From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 6 Feb 2018 11:46:26 +0100 Subject: Update NSS to 3.32.1-RTM --- security/nss/lib/pki/cryptocontext.c | 57 +++++++++++++++++++----------------- security/nss/lib/pki/nsspki.h | 12 ++++++++ security/nss/lib/pki/pki3hack.c | 2 ++ security/nss/lib/pki/trustdomain.c | 36 ++++++++++++++++++++++- 4 files changed, 79 insertions(+), 28 deletions(-) (limited to 'security/nss/lib/pki') diff --git a/security/nss/lib/pki/cryptocontext.c b/security/nss/lib/pki/cryptocontext.c index 074eb7435..0ec4f2f9b 100644 --- a/security/nss/lib/pki/cryptocontext.c +++ b/security/nss/lib/pki/cryptocontext.c @@ -47,7 +47,10 @@ NSS_IMPLEMENT PRStatus NSSCryptoContext_Destroy(NSSCryptoContext *cc) { PRStatus status = PR_SUCCESS; - PORT_Assert(cc->certStore); + PORT_Assert(cc && cc->certStore); + if (!cc) { + return PR_FAILURE; + } if (cc->certStore) { status = nssCertificateStore_Destroy(cc->certStore); if (status == PR_FAILURE) { @@ -93,8 +96,8 @@ NSSCryptoContext_FindOrImportCertificate( { NSSCertificate *rvCert = NULL; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { nss_SetError(NSS_ERROR_INVALID_ARGUMENT); return rvCert; } @@ -146,8 +149,8 @@ nssCryptoContext_ImportTrust( NSSTrust *trust) { PRStatus nssrv; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return PR_FAILURE; } nssrv = nssCertificateStore_AddTrust(cc->certStore, trust); @@ -165,8 +168,8 @@ nssCryptoContext_ImportSMIMEProfile( nssSMIMEProfile *profile) { PRStatus nssrv; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return PR_FAILURE; } nssrv = nssCertificateStore_AddSMIMEProfile(cc->certStore, profile); @@ -189,8 +192,8 @@ NSSCryptoContext_FindBestCertificateByNickname( { NSSCertificate **certs; NSSCertificate *rvCert = NULL; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore, @@ -215,8 +218,8 @@ NSSCryptoContext_FindCertificatesByNickname( NSSArena *arenaOpt) { NSSCertificate **rvCerts; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } rvCerts = nssCertificateStore_FindCertificatesByNickname(cc->certStore, @@ -233,8 +236,8 @@ NSSCryptoContext_FindCertificateByIssuerAndSerialNumber( NSSDER *issuer, NSSDER *serialNumber) { - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } return nssCertificateStore_FindCertificateByIssuerAndSerialNumber( @@ -253,8 +256,8 @@ NSSCryptoContext_FindBestCertificateBySubject( { NSSCertificate **certs; NSSCertificate *rvCert = NULL; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } certs = nssCertificateStore_FindCertificatesBySubject(cc->certStore, @@ -279,8 +282,8 @@ nssCryptoContext_FindCertificatesBySubject( NSSArena *arenaOpt) { NSSCertificate **rvCerts; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } rvCerts = nssCertificateStore_FindCertificatesBySubject(cc->certStore, @@ -333,8 +336,8 @@ NSSCryptoContext_FindCertificateByEncodedCertificate( NSSCryptoContext *cc, NSSBER *encodedCertificate) { - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } return nssCertificateStore_FindCertificateByEncodedCertificate( @@ -353,8 +356,8 @@ NSSCryptoContext_FindBestCertificateByEmail( NSSCertificate **certs; NSSCertificate *rvCert = NULL; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore, @@ -379,8 +382,8 @@ NSSCryptoContext_FindCertificatesByEmail( NSSArena *arenaOpt) { NSSCertificate **rvCerts; - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } rvCerts = nssCertificateStore_FindCertificatesByEmail(cc->certStore, @@ -488,8 +491,8 @@ nssCryptoContext_FindTrustForCertificate( NSSCryptoContext *cc, NSSCertificate *cert) { - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } return nssCertificateStore_FindTrustForCertificate(cc->certStore, cert); @@ -500,8 +503,8 @@ nssCryptoContext_FindSMIMEProfileForCertificate( NSSCryptoContext *cc, NSSCertificate *cert) { - PORT_Assert(cc->certStore); - if (!cc->certStore) { + PORT_Assert(cc && cc->certStore); + if (!cc || !cc->certStore) { return NULL; } return nssCertificateStore_FindSMIMEProfileForCertificate(cc->certStore, diff --git a/security/nss/lib/pki/nsspki.h b/security/nss/lib/pki/nsspki.h index 28780c375..0ecec0826 100644 --- a/security/nss/lib/pki/nsspki.h +++ b/security/nss/lib/pki/nsspki.h @@ -23,6 +23,8 @@ #include "base.h" #endif /* BASE_H */ +#include "pkcs11uri.h" + PR_BEGIN_EXTERN_C /* @@ -1301,6 +1303,16 @@ NSSTrustDomain_IsTokenEnabled( NSSToken *token, NSSError *whyOpt); +/* + * NSSTrustDomain_FindTokensByURI + * + */ + +NSS_EXTERN NSSToken ** +NSSTrustDomain_FindTokensByURI( + NSSTrustDomain *td, + PK11URI *uri); + /* * NSSTrustDomain_FindSlotByName * diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 0826b7f5e..548853970 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -831,8 +831,10 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced cc->dbhandle = c->object.trustDomain; /* subjectList ? */ /* istemp and isperm are supported in NSS 3.4 */ + CERT_LockCertTempPerm(cc); cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */ cc->isperm = PR_TRUE; /* by default */ + CERT_UnlockCertTempPerm(cc); /* pointer back */ cc->nssCertificate = c; if (trust) { diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index 49f7dc5ba..151b88875 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -14,6 +14,7 @@ #include "pki3hack.h" #include "pk11pub.h" #include "nssrwlk.h" +#include "pk11priv.h" #define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32 @@ -234,6 +235,37 @@ NSSTrustDomain_FindSlotByName( return NULL; } +NSS_IMPLEMENT NSSToken ** +NSSTrustDomain_FindTokensByURI( + NSSTrustDomain *td, + PK11URI *uri) +{ + NSSToken *tok = NULL; + PK11SlotInfo *slotinfo; + NSSToken **tokens; + int count, i = 0; + + NSSRWLock_LockRead(td->tokensLock); + count = nssList_Count(td->tokenList); + tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1); + if (!tokens) { + return NULL; + } + for (tok = (NSSToken *)nssListIterator_Start(td->tokens); + tok != (NSSToken *)NULL; + tok = (NSSToken *)nssListIterator_Next(td->tokens)) { + if (nssToken_IsPresent(tok)) { + slotinfo = tok->pk11slot; + if (pk11_MatchUriTokenInfo(slotinfo, uri)) + tokens[i++] = nssToken_AddRef(tok); + } + } + tokens[i] = NULL; + nssListIterator_Finish(td->tokens); + NSSRWLock_UnlockRead(td->tokensLock); + return tokens; +} + NSS_IMPLEMENT NSSToken * NSSTrustDomain_FindTokenByName( NSSTrustDomain *td, @@ -248,8 +280,10 @@ NSSTrustDomain_FindTokenByName( tok = (NSSToken *)nssListIterator_Next(td->tokens)) { if (nssToken_IsPresent(tok)) { myName = nssToken_GetName(tok); - if (nssUTF8_Equal(tokenName, myName, &nssrv)) + if (nssUTF8_Equal(tokenName, myName, &nssrv)) { + tok = nssToken_AddRef(tok); break; + } } } nssListIterator_Finish(td->tokens); -- cgit v1.2.3