Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Functions | Variables
nssinit.c File Reference
#include <ctype.h>
#include "seccomon.h"
#include "prinit.h"
#include "prprf.h"
#include "prmem.h"
#include "cert.h"
#include "key.h"
#include "ssl.h"
#include "sslproto.h"
#include "secmod.h"
#include "secoid.h"
#include "nss.h"
#include "pk11func.h"
#include "secerr.h"
#include "nssbase.h"
#include "pki3hack.h"
#include "certi.h"
#include "secmodi.h"
#include "ocspi.h"

Go to the source code of this file.

Classes

struct  NSSShutdownFuncPair
struct  NSSShutdownListStr

Defines

#define NSS_MAX_FLAG_SIZE
#define NSS_DEFAULT_MOD_NAME   "NSS Internal Module"
#define FILE_SEP   '/'
#define NSS_SHUTDOWN_STEP   10

Functions

static char * nss_makeFlags (PRBool readOnly, PRBool noCertDB, PRBool noModDB, PRBool forceOpen, PRBool passwordRequired, PRBool optimizeSpace)
void PK11_ConfigurePKCS11 (const char *man, const char *libdes, const char *tokdes, const char *ptokdes, const char *slotdes, const char *pslotdes, const char *fslotdes, const char *fpslotdes, int minPwd, int pwRequired)
static char * nss_addEscape (const char *string, char quote)
static char * nss_doubleEscape (const char *string)
SECStatus secoid_Init (void)
static SECStatus nss_InitShutdownList (void)
static SECStatus nss_Init (const char *configdir, const char *certPrefix, const char *keyPrefix, const char *secmodName, PRBool readOnly, PRBool noCertDB, PRBool noModDB, PRBool forceOpen, PRBool noRootInit, PRBool optimizeSpace, PRBool noSingleThreadedModules, PRBool allowAlreadyInitializedModules, PRBool dontFinalizeModules)
SECStatus NSS_Init (const char *configdir)
SECStatus NSS_InitReadWrite (const char *configdir)
SECStatus NSS_Initialize (const char *configdir, const char *certPrefix, const char *keyPrefix, const char *secmodName, PRUint32 flags)
SECStatus NSS_NoDB_Init (const char *configdir)
static int nss_GetShutdownEntry (NSS_ShutdownFunc sFunc, void *appData)
SECStatus NSS_RegisterShutdown (NSS_ShutdownFunc sFunc, void *appData)
SECStatus NSS_UnregisterShutdown (NSS_ShutdownFunc sFunc, void *appData)
static SECStatus nss_ShutdownShutdownList (void)
SECStatus NSS_Shutdown (void)
PRBool NSS_IsInitialized (void)
PRBool NSS_VersionCheck (const char *importedVersion)

Variables

static char * pk11_config_strings = NULL
static char * pk11_config_name = NULL
static PRBool pk11_password_required = PR_FALSE
static const char * dllname
static struct NSSShutdownListStr nssShutdownList
const NSSError NSS_ERROR_BUSY
const char __nss_base_rcsid []
const char __nss_base_sccsid []

Class Documentation

struct NSSShutdownFuncPair

Definition at line 625 of file nssinit.c.

Class Members
void * appData
NSS_ShutdownFunc func
struct NSSShutdownListStr

Definition at line 630 of file nssinit.c.

Collaboration diagram for NSSShutdownListStr:
Class Members
struct NSSShutdownFuncPair * funcs
PZLock * lock
int maxFuncs
int numFuncs

Define Documentation

#define FILE_SEP   '/'
#define NSS_DEFAULT_MOD_NAME   "NSS Internal Module"

Definition at line 83 of file nssinit.c.

Value:
sizeof("readOnly")+sizeof("noCertDB")+ \
       sizeof("noModDB")+sizeof("forceOpen")+sizeof("passwordRequired")+ \
       sizeof ("optimizeSpace")

Definition at line 80 of file nssinit.c.

Definition at line 607 of file nssinit.c.


Function Documentation

static char* nss_addEscape ( const char *  string,
char  quote 
) [static]

Definition at line 229 of file nssinit.c.

{
    char *newString = 0;
    int escapes = 0, size = 0;
    const char *src;
    char *dest;

    for (src=string; *src ; src++) {
       if ((*src == quote) || (*src == '\\')) escapes++;
       size++;
    }

    newString = PORT_ZAlloc(escapes+size+1); 
    if (newString == NULL) {
       return NULL;
    }

    for (src=string, dest=newString; *src; src++,dest++) {
       if ((*src == '\\') || (*src == quote)) {
           *dest++ = '\\';
       }
       *dest = *src;
    }

    return newString;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static char* nss_doubleEscape ( const char *  string) [static]

Definition at line 257 of file nssinit.c.

{
    char *round1 = NULL;
    char *retValue = NULL;
    if (string == NULL) {
       goto done;
    }
    round1 = nss_addEscape(string,'\'');
    if (round1) {
       retValue = nss_addEscape(round1,'"');
       PORT_Free(round1);
    }

done:
    if (retValue == NULL) {
       retValue = PORT_Strdup("");
    }
    return retValue;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int nss_GetShutdownEntry ( NSS_ShutdownFunc  sFunc,
void appData 
) [static]

Definition at line 625 of file nssinit.c.

{
    int count, i;
    count = nssShutdownList.numFuncs;
    /* expect the list to be short, just do a linear search */
    for (i=0; i < count; i++) {
       if ((nssShutdownList.funcs[i].func == sFunc) &&
           (nssShutdownList.funcs[i].appData == appData)){
           return i;
       }
    }
    return -1;
}

Here is the caller graph for this function:

static SECStatus nss_Init ( const char *  configdir,
const char *  certPrefix,
const char *  keyPrefix,
const char *  secmodName,
PRBool  readOnly,
PRBool  noCertDB,
PRBool  noModDB,
PRBool  forceOpen,
PRBool  noRootInit,
PRBool  optimizeSpace,
PRBool  noSingleThreadedModules,
PRBool  allowAlreadyInitializedModules,
PRBool  dontFinalizeModules 
) [static]

Definition at line 407 of file nssinit.c.

{
    char *moduleSpec = NULL;
    char *flags = NULL;
    SECStatus rv = SECFailure;
    char *lconfigdir = NULL;
    char *lcertPrefix = NULL;
    char *lkeyPrefix = NULL;
    char *lsecmodName = NULL;

    if (nss_IsInitted) {
       return SECSuccess;
    }

    /* New option bits must not change the size of CERTCertificate. */
    PORT_Assert(sizeof(dummyCert.options) == sizeof(void *));

    if (SECSuccess != InitCRLCache()) {
        return SECFailure;
    }
    
    if (SECSuccess != InitOCSPGlobal()) {
        return SECFailure;
    }

    flags = nss_makeFlags(readOnly,noCertDB,noModDB,forceOpen,
                                   pk11_password_required, optimizeSpace);
    if (flags == NULL) return rv;

    /*
     * configdir is double nested, and Windows uses the same character
     * for file seps as we use for escapes! (sigh).
     */
    lconfigdir = nss_doubleEscape(configdir);
    if (lconfigdir == NULL) {
       goto loser;
    }
    lcertPrefix = nss_doubleEscape(certPrefix);
    if (lcertPrefix == NULL) {
       goto loser;
    }
    lkeyPrefix = nss_doubleEscape(keyPrefix);
    if (lkeyPrefix == NULL) {
       goto loser;
    }
    lsecmodName = nss_doubleEscape(secmodName);
    if (lsecmodName == NULL) {
       goto loser;
    }
    if (noSingleThreadedModules || allowAlreadyInitializedModules ||
        dontFinalizeModules) {
        pk11_setGlobalOptions(noSingleThreadedModules,
                              allowAlreadyInitializedModules,
                              dontFinalizeModules);
    }

    moduleSpec = PR_smprintf("name=\"%s\" parameters=\"configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s %s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"",
              pk11_config_name ? pk11_config_name : NSS_DEFAULT_MOD_NAME,
              lconfigdir,lcertPrefix,lkeyPrefix,lsecmodName,flags,
              pk11_config_strings ? pk11_config_strings : "");

loser:
    PORT_Free(flags);
    if (lconfigdir) PORT_Free(lconfigdir);
    if (lcertPrefix) PORT_Free(lcertPrefix);
    if (lkeyPrefix) PORT_Free(lkeyPrefix);
    if (lsecmodName) PORT_Free(lsecmodName);

    if (moduleSpec) {
       SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
       PR_smprintf_free(moduleSpec);
       if (module) {
           if (module->loaded) rv=SECSuccess;
           SECMOD_DestroyModule(module);
       }
    }

    if (rv == SECSuccess) {
       if (secoid_Init() != SECSuccess) {
           return SECFailure;
       }
       if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) {
           return SECFailure;
       }
       if (nss_InitShutdownList() != SECSuccess) {
           return SECFailure;
       }
       CERT_SetDefaultCertDB((CERTCertDBHandle *)
                            STAN_GetDefaultTrustDomain());
#ifndef XP_MAC
       /* only servers need this. We currently do not have a mac server */
       if ((!noModDB) && (!noCertDB) && (!noRootInit)) {
           if (!SECMOD_HasRootCerts()) {
              nss_FindExternalRoot(configdir, secmodName);
           }
       }
#endif
       pk11sdr_Init();
       cert_CreateSubjectKeyIDHashTable();
       nss_IsInitted = PR_TRUE;
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus NSS_Init ( const char *  configdir)

Definition at line 518 of file nssinit.c.

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus NSS_Initialize ( const char *  configdir,
const char *  certPrefix,
const char *  keyPrefix,
const char *  secmodName,
PRUint32  flags 
)

Definition at line 580 of file nssinit.c.

{
    return nss_Init(configdir, certPrefix, keyPrefix, secmodName, 
       ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
       ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
       ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
       ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN),
       ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT),
       ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
        ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
        ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
        ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus NSS_InitReadWrite ( const char *  configdir)

Definition at line 525 of file nssinit.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nss_InitShutdownList ( void  ) [static]

Definition at line 810 of file nssinit.c.

{
    return nss_IsInitted;
}
static char* nss_makeFlags ( PRBool  readOnly,
PRBool  noCertDB,
PRBool  noModDB,
PRBool  forceOpen,
PRBool  passwordRequired,
PRBool  optimizeSpace 
) [static]

Definition at line 86 of file nssinit.c.

{
    char *flags = (char *)PORT_Alloc(NSS_MAX_FLAG_SIZE);
    PRBool first = PR_TRUE;

    PORT_Memset(flags,0,NSS_MAX_FLAG_SIZE);
    if (readOnly) {
        PORT_Strcat(flags,"readOnly");
        first = PR_FALSE;
    }
    if (noCertDB) {
        if (!first) PORT_Strcat(flags,",");
        PORT_Strcat(flags,"noCertDB");
        first = PR_FALSE;
    }
    if (noModDB) {
        if (!first) PORT_Strcat(flags,",");
        PORT_Strcat(flags,"noModDB");
        first = PR_FALSE;
    }
    if (forceOpen) {
        if (!first) PORT_Strcat(flags,",");
        PORT_Strcat(flags,"forceOpen");
        first = PR_FALSE;
    }
    if (passwordRequired) {
        if (!first) PORT_Strcat(flags,",");
        PORT_Strcat(flags,"passwordRequired");
        first = PR_FALSE;
    }
    if (optimizeSpace) {
        if (!first) PORT_Strcat(flags,",");
        PORT_Strcat(flags,"optimizeSpace");
        first = PR_FALSE;
    }
    return flags;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus NSS_NoDB_Init ( const char *  configdir)

Definition at line 599 of file nssinit.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 643 of file nssinit.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 775 of file nssinit.c.

{
    SECStatus shutdownRV = SECSuccess;
    SECStatus rv;
    PRStatus status;

    if (!nss_IsInitted) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return SECFailure;
    }

    rv = nss_ShutdownShutdownList();
    if (rv != SECSuccess) {
       shutdownRV = SECFailure;
    }
    ShutdownCRLCache();
    SECOID_Shutdown();
    status = STAN_Shutdown();
    cert_DestroySubjectKeyIDHashTable();
    rv = SECMOD_Shutdown();
    if (rv != SECSuccess) {
       shutdownRV = SECFailure;
    }
    pk11sdr_Shutdown();
    if (status == PR_FAILURE) {
       if (NSS_GetError() == NSS_ERROR_BUSY) {
           PORT_SetError(SEC_ERROR_BUSY);
       }
       shutdownRV = SECFailure;
    }
    nss_IsInitted = PR_FALSE;
    return shutdownRV;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus nss_ShutdownShutdownList ( void  ) [static]

Definition at line 745 of file nssinit.c.

{
    SECStatus rv = SECSuccess;
    int i;

    /* call all the registerd functions first */
    for (i=0; i < nssShutdownList.numFuncs; i++) {
       struct NSSShutdownFuncPair *funcPair = &nssShutdownList.funcs[i];
       if (funcPair->func) {
           if ((*funcPair->func)(funcPair->appData,NULL) != SECSuccess) {
              rv = SECFailure;
           }
       }
    }

    nssShutdownList.numFuncs = 0;
    nssShutdownList.maxFuncs = 0;
    PORT_Free(nssShutdownList.funcs);
    nssShutdownList.funcs = NULL;
    if (nssShutdownList.lock) {
       PZ_DestroyLock(nssShutdownList.lock);
    }
    nssShutdownList.lock = NULL;
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 697 of file nssinit.c.

Here is the call graph for this function:

PRBool NSS_VersionCheck ( const char *  importedVersion)

Definition at line 820 of file nssinit.c.

{
    /*
     * This is the secret handshake algorithm.
     *
     * This release has a simple version compatibility
     * check algorithm.  This release is not backward
     * compatible with previous major releases.  It is
     * not compatible with future major, minor, or
     * patch releases.
     */
    int vmajor = 0, vminor = 0, vpatch = 0;
    const char *ptr = importedVersion;
    volatile char c; /* force a reference that won't get optimized away */

    c = __nss_base_rcsid[0] + __nss_base_sccsid[0]; 

    while (isdigit(*ptr)) {
        vmajor = 10 * vmajor + *ptr - '0';
        ptr++;
    }
    if (*ptr == '.') {
        ptr++;
        while (isdigit(*ptr)) {
            vminor = 10 * vminor + *ptr - '0';
            ptr++;
        }
        if (*ptr == '.') {
            ptr++;
            while (isdigit(*ptr)) {
                vpatch = 10 * vpatch + *ptr - '0';
                ptr++;
            }
        }
    }

    if (vmajor != NSS_VMAJOR) {
        return PR_FALSE;
    }
    if (vmajor == NSS_VMAJOR && vminor > NSS_VMINOR) {
        return PR_FALSE;
    }
    if (vmajor == NSS_VMAJOR && vminor == NSS_VMINOR && vpatch > NSS_VPATCH) {
        return PR_FALSE;
    }
    /* Check dependent libraries */
    if (PR_VersionCheck(PR_VERSION) == PR_FALSE) {
        return PR_FALSE;
    }
    return PR_TRUE;
}

Here is the caller graph for this function:

void PK11_ConfigurePKCS11 ( const char *  man,
const char *  libdes,
const char *  tokdes,
const char *  ptokdes,
const char *  slotdes,
const char *  pslotdes,
const char *  fslotdes,
const char *  fpslotdes,
int  minPwd,
int  pwRequired 
)

Definition at line 139 of file nssinit.c.

{
   char *strings = NULL;
   char *newStrings;

   /* make sure the internationalization was done correctly... */
   strings = PR_smprintf("");
   if (strings == NULL) return;

    if (man) {
        newStrings = PR_smprintf("%s manufacturerID='%s'",strings,man);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    if (libdes) {
        newStrings = PR_smprintf("%s libraryDescription='%s'",strings,libdes);
       PR_smprintf_free(strings);
       strings = newStrings;
       if (pk11_config_name != NULL) {
           PORT_Free(pk11_config_name);
       }
       pk11_config_name = PORT_Strdup(libdes);
    }
   if (strings == NULL) return;

    if (tokdes) {
        newStrings = PR_smprintf("%s cryptoTokenDescription='%s'",strings,
                                                        tokdes);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    if (ptokdes) {
        newStrings = PR_smprintf("%s dbTokenDescription='%s'",strings,ptokdes);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    if (slotdes) {
        newStrings = PR_smprintf("%s cryptoSlotDescription='%s'",strings,
                                                        slotdes);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    if (pslotdes) {
        newStrings = PR_smprintf("%s dbSlotDescription='%s'",strings,pslotdes);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    if (fslotdes) {
        newStrings = PR_smprintf("%s FIPSSlotDescription='%s'",
                                                 strings,fslotdes);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    if (fpslotdes) {
        newStrings = PR_smprintf("%s FIPSTokenDescription='%s'",
                                                 strings,fpslotdes);
       PR_smprintf_free(strings);
       strings = newStrings;
    }
   if (strings == NULL) return;

    newStrings = PR_smprintf("%s minPS=%d", strings, minPwd);
    PR_smprintf_free(strings);
    strings = newStrings;
   if (strings == NULL) return;

    if (pk11_config_strings != NULL) {
       PR_smprintf_free(pk11_config_strings);
    }
    pk11_config_strings = strings;
    pk11_password_required = pwRequired;

    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1738 of file secoid.c.

{
    PLHashEntry *entry;
    const SECOidData *oid;
    int i;

    if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
       return SECFailure;
    }

    if (oidhash) {
       return SECSuccess;
    }
    
    oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
                     PL_CompareValues, NULL, NULL);
    oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
                     PL_CompareValues, NULL, NULL);

    if ( !oidhash || !oidmechhash) {
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       PORT_Assert(0); /*This function should never fail. */
       return(SECFailure);
    }

    for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
       oid = &oids[i];

       PORT_Assert ( oid->offset == i );

       entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
       if ( entry == NULL ) {
           PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
            PORT_Assert(0); /*This function should never fail. */
           return(SECFailure);
       }

       if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
           entry = PL_HashTableAdd( oidmechhash, 
                                   (void *)oid->mechanism, (void *)oid );
           if ( entry == NULL ) {
               PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
                PORT_Assert(0); /* This function should never fail. */
              return(SECFailure);
           }
       }
    }

    PORT_Assert (i == SEC_OID_TOTAL);

    return(SECSuccess);
}

Variable Documentation

Definition at line 53 of file nssver.c.

Definition at line 55 of file nssver.c.

const char* dllname [static]

Definition at line 286 of file nssinit.c.

Definition at line 94 of file errorval.c.

char* pk11_config_name = NULL [static]

Definition at line 131 of file nssinit.c.

char* pk11_config_strings = NULL [static]

Definition at line 130 of file nssinit.c.

Definition at line 132 of file nssinit.c.