Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-14 22:05:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

1) Add the necessary code so that AddModule functions again.

Browse Source 
2) Add code to create secmod.db on the fly again.
3) Fix uninitialized structures so that we can switch to the fips token.

The results of this checkin should allow the fips tests to pass again.
This commit is contained in:
relyea%netscape.com 2001-08-31 00:20:47 +00:00
parent 30a625ae9a
commit b551f36ebb
8 changed files with 339 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/nss/lib/pk11wrap/pk11modu.c
View File

@ -81,6 +81,14 @@ SECMODModule *SECMOD_NewModule(void) {
newMod->refCount = 1;
newMod->ssl[0] = 0;
newMod->ssl[1] = 0;
newMod->libraryParams = NULL;
newMod->moduleDBFunc = NULL;
newMod->parent = NULL;
newMod->isCritical = PR_FALSE;
newMod->isModuleDB = PR_FALSE;
newMod->moduleDBOnly = PR_FALSE;
newMod->trustOrder = 0;
newMod->cipherOrder = 0;
#ifdef PKCS11_USE_THREADS
newMod->refLock = (void *)PZ_NewLock(nssILockRefLock);
if (newMod->refLock == NULL) {

98
security/nss/lib/pk11wrap/pk11pars.c
View File

@ -83,6 +83,67 @@ pk11_CreateModule(char *library, char *moduleName, char *parameters, char *nss)
return mod;
}
static char *
pk11_mkModuleSpec(SECMODModule * module)
{
char *nss = NULL, *modSpec = NULL, **slotStrings = NULL;
int slotCount, i, si;
/* allocate target slot info strings */
slotCount = 0;
if (module->slotCount) {
for (i=0; i < module->slotCount; i++) {
if (module->slots[i]->defaultFlags !=0) {
slotCount++;
}
}
} else {
slotCount = module->slotInfoCount;
}
slotStrings = (char **)PORT_ZAlloc(slotCount*sizeof(char *));
if (slotStrings == NULL) {
goto loser;
}
/* build the slot info strings */
if (module->slotCount) {
for (i=0, si= 0; i < module->slotCount; i++) {
if (module->slots[i]->defaultFlags) {
PORT_Assert(si < slotCount);
if (si >= slotCount) break;
slotStrings[si] = pk11_mkSlotString(module->slots[i]->slotID,
module->slots[i]->defaultFlags,
module->slots[i]->timeout,
module->slots[i]->askpw,
module->slots[i]->hasRootCerts,
module->slots[i]->hasRootTrust);
si++;
}
}
} else {
for (i=0; i < slotCount; i++) {
slotStrings[i] = pk11_mkSlotString(module->slotInfo[i].slotID,
module->slotInfo[i].defaultFlags,
module->slotInfo[i].timeout,
module->slotInfo[i].askpw,
module->slotInfo[i].hasRootCerts,
module->slotInfo[i].hasRootTrust);
}
}
nss = pk11_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS,
module->isModuleDB, module->moduleDBOnly, module->isCritical,
module->trustOrder,module->cipherOrder,module->ssl[0],module->ssl[1]);
modSpec= pk11_mkNewModuleSpec(module->dllName,module->commonName,
module->libraryParams,nss);
PORT_Free(slotStrings);
PR_smprintf_free(nss);
loser:
return (modSpec);
}
char **
@ -96,6 +157,43 @@ pk11_getModuleSpecList(SECMODModule *module)
return NULL;
}
SECStatus
pk11_AddPermDB(SECMODModule *module)
{
SECMODModuleDBFunc func;
char *moduleSpec;
char **retString;
if (module->parent == NULL) return SECFailure;
func = (SECMODModuleDBFunc) module->parent->moduleDBFunc;
if (func) {
moduleSpec = pk11_mkModuleSpec(module);
retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD,
module->parent->libraryParams,moduleSpec);
PORT_Free(moduleSpec);
if (retString != NULL) return SECSuccess;
}
return SECFailure;
}
SECStatus
pk11_DeletePermDB(SECMODModule *module)
{
SECMODModuleDBFunc func;
char **retString;
if (module->parent == NULL) return SECFailure;
func = (SECMODModuleDBFunc) module->parent->moduleDBFunc;
if (func) {
retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL,
module->parent->libraryParams,module->commonName);
if (retString != NULL) return SECSuccess;
}
return SECFailure;
}
pk11_freeModuleSpecList(char **moduleSpecList)
{
char ** index;

2
security/nss/lib/pk11wrap/pk11slot.c
View File

@ -741,7 +741,7 @@ PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx)
void
PK11_SlotDBUpdate(PK11SlotInfo *slot)
{
SECMOD_AddPermDB(slot->module);
pk11_AddPermDB(slot->module);
}
/*

18
security/nss/lib/pk11wrap/pk11util.c
View File

@ -44,6 +44,7 @@
static SECMODModuleList *modules = NULL;
static SECMODModuleList *modulesDB = NULL;
static SECMODModule *internalModule = NULL;
static SECMODModule *defaultDBModule = NULL;
static SECMODListLock *moduleLock = NULL;
extern SECStatus
@ -242,6 +243,9 @@ SECMOD_AddModuleToList(SECMODModule *newModule) {
SECStatus
SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule) {
if (defaultDBModule == NULL) {
defaultDBModule = SECMOD_ReferenceModule(newModule);
}
return secmod_AddModuleToList(&modulesDB,newModule);
}
@ -351,7 +355,7 @@ SECMOD_DeleteModule(char *name, int *type) {
if (rv == SECSuccess) {
SECMOD_DeletePermDB(mlp->module);
pk11_DeletePermDB(mlp->module);
SECMOD_DestroyModuleListElement(mlp);
}
return rv;
@ -406,6 +410,8 @@ SECMOD_DeleteInternalModule(char *name) {
SECMOD_ReleaseWriteLock(moduleLock);
return SECFailure;
}
newModule->libraryParams =
PORT_ArenaStrdup(mlp->module->arena,mlp->module->libraryParams);
oldModule = internalModule;
internalModule = SECMOD_ReferenceModule(newModule);
SECMOD_AddModule(internalModule);
@ -436,7 +442,11 @@ SECMOD_AddModule(SECMODModule *newModule) {
return rv;
}
SECMOD_AddPermDB(newModule);
if (newModule->parent == NULL) {
newModule->parent = SECMOD_ReferenceModule(defaultDBModule);
}
pk11_AddPermDB(newModule);
SECMOD_AddModuleToList(newModule);
return SECSuccess;
@ -538,10 +548,10 @@ SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath,
} /* for each slot of this module */
/* delete and re-add module in order to save changes to the module */
result = SECMOD_DeletePermDB(module);
result = pk11_DeletePermDB(module);
if (result == SECSuccess) {
result = SECMOD_AddPermDB(module);
result = pk11_AddPermDB(module);
if (result == SECSuccess) {
return SECSuccess;
}

2
security/nss/lib/pk11wrap/secmodti.h
View File

@ -117,6 +117,7 @@ struct PK11SlotInfoStr {
char slot_name[65];
char token_name[33];
PRBool hasRootCerts;
PRBool hasRootTrust;
PRBool hasRSAInfo;
CK_FLAGS RSAInfoFlags;
};
@ -131,6 +132,7 @@ struct PK11PreSlotInfoStr {
int askpw; /* slot specific password bits */
long timeout; /* slot specific timeout value */
char hasRootCerts; /* is this the root cert PKCS #11 module? */
char hasRootTrust; /* is this the root cert PKCS #11 module? */
};
/* Symetric Key structure. Reference Counted */

232
security/nss/lib/softoken/pk11db.c
View File

@ -181,11 +181,12 @@ struct secmodDataStr {
unsigned char ssl[8];
unsigned char trustOrder[4];
unsigned char cipherOrder[4];
unsigned char hasParameters;
unsigned char reserved1;
unsigned char isModuleDB;
unsigned char isModuleDBOnly;
unsigned char reserved;
unsigned char names[4]; /* enough space for the length fields */
unsigned char isCritical;
unsigned char reserved[4];
unsigned char names[6]; /* enough space for the length fields */
};
struct secmodSlotDataStr {
@ -220,94 +221,134 @@ struct secmodSlotDataStr {
( (unsigned long) (src)[2] << 8) | \
(unsigned long) (src)[3]))
#ifdef notdef
/*
* build a data base entry from a module
*/
static SECStatus secmod_EncodeData(DBT *data, SECMODModule * module) {
secmodData *encoded;
static SECStatus secmod_EncodeData(DBT *data, char * module) {
secmodData *encoded = NULL;
secmodSlotData *slot;
unsigned char *dataPtr;
unsigned short len, len2 = 0,count = 0;
unsigned short len, len2 = 0, len3 = 0;
int count = 0;
unsigned short offset;
int dataLen, i, si;
unsigned long order;
unsigned long ssl[2];
char *commonName = NULL , *dllName = NULL, *param = NULL, *nss = NULL;
char *slotParams, *ciphers;
PK11PreSlotInfo *slotInfo = NULL;
SECStatus rv = SECFailure;
len = PORT_Strlen(module->commonName);
if (module->dllName) {
len2 = PORT_Strlen(module->dllName);
rv = pk11_argParseModuleSpec(module,&dllName,&commonName,&param,&nss);
if (rv != SECSuccess) return rv;
rv = SECFailure;
if (commonName == NULL) {
/* set error */
goto loser;
}
if (module->slotCount != 0) {
for (i=0; i < module->slotCount; i++) {
if (module->slots[i]->defaultFlags != 0) {
count++;
}
}
} else {
count = module->slotInfoCount;
len = PORT_Strlen(commonName);
if (dllName) {
len2 = PORT_Strlen(dllName);
}
dataLen = sizeof(secmodData) + len + len2 + 2 +
if (param) {
len3 = PORT_Strlen(param);
}
slotParams = pk11_argGetParamValue("slotParams",nss);
slotInfo = pk11_argParseSlotInfo(NULL,slotParams,&count);
if (slotParams) PORT_Free(slotParams);
if (count && slotInfo == NULL) {
/* set error */
goto loser;
}
dataLen = sizeof(secmodData) + len + len2 + len3 +
count*sizeof(secmodSlotData);
data->data = (unsigned char *)
PORT_Alloc(dataLen);
data->data = (unsigned char *) PORT_ZAlloc(dataLen);
encoded = (secmodData *)data->data;
dataPtr = (unsigned char *) data->data;
data->size = dataLen;
if (encoded == NULL) return SECFailure;
if (encoded == NULL) {
/* set error */
goto loser;
}
encoded->major = SECMOD_DB_VERSION_MAJOR;
encoded->minor = SECMOD_DB_VERSION_MINOR;
encoded->internal = (unsigned char) (module->internal ? 1 : 0);
encoded->fips = (unsigned char) (module->isFIPS ? 1 : 0);
SECMOD_PUTLONG(encoded->ssl,module->ssl[0]);
SECMOD_PUTLONG(&encoded->ssl[4],module->ssl[1]);
encoded->internal = (unsigned char)
(pk11_argHasFlag("flags","internal",nss) ? 1 : 0);
encoded->fips = (unsigned char)
(pk11_argHasFlag("flags","FIPS",nss) ? 1 : 0);
encoded->isModuleDB = (unsigned char)
(pk11_argHasFlag("flags","isModuleDB",nss) ? 1 : 0);
encoded->isModuleDBOnly = (unsigned char)
(pk11_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0);
encoded->isCritical = (unsigned char)
(pk11_argHasFlag("flags","isCritical",nss) ? 1 : 0);
order = pk11_argReadLong("trustOrder",nss);
SECMOD_PUTLONG(encoded->trustOrder,order);
order = pk11_argReadLong("cipherOrder",nss);
SECMOD_PUTLONG(encoded->cipherOrder,order);
ciphers = pk11_argGetParamValue("ciphers",nss);
pk11_argSetNewCipherFlags(&ssl[0], ciphers);
SECMOD_PUTLONG(encoded->ssl,ssl[0]);
SECMOD_PUTLONG(&encoded->ssl[4],ssl[1]);
offset = (unsigned long) &(((secmodData *)0)->names[0]);
SECMOD_PUTSHORT(encoded->nameStart,offset);
offset = offset +len + len2 + 4;
offset = offset + len + len2 + len3 + 3*sizeof(unsigned short);
SECMOD_PUTSHORT(encoded->slotOffset,offset);
SECMOD_PUTSHORT(&dataPtr[offset],count);
slot = (secmodSlotData *)(dataPtr+offset+2);
SECMOD_PUTSHORT(&dataPtr[offset],((unsigned short)count));
slot = (secmodSlotData *)(dataPtr+offset+sizeof(unsigned short));
offset = 0;
SECMOD_PUTSHORT(encoded->names,len);
PORT_Memcpy(&encoded->names[2],module->commonName,len);
offset += sizeof(unsigned short);
PORT_Memcpy(&encoded->names[offset],commonName,len);
offset += len;
SECMOD_PUTSHORT(&encoded->names[len+2],len2);
if (len2) PORT_Memcpy(&encoded->names[len+4],module->dllName,len2);
SECMOD_PUTSHORT(&encoded->names[offset],len2);
offset += sizeof(unsigned short);
if (len2) PORT_Memcpy(&encoded->names[offset],dllName,len2);
offset += len2;
if (module->slotCount) {
for (i=0,si=0; i < module->slotCount; i++) {
if (module->slots[i]->defaultFlags) {
SECMOD_PUTLONG(slot[si].slotID, module->slots[i]->slotID);
SECMOD_PUTLONG(slot[si].defaultFlags,
module->slots[i]->defaultFlags);
SECMOD_PUTLONG(slot[si].timeout,module->slots[i]->timeout);
slot[si].askpw = module->slots[i]->askpw;
slot[si].hasRootCerts = module->slots[i]->hasRootCerts;
PORT_Memset(slot[si].reserved, 0, sizeof(slot[si].reserved));
si++;
}
}
} else {
for (i=0; i < module->slotInfoCount; i++) {
SECMOD_PUTLONG(slot[i].slotID, module->slotInfo[i].slotID);
SECMOD_PUTSHORT(&encoded->names[offset],len3);
offset += sizeof(unsigned short);
if (len3) PORT_Memcpy(&encoded->names[offset],param,len3);
offset += len3;
if (count) {
for (i=0; i < count; i++) {
SECMOD_PUTLONG(slot[i].slotID, slotInfo[i].slotID);
SECMOD_PUTLONG(slot[i].defaultFlags,
module->slotInfo[i].defaultFlags);
SECMOD_PUTLONG(slot[i].timeout,module->slotInfo[i].timeout);
slot[i].askpw = module->slotInfo[i].askpw;
slot[i].hasRootCerts = module->slotInfo[i].hasRootCerts;
slotInfo[i].defaultFlags);
SECMOD_PUTLONG(slot[i].timeout,slotInfo[i].timeout);
slot[i].askpw = slotInfo[i].askpw;
slot[i].hasRootCerts = slotInfo[i].hasRootCerts;
PORT_Memset(slot[i].reserved, 0, sizeof(slot[i].reserved));
}
}
rv = SECSuccess;
return SECSuccess;
loser:
if (commonName) PORT_Free(commonName);
if (dllName) PORT_Free(dllName);
if (param) PORT_Free(param);
if (slotInfo) PORT_Free(slotInfo);
return rv;
}
#endif
static void
secmod_FreeData(DBT *data)
@ -337,13 +378,13 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
unsigned short offset;
PRBool isOldVersion = PR_FALSE;
PRBool internal, isFIPS, isModuleDB=PR_FALSE, isModuleDBOnly=PR_FALSE;
PRBool hasParameters=PR_FALSE,extended=PR_FALSE;
PRBool extended=PR_FALSE;
PRBool hasRootCerts=PR_FALSE,hasRootTrust=PR_FALSE;
unsigned long trustOrder=0, cipherOrder=0;
unsigned long ssl0=0, ssl1=0;
char **slotInfo = NULL;
char **slotStrings = NULL;
unsigned long slotID,defaultFlags,timeout;
char *askpw,*flags,*rootFlags,*slotStrings,*nssFlags,*ciphers,*nss,*params;
char *nss,*moduleSpec;
int i,slotLen;
PLArenaPool *arena;
@ -371,7 +412,6 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
(encoded->minor >= SECMOD_DB_EXT1_VERSION_MINOR)) {
trustOrder = SECMOD_GETLONG(encoded->trustOrder);
cipherOrder = SECMOD_GETLONG(encoded->cipherOrder);
hasParameters = (encoded->hasParameters != 0) ? PR_TRUE: PR_FALSE;
isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE;
isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE: PR_FALSE;
extended = PR_TRUE;
@ -398,16 +438,18 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
PORT_Memcpy(dllName,&names[2],len);
dllName[len] = 0;
}
if (!internal && hasParameters) {
if (!internal && extended) {
names += len+2;
len = SECMOD_GETSHORT(names);
parameters = (char*)PORT_ArenaAlloc(arena,len + 1);
if (parameters == NULL) {
PORT_FreeArena(arena,PR_TRUE);
return NULL;
if (len) {
parameters = (char*)PORT_ArenaAlloc(arena,len + 1);
if (parameters == NULL) {
PORT_FreeArena(arena,PR_TRUE);
return NULL;
}
PORT_Memcpy(parameters,&names[2],len);
parameters[len] = 0;
}
PORT_Memcpy(parameters,&names[2],len);
parameters[len] = 0;
}
if (internal) {
parameters = PORT_ArenaStrdup(arena,defParams);
@ -418,7 +460,7 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
ssl1 = SECMOD_GETLONG(&encoded->ssl[4]);
/* slotCount; */
slotInfo = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *));
slotStrings = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *));
for (i=0; i < (int) slotCount; i++) {
slotID = SECMOD_GETLONG(slots[i].slotID);
defaultFlags = SECMOD_GETLONG(slots[i].defaultFlags);
@ -426,64 +468,22 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
defaultFlags |= internalFlags;
}
timeout = SECMOD_GETLONG(slots[i].timeout);
switch (slots[i].askpw) {
case 0xff:
askpw = "every";
break;
case 1:
askpw = "timeout";
break;
default:
askpw = "any";
break;
}
hasRootCerts = slots[i].hasRootCerts;
if (hasRootCerts && !extended) {
trustOrder = 20;
}
flags = pk11_makeSlotFlags(arena,defaultFlags);
rootFlags = pk11_makeRootFlags(arena,hasRootCerts,hasRootTrust);
slotInfo[i] = PR_smprintf("0x%08x=[slotFlags=%s askpw=%s timeout=%d rootFlags=%s]",slotID,flags,askpw,timeout,rootFlags);
slotStrings[i] = pk11_mkSlotString(slotID,defaultFlags,
timeout,slots[i].askpw,hasRootCerts,hasRootTrust);
}
/* now let's build up the string
* first the slot infos
*/
slotLen=0;
for (i=0; i < (int)slotCount; i++) {
slotLen += strlen(slotInfo[i])+1;
}
slotStrings = (char *)PORT_ArenaAlloc(arena,slotLen);
PORT_Memset(slotStrings,0,slotLen);
for (i=0; i < (int)slotCount; i++) {
PORT_Strcat(slotStrings,slotInfo[i]);
PORT_Strcat(slotStrings," ");
PR_smprintf_free(slotInfo[i]);
slotInfo[i]=NULL;
}
/*
* now the NSS structure
*/
nssFlags = pk11_makeNSSFlags(arena,internal,isFIPS,isModuleDB,
isModuleDBOnly,internal);
/* for now only the internal module is critical */
ciphers = pk11_makeCipherFlags(arena, ssl0, ssl1);
nss = PR_smprintf("NSS=\"trustOrder=%d cipherOrder=%d Flags='%s' slotParams={%s} ciphers='%s'\"",trustOrder,cipherOrder,nssFlags,slotStrings,ciphers);
/*
* now the final spec
*/
if (hasParameters) {
params = PR_smprintf("library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"%s\"",dllName,commonName,parameters,nss);
} else {
params = PR_smprintf("library=\"%s\" name=\"%s\" NSS=\"%s\"",dllName,commonName,nss);
}
nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB,
isModuleDBOnly, internal, trustOrder, cipherOrder, ssl0, ssl1);
moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss);
PR_smprintf_free(nss);
PORT_FreeArena(arena,PR_TRUE);
return (params);
return (moduleSpec);
}
@ -614,7 +614,6 @@ SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) {
int ret;
#ifdef notdef
if (!rw) return SECFailure;
/* make sure we have a db handle */
@ -641,6 +640,5 @@ SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) {
done:
secmod_CloseDB(pkcs11db);
#endif
return rv;
}

119
security/nss/lib/softoken/pk11pars.h
View File

@ -472,8 +472,13 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
}
/* get the data structures */
slotInfo =
(PK11PreSlotInfo *) PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo));
if (arena) {
slotInfo = (PK11PreSlotInfo *)
PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo));
} else {
slotInfo = (PK11PreSlotInfo *)
PORT_ZAlloc(count*sizeof(PK11PreSlotInfo));
}
if (slotInfo == NULL) return NULL;
for (slotIndex = slotParams, i = 0; *slotIndex && i < count ; i++) {
@ -497,12 +502,12 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
}
#define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
sizeof("moduleDBOnly")
sizeof("moduleDBOnly")+sizeof(isCritical)
static char *
pk11_makeNSSFlags(PLArenaPool *arena,PRBool internal, PRBool isFIPS,
pk11_mkNSSFlags(PRBool internal, PRBool isFIPS,
PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
{
char *flags = (char *)PORT_ArenaAlloc(arena,MAX_FLAG_SIZE);
char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
PRBool first = PR_TRUE;
PORT_Memset(flags,0,MAX_FLAG_SIZE);
@ -534,8 +539,7 @@ pk11_makeNSSFlags(PLArenaPool *arena,PRBool internal, PRBool isFIPS,
}
static char *
pk11_makeCipherFlags(PLArenaPool *arena, unsigned long ssl0,
unsigned long ssl1)
pk11_makeCipherFlags(unsigned long ssl0, unsigned long ssl1)
{
char *cipher = NULL;
char *ret = NULL;
@ -574,14 +578,11 @@ pk11_makeCipherFlags(PLArenaPool *arena, unsigned long ssl0,
}
if (cipher == NULL) cipher = PR_smprintf("");
ret = PORT_ArenaStrdup(arena,cipher);
PR_smprintf_free(cipher);
return ret;
return cipher;
}
static char *
pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags)
pk11_makeSlotFlags(unsigned long defaultFlags)
{
char *flags=NULL;
char *ret=NULL;
@ -602,8 +603,7 @@ pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags)
char *tmp;
tmp = PR_smprintf("%s,%s",flags,string);
PR_smprintf_free(flags);
PR_smprintf_free(string);
tmp = flags;
flags = tmp;
} else {
flags = PR_smprintf("%s",string);
}
@ -612,19 +612,16 @@ pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags)
}
if (flags == NULL) flags = PR_smprintf("");
ret = PORT_ArenaStrdup(arena,flags);
PR_smprintf_free(flags);
return ret;
return flags;
}
#define PK11_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust")
static char *
pk11_makeRootFlags(PLArenaPool *arena, PRBool hasRootCerts,
PRBool hasRootTrust)
pk11_makeRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
{
char *flags= (char *)PORT_ArenaAlloc(arena,PK11_MAX_ROOT_FLAG_SIZE);
char *flags= (char *)PORT_ZAlloc(PK11_MAX_ROOT_FLAG_SIZE);
PRBool first = PR_TRUE;
PORT_Memset(flags,0,PK11_MAX_ROOT_FLAG_SIZE);
@ -640,3 +637,85 @@ pk11_makeRootFlags(PLArenaPool *arena, PRBool hasRootCerts,
return flags;
}
static char *
pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
unsigned long timeout, unsigned char askpw_in,
unsigned char hasRootCerts, unsigned char hasRootTrust) {
char *askpw,*flags,*rootFlags,*slotString;
switch (askpw_in) {
case 0xff:
askpw = "every";
break;
case 1:
askpw = "timeout";
break;
default:
askpw = "any";
break;
}
flags = pk11_makeSlotFlags(defaultFlags);
rootFlags = pk11_makeRootFlags(hasRootCerts,hasRootTrust);
slotString = PR_smprintf("0x%08x=[slotFlags=%s askpw=%s timeout=%d rootFlags=%s]",slotID,flags,askpw,timeout,rootFlags);
PORT_Free(flags);
PORT_Free(rootFlags);
return slotString;
}
char *
pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical,
unsigned long trustOrder, unsigned long cipherOrder,
unsigned long ssl0, unsigned long ssl1) {
int slotLen, i;
char *slotParams, *ciphers, *nss, *nssFlags;
/* now let's build up the string
* first the slot infos
*/
slotLen=0;
for (i=0; i < (int)slotCount; i++) {
slotLen += PORT_Strlen(slotStrings[i])+1;
}
slotLen += 1; /* space for the final NULL */
slotParams = (char *)PORT_ZAlloc(slotLen);
PORT_Memset(slotParams,0,slotLen);
for (i=0; i < (int)slotCount; i++) {
PORT_Strcat(slotParams,slotStrings[i]);
PORT_Strcat(slotParams," ");
PR_smprintf_free(slotStrings[i]);
slotStrings[i]=NULL;
}
/*
* now the NSS structure
*/
nssFlags = pk11_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
isCritical);
/* for now only the internal module is critical */
ciphers = pk11_makeCipherFlags(ssl0, ssl1);
nss = PR_smprintf("trustOrder=%d cipherOrder=%d Flags='%s' slotParams={%s} ciphers='%s'",trustOrder,cipherOrder,nssFlags,slotParams,ciphers);
PORT_Free(nssFlags);
PR_smprintf_free(ciphers);
return nss;
}
char *
pk11_mkNewModuleSpec(char *dllName, char *commonName, char *parameters,
char *nss) {
char *moduleSpec;
if (dllName == NULL) dllName="";
if (nss == NULL) nss="";
/*
* now the final spec
*/
if (parameters) {
moduleSpec = PR_smprintf("library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"%s\"",dllName,commonName,parameters,nss);
} else {
moduleSpec = PR_smprintf("library=\"%s\" name=\"%s\" NSS=\"%s\"",dllName,commonName,nss);
}
return (moduleSpec);
}

4
security/nss/lib/softoken/pkcs11.c
View File

@ -2485,10 +2485,10 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args)
return SECMOD_ReadPermDB(secmod,parameters,rw);
case SECMOD_MODULE_DB_FUNCTION_ADD:
return (SECMOD_AddPermDB(secmod,args,rw) == SECSuccess)
? &success: &fail;
? &success: NULL;
case SECMOD_MODULE_DB_FUNCTION_DEL:
return (SECMOD_DeletePermDB(secmod,args,rw) == SECSuccess)
? &success: &fail;
? &success: NULL;
}
return NULL;
}