summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/softoken
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
commitf017b749ea9f1586d2308504553d40bf4cc5439d (patch)
treec6033924a0de9be1ab140596e305898c651bf57e /security/nss/lib/softoken
parent7c728b3c7680662fc4e92b5d03697b8339560b08 (diff)
downloadUXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/lib/softoken')
-rw-r--r--security/nss/lib/softoken/fipstokn.c2
-rw-r--r--security/nss/lib/softoken/legacydb/dbmshim.c61
-rw-r--r--security/nss/lib/softoken/legacydb/legacydb.gyp2
-rw-r--r--security/nss/lib/softoken/legacydb/pcertdb.c11
-rw-r--r--security/nss/lib/softoken/lowpbe.c11
-rw-r--r--security/nss/lib/softoken/pkcs11.c20
-rw-r--r--security/nss/lib/softoken/pkcs11c.c71
-rw-r--r--security/nss/lib/softoken/pkcs11u.c6
-rw-r--r--security/nss/lib/softoken/sdb.c4
-rw-r--r--security/nss/lib/softoken/softkver.h6
-rw-r--r--security/nss/lib/softoken/softoken.gyp72
-rw-r--r--security/nss/lib/softoken/softoken.h2
12 files changed, 147 insertions, 121 deletions
diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c
index 12ff77cf8..fd4fd4207 100644
--- a/security/nss/lib/softoken/fipstokn.c
+++ b/security/nss/lib/softoken/fipstokn.c
@@ -36,7 +36,7 @@
#ifdef LINUX
#include <pthread.h>
#include <dlfcn.h>
-#define LIBAUDIT_NAME "libaudit.so.0"
+#define LIBAUDIT_NAME "libaudit.so.1"
#ifndef AUDIT_CRYPTO_TEST_USER
#define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */
#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
diff --git a/security/nss/lib/softoken/legacydb/dbmshim.c b/security/nss/lib/softoken/legacydb/dbmshim.c
index ae498faea..cca24bc6b 100644
--- a/security/nss/lib/softoken/legacydb/dbmshim.c
+++ b/security/nss/lib/softoken/legacydb/dbmshim.c
@@ -47,9 +47,6 @@ struct DBSStr {
char *blobdir;
int mode;
PRBool readOnly;
- PRFileMap *dbs_mapfile;
- unsigned char *dbs_addr;
- PRUint32 dbs_len;
char staticBlobArea[BLOB_BUF_LEN];
};
@@ -244,43 +241,6 @@ loser:
}
/*
- * we need to keep a address map in memory between calls to DBM.
- * remember what we have mapped can close it when we get another dbm
- * call.
- *
- * NOTE: Not all platforms support mapped files. This code is designed to
- * detect this at runtime. If map files aren't supported the OS will indicate
- * this by failing the PR_Memmap call. In this case we emulate mapped files
- * by just reading in the file into regular memory. We signal this state by
- * making dbs_mapfile NULL and dbs_addr non-NULL.
- */
-
-static void
-dbs_freemap(DBS *dbsp)
-{
- if (dbsp->dbs_mapfile) {
- PR_MemUnmap(dbsp->dbs_addr, dbsp->dbs_len);
- PR_CloseFileMap(dbsp->dbs_mapfile);
- dbsp->dbs_mapfile = NULL;
- dbsp->dbs_addr = NULL;
- dbsp->dbs_len = 0;
- } else if (dbsp->dbs_addr) {
- PORT_Free(dbsp->dbs_addr);
- dbsp->dbs_addr = NULL;
- dbsp->dbs_len = 0;
- }
- return;
-}
-
-static void
-dbs_setmap(DBS *dbsp, PRFileMap *mapfile, unsigned char *addr, PRUint32 len)
-{
- dbsp->dbs_mapfile = mapfile;
- dbsp->dbs_addr = addr;
- dbsp->dbs_len = len;
-}
-
-/*
* platforms that cannot map the file need to read it into a temp buffer.
*/
static unsigned char *
@@ -317,7 +277,6 @@ dbs_readBlob(DBS *dbsp, DBT *data)
{
char *file = NULL;
PRFileDesc *filed = NULL;
- PRFileMap *mapfile = NULL;
unsigned char *addr = NULL;
int error;
int len = -1;
@@ -344,7 +303,6 @@ dbs_readBlob(DBS *dbsp, DBT *data)
goto loser;
}
PR_Close(filed);
- dbs_setmap(dbsp, mapfile, addr, len);
data->data = addr;
data->size = len;
@@ -353,9 +311,6 @@ dbs_readBlob(DBS *dbsp, DBT *data)
loser:
/* preserve the error code */
error = PR_GetError();
- if (mapfile) {
- PR_CloseFileMap(mapfile);
- }
if (filed) {
PR_Close(filed);
}
@@ -373,8 +328,6 @@ dbs_get(const DB *dbs, const DBT *key, DBT *data, unsigned int flags)
DBS *dbsp = (DBS *)dbs;
DB *db = (DB *)dbs->internal;
- dbs_freemap(dbsp);
-
ret = (*db->get)(db, key, data, flags);
if ((ret == 0) && dbs_IsBlob(data)) {
ret = dbs_readBlob(dbsp, data);
@@ -391,8 +344,6 @@ dbs_put(const DB *dbs, DBT *key, const DBT *data, unsigned int flags)
DBS *dbsp = (DBS *)dbs;
DB *db = (DB *)dbs->internal;
- dbs_freemap(dbsp);
-
/* If the db is readonly, just pass the data down to rdb and let it fail */
if (!dbsp->readOnly) {
DBT oldData;
@@ -425,10 +376,6 @@ static int
dbs_sync(const DB *dbs, unsigned int flags)
{
DB *db = (DB *)dbs->internal;
- DBS *dbsp = (DBS *)dbs;
-
- dbs_freemap(dbsp);
-
return (*db->sync)(db, flags);
}
@@ -439,8 +386,6 @@ dbs_del(const DB *dbs, const DBT *key, unsigned int flags)
DBS *dbsp = (DBS *)dbs;
DB *db = (DB *)dbs->internal;
- dbs_freemap(dbsp);
-
if (!dbsp->readOnly) {
DBT oldData;
ret = (*db->get)(db, key, &oldData, 0);
@@ -459,8 +404,6 @@ dbs_seq(const DB *dbs, DBT *key, DBT *data, unsigned int flags)
DBS *dbsp = (DBS *)dbs;
DB *db = (DB *)dbs->internal;
- dbs_freemap(dbsp);
-
ret = (*db->seq)(db, key, data, flags);
if ((ret == 0) && dbs_IsBlob(data)) {
/* don't return a blob read as an error so traversals keep going */
@@ -477,7 +420,6 @@ dbs_close(DB *dbs)
DB *db = (DB *)dbs->internal;
int ret;
- dbs_freemap(dbsp);
ret = (*db->close)(db);
PORT_Free(dbsp->blobdir);
PORT_Free(dbsp);
@@ -568,9 +510,6 @@ dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
}
dbsp->mode = mode;
dbsp->readOnly = (PRBool)(flags == NO_RDONLY);
- dbsp->dbs_mapfile = NULL;
- dbsp->dbs_addr = NULL;
- dbsp->dbs_len = 0;
/* the real dbm call */
db = dbopen(dbname, flags, mode, type, &dbs_hashInfo);
diff --git a/security/nss/lib/softoken/legacydb/legacydb.gyp b/security/nss/lib/softoken/legacydb/legacydb.gyp
index 6431fb5c1..34c0235bd 100644
--- a/security/nss/lib/softoken/legacydb/legacydb.gyp
+++ b/security/nss/lib/softoken/legacydb/legacydb.gyp
@@ -57,7 +57,7 @@
'defines': [
'SHLIB_SUFFIX=\"<(dll_suffix)\"',
'SHLIB_PREFIX=\"<(dll_prefix)\"',
- 'LG_LIB_NAME=\"libnssdbm3.so\"'
+ 'LG_LIB_NAME=\"<(dll_prefix)nssdbm3.<(dll_suffix)\"'
]
},
'variables': {
diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c
index 65da51687..f1444bf04 100644
--- a/security/nss/lib/softoken/legacydb/pcertdb.c
+++ b/security/nss/lib/softoken/legacydb/pcertdb.c
@@ -733,6 +733,12 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
entry->derCert.len += lenoff;
}
+ /* Is data long enough? */
+ if (dbentry->len < headerlen + entry->derCert.len) {
+ PORT_SetError(SEC_ERROR_BAD_DATABASE);
+ goto loser;
+ }
+
/* copy the dercert */
entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen],
entry->derCert.len, entry->derCertSpace, sizeof(entry->derCertSpace));
@@ -743,6 +749,11 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
/* copy the nickname */
if (nnlen > 1) {
+ /* Is data long enough? */
+ if (dbentry->len < headerlen + entry->derCert.len + nnlen) {
+ PORT_SetError(SEC_ERROR_BAD_DATABASE);
+ goto loser;
+ }
entry->nickname = (char *)pkcs11_copyStaticData(
&dbentry->data[headerlen + entry->derCert.len], nnlen,
(unsigned char *)entry->nicknameSpace,
diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c
index b78302ed7..0a47804bf 100644
--- a/security/nss/lib/softoken/lowpbe.c
+++ b/security/nss/lib/softoken/lowpbe.c
@@ -408,7 +408,6 @@ loser:
return result;
}
-#define HMAC_BUFFER 64
#define NSSPBE_ROUNDUP(x, y) ((((x) + ((y)-1)) / (y)) * (y))
#define NSSPBE_MIN(x, y) ((x) < (y) ? (x) : (y))
/*
@@ -430,6 +429,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject,
int iter;
unsigned char *iterBuf;
void *hash = NULL;
+ unsigned int bufferLength;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
@@ -439,8 +439,11 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject,
/* how many hash object lengths are needed */
c = (bytesNeeded + (hashLength - 1)) / hashLength;
+ /* 64 if 0 < hashLength <= 32, 128 if 32 < hashLength <= 64 */
+ bufferLength = NSSPBE_ROUNDUP(hashLength * 2, 64);
+
/* initialize our buffers */
- D.len = HMAC_BUFFER;
+ D.len = bufferLength;
/* B and D are the same length, use one alloc go get both */
D.data = (unsigned char *)PORT_ArenaZAlloc(arena, D.len * 2);
B.len = D.len;
@@ -452,8 +455,8 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject,
goto loser;
}
- SLen = NSSPBE_ROUNDUP(salt->len, HMAC_BUFFER);
- PLen = NSSPBE_ROUNDUP(pwitem->len, HMAC_BUFFER);
+ SLen = NSSPBE_ROUNDUP(salt->len, bufferLength);
+ PLen = NSSPBE_ROUNDUP(pwitem->len, bufferLength);
I.len = SLen + PLen;
I.data = (unsigned char *)PORT_ArenaZAlloc(arena, I.len);
if (I.data == NULL) {
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index ee255cf21..a594fd501 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -480,6 +480,10 @@ static const struct mechanismList mechanisms[] = {
{ CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, { 20, 20, CKF_GENERATE }, PR_TRUE },
{ CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
{ CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
+ { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 28, 28, CKF_GENERATE }, PR_TRUE },
+ { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
+ { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE },
+ { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE },
/* ------------------ AES Key Wrap (also encrypt) ------------------- */
{ CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
{ CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
@@ -3145,9 +3149,11 @@ nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS)
* this call doesn't force freebl to be reloaded. */
BL_SetForkState(PR_FALSE);
+#ifndef NSS_TEST_BUILD
/* unload freeBL shared library from memory. This may only decrement the
* OS refcount if it's been loaded multiple times, eg. by libssl */
BL_Unload();
+#endif
/* clean up the default OID table */
SECOID_Shutdown();
@@ -4757,7 +4763,7 @@ sftk_pruneSearch(CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount,
static CK_RV
sftk_searchTokenList(SFTKSlot *slot, SFTKSearchResults *search,
CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount,
- PRBool *tokenOnly, PRBool isLoggedIn)
+ PRBool isLoggedIn)
{
CK_RV crv = CKR_OK;
CK_RV crv2;
@@ -4792,7 +4798,6 @@ NSC_FindObjectsInit(CK_SESSION_HANDLE hSession,
SFTKSearchResults *search = NULL, *freeSearch = NULL;
SFTKSession *session = NULL;
SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
- PRBool tokenOnly = PR_FALSE;
CK_RV crv = CKR_OK;
PRBool isLoggedIn;
@@ -4823,18 +4828,15 @@ NSC_FindObjectsInit(CK_SESSION_HANDLE hSession,
search->array_size = NSC_SEARCH_BLOCK_SIZE;
isLoggedIn = (PRBool)((!slot->needLogin) || slot->isLoggedIn);
- crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, &tokenOnly,
- isLoggedIn);
+ crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, isLoggedIn);
if (crv != CKR_OK) {
goto loser;
}
/* build list of found objects in the session */
- if (!tokenOnly) {
- crv = sftk_searchObjectList(search, slot->sessObjHashTable,
- slot->sessObjHashSize, slot->objectLock,
- pTemplate, ulCount, isLoggedIn);
- }
+ crv = sftk_searchObjectList(search, slot->sessObjHashTable,
+ slot->sessObjHashSize, slot->objectLock,
+ pTemplate, ulCount, isLoggedIn);
if (crv != CKR_OK) {
goto loser;
}
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 5c696115b..0234aa431 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -2639,6 +2639,11 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
#define INIT_HMAC_MECH(mmm) \
case CKM_##mmm##_HMAC_GENERAL: \
+ PORT_Assert(pMechanism->pParameter); \
+ if (!pMechanism->pParameter) { \
+ crv = CKR_MECHANISM_PARAM_INVALID; \
+ break; \
+ } \
crv = sftk_doHMACInit(context, HASH_Alg##mmm, key, \
*(CK_ULONG *)pMechanism->pParameter); \
break; \
@@ -2654,6 +2659,11 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
INIT_HMAC_MECH(SHA512)
case CKM_SHA_1_HMAC_GENERAL:
+ PORT_Assert(pMechanism->pParameter);
+ if (!pMechanism->pParameter) {
+ crv = CKR_MECHANISM_PARAM_INVALID;
+ break;
+ }
crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
@@ -2662,10 +2672,20 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
break;
case CKM_SSL3_MD5_MAC:
+ PORT_Assert(pMechanism->pParameter);
+ if (!pMechanism->pParameter) {
+ crv = CKR_MECHANISM_PARAM_INVALID;
+ break;
+ }
crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
case CKM_SSL3_SHA1_MAC:
+ PORT_Assert(pMechanism->pParameter);
+ if (!pMechanism->pParameter) {
+ crv = CKR_MECHANISM_PARAM_INVALID;
+ break;
+ }
crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
@@ -3314,6 +3334,11 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
INIT_HMAC_MECH(SHA512)
case CKM_SHA_1_HMAC_GENERAL:
+ PORT_Assert(pMechanism->pParameter);
+ if (!pMechanism->pParameter) {
+ crv = CKR_MECHANISM_PARAM_INVALID;
+ break;
+ }
crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
@@ -3322,10 +3347,20 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
break;
case CKM_SSL3_MD5_MAC:
+ PORT_Assert(pMechanism->pParameter);
+ if (!pMechanism->pParameter) {
+ crv = CKR_MECHANISM_PARAM_INVALID;
+ break;
+ }
crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
case CKM_SSL3_SHA1_MAC:
+ PORT_Assert(pMechanism->pParameter);
+ if (!pMechanism->pParameter) {
+ crv = CKR_MECHANISM_PARAM_INVALID;
+ break;
+ }
crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
@@ -3971,6 +4006,22 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe)
params->hashType = HASH_AlgMD2;
params->keyLen = 16;
break;
+ case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
+ params->hashType = HASH_AlgSHA224;
+ params->keyLen = 28;
+ break;
+ case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
+ params->hashType = HASH_AlgSHA256;
+ params->keyLen = 32;
+ break;
+ case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
+ params->hashType = HASH_AlgSHA384;
+ params->keyLen = 48;
+ break;
+ case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
+ params->hashType = HASH_AlgSHA512;
+ params->keyLen = 64;
+ break;
default:
PORT_FreeArena(arena, PR_TRUE);
return CKR_MECHANISM_INVALID;
@@ -4189,6 +4240,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSession,
case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+ case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
+ case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
+ case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
+ case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
key_gen_type = nsc_pbe;
key_type = CKK_GENERIC_SECRET;
crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param);
@@ -5571,6 +5626,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
keyTemplate = nsslowkey_RSAPrivateKeyTemplate;
paramTemplate = NULL;
paramDest = NULL;
@@ -7222,12 +7278,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
pubKeyLen = EC_GetPointSize(&privKey->u.ec.ecParams);
- /* if the len is too small, can't be a valid point */
- if (ecPoint.len < pubKeyLen) {
- goto ec_loser;
- }
- /* if the len is too large, must be an encoded point (length is
- * equal case just falls through */
+ /* if the len is too large, might be an encoded point */
if (ecPoint.len > pubKeyLen) {
SECItem newPoint;
@@ -7247,14 +7298,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) {
withCofactor = PR_TRUE;
- } else {
- /* When not using cofactor derivation, one should
- * validate the public key to avoid small subgroup
- * attacks.
- */
- if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) != SECSuccess) {
- goto ec_loser;
- }
}
rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar,
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index a5694ee38..c51211b6c 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -1649,10 +1649,8 @@ sftk_searchObjectList(SFTKSearchResults *search, SFTKObject **head,
SFTKObject *object;
CK_RV crv = CKR_OK;
+ PZ_Lock(lock);
for (i = 0; i < size; i++) {
- /* We need to hold the lock to copy a consistant version of
- * the linked list. */
- PZ_Lock(lock);
for (object = head[i]; object != NULL; object = object->next) {
if (sftk_objectMatch(object, theTemplate, count)) {
/* don't return objects that aren't yet visible */
@@ -1661,8 +1659,8 @@ sftk_searchObjectList(SFTKSearchResults *search, SFTKObject **head,
sftk_addHandle(search, object->handle);
}
}
- PZ_Unlock(lock);
}
+ PZ_Unlock(lock);
return crv;
}
diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c
index 0e321dd52..8690df34c 100644
--- a/security/nss/lib/softoken/sdb.c
+++ b/security/nss/lib/softoken/sdb.c
@@ -674,8 +674,8 @@ struct SDBFindStr {
sqlite3_stmt *findstmt;
};
-static const char FIND_OBJECTS_CMD[] = "SELECT ALL * FROM %s WHERE %s;";
-static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL * FROM %s;";
+static const char FIND_OBJECTS_CMD[] = "SELECT ALL id FROM %s WHERE %s;";
+static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL id FROM %s;";
CK_RV
sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count,
SDBFind **find)
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index cc46891a4..fb2e5bda5 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -21,10 +21,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.28.6" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.32.1" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
-#define SOFTOKEN_VMINOR 28
-#define SOFTOKEN_VPATCH 6
+#define SOFTOKEN_VMINOR 32
+#define SOFTOKEN_VPATCH 1
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
diff --git a/security/nss/lib/softoken/softoken.gyp b/security/nss/lib/softoken/softoken.gyp
index 8d72e60c5..ba917cfc8 100644
--- a/security/nss/lib/softoken/softoken.gyp
+++ b/security/nss/lib/softoken/softoken.gyp
@@ -7,35 +7,65 @@
],
'targets': [
{
- 'target_name': 'softokn',
+ 'target_name': 'softokn_static',
'type': 'static_library',
- 'sources': [
- 'fipsaudt.c',
- 'fipstest.c',
- 'fipstokn.c',
- 'jpakesftk.c',
- 'lgglue.c',
- 'lowkey.c',
- 'lowpbe.c',
- 'padbuf.c',
- 'pkcs11.c',
- 'pkcs11c.c',
- 'pkcs11u.c',
- 'sdb.c',
- 'sftkdb.c',
- 'sftkhmac.c',
- 'sftkpars.c',
- 'sftkpwd.c',
- 'softkver.c',
- 'tlsprf.c'
+ 'defines': [
+ 'NSS_TEST_BUILD',
+ ],
+ 'dependencies': [
+ 'softokn_base',
+ '<(DEPTH)/exports.gyp:nss_exports',
+ '<(DEPTH)/lib/freebl/freebl.gyp:freebl_static',
+ ],
+ 'conditions': [
+ [ 'use_system_sqlite==1', {
+ 'dependencies': [
+ '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+ ],
+ }, {
+ 'dependencies': [
+ '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite',
+ ],
+ }],
],
+ },
+ {
+ 'target_name': 'softokn',
+ 'type': 'static_library',
'dependencies': [
+ 'softokn_base',
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
'<(DEPTH)/lib/freebl/freebl.gyp:freebl',
]
},
{
+ 'target_name': 'softokn_base',
+ 'type': 'none',
+ 'direct_dependent_settings': {
+ 'sources': [
+ 'fipsaudt.c',
+ 'fipstest.c',
+ 'fipstokn.c',
+ 'jpakesftk.c',
+ 'lgglue.c',
+ 'lowkey.c',
+ 'lowpbe.c',
+ 'padbuf.c',
+ 'pkcs11.c',
+ 'pkcs11c.c',
+ 'pkcs11u.c',
+ 'sdb.c',
+ 'sftkdb.c',
+ 'sftkhmac.c',
+ 'sftkpars.c',
+ 'sftkpwd.c',
+ 'softkver.c',
+ 'tlsprf.c'
+ ],
+ },
+ },
+ {
'target_name': 'softokn3',
'type': 'shared_library',
'dependencies': [
@@ -61,7 +91,7 @@
'defines': [
'SHLIB_SUFFIX=\"<(dll_suffix)\"',
'SHLIB_PREFIX=\"<(dll_prefix)\"',
- 'SOFTOKEN_LIB_NAME=\"libsoftokn3.so\"',
+ 'SOFTOKEN_LIB_NAME=\"<(dll_prefix)softokn3.<(dll_suffix)\"',
'SHLIB_VERSION=\"3\"'
]
},
diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h
index 0e943d3cb..4626e7849 100644
--- a/security/nss/lib/softoken/softoken.h
+++ b/security/nss/lib/softoken/softoken.h
@@ -183,7 +183,7 @@ extern PRBool sftk_fatalError;
#define CHECK_FORK_MIXED
-#elif defined(LINUX)
+#elif defined(LINUX) || defined(__GLIBC__) || defined(FREEBSD) || defined(OPENBSD)
#define CHECK_FORK_PTHREAD