summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap/pk11slot.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11slot.c')
-rw-r--r--security/nss/lib/pk11wrap/pk11slot.c76
1 files changed, 46 insertions, 30 deletions
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index c44ed9b49..2451c3639 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -4,6 +4,9 @@
/*
* Deal with PKCS #11 Slots.
*/
+
+#include <stddef.h>
+
#include "seccomon.h"
#include "secmod.h"
#include "nssilock.h"
@@ -397,7 +400,7 @@ PK11_NewSlotInfo(SECMODModule *mod)
slot->defRWSession = PR_FALSE;
slot->protectedAuthPath = PR_FALSE;
slot->flags = 0;
- slot->session = CK_INVALID_SESSION;
+ slot->session = CK_INVALID_HANDLE;
slot->slotID = 0;
slot->defaultFlags = 0;
slot->refCount = 1;
@@ -737,22 +740,22 @@ PK11_GetRWSession(PK11SlotInfo *slot)
haveMonitor = PR_TRUE;
}
if (slot->defRWSession) {
- PORT_Assert(slot->session != CK_INVALID_SESSION);
- if (slot->session != CK_INVALID_SESSION)
+ PORT_Assert(slot->session != CK_INVALID_HANDLE);
+ if (slot->session != CK_INVALID_HANDLE)
return slot->session;
}
crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
CKF_RW_SESSION | CKF_SERIAL_SESSION,
slot, pk11_notify, &rwsession);
- PORT_Assert(rwsession != CK_INVALID_SESSION || crv != CKR_OK);
- if (crv != CKR_OK || rwsession == CK_INVALID_SESSION) {
+ PORT_Assert(rwsession != CK_INVALID_HANDLE || crv != CKR_OK);
+ if (crv != CKR_OK || rwsession == CK_INVALID_HANDLE) {
if (crv == CKR_OK)
crv = CKR_DEVICE_ERROR;
if (haveMonitor)
PK11_ExitSlotMonitor(slot);
PORT_SetError(PK11_MapError(crv));
- return CK_INVALID_SESSION;
+ return CK_INVALID_HANDLE;
}
if (slot->defRWSession) { /* we have the monitor */
slot->session = rwsession;
@@ -765,7 +768,7 @@ PK11_RWSessionHasLock(PK11SlotInfo *slot, CK_SESSION_HANDLE session_handle)
{
PRBool hasLock;
hasLock = (PRBool)(!slot->isThreadSafe ||
- (slot->defRWSession && slot->session != CK_INVALID_SESSION));
+ (slot->defRWSession && slot->session != CK_INVALID_HANDLE));
return hasLock;
}
@@ -775,7 +778,7 @@ pk11_RWSessionIsDefault(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
PRBool isDefault;
isDefault = (PRBool)(slot->session == rwsession &&
slot->defRWSession &&
- slot->session != CK_INVALID_SESSION);
+ slot->session != CK_INVALID_HANDLE);
return isDefault;
}
@@ -787,8 +790,8 @@ pk11_RWSessionIsDefault(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
void
PK11_RestoreROSession(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
{
- PORT_Assert(rwsession != CK_INVALID_SESSION);
- if (rwsession != CK_INVALID_SESSION) {
+ PORT_Assert(rwsession != CK_INVALID_HANDLE);
+ if (rwsession != CK_INVALID_HANDLE) {
PRBool doExit = PK11_RWSessionHasLock(slot, rwsession);
if (!pk11_RWSessionIsDefault(slot, rwsession))
PK11_GETTAB(slot)
@@ -1102,16 +1105,16 @@ PK11_MakeString(PLArenaPool *arena, char *space,
*/
PRBool
pk11_MatchString(const char *string,
- const char *staticString, int staticStringLen)
+ const char *staticString, size_t staticStringLen)
{
- int i;
+ size_t i = staticStringLen;
- for (i = (staticStringLen - 1); i >= 0; i--) {
- if (staticString[i] != ' ')
+ /* move i to point to the last space */
+ while (i > 0) {
+ if (staticString[i - 1] != ' ')
break;
+ i--;
}
- /* move i to point to the last space */
- i++;
if (strlen(string) == i && memcmp(string, staticString, i) == 0) {
return PR_TRUE;
@@ -1182,7 +1185,7 @@ pk11_ReadProfileList(PK11SlotInfo *slot)
CK_ATTRIBUTE *attrs;
CK_BBOOL cktrue = CK_TRUE;
CK_OBJECT_CLASS oclass = CKO_PROFILE;
- int tsize;
+ size_t tsize;
int objCount;
CK_OBJECT_HANDLE *handles = NULL;
int i;
@@ -1316,7 +1319,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
}
/* Make sure our session handle is valid */
- if (slot->session == CK_INVALID_SESSION) {
+ if (slot->session == CK_INVALID_HANDLE) {
/* we know we don't have a valid session, go get one */
CK_SESSION_HANDLE session;
@@ -1352,7 +1355,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
slot, pk11_notify, &slot->session);
if (crv != CKR_OK) {
PORT_SetError(PK11_MapError(crv));
- slot->session = CK_INVALID_SESSION;
+ slot->session = CK_INVALID_HANDLE;
if (!slot->isThreadSafe)
PK11_ExitSlotMonitor(slot);
return SECFailure;
@@ -1411,7 +1414,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
/* work around a problem in softoken where it incorrectly
* reports databases opened read only as read/write. */
if (slot->isInternal && !slot->readOnly) {
- CK_SESSION_HANDLE session = CK_INVALID_SESSION;
+ CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
/* try to open a R/W session */
crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
@@ -1483,8 +1486,8 @@ pk11_isRootSlot(PK11SlotInfo *slot)
{
CK_ATTRIBUTE findTemp[1];
CK_ATTRIBUTE *attrs;
- CK_OBJECT_CLASS oclass = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
- int tsize;
+ CK_OBJECT_CLASS oclass = CKO_NSS_BUILTIN_ROOT_LIST;
+ size_t tsize;
CK_OBJECT_HANDLE handle;
attrs = findTemp;
@@ -1592,7 +1595,7 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
}
/* permanent slots are always present */
- if (slot->isPerm && (slot->session != CK_INVALID_SESSION)) {
+ if (slot->isPerm && (slot->session != CK_INVALID_HANDLE)) {
return PR_TRUE;
}
@@ -1610,10 +1613,10 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
}
if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {
/* if the slot is no longer present, close the session */
- if (slot->session != CK_INVALID_SESSION) {
+ if (slot->session != CK_INVALID_HANDLE) {
PK11_GETTAB(slot)
->C_CloseSession(slot->session);
- slot->session = CK_INVALID_SESSION;
+ slot->session = CK_INVALID_HANDLE;
}
if (!slot->isThreadSafe)
PK11_ExitSlotMonitor(slot);
@@ -1622,14 +1625,14 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
/* use the session Info to determine if the card has been removed and then
* re-inserted */
- if (slot->session != CK_INVALID_SESSION) {
+ if (slot->session != CK_INVALID_HANDLE) {
if (slot->isThreadSafe)
PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);
if (crv != CKR_OK) {
PK11_GETTAB(slot)
->C_CloseSession(slot->session);
- slot->session = CK_INVALID_SESSION;
+ slot->session = CK_INVALID_HANDLE;
}
if (slot->isThreadSafe)
PK11_ExitSlotMonitor(slot);
@@ -1638,7 +1641,7 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
PK11_ExitSlotMonitor(slot);
/* card has not been removed, current token info is correct */
- if (slot->session != CK_INVALID_SESSION)
+ if (slot->session != CK_INVALID_HANDLE)
return PR_TRUE;
/* initialize the token info state */
@@ -2113,6 +2116,19 @@ PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
return PR_FALSE;
}
+PRBool pk11_filterSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism,
+ CK_FLAGS mechanismInfoFlags, unsigned int keySize);
+/*
+ * Check that the given mechanism has the appropriate flags. This function
+ * presumes that slot can already do the given mechanism.
+ */
+PRBool
+PK11_DoesMechanismFlag(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+ CK_FLAGS flags)
+{
+ return !pk11_filterSlot(slot, type, flags, 0);
+}
+
/*
* Return true if a token that can do the desired mechanism exists.
* This allows us to have hardware tokens that can do function XYZ magically
@@ -2600,7 +2616,7 @@ SECStatus
PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
{
unsigned char tokenName[32];
- int tokenNameLen;
+ size_t tokenNameLen;
CK_RV crv;
/* reconstruct the token name */
@@ -2621,7 +2637,7 @@ PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
/* first shutdown the token. Existing sessions will get closed here */
PK11_GETTAB(slot)
->C_CloseAllSessions(slot->slotID);
- slot->session = CK_INVALID_SESSION;
+ slot->session = CK_INVALID_HANDLE;
/* now re-init the token */
crv = PK11_GETTAB(slot)->C_InitToken(slot->slotID,
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-02 13:32:14 +0000