diff options
-rw-r--r-- | security/nss/lib/pk11wrap/pk11func.h | 8 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11skey.c | 19 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 24 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/secmodti.h | 2 |
4 files changed, 51 insertions, 2 deletions
diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h index f80d99bda..4747fe6ea 100644 --- a/security/nss/lib/pk11wrap/pk11func.h +++ b/security/nss/lib/pk11wrap/pk11func.h @@ -575,6 +575,14 @@ SECItem * PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem); /********************************************************************** + * Functions to manage secmod flags + **********************************************************************/ +PK11DefaultArrayEntry * PK11_GetDefaultArray(int *); +SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *, PK11DefaultArrayEntry *, + PRBool ); + + +/********************************************************************** * New fucntions which are already depricated.... **********************************************************************/ SECItem * diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index bb8853d0b..1b745aa80 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -5023,8 +5023,23 @@ finish: PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech) { - return pk11_CopyToSlot(PK11_GetSlotFromKey(originalKey), mech, CKA_SIGN, - originalKey); + CK_RV crv; + CK_ATTRIBUTE setTemplate; + CK_BBOOL ckTrue = CK_TRUE; + PK11SlotInfo *slot = originalKey->slot; + + /* first just try to set this key up for signing */ + PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue)); + pk11_EnterKeyMonitor(originalKey); + crv = PK11_GETTAB(slot)-> C_SetAttributeValue(originalKey->session, + originalKey->objectID, &setTemplate, 1); + pk11_ExitKeyMonitor(originalKey); + if (crv == CKR_OK) { + return PK11_ReferenceSymKey(originalKey); + } + + /* nope, doesn't like it, use the pk11 copy object command */ + return pk11_CopyToSlot(slot, mech, CKA_SIGN, originalKey); } char * diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index cb02fb82f..27fb2f392 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -90,6 +90,15 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = { const int num_pk11_default_mechanisms = sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]); +PK11DefaultArrayEntry * +PK11_GetDefaultArray(int *size) +{ + if (size) { + *size = num_pk11_default_mechanisms; + } + return PK11_DefaultArray; +} + /* * These slotlists are lists of modules which provide default support for * a given algorithm or mechanism. @@ -1670,6 +1679,7 @@ PK11_ReadMechanismList(PK11SlotInfo *slot) { CK_ULONG count; CK_RV crv; + int i; if (slot->mechanismList) { PORT_Free(slot->mechanismList); @@ -1701,6 +1711,14 @@ PK11_ReadMechanismList(PK11SlotInfo *slot) return SECSuccess; } slot->mechanismCount = count; + PORT_Memset(slot->mechanismBits, 0, sizeof(slot->mechanismBits)); + + for (i=0; i < count; i++) { + CK_MECHANISM_TYPE mech = slot->mechanismList[i]; + if (mech < 0x7ff) { + slot->mechanismBits[mech & 0xff] |= 1 << (mech >> 8); + } + } return SECSuccess; } @@ -2457,6 +2475,12 @@ PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type) return slot->hasRandom; } + /* for most mechanism, bypass the linear lookup */ + if (type < 0x7ff) { + return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8))) ? + PR_TRUE : PR_FALSE; + } + for (i=0; i < (int) slot->mechanismCount; i++) { if (slot->mechanismList[i] == type) return PR_TRUE; } diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h index af7cc32e7..9973b3796 100644 --- a/security/nss/lib/pk11wrap/secmodti.h +++ b/security/nss/lib/pk11wrap/secmodti.h @@ -135,6 +135,8 @@ struct PK11SlotInfoStr { unsigned int lastState; /* for Stan */ NSSToken *nssToken; + /* fast mechanism lookup */ + char mechanismBits[256]; }; /* Symetric Key structure. Reference Counted */ |