From b551f36ebbdccb38217018c1ab39b4dda72313bc Mon Sep 17 00:00:00 2001 From: "relyea%netscape.com" Date: Fri, 31 Aug 2001 00:20:47 +0000 Subject: [PATCH] 1) Add the necessary code so that AddModule functions again. 2) Add code to create secmod.db on the fly again. 3) Fix uninitialized structures so that we can switch to the fips token. The results of this checkin should allow the fips tests to pass again. --- security/nss/lib/pk11wrap/pk11modu.c | 8 + security/nss/lib/pk11wrap/pk11pars.c | 98 +++++++++++ security/nss/lib/pk11wrap/pk11slot.c | 2 +- security/nss/lib/pk11wrap/pk11util.c | 18 ++- security/nss/lib/pk11wrap/secmodti.h | 2 + security/nss/lib/softoken/pk11db.c | 232 +++++++++++++-------------- security/nss/lib/softoken/pk11pars.h | 119 +++++++++++--- security/nss/lib/softoken/pkcs11.c | 4 +- 8 files changed, 339 insertions(+), 144 deletions(-) diff --git a/security/nss/lib/pk11wrap/pk11modu.c b/security/nss/lib/pk11wrap/pk11modu.c index 22c7a40feadc..ce6182392aa9 100644 --- a/security/nss/lib/pk11wrap/pk11modu.c +++ b/security/nss/lib/pk11wrap/pk11modu.c @@ -81,6 +81,14 @@ SECMODModule *SECMOD_NewModule(void) { newMod->refCount = 1; newMod->ssl[0] = 0; newMod->ssl[1] = 0; + newMod->libraryParams = NULL; + newMod->moduleDBFunc = NULL; + newMod->parent = NULL; + newMod->isCritical = PR_FALSE; + newMod->isModuleDB = PR_FALSE; + newMod->moduleDBOnly = PR_FALSE; + newMod->trustOrder = 0; + newMod->cipherOrder = 0; #ifdef PKCS11_USE_THREADS newMod->refLock = (void *)PZ_NewLock(nssILockRefLock); if (newMod->refLock == NULL) { diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index c885174f7be1..3e2bc3508ae5 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -83,6 +83,67 @@ pk11_CreateModule(char *library, char *moduleName, char *parameters, char *nss) return mod; } + +static char * +pk11_mkModuleSpec(SECMODModule * module) +{ + char *nss = NULL, *modSpec = NULL, **slotStrings = NULL; + int slotCount, i, si; + + /* allocate target slot info strings */ + slotCount = 0; + if (module->slotCount) { + for (i=0; i < module->slotCount; i++) { + if (module->slots[i]->defaultFlags !=0) { + slotCount++; + } + } + } else { + slotCount = module->slotInfoCount; + } + + slotStrings = (char **)PORT_ZAlloc(slotCount*sizeof(char *)); + if (slotStrings == NULL) { + goto loser; + } + + + /* build the slot info strings */ + if (module->slotCount) { + for (i=0, si= 0; i < module->slotCount; i++) { + if (module->slots[i]->defaultFlags) { + PORT_Assert(si < slotCount); + if (si >= slotCount) break; + slotStrings[si] = pk11_mkSlotString(module->slots[i]->slotID, + module->slots[i]->defaultFlags, + module->slots[i]->timeout, + module->slots[i]->askpw, + module->slots[i]->hasRootCerts, + module->slots[i]->hasRootTrust); + si++; + } + } + } else { + for (i=0; i < slotCount; i++) { + slotStrings[i] = pk11_mkSlotString(module->slotInfo[i].slotID, + module->slotInfo[i].defaultFlags, + module->slotInfo[i].timeout, + module->slotInfo[i].askpw, + module->slotInfo[i].hasRootCerts, + module->slotInfo[i].hasRootTrust); + } + } + + nss = pk11_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS, + module->isModuleDB, module->moduleDBOnly, module->isCritical, + module->trustOrder,module->cipherOrder,module->ssl[0],module->ssl[1]); + modSpec= pk11_mkNewModuleSpec(module->dllName,module->commonName, + module->libraryParams,nss); + PORT_Free(slotStrings); + PR_smprintf_free(nss); +loser: + return (modSpec); +} char ** @@ -96,6 +157,43 @@ pk11_getModuleSpecList(SECMODModule *module) return NULL; } +SECStatus +pk11_AddPermDB(SECMODModule *module) +{ + SECMODModuleDBFunc func; + char *moduleSpec; + char **retString; + + if (module->parent == NULL) return SECFailure; + + func = (SECMODModuleDBFunc) module->parent->moduleDBFunc; + if (func) { + moduleSpec = pk11_mkModuleSpec(module); + retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD, + module->parent->libraryParams,moduleSpec); + PORT_Free(moduleSpec); + if (retString != NULL) return SECSuccess; + } + return SECFailure; +} + +SECStatus +pk11_DeletePermDB(SECMODModule *module) +{ + SECMODModuleDBFunc func; + char **retString; + + if (module->parent == NULL) return SECFailure; + + func = (SECMODModuleDBFunc) module->parent->moduleDBFunc; + if (func) { + retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL, + module->parent->libraryParams,module->commonName); + if (retString != NULL) return SECSuccess; + } + return SECFailure; +} + pk11_freeModuleSpecList(char **moduleSpecList) { char ** index; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 595bf4065dfb..535ca627ef9d 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -741,7 +741,7 @@ PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx) void PK11_SlotDBUpdate(PK11SlotInfo *slot) { - SECMOD_AddPermDB(slot->module); + pk11_AddPermDB(slot->module); } /* diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 25185ff889f4..61f1cfbb2c96 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -44,6 +44,7 @@ static SECMODModuleList *modules = NULL; static SECMODModuleList *modulesDB = NULL; static SECMODModule *internalModule = NULL; +static SECMODModule *defaultDBModule = NULL; static SECMODListLock *moduleLock = NULL; extern SECStatus @@ -242,6 +243,9 @@ SECMOD_AddModuleToList(SECMODModule *newModule) { SECStatus SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule) { + if (defaultDBModule == NULL) { + defaultDBModule = SECMOD_ReferenceModule(newModule); + } return secmod_AddModuleToList(&modulesDB,newModule); } @@ -351,7 +355,7 @@ SECMOD_DeleteModule(char *name, int *type) { if (rv == SECSuccess) { - SECMOD_DeletePermDB(mlp->module); + pk11_DeletePermDB(mlp->module); SECMOD_DestroyModuleListElement(mlp); } return rv; @@ -406,6 +410,8 @@ SECMOD_DeleteInternalModule(char *name) { SECMOD_ReleaseWriteLock(moduleLock); return SECFailure; } + newModule->libraryParams = + PORT_ArenaStrdup(mlp->module->arena,mlp->module->libraryParams); oldModule = internalModule; internalModule = SECMOD_ReferenceModule(newModule); SECMOD_AddModule(internalModule); @@ -436,7 +442,11 @@ SECMOD_AddModule(SECMODModule *newModule) { return rv; } - SECMOD_AddPermDB(newModule); + if (newModule->parent == NULL) { + newModule->parent = SECMOD_ReferenceModule(defaultDBModule); + } + + pk11_AddPermDB(newModule); SECMOD_AddModuleToList(newModule); return SECSuccess; @@ -538,10 +548,10 @@ SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath, } /* for each slot of this module */ /* delete and re-add module in order to save changes to the module */ - result = SECMOD_DeletePermDB(module); + result = pk11_DeletePermDB(module); if (result == SECSuccess) { - result = SECMOD_AddPermDB(module); + result = pk11_AddPermDB(module); if (result == SECSuccess) { return SECSuccess; } diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h index 43d95c7509dd..622ae83626a9 100644 --- a/security/nss/lib/pk11wrap/secmodti.h +++ b/security/nss/lib/pk11wrap/secmodti.h @@ -117,6 +117,7 @@ struct PK11SlotInfoStr { char slot_name[65]; char token_name[33]; PRBool hasRootCerts; + PRBool hasRootTrust; PRBool hasRSAInfo; CK_FLAGS RSAInfoFlags; }; @@ -131,6 +132,7 @@ struct PK11PreSlotInfoStr { int askpw; /* slot specific password bits */ long timeout; /* slot specific timeout value */ char hasRootCerts; /* is this the root cert PKCS #11 module? */ + char hasRootTrust; /* is this the root cert PKCS #11 module? */ }; /* Symetric Key structure. Reference Counted */ diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index b468a4b6ab0d..23ce2b783987 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -181,11 +181,12 @@ struct secmodDataStr { unsigned char ssl[8]; unsigned char trustOrder[4]; unsigned char cipherOrder[4]; - unsigned char hasParameters; + unsigned char reserved1; unsigned char isModuleDB; unsigned char isModuleDBOnly; - unsigned char reserved; - unsigned char names[4]; /* enough space for the length fields */ + unsigned char isCritical; + unsigned char reserved[4]; + unsigned char names[6]; /* enough space for the length fields */ }; struct secmodSlotDataStr { @@ -220,94 +221,134 @@ struct secmodSlotDataStr { ( (unsigned long) (src)[2] << 8) | \ (unsigned long) (src)[3])) -#ifdef notdef /* * build a data base entry from a module */ -static SECStatus secmod_EncodeData(DBT *data, SECMODModule * module) { - secmodData *encoded; +static SECStatus secmod_EncodeData(DBT *data, char * module) { + secmodData *encoded = NULL; secmodSlotData *slot; unsigned char *dataPtr; - unsigned short len, len2 = 0,count = 0; + unsigned short len, len2 = 0, len3 = 0; + int count = 0; unsigned short offset; int dataLen, i, si; + unsigned long order; + unsigned long ssl[2]; + char *commonName = NULL , *dllName = NULL, *param = NULL, *nss = NULL; + char *slotParams, *ciphers; + PK11PreSlotInfo *slotInfo = NULL; + SECStatus rv = SECFailure; - len = PORT_Strlen(module->commonName); - if (module->dllName) { - len2 = PORT_Strlen(module->dllName); + rv = pk11_argParseModuleSpec(module,&dllName,&commonName,¶m,&nss); + if (rv != SECSuccess) return rv; + rv = SECFailure; + + if (commonName == NULL) { + /* set error */ + goto loser; } - if (module->slotCount != 0) { - for (i=0; i < module->slotCount; i++) { - if (module->slots[i]->defaultFlags != 0) { - count++; - } - } - } else { - count = module->slotInfoCount; + + len = PORT_Strlen(commonName); + if (dllName) { + len2 = PORT_Strlen(dllName); } - dataLen = sizeof(secmodData) + len + len2 + 2 + + if (param) { + len3 = PORT_Strlen(param); + } + + slotParams = pk11_argGetParamValue("slotParams",nss); + slotInfo = pk11_argParseSlotInfo(NULL,slotParams,&count); + if (slotParams) PORT_Free(slotParams); + + if (count && slotInfo == NULL) { + /* set error */ + goto loser; + } + + dataLen = sizeof(secmodData) + len + len2 + len3 + count*sizeof(secmodSlotData); - data->data = (unsigned char *) - PORT_Alloc(dataLen); + data->data = (unsigned char *) PORT_ZAlloc(dataLen); encoded = (secmodData *)data->data; dataPtr = (unsigned char *) data->data; data->size = dataLen; - if (encoded == NULL) return SECFailure; + if (encoded == NULL) { + /* set error */ + goto loser; + } encoded->major = SECMOD_DB_VERSION_MAJOR; encoded->minor = SECMOD_DB_VERSION_MINOR; - encoded->internal = (unsigned char) (module->internal ? 1 : 0); - encoded->fips = (unsigned char) (module->isFIPS ? 1 : 0); - SECMOD_PUTLONG(encoded->ssl,module->ssl[0]); - SECMOD_PUTLONG(&encoded->ssl[4],module->ssl[1]); + encoded->internal = (unsigned char) + (pk11_argHasFlag("flags","internal",nss) ? 1 : 0); + encoded->fips = (unsigned char) + (pk11_argHasFlag("flags","FIPS",nss) ? 1 : 0); + encoded->isModuleDB = (unsigned char) + (pk11_argHasFlag("flags","isModuleDB",nss) ? 1 : 0); + encoded->isModuleDBOnly = (unsigned char) + (pk11_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0); + encoded->isCritical = (unsigned char) + (pk11_argHasFlag("flags","isCritical",nss) ? 1 : 0); + + order = pk11_argReadLong("trustOrder",nss); + SECMOD_PUTLONG(encoded->trustOrder,order); + order = pk11_argReadLong("cipherOrder",nss); + SECMOD_PUTLONG(encoded->cipherOrder,order); + + + ciphers = pk11_argGetParamValue("ciphers",nss); + pk11_argSetNewCipherFlags(&ssl[0], ciphers); + SECMOD_PUTLONG(encoded->ssl,ssl[0]); + SECMOD_PUTLONG(&encoded->ssl[4],ssl[1]); offset = (unsigned long) &(((secmodData *)0)->names[0]); SECMOD_PUTSHORT(encoded->nameStart,offset); - offset = offset +len + len2 + 4; + offset = offset + len + len2 + len3 + 3*sizeof(unsigned short); SECMOD_PUTSHORT(encoded->slotOffset,offset); - SECMOD_PUTSHORT(&dataPtr[offset],count); - slot = (secmodSlotData *)(dataPtr+offset+2); + SECMOD_PUTSHORT(&dataPtr[offset],((unsigned short)count)); + slot = (secmodSlotData *)(dataPtr+offset+sizeof(unsigned short)); + offset = 0; SECMOD_PUTSHORT(encoded->names,len); - PORT_Memcpy(&encoded->names[2],module->commonName,len); + offset += sizeof(unsigned short); + PORT_Memcpy(&encoded->names[offset],commonName,len); + offset += len; - SECMOD_PUTSHORT(&encoded->names[len+2],len2); - if (len2) PORT_Memcpy(&encoded->names[len+4],module->dllName,len2); + SECMOD_PUTSHORT(&encoded->names[offset],len2); + offset += sizeof(unsigned short); + if (len2) PORT_Memcpy(&encoded->names[offset],dllName,len2); + offset += len2; - if (module->slotCount) { - for (i=0,si=0; i < module->slotCount; i++) { - if (module->slots[i]->defaultFlags) { - SECMOD_PUTLONG(slot[si].slotID, module->slots[i]->slotID); - SECMOD_PUTLONG(slot[si].defaultFlags, - module->slots[i]->defaultFlags); - SECMOD_PUTLONG(slot[si].timeout,module->slots[i]->timeout); - slot[si].askpw = module->slots[i]->askpw; - slot[si].hasRootCerts = module->slots[i]->hasRootCerts; - PORT_Memset(slot[si].reserved, 0, sizeof(slot[si].reserved)); - si++; - } - } - } else { - for (i=0; i < module->slotInfoCount; i++) { - SECMOD_PUTLONG(slot[i].slotID, module->slotInfo[i].slotID); + SECMOD_PUTSHORT(&encoded->names[offset],len3); + offset += sizeof(unsigned short); + if (len3) PORT_Memcpy(&encoded->names[offset],param,len3); + offset += len3; + + if (count) { + for (i=0; i < count; i++) { + SECMOD_PUTLONG(slot[i].slotID, slotInfo[i].slotID); SECMOD_PUTLONG(slot[i].defaultFlags, - module->slotInfo[i].defaultFlags); - SECMOD_PUTLONG(slot[i].timeout,module->slotInfo[i].timeout); - slot[i].askpw = module->slotInfo[i].askpw; - slot[i].hasRootCerts = module->slotInfo[i].hasRootCerts; + slotInfo[i].defaultFlags); + SECMOD_PUTLONG(slot[i].timeout,slotInfo[i].timeout); + slot[i].askpw = slotInfo[i].askpw; + slot[i].hasRootCerts = slotInfo[i].hasRootCerts; PORT_Memset(slot[i].reserved, 0, sizeof(slot[i].reserved)); } } + rv = SECSuccess; - return SECSuccess; +loser: + if (commonName) PORT_Free(commonName); + if (dllName) PORT_Free(dllName); + if (param) PORT_Free(param); + if (slotInfo) PORT_Free(slotInfo); + return rv; } -#endif static void secmod_FreeData(DBT *data) @@ -337,13 +378,13 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) unsigned short offset; PRBool isOldVersion = PR_FALSE; PRBool internal, isFIPS, isModuleDB=PR_FALSE, isModuleDBOnly=PR_FALSE; - PRBool hasParameters=PR_FALSE,extended=PR_FALSE; + PRBool extended=PR_FALSE; PRBool hasRootCerts=PR_FALSE,hasRootTrust=PR_FALSE; unsigned long trustOrder=0, cipherOrder=0; unsigned long ssl0=0, ssl1=0; - char **slotInfo = NULL; + char **slotStrings = NULL; unsigned long slotID,defaultFlags,timeout; - char *askpw,*flags,*rootFlags,*slotStrings,*nssFlags,*ciphers,*nss,*params; + char *nss,*moduleSpec; int i,slotLen; PLArenaPool *arena; @@ -371,7 +412,6 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) (encoded->minor >= SECMOD_DB_EXT1_VERSION_MINOR)) { trustOrder = SECMOD_GETLONG(encoded->trustOrder); cipherOrder = SECMOD_GETLONG(encoded->cipherOrder); - hasParameters = (encoded->hasParameters != 0) ? PR_TRUE: PR_FALSE; isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE; isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE: PR_FALSE; extended = PR_TRUE; @@ -398,16 +438,18 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) PORT_Memcpy(dllName,&names[2],len); dllName[len] = 0; } - if (!internal && hasParameters) { + if (!internal && extended) { names += len+2; len = SECMOD_GETSHORT(names); - parameters = (char*)PORT_ArenaAlloc(arena,len + 1); - if (parameters == NULL) { - PORT_FreeArena(arena,PR_TRUE); - return NULL; + if (len) { + parameters = (char*)PORT_ArenaAlloc(arena,len + 1); + if (parameters == NULL) { + PORT_FreeArena(arena,PR_TRUE); + return NULL; + } + PORT_Memcpy(parameters,&names[2],len); + parameters[len] = 0; } - PORT_Memcpy(parameters,&names[2],len); - parameters[len] = 0; } if (internal) { parameters = PORT_ArenaStrdup(arena,defParams); @@ -418,7 +460,7 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) ssl1 = SECMOD_GETLONG(&encoded->ssl[4]); /* slotCount; */ - slotInfo = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *)); + slotStrings = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *)); for (i=0; i < (int) slotCount; i++) { slotID = SECMOD_GETLONG(slots[i].slotID); defaultFlags = SECMOD_GETLONG(slots[i].defaultFlags); @@ -426,64 +468,22 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) defaultFlags |= internalFlags; } timeout = SECMOD_GETLONG(slots[i].timeout); - switch (slots[i].askpw) { - case 0xff: - askpw = "every"; - break; - case 1: - askpw = "timeout"; - break; - default: - askpw = "any"; - break; - } hasRootCerts = slots[i].hasRootCerts; if (hasRootCerts && !extended) { trustOrder = 20; } - flags = pk11_makeSlotFlags(arena,defaultFlags); - rootFlags = pk11_makeRootFlags(arena,hasRootCerts,hasRootTrust); - slotInfo[i] = PR_smprintf("0x%08x=[slotFlags=%s askpw=%s timeout=%d rootFlags=%s]",slotID,flags,askpw,timeout,rootFlags); + + slotStrings[i] = pk11_mkSlotString(slotID,defaultFlags, + timeout,slots[i].askpw,hasRootCerts,hasRootTrust); } - /* now let's build up the string - * first the slot infos - */ - slotLen=0; - for (i=0; i < (int)slotCount; i++) { - slotLen += strlen(slotInfo[i])+1; - } - - slotStrings = (char *)PORT_ArenaAlloc(arena,slotLen); - PORT_Memset(slotStrings,0,slotLen); - for (i=0; i < (int)slotCount; i++) { - PORT_Strcat(slotStrings,slotInfo[i]); - PORT_Strcat(slotStrings," "); - PR_smprintf_free(slotInfo[i]); - slotInfo[i]=NULL; - } - - /* - * now the NSS structure - */ - nssFlags = pk11_makeNSSFlags(arena,internal,isFIPS,isModuleDB, - isModuleDBOnly,internal); - /* for now only the internal module is critical */ - ciphers = pk11_makeCipherFlags(arena, ssl0, ssl1); - nss = PR_smprintf("NSS=\"trustOrder=%d cipherOrder=%d Flags='%s' slotParams={%s} ciphers='%s'\"",trustOrder,cipherOrder,nssFlags,slotStrings,ciphers); - - /* - * now the final spec - */ - if (hasParameters) { - params = PR_smprintf("library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"%s\"",dllName,commonName,parameters,nss); - } else { - params = PR_smprintf("library=\"%s\" name=\"%s\" NSS=\"%s\"",dllName,commonName,nss); - } + nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB, + isModuleDBOnly, internal, trustOrder, cipherOrder, ssl0, ssl1); + moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss); PR_smprintf_free(nss); PORT_FreeArena(arena,PR_TRUE); - return (params); + return (moduleSpec); } @@ -614,7 +614,6 @@ SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) { int ret; -#ifdef notdef if (!rw) return SECFailure; /* make sure we have a db handle */ @@ -641,6 +640,5 @@ SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) { done: secmod_CloseDB(pkcs11db); -#endif return rv; } diff --git a/security/nss/lib/softoken/pk11pars.h b/security/nss/lib/softoken/pk11pars.h index 35618cb64f2a..1d7d1efc5c99 100644 --- a/security/nss/lib/softoken/pk11pars.h +++ b/security/nss/lib/softoken/pk11pars.h @@ -472,8 +472,13 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) } /* get the data structures */ - slotInfo = - (PK11PreSlotInfo *) PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo)); + if (arena) { + slotInfo = (PK11PreSlotInfo *) + PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo)); + } else { + slotInfo = (PK11PreSlotInfo *) + PORT_ZAlloc(count*sizeof(PK11PreSlotInfo)); + } if (slotInfo == NULL) return NULL; for (slotIndex = slotParams, i = 0; *slotIndex && i < count ; i++) { @@ -497,12 +502,12 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) } #define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\ - sizeof("moduleDBOnly") + sizeof("moduleDBOnly")+sizeof(isCritical) static char * -pk11_makeNSSFlags(PLArenaPool *arena,PRBool internal, PRBool isFIPS, +pk11_mkNSSFlags(PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical) { - char *flags = (char *)PORT_ArenaAlloc(arena,MAX_FLAG_SIZE); + char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE); PRBool first = PR_TRUE; PORT_Memset(flags,0,MAX_FLAG_SIZE); @@ -534,8 +539,7 @@ pk11_makeNSSFlags(PLArenaPool *arena,PRBool internal, PRBool isFIPS, } static char * -pk11_makeCipherFlags(PLArenaPool *arena, unsigned long ssl0, - unsigned long ssl1) +pk11_makeCipherFlags(unsigned long ssl0, unsigned long ssl1) { char *cipher = NULL; char *ret = NULL; @@ -574,14 +578,11 @@ pk11_makeCipherFlags(PLArenaPool *arena, unsigned long ssl0, } if (cipher == NULL) cipher = PR_smprintf(""); - ret = PORT_ArenaStrdup(arena,cipher); - PR_smprintf_free(cipher); - - return ret; + return cipher; } static char * -pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags) +pk11_makeSlotFlags(unsigned long defaultFlags) { char *flags=NULL; char *ret=NULL; @@ -602,8 +603,7 @@ pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags) char *tmp; tmp = PR_smprintf("%s,%s",flags,string); PR_smprintf_free(flags); - PR_smprintf_free(string); - tmp = flags; + flags = tmp; } else { flags = PR_smprintf("%s",string); } @@ -612,19 +612,16 @@ pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags) } if (flags == NULL) flags = PR_smprintf(""); - ret = PORT_ArenaStrdup(arena,flags); - PR_smprintf_free(flags); - return ret; + return flags; } #define PK11_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust") static char * -pk11_makeRootFlags(PLArenaPool *arena, PRBool hasRootCerts, - PRBool hasRootTrust) +pk11_makeRootFlags(PRBool hasRootCerts, PRBool hasRootTrust) { - char *flags= (char *)PORT_ArenaAlloc(arena,PK11_MAX_ROOT_FLAG_SIZE); + char *flags= (char *)PORT_ZAlloc(PK11_MAX_ROOT_FLAG_SIZE); PRBool first = PR_TRUE; PORT_Memset(flags,0,PK11_MAX_ROOT_FLAG_SIZE); @@ -640,3 +637,85 @@ pk11_makeRootFlags(PLArenaPool *arena, PRBool hasRootCerts, return flags; } +static char * +pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags, + unsigned long timeout, unsigned char askpw_in, + unsigned char hasRootCerts, unsigned char hasRootTrust) { + char *askpw,*flags,*rootFlags,*slotString; + + switch (askpw_in) { + case 0xff: + askpw = "every"; + break; + case 1: + askpw = "timeout"; + break; + default: + askpw = "any"; + break; + } + flags = pk11_makeSlotFlags(defaultFlags); + rootFlags = pk11_makeRootFlags(hasRootCerts,hasRootTrust); + slotString = PR_smprintf("0x%08x=[slotFlags=%s askpw=%s timeout=%d rootFlags=%s]",slotID,flags,askpw,timeout,rootFlags); + PORT_Free(flags); + PORT_Free(rootFlags); + return slotString; +} + +char * +pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS, + PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical, + unsigned long trustOrder, unsigned long cipherOrder, + unsigned long ssl0, unsigned long ssl1) { + int slotLen, i; + char *slotParams, *ciphers, *nss, *nssFlags; + + /* now let's build up the string + * first the slot infos + */ + slotLen=0; + for (i=0; i < (int)slotCount; i++) { + slotLen += PORT_Strlen(slotStrings[i])+1; + } + slotLen += 1; /* space for the final NULL */ + + slotParams = (char *)PORT_ZAlloc(slotLen); + PORT_Memset(slotParams,0,slotLen); + for (i=0; i < (int)slotCount; i++) { + PORT_Strcat(slotParams,slotStrings[i]); + PORT_Strcat(slotParams," "); + PR_smprintf_free(slotStrings[i]); + slotStrings[i]=NULL; + } + + /* + * now the NSS structure + */ + nssFlags = pk11_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly, + isCritical); + /* for now only the internal module is critical */ + ciphers = pk11_makeCipherFlags(ssl0, ssl1); + nss = PR_smprintf("trustOrder=%d cipherOrder=%d Flags='%s' slotParams={%s} ciphers='%s'",trustOrder,cipherOrder,nssFlags,slotParams,ciphers); + PORT_Free(nssFlags); + PR_smprintf_free(ciphers); + + return nss; +} +char * +pk11_mkNewModuleSpec(char *dllName, char *commonName, char *parameters, + char *nss) { + char *moduleSpec; + + if (dllName == NULL) dllName=""; + if (nss == NULL) nss=""; + /* + * now the final spec + */ + if (parameters) { + moduleSpec = PR_smprintf("library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"%s\"",dllName,commonName,parameters,nss); + } else { + moduleSpec = PR_smprintf("library=\"%s\" name=\"%s\" NSS=\"%s\"",dllName,commonName,nss); + } + return (moduleSpec); +} + diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 4dc4cb6cf0fb..c7b9d725af32 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2485,10 +2485,10 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args) return SECMOD_ReadPermDB(secmod,parameters,rw); case SECMOD_MODULE_DB_FUNCTION_ADD: return (SECMOD_AddPermDB(secmod,args,rw) == SECSuccess) - ? &success: &fail; + ? &success: NULL; case SECMOD_MODULE_DB_FUNCTION_DEL: return (SECMOD_DeletePermDB(secmod,args,rw) == SECSuccess) - ? &success: &fail; + ? &success: NULL; } return NULL; }