diff options
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11slot.c')
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 107 |
1 files changed, 86 insertions, 21 deletions
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index ebe54d495..c44ed9b49 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -419,6 +419,8 @@ PK11_NewSlotInfo(SECMODModule *mod) slot->hasRootCerts = PR_FALSE; slot->hasRootTrust = PR_FALSE; slot->nssToken = NULL; + slot->profileList = NULL; + slot->profileCount = 0; return slot; } @@ -446,6 +448,9 @@ PK11_DestroySlot(PK11SlotInfo *slot) if (slot->mechanismList) { PORT_Free(slot->mechanismList); } + if (slot->profileList) { + PORT_Free(slot->profileList); + } if (slot->isThreadSafe && slot->sessionLock) { PZ_DestroyLock(slot->sessionLock); } @@ -1170,6 +1175,76 @@ PK11_ReadMechanismList(PK11SlotInfo *slot) return SECSuccess; } +static SECStatus +pk11_ReadProfileList(PK11SlotInfo *slot) +{ + CK_ATTRIBUTE findTemp[2]; + CK_ATTRIBUTE *attrs; + CK_BBOOL cktrue = CK_TRUE; + CK_OBJECT_CLASS oclass = CKO_PROFILE; + int tsize; + int objCount; + CK_OBJECT_HANDLE *handles = NULL; + int i; + + attrs = findTemp; + PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); + attrs++; + PK11_SETATTRS(attrs, CKA_CLASS, &oclass, sizeof(oclass)); + attrs++; + tsize = attrs - findTemp; + PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)); + + if (slot->profileList) { + PORT_Free(slot->profileList); + slot->profileList = NULL; + } + slot->profileCount = 0; + + objCount = 0; + handles = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount); + if (handles == NULL) { + if (objCount < 0) { + return SECFailure; /* error code is set */ + } + PORT_Assert(objCount == 0); + return SECSuccess; + } + + slot->profileList = (CK_PROFILE_ID *) + PORT_Alloc(objCount * sizeof(CK_PROFILE_ID)); + if (slot->profileList == NULL) { + PORT_Free(handles); + return SECFailure; /* error code is set */ + } + + for (i = 0; i < objCount; i++) { + CK_ULONG value; + + value = PK11_ReadULongAttribute(slot, handles[i], CKA_PROFILE_ID); + if (value == CK_UNAVAILABLE_INFORMATION) { + continue; + } + slot->profileList[slot->profileCount++] = value; + } + + PORT_Free(handles); + return SECSuccess; +} + +static PRBool +pk11_HasProfile(PK11SlotInfo *slot, CK_PROFILE_ID id) +{ + int i; + + for (i = 0; i < slot->profileCount; i++) { + if (slot->profileList[i] == id) { + return PR_TRUE; + } + } + return PR_FALSE; +} + /* * initialize a new token * unlike initialize slot, this can be called multiple times in the lifetime @@ -1291,6 +1366,11 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) if (status != PR_SUCCESS) return SECFailure; + rv = pk11_ReadProfileList(slot); + if (rv != SECSuccess) { + return SECFailure; + } + if (!(slot->isInternal) && (slot->hasRandom)) { /* if this slot has a random number generater, use it to add entropy * to the internal slot. */ @@ -1439,6 +1519,11 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) slot->slotID = slotID; slot->isThreadSafe = mod->isThreadSafe; slot->hasRSAInfo = PR_FALSE; + slot->module = mod; /* NOTE: we don't make a reference here because + * modules have references to their slots. This + * works because modules keep implicit references + * from their slots, and won't unload and disappear + * until all their slots have been freed */ if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID, &slotInfo) != CKR_OK) { slot->disabled = PR_TRUE; @@ -1448,11 +1533,6 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) /* test to make sure claimed mechanism work */ slot->needTest = mod->internal ? PR_FALSE : PR_TRUE; - slot->module = mod; /* NOTE: we don't make a reference here because - * modules have references to their slots. This - * works because modules keep implicit references - * from their slots, and won't unload and disappear - * until all their slots have been freed */ (void)PK11_MakeString(NULL, slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); @@ -1695,6 +1775,7 @@ PK11_IsFriendly(PK11SlotInfo *slot) { /* internal slot always has public readable certs */ return (PRBool)(slot->isInternal || + pk11_HasProfile(slot, CKP_PUBLIC_CERTIFICATES_TOKEN) || ((slot->defaultFlags & SECMOD_FRIENDLY_FLAG) == SECMOD_FRIENDLY_FLAG)); } @@ -2096,10 +2177,6 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts, SECMODModuleList *modules; SECMODListLock *moduleLock; int i; -#if defined(XP_WIN32) - int j = 0; - PRInt32 waste[16]; -#endif moduleLock = SECMOD_GetDefaultModuleListLock(); if (!moduleLock) { @@ -2124,18 +2201,6 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts, modules = SECMOD_GetDefaultModuleList(); for (mlp = modules; mlp != NULL; mlp = mlp->next) { - -#if defined(XP_WIN32) - /* This is works around some horrible cache/page thrashing problems - ** on Win32. Without this, this loop can take up to 6 seconds at - ** 100% CPU on a Pentium-Pro 200. The thing this changes is to - ** increase the size of the stack frame and modify it. - ** Moving the loop code itself seems to have no effect. - ** Dunno why this combination makes a difference, but it does. - */ - waste[j & 0xf] = j++; -#endif - for (i = 0; i < mlp->module->slotCount; i++) { PK11SlotInfo *slot = mlp->module->slots[i]; |