fixup commit for tag 'ROGC_20030115_FREEZE'ROGC_20030115_FREEZE

5 files changed, 40 insertions, 77 deletions

diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index 46624d362..efc05d1fa 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -393,7 +393,7 @@ find_objects
   PRStatus *statusOpt
 )
 {
-    CK_RV ckrv = CKR_OK;
+    CK_RV ckrv;
     CK_ULONG count;
     CK_OBJECT_HANDLE *objectHandles;
     CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE];
@@ -415,7 +415,6 @@ find_objects
 	objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
     }
     if (!objectHandles) {
-	ckrv = CKR_HOST_MEMORY;
 	goto loser;
     }
     nssSession_EnterMonitor(session); /* ==== session lock === */
@@ -460,7 +459,6 @@ find_objects
 	}
 	if (!objectHandles) {
 	    nssSession_ExitMonitor(session);
-	    ckrv = CKR_HOST_MEMORY;
 	    goto loser;
 	}
     }
@@ -485,23 +483,7 @@ loser:
     if (objectHandles && objectHandles != staticObjects) {
 	nss_ZFreeIf(objectHandles);
     }
-    /*
-     * These errors should be treated the same as if the objects just weren't
-     * found..
-     */
-    if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
-	(ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
-	(ckrv == CKR_DATA_INVALID) ||
-	(ckrv == CKR_DATA_LEN_RANGE) ||
-	(ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
-	(ckrv == CKR_TEMPLATE_INCOMPLETE) ||
-	(ckrv == CKR_TEMPLATE_INCONSISTENT)) {
-
-	nss_SetError(NSS_ERROR_NOT_FOUND);
-	if (statusOpt) *statusOpt = PR_SUCCESS;
-    } else {
-	if (statusOpt) *statusOpt = PR_FAILURE;
-    }
+    if (statusOpt) *statusOpt = PR_FAILURE;
     return (nssCryptokiObject **)NULL;
 }
 
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index bd9cb56af..818748e6f 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -49,11 +49,11 @@ SEC_BEGIN_PROTOS
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
  */
-#define NSS_VERSION  "3.7.1"
+#define NSS_VERSION  "3.7.1 Beta"
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   7
 #define NSS_VPATCH   1
-#define NSS_BETA     PR_FALSE
+#define NSS_BETA     PR_TRUE
 
 
 /*
diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h
index f80d99bda..9f91085cf 100644
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@@ -130,7 +130,6 @@ SECStatus pk11_CheckVerifyTest(PK11SlotInfo *slot);
 SECStatus PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts);
 SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
 void PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot);
-SECStatus PK11_TokenRefresh(PK11SlotInfo *slot);
 
 
 /******************************************************************
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index f4291f10a..2a7e86dcd 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -949,42 +949,40 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
 unsigned int
 PK11_GetKeyLength(PK11SymKey *key)
 {
-    CK_KEY_TYPE keyType;
-
-    if (key->size != 0) return key->size;
-
-    /* First try to figure out the key length from its type */
-    keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE);
-    switch (keyType) {
-      case CKK_DES: key->size = 8; break;
-      case CKK_DES2: key->size = 16; break;
-      case CKK_DES3: key->size = 24; break;
-      case CKK_SKIPJACK: key->size = 10; break;
-      case CKK_BATON: key->size = 20; break;
-      case CKK_JUNIPER: key->size = 20; break;
-      case CKK_GENERIC_SECRET:
-	if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN)  {
-	    key->size=48;
-	}
-	break;
-      default: break;
-    }
-   if( key->size != 0 ) return key->size;
-
+   if (key->size != 0) return key->size ;
    if (key->data.data == NULL) {
 	PK11_ExtractKeyValue(key);
    }
-   /* key is probably secret. Look up its length */
+   /* key is probably secret. Look up it's type and length */
    /*  this is new PKCS #11 version 2.0 functionality. */
    if (key->size == 0) {
 	CK_ULONG keyLength;
 
 	keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN);
-	if (keyLength != CK_UNAVAILABLE_INFORMATION) {
+	/* doesn't have a length field, check the known PKCS #11 key types,
+	 * which don't have this field */
+	if (keyLength == CK_UNAVAILABLE_INFORMATION) {
+	    CK_KEY_TYPE keyType;
+	    keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE);
+	    switch (keyType) {
+	    case CKK_DES: key->size = 8; break;
+	    case CKK_DES2: key->size = 16; break;
+	    case CKK_DES3: key->size = 24; break;
+	    case CKK_SKIPJACK: key->size = 10; break;
+	    case CKK_BATON: key->size = 20; break;
+	    case CKK_JUNIPER: key->size = 20; break;
+	    case CKK_GENERIC_SECRET:
+		if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN)  {
+		    key->size=48;
+		}
+		break;
+	    default: break;
+	    }
+	} else {
 	    key->size = (unsigned int)keyLength;
 	}
     }
-
+	
    return key->size;
 }
 
@@ -1377,7 +1375,6 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
     if (isToken) {
 	PK11_Authenticate(symKey->slot,PR_TRUE,wincx);
         session = PK11_GetRWSession(symKey->slot);  /* Should always be original slot */
-	symKey->owner = PR_FALSE;
     } else {
         session = symKey->session;
         pk11_EnterKeyMonitor(symKey);
@@ -4126,9 +4123,6 @@ finalize:
     }
 
     if (crv != CKR_OK) {
-	if (buffer != stackBuf) {
-	    PORT_Free(buffer);
-	}
 	if (crv == CKR_OPERATION_NOT_INITIALIZED) {
 	    /* if there's no operation, it is finalized */
 	    return SECSuccess;
@@ -4138,20 +4132,13 @@ finalize:
     }
 
     /* try to finalize the session with a buffer */
-    if (buffer == NULL) { 
-	if (count <= sizeof stackBuf) {
+    if (buffer == NULL && count > 0) { 
+	if (count < sizeof stackBuf) {
 	    buffer = stackBuf;
+	    goto finalize;
 	} else {
-	    buffer = PORT_Alloc(count);
-	    if (buffer == NULL) {
-		PORT_SetError(SEC_ERROR_NO_MEMORY);
-		return SECFailure;
-	    }
+	    return SECFailure;
 	}
-	goto finalize;
-    }
-    if (buffer != stackBuf) {
-	PORT_Free(buffer);
     }
     return SECSuccess;
 }
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 835b07c9d..bb8fc675d 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -2225,21 +2225,16 @@ PK11Slot * pk11_NewSlotFromID(CK_SLOT_ID slotID, int moduleIndex)
 static SECStatus
 pk11_set_user(NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg)
 {
-    PK11Slot  *slot = (PK11Slot *)arg;
-    NSSLOWCERTCertTrust trust = *cert->trust;
+    NSSLOWKEYDBHandle *keydb = (NSSLOWKEYDBHandle *)arg;
 
-    if (nsslowkey_KeyForCertExists(slot->keyDB,cert)) {
-	trust.sslFlags |= CERTDB_USER;
-	trust.emailFlags |= CERTDB_USER;
-	trust.objectSigningFlags |= CERTDB_USER;
+    if (nsslowkey_KeyForCertExists(keydb,cert)) {
+	cert->trust->sslFlags |= CERTDB_USER;
+	cert->trust->emailFlags |= CERTDB_USER;
+	cert->trust->objectSigningFlags |= CERTDB_USER;
     } else {
-	trust.sslFlags &= ~CERTDB_USER;
-	trust.emailFlags &= ~CERTDB_USER;
-	trust.objectSigningFlags &= ~CERTDB_USER;
-    }
-
-    if (PORT_Memcmp(&trust,cert->trust, sizeof (trust)) != 0) {
-	nsslowcert_ChangeCertTrust(slot->certDB,cert, &trust);
+	cert->trust->sslFlags &= ~CERTDB_USER;
+	cert->trust->emailFlags &= ~CERTDB_USER;
+	cert->trust->objectSigningFlags &= ~CERTDB_USER;
     }
 
     /* should check for email address and make sure we have an s/mime profile */
@@ -2252,7 +2247,7 @@ pk11_DBVerify(PK11Slot *slot)
     /* walk through all the certs and check to see if there are any 
      * user certs, and make sure there are s/mime profiles for all certs with
      * email addresses */
-    nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot);
+    nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot->keyDB);
 
     return;
 }