security/nss/lib/softoken/legacydb/lgdestroy.c@b8a032363ba2 (annotated)
security/nss/lib/softoken/legacydb/lgdestroy.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | /* |
| michael@0 | 5 | * Internal PKCS #11 functions. Should only be called by pkcs11.c |
| michael@0 | 6 | */ |
| michael@0 | 7 | #include "pkcs11.h" |
| michael@0 | 8 | #include "lgdb.h" |
| michael@0 | 9 | #include "pcert.h" |
| michael@0 | 10 | #include "lowkeyi.h" |
| michael@0 | 11 | |
| michael@0 | 12 | /* |
| michael@0 | 13 | * remove an object. |
| michael@0 | 14 | */ |
| michael@0 | 15 | CK_RV |
| michael@0 | 16 | lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id) |
| michael@0 | 17 | { |
| michael@0 | 18 | CK_RV crv = CKR_OK; |
| michael@0 | 19 | SECStatus rv; |
| michael@0 | 20 | NSSLOWCERTCertificate *cert; |
| michael@0 | 21 | NSSLOWCERTCertTrust tmptrust; |
| michael@0 | 22 | PRBool isKrl; |
| michael@0 | 23 | NSSLOWKEYDBHandle *keyHandle; |
| michael@0 | 24 | NSSLOWCERTCertDBHandle *certHandle; |
| michael@0 | 25 | const SECItem *dbKey; |
| michael@0 | 26 | |
| michael@0 | 27 | object_id &= ~LG_TOKEN_MASK; |
| michael@0 | 28 | dbKey = lg_lookupTokenKeyByHandle(sdb,object_id); |
| michael@0 | 29 | if (dbKey == NULL) { |
| michael@0 | 30 | return CKR_OBJECT_HANDLE_INVALID; |
| michael@0 | 31 | } |
| michael@0 | 32 | |
| michael@0 | 33 | /* remove the objects from the real data base */ |
| michael@0 | 34 | switch (object_id & LG_TOKEN_TYPE_MASK) { |
| michael@0 | 35 | case LG_TOKEN_TYPE_PRIV: |
| michael@0 | 36 | case LG_TOKEN_TYPE_KEY: |
| michael@0 | 37 | /* KEYID is the public KEY for DSA and DH, and the MODULUS for |
| michael@0 | 38 | * RSA */ |
| michael@0 | 39 | keyHandle = lg_getKeyDB(sdb); |
| michael@0 | 40 | if (!keyHandle) { |
| michael@0 | 41 | crv = CKR_TOKEN_WRITE_PROTECTED; |
| michael@0 | 42 | break; |
| michael@0 | 43 | } |
| michael@0 | 44 | rv = nsslowkey_DeleteKey(keyHandle, dbKey); |
| michael@0 | 45 | if (rv != SECSuccess) { |
| michael@0 | 46 | crv = CKR_DEVICE_ERROR; |
| michael@0 | 47 | } |
| michael@0 | 48 | break; |
| michael@0 | 49 | case LG_TOKEN_TYPE_PUB: |
| michael@0 | 50 | break; /* public keys only exist at the behest of the priv key */ |
| michael@0 | 51 | case LG_TOKEN_TYPE_CERT: |
| michael@0 | 52 | certHandle = lg_getCertDB(sdb); |
| michael@0 | 53 | if (!certHandle) { |
| michael@0 | 54 | crv = CKR_TOKEN_WRITE_PROTECTED; |
| michael@0 | 55 | break; |
| michael@0 | 56 | } |
| michael@0 | 57 | cert = nsslowcert_FindCertByKey(certHandle,dbKey); |
| michael@0 | 58 | if (cert == NULL) { |
| michael@0 | 59 | crv = CKR_DEVICE_ERROR; |
| michael@0 | 60 | break; |
| michael@0 | 61 | } |
| michael@0 | 62 | rv = nsslowcert_DeletePermCertificate(cert); |
| michael@0 | 63 | if (rv != SECSuccess) { |
| michael@0 | 64 | crv = CKR_DEVICE_ERROR; |
| michael@0 | 65 | } |
| michael@0 | 66 | nsslowcert_DestroyCertificate(cert); |
| michael@0 | 67 | break; |
| michael@0 | 68 | case LG_TOKEN_TYPE_CRL: |
| michael@0 | 69 | certHandle = lg_getCertDB(sdb); |
| michael@0 | 70 | if (!certHandle) { |
| michael@0 | 71 | crv = CKR_TOKEN_WRITE_PROTECTED; |
| michael@0 | 72 | break; |
| michael@0 | 73 | } |
| michael@0 | 74 | isKrl = (PRBool) (object_id == LG_TOKEN_KRL_HANDLE); |
| michael@0 | 75 | rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl); |
| michael@0 | 76 | if (rv == SECFailure) crv = CKR_DEVICE_ERROR; |
| michael@0 | 77 | break; |
| michael@0 | 78 | case LG_TOKEN_TYPE_TRUST: |
| michael@0 | 79 | certHandle = lg_getCertDB(sdb); |
| michael@0 | 80 | if (!certHandle) { |
| michael@0 | 81 | crv = CKR_TOKEN_WRITE_PROTECTED; |
| michael@0 | 82 | break; |
| michael@0 | 83 | } |
| michael@0 | 84 | cert = nsslowcert_FindCertByKey(certHandle, dbKey); |
| michael@0 | 85 | if (cert == NULL) { |
| michael@0 | 86 | crv = CKR_DEVICE_ERROR; |
| michael@0 | 87 | break; |
| michael@0 | 88 | } |
| michael@0 | 89 | tmptrust = *cert->trust; |
| michael@0 | 90 | tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS; |
| michael@0 | 91 | tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS; |
| michael@0 | 92 | tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS; |
| michael@0 | 93 | tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN; |
| michael@0 | 94 | tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN; |
| michael@0 | 95 | tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN; |
| michael@0 | 96 | rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust); |
| michael@0 | 97 | if (rv != SECSuccess) crv = CKR_DEVICE_ERROR; |
| michael@0 | 98 | nsslowcert_DestroyCertificate(cert); |
| michael@0 | 99 | break; |
| michael@0 | 100 | default: |
| michael@0 | 101 | break; |
| michael@0 | 102 | } |
| michael@0 | 103 | lg_DBLock(sdb); |
| michael@0 | 104 | lg_deleteTokenKeyByHandle(sdb,object_id); |
| michael@0 | 105 | lg_DBUnlock(sdb); |
| michael@0 | 106 | |
| michael@0 | 107 | return crv; |
| michael@0 | 108 | } |
| michael@0 | 109 | |
| michael@0 | 110 | |
| michael@0 | 111 |
