diff options
author | cvs2hg <devnull@localhost> | 2003-01-27 18:20:58 +0000 |
---|---|---|
committer | cvs2hg <devnull@localhost> | 2003-01-27 18:20:58 +0000 |
commit | cdf49e8cdcb51d7a963b0fa7423c7721e204e14b (patch) | |
tree | 99f6bd7b3177fbe66d68f88bbaaa50c265af94fb | |
parent | b9a9e57c828592ad8d4473b7ab8e7e3da933bb1f (diff) | |
download | nss-hg-cdf49e8cdcb51d7a963b0fa7423c7721e204e14b.tar.gz |
fixup commit for tag 'ROGC_20030115_FREEZE'ROGC_20030115_FREEZE
-rw-r--r-- | security/nss/lib/dev/devtoken.c | 22 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.h | 4 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11func.h | 1 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11skey.c | 67 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 23 |
5 files changed, 40 insertions, 77 deletions
diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 46624d362..efc05d1fa 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -393,7 +393,7 @@ find_objects PRStatus *statusOpt ) { - CK_RV ckrv = CKR_OK; + CK_RV ckrv; CK_ULONG count; CK_OBJECT_HANDLE *objectHandles; CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE]; @@ -415,7 +415,6 @@ find_objects objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize); } if (!objectHandles) { - ckrv = CKR_HOST_MEMORY; goto loser; } nssSession_EnterMonitor(session); /* ==== session lock === */ @@ -460,7 +459,6 @@ find_objects } if (!objectHandles) { nssSession_ExitMonitor(session); - ckrv = CKR_HOST_MEMORY; goto loser; } } @@ -485,23 +483,7 @@ loser: if (objectHandles && objectHandles != staticObjects) { nss_ZFreeIf(objectHandles); } - /* - * These errors should be treated the same as if the objects just weren't - * found.. - */ - if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || - (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) || - (ckrv == CKR_DATA_INVALID) || - (ckrv == CKR_DATA_LEN_RANGE) || - (ckrv == CKR_FUNCTION_NOT_SUPPORTED) || - (ckrv == CKR_TEMPLATE_INCOMPLETE) || - (ckrv == CKR_TEMPLATE_INCONSISTENT)) { - - nss_SetError(NSS_ERROR_NOT_FOUND); - if (statusOpt) *statusOpt = PR_SUCCESS; - } else { - if (statusOpt) *statusOpt = PR_FAILURE; - } + if (statusOpt) *statusOpt = PR_FAILURE; return (nssCryptokiObject **)NULL; } diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index bd9cb56af..818748e6f 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -49,11 +49,11 @@ SEC_BEGIN_PROTOS * The format of the version string should be * "<major version>.<minor version>[.<patch level>] [<Beta>]" */ -#define NSS_VERSION "3.7.1" +#define NSS_VERSION "3.7.1 Beta" #define NSS_VMAJOR 3 #define NSS_VMINOR 7 #define NSS_VPATCH 1 -#define NSS_BETA PR_FALSE +#define NSS_BETA PR_TRUE /* diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h index f80d99bda..9f91085cf 100644 --- a/security/nss/lib/pk11wrap/pk11func.h +++ b/security/nss/lib/pk11wrap/pk11func.h @@ -130,7 +130,6 @@ SECStatus pk11_CheckVerifyTest(PK11SlotInfo *slot); SECStatus PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts); SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx); void PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot); -SECStatus PK11_TokenRefresh(PK11SlotInfo *slot); /****************************************************************** diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index f4291f10a..2a7e86dcd 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -949,42 +949,40 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, unsigned int PK11_GetKeyLength(PK11SymKey *key) { - CK_KEY_TYPE keyType; - - if (key->size != 0) return key->size; - - /* First try to figure out the key length from its type */ - keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE); - switch (keyType) { - case CKK_DES: key->size = 8; break; - case CKK_DES2: key->size = 16; break; - case CKK_DES3: key->size = 24; break; - case CKK_SKIPJACK: key->size = 10; break; - case CKK_BATON: key->size = 20; break; - case CKK_JUNIPER: key->size = 20; break; - case CKK_GENERIC_SECRET: - if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN) { - key->size=48; - } - break; - default: break; - } - if( key->size != 0 ) return key->size; - + if (key->size != 0) return key->size ; if (key->data.data == NULL) { PK11_ExtractKeyValue(key); } - /* key is probably secret. Look up its length */ + /* key is probably secret. Look up it's type and length */ /* this is new PKCS #11 version 2.0 functionality. */ if (key->size == 0) { CK_ULONG keyLength; keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN); - if (keyLength != CK_UNAVAILABLE_INFORMATION) { + /* doesn't have a length field, check the known PKCS #11 key types, + * which don't have this field */ + if (keyLength == CK_UNAVAILABLE_INFORMATION) { + CK_KEY_TYPE keyType; + keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE); + switch (keyType) { + case CKK_DES: key->size = 8; break; + case CKK_DES2: key->size = 16; break; + case CKK_DES3: key->size = 24; break; + case CKK_SKIPJACK: key->size = 10; break; + case CKK_BATON: key->size = 20; break; + case CKK_JUNIPER: key->size = 20; break; + case CKK_GENERIC_SECRET: + if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN) { + key->size=48; + } + break; + default: break; + } + } else { key->size = (unsigned int)keyLength; } } - + return key->size; } @@ -1377,7 +1375,6 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, if (isToken) { PK11_Authenticate(symKey->slot,PR_TRUE,wincx); session = PK11_GetRWSession(symKey->slot); /* Should always be original slot */ - symKey->owner = PR_FALSE; } else { session = symKey->session; pk11_EnterKeyMonitor(symKey); @@ -4126,9 +4123,6 @@ finalize: } if (crv != CKR_OK) { - if (buffer != stackBuf) { - PORT_Free(buffer); - } if (crv == CKR_OPERATION_NOT_INITIALIZED) { /* if there's no operation, it is finalized */ return SECSuccess; @@ -4138,20 +4132,13 @@ finalize: } /* try to finalize the session with a buffer */ - if (buffer == NULL) { - if (count <= sizeof stackBuf) { + if (buffer == NULL && count > 0) { + if (count < sizeof stackBuf) { buffer = stackBuf; + goto finalize; } else { - buffer = PORT_Alloc(count); - if (buffer == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } + return SECFailure; } - goto finalize; - } - if (buffer != stackBuf) { - PORT_Free(buffer); } return SECSuccess; } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 835b07c9d..bb8fc675d 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2225,21 +2225,16 @@ PK11Slot * pk11_NewSlotFromID(CK_SLOT_ID slotID, int moduleIndex) static SECStatus pk11_set_user(NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg) { - PK11Slot *slot = (PK11Slot *)arg; - NSSLOWCERTCertTrust trust = *cert->trust; + NSSLOWKEYDBHandle *keydb = (NSSLOWKEYDBHandle *)arg; - if (nsslowkey_KeyForCertExists(slot->keyDB,cert)) { - trust.sslFlags |= CERTDB_USER; - trust.emailFlags |= CERTDB_USER; - trust.objectSigningFlags |= CERTDB_USER; + if (nsslowkey_KeyForCertExists(keydb,cert)) { + cert->trust->sslFlags |= CERTDB_USER; + cert->trust->emailFlags |= CERTDB_USER; + cert->trust->objectSigningFlags |= CERTDB_USER; } else { - trust.sslFlags &= ~CERTDB_USER; - trust.emailFlags &= ~CERTDB_USER; - trust.objectSigningFlags &= ~CERTDB_USER; - } - - if (PORT_Memcmp(&trust,cert->trust, sizeof (trust)) != 0) { - nsslowcert_ChangeCertTrust(slot->certDB,cert, &trust); + cert->trust->sslFlags &= ~CERTDB_USER; + cert->trust->emailFlags &= ~CERTDB_USER; + cert->trust->objectSigningFlags &= ~CERTDB_USER; } /* should check for email address and make sure we have an s/mime profile */ @@ -2252,7 +2247,7 @@ pk11_DBVerify(PK11Slot *slot) /* walk through all the certs and check to see if there are any * user certs, and make sure there are s/mime profiles for all certs with * email addresses */ - nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot); + nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot->keyDB); return; } |