static void builtins_mdFindObjects_Final ( NSSCKMDFindObjects *mdFindObjects, NSSCKFWFindObjects *fwFindObjects, NSSCKMDSession *mdSession, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance ) { struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc; NSSArena *arena = fo->arena; nss_ZFreeIf(fo->objs); nss_ZFreeIf(fo); nss_ZFreeIf(mdFindObjects); if ((NSSArena *)NULL != arena) { NSSArena_Destroy(arena); } return; }
static void ckmk_mdFindObjects_Final ( NSSCKMDFindObjects *mdFindObjects, NSSCKFWFindObjects *fwFindObjects, NSSCKMDSession *mdSession, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance ) { struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc; NSSArena *arena = fo->arena; PRUint32 i; /* walk down an free the unused 'objs' */ for (i=fo->i; i < fo->n ; i++) { nss_ckmk_DestroyInternalObject(fo->objs[i]); } nss_ZFreeIf(fo->objs); nss_ZFreeIf(fo); nss_ZFreeIf(mdFindObjects); if ((NSSArena *)NULL != arena) { NSSArena_Destroy(arena); } return; }
NSS_IMPLEMENT void nssItem_Destroy(NSSItem *item) { nss_ClearErrorStack(); nss_ZFreeIf(item->data); nss_ZFreeIf(item); }
NSS_IMPLEMENT void nssCryptokiObject_Destroy( nssCryptokiObject *object) { if (object) { nssToken_Destroy(object->token); nss_ZFreeIf(object->label); nss_ZFreeIf(object); } }
/* * nssCKFWHash_Create * */ NSS_IMPLEMENT nssCKFWHash * nssCKFWHash_Create ( NSSCKFWInstance *fwInstance, NSSArena *arena, CK_RV *pError ) { nssCKFWHash *rv; #ifdef NSSDEBUG if (!pError) { return (nssCKFWHash *)NULL; } if( PR_SUCCESS != nssArena_verifyPointer(arena) ) { *pError = CKR_ARGUMENTS_BAD; return (nssCKFWHash *)NULL; } #endif /* NSSDEBUG */ rv = nss_ZNEW(arena, nssCKFWHash); if (!rv) { *pError = CKR_HOST_MEMORY; return (nssCKFWHash *)NULL; } rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError); if (!rv->mutex) { if( CKR_OK == *pError ) { (void)nss_ZFreeIf(rv); *pError = CKR_GENERAL_ERROR; } return (nssCKFWHash *)NULL; } rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena); if (!rv->plHashTable) { (void)nssCKFWMutex_Destroy(rv->mutex); (void)nss_ZFreeIf(rv); *pError = CKR_HOST_MEMORY; return (nssCKFWHash *)NULL; } rv->count = 0; return rv; }
/* # 509 "arena.c" */ PRStatus nssArena_Destroy ( NSSArena *arena ) { PRLock *lock; if( (PRLock *)((void *)0) == arena->lock ) { nss_SetError(NSS_ERROR_INVALID_ARENA); return PR_FAILURE; } PR_Lock(arena->lock); /* # 542 "arena.c" */ PL_FinishArenaPool(&arena->pool); lock = arena->lock; arena->lock = (PRLock *)((void *)0); PR_Unlock(lock); PR_DestroyLock(lock); (void)nss_ZFreeIf(arena); return PR_SUCCESS; }
NSS_IMPLEMENT PRStatus nssDecodedPKIXCertificate_Destroy ( nssDecodedCert *dc ) { CERTCertificate *cert = (CERTCertificate *)dc->data; /* The decoder may only be half initialized (the case where we find we * could not decode the certificate). In this case, there is not cert to * free, just free the dc structure. */ if (cert) { PRBool freeSlot = cert->ownSlot; PK11SlotInfo *slot = cert->slot; PRArenaPool *arena = cert->arena; /* zero cert before freeing. Any stale references to this cert * after this point will probably cause an exception. */ PORT_Memset(cert, 0, sizeof *cert); /* free the arena that contains the cert. */ PORT_FreeArena(arena, PR_FALSE); if (slot && freeSlot) { PK11_FreeSlot(slot); } } nss_ZFreeIf(dc); return PR_SUCCESS; }
NSS_IMPLEMENT nssCryptokiObject * nssToken_FindCertificateByEncodedCertificate ( NSSToken *token, nssSession *sessionOpt, NSSBER *encodedCertificate, nssTokenSearchType searchType, PRStatus *statusOpt ) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE cert_template[3]; CK_ULONG ctsize; nssCryptokiObject **objects; nssCryptokiObject *rvObject = NULL; NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); } else if (searchType == nssTokenSearchType_TokenOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); } NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate); NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); /* get the object handle */ objects = find_objects_by_template(token, sessionOpt, cert_template, ctsize, 1, statusOpt); if (objects) { rvObject = objects[0]; nss_ZFreeIf(objects); } return rvObject; }
/* * nssCKFWSlot_Destroy * */ NSS_IMPLEMENT CK_RV nssCKFWSlot_Destroy( NSSCKFWSlot *fwSlot) { CK_RV error = CKR_OK; #ifdef NSSDEBUG error = nssCKFWSlot_verifyPointer(fwSlot); if (CKR_OK != error) { return error; } #endif /* NSSDEBUG */ if (fwSlot->fwToken) { nssCKFWToken_Destroy(fwSlot->fwToken); } (void)nssCKFWMutex_Destroy(fwSlot->mutex); if (fwSlot->mdSlot->Destroy) { fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance); } #ifdef DEBUG error = slot_remove_pointer(fwSlot); #endif /* DEBUG */ (void)nss_ZFreeIf(fwSlot); return error; }
NSS_IMPLEMENT nssCryptokiObject * nssCryptokiObject_Create ( NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h ) { PRStatus status; NSSSlot *slot; nssCryptokiObject *object; CK_BBOOL *isTokenObject; CK_ATTRIBUTE cert_template[] = { { CKA_TOKEN, NULL, 0 }, { CKA_LABEL, NULL, 0 } }; slot = nssToken_GetSlot(t); status = nssCKObject_GetAttributes(h, cert_template, 2, NULL, session, slot); nssSlot_Destroy(slot); if (status != PR_SUCCESS) { /* a failure here indicates a device error */ return (nssCryptokiObject *)NULL; } object = nss_ZNEW(NULL, nssCryptokiObject); if (!object) { return (nssCryptokiObject *)NULL; } object->handle = h; object->token = nssToken_AddRef(t); isTokenObject = (CK_BBOOL *)cert_template[0].pValue; object->isTokenObject = *isTokenObject; nss_ZFreeIf(isTokenObject); NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label); return object; }
/* XXX ?there are no session cert objects, so only search token objects */ NSS_IMPLEMENT nssCryptokiObject * nssToken_FindPublicKeyByID ( NSSToken *token, nssSession *sessionOpt, NSSItem *keyID ) { CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE key_template[3]; CK_ULONG ktsize; nssCryptokiObject **objects; nssCryptokiObject *rvKey = NULL; NSS_CK_TEMPLATE_START(key_template, attr, ktsize); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_pubkey); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID); NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize); objects = find_objects_by_template(token, sessionOpt, key_template, ktsize, 1, NULL); if (objects) { rvKey = objects[0]; nss_ZFreeIf(objects); } return rvKey; }
/* # 404 "arena.c" */ NSSArena * nssArena_Create ( void ) { NSSArena *rv = (NSSArena *)((void *)0); rv = ((NSSArena *)nss_ZAlloc(((NSSArena *)((void *)0)), sizeof(NSSArena))); if( (NSSArena *)((void *)0) == rv ) { nss_SetError(NSS_ERROR_NO_MEMORY); return (NSSArena *)((void *)0); } rv->lock = PR_NewLock(); if( (PRLock *)((void *)0) == rv->lock ) { (void)nss_ZFreeIf(rv); nss_SetError(NSS_ERROR_NO_MEMORY); return (NSSArena *)((void *)0); } /* # 442 "arena.c" */ PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double)); /* # 457 "arena.c" */ return rv; }
static void PR_CALLBACK nss_arena_hash_free_table ( void *pool, void *item ) { (void)nss_ZFreeIf(item); }
NSS_IMPLEMENT NSSItem * nssToken_FinishDigest ( NSSToken *tok, nssSession *sessionOpt, NSSItem *rvOpt, NSSArena *arenaOpt ) { CK_RV ckrv; CK_ULONG digestLen; CK_BYTE_PTR digest; NSSItem *rvItem = NULL; void *epv = nssToken_GetCryptokiEPV(tok); nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession; /* Don't ask the module to use an invalid session handle. */ if (!session || session->handle == CK_INVALID_SESSION) { PORT_SetError(SEC_ERROR_NO_TOKEN); return NULL; } nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen); if (ckrv != CKR_OK || digestLen == 0) { nssSession_ExitMonitor(session); return NULL; } digest = NULL; if (rvOpt) { if (rvOpt->size > 0 && rvOpt->size < digestLen) { nssSession_ExitMonitor(session); /* the error should be bad args */ return NULL; } if (rvOpt->data) { digest = rvOpt->data; } digestLen = rvOpt->size; } if (!digest) { digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen); if (!digest) { nssSession_ExitMonitor(session); return NULL; } } ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen); nssSession_ExitMonitor(session); if (ckrv != CKR_OK) { nss_ZFreeIf(digest); return NULL; } if (!rvOpt) { rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest); } return rvItem; }
static CK_RV nss_ckmdSessionObject_Destroy ( NSSCKMDObject *mdObject, NSSCKFWObject *fwObject, NSSCKMDSession *mdSession, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, NSSCKFWToken *fwToken, NSSCKMDInstance *mdInstance, NSSCKFWInstance *fwInstance ) { #ifdef NSSDEBUG CK_RV error = CKR_OK; #endif /* NSSDEBUG */ nssCKMDSessionObject *mdso; CK_ULONG i; #ifdef NSSDEBUG error = nss_ckmdSessionObject_verifyPointer(mdObject); if( CKR_OK != error ) { return error; } #endif /* NSSDEBUG */ mdso = (nssCKMDSessionObject *)mdObject->etc; nssCKFWHash_Remove(mdso->hash, mdObject); for( i = 0; i < mdso->n; i++ ) { nss_ZFreeIf(mdso->attributes[i].data); } nss_ZFreeIf(mdso->attributes); nss_ZFreeIf(mdso->types); nss_ZFreeIf(mdso); nss_ZFreeIf(mdObject); #ifdef DEBUG (void)nss_ckmdSessionObject_remove_pointer(mdObject); #endif /* DEBUG */ return CKR_OK; }
/* find all the certs that represent the appropriate object (cert, priv key, or * pub key) in the cert store. */ static PRUint32 collect_class( CK_OBJECT_CLASS objClass, SecItemClass itemClass, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, ckmkInternalObject ***listp, PRUint32 *sizep, PRUint32 count, CK_RV *pError ) { ckmkInternalObject *next = NULL; SecKeychainSearchRef searchRef = 0; SecKeychainItemRef itemRef = 0; OSStatus error; /* future, build the attribute list based on the template * so we can refine the search */ error = SecKeychainSearchCreateFromAttributes( NULL, itemClass, NULL, &searchRef); while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) { /* if we don't have an internal object structure, get one */ if ((ckmkInternalObject *)NULL == next) { next = nss_ZNEW(NULL, ckmkInternalObject); if ((ckmkInternalObject *)NULL == next) { *pError = CKR_HOST_MEMORY; goto loser; } } /* fill in the relevant object data */ next->type = ckmkItem; next->objClass = objClass; next->u.item.itemRef = itemRef; next->u.item.itemClass = itemClass; /* see if this is one of the objects we are looking for */ if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) { /* yes, put it on the list */ PUT_OBJECT(next, *pError, *sizep, count, *listp); next = NULL; /* this one is on the list, need to allocate a new one now */ } else { /* no , release the current item and clear out the structure for reuse */ CFRelease(itemRef); /* don't cache the values we just loaded */ nsslibc_memset(next, 0, sizeof(*next)); } } loser: if (searchRef) { CFRelease(searchRef); } nss_ZFreeIf(next); return count; }
/* * nssHash_create * */ NSS_IMPLEMENT nssHash * nssHash_Create ( NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash, PLHashComparator keyCompare, PLHashComparator valueCompare ) { nssHash *rv; NSSArena *arena; PRBool i_alloced; #ifdef NSSDEBUG if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { nss_SetError(NSS_ERROR_INVALID_POINTER); return (nssHash *)NULL; } #endif /* NSSDEBUG */ if (arenaOpt) { arena = arenaOpt; i_alloced = PR_FALSE; } else { arena = nssArena_Create(); i_alloced = PR_TRUE; } rv = nss_ZNEW(arena, nssHash); if( (nssHash *)NULL == rv ) { goto loser; } rv->mutex = PZ_NewLock(nssILockOther); if( (PZLock *)NULL == rv->mutex ) { goto loser; } rv->plHashTable = PL_NewHashTable(numBuckets, keyHash, keyCompare, valueCompare, &nssArenaHashAllocOps, arena); if( (PLHashTable *)NULL == rv->plHashTable ) { (void)PZ_DestroyLock(rv->mutex); goto loser; } rv->count = 0; rv->arena = arena; rv->i_alloced_arena = i_alloced; return rv; loser: (void)nss_ZFreeIf(rv); return (nssHash *)NULL; }
/* * nssCKFWHash_Destroy * */ NSS_IMPLEMENT void nssCKFWHash_Destroy ( nssCKFWHash *hash ) { (void)nssCKFWMutex_Destroy(hash->mutex); PL_HashTableDestroy(hash->plHashTable); (void)nss_ZFreeIf(hash); }
static void md5_hash(NSSItem *input, NSSItem *output) { NSSAlgorithmAndParameters *ap; PK11SlotInfo *internal = PK11_GetInternalSlot(); NSSToken *token = PK11Slot_GetNSSToken(internal); ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL); (void)nssToken_Digest(token, NULL, ap, input, output, NULL); PK11_FreeSlot(token->pk11slot); nss_ZFreeIf(ap); }
NSS_IMPLEMENT NSSItem * nssItem_Create ( NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length, const void *data ) { NSSItem *rv = (NSSItem *)NULL; #ifdef DEBUG if( (NSSArena *)NULL != arenaOpt ) { if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { return (NSSItem *)NULL; } } if( (const void *)NULL == data ) { if( length > 0 ) { nss_SetError(NSS_ERROR_INVALID_POINTER); return (NSSItem *)NULL; } } #endif /* DEBUG */ if( (NSSItem *)NULL == rvOpt ) { rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem); if( (NSSItem *)NULL == rv ) { goto loser; } } else { rv = rvOpt; } rv->size = length; rv->data = nss_ZAlloc(arenaOpt, length); if( (void *)NULL == rv->data ) { goto loser; } if( length > 0 ) { (void)nsslibc_memcpy(rv->data, data, length); } return rv; loser: if( rv != rvOpt ) { nss_ZFreeIf(rv); } return (NSSItem *)NULL; }
NSS_IMPLEMENT PRStatus nssSession_Destroy(nssSession *s) { PRStatus rv = PR_SUCCESS; if (s) { if (s->isRW) { PK11_RestoreROSession(s->slot->pk11slot, s->handle); } rv = nss_ZFreeIf(s); } return rv; }
static void PR_CALLBACK nss_arena_hash_free_entry ( void *pool, PLHashEntry *he, PRUintn flag ) { if( HT_FREE_ENTRY == flag ) { (void)nss_ZFreeIf(he); } }
/* * nssHash_Destroy * */ NSS_IMPLEMENT void nssHash_Destroy ( nssHash *hash ) { (void)PZ_DestroyLock(hash->mutex); PL_HashTableDestroy(hash->plHashTable); if (hash->i_alloced_arena) { nssArena_Destroy(hash->arena); } else { nss_ZFreeIf(hash); } }
NSS_IMPLEMENT PRStatus nssSession_Destroy ( nssSession *s ) { CK_RV ckrv = CKR_OK; if (s) { if (s->isRW) { PK11_RestoreROSession(s->slot->pk11slot, s->handle); } nss_ZFreeIf(s); } return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; }
static void match_nickname(const void *k, void *v, void *a) { PRStatus nssrv; NSSCertificate *c; NSSUTF8 *nickname; nssList *subjectList = (nssList *)v; struct nickname_template_str *nt = (struct nickname_template_str *)a; nssrv = nssList_GetArray(subjectList, (void **)&c, 1); nickname = nssCertificate_GetNickname(c, NULL); if (nssrv == PR_SUCCESS && nickname && nssUTF8_Equal(nickname, nt->nickname, &nssrv)) { nt->subjectList = subjectList; } nss_ZFreeIf(nickname); }
NSS_IMPLEMENT void nss_dbm_db_close ( nss_dbm_db_t *db ) { if( (NSSCKFWMutex *)NULL != db->crustylock ) { (void)NSSCKFWMutex_Destroy(db->crustylock); } if( (DB *)NULL != db->db ) { (void)db->db->close(db->db); } nss_ZFreeIf(db); }
/* * nssCKFWCryptoOperation_Destroy */ NSS_EXTERN void nssCKFWCryptoOperation_Destroy ( NSSCKFWCryptoOperation *fwOperation ) { if ((NSSCKMDCryptoOperation *) NULL != fwOperation->mdOperation) { if ((void *) NULL != (void *)fwOperation->mdOperation->Destroy) { fwOperation->mdOperation->Destroy( fwOperation->mdOperation, fwOperation, fwOperation->mdInstance, fwOperation->fwInstance); } } nss_ZFreeIf(fwOperation); }
/* ** Delete trust objects matching the given slot. ** Returns error if a device fails to delete. ** ** This function has the side effect of moving the ** surviving entries to the front of the object list ** and nullifying the rest. */ static PRStatus DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { int numNotDestroyed = 0; /* the ones skipped plus the failures */ int failureCount = 0; /* actual deletion failures by devices */ unsigned int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); /* Keep going even if a module fails to delete. */ for (index = 0; index < tObject->numInstances; index++) { nssCryptokiObject *instance = tObject->instances[index]; if (!instance) { continue; } /* ReadOnly and not matched treated the same */ if (PK11_IsReadOnly(instance->token->pk11slot) || pk11slot != instance->token->pk11slot) { tObject->instances[numNotDestroyed++] = instance; continue; } /* Here we have found a matching one */ tObject->instances[index] = NULL; if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) { nssCryptokiObject_Destroy(instance); } else { tObject->instances[numNotDestroyed++] = instance; failureCount++; } } if (numNotDestroyed == 0) { nss_ZFreeIf(tObject->instances); tObject->numInstances = 0; } else { tObject->numInstances = numNotDestroyed; } nssPKIObject_Unlock(tObject); nssPKIObject_Destroy(tObject); return failureCount == 0 ? PR_SUCCESS : PR_FAILURE; }
NSS_IMPLEMENT nssSession * nssSlot_CreateSession ( NSSSlot *slot, NSSArena *arenaOpt, PRBool readWrite ) { nssSession *rvSession; if (!readWrite) { /* nss3hack version only returns rw swssions */ return NULL; } rvSession = nss_ZNEW(arenaOpt, nssSession); if (!rvSession) { return (nssSession *)NULL; } rvSession->handle = PK11_GetRWSession(slot->pk11slot); if (rvSession->handle == CK_INVALID_HANDLE) { nss_ZFreeIf(rvSession); return NULL; } rvSession->isRW = PR_TRUE; rvSession->slot = slot; /* * The session doesn't need its own lock. Here's why. * 1. If we are reusing the default RW session of the slot, * the slot lock is already locked to protect the session. * 2. If the module is not thread safe, the slot (or rather * module) lock is already locked. * 3. If the module is thread safe and we are using a new * session, no higher-level lock has been locked and we * would need a lock for the new session. However, the * current usage of the session is that it is always * used and destroyed within the same function and never * shared with another thread. * So the session is either already protected by another * lock or only used by one thread. */ rvSession->lock = NULL; rvSession->ownLock = PR_FALSE; return rvSession; }
static PRStatus add_certificate_entry ( nssCertificateStore *store, NSSCertificate *cert ) { PRStatus nssrv; certificate_hash_entry *entry; entry = nss_ZNEW(cert->object.arena, certificate_hash_entry); if (!entry) { return PR_FAILURE; } entry->cert = cert; nssrv = nssHash_Add(store->issuer_and_serial, cert, entry); if (nssrv != PR_SUCCESS) { nss_ZFreeIf(entry); } return nssrv; }