summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/softoken/legacydb
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-06-06 21:27:04 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-06-06 21:27:04 +0200
commit4a71b30364a4b6d1eaf16fcfdc8e873e6697f293 (patch)
treea47014077c14579249859ad34afcc5a8f2f0730a /security/nss/lib/softoken/legacydb
parentd7da72799521386c110dbba73b1e483b00a0a56a (diff)
parent2dad0ec41d0b69c0a815012e6ea4bdde81b2875b (diff)
downloadUXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.gz
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.lz
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.xz
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.zip
Merge branch 'NSS-335'
Diffstat (limited to 'security/nss/lib/softoken/legacydb')
-rw-r--r--security/nss/lib/softoken/legacydb/keydb.c8
-rw-r--r--security/nss/lib/softoken/legacydb/lgattr.c12
-rw-r--r--security/nss/lib/softoken/legacydb/lgcreate.c15
-rw-r--r--security/nss/lib/softoken/legacydb/lgfips.c4
-rw-r--r--security/nss/lib/softoken/legacydb/lginit.c4
-rw-r--r--security/nss/lib/softoken/legacydb/lowcert.c2
-rw-r--r--security/nss/lib/softoken/legacydb/lowkey.c7
-rw-r--r--security/nss/lib/softoken/legacydb/lowkeyi.h5
-rw-r--r--security/nss/lib/softoken/legacydb/lowkeyti.h2
-rw-r--r--security/nss/lib/softoken/legacydb/pcertdb.c10
10 files changed, 19 insertions, 50 deletions
diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c
index 178e333ec..b4aa7754b 100644
--- a/security/nss/lib/softoken/legacydb/keydb.c
+++ b/security/nss/lib/softoken/legacydb/keydb.c
@@ -1137,12 +1137,10 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer
namekey.data = pubkey->u.dh.publicValue.data;
namekey.size = pubkey->u.dh.publicValue.len;
break;
-#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
namekey.data = pubkey->u.ec.publicValue.data;
namekey.size = pubkey->u.ec.publicValue.len;
break;
-#endif /* NSS_DISABLE_ECC */
default:
/* XXX We don't do Fortezza or DH yet. */
return PR_FALSE;
@@ -1467,12 +1465,10 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
SECItem *der_item = NULL;
SECItem *cipherText = NULL;
SECItem *dummy = NULL;
-#ifndef NSS_DISABLE_ECC
#ifdef EC_DEBUG
SECItem *fordebug = NULL;
#endif
int savelen;
-#endif
temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (temparena == NULL)
@@ -1548,7 +1544,6 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
goto loser;
}
break;
-#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
lg_prepare_low_ec_priv_key_for_asn1(pk);
/* Public value is encoded as a bit string so adjust length
@@ -1589,7 +1584,6 @@ seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
#endif
break;
-#endif /* NSS_DISABLE_ECC */
default:
/* We don't support DH or Fortezza private keys yet */
PORT_Assert(PR_FALSE);
@@ -1809,7 +1803,6 @@ seckey_decrypt_private_key(SECItem *epki,
lg_nsslowkey_DHPrivateKeyTemplate,
&newPrivateKey);
break;
-#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pk->keyType = NSSLOWKEYECKey;
lg_prepare_low_ec_priv_key_for_asn1(pk);
@@ -1849,7 +1842,6 @@ seckey_decrypt_private_key(SECItem *epki,
}
break;
-#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;
diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c
index 5c2cbdbc6..542b0c968 100644
--- a/security/nss/lib/softoken/legacydb/lgattr.c
+++ b/security/nss/lib/softoken/legacydb/lgattr.c
@@ -133,7 +133,7 @@ lg_CopyAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type,
attr->ulValueLen = (CK_ULONG)-1;
return CKR_BUFFER_TOO_SMALL;
}
- if (value != NULL) {
+ if (len > 0 && value != NULL) {
PORT_Memcpy(attr->pValue, value, len);
}
attr->ulValueLen = len;
@@ -421,11 +421,9 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey)
case NSSLOWKEYDHKey:
pubItem = &pubKey->u.dh.publicValue;
break;
-#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubItem = &pubKey->u.ec.publicValue;
break;
-#endif /* NSS_DISABLE_ECC */
default:
break;
}
@@ -544,7 +542,6 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
return lg_invalidAttribute(attribute);
}
-#ifndef NSS_DISABLE_ECC
static CK_RV
lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute)
@@ -594,7 +591,6 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
}
return lg_invalidAttribute(attribute);
}
-#endif /* NSS_DISABLE_ECC */
static CK_RV
lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -645,10 +641,8 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
return lg_FindDSAPublicKeyAttribute(key, type, attribute);
case NSSLOWKEYDHKey:
return lg_FindDHPublicKeyAttribute(key, type, attribute);
-#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
return lg_FindECPublicKeyAttribute(key, type, attribute);
-#endif /* NSS_DISABLE_ECC */
default:
break;
}
@@ -935,7 +929,6 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
return lg_invalidAttribute(attribute);
}
-#ifndef NSS_DISABLE_ECC
static CK_RV
lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute, SDB *sdbpw)
@@ -973,7 +966,6 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
}
return lg_invalidAttribute(attribute);
}
-#endif /* NSS_DISABLE_ECC */
static CK_RV
lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
@@ -1020,10 +1012,8 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
return lg_FindDSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
case NSSLOWKEYDHKey:
return lg_FindDHPrivateKeyAttribute(key, type, attribute, obj->sdb);
-#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
return lg_FindECPrivateKeyAttribute(key, type, attribute, obj->sdb);
-#endif /* NSS_DISABLE_ECC */
default:
break;
}
diff --git a/security/nss/lib/softoken/legacydb/lgcreate.c b/security/nss/lib/softoken/legacydb/lgcreate.c
index a0d2b2e57..f2b2aa634 100644
--- a/security/nss/lib/softoken/legacydb/lgcreate.c
+++ b/security/nss/lib/softoken/legacydb/lgcreate.c
@@ -398,21 +398,17 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
NSSLOWKEYPrivateKey *priv;
SECItem pubKeySpace = { siBuffer, NULL, 0 };
SECItem *pubKey;
-#ifndef NSS_DISABLE_ECC
SECItem pubKey2Space = { siBuffer, NULL, 0 };
PLArenaPool *arena = NULL;
-#endif /* NSS_DISABLE_ECC */
NSSLOWKEYDBHandle *keyHandle = NULL;
switch (key_type) {
case CKK_RSA:
pubKeyAttr = CKA_MODULUS;
break;
-#ifndef NSS_DISABLE_ECC
case CKK_EC:
pubKeyAttr = CKA_EC_POINT;
break;
-#endif /* NSS_DISABLE_ECC */
case CKK_DSA:
case CKK_DH:
break;
@@ -425,7 +421,6 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
if (crv != CKR_OK)
return crv;
-#ifndef NSS_DISABLE_ECC
if (key_type == CKK_EC) {
SECStatus rv;
/*
@@ -448,7 +443,6 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
pubKey = &pubKey2Space;
}
}
-#endif /* NSS_DISABLE_ECC */
PORT_Assert(pubKey->data);
if (pubKey->data == NULL) {
@@ -469,14 +463,12 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
/* make sure the associated private key already exists */
/* only works if we are logged in */
priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
-#ifndef NSS_DISABLE_ECC
if (priv == NULL && pubKey == &pubKey2Space) {
/* no match on the decoded key, match the original pubkey */
pubKey = &pubKeySpace;
priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey,
sdb /*password*/);
}
-#endif
if (priv == NULL) {
/* the legacy database can only 'store' public keys which already
* have their corresponding private keys in the database */
@@ -490,10 +482,9 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
done:
PORT_Free(pubKeySpace.data);
-#ifndef NSS_DISABLE_ECC
- if (arena)
+ if (arena) {
PORT_FreeArena(arena, PR_FALSE);
-#endif
+ }
return crv;
}
@@ -613,7 +604,6 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
}
break;
-#ifndef NSS_DISABLE_ECC
case CKK_EC:
privKey->keyType = NSSLOWKEYECKey;
crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS, templ, count,
@@ -646,7 +636,6 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
if (rv != SECSuccess)
crv = CKR_HOST_MEMORY;
break;
-#endif /* NSS_DISABLE_ECC */
default:
crv = CKR_KEY_TYPE_INCONSISTENT;
diff --git a/security/nss/lib/softoken/legacydb/lgfips.c b/security/nss/lib/softoken/legacydb/lgfips.c
index b017424db..b991dcf8e 100644
--- a/security/nss/lib/softoken/legacydb/lgfips.c
+++ b/security/nss/lib/softoken/legacydb/lgfips.c
@@ -6,6 +6,8 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
+#ifndef NSS_FIPS_DISABLED
+
#include "seccomon.h"
#include "lgdb.h"
#include "blapi.h"
@@ -113,3 +115,5 @@ lg_FIPSEntryOK()
#endif
return lg_self_tests_success;
}
+
+#endif /* NSS_FIPS_DISABLED */
diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c
index 6913eea50..4f0b53f52 100644
--- a/security/nss/lib/softoken/legacydb/lginit.c
+++ b/security/nss/lib/softoken/legacydb/lginit.c
@@ -586,11 +586,15 @@ legacy_Open(const char *configdir, const char *certPrefix,
#define NSS_VERSION_VARIABLE __nss_dbm_version
#include "verref.h"
+#ifndef NSS_FIPS_DISABLED
if (flags & SDB_FIPS) {
+ /* We shouldn't get here when FIPS is not enabled on the database. But
+ * we also don't care when this NSS build doesn't support FIPS. */
if (!lg_FIPSEntryOK()) {
return CKR_DEVICE_ERROR;
}
}
+#endif
rv = SECOID_Init();
if (SECSuccess != rv) {
diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c
index 2906120ee..5a349f0aa 100644
--- a/security/nss/lib/softoken/legacydb/lowcert.c
+++ b/security/nss/lib/softoken/legacydb/lowcert.c
@@ -823,7 +823,6 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
if (rv == SECSuccess)
return pubk;
break;
-#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pubk->keyType = NSSLOWKEYECKey;
/* Since PKCS#11 directly takes the DER encoding of EC params
@@ -845,7 +844,6 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
if (rv == SECSuccess)
return pubk;
break;
-#endif /* NSS_DISABLE_ECC */
default:
rv = SECFailure;
break;
diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c
index 7de4197a1..a9b7cce3d 100644
--- a/security/nss/lib/softoken/legacydb/lowkey.c
+++ b/security/nss/lib/softoken/legacydb/lowkey.c
@@ -99,8 +99,6 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
{ 0 }
};
-#ifndef NSS_DISABLE_ECC
-
/* NOTE: The SECG specification allows the private key structure
* to contain curve parameters but recommends that they be stored
* in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
@@ -193,7 +191,6 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
loser:
return SECFailure;
}
-#endif /* NSS_DISABLE_ECC */
/*
* See bugzilla bug 125359
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
@@ -243,7 +240,6 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.dh.privateValue.type = siUnsignedInteger;
}
-#ifndef NSS_DISABLE_ECC
void
lg_prepare_low_ecparams_for_asn1(ECParams *params)
{
@@ -260,7 +256,6 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
key->u.ec.privateValue.type = siUnsignedInteger;
key->u.ec.publicValue.type = siUnsignedInteger;
}
-#endif /* NSS_DISABLE_ECC */
void
lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
@@ -362,7 +357,6 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
return pubk;
}
break;
-#ifndef NSS_DISABLE_ECC
case NSSLOWKEYECKey:
pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
sizeof(NSSLOWKEYPublicKey));
@@ -383,7 +377,6 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
return pubk;
}
break;
-#endif /* NSS_DISABLE_ECC */
/* No Fortezza in Low Key implementations (Fortezza keys aren't
* stored in our data base */
default:
diff --git a/security/nss/lib/softoken/legacydb/lowkeyi.h b/security/nss/lib/softoken/legacydb/lowkeyi.h
index 5136b56a5..4a5bcfa91 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyi.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyi.h
@@ -26,10 +26,8 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
-#ifndef NSS_DISABLE_ECC
extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
-#endif /* NSS_DISABLE_ECC */
typedef char *(*NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
@@ -134,7 +132,6 @@ extern char *
nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
SECItem *modulus, SDB *sdb);
-#ifndef NSS_DISABLE_ECC
/*
* smaller version of EC_FillParams. In this code, we only need
* oid and DER data.
@@ -145,7 +142,7 @@ SECStatus LGEC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
/* Copy all of the fields from srcParams into dstParams */
SECStatus LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
const ECParams *srcParams);
-#endif
+
SEC_END_PROTOS
#endif /* _LOWKEYI_H_ */
diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h
index ef92689e0..2fd5d4e29 100644
--- a/security/nss/lib/softoken/legacydb/lowkeyti.h
+++ b/security/nss/lib/softoken/legacydb/lowkeyti.h
@@ -42,10 +42,8 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
-#ifndef NSS_DISABLE_ECC
#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
-#endif /* NSS_DISABLE_ECC */
extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c
index f1444bf04..2e8b650ee 100644
--- a/security/nss/lib/softoken/legacydb/pcertdb.c
+++ b/security/nss/lib/softoken/legacydb/pcertdb.c
@@ -1854,6 +1854,8 @@ DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
&dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
entry->subjectName.len],
entry->smimeOptions.len);
+ } else {
+ entry->smimeOptions.data = NULL;
}
if (entry->optionsDate.len) {
entry->optionsDate.data =
@@ -1868,6 +1870,8 @@ DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
entry->subjectName.len +
entry->smimeOptions.len],
entry->optionsDate.len);
+ } else {
+ entry->optionsDate.data = NULL;
}
/* both options and options date must either exist or not exist */
@@ -2014,7 +2018,7 @@ nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
{
PLArenaPool *arena = NULL;
PLArenaPool *tmparena = NULL;
- certDBEntrySMime *entry;
+ certDBEntrySMime *entry = NULL;
SECItem dbkey;
SECItem dbentry;
SECStatus rv;
@@ -2031,8 +2035,8 @@ nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
goto loser;
}
- entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
- sizeof(certDBEntrySMime));
+ entry = (certDBEntrySMime *)PORT_ArenaZAlloc(arena,
+ sizeof(certDBEntrySMime));
if (entry == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;