예제 #1
0
NSS_IMPLEMENT NSSCKMDToken *
nss_dbm_mdToken_factory
(
  nss_dbm_slot_t *slot,
  CK_RV *pError
)
{
  nss_dbm_token_t *token;
  NSSCKMDToken *rv;

  token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t);
  if( (nss_dbm_token_t *)NULL == token ) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKMDToken *)NULL;
  }

  rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken);
  if( (NSSCKMDToken *)NULL == rv ) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKMDToken *)NULL;
  }

  token->slot = slot;

  rv->etc = (void *)token;
  rv->Setup = nss_dbm_mdToken_Setup;
  rv->Invalidate = nss_dbm_mdToken_Invalidate;
  rv->InitToken = nss_dbm_mdToken_InitToken;
  rv->GetLabel = nss_dbm_mdToken_GetLabel;
  rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID;
  rv->GetModel = nss_dbm_mdToken_GetModel;
  /*  GetSerialNumber is irrelevant */
  /*  GetHasRNG defaults to CK_FALSE */
  rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected;
  /*  GetLoginRequired defaults to CK_FALSE */
  /*  GetUserPinInitialized defaults to CK_FALSE */
  /*  GetRestoreKeyNotNeeded is irrelevant */
  /*  GetHasClockOnToken defaults to CK_FALSE */
  /*  GetHasProtectedAuthenticationPath defaults to CK_FALSE */
  /*  GetSupportsDualCryptoOperations is irrelevant */
  rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite;
  rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite;
  /*  GetMaxPinLen is irrelevant */
  /*  GetMinPinLen is irrelevant */
  /*  GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
  /*  GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
  /*  GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
  /*  GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
  rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion;
  /*  GetFirmwareVersion is irrelevant */
  /*  GetUTCTime is irrelevant */
  rv->OpenSession = nss_dbm_mdToken_OpenSession;
  rv->null = NULL;

  return rv;
}
예제 #2
0
NSS_IMPLEMENT NSSCryptoContext *
nssCryptoContext_Create (
  NSSTrustDomain *td,
  NSSCallback *uhhOpt
)
{
    NSSArena *arena;
    NSSCryptoContext *rvCC;
    arena = NSSArena_Create();
    if (!arena) {
	return NULL;
    }
    rvCC = nss_ZNEW(arena, NSSCryptoContext);
    if (!rvCC) {
	return NULL;
    }
    rvCC->td = td;
    rvCC->arena = arena;
    rvCC->certStore = nssCertificateStore_Create(rvCC->arena);
    if (!rvCC->certStore) {
	nssArena_Destroy(arena);
	return NULL;
    }

    return rvCC;
}
예제 #3
0
static NSSSlot *
nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
    NSSSlot *rvSlot;
    NSSArena *arena;
    arena = nssArena_Create();
    if (!arena) {
	return NULL;
    }
    rvSlot = nss_ZNEW(arena, NSSSlot);
    if (!rvSlot) {
	nssArena_Destroy(arena);
	return NULL;
    }
    rvSlot->base.refCount = 1;
    rvSlot->base.lock = PZ_NewLock(nssILockOther);
    rvSlot->base.arena = arena;
    rvSlot->pk11slot = nss3slot;
    rvSlot->epv = nss3slot->functionList;
    rvSlot->slotID = nss3slot->slotID;
    /* Grab the slot name from the PKCS#11 fixed-length buffer */
    rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name,td->arena);
    rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
    return rvSlot;
}
예제 #4
0
NSS_IMPLEMENT NSSCRL *
nssCRL_Create (
  nssPKIObject *object
)
{
    PRStatus status;
    NSSCRL *rvCRL;
    NSSArena *arena = object->arena;
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvCRL = nss_ZNEW(arena, NSSCRL);
    if (!rvCRL) {
	return (NSSCRL *)NULL;
    }
    rvCRL->object = *object;
    /* XXX should choose instance based on some criteria */
    status = nssCryptokiCRL_GetAttributes(object->instances[0],
                                          NULL,  /* XXX sessionOpt */
                                          arena,
                                          &rvCRL->encoding,
                                          NULL, /* subject */
                                          NULL, /* class */
                                          &rvCRL->url,
                                          &rvCRL->isKRL);
    if (status != PR_SUCCESS) {
	return (NSSCRL *)NULL;
    }
    return rvCRL;
}
예제 #5
0
NSS_IMPLEMENT NSSCKMDObject *
nss_dbm_mdObject_factory
(
  nss_dbm_object_t *object,
  CK_RV *pError
)
{
  NSSCKMDObject *rv;

  rv = nss_ZNEW(object->arena, NSSCKMDObject);
  if( (NSSCKMDObject *)NULL == rv ) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKMDObject *)NULL;
  }

  rv->etc = (void *)object;
  rv->Finalize = nss_dbm_mdObject_Finalize;
  rv->Destroy = nss_dbm_mdObject_Destroy;
  /*  IsTokenObject can be deferred */
  rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount;
  rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes;
  rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize;
  rv->GetAttribute = nss_dbm_mdObject_GetAttribute;
  rv->SetAttribute = nss_dbm_mdObject_SetAttribute;
  /*  GetObjectSize can be deferred */

  return rv;
}
예제 #6
0
NSS_IMPLEMENT NSSTrustDomain *
NSSTrustDomain_Create (
  NSSUTF8 *moduleOpt,
  NSSUTF8 *uriOpt,
  NSSUTF8 *opaqueOpt,
  void *reserved
)
{
    NSSArena *arena;
    NSSTrustDomain *rvTD;
    arena = NSSArena_Create();
    if(!arena) {
	return (NSSTrustDomain *)NULL;
    }
    rvTD = nss_ZNEW(arena, NSSTrustDomain);
    if (!rvTD) {
	goto loser;
    }
    /* protect the token list and the token iterator */
    rvTD->tokensLock = NSSRWLock_New(100, "tokens");
    if (!rvTD->tokensLock) {
	goto loser;
    }
    nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
    rvTD->arena = arena;
    rvTD->refCount = 1;
    rvTD->statusConfig = NULL;
    return rvTD;
loser:
    if (rvTD && rvTD->tokensLock) {
	NSSRWLock_Destroy(rvTD->tokensLock);
    }
    nssArena_Destroy(arena);
    return (NSSTrustDomain *)NULL;
}
예제 #7
0
/*
 * delete a crl.
 */
SECStatus
SEC_DeletePermCRL(CERTSignedCrl *crl)
{
    PRStatus status;
    NSSToken *token;
    nssCryptokiObject *object;
    PK11SlotInfo *slot = crl->slot;

    if (slot == NULL) {
        PORT_Assert(slot);
	/* shouldn't happen */
	PORT_SetError( SEC_ERROR_CRL_INVALID);
	return SECFailure;
    }
    token = PK11Slot_GetNSSToken(slot);

    object = nss_ZNEW(NULL, nssCryptokiObject);
    if (!object) {
        return SECFailure;
    }
    object->token = nssToken_AddRef(token);
    object->handle = crl->pkcs11ID;
    object->isTokenObject = PR_TRUE;

    status = nssToken_DeleteStoredObject(object);

    nssCryptokiObject_Destroy(object);
    return (status == PR_SUCCESS) ? SECSuccess : SECFailure;
}
예제 #8
0
NSS_IMPLEMENT nssCryptokiObject *
nssCryptokiObject_Create (
  NSSToken *t, 
  nssSession *session,
  CK_OBJECT_HANDLE h
)
{
    PRStatus status;
    NSSSlot *slot;
    nssCryptokiObject *object;
    CK_BBOOL *isTokenObject;
    CK_ATTRIBUTE cert_template[] = {
	{ CKA_TOKEN, NULL, 0 },
	{ CKA_LABEL, NULL, 0 }
    };
    slot = nssToken_GetSlot(t);
    status = nssCKObject_GetAttributes(h, cert_template, 2,
                                       NULL, session, slot);
    nssSlot_Destroy(slot);
    if (status != PR_SUCCESS) {
	/* a failure here indicates a device error */
	return (nssCryptokiObject *)NULL;
    }
    object = nss_ZNEW(NULL, nssCryptokiObject);
    if (!object) {
	return (nssCryptokiObject *)NULL;
    }
    object->handle = h;
    object->token = nssToken_AddRef(t);
    isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
    object->isTokenObject = *isTokenObject;
    nss_ZFreeIf(isTokenObject);
    NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
    return object;
}
예제 #9
0
/*
 *  nssCKFWCrytoOperation_Create
 */
NSS_EXTERN NSSCKFWCryptoOperation *
nssCKFWCryptoOperation_Create(
  NSSCKMDCryptoOperation *mdOperation,
  NSSCKMDSession *mdSession,
  NSSCKFWSession *fwSession,
  NSSCKMDToken *mdToken,
  NSSCKFWToken *fwToken,
  NSSCKMDInstance *mdInstance,
  NSSCKFWInstance *fwInstance,
  NSSCKFWCryptoOperationType type,
  CK_RV *pError
)
{
  NSSCKFWCryptoOperation *fwOperation;
  fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
  if ((NSSCKFWCryptoOperation *)NULL == fwOperation) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKFWCryptoOperation *)NULL;
  }
  fwOperation->mdOperation = mdOperation; 
  fwOperation->mdSession = mdSession; 
  fwOperation->fwSession = fwSession; 
  fwOperation->mdToken = mdToken; 
  fwOperation->fwToken = fwToken; 
  fwOperation->mdInstance = mdInstance; 
  fwOperation->fwInstance = fwInstance; 
  fwOperation->type = type; 
  return fwOperation;
}
예제 #10
0
/* Returns NULL if "encoding" cannot be decoded. */
NSS_IMPLEMENT nssDecodedCert *
nssDecodedPKIXCertificate_Create (
  NSSArena *arenaOpt,
  NSSDER *encoding
)
{
    nssDecodedCert  *rvDC = NULL;
    CERTCertificate *cert;
    SECItem          secDER;

    SECITEM_FROM_NSSITEM(&secDER, encoding);
    cert = CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL);
    if (cert) {
	rvDC = nss_ZNEW(arenaOpt, nssDecodedCert);
	if (rvDC) {
	    rvDC->type                = NSSCertificateType_PKIX;
	    rvDC->data                = (void *)cert;
	    rvDC->getIdentifier       = nss3certificate_getIdentifier;
	    rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier;
	    rvDC->matchIdentifier     = nss3certificate_matchIdentifier;
	    rvDC->isValidIssuer       = nss3certificate_isValidIssuer;
	    rvDC->getUsage            = nss3certificate_getUsage;
	    rvDC->isValidAtTime       = nss3certificate_isValidAtTime;
	    rvDC->isNewerThan         = nss3certificate_isNewerThan;
	    rvDC->matchUsage          = nss3certificate_matchUsage;
	    rvDC->isTrustedForUsage   = nss3certificate_isTrustedForUsage;
	    rvDC->getEmailAddress     = nss3certificate_getEmailAddress;
	    rvDC->getDERSerialNumber  = nss3certificate_getDERSerialNumber;
	} else {
	    CERT_DestroyCertificate(cert);
	}
    }
    return rvDC;
}
예제 #11
0
파일: slot.c 프로젝트: lofter2011/Icefox
NSS_IMPLEMENT NSSCKMDSlot *
nss_dbm_mdSlot_factory
(
    nss_dbm_instance_t *instance,
    char *filename,
    int flags,
    CK_RV *pError
)
{
    nss_dbm_slot_t *slot;
    NSSCKMDSlot *rv;

    slot = nss_ZNEW(instance->arena, nss_dbm_slot_t);
    if( (nss_dbm_slot_t *)NULL == slot ) {
        *pError = CKR_HOST_MEMORY;
        return (NSSCKMDSlot *)NULL;
    }

    slot->instance = instance;
    slot->filename = filename;
    slot->flags = flags;
    slot->token_db = (nss_dbm_db_t *)NULL;

    rv = nss_ZNEW(instance->arena, NSSCKMDSlot);
    if( (NSSCKMDSlot *)NULL == rv ) {
        *pError = CKR_HOST_MEMORY;
        return (NSSCKMDSlot *)NULL;
    }

    rv->etc = (void *)slot;
    rv->Initialize = nss_dbm_mdSlot_Initialize;
    rv->Destroy = nss_dbm_mdSlot_Destroy;
    rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription;
    rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID;
    rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent;
    rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice;
    /*  GetHardwareSlot */
    /*  GetHardwareVersion */
    /*  GetFirmwareVersion */
    rv->GetToken = nss_dbm_mdSlot_GetToken;
    rv->null = (void *)NULL;

    return rv;
}
예제 #12
0
NSS_IMPLEMENT nssCertificateStore *
nssCertificateStore_Create (
  NSSArena *arenaOpt
)
{
    NSSArena *arena;
    nssCertificateStore *store;
    PRBool i_alloced_arena;
    if (arenaOpt) {
	arena = arenaOpt;
	i_alloced_arena = PR_FALSE;
    } else {
	arena = nssArena_Create();
	if (!arena) {
	    return NULL;
	}
	i_alloced_arena = PR_TRUE;
    }
    store = nss_ZNEW(arena, nssCertificateStore);
    if (!store) {
	goto loser;
    }
    store->lock = PZ_NewLock(nssILockOther);
    if (!store->lock) {
	goto loser;
    }
    /* Create the issuer/serial --> {cert, trust, S/MIME profile } hash */
    store->issuer_and_serial = nssHash_CreateCertificate(arena, 0);
    if (!store->issuer_and_serial) {
	goto loser;
    }
    /* Create the subject DER --> subject list hash */
    store->subject = nssHash_CreateItem(arena, 0);
    if (!store->subject) {
	goto loser;
    }
    store->arena = arena;
    store->i_alloced_arena = i_alloced_arena;
    return store;
loser:
    if (store) {
	if (store->lock) {
	    PZ_DestroyLock(store->lock);
	}
	if (store->issuer_and_serial) {
	    nssHash_Destroy(store->issuer_and_serial);
	}
	if (store->subject) {
	    nssHash_Destroy(store->subject);
	}
    }
    if (i_alloced_arena) {
	nssArena_Destroy(arena);
    }
    return NULL;
}
예제 #13
0
NSSToken *
nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
{
    NSSToken *rvToken;
    NSSArena *arena;

    /* Don't create a token object for a disabled slot */
    if (nss3slot->disabled) {
	PORT_SetError(SEC_ERROR_NO_TOKEN);
	return NULL;
    }
    arena = nssArena_Create();
    if (!arena) {
	return NULL;
    }
    rvToken = nss_ZNEW(arena, NSSToken);
    if (!rvToken) {
	nssArena_Destroy(arena);
	return NULL;
    }
    rvToken->base.refCount = 1;
    rvToken->base.lock = PZ_NewLock(nssILockOther);
    if (!rvToken->base.lock) {
	nssArena_Destroy(arena);
	return NULL;
    }
    rvToken->base.arena = arena;
    rvToken->pk11slot = nss3slot;
    rvToken->epv = nss3slot->functionList;
    rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
                                                       nss3slot->session,
                                                       nss3slot->sessionLock,
                                                       nss3slot->defRWSession);
    /* continue, even if rvToken->defaultSession is NULL */
    if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
	rvToken->cache = nssTokenObjectCache_Create(rvToken, 
	                                            PR_TRUE, PR_TRUE, PR_TRUE);
	if (!rvToken->cache)
	    goto loser;
    }
    rvToken->trustDomain = td;
    /* Grab the token name from the PKCS#11 fixed-length buffer */
    rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name,td->arena);
    rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
    if (!rvToken->slot) {
        goto loser;
    }
    rvToken->slot->token = rvToken;
    if (rvToken->defaultSession)
	rvToken->defaultSession->slot = rvToken->slot;
    return rvToken;
loser:
    PZ_DestroyLock(rvToken->base.lock);
    nssArena_Destroy(arena);
    return NULL;
}
예제 #14
0
/* find all the certs that represent the appropriate object (cert, priv key, or
 *  pub key) in the cert store.
 */
static PRUint32
collect_class(
  CK_OBJECT_CLASS objClass,
  SecItemClass itemClass,
  CK_ATTRIBUTE_PTR pTemplate, 
  CK_ULONG ulAttributeCount, 
  ckmkInternalObject ***listp,
  PRUint32 *sizep,
  PRUint32 count,
  CK_RV *pError
)
{
  ckmkInternalObject *next = NULL;
  SecKeychainSearchRef searchRef = 0;
  SecKeychainItemRef itemRef = 0;
  OSStatus error;

  /* future, build the attribute list based on the template
   * so we can refine the search */
  error = SecKeychainSearchCreateFromAttributes( 
		NULL, itemClass, NULL, &searchRef);

  while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
    /* if we don't have an internal object structure, get one */
    if ((ckmkInternalObject *)NULL == next) {
      next = nss_ZNEW(NULL, ckmkInternalObject);
      if ((ckmkInternalObject *)NULL == next) {
        *pError = CKR_HOST_MEMORY;
        goto loser;
      }
    }
    /* fill in the relevant object data */
    next->type = ckmkItem;
    next->objClass = objClass;
    next->u.item.itemRef = itemRef;
    next->u.item.itemClass = itemClass;

    /* see if this is one of the objects we are looking for */
    if( CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next) ) {
      /* yes, put it on the list */
      PUT_OBJECT(next, *pError, *sizep, count, *listp);
      next = NULL; /* this one is on the list, need to allocate a new one now */
    } else {
      /* no , release the current item and clear out the structure for reuse */
      CFRelease(itemRef);
      /* don't cache the values we just loaded */
      nsslibc_memset(next, 0, sizeof(*next));
    }
  }
loser:
  if (searchRef) {
    CFRelease(searchRef);
  }
  nss_ZFreeIf(next);
  return count;
}
예제 #15
0
/*
 * nssHash_create
 *
 */
NSS_IMPLEMENT nssHash *
nssHash_Create
(
  NSSArena *arenaOpt,
  PRUint32 numBuckets,
  PLHashFunction keyHash,
  PLHashComparator keyCompare,
  PLHashComparator valueCompare
)
{
  nssHash *rv;
  NSSArena *arena;
  PRBool i_alloced;

#ifdef NSSDEBUG
  if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
    nss_SetError(NSS_ERROR_INVALID_POINTER);
    return (nssHash *)NULL;
  }
#endif /* NSSDEBUG */

  if (arenaOpt) {
    arena = arenaOpt;
    i_alloced = PR_FALSE;
  } else {
    arena = nssArena_Create();
    i_alloced = PR_TRUE;
  }

  rv = nss_ZNEW(arena, nssHash);
  if( (nssHash *)NULL == rv ) {
    goto loser;
  }

  rv->mutex = PZ_NewLock(nssILockOther);
  if( (PZLock *)NULL == rv->mutex ) {
    goto loser;
  }

  rv->plHashTable = PL_NewHashTable(numBuckets, 
                                    keyHash, keyCompare, valueCompare,
                                    &nssArenaHashAllocOps, arena);
  if( (PLHashTable *)NULL == rv->plHashTable ) {
    (void)PZ_DestroyLock(rv->mutex);
    goto loser;
  }

  rv->count = 0;
  rv->arena = arena;
  rv->i_alloced_arena = i_alloced;

  return rv;
loser:
  (void)nss_ZFreeIf(rv);
  return (nssHash *)NULL;
}
예제 #16
0
static NSSCKMDObject *
nss_dbm_mdSession_CreateObject
(
  NSSCKMDSession *mdSession,
  NSSCKFWSession *fwSession,
  NSSCKMDToken *mdToken,
  NSSCKFWToken *fwToken,
  NSSCKMDInstance *mdInstance,
  NSSCKFWInstance *fwInstance,
  NSSArena *handyArenaPointer,
  CK_ATTRIBUTE_PTR pTemplate,
  CK_ULONG ulAttributeCount,
  CK_RV *pError
)
{
  nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
  nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
  CK_ULONG i;
  CK_BBOOL isToken = CK_FALSE; /* defaults to false */
  NSSCKMDObject *rv;
  struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL;
  nss_dbm_object_t *object;
  nss_dbm_db_t *which_db;

  /* This framework should really pass this to me */
  for( i = 0; i < ulAttributeCount; i++ ) {
    if( CKA_TOKEN == pTemplate[i].type ) {
      isToken = *(CK_BBOOL *)pTemplate[i].pValue;
      break;
    }
  }

  object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t);
  if( (nss_dbm_object_t *)NULL == object ) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKMDObject *)NULL;
  }

  object->arena = handyArenaPointer;
  which_db = isToken ? token->slot->token_db : token->session_db;

  /* Do this before the actual database call; it's easier to recover from */
  rv = nss_dbm_mdObject_factory(object, pError);
  if( (NSSCKMDObject *)NULL == rv ) {
    return (NSSCKMDObject *)NULL;
  }

  if( CK_FALSE == isToken ) {
    node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node);
    if( (struct nss_dbm_dbt_node *)NULL == node ) {
      *pError = CKR_HOST_MEMORY;
      return (NSSCKMDObject *)NULL;
    }
  }
예제 #17
0
NSS_IMPLEMENT NSSItem *
nssItem_Create
(
  NSSArena *arenaOpt,
  NSSItem *rvOpt,
  PRUint32 length,
  const void *data
)
{
  NSSItem *rv = (NSSItem *)NULL;

#ifdef DEBUG
  if( (NSSArena *)NULL != arenaOpt ) {
    if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
      return (NSSItem *)NULL;
    }
  }

  if( (const void *)NULL == data ) {
    if( length > 0 ) {
      nss_SetError(NSS_ERROR_INVALID_POINTER);
      return (NSSItem *)NULL;
    }
  }
#endif /* DEBUG */

  if( (NSSItem *)NULL == rvOpt ) {
    rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
    if( (NSSItem *)NULL == rv ) {
      goto loser;
    }
  } else {
    rv = rvOpt;
  }

  rv->size = length;
  rv->data = nss_ZAlloc(arenaOpt, length);
  if( (void *)NULL == rv->data ) {
    goto loser;
  }

  if( length > 0 ) {
    (void)nsslibc_memcpy(rv->data, data, length);
  }

  return rv;

 loser:
  if( rv != rvOpt ) {
    nss_ZFreeIf(rv);
  }

  return (NSSItem *)NULL;
}
예제 #18
0
파일: hash.c 프로젝트: thespooler/nss
/*
 * nssCKFWHash_Create
 *
 */
NSS_IMPLEMENT nssCKFWHash *
nssCKFWHash_Create
(
  NSSCKFWInstance *fwInstance,
  NSSArena *arena,
  CK_RV *pError
)
{
  nssCKFWHash *rv;

#ifdef NSSDEBUG
  if (!pError) {
    return (nssCKFWHash *)NULL;
  }

  if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
    *pError = CKR_ARGUMENTS_BAD;
    return (nssCKFWHash *)NULL;
  }
#endif /* NSSDEBUG */

  rv = nss_ZNEW(arena, nssCKFWHash);
  if (!rv) {
    *pError = CKR_HOST_MEMORY;
    return (nssCKFWHash *)NULL;
  }

  rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
  if (!rv->mutex) {
    if( CKR_OK == *pError ) {
      (void)nss_ZFreeIf(rv);
      *pError = CKR_GENERAL_ERROR;
    }
    return (nssCKFWHash *)NULL;
  }

  rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash, 
    PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
  if (!rv->plHashTable) {
    (void)nssCKFWMutex_Destroy(rv->mutex);
    (void)nss_ZFreeIf(rv);
    *pError = CKR_HOST_MEMORY;
    return (nssCKFWHash *)NULL;
  }

  rv->count = 0;

  return rv;
}
static cache_entry *
new_cache_entry(NSSArena *arena, void *value, PRBool ownArena)
{
    cache_entry *ce = nss_ZNEW(arena, cache_entry);
    if (ce) {
	ce->entry.value = value;
	ce->hits = 1;
	ce->lastHit = PR_Now();
	if (ownArena) {
	    ce->arena = arena;
	}
	ce->nickname = NULL;
    }
    return ce;
}
예제 #20
0
static CK_RV
nss_dbm_mdInstance_Initialize
(
  NSSCKMDInstance *mdInstance,                                    
  NSSCKFWInstance *fwInstance,
  NSSUTF8 *configurationData
)
{
  CK_RV rv = CKR_OK;
  NSSArena *arena;
  nss_dbm_instance_t *instance;

  arena = NSSCKFWInstance_GetArena(fwInstance, &rv);
  if( ((NSSArena *)NULL == arena) && (CKR_OK != rv) ) {
    return rv;
  }

  instance = nss_ZNEW(arena, nss_dbm_instance_t);
  if( (nss_dbm_instance_t *)NULL == instance ) {
    return CKR_HOST_MEMORY;
  }

  instance->arena = arena;

  /*
   * This should parse the configuration data for information on
   * number and locations of databases, modes (e.g. readonly), etc.
   * But for now, we'll have one slot with a creatable read-write
   * database called "cert8.db."
   */

  instance->nSlots = 1;
  instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots);
  if( (char **)NULL == instance->filenames ) {
    return CKR_HOST_MEMORY;
  }

  instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots);
  if( (int *)NULL == instance->flags ) {
    return CKR_HOST_MEMORY;
  }

  instance->filenames[0] = "cert8.db";
  instance->flags[0] = O_RDWR|O_CREAT;

  mdInstance->etc = (void *)instance;
  return CKR_OK;
}
예제 #21
0
파일: devutil.c 프로젝트: emaldona/nss
NSS_IMPLEMENT nssCryptokiObject *
nssCryptokiObject_Clone(
    nssCryptokiObject *object)
{
    nssCryptokiObject *rvObject;
    rvObject = nss_ZNEW(NULL, nssCryptokiObject);
    if (rvObject) {
        rvObject->handle = object->handle;
        rvObject->token = nssToken_AddRef(object->token);
        rvObject->isTokenObject = object->isTokenObject;
        if (object->label) {
            rvObject->label = nssUTF8_Duplicate(object->label, NULL);
        }
    }
    return rvObject;
}
예제 #22
0
NSS_IMPLEMENT nssSession *
nssSession_ImportNSS3Session(NSSArena *arenaOpt,
                             CK_SESSION_HANDLE session, 
                             PZLock *lock, PRBool rw)
{
    nssSession *rvSession = NULL;
    if (session != CK_INVALID_SESSION) {
	rvSession = nss_ZNEW(arenaOpt, nssSession);
	if (rvSession) {
	    rvSession->handle = session;
	    rvSession->lock = lock;
	    rvSession->ownLock = PR_FALSE;
	    rvSession->isRW = rw;
	}
    }
    return rvSession;
}
예제 #23
0
NSS_IMPLEMENT NSSCKMDSession *
nss_ckmk_CreateSession
(
  NSSCKFWSession *fwSession,
  CK_RV *pError
)
{
  NSSArena *arena;
  NSSCKMDSession *rv;

  arena = NSSCKFWSession_GetArena(fwSession, pError);
  if( (NSSArena *)NULL == arena ) {
    return (NSSCKMDSession *)NULL;
  }

  rv = nss_ZNEW(arena, NSSCKMDSession);
  if( (NSSCKMDSession *)NULL == rv ) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKMDSession *)NULL;
  }

  /* 
   * rv was zeroed when allocated, so we only 
   * need to set the non-zero members.
   */

  rv->etc = (void *)fwSession;
  /* rv->Close */
  /* rv->GetDeviceError */
  /* rv->Login */
  /* rv->Logout */
  /* rv->InitPIN */
  /* rv->SetPIN */
  /* rv->GetOperationStateLen */
  /* rv->GetOperationState */
  /* rv->SetOperationState */
  rv->CreateObject = ckmk_mdSession_CreateObject;
  /* rv->CopyObject */
  rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit;
  /* rv->SeedRandom */
  /* rv->GetRandom */
  /* rv->null */

  return rv;
}
NSS_IMPLEMENT nssSession *
nssSlot_CreateSession
(
  NSSSlot *slot,
  NSSArena *arenaOpt,
  PRBool readWrite
)
{
    nssSession *rvSession;

    if (!readWrite) {
	/* nss3hack version only returns rw swssions */
	return NULL;
    }
    rvSession = nss_ZNEW(arenaOpt, nssSession);
    if (!rvSession) {
	return (nssSession *)NULL;
    }

    rvSession->handle = PK11_GetRWSession(slot->pk11slot);
    if (rvSession->handle == CK_INVALID_HANDLE) {
	    nss_ZFreeIf(rvSession);
	    return NULL;
    }
    rvSession->isRW = PR_TRUE;
    rvSession->slot = slot;
    /*
     * The session doesn't need its own lock.  Here's why.
     * 1. If we are reusing the default RW session of the slot,
     *    the slot lock is already locked to protect the session.
     * 2. If the module is not thread safe, the slot (or rather
     *    module) lock is already locked.
     * 3. If the module is thread safe and we are using a new
     *    session, no higher-level lock has been locked and we
     *    would need a lock for the new session.  However, the
     *    current usage of the session is that it is always
     *    used and destroyed within the same function and never
     *    shared with another thread.
     * So the session is either already protected by another
     * lock or only used by one thread.
     */
    rvSession->lock = NULL;
    rvSession->ownLock = PR_FALSE;
    return rvSession;
}
예제 #25
0
static PLHashEntry * PR_CALLBACK
nss_arena_hash_alloc_entry
(
    void *pool,
    const void *key
)
{
    NSSArena *arena = NULL;

#ifdef NSSDEBUG
    if( (void *)NULL != arena ) {
        if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
            return (void *)NULL;
        }
    }
#endif /* NSSDEBUG */

    return nss_ZNEW(arena, PLHashEntry);
}
예제 #26
0
static PRStatus
add_certificate_entry (
  nssCertificateStore *store,
  NSSCertificate *cert
)
{
    PRStatus nssrv;
    certificate_hash_entry *entry;
    entry = nss_ZNEW(cert->object.arena, certificate_hash_entry);
    if (!entry) {
	return PR_FAILURE;
    }
    entry->cert = cert;
    nssrv = nssHash_Add(store->issuer_and_serial, cert, entry);
    if (nssrv != PR_SUCCESS) {
	nss_ZFreeIf(entry);
    }
    return nssrv;
}
예제 #27
0
/* Creates a certificate from a base object */
NSS_IMPLEMENT NSSCertificate *
nssCertificate_Create (
  nssPKIObject *object
)
{
    PRStatus status;
    NSSCertificate *rvCert;
    nssArenaMark * mark;
    NSSArena *arena = object->arena;
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    PR_ASSERT(object->lockType == nssPKIMonitor);
    mark = nssArena_Mark(arena);
    rvCert = nss_ZNEW(arena, NSSCertificate);
    if (!rvCert) {
	return (NSSCertificate *)NULL;
    }
    rvCert->object = *object;
    /* XXX should choose instance based on some criteria */
    status = nssCryptokiCertificate_GetAttributes(object->instances[0],
                                                  NULL,  /* XXX sessionOpt */
                                                  arena,
                                                  &rvCert->type,
                                                  &rvCert->id,
                                                  &rvCert->encoding,
                                                  &rvCert->issuer,
                                                  &rvCert->serial,
                                                  &rvCert->subject);
    if (status != PR_SUCCESS ||
	!rvCert->encoding.data ||
	!rvCert->encoding.size ||
	!rvCert->issuer.data ||
	!rvCert->issuer.size ||
	!rvCert->serial.data ||
	!rvCert->serial.size) {
	if (mark)
	    nssArena_Release(arena, mark);
	return (NSSCertificate *)NULL;
    }
    if (mark)
	nssArena_Unmark(arena, mark);
    return rvCert;
}
예제 #28
0
/*
 * nssCKFWMechanism_Create
 *
 */
NSS_IMPLEMENT NSSCKFWMechanism *
nssCKFWMechanism_Create(
    NSSCKMDMechanism *mdMechanism,
    NSSCKMDToken *mdToken,
    NSSCKFWToken *fwToken,
    NSSCKMDInstance *mdInstance,
    NSSCKFWInstance *fwInstance)
{
    NSSCKFWMechanism *fwMechanism;

    fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
    if (!fwMechanism) {
        return (NSSCKFWMechanism *)NULL;
    }
    fwMechanism->mdMechanism = mdMechanism;
    fwMechanism->mdToken = mdToken;
    fwMechanism->fwToken = fwToken;
    fwMechanism->mdInstance = mdInstance;
    fwMechanism->fwInstance = fwInstance;
    return fwMechanism;
}
NSS_IMPLEMENT NSSCKMDFindObjects *
nss_dbm_mdFindObjects_factory
(
  nss_dbm_find_t *find,
  CK_RV *pError
)
{
  NSSCKMDFindObjects *rv;

  rv = nss_ZNEW(find->arena, NSSCKMDFindObjects);
  if( (NSSCKMDFindObjects *)NULL == rv ) {
    *pError = CKR_HOST_MEMORY;
    return (NSSCKMDFindObjects *)NULL;
  }

  rv->etc = (void *)find;
  rv->Final = nss_dbm_mdFindObjects_Final;
  rv->Next = nss_dbm_mdFindObjects_Next;

  return rv;
}
예제 #30
0
NSS_IMPLEMENT nssSMIMEProfile *
nssSMIMEProfile_Create (
  NSSCertificate *cert,
  NSSItem *profileTime,
  NSSItem *profileData
)
{
    NSSArena *arena;
    nssSMIMEProfile *rvProfile;
    nssPKIObject *object;
    NSSTrustDomain *td = nssCertificate_GetTrustDomain(cert);
    NSSCryptoContext *cc = nssCertificate_GetCryptoContext(cert);
    arena = nssArena_Create();
    if (!arena) {
	return NULL;
    }
    object = nssPKIObject_Create(arena, NULL, td, cc, nssPKILock);
    if (!object) {
	goto loser;
    }
    rvProfile = nss_ZNEW(arena, nssSMIMEProfile);
    if (!rvProfile) {
	goto loser;
    }
    rvProfile->object = *object;
    rvProfile->certificate = cert;
    rvProfile->email = nssUTF8_Duplicate(cert->email, arena);
    rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL);
    if (profileTime) {
	rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL);
    }
    if (profileData) {
	rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL);
    }
    return rvProfile;
loser:
    if (object) nssPKIObject_Destroy(object);
    else if (arena)  nssArena_Destroy(arena);
    return (nssSMIMEProfile *)NULL;
}