summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2007-05-06 13:40:52 +0000
committerStef Walter <stef@memberwebs.com>2007-05-06 13:40:52 +0000
commit80ca168a6b656dfc7bcc0cc32e90391b66b6bf4c (patch)
tree61a23ca635748acfa8d23a98105494ad575bc4f1
parent8ae74e82e50a2e4e7e48b6a25aad42fadfbcfaca (diff)
Complete trust for Mozilla.
-rw-r--r--ckcapi-builtin.c6
-rw-r--r--ckcapi-cert.c12
-rw-r--r--ckcapi-object.c30
-rw-r--r--ckcapi-session.c12
-rw-r--r--ckcapi-trust.c13
-rw-r--r--ckcapi.h6
6 files changed, 44 insertions, 35 deletions
diff --git a/ckcapi-builtin.c b/ckcapi-builtin.c
index ad70ea2..b4a7e3f 100644
--- a/ckcapi-builtin.c
+++ b/ckcapi-builtin.c
@@ -103,7 +103,7 @@ builtin_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objd
return CKR_OBJECT_HANDLE_INVALID;
objdata->data = (void*)all_builtins[bobj->builtin_index];
- objdata->data_funcs = builtin_objdata_vtable;
+ objdata->data_funcs = &builtin_objdata_vtable;
return CKR_OK;
}
@@ -136,7 +136,7 @@ register_builtin_object(CkCapiSession* sess, CK_ULONG index, CkCapiObject** obj)
bobj->builtin_index = index;
bobj->obj.id = 0;
- bobj->obj.obj_funcs = builtin_object_vtable;
+ bobj->obj.obj_funcs = &builtin_object_vtable;
bobj->obj.unique_key = UNIQUE_KEY_AT(bobj, otype);
bobj->obj.unique_len = UNIQUE_KEY_LEN(bobj, otype, builtin_index);
@@ -173,7 +173,7 @@ ckcapi_builtin_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR m
for(i = 0; i < num_builtins; ++i)
{
objdata.data = (void*)all_builtins[i];
- objdata.data_funcs = builtin_objdata_vtable;
+ objdata.data_funcs = &builtin_objdata_vtable;
if(ckcapi_object_data_match(&objdata, match, count))
{
diff --git a/ckcapi-cert.c b/ckcapi-cert.c
index 887fefb..501f2a2 100644
--- a/ckcapi-cert.c
+++ b/ckcapi-cert.c
@@ -405,7 +405,7 @@ cert_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdata
* certificate object is a CERT_CONTEXT pointer.
*/
objdata->data = (void*)cert;
- objdata->data_funcs = cert_objdata_vtable;
+ objdata->data_funcs = &cert_objdata_vtable;
return CKR_OK;
}
@@ -448,7 +448,7 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert
cobj->obj.id = 0;
cobj->obj.unique_key = UNIQUE_KEY_AT(cobj, otype);
cobj->obj.unique_len = UNIQUE_KEY_VAR_LEN(cobj, otype, cert_data, len);
- cobj->obj.obj_funcs = cert_object_vtable;
+ cobj->obj.obj_funcs = &cert_object_vtable;
/* Copy Issuer data in */
cobj->issuer.cbData = cert->pCertInfo->Issuer.cbData;
@@ -481,6 +481,10 @@ clear_object_data_for_store(CkCapiSession* sess, CkCapiObject* obj,
const char* store = (const char*) arg;
CertObject *cobj = (CertObject*)obj;
+ // Is it one of ours?
+ if(obj->obj_funcs != &cert_object_vtable)
+ return;
+
if(strcmp(cobj->store, store) == 0)
ckcapi_session_clear_object_data(sess, obj);
}
@@ -517,7 +521,7 @@ find_in_store(CkCapiSession* sess, const char* store_name,
while((cert = CertEnumCertificatesInStore(store, cert)) != NULL)
{
objdata.data = (void*)cert;
- objdata.data_funcs = cert_objdata_vtable;
+ objdata.data_funcs = &cert_objdata_vtable;
if(ckcapi_object_data_match(&objdata, match, count))
{
@@ -581,7 +585,7 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info,
/* Match the certificate */
objdata.data = (void*)cert;
- objdata.data_funcs = cert_objdata_vtable;
+ objdata.data_funcs = &cert_objdata_vtable;
if(ckcapi_object_data_match(&objdata, match, count))
{
diff --git a/ckcapi-object.c b/ckcapi-object.c
index 4bc0ce1..763102c 100644
--- a/ckcapi-object.c
+++ b/ckcapi-object.c
@@ -15,8 +15,9 @@ static void
object_free(CkCapiObject* obj)
{
ASSERT(obj);
- ASSERT(obj->obj_funcs.release);
- (obj->obj_funcs.release)(obj);
+ ASSERT(obj->obj_funcs);
+ ASSERT(obj->obj_funcs->release);
+ (obj->obj_funcs->release)(obj);
}
void
@@ -312,6 +313,7 @@ ckcapi_object_data_match_attr(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR match)
ASSERT(match);
ASSERT(objdata && objdata->data);
+ ASSERT(objdata->data_funcs);
/* Get the data type of the attribute */
dtype = attribute_data_type(match->type);
@@ -329,16 +331,16 @@ ckcapi_object_data_match_attr(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR match)
switch(dtype)
{
case DATA_BOOL:
- rv = (objdata->data_funcs.get_bool)(objdata->data, match->type, value, &len);
+ rv = (objdata->data_funcs->get_bool)(objdata->data, match->type, value, &len);
break;
case DATA_ULONG:
- rv = (objdata->data_funcs.get_ulong)(objdata->data, match->type, value, &len);
+ rv = (objdata->data_funcs->get_ulong)(objdata->data, match->type, value, &len);
break;
case DATA_BYTES:
- rv = (objdata->data_funcs.get_bytes)(objdata->data, match->type, value, &len);
+ rv = (objdata->data_funcs->get_bytes)(objdata->data, match->type, value, &len);
break;
case DATA_DATE:
- rv = (objdata->data_funcs.get_date)(objdata->data, match->type, value, &len);
+ rv = (objdata->data_funcs->get_date)(objdata->data, match->type, value, &len);
break;
default:
ASSERT(0 && "unrecognized type");
@@ -392,20 +394,20 @@ ckcapi_object_data_get_attrs(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs,
switch(attribute_data_type(attrs[i].type))
{
case DATA_BOOL:
- rv = (objdata->data_funcs.get_bool)(objdata->data, attrs[i].type,
- attrs[i].pValue, &attrs[i].ulValueLen);
+ rv = (objdata->data_funcs->get_bool)(objdata->data, attrs[i].type,
+ attrs[i].pValue, &attrs[i].ulValueLen);
break;
case DATA_ULONG:
- rv = (objdata->data_funcs.get_ulong)(objdata->data, attrs[i].type,
- attrs[i].pValue, &attrs[i].ulValueLen);
+ rv = (objdata->data_funcs->get_ulong)(objdata->data, attrs[i].type,
+ attrs[i].pValue, &attrs[i].ulValueLen);
break;
case DATA_BYTES:
- rv = (objdata->data_funcs.get_bytes)(objdata->data, attrs[i].type,
- attrs[i].pValue, &attrs[i].ulValueLen);
+ rv = (objdata->data_funcs->get_bytes)(objdata->data, attrs[i].type,
+ attrs[i].pValue, &attrs[i].ulValueLen);
break;
case DATA_DATE:
- rv = (objdata->data_funcs.get_date)(objdata->data, attrs[i].type,
- attrs[i].pValue, &attrs[i].ulValueLen);
+ rv = (objdata->data_funcs->get_date)(objdata->data, attrs[i].type,
+ attrs[i].pValue, &attrs[i].ulValueLen);
break;
case DATA_UNKNOWN:
rv = CKR_ATTRIBUTE_TYPE_INVALID;
diff --git a/ckcapi-session.c b/ckcapi-session.c
index 8d00316..dc35ce0 100644
--- a/ckcapi-session.c
+++ b/ckcapi-session.c
@@ -14,8 +14,9 @@ static SessionList the_sessions = { NULL, 0 };
static void
object_data_release(CkCapiObjectData* objdata)
{
- ASSERT(objdata->data_funcs.release);
- (objdata->data_funcs.release)(objdata->data);
+ ASSERT(objdata->data_funcs);
+ ASSERT(objdata->data_funcs->release);
+ (objdata->data_funcs->release)(objdata->data);
free(objdata);
}
@@ -359,7 +360,8 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj,
ASSERT(sess);
ASSERT(sess->object_data);
ASSERT(obj);
- ASSERT(obj->obj_funcs.load_data);
+ ASSERT(obj->obj_funcs);
+ ASSERT(obj->obj_funcs->load_data);
ASSERT(objdata);
id = obj->id;
@@ -373,7 +375,7 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj,
return CKR_HOST_MEMORY;
newdata->object = id;
- ret = (obj->obj_funcs.load_data)(sess, obj, newdata);
+ ret = (obj->obj_funcs->load_data)(sess, obj, newdata);
if(ret != CKR_OK) {
free(newdata);
return ret;
@@ -381,7 +383,7 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj,
newdata->object = id;
ASSERT(newdata->data);
- ASSERT(newdata->data_funcs.release);
+ ASSERT(newdata->data_funcs);
if(!ckcapi_hash_set(sess->object_data, &newdata->object,
sizeof(newdata->object), newdata)) {
diff --git a/ckcapi-trust.c b/ckcapi-trust.c
index 9acbfed..db543a7 100644
--- a/ckcapi-trust.c
+++ b/ckcapi-trust.c
@@ -191,12 +191,15 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type,
type, data, len);
/*
- * TODO: These should probably be implemented
+ * The hash of the DER encoded certificate.
*/
case CKA_CERT_MD5_HASH:
case CKA_CERT_SHA1_HASH:
- return CKR_ATTRIBUTE_TYPE_INVALID;
-
+ if(!CryptHashCertificate(0, type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1,
+ 0, trust_data->cert->pbCertEncoded,
+ trust_data->cert->cbCertEncoded, data, (DWORD*)len))
+ return ckcapi_winerr_to_ckr(GetLastError());
+ return CKR_OK;
};
return CKR_ATTRIBUTE_TYPE_INVALID;
@@ -319,7 +322,7 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdat
trust_data->cert = CertDuplicateCertificateContext((PCCERT_CONTEXT)(certdata->data));
objdata->data = trust_data;
- objdata->data_funcs = trust_objdata_vtable;
+ objdata->data_funcs = &trust_objdata_vtable;
return CKR_OK;
}
@@ -352,7 +355,7 @@ register_trust_object(CkCapiSession* sess, CkCapiObject* cert, CkCapiObject** ob
tobj->cert_obj = cert->id;
tobj->obj.id = 0;
- tobj->obj.obj_funcs = trust_object_vtable;
+ tobj->obj.obj_funcs = &trust_object_vtable;
tobj->obj.unique_key = UNIQUE_KEY_AT(tobj, otype);
tobj->obj.unique_len = UNIQUE_KEY_LEN(tobj, otype, cert_obj);
diff --git a/ckcapi.h b/ckcapi.h
index d3ead45..4e69c0d 100644
--- a/ckcapi.h
+++ b/ckcapi.h
@@ -60,7 +60,7 @@ typedef struct _CkCapiObjectData
{
CK_OBJECT_HANDLE object;
void* data;
- CkCapiObjectDataVtable data_funcs;
+ const CkCapiObjectDataVtable* data_funcs;
}
CkCapiObjectData;
@@ -175,9 +175,7 @@ CkCapiObjectVtable;
struct _CkCapiObject
{
CK_OBJECT_HANDLE id;
-
- // These items must remain together in the structure
- CkCapiObjectVtable obj_funcs;
+ const CkCapiObjectVtable* obj_funcs;
void* unique_key;
size_t unique_len;
};