Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions
secmod.h File Reference
#include "seccomon.h"
#include "secmodt.h"
#include "prinrval.h"

Go to the source code of this file.

Defines

#define _SEDMOD_H_
#define PUBLIC_MECH_RSA_FLAG   0x00000001ul
#define PUBLIC_MECH_DSA_FLAG   0x00000002ul
#define PUBLIC_MECH_RC2_FLAG   0x00000004ul
#define PUBLIC_MECH_RC4_FLAG   0x00000008ul
#define PUBLIC_MECH_DES_FLAG   0x00000010ul
#define PUBLIC_MECH_DH_FLAG   0x00000020ul
#define PUBLIC_MECH_FORTEZZA_FLAG   0x00000040ul
#define PUBLIC_MECH_RC5_FLAG   0x00000080ul
#define PUBLIC_MECH_SHA1_FLAG   0x00000100ul
#define PUBLIC_MECH_MD5_FLAG   0x00000200ul
#define PUBLIC_MECH_MD2_FLAG   0x00000400ul
#define PUBLIC_MECH_SSL_FLAG   0x00000800ul
#define PUBLIC_MECH_TLS_FLAG   0x00001000ul
#define PUBLIC_MECH_AES_FLAG   0x00002000ul
#define PUBLIC_MECH_SHA256_FLAG   0x00004000ul
#define PUBLIC_MECH_SHA512_FLAG   0x00008000ul
#define PUBLIC_MECH_RANDOM_FLAG   0x08000000ul
#define PUBLIC_MECH_FRIENDLY_FLAG   0x10000000ul
#define PUBLIC_OWN_PW_DEFAULTS   0X20000000ul
#define PUBLIC_DISABLE_FLAG   0x40000000ul
#define PUBLIC_MECH_RESERVED_FLAGS   0x87FF0000ul
#define PUBLIC_CIPHER_FORTEZZA_FLAG   0x00000001ul
#define PUBLIC_CIPHER_RESERVED_FLAGS   0xFFFFFFFEul

Functions

SEC_BEGIN_PROTOS SECMODModule * SECMOD_LoadModule (char *moduleSpec, SECMODModule *parent, PRBool recurse)
SECMODModule * SECMOD_LoadUserModule (char *moduleSpec, SECMODModule *parent, PRBool recurse)
SECStatus SECMOD_UnloadUserModule (SECMODModule *mod)
SECMODModule * SECMOD_CreateModule (const char *lib, const char *name, const char *param, const char *nss)
char ** SECMOD_GetModuleSpecList (SECMODModule *module)
SECStatus SECMOD_FreeModuleSpecList (SECMODModule *module, char **moduleSpecList)
SECMODModuleList * SECMOD_GetDefaultModuleList (void)
SECMODModuleList * SECMOD_GetDeadModuleList (void)
SECMODModuleList * SECMOD_GetDBModuleList (void)
SECMODListLockSECMOD_GetDefaultModuleListLock (void)
SECStatus SECMOD_UpdateModule (SECMODModule *module)
void SECMOD_GetReadLock (SECMODListLock *)
void SECMOD_ReleaseReadLock (SECMODListLock *)
SECMODModule * SECMOD_FindModule (const char *name)
SECStatus SECMOD_DeleteModule (const char *name, int *type)
SECStatus SECMOD_DeleteInternalModule (const char *name)
PRBool SECMOD_CanDeleteInternalModule (void)
SECStatus SECMOD_AddNewModule (const char *moduleName, const char *dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags)
SECStatus SECMOD_AddNewModuleEx (const char *moduleName, const char *dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags, char *modparms, char *nssparms)
SECMODModule * SECMOD_GetInternalModule (void)
SECMODModule * SECMOD_ReferenceModule (SECMODModule *module)
void SECMOD_DestroyModule (SECMODModule *module)
PK11SlotInfo * SECMOD_LookupSlot (SECMODModuleID module, unsigned long slotID)
PK11SlotInfo * SECMOD_FindSlot (SECMODModule *module, const char *name)
PRBool SECMOD_IsModulePresent (unsigned long int pubCipherEnableFlags)
unsigned long SECMOD_PubMechFlagstoInternal (unsigned long publicFlags)
unsigned long SECMOD_PubCipherFlagstoInternal (unsigned long publicFlags)
PRBool SECMOD_HasRemovableSlots (SECMODModule *mod)
PK11SlotInfo * SECMOD_WaitForAnyTokenEvent (SECMODModule *mod, unsigned long flags, PRIntervalTime latency)
SECStatus SECMOD_CancelWait (SECMODModule *mod)
SECStatus SECMOD_UpdateSlotList (SECMODModule *mod)

Define Documentation

Definition at line 37 of file secmod.h.

#define PUBLIC_CIPHER_FORTEZZA_FLAG   0x00000001ul

Definition at line 73 of file secmod.h.

Definition at line 76 of file secmod.h.

#define PUBLIC_DISABLE_FLAG   0x40000000ul

Definition at line 65 of file secmod.h.

#define PUBLIC_MECH_AES_FLAG   0x00002000ul

Definition at line 58 of file secmod.h.

#define PUBLIC_MECH_DES_FLAG   0x00000010ul

Definition at line 49 of file secmod.h.

#define PUBLIC_MECH_DH_FLAG   0x00000020ul

Definition at line 50 of file secmod.h.

#define PUBLIC_MECH_DSA_FLAG   0x00000002ul

Definition at line 46 of file secmod.h.

#define PUBLIC_MECH_FORTEZZA_FLAG   0x00000040ul

Definition at line 51 of file secmod.h.

#define PUBLIC_MECH_FRIENDLY_FLAG   0x10000000ul

Definition at line 63 of file secmod.h.

#define PUBLIC_MECH_MD2_FLAG   0x00000400ul

Definition at line 55 of file secmod.h.

#define PUBLIC_MECH_MD5_FLAG   0x00000200ul

Definition at line 54 of file secmod.h.

#define PUBLIC_MECH_RANDOM_FLAG   0x08000000ul

Definition at line 62 of file secmod.h.

#define PUBLIC_MECH_RC2_FLAG   0x00000004ul

Definition at line 47 of file secmod.h.

#define PUBLIC_MECH_RC4_FLAG   0x00000008ul

Definition at line 48 of file secmod.h.

#define PUBLIC_MECH_RC5_FLAG   0x00000080ul

Definition at line 52 of file secmod.h.

#define PUBLIC_MECH_RESERVED_FLAGS   0x87FF0000ul

Definition at line 68 of file secmod.h.

#define PUBLIC_MECH_RSA_FLAG   0x00000001ul

Definition at line 45 of file secmod.h.

#define PUBLIC_MECH_SHA1_FLAG   0x00000100ul

Definition at line 53 of file secmod.h.

#define PUBLIC_MECH_SHA256_FLAG   0x00004000ul

Definition at line 59 of file secmod.h.

#define PUBLIC_MECH_SHA512_FLAG   0x00008000ul

Definition at line 60 of file secmod.h.

#define PUBLIC_MECH_SSL_FLAG   0x00000800ul

Definition at line 56 of file secmod.h.

#define PUBLIC_MECH_TLS_FLAG   0x00001000ul

Definition at line 57 of file secmod.h.

#define PUBLIC_OWN_PW_DEFAULTS   0X20000000ul

Definition at line 64 of file secmod.h.


Function Documentation

SECStatus SECMOD_AddNewModule ( const char *  moduleName,
const char *  dllPath,
unsigned long  defaultMechanismFlags,
unsigned long  cipherEnableFlags 
)

Definition at line 622 of file pk11util.c.

{
    return SECMOD_AddNewModuleEx(moduleName, dllPath, defaultMechanismFlags,
                  cipherEnableFlags, 
                  NULL, NULL); /* don't pass module or nss params */
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_AddNewModuleEx ( const char *  moduleName,
const char *  dllPath,
unsigned long  defaultMechanismFlags,
unsigned long  cipherEnableFlags,
char *  modparms,
char *  nssparms 
)

Definition at line 566 of file pk11util.c.

{
    SECMODModule *module;
    SECStatus result = SECFailure;
    int s,i;
    PK11SlotInfo* slot;

    PR_SetErrorText(0, NULL);

    module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms);

    if (module == NULL) {
       return result;
    }

    if (module->dllName != NULL) {
        if (module->dllName[0] != 0) {
            result = SECMOD_AddModule(module);
            if (result == SECSuccess) {
                /* turn on SSL cipher enable flags */
                module->ssl[0] = cipherEnableFlags;

              SECMOD_GetReadLock(moduleLock);
                /* check each slot to turn on appropriate mechanisms */
                for (s = 0; s < module->slotCount; s++) {
                    slot = (module->slots)[s];
                    /* for each possible mechanism */
                    for (i=0; i < num_pk11_default_mechanisms; i++) {
                        /* we are told to turn it on by default ? */
                     PRBool add = 
                      (PK11_DefaultArray[i].flag & defaultMechanismFlags) ?
                                          PR_TRUE: PR_FALSE;
                        result = PK11_UpdateSlotAttribute(slot, 
                                   &(PK11_DefaultArray[i]),  add);
                    } /* for each mechanism */
                    /* disable each slot if the defaultFlags say so */
                    if (defaultMechanismFlags & PK11_DISABLE_FLAG) {
                        PK11_UserDisableSlot(slot);
                    }
                } /* for each slot of this module */
              SECMOD_ReleaseReadLock(moduleLock);

                /* delete and re-add module in order to save changes 
               * to the module */
              result = SECMOD_UpdateModule(module);
            }
        }
    }
    SECMOD_DestroyModule(module);
    return result;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_CancelWait ( SECMODModule *  mod)

Definition at line 1133 of file pk11util.c.

{
    unsigned long controlMask = mod->evControlMask;
    SECStatus rv = SECSuccess;
    CK_RV crv;

    PZ_Lock(mod->refLock);
    mod->evControlMask |= SECMOD_END_WAIT;
    controlMask = mod->evControlMask;
    if (controlMask & SECMOD_WAIT_PKCS11_EVENT) {
        if (!pk11_getFinalizeModulesOption()) {
            /* can't get here unless pk11_getFinalizeModulesOption is set */
            PORT_Assert(0);
            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
            rv = SECFailure;
            goto loser;
        }
       /* NOTE: this call will drop all transient keys, in progress
        * operations, and any authentication. This is the only documented
        * way to get WaitForSlotEvent to return. Also note: for non-thread
        * safe tokens, we need to hold the module lock, this is not yet at
        * system shutdown/startup time, so we need to protect these calls */
       crv = PK11_GETTAB(mod)->C_Finalize(NULL);
       /* ok, we slammed the module down, now we need to reinit it in case
        * we intend to use it again */
       if (CKR_OK == crv) {
            PRBool alreadyLoaded;
           secmod_ModuleInit(mod, &alreadyLoaded);
       } else {
           /* Finalized failed for some reason,  notify the application
            * so maybe it has a prayer of recovering... */
           PORT_SetError(PK11_MapError(crv));
           rv = SECFailure;
       }
    } else if (controlMask & SECMOD_WAIT_SIMULATED_EVENT) {
       mod->evControlMask &= ~SECMOD_WAIT_SIMULATED_EVENT; 
                            /* Simulated events will eventually timeout
                             * and wake up in the loop */
    }
loser:
    PZ_Unlock(mod->refLock);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 845 of file pk11util.c.

{
    return (PRBool) (pendingModule == NULL);
}
SECMODModule* SECMOD_CreateModule ( const char *  lib,
const char *  name,
const char *  param,
const char *  nss 
)

Definition at line 114 of file pk11pars.c.

{
    SECMODModule *mod = secmod_NewModule();
    char *slotParams,*ciphers;
    /* pk11pars.h still does not have const char * interfaces */
    char *nssc = (char *)nss;
    if (mod == NULL) return NULL;

    mod->commonName = PORT_ArenaStrdup(mod->arena,moduleName ? moduleName : "");
    if (library) {
       mod->dllName = PORT_ArenaStrdup(mod->arena,library);
    }
    /* new field */
    if (parameters) {
       mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters);
    }
    mod->internal   = secmod_argHasFlag("flags","internal",nssc);
    mod->isFIPS     = secmod_argHasFlag("flags","FIPS",nssc);
    mod->isCritical = secmod_argHasFlag("flags","critical",nssc);
    slotParams      = secmod_argGetParamValue("slotParams",nssc);
    mod->slotInfo   = secmod_argParseSlotInfo(mod->arena,slotParams,
                                                 &mod->slotInfoCount);
    if (slotParams) PORT_Free(slotParams);
    /* new field */
    mod->trustOrder  = secmod_argReadLong("trustOrder",nssc,
                                          SECMOD_DEFAULT_TRUST_ORDER,NULL);
    /* new field */
    mod->cipherOrder = secmod_argReadLong("cipherOrder",nssc,
                                          SECMOD_DEFAULT_CIPHER_ORDER,NULL);
    /* new field */
    mod->isModuleDB   = secmod_argHasFlag("flags","moduleDB",nssc);
    mod->moduleDBOnly = secmod_argHasFlag("flags","moduleDBOnly",nssc);
    if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE;

    ciphers = secmod_argGetParamValue("ciphers",nssc);
    secmod_argSetNewCipherFlags(&mod->ssl[0],ciphers);
    if (ciphers) PORT_Free(ciphers);

    secmod_PrivateModuleCount++;

    return mod;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 398 of file pk11util.c.

{
    SECMODModuleList *mlp;
    SECMODModuleList **mlpp;
    SECStatus rv = SECFailure;

    if (pendingModule) {
       PORT_SetError(SEC_ERROR_MODULE_STUCK);
       return rv;
    }

    SECMOD_GetWriteLock(moduleLock);
    for(mlpp = &modules,mlp = modules; 
                            mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
       if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
           /* don't delete the internal module */
           if (mlp->module->internal) {
              SECMOD_RemoveList(mlpp,mlp);
              rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
           } 
           break;
       }
    }
    SECMOD_ReleaseWriteLock(moduleLock);

    if (rv == SECSuccess) {
       SECMODModule *newModule,*oldModule;

       if (mlp->module->isFIPS) {
           newModule = SECMOD_CreateModule(NULL, SECMOD_INT_NAME,
                            NULL, SECMOD_INT_FLAGS);
       } else {
           newModule = SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME,
                            NULL, SECMOD_FIPS_FLAGS);
       }
       if (newModule) {
           newModule->libraryParams = 
            PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams);
           rv = SECMOD_AddModule(newModule);
           if (rv != SECSuccess) {
              SECMOD_DestroyModule(newModule);
              newModule = NULL;
           }
       }
       if (newModule == NULL) {
           SECMODModuleList *last = NULL,*mlp2;
          /* we're in pretty deep trouble if this happens...Security
           * not going to work well... try to put the old module back on
           * the list */
          SECMOD_GetWriteLock(moduleLock);
          for(mlp2 = modules; mlp2 != NULL; mlp2 = mlp->next) {
              last = mlp2;
          }

          if (last == NULL) {
              modules = mlp;
          } else {
              SECMOD_AddList(last,mlp,NULL);
          }
          SECMOD_ReleaseWriteLock(moduleLock);
          return SECFailure; 
       }
       pendingModule = oldModule = internalModule;
       internalModule = NULL;
       SECMOD_DestroyModule(oldModule);
       SECMOD_DeletePermDB(mlp->module);
       SECMOD_DestroyModuleListElement(mlp);
       internalModule = newModule; /* adopt the module */
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_DeleteModule ( const char *  name,
int type 
)

Definition at line 389 of file pk11util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void SECMOD_DestroyModule ( SECMODModule *  module)

Definition at line 741 of file pk11util.c.

{
    PRBool willfree = PR_FALSE;
    int slotCount;
    int i;

    PZ_Lock(module->refLock);
    if (module->refCount-- == 1) {
       willfree = PR_TRUE;
    }
    PORT_Assert(willfree || (module->refCount > 0));
    PZ_Unlock(module->refLock);

    if (!willfree) {
       return;
    }
   
    if (module->parent != NULL) {
       SECMODModule *parent = module->parent;
       /* paranoia, don't loop forever if the modules are looped */
       module->parent = NULL;
       SECMOD_DestroyModule(parent);
    }

    /* slots can't really disappear until our module starts freeing them,
     * so this check is safe */
    slotCount = module->slotCount;
    if (slotCount == 0) {
       SECMOD_SlotDestroyModule(module,PR_FALSE);
       return;
    }

    /* now free all out slots, when they are done, they will cause the
     * module to disappear altogether */
    for (i=0 ; i < slotCount; i++) {
       if (!module->slots[i]->disabled) {
              PK11_ClearSlotList(module->slots[i]);
       }
       PK11_FreeSlot(module->slots[i]);
    }
    /* WARNING: once the last slot has been freed is it possible (even likely)
     * that module is no more... touching it now is a good way to go south */
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECMODModule* SECMOD_FindModule ( const char *  name)

Definition at line 221 of file pk11util.c.

{
    SECMODModuleList *mlp;
    SECMODModule *module = NULL;

    SECMOD_GetReadLock(moduleLock);
    for(mlp = modules; mlp != NULL; mlp = mlp->next) {
       if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
    }
    if (module) {
       goto found;
    }
    for(mlp = modulesUnload; mlp != NULL; mlp = mlp->next) {
       if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
    }

found:
    SECMOD_ReleaseReadLock(moduleLock);

    return module;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SlotInfo* SECMOD_FindSlot ( SECMODModule *  module,
const char *  name 
)

Definition at line 505 of file pk11util.c.

{
    int i;
    char *string;
    PK11SlotInfo *retSlot = NULL;

    SECMOD_GetReadLock(moduleLock);
    for (i=0; i < module->slotCount; i++) {
       PK11SlotInfo *slot = module->slots[i];

       if (PK11_IsPresent(slot)) {
           string = PK11_GetTokenName(slot);
       } else {
           string = PK11_GetSlotName(slot);
       }
       if (PORT_Strcmp(name,string) == 0) {
           retSlot = PK11_ReferenceSlot(slot);
           break;
       }
    }
    SECMOD_ReleaseReadLock(moduleLock);

    if (retSlot == NULL) {
       PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
    }
    return retSlot;
}

Here is the call graph for this function:

SECStatus SECMOD_FreeModuleSpecList ( SECMODModule *  module,
char **  moduleSpecList 
)

Definition at line 278 of file pk11pars.c.

{
    SECMODModuleDBFunc func = (SECMODModuleDBFunc) module->moduleDBFunc;
    char **retString;
    if (func) {
       retString = (*func)(SECMOD_MODULE_DB_FUNCTION_RELEASE,
              module->libraryParams,moduleSpecList);
       if (retString != NULL) return SECSuccess;
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECMODModuleList* SECMOD_GetDBModuleList ( void  )

Definition at line 199 of file pk11util.c.

{ return modulesDB; }
SECMODModuleList* SECMOD_GetDeadModuleList ( void  )

Definition at line 198 of file pk11util.c.

{ return modulesUnload; }

Here is the caller graph for this function:

SECMODModuleList* SECMOD_GetDefaultModuleList ( void  )

Definition at line 197 of file pk11util.c.

{ return modules; }

Here is the caller graph for this function:

Definition at line 212 of file pk11util.c.

{ return moduleLock; }

Here is the caller graph for this function:

SECMODModule* SECMOD_GetInternalModule ( void  )

Definition at line 135 of file pk11util.c.

{
   return internalModule;
}

Here is the caller graph for this function:

char** SECMOD_GetModuleSpecList ( SECMODModule *  module)

Definition at line 227 of file pk11pars.c.

{
    SECMODModuleDBFunc func = (SECMODModuleDBFunc) module->moduleDBFunc;
    if (func) {
       return (*func)(SECMOD_MODULE_DB_FUNCTION_FIND,
              module->libraryParams,NULL);
    }
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 69 of file pk11list.c.

{
    NSSRWLock_LockRead(modLock);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SECMOD_HasRemovableSlots ( SECMODModule *  mod)

Definition at line 1182 of file pk11util.c.

{
    int i;
    PRBool ret = PR_FALSE;

    SECMOD_GetReadLock(moduleLock);
    for (i=0; i < mod->slotCount; i++) {
       PK11SlotInfo *slot = mod->slots[i];
       /* perm modules are not inserted or removed */
       if (slot->isPerm) {
           continue;
       }
       ret = PR_TRUE;
       break;
    }
    SECMOD_ReleaseReadLock(moduleLock);
    return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SECMOD_IsModulePresent ( unsigned long int  pubCipherEnableFlags)

Definition at line 693 of file pk11util.c.

{
    PRBool result = PR_FALSE;
    SECMODModuleList *mods = SECMOD_GetDefaultModuleList();
    SECMOD_GetReadLock(moduleLock);


    for ( ; mods != NULL; mods = mods->next) {
        if (mods->module->ssl[0] & 
              SECMOD_PubCipherFlagstoInternal(pubCipherEnableFlags)) {
            result = PR_TRUE;
        }
    }

    SECMOD_ReleaseReadLock(moduleLock);
    return result;
}

Here is the call graph for this function:

SEC_BEGIN_PROTOS SECMODModule* SECMOD_LoadModule ( char *  moduleSpec,
SECMODModule *  parent,
PRBool  recurse 
)

Definition at line 294 of file pk11pars.c.

{
    char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL;
    SECStatus status;
    SECMODModule *module = NULL;
    SECStatus rv;

    /* initialize the underlying module structures */
    SECMOD_Init();

    status = secmod_argParseModuleSpec(modulespec, &library, &moduleName, 
                                                 &parameters, &nss);
    if (status != SECSuccess) {
       goto loser;
    }

    module = SECMOD_CreateModule(library, moduleName, parameters, nss);
    if (library) PORT_Free(library);
    if (moduleName) PORT_Free(moduleName);
    if (parameters) PORT_Free(parameters);
    if (nss) PORT_Free(nss);
    if (!module) {
       goto loser;
    }
    if (parent) {
       module->parent = SECMOD_ReferenceModule(parent);
    }

    /* load it */
    rv = SECMOD_LoadPKCS11Module(module);
    if (rv != SECSuccess) {
       goto loser;
    }

    if (recurse && module->isModuleDB) {
       char ** moduleSpecList;
       PORT_SetError(0);

       moduleSpecList = SECMOD_GetModuleSpecList(module);
       if (moduleSpecList) {
           char **index;

           for (index = moduleSpecList; *index; index++) {
              SECMODModule *child;
              child = SECMOD_LoadModule(*index,module,PR_TRUE);
              if (!child) break;
              if (child->isCritical && !child->loaded) {
                  int err = PORT_GetError();
                  if (!err)  
                     err = SEC_ERROR_NO_MODULE;
                  SECMOD_DestroyModule(child);
                  PORT_SetError(err);
                  rv = SECFailure;
                  break;
              }
              SECMOD_DestroyModule(child);
           }
           SECMOD_FreeModuleSpecList(module,moduleSpecList);
       } else {
           if (!PORT_GetError())
              PORT_SetError(SEC_ERROR_NO_MODULE);
           rv = SECFailure;
       }
    }

    if (rv != SECSuccess) {
       goto loser;
    }


    /* inherit the reference */
    if (!module->moduleDBOnly) {
       SECMOD_AddModuleToList(module);
    } else {
       SECMOD_AddModuleToDBOnlyList(module);
    }
   
    /* handle any additional work here */
    return module;

loser:
    if (module) {
       if (module->loaded) {
           SECMOD_UnloadModule(module);
       }
       SECMOD_AddModuleToUnloadList(module);
    }
    return module;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECMODModule* SECMOD_LoadUserModule ( char *  moduleSpec,
SECMODModule *  parent,
PRBool  recurse 
)

Definition at line 388 of file pk11pars.c.

{
    SECStatus rv = SECSuccess;
    SECMODModule * newmod = SECMOD_LoadModule(modulespec, parent, recurse);
    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();

    if (newmod) {
       SECMOD_GetReadLock(moduleLock);
        rv = STAN_AddModuleToDefaultTrustDomain(newmod);
       SECMOD_ReleaseReadLock(moduleLock);
        if (SECSuccess != rv) {
            SECMOD_DestroyModule(newmod);
            return NULL;
        }
    }
    return newmod;
}

Here is the call graph for this function:

PK11SlotInfo* SECMOD_LookupSlot ( SECMODModuleID  module,
unsigned long  slotID 
)
unsigned long SECMOD_PubCipherFlagstoInternal ( unsigned long  publicFlags)

Definition at line 680 of file pk11util.c.

{
    return publicFlags;
}

Here is the caller graph for this function:

unsigned long SECMOD_PubMechFlagstoInternal ( unsigned long  publicFlags)

Definition at line 652 of file pk11util.c.

{
    unsigned long internalFlags = publicFlags;

    if (publicFlags & PUBLIC_MECH_RANDOM_FLAG) {
        internalFlags &= ~PUBLIC_MECH_RANDOM_FLAG;
        internalFlags |= SECMOD_RANDOM_FLAG;
    }
    return internalFlags;
}

Here is the caller graph for this function:

SECMODModule* SECMOD_ReferenceModule ( SECMODModule *  module)

Definition at line 728 of file pk11util.c.

{
    PZ_Lock(module->refLock);
    PORT_Assert(module->refCount > 0);

    module->refCount++;
    PZ_Unlock(module->refLock);
    return module;
}

Here is the caller graph for this function:

Definition at line 77 of file pk11list.c.

{
    NSSRWLock_UnlockRead(modLock);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_UnloadUserModule ( SECMODModule *  mod)

Definition at line 410 of file pk11pars.c.

Here is the call graph for this function:

SECStatus SECMOD_UpdateModule ( SECMODModule *  module)

Definition at line 632 of file pk11util.c.

{
    SECStatus result;

    result = SECMOD_DeletePermDB(module);
                
    if (result == SECSuccess) {          
       result = SECMOD_AddPermDB(module);
    }
    return result;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_UpdateSlotList ( SECMODModule *  mod)

Definition at line 859 of file pk11util.c.

{
    CK_RV crv;
    CK_ULONG count;
    CK_ULONG i, oldCount;
    PRBool freeRef = PR_FALSE;
    void *mark = NULL;
    CK_ULONG *slotIDs = NULL;
    PK11SlotInfo **newSlots = NULL;
    PK11SlotInfo **oldSlots = NULL;

    /* C_GetSlotList is not a session function, make sure 
     * calls are serialized */
    PZ_Lock(mod->refLock);
    freeRef = PR_TRUE;
    /* see if the number of slots have changed */
    crv = PK11_GETTAB(mod)->C_GetSlotList(PR_FALSE, NULL, &count);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       goto loser;
    }
    /* nothing new, blow out early, we want this function to be quick
     * and cheap in the normal case  */
    if (count == mod->slotCount) {
       PZ_Unlock(mod->refLock);
       return SECSuccess;
    }
    if (count < (CK_ULONG)mod->slotCount) {
       /* shouldn't happen with a properly functioning PKCS #11 module */
       PORT_SetError( SEC_ERROR_INCOMPATIBLE_PKCS11 );
       goto loser;
    }

    /* get the new slot list */
    slotIDs = PORT_NewArray(CK_SLOT_ID, count);
    if (slotIDs == NULL) {
       goto loser;
    }

    crv = PK11_GETTAB(mod)->C_GetSlotList(PR_FALSE, slotIDs, &count);
    if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       goto loser;
    }
    freeRef = PR_FALSE;
    PZ_Unlock(mod->refLock);
    mark = PORT_ArenaMark(mod->arena);
    if (mark == NULL) {
       goto loser;
    }
    newSlots = PORT_ArenaZNewArray(mod->arena,PK11SlotInfo *,count);

    /* walk down the new slot ID list returned from the module. We keep
     * the old slots which match a returned ID, and we initialize the new 
     * slots. */
    for (i=0; i < count; i++) {
       PK11SlotInfo *slot = SECMOD_FindSlotByID(mod,slotIDs[i]);

       if (!slot) {
           /* we have a new slot create a new slot data structure */
           slot = PK11_NewSlotInfo(mod);
           if (!slot) {
              goto loser;
           }
           PK11_InitSlot(mod, slotIDs[i], slot);
           STAN_InitTokenForSlotInfo(NULL, slot);
       }
       newSlots[i] = slot;
    }
    STAN_ResetTokenInterator(NULL);
    PORT_Free(slotIDs);
    slotIDs = NULL;
    PORT_ArenaUnmark(mod->arena, mark);

    /* until this point we're still using the old slot list. Now we update
     * module slot list. We update the slots (array) first then the count, 
     * since we've already guarrenteed that count has increased (just in case 
     * someone is looking at the slots field of  module without holding the 
     * moduleLock */
    SECMOD_GetWriteLock(moduleLock);
    oldCount =mod->slotCount;
    oldSlots = mod->slots;
    mod->slots = newSlots; /* typical arena 'leak'... old mod->slots is
                         * allocated out of the module arena and won't
                         * be freed until the module is freed */
    mod->slotCount = count;
    SECMOD_ReleaseWriteLock(moduleLock);
    /* free our old references before forgetting about oldSlot*/
    for (i=0; i < oldCount; i++) {
       PK11_FreeSlot(oldSlots[i]);
    }
    return SECSuccess;

loser:
    if (freeRef) {
       PZ_Unlock(mod->refLock);
    }
    if (slotIDs) {
       PORT_Free(slotIDs);
    }
    /* free all the slots we allocated. newSlots are part of the
     * mod arena. NOTE: the newSlots array contain both new and old
     * slots, but we kept a reference to the old slots when we built the new
     * array, so we need to free all the slots in newSlots array. */
    if (newSlots) {
       for (i=0; i < count; i++) {
           if (newSlots[i] == NULL) {
              break; /* hit the last one */
           }
           PK11_FreeSlot(newSlots[i]);
       }
    }
    /* must come after freeing newSlots */
    if (mark) {
       PORT_ArenaRelease(mod->arena, mark);
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SlotInfo* SECMOD_WaitForAnyTokenEvent ( SECMODModule *  mod,
unsigned long  flags,
PRIntervalTime  latency 
)

Definition at line 1057 of file pk11util.c.

{
    CK_SLOT_ID id;
    CK_RV crv;
    PK11SlotInfo *slot;

    if (!pk11_getFinalizeModulesOption() ||
        ((mod->cryptokiVersion.major == 2) &&
         (mod->cryptokiVersion.minor < 1))) { 
        /* if we are sharing the module with other software in our
         * address space, we can't reliably use C_WaitForSlotEvent(),
         * and if the module is version 2.0, C_WaitForSlotEvent() doesn't
         * exist */
       return secmod_HandleWaitForSlotEvent(mod, flags, latency);
    }
    /* first the the PKCS #11 call */
    PZ_Lock(mod->refLock);
    if (mod->evControlMask & SECMOD_END_WAIT) {
       goto end_wait;
    }
    mod->evControlMask |= SECMOD_WAIT_PKCS11_EVENT;
    PZ_Unlock(mod->refLock);
    crv = PK11_GETTAB(mod)->C_WaitForSlotEvent(flags, &id, NULL);
    PZ_Lock(mod->refLock);
    mod->evControlMask &= ~SECMOD_WAIT_PKCS11_EVENT;
    /* if we are in end wait, short circuit now, don't even risk
     * going into secmod_HandleWaitForSlotEvent */
    if (mod->evControlMask & SECMOD_END_WAIT) {
       goto end_wait;
    }
    PZ_Unlock(mod->refLock);
    if (crv == CKR_FUNCTION_NOT_SUPPORTED) {
       /* module doesn't support that call, simulate it */
       return secmod_HandleWaitForSlotEvent(mod, flags, latency);
    }
    if (crv != CKR_OK) {
       /* we can get this error if finalize was called while we were
        * still running. This is the only way to force a C_WaitForSlotEvent()
        * to return in PKCS #11. In this case, just return that there
        * was no event. */
       if (crv == CKR_CRYPTOKI_NOT_INITIALIZED) {
           PORT_SetError(SEC_ERROR_NO_EVENT);
       } else {
           PORT_SetError(PK11_MapError(crv));
       }
       return NULL;
    }
    slot = SECMOD_FindSlotByID(mod, id);
    if (slot == NULL) {
       /* possibly a new slot that was added? */
       SECMOD_UpdateSlotList(mod);
       slot = SECMOD_FindSlotByID(mod, id);
    }
    /* if we are in the delay period for the "isPresent" call, reset
     * the delay since we know things have probably changed... */
    if (slot && slot->nssToken && slot->nssToken->slot) {
       nssSlot_ResetDelay(slot->nssToken->slot);
    }
    return slot;

    /* must be called with the lock on. */
end_wait:
    mod->evControlMask &= ~SECMOD_END_WAIT;
    PZ_Unlock(mod->refLock);
    PORT_SetError(SEC_ERROR_NO_EVENT);
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function: