From 80ca168a6b656dfc7bcc0cc32e90391b66b6bf4c Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Sun, 6 May 2007 13:40:52 +0000 Subject: Complete trust for Mozilla. --- ckcapi-builtin.c | 6 +++--- ckcapi-cert.c | 12 ++++++++---- ckcapi-object.c | 30 ++++++++++++++++-------------- ckcapi-session.c | 12 +++++++----- ckcapi-trust.c | 13 ++++++++----- ckcapi.h | 6 ++---- 6 files changed, 44 insertions(+), 35 deletions(-) diff --git a/ckcapi-builtin.c b/ckcapi-builtin.c index ad70ea2..b4a7e3f 100644 --- a/ckcapi-builtin.c +++ b/ckcapi-builtin.c @@ -103,7 +103,7 @@ builtin_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objd return CKR_OBJECT_HANDLE_INVALID; objdata->data = (void*)all_builtins[bobj->builtin_index]; - objdata->data_funcs = builtin_objdata_vtable; + objdata->data_funcs = &builtin_objdata_vtable; return CKR_OK; } @@ -136,7 +136,7 @@ register_builtin_object(CkCapiSession* sess, CK_ULONG index, CkCapiObject** obj) bobj->builtin_index = index; bobj->obj.id = 0; - bobj->obj.obj_funcs = builtin_object_vtable; + bobj->obj.obj_funcs = &builtin_object_vtable; bobj->obj.unique_key = UNIQUE_KEY_AT(bobj, otype); bobj->obj.unique_len = UNIQUE_KEY_LEN(bobj, otype, builtin_index); @@ -173,7 +173,7 @@ ckcapi_builtin_find(CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR m for(i = 0; i < num_builtins; ++i) { objdata.data = (void*)all_builtins[i]; - objdata.data_funcs = builtin_objdata_vtable; + objdata.data_funcs = &builtin_objdata_vtable; if(ckcapi_object_data_match(&objdata, match, count)) { diff --git a/ckcapi-cert.c b/ckcapi-cert.c index 887fefb..501f2a2 100644 --- a/ckcapi-cert.c +++ b/ckcapi-cert.c @@ -405,7 +405,7 @@ cert_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdata * certificate object is a CERT_CONTEXT pointer. */ objdata->data = (void*)cert; - objdata->data_funcs = cert_objdata_vtable; + objdata->data_funcs = &cert_objdata_vtable; return CKR_OK; } @@ -448,7 +448,7 @@ register_cert_object(CkCapiSession* sess, const char* store, PCCERT_CONTEXT cert cobj->obj.id = 0; cobj->obj.unique_key = UNIQUE_KEY_AT(cobj, otype); cobj->obj.unique_len = UNIQUE_KEY_VAR_LEN(cobj, otype, cert_data, len); - cobj->obj.obj_funcs = cert_object_vtable; + cobj->obj.obj_funcs = &cert_object_vtable; /* Copy Issuer data in */ cobj->issuer.cbData = cert->pCertInfo->Issuer.cbData; @@ -481,6 +481,10 @@ clear_object_data_for_store(CkCapiSession* sess, CkCapiObject* obj, const char* store = (const char*) arg; CertObject *cobj = (CertObject*)obj; + // Is it one of ours? + if(obj->obj_funcs != &cert_object_vtable) + return; + if(strcmp(cobj->store, store) == 0) ckcapi_session_clear_object_data(sess, obj); } @@ -517,7 +521,7 @@ find_in_store(CkCapiSession* sess, const char* store_name, while((cert = CertEnumCertificatesInStore(store, cert)) != NULL) { objdata.data = (void*)cert; - objdata.data_funcs = cert_objdata_vtable; + objdata.data_funcs = &cert_objdata_vtable; if(ckcapi_object_data_match(&objdata, match, count)) { @@ -581,7 +585,7 @@ match_in_store(CkCapiSession* sess, const char* store_name, PCERT_INFO info, /* Match the certificate */ objdata.data = (void*)cert; - objdata.data_funcs = cert_objdata_vtable; + objdata.data_funcs = &cert_objdata_vtable; if(ckcapi_object_data_match(&objdata, match, count)) { diff --git a/ckcapi-object.c b/ckcapi-object.c index 4bc0ce1..763102c 100644 --- a/ckcapi-object.c +++ b/ckcapi-object.c @@ -15,8 +15,9 @@ static void object_free(CkCapiObject* obj) { ASSERT(obj); - ASSERT(obj->obj_funcs.release); - (obj->obj_funcs.release)(obj); + ASSERT(obj->obj_funcs); + ASSERT(obj->obj_funcs->release); + (obj->obj_funcs->release)(obj); } void @@ -312,6 +313,7 @@ ckcapi_object_data_match_attr(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR match) ASSERT(match); ASSERT(objdata && objdata->data); + ASSERT(objdata->data_funcs); /* Get the data type of the attribute */ dtype = attribute_data_type(match->type); @@ -329,16 +331,16 @@ ckcapi_object_data_match_attr(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR match) switch(dtype) { case DATA_BOOL: - rv = (objdata->data_funcs.get_bool)(objdata->data, match->type, value, &len); + rv = (objdata->data_funcs->get_bool)(objdata->data, match->type, value, &len); break; case DATA_ULONG: - rv = (objdata->data_funcs.get_ulong)(objdata->data, match->type, value, &len); + rv = (objdata->data_funcs->get_ulong)(objdata->data, match->type, value, &len); break; case DATA_BYTES: - rv = (objdata->data_funcs.get_bytes)(objdata->data, match->type, value, &len); + rv = (objdata->data_funcs->get_bytes)(objdata->data, match->type, value, &len); break; case DATA_DATE: - rv = (objdata->data_funcs.get_date)(objdata->data, match->type, value, &len); + rv = (objdata->data_funcs->get_date)(objdata->data, match->type, value, &len); break; default: ASSERT(0 && "unrecognized type"); @@ -392,20 +394,20 @@ ckcapi_object_data_get_attrs(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs, switch(attribute_data_type(attrs[i].type)) { case DATA_BOOL: - rv = (objdata->data_funcs.get_bool)(objdata->data, attrs[i].type, - attrs[i].pValue, &attrs[i].ulValueLen); + rv = (objdata->data_funcs->get_bool)(objdata->data, attrs[i].type, + attrs[i].pValue, &attrs[i].ulValueLen); break; case DATA_ULONG: - rv = (objdata->data_funcs.get_ulong)(objdata->data, attrs[i].type, - attrs[i].pValue, &attrs[i].ulValueLen); + rv = (objdata->data_funcs->get_ulong)(objdata->data, attrs[i].type, + attrs[i].pValue, &attrs[i].ulValueLen); break; case DATA_BYTES: - rv = (objdata->data_funcs.get_bytes)(objdata->data, attrs[i].type, - attrs[i].pValue, &attrs[i].ulValueLen); + rv = (objdata->data_funcs->get_bytes)(objdata->data, attrs[i].type, + attrs[i].pValue, &attrs[i].ulValueLen); break; case DATA_DATE: - rv = (objdata->data_funcs.get_date)(objdata->data, attrs[i].type, - attrs[i].pValue, &attrs[i].ulValueLen); + rv = (objdata->data_funcs->get_date)(objdata->data, attrs[i].type, + attrs[i].pValue, &attrs[i].ulValueLen); break; case DATA_UNKNOWN: rv = CKR_ATTRIBUTE_TYPE_INVALID; diff --git a/ckcapi-session.c b/ckcapi-session.c index 8d00316..dc35ce0 100644 --- a/ckcapi-session.c +++ b/ckcapi-session.c @@ -14,8 +14,9 @@ static SessionList the_sessions = { NULL, 0 }; static void object_data_release(CkCapiObjectData* objdata) { - ASSERT(objdata->data_funcs.release); - (objdata->data_funcs.release)(objdata->data); + ASSERT(objdata->data_funcs); + ASSERT(objdata->data_funcs->release); + (objdata->data_funcs->release)(objdata->data); free(objdata); } @@ -359,7 +360,8 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj, ASSERT(sess); ASSERT(sess->object_data); ASSERT(obj); - ASSERT(obj->obj_funcs.load_data); + ASSERT(obj->obj_funcs); + ASSERT(obj->obj_funcs->load_data); ASSERT(objdata); id = obj->id; @@ -373,7 +375,7 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj, return CKR_HOST_MEMORY; newdata->object = id; - ret = (obj->obj_funcs.load_data)(sess, obj, newdata); + ret = (obj->obj_funcs->load_data)(sess, obj, newdata); if(ret != CKR_OK) { free(newdata); return ret; @@ -381,7 +383,7 @@ ckcapi_session_get_object_data(CkCapiSession* sess, CkCapiObject* obj, newdata->object = id; ASSERT(newdata->data); - ASSERT(newdata->data_funcs.release); + ASSERT(newdata->data_funcs); if(!ckcapi_hash_set(sess->object_data, &newdata->object, sizeof(newdata->object), newdata)) { diff --git a/ckcapi-trust.c b/ckcapi-trust.c index 9acbfed..db543a7 100644 --- a/ckcapi-trust.c +++ b/ckcapi-trust.c @@ -191,12 +191,15 @@ trust_bytes_attribute(void* obj, CK_ATTRIBUTE_TYPE type, type, data, len); /* - * TODO: These should probably be implemented + * The hash of the DER encoded certificate. */ case CKA_CERT_MD5_HASH: case CKA_CERT_SHA1_HASH: - return CKR_ATTRIBUTE_TYPE_INVALID; - + if(!CryptHashCertificate(0, type == CKA_CERT_MD5_HASH ? CALG_MD5 : CALG_SHA1, + 0, trust_data->cert->pbCertEncoded, + trust_data->cert->cbCertEncoded, data, (DWORD*)len)) + return ckcapi_winerr_to_ckr(GetLastError()); + return CKR_OK; }; return CKR_ATTRIBUTE_TYPE_INVALID; @@ -319,7 +322,7 @@ trust_load_data(CkCapiSession* sess, CkCapiObject* obj, CkCapiObjectData* objdat trust_data->cert = CertDuplicateCertificateContext((PCCERT_CONTEXT)(certdata->data)); objdata->data = trust_data; - objdata->data_funcs = trust_objdata_vtable; + objdata->data_funcs = &trust_objdata_vtable; return CKR_OK; } @@ -352,7 +355,7 @@ register_trust_object(CkCapiSession* sess, CkCapiObject* cert, CkCapiObject** ob tobj->cert_obj = cert->id; tobj->obj.id = 0; - tobj->obj.obj_funcs = trust_object_vtable; + tobj->obj.obj_funcs = &trust_object_vtable; tobj->obj.unique_key = UNIQUE_KEY_AT(tobj, otype); tobj->obj.unique_len = UNIQUE_KEY_LEN(tobj, otype, cert_obj); diff --git a/ckcapi.h b/ckcapi.h index d3ead45..4e69c0d 100644 --- a/ckcapi.h +++ b/ckcapi.h @@ -60,7 +60,7 @@ typedef struct _CkCapiObjectData { CK_OBJECT_HANDLE object; void* data; - CkCapiObjectDataVtable data_funcs; + const CkCapiObjectDataVtable* data_funcs; } CkCapiObjectData; @@ -175,9 +175,7 @@ CkCapiObjectVtable; struct _CkCapiObject { CK_OBJECT_HANDLE id; - - // These items must remain together in the structure - CkCapiObjectVtable obj_funcs; + const CkCapiObjectVtable* obj_funcs; void* unique_key; size_t unique_len; }; -- cgit v1.2.3