if (rvSlots) { - for (sp = slots, count = 0; *sp; sp++) { - rvSlots[count++] = nssSlot_AddRef(*sp); - } - } + rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1); + if (rvSlots) { + for (sp = slots, count = 0; *sp; sp++) { + rvSlots[count++] = nssSlot_AddRef(*sp); + } + } } return rvSlots; } NSS_IMPLEMENT void -nssSlotArray_Destroy ( - NSSSlot **slots -) +nssSlotArray_Destroy( + NSSSlot **slots) { if (slots) { - NSSSlot **slotp; - for (slotp = slots; *slotp; slotp++) { - nssSlot_Destroy(*slotp); - } - nss_ZFreeIf(slots); + NSSSlot **slotp; + for (slotp = slots; *slotp; slotp++) { + nssSlot_Destroy(*slotp); + } + nss_ZFreeIf(slots); } } NSS_IMPLEMENT void -NSSSlotArray_Destroy ( - NSSSlot **slots -) +NSSSlotArray_Destroy( + NSSSlot **slots) { nssSlotArray_Destroy(slots); } NSS_IMPLEMENT void -nssTokenArray_Destroy ( - NSSToken **tokens -) +nssTokenArray_Destroy( + NSSToken **tokens) { if (tokens) { - NSSToken **tokenp; - for (tokenp = tokens; *tokenp; tokenp++) { - nssToken_Destroy(*tokenp); - } - nss_ZFreeIf(tokens); + NSSToken **tokenp; + for (tokenp = tokens; *tokenp; tokenp++) { + nssToken_Destroy(*tokenp); + } + nss_ZFreeIf(tokens); } } NSS_IMPLEMENT void -NSSTokenArray_Destroy ( - NSSToken **tokens -) +NSSTokenArray_Destroy( + NSSToken **tokens) { nssTokenArray_Destroy(tokens); } NSS_IMPLEMENT void -nssCryptokiObjectArray_Destroy ( - nssCryptokiObject **objects -) +nssCryptokiObjectArray_Destroy( + nssCryptokiObject **objects) { if (objects) { - nssCryptokiObject **op; - for (op = objects; *op; op++) { - nssCryptokiObject_Destroy(*op); - } - nss_ZFreeIf(objects); + nssCryptokiObject **op; + for (op = objects; *op; op++) { + nssCryptokiObject_Destroy(*op); + } + nss_ZFreeIf(objects); } } /* object cache for token */ typedef struct -{ - NSSArena *arena; - nssCryptokiObject *object; - CK_ATTRIBUTE_PTR attributes; - CK_ULONG numAttributes; -} -nssCryptokiObjectAndAttributes; + { + NSSArena *arena; + nssCryptokiObject *object; + CK_ATTRIBUTE_PTR attributes; + CK_ULONG numAttributes; +} nssCryptokiObjectAndAttributes; enum { - cachedCerts = 0, - cachedTrust = 1, - cachedCRLs = 2 + cachedCerts = 0, + cachedTrust = 1, + cachedCRLs = 2 } cachedObjectType; -struct nssTokenObjectCacheStr -{ - NSSToken *token; - PZLock *lock; - PRBool loggedIn; - PRBool doObjectType[3]; - PRBool searchedObjectType[3]; - nssCryptokiObjectAndAttributes **objects[3]; +struct nssTokenObjectCacheStr { + NSSToken *token; + PZLock *lock; + PRBool loggedIn; + PRBool doObjectType[3]; + PRBool searchedObjectType[3]; + nssCryptokiObjectAndAttributes **objects[3]; }; NSS_IMPLEMENT nssTokenObjectCache * -nssTokenObjectCache_Create ( - NSSToken *token, - PRBool cacheCerts, - PRBool cacheTrust, - PRBool cacheCRLs -) +nssTokenObjectCache_Create( + NSSToken *token, + PRBool cacheCerts, + PRBool cacheTrust, + PRBool cacheCRLs) { nssTokenObjectCache *rvCache; rvCache = nss_ZNEW(NULL, nssTokenObjectCache); if (!rvCache) { - goto loser; + goto loser; } rvCache->lock = PZ_NewLock(nssILockOther); /* XXX */ if (!rvCache->lock) { - goto loser; + goto loser; } rvCache->doObjectType[cachedCerts] = cacheCerts; rvCache->doObjectType[cachedTrust] = cacheTrust; @@ -233,112 +222,115 @@ loser: } static void -clear_cache ( - nssTokenObjectCache *cache -) +clear_cache( + nssTokenObjectCache *cache) { nssCryptokiObjectAndAttributes **oa; PRUint32 objectType; for (objectType = cachedCerts; objectType <= cachedCRLs; objectType++) { - cache->searchedObjectType[objectType] = PR_FALSE; - if (!cache->objects[objectType]) { - continue; - } - for (oa = cache->objects[objectType]; *oa; oa++) { - /* prevent the token from being destroyed */ - (*oa)->object->token = NULL; - nssCryptokiObject_Destroy((*oa)->object); - nssArena_Destroy((*oa)->arena); - } - nss_ZFreeIf(cache->objects[objectType]); - cache->objects[objectType] = NULL; + cache->searchedObjectType[objectType] = PR_FALSE; + if (!cache->objects[objectType]) { + continue; + } + for (oa = cache->objects[objectType]; *oa; oa++) { + /* prevent the token from being destroyed */ + (*oa)->object->token = NULL; + nssCryptokiObject_Destroy((*oa)->object); + nssArena_Destroy((*oa)->arena); + } + nss_ZFreeIf(cache->objects[objectType]); + cache->objects[objectType] = NULL; } } NSS_IMPLEMENT void -nssTokenObjectCache_Clear ( - nssTokenObjectCache *cache -) +nssTokenObjectCache_Clear( + nssTokenObjectCache *cache) { if (cache) { - PZ_Lock(cache->lock); - clear_cache(cache); - PZ_Unlock(cache->lock); + PZ_Lock(cache->lock); + clear_cache(cache); + PZ_Unlock(cache->lock); } } NSS_IMPLEMENT void -nssTokenObjectCache_Destroy ( - nssTokenObjectCache *cache -) +nssTokenObjectCache_Destroy( + nssTokenObjectCache *cache) { if (cache) { - clear_cache(cache); - if (cache->lock) { - PZ_DestroyLock(cache->lock); - } - nss_ZFreeIf(cache); + clear_cache(cache); + if (cache->lock) { + PZ_DestroyLock(cache->lock); + } + nss_ZFreeIf(cache); } } NSS_IMPLEMENT PRBool -nssTokenObjectCache_HaveObjectClass ( - nssTokenObjectCache *cache, - CK_OBJECT_CLASS objclass -) +nssTokenObjectCache_HaveObjectClass( + nssTokenObjectCache *cache, + CK_OBJECT_CLASS objclass) { PRBool haveIt; PZ_Lock(cache->lock); switch (objclass) { - case CKO_CERTIFICATE: haveIt = cache->doObjectType[cachedCerts]; break; - case CKO_NETSCAPE_TRUST: haveIt = cache->doObjectType[cachedTrust]; break; - case CKO_NETSCAPE_CRL: haveIt = cache->doObjectType[cachedCRLs]; break; - default: haveIt = PR_FALSE; + case CKO_CERTIFICATE: + haveIt = cache->doObjectType[cachedCerts]; + break; + case CKO_NETSCAPE_TRUST: + haveIt = cache->doObjectType[cachedTrust]; + break; + case CKO_NETSCAPE_CRL: + haveIt = cache->doObjectType[cachedCRLs]; + break; + default: + haveIt = PR_FALSE; } PZ_Unlock(cache->lock); return haveIt; } static nssCryptokiObjectAndAttributes ** -create_object_array ( - nssCryptokiObject **objects, - PRBool *doObjects, - PRUint32 *numObjects, - PRStatus *status -) +create_object_array( + nssCryptokiObject **objects, + PRBool *doObjects, + PRUint32 *numObjects, + PRStatus *status) { nssCryptokiObjectAndAttributes **rvOandA = NULL; *numObjects = 0; /* There are no objects for this type */ if (!objects || !*objects) { - *status = PR_SUCCESS; - return rvOandA; + *status = PR_SUCCESS; + return rvOandA; } - while (*objects++) (*numObjects)++; + while (*objects++) + (*numObjects)++; if (*numObjects >= MAX_LOCAL_CACHE_OBJECTS) { - /* Hit the maximum allowed, so don't use a cache (there are - * too many objects to make caching worthwhile, presumably, if - * the token can handle that many objects, it can handle searching. - */ - *doObjects = PR_FALSE; - *status = PR_FAILURE; - *numObjects = 0; - } else { - rvOandA = nss_ZNEWARRAY(NULL, - nssCryptokiObjectAndAttributes *, - *numObjects + 1); - *status = rvOandA ? PR_SUCCESS : PR_FAILURE; + /* Hit the maximum allowed, so don't use a cache (there are + * too many objects to make caching worthwhile, presumably, if + * the token can handle that many objects, it can handle searching. + */ + *doObjects = PR_FALSE; + *status = PR_FAILURE; + *numObjects = 0; + } + else { + rvOandA = nss_ZNEWARRAY(NULL, + nssCryptokiObjectAndAttributes *, + *numObjects + 1); + *status = rvOandA ? PR_SUCCESS : PR_FAILURE; } return rvOandA; } static nssCryptokiObjectAndAttributes * -create_object ( - nssCryptokiObject *object, - const CK_ATTRIBUTE_TYPE *types, - PRUint32 numTypes, - PRStatus *status -) +create_object( + nssCryptokiObject *object, + const CK_ATTRIBUTE_TYPE *types, + PRUint32 numTypes, + PRStatus *status) { PRUint32 j; NSSArena *arena = NULL; @@ -358,11 +350,11 @@ create_object ( } arena = nssArena_Create(); if (!arena) { - goto loser; + goto loser; } rvCachedObject = nss_ZNEW(arena, nssCryptokiObjectAndAttributes); if (!rvCachedObject) { - goto loser; + goto loser; } rvCachedObject->arena = arena; /* The cache is tied to the token, and therefore the objects @@ -372,10 +364,10 @@ create_object ( rvCachedObject->object = object; rvCachedObject->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, numTypes); if (!rvCachedObject->attributes) { - goto loser; + goto loser; } - for (j=0; j<numTypes; j++) { - rvCachedObject->attributes[j].type = types[j]; + for (j = 0; j < numTypes; j++) { + rvCachedObject->attributes[j].type = types[j]; } *status = nssCKObject_GetAttributes(object->handle, rvCachedObject->attributes, @@ -384,7 +376,7 @@ create_object ( session, slot); if (*status != PR_SUCCESS) { - goto loser; + goto loser; } rvCachedObject->numAttributes = numTypes; *status = PR_SUCCESS; @@ -394,10 +386,10 @@ create_object ( loser: *status = PR_FAILURE; if (slot) { - nssSlot_Destroy(slot); + nssSlot_Destroy(slot); } if (arena) - nssArena_Destroy(arena); + nssArena_Destroy(arena); return (nssCryptokiObjectAndAttributes *)NULL; } @@ -409,7 +401,7 @@ loser: * +-------------------------+<----------------------+ * | ^ | * v | | - * +----------+ slot friendly | token present +----------+ + * +----------+ slot friendly | token present +----------+ * | cache | -----------------> % ---------------> | cache | * | unloaded | | loaded | * +----------+ +----------+ @@ -424,9 +416,8 @@ loser: /* This function must not be called with cache->lock locked. */ static PRBool -token_is_present ( - nssTokenObjectCache *cache -) +token_is_present( + nssTokenObjectCache *cache) { NSSSlot *slot = nssToken_GetSlot(cache->token); PRBool tokenPresent = nssSlot_IsTokenPresent(slot); @@ -435,92 +426,90 @@ token_is_present ( } static PRBool -search_for_objects ( - nssTokenObjectCache *cache -) +search_for_objects( + nssTokenObjectCache *cache) { PRBool doSearch = PR_FALSE; NSSSlot *slot = nssToken_GetSlot(cache->token); /* Handle non-friendly slots (slots which require login for objects) */ if (!nssSlot_IsFriendly(slot)) { - if (nssSlot_IsLoggedIn(slot)) { - /* Either no state change, or went from !logged in -> logged in */ - cache->loggedIn = PR_TRUE; - doSearch = PR_TRUE; - } else { - if (cache->loggedIn) { - /* went from logged in -> !logged in, destroy cached objects */ - clear_cache(cache); - cache->loggedIn = PR_FALSE; - } /* else no state change, still not logged in, so exit */ - } - } else { - /* slot is friendly, thus always available for search */ - doSearch = PR_TRUE; + if (nssSlot_IsLoggedIn(slot)) { + /* Either no state change, or went from !logged in -> logged in */ + cache->loggedIn = PR_TRUE; + doSearch = PR_TRUE; + } + else { + if (cache->loggedIn) { + /* went from logged in -> !logged in, destroy cached objects */ + clear_cache(cache); + cache->loggedIn = PR_FALSE; + } /* else no state change, still not logged in, so exit */ + } + } + else { + /* slot is friendly, thus always available for search */ + doSearch = PR_TRUE; } nssSlot_Destroy(slot); return doSearch; } static nssCryptokiObjectAndAttributes * -create_cert ( - nssCryptokiObject *object, - PRStatus *status -) +create_cert( + nssCryptokiObject *object, + PRStatus *status) { static const CK_ATTRIBUTE_TYPE certAttr[] = { - CKA_CLASS, - CKA_TOKEN, - CKA_LABEL, - CKA_CERTIFICATE_TYPE, - CKA_ID, - CKA_VALUE, - CKA_ISSUER, - CKA_SERIAL_NUMBER, - CKA_SUBJECT, - CKA_NETSCAPE_EMAIL + CKA_CLASS, + CKA_TOKEN, + CKA_LABEL, + CKA_CERTIFICATE_TYPE, + CKA_ID, + CKA_VALUE, + CKA_ISSUER, + CKA_SERIAL_NUMBER, + CKA_SUBJECT, + CKA_NETSCAPE_EMAIL }; static const PRUint32 numCertAttr = sizeof(certAttr) / sizeof(certAttr[0]); return create_object(object, certAttr, numCertAttr, status); } static nssCryptokiObjectAndAttributes * -create_trust ( - nssCryptokiObject *object, - PRStatus *status -) +create_trust( + nssCryptokiObject *object, + PRStatus *status) { static const CK_ATTRIBUTE_TYPE trustAttr[] = { - CKA_CLASS, - CKA_TOKEN, - CKA_LABEL, - CKA_CERT_SHA1_HASH, - CKA_CERT_MD5_HASH, - CKA_ISSUER, - CKA_SUBJECT, - CKA_TRUST_SERVER_AUTH, - CKA_TRUST_CLIENT_AUTH, - CKA_TRUST_EMAIL_PROTECTION, - CKA_TRUST_CODE_SIGNING + CKA_CLASS, + CKA_TOKEN, + CKA_LABEL, + CKA_CERT_SHA1_HASH, + CKA_CERT_MD5_HASH, + CKA_ISSUER, + CKA_SUBJECT, + CKA_TRUST_SERVER_AUTH, + CKA_TRUST_CLIENT_AUTH, + CKA_TRUST_EMAIL_PROTECTION, + CKA_TRUST_CODE_SIGNING }; static const PRUint32 numTrustAttr = sizeof(trustAttr) / sizeof(trustAttr[0]); return create_object(object, trustAttr, numTrustAttr, status); } static nssCryptokiObjectAndAttributes * -create_crl ( - nssCryptokiObject *object, - PRStatus *status -) +create_crl( + nssCryptokiObject *object, + PRStatus *status) { static const CK_ATTRIBUTE_TYPE crlAttr[] = { - CKA_CLASS, - CKA_TOKEN, - CKA_LABEL, - CKA_VALUE, - CKA_SUBJECT, - CKA_NETSCAPE_KRL, - CKA_NETSCAPE_URL + CKA_CLASS, + CKA_TOKEN, + CKA_LABEL, + CKA_VALUE, + CKA_SUBJECT, + CKA_NETSCAPE_KRL, + CKA_NETSCAPE_URL }; static const PRUint32 numCRLAttr = sizeof(crlAttr) / sizeof(crlAttr[0]); return create_object(object, crlAttr, numCRLAttr, status); @@ -528,108 +517,104 @@ create_crl ( /* Dispatch to the create function for the object type */ static nssCryptokiObjectAndAttributes * -create_object_of_type ( - nssCryptokiObject *object, - PRUint32 objectType, - PRStatus *status -) +create_object_of_type( + nssCryptokiObject *object, + PRUint32 objectType, + PRStatus *status) { if (objectType == cachedCerts) { - return create_cert(object, status); + return create_cert(object, status); } if (objectType == cachedTrust) { - return create_trust(object, status); + return create_trust(object, status); } if (objectType == cachedCRLs) { - return create_crl(object, status); + return create_crl(object, status); } return (nssCryptokiObjectAndAttributes *)NULL; } static PRStatus -get_token_objects_for_cache ( - nssTokenObjectCache *cache, - PRUint32 objectType, - CK_OBJECT_CLASS objclass -) +get_token_objects_for_cache( + nssTokenObjectCache *cache, + PRUint32 objectType, + CK_OBJECT_CLASS objclass) { PRStatus status; nssCryptokiObject **objects; PRBool *doIt = &cache->doObjectType[objectType]; PRUint32 i, numObjects; - if (!search_for_objects(cache) || - cache->searchedObjectType[objectType] || - !cache->doObjectType[objectType]) - { - /* Either there was a state change that prevents a search - * (token logged out), or the search was already done, - * or objects of this type are not being cached. - */ - return PR_SUCCESS; + if (!search_for_objects(cache) || + cache->searchedObjectType[objectType] || + !cache->doObjectType[objectType]) { + /* Either there was a state change that prevents a search + * (token logged out), or the search was already done, + * or objects of this type are not being cached. + */ + return PR_SUCCESS; } objects = nssToken_FindObjects(cache->token, NULL, objclass, nssTokenSearchType_TokenForced, MAX_LOCAL_CACHE_OBJECTS, &status); if (status != PR_SUCCESS) { - return status; + return status; } cache->objects[objectType] = create_object_array(objects, doIt, &numObjects, &status); if (status != PR_SUCCESS) { - nss_ZFreeIf(objects); - return status; + nss_ZFreeIf(objects); + return status; } - for (i=0; i<numObjects; i++) { - cache->objects[objectType][i] = create_object_of_type(objects[i], - objectType, - &status); - if (status != PR_SUCCESS) { - break; - } + for (i = 0; i < numObjects; i++) { + cache->objects[objectType][i] = create_object_of_type(objects[i], + objectType, + &status); + if (status != PR_SUCCESS) { + break; + } } if (status == PR_SUCCESS) { - nss_ZFreeIf(objects); - } else { - PRUint32 j; - for (j=0; j<i; j++) { - /* sigh */ - nssToken_AddRef(cache->objects[objectType][j]->object->token); - nssArena_Destroy(cache->objects[objectType][j]->arena); - } - nss_ZFreeIf(cache->objects[objectType]); - cache->objects[objectType] = NULL; - nssCryptokiObjectArray_Destroy(objects); + nss_ZFreeIf(objects); + } + else { + PRUint32 j; + for (j = 0; j < i; j++) { + /* sigh */ + nssToken_AddRef(cache->objects[objectType][j]->object->token); + nssArena_Destroy(cache->objects[objectType][j]->arena); + } + nss_ZFreeIf(cache->objects[objectType]); + cache->objects[objectType] = NULL; + nssCryptokiObjectArray_Destroy(objects); } cache->searchedObjectType[objectType] = PR_TRUE; return status; } static CK_ATTRIBUTE_PTR -find_attribute_in_object ( - nssCryptokiObjectAndAttributes *obj, - CK_ATTRIBUTE_TYPE attrType -) +find_attribute_in_object( + nssCryptokiObjectAndAttributes *obj, + CK_ATTRIBUTE_TYPE attrType) { PRUint32 j; - for (j=0; j<obj->numAttributes; j++) { - if (attrType == obj->attributes[j].type) { - return &obj->attributes[j]; - } + for (j = 0; j < obj->numAttributes; j++) { + if (attrType == obj->attributes[j].type) { + return &obj->attributes[j]; + } } return (CK_ATTRIBUTE_PTR)NULL; } /* Find all objects in the array that match the supplied template */ static nssCryptokiObject ** -find_objects_in_array ( - nssCryptokiObjectAndAttributes **objArray, - CK_ATTRIBUTE_PTR ot, - CK_ULONG otlen, - PRUint32 maximumOpt -) +find_objects_in_array( + nssCryptokiObjectAndAttributes **objArray, + CK_ATTRIBUTE_PTR ot, + CK_ULONG otlen, + PRUint32 maximumOpt) { PRIntn oi = 0; PRUint32 i; @@ -641,65 +626,65 @@ find_objects_in_array ( CK_ATTRIBUTE_PTR attr; if (!objArray) { - return (nssCryptokiObject **)NULL; + return (nssCryptokiObject **)NULL; } arena = nssArena_Create(); if (!arena) { - return (nssCryptokiObject **)NULL; + return (nssCryptokiObject **)NULL; } matches = nss_ZNEWARRAY(arena, nssCryptokiObjectAndAttributes *, size); if (!matches) { - goto loser; + goto loser; } - if (maximumOpt == 0) maximumOpt = ~0; + if (maximumOpt == 0) + maximumOpt = ~0; /* loop over the cached objects */ for (; *objArray && numMatches < maximumOpt; objArray++) { - nssCryptokiObjectAndAttributes *obj = *objArray; - /* loop over the test template */ - for (i=0; i<otlen; i++) { - /* see if the object has the attribute */ - attr = find_attribute_in_object(obj, ot[i].type); - if (!attr) { - /* nope, match failed */ - break; - } - /* compare the attribute against the test value */ - if (ot[i].ulValueLen != attr->ulValueLen || - !nsslibc_memequal(ot[i].pValue, - attr->pValue, - attr->ulValueLen, NULL)) - { - /* nope, match failed */ - break; - } - } - if (i == otlen) { - /* all of the attributes in the test template were found - * in the object's template, and they all matched - */ - matches[numMatches++] = obj; - if (numMatches == size) { - size *= 2; - matches = nss_ZREALLOCARRAY(matches, - nssCryptokiObjectAndAttributes *, - size); - if (!matches) { - goto loser; - } - } - } + nssCryptokiObjectAndAttributes *obj = *objArray; + /* loop over the test template */ + for (i = 0; i < otlen; i++) { + /* see if the object has the attribute */ + attr = find_attribute_in_object(obj, ot[i].type); + if (!attr) { + /* nope, match failed */ + break; + } + /* compare the attribute against the test value */ + if (ot[i].ulValueLen != attr->ulValueLen || + !nsslibc_memequal(ot[i].pValue, + attr->pValue, + attr->ulValueLen, NULL)) { + /* nope, match failed */ + break; + } + } + if (i == otlen) { + /* all of the attributes in the test template were found + * in the object's template, and they all matched + */ + matches[numMatches++] = obj; + if (numMatches == size) { + size *= 2; + matches = nss_ZREALLOCARRAY(matches, + nssCryptokiObjectAndAttributes *, + size); + if (!matches) { + goto loser; + } + } + } } if (numMatches > 0) { - objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1); - if (!objects) { - goto loser; - } - for (oi=0; oi<(PRIntn)numMatches; oi++) { - objects[oi] = nssCryptokiObject_Clone(matches[oi]->object); - if (!objects[oi]) { - goto loser; - } - } + objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1); + if (!objects) { + goto loser; + } + for (oi = 0; oi < (PRIntn)numMatches; oi++) { + objects[oi] = nssCryptokiObject_Clone(matches[oi]->object); + if (!objects[oi]) { + goto loser; + } + } } nssArena_Destroy(arena); return objects; @@ -710,74 +695,78 @@ loser: } NSS_IMPLEMENT nssCryptokiObject ** -nssTokenObjectCache_FindObjectsByTemplate ( - nssTokenObjectCache *cache, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR otemplate, - CK_ULONG otlen, - PRUint32 maximumOpt, - PRStatus *statusOpt -) +nssTokenObjectCache_FindObjectsByTemplate( + nssTokenObjectCache *cache, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR otemplate, + CK_ULONG otlen, + PRUint32 maximumOpt, + PRStatus *statusOpt) { PRStatus status = PR_FAILURE; nssCryptokiObject **rvObjects = NULL; PRUint32 objectType; if (!token_is_present(cache)) { - status = PR_SUCCESS; - goto finish; + status = PR_SUCCESS; + goto finish; } switch (objclass) { - case CKO_CERTIFICATE: objectType = cachedCerts; break; - case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break; - case CKO_NETSCAPE_CRL: objectType = cachedCRLs; break; - default: goto finish; + case CKO_CERTIFICATE: + objectType = cachedCerts; + break; + case CKO_NETSCAPE_TRUST: + objectType = cachedTrust; + break; + case CKO_NETSCAPE_CRL: + objectType = cachedCRLs; + break; + default: + goto finish; } PZ_Lock(cache->lock); if (cache->doObjectType[objectType]) { - status = get_token_objects_for_cache(cache, objectType, objclass); - if (status == PR_SUCCESS) { - rvObjects = find_objects_in_array(cache->objects[objectType], - otemplate, otlen, maximumOpt); - } + status = get_token_objects_for_cache(cache, objectType, objclass); + if (status == PR_SUCCESS) { + rvObjects = find_objects_in_array(cache->objects[objectType], + otemplate, otlen, maximumOpt); + } } PZ_Unlock(cache->lock); finish: if (statusOpt) { - *statusOpt = status; + *statusOpt = status; } return rvObjects; } static PRBool -cache_available_for_object_type ( - nssTokenObjectCache *cache, - PRUint32 objectType -) +cache_available_for_object_type( + nssTokenObjectCache *cache, + PRUint32 objectType) { if (!cache->doObjectType[objectType]) { - /* not caching this object kind */ - return PR_FALSE; + /* not caching this object kind */ + return PR_FALSE; } if (!cache->searchedObjectType[objectType]) { - /* objects are not cached yet */ - return PR_FALSE; + /* objects are not cached yet */ + return PR_FALSE; } if (!search_for_objects(cache)) { - /* not logged in */ - return PR_FALSE; + /* not logged in */ + return PR_FALSE; } return PR_TRUE; } NSS_IMPLEMENT PRStatus -nssTokenObjectCache_GetObjectAttributes ( - nssTokenObjectCache *cache, - NSSArena *arenaOpt, - nssCryptokiObject *object, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR atemplate, - CK_ULONG atlen -) +nssTokenObjectCache_GetObjectAttributes( + nssTokenObjectCache *cache, + NSSArena *arenaOpt, + nssCryptokiObject *object, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR atemplate, + CK_ULONG atlen) { PRUint32 i, j; NSSArena *arena = NULL; @@ -786,87 +775,92 @@ nssTokenObjectCache_GetObjectAttributes ( nssCryptokiObjectAndAttributes **oa = NULL; PRUint32 objectType; if (!token_is_present(cache)) { - return PR_FAILURE; + return PR_FAILURE; } PZ_Lock(cache->lock); switch (objclass) { - case CKO_CERTIFICATE: objectType = cachedCerts; break; - case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break; - case CKO_NETSCAPE_CRL: objectType = cachedCRLs; break; - default: goto loser; + case CKO_CERTIFICATE: + objectType = cachedCerts; + break; + case CKO_NETSCAPE_TRUST: + objectType = cachedTrust; + break; + case CKO_NETSCAPE_CRL: + objectType = cachedCRLs; + break; + default: + goto loser; } if (!cache_available_for_object_type(cache, objectType)) { - goto loser; + goto loser; } oa = cache->objects[objectType]; if (!oa) { - goto loser; + goto loser; } for (; *oa; oa++) { - if (nssCryptokiObject_Equal((*oa)->object, object)) { - cachedOA = *oa; - break; - } + if (nssCryptokiObject_Equal((*oa)->object, object)) { + cachedOA = *oa; + break; + } } if (!cachedOA) { - goto loser; /* don't have this object */ + goto loser; /* don't have this object */ } if (arenaOpt) { - arena = arenaOpt; - mark = nssArena_Mark(arena); - } - for (i=0; i<atlen; i++) { - for (j=0; j<cachedOA->numAttributes; j++) { - if (atemplate[i].type == cachedOA->attributes[j].type) { - CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j]; - if (cachedOA->attributes[j].ulValueLen == 0 || - cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) - { - break; /* invalid attribute */ - } - if (atemplate[i].ulValueLen > 0) { - if (atemplate[i].pValue == NULL || - atemplate[i].ulValueLen < attr->ulValueLen) - { - goto loser; - } - } else { - atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen); - if (!atemplate[i].pValue) { - goto loser; - } - } - nsslibc_memcpy(atemplate[i].pValue, - attr->pValue, attr->ulValueLen); - atemplate[i].ulValueLen = attr->ulValueLen; - break; - } - } - if (j == cachedOA->numAttributes) { - atemplate[i].ulValueLen = (CK_ULONG)-1; - } + arena = arenaOpt; + mark = nssArena_Mark(arena); + } + for (i = 0; i < atlen; i++) { + for (j = 0; j < cachedOA->numAttributes; j++) { + if (atemplate[i].type == cachedOA->attributes[j].type) { + CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j]; + if (cachedOA->attributes[j].ulValueLen == 0 || + cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) { + break; /* invalid attribute */ + } + if (atemplate[i].ulValueLen > 0) { + if (atemplate[i].pValue == NULL || + atemplate[i].ulValueLen < attr->ulValueLen) { + goto loser; + } + } + else { + atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen); + if (!atemplate[i].pValue) { + goto loser; + } + } + nsslibc_memcpy(atemplate[i].pValue, + attr->pValue, attr->ulValueLen); + atemplate[i].ulValueLen = attr->ulValueLen; + break; + } + } + if (j == cachedOA->numAttributes) { + atemplate[i].ulValueLen = (CK_ULONG)-1; + } } PZ_Unlock(cache->lock); if (mark) { - nssArena_Unmark(arena, mark); + nssArena_Unmark(arena, mark); } return PR_SUCCESS; loser: PZ_Unlock(cache->lock); if (mark) { - nssArena_Release(arena, mark); + nssArena_Release(arena, mark); } return PR_FAILURE; } NSS_IMPLEMENT PRStatus -nssTokenObjectCache_ImportObject ( - nssTokenObjectCache *cache, - nssCryptokiObject *object, - CK_OBJECT_CLASS objclass, - CK_ATTRIBUTE_PTR ot, - CK_ULONG otlen -) +nssTokenObjectCache_ImportObject( + nssTokenObjectCache *cache, + nssCryptokiObject *object, + CK_OBJECT_CLASS objclass, + CK_ATTRIBUTE_PTR ot, + CK_ULONG otlen) { PRStatus status = PR_SUCCESS; PRUint32 count; @@ -875,133 +869,138 @@ nssTokenObjectCache_ImportObject ( PRBool haveIt = PR_FALSE; if (!token_is_present(cache)) { - return PR_SUCCESS; /* cache not active, ignored */ + return PR_SUCCESS; /* cache not active, ignored */ } PZ_Lock(cache->lock); switch (objclass) { - case CKO_CERTIFICATE: objectType = cachedCerts; break; - case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break; - case CKO_NETSCAPE_CRL: objectType = cachedCRLs; break; - default: - PZ_Unlock(cache->lock); - return PR_SUCCESS; /* don't need to import it here */ + case CKO_CERTIFICATE: + objectType = cachedCerts; + break; + case CKO_NETSCAPE_TRUST: + objectType = cachedTrust; + break; + case CKO_NETSCAPE_CRL: + objectType = cachedCRLs; + break; + default: + PZ_Unlock(cache->lock); + return PR_SUCCESS; /* don't need to import it here */ } if (!cache_available_for_object_type(cache, objectType)) { - PZ_Unlock(cache->lock); - return PR_SUCCESS; /* cache not active, ignored */ + PZ_Unlock(cache->lock); + return PR_SUCCESS; /* cache not active, ignored */ } count = 0; otype = &cache->objects[objectType]; /* index into array of types */ - oa = *otype; /* the array of objects for this type */ + oa = *otype; /* the array of objects for this type */ while (oa && *oa) { - if (nssCryptokiObject_Equal((*oa)->object, object)) { - haveIt = PR_TRUE; - break; - } - count++; - oa++; + if (nssCryptokiObject_Equal((*oa)->object, object)) { + haveIt = PR_TRUE; + break; + } + count++; + oa++; } if (haveIt) { - /* Destroy the old entry */ - (*oa)->object->token = NULL; - nssCryptokiObject_Destroy((*oa)->object); - nssArena_Destroy((*oa)->arena); - } else { - /* Create space for a new entry */ - if (count > 0) { - *otype = nss_ZREALLOCARRAY(*otype, - nssCryptokiObjectAndAttributes *, - count + 2); - } else { - *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2); - } + /* Destroy the old entry */ + (*oa)->object->token = NULL; + nssCryptokiObject_Destroy((*oa)->object); + nssArena_Destroy((*oa)->arena); + } + else { + /* Create space for a new entry */ + if (count > 0) { + *otype = nss_ZREALLOCARRAY(*otype, + nssCryptokiObjectAndAttributes *, + count + 2); + } + else { + *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2); + } } if (*otype) { - nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object); - (*otype)[count] = create_object_of_type(copyObject, objectType, - &status); - } else { - status = PR_FAILURE; + nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object); + (*otype)[count] = create_object_of_type(copyObject, objectType, + &status); + } + else { + status = PR_FAILURE; } PZ_Unlock(cache->lock); return status; } NSS_IMPLEMENT void -nssTokenObjectCache_RemoveObject ( - nssTokenObjectCache *cache, - nssCryptokiObject *object -) +nssTokenObjectCache_RemoveObject( + nssTokenObjectCache *cache, + nssCryptokiObject *object) { PRUint32 oType; nssCryptokiObjectAndAttributes **oa, **swp = NULL; if (!token_is_present(cache)) { - return; + return; } PZ_Lock(cache->lock); - for (oType=0; oType<3; oType++) { - if (!cache_available_for_object_type(cache, oType) || - !cache->objects[oType]) - { - continue; - } - for (oa = cache->objects[oType]; *oa; oa++) { - if (nssCryptokiObject_Equal((*oa)->object, object)) { - swp = oa; /* the entry to remove */ - while (oa[1]) oa++; /* go to the tail */ - (*swp)->object->token = NULL; - nssCryptokiObject_Destroy((*swp)->object); - nssArena_Destroy((*swp)->arena); /* destroy it */ - *swp = *oa; /* swap the last with the removed */ - *oa = NULL; /* null-terminate the array */ - break; - } - } - if (swp) { - break; - } - } - if ((oType <3) && - cache->objects[oType] && cache->objects[oType][0] == NULL) { - nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */ - cache->objects[oType] = NULL; + for (oType = 0; oType < 3; oType++) { + if (!cache_available_for_object_type(cache, oType) || + !cache->objects[oType]) { + continue; + } + for (oa = cache->objects[oType]; *oa; oa++) { + if (nssCryptokiObject_Equal((*oa)->object, object)) { + swp = oa; /* the entry to remove */ + while (oa[1]) + oa++; /* go to the tail */ + (*swp)->object->token = NULL; + nssCryptokiObject_Destroy((*swp)->object); + nssArena_Destroy((*swp)->arena); /* destroy it */ + *swp = *oa; /* swap the last with the removed */ + *oa = NULL; /* null-terminate the array */ + break; + } + } + if (swp) { + break; + } + } + if ((oType < 3) && + cache->objects[oType] && cache->objects[oType][0] == NULL) { + nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */ + cache->objects[oType] = NULL; } PZ_Unlock(cache->lock); } /* These two hash algorithms are presently sufficient. -** They are used for fingerprints of certs which are stored as the +** They are used for fingerprints of certs which are stored as the ** CKA_CERT_SHA1_HASH and CKA_CERT_MD5_HASH attributes. ** We don't need to add SHAxxx to these now. */ /* XXX of course this doesn't belong here */ NSS_IMPLEMENT NSSAlgorithmAndParameters * -NSSAlgorithmAndParameters_CreateSHA1Digest ( - NSSArena *arenaOpt -) +NSSAlgorithmAndParameters_CreateSHA1Digest( + NSSArena *arenaOpt) { NSSAlgorithmAndParameters *rvAP = NULL; rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters); if (rvAP) { - rvAP->mechanism.mechanism = CKM_SHA_1; - rvAP->mechanism.pParameter = NULL; - rvAP->mechanism.ulParameterLen = 0; + rvAP->mechanism.mechanism = CKM_SHA_1; + rvAP->mechanism.pParameter = NULL; + rvAP->mechanism.ulParameterLen = 0; } return rvAP; } NSS_IMPLEMENT NSSAlgorithmAndParameters * -NSSAlgorithmAndParameters_CreateMD5Digest ( - NSSArena *arenaOpt -) +NSSAlgorithmAndParameters_CreateMD5Digest( + NSSArena *arenaOpt) { NSSAlgorithmAndParameters *rvAP = NULL; rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters); if (rvAP) { - rvAP->mechanism.mechanism = CKM_MD5; - rvAP->mechanism.pParameter = NULL; - rvAP->mechanism.ulParameterLen = 0; + rvAP->mechanism.mechanism = CKM_MD5; + rvAP->mechanism.pParameter = NULL; + rvAP->mechanism.ulParameterLen = 0; } return rvAP; } - diff --git a/lib/dev/nssdev.h b/lib/dev/nssdev.h index 4b3d9a330..1066ec6cd 100644 --- a/lib/dev/nssdev.h +++ b/lib/dev/nssdev.h @@ -24,16 +24,12 @@ PR_BEGIN_EXTERN_C */ NSS_EXTERN NSSAlgorithmAndParameters * -NSSAlgorithmAndParameters_CreateSHA1Digest -( - NSSArena *arenaOpt -); +NSSAlgorithmAndParameters_CreateSHA1Digest( + NSSArena *arenaOpt); NSS_EXTERN NSSAlgorithmAndParameters * -NSSAlgorithmAndParameters_CreateMD5Digest -( - NSSArena *arenaOpt -); +NSSAlgorithmAndParameters_CreateMD5Digest( + NSSArena *arenaOpt); PR_END_EXTERN_C |