Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions | Variables
secmodi.h File Reference
#include "pkcs11.h"
#include "nssilock.h"
#include "mcom_db.h"
#include "secoidt.h"
#include "secdert.h"
#include "certt.h"
#include "secmodt.h"
#include "keyt.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define PK11_GETTAB(x)   ((CK_FUNCTION_LIST_PTR)((x)->functionList))
#define PK11_SETATTRS(x, id, v, l)

Functions

SEC_BEGIN_PROTOS SECStatus SECMOD_DeletePermDB (SECMODModule *module)
SECStatus SECMOD_AddPermDB (SECMODModule *module)
SECStatus SECMOD_Shutdown (void)
void nss_DumpModuleLog (void)
void SECMOD_Init (void)
SECStatus secmod_ModuleInit (SECMODModule *mod, PRBool *alreadyLoaded)
SECStatus SECMOD_AddModuleToList (SECMODModule *newModule)
SECStatus SECMOD_AddModuleToDBOnlyList (SECMODModule *newModule)
SECStatus SECMOD_AddModuleToUnloadList (SECMODModule *newModule)
void SECMOD_RemoveList (SECMODModuleList **, SECMODModuleList *)
void SECMOD_AddList (SECMODModuleList *, SECMODModuleList *, SECMODListLock *)
SECMODListLockSECMOD_NewListLock (void)
void SECMOD_DestroyListLock (SECMODListLock *)
void SECMOD_GetWriteLock (SECMODListLock *)
void SECMOD_ReleaseWriteLock (SECMODListLock *)
SECMODModule * SECMOD_FindModuleByID (SECMODModuleID)
SECMODModuleList * SECMOD_NewModuleListElement (void)
SECMODModuleList * SECMOD_DestroyModuleListElement (SECMODModuleList *)
void SECMOD_DestroyModuleList (SECMODModuleList *)
SECStatus SECMOD_AddModule (SECMODModule *newModule)
SECStatus SECMOD_DeleteModuleEx (const char *name, SECMODModule *mod, int *type, PRBool permdb)
unsigned long SECMOD_InternaltoPubMechFlags (unsigned long internalFlags)
unsigned long SECMOD_InternaltoPubCipherFlags (unsigned long internalFlags)
SECStatus SECMOD_LoadPKCS11Module (SECMODModule *)
SECStatus SECMOD_UnloadModule (SECMODModule *)
void SECMOD_SetInternalModule (SECMODModule *)
void SECMOD_SlotDestroyModule (SECMODModule *module, PRBool fromSlot)
CK_RV pk11_notify (CK_SESSION_HANDLE session, CK_NOTIFICATION event, CK_VOID_PTR pdata)
void pk11_SignedToUnsigned (CK_ATTRIBUTE *attrib)
CK_OBJECT_HANDLE pk11_FindObjectByTemplate (PK11SlotInfo *slot, CK_ATTRIBUTE *inTemplate, int tsize)
CK_OBJECT_HANDLEpk11_FindObjectsByTemplate (PK11SlotInfo *slot, CK_ATTRIBUTE *inTemplate, int tsize, int *objCount)
SECStatus PK11_UpdateSlotAttribute (PK11SlotInfo *slot, PK11DefaultArrayEntry *entry, PRBool add)
SECStatus PK11_CreateNewObject (PK11SlotInfo *slot, CK_SESSION_HANDLE session, CK_ATTRIBUTE *theTemplate, int count, PRBool token, CK_OBJECT_HANDLE *objectID)
SECStatus pbe_PK11AlgidToParam (SECAlgorithmID *algid, SECItem *mech)
SECStatus PBE_PK11ParamToAlgid (SECOidTag algTag, SECItem *param, PRArenaPool *arena, SECAlgorithmID *algId)
void pk11sdr_Init (void)
void pk11sdr_Shutdown (void)
PRBool pk11_LoginStillRequired (PK11SlotInfo *slot, void *wincx)
CK_SESSION_HANDLE pk11_GetNewSession (PK11SlotInfo *slot, PRBool *owner)
void pk11_CloseSession (PK11SlotInfo *slot, CK_SESSION_HANDLE sess, PRBool own)
PK11SymKey * pk11_ForceSlot (PK11SymKey *symKey, CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation)
unsigned int pk11_OpFlagsToAttributes (CK_FLAGS flags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue)
PRBool pk11_BadAttrFlags (PK11AttrFlags attrFlags)
unsigned int pk11_AttrFlagsToAttributes (PK11AttrFlags attrFlags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue, CK_BBOOL *ckFalse)
PRBool pk11_FindAttrInTemplate (CK_ATTRIBUTE *attr, unsigned int numAttrs, CK_ATTRIBUTE_TYPE target)
CK_MECHANISM_TYPE pk11_mapWrapKeyType (KeyType keyType)
PK11SymKey * pk11_KeyExchange (PK11SlotInfo *slot, CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags, PRBool isPerm, PK11SymKey *symKey)
PRBool pk11_HandleTrustObject (PK11SlotInfo *slot, CERTCertificate *cert, CERTCertTrust *trust)
CK_OBJECT_HANDLE pk11_FindPubKeyByAnyCert (CERTCertificate *cert, PK11SlotInfo **slot, void *wincx)
SECStatus pk11_AuthenticateUnfriendly (PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
int PK11_NumberObjectsFor (PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate, int templateCount)
SECItem * pk11_GetLowLevelKeyFromHandle (PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
SECStatus PK11_TraverseSlot (PK11SlotInfo *slot, void *arg)
CK_OBJECT_HANDLE pk11_FindPrivateKeyFromCertID (PK11SlotInfo *slot, SECItem *keyID)
SECKEYPrivateKey * PK11_MakePrivKey (PK11SlotInfo *slot, KeyType keyType, PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx)

Variables

int secmod_PrivateModuleCount

Define Documentation

#define PK11_GETTAB (   x)    ((CK_FUNCTION_LIST_PTR)((x)->functionList))

Definition at line 104 of file secmodi.h.

#define PK11_SETATTRS (   x,
  id,
  v,
  l 
)
Value:
(x)->type = (id); \
              (x)->pValue=(v); (x)->ulValueLen = (l);

Definition at line 105 of file secmodi.h.


Function Documentation

Definition at line 435 of file pk11load.c.

{
#ifdef DEBUG_MODULE
    if (modToDBG) {
       print_final_statistics();
    }
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus pbe_PK11AlgidToParam ( SECAlgorithmID *  algid,
SECItem *  mech 
)

Definition at line 409 of file pk11pbe.c.

{
    CK_PBE_PARAMS *pbe_params = NULL;
    SEC_PKCS5PBEParameter p5_param;
    SECItem *salt = NULL;
    SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
    PRArenaPool *arena = NULL;
    SECStatus rv = SECFailure;
    int iv_len;
    

    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
    if (arena == NULL) {
       goto loser;
    }
    iv_len = PK11_GetIVLength(PK11_AlgtagToMechanism(algorithm));
    if (iv_len < 0) {
       goto loser;
    }

    if (sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
        rv = SEC_ASN1DecodeItem(arena, &p5_param,
                      SEC_V2PKCS12PBEParameterTemplate, &algid->parameters);
    } else {
        rv = SEC_ASN1DecodeItem(arena,&p5_param,SEC_PKCS5PBEParameterTemplate, 
                                          &algid->parameters);
    }

    if (rv != SECSuccess) {
       goto loser;
    }
        
    salt = &p5_param.salt;

    pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(sizeof(CK_PBE_PARAMS)+
                                          salt->len+iv_len);
    if (pbe_params == NULL) {
       goto loser;
    }

    /* get salt */
    pbe_params->pSalt = ((CK_CHAR_PTR) pbe_params)+sizeof(CK_PBE_PARAMS);
    if (iv_len) {
       pbe_params->pInitVector = ((CK_CHAR_PTR) pbe_params)+
                                   sizeof(CK_PBE_PARAMS)+salt->len;
    }
    PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len);
    pbe_params->ulSaltLen = (CK_ULONG) salt->len;

    /* get iteration count */
    pbe_params->ulIteration = (CK_ULONG) DER_GetInteger(&p5_param.iteration);

    /* copy into the mechanism sec item */
    mech->data = (unsigned char *)pbe_params;
    mech->len = sizeof(*pbe_params);
    if (arena) {
       PORT_FreeArena(arena,PR_TRUE);
    }
    return SECSuccess;

loser:
    if (pbe_params) {
       PORT_Free(pbe_params);
    }
    if (arena) {
       PORT_FreeArena(arena,PR_TRUE);
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PBE_PK11ParamToAlgid ( SECOidTag  algTag,
SECItem *  param,
PRArenaPool arena,
SECAlgorithmID *  algId 
)

Definition at line 480 of file pk11pbe.c.

{
    CK_PBE_PARAMS *pbe_param;
    SECItem pbeSalt;
    SECAlgorithmID *pbeAlgID = NULL;
    SECStatus rv;

    if(!param || !algId) {
       return SECFailure;
    }

    pbe_param = (CK_PBE_PARAMS *)param->data;
    pbeSalt.data = (unsigned char *)pbe_param->pSalt;
    pbeSalt.len = pbe_param->ulSaltLen;
    pbeAlgID = SEC_PKCS5CreateAlgorithmID(algTag, &pbeSalt, 
                                     (int)pbe_param->ulIteration);
    if(!pbeAlgID) {
       return SECFailure;
    }

    rv = SECOID_CopyAlgorithmID(arena, algId, pbeAlgID);
    SECOID_DestroyAlgorithmID(pbeAlgID, PR_TRUE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned int pk11_AttrFlagsToAttributes ( PK11AttrFlags  attrFlags,
CK_ATTRIBUTE attrs,
CK_BBOOL ckTrue,
CK_BBOOL ckFalse 
)

Definition at line 473 of file pk11obj.c.

{
    const static CK_ATTRIBUTE_TYPE attrTypes[5] = {
       CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_SENSITIVE,
       CKA_EXTRACTABLE
    };

    const CK_ATTRIBUTE_TYPE *pType = attrTypes;
          CK_ATTRIBUTE      *attr  = attrs;
          PK11AttrFlags      test  = PK11_ATTR_TOKEN;

    PR_ASSERT(!pk11_BadAttrFlags(attrFlags));

    /* we test two related bitflags in each iteration */
    for (; attrFlags && test <= PK11_ATTR_EXTRACTABLE; test <<= 2, ++pType) {
       if (test & attrFlags) {
           attrFlags ^= test;
           PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue); 
           ++attr;
       } else if ((test << 1) & attrFlags) {
           attrFlags ^= (test << 1);
           PK11_SETATTRS(attr, *pType, ckFalse, sizeof *ckFalse); 
           ++attr;
       }
    }
    return (attr - attrs);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus pk11_AuthenticateUnfriendly ( PK11SlotInfo *  slot,
PRBool  loadCerts,
void wincx 
)

Definition at line 306 of file pk11auth.c.

{
    SECStatus rv = SECSuccess;
    if (!PK11_IsFriendly(slot)) {
       rv = PK11_Authenticate(slot, loadCerts, wincx);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 461 of file pk11obj.c.

{
    PK11AttrFlags trueFlags = attrFlags & 0x55555555;
    PK11AttrFlags falseFlags = (attrFlags >> 1) & 0x55555555;
    return ((trueFlags & falseFlags) != 0);
}

Here is the caller graph for this function:

void pk11_CloseSession ( PK11SlotInfo *  slot,
CK_SESSION_HANDLE  sess,
PRBool  own 
)

Definition at line 380 of file pk11obj.c.

{
    if (!owner) return;
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    (void) PK11_GETTAB(slot)->C_CloseSession(session);
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_CreateNewObject ( PK11SlotInfo *  slot,
CK_SESSION_HANDLE  session,
CK_ATTRIBUTE theTemplate,
int  count,
PRBool  token,
CK_OBJECT_HANDLE objectID 
)

Definition at line 390 of file pk11obj.c.

{
       CK_SESSION_HANDLE rwsession;
       CK_RV crv;
       SECStatus rv = SECSuccess;

       rwsession = session;
       if (token) {
           rwsession =  PK11_GetRWSession(slot);
       } else if (rwsession == CK_INVALID_SESSION) {
           rwsession =  slot->session;
           if (rwsession != CK_INVALID_SESSION)
              PK11_EnterSlotMonitor(slot);
       }
       if (rwsession == CK_INVALID_SESSION) {
           PORT_SetError(SEC_ERROR_BAD_DATA);
           return SECFailure;
       }
       crv = PK11_GETTAB(slot)->C_CreateObject(rwsession, theTemplate,
                                                 count,objectID);
       if(crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           rv = SECFailure;
       }
       if (token) {
           PK11_RestoreROSession(slot, rwsession);
       } else if (session == CK_INVALID_SESSION) {
           PK11_ExitSlotMonitor(slot);
        }

       return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool pk11_FindAttrInTemplate ( CK_ATTRIBUTE attr,
unsigned int  numAttrs,
CK_ATTRIBUTE_TYPE  target 
)

Definition at line 610 of file pk11obj.c.

{
    for (; numAttrs > 0; ++attr, --numAttrs) {
       if (attr->type == target)
           return PR_TRUE;
    }
    return PR_FALSE;
}

Here is the caller graph for this function:

CK_OBJECT_HANDLE pk11_FindObjectByTemplate ( PK11SlotInfo *  slot,
CK_ATTRIBUTE inTemplate,
int  tsize 
)

Definition at line 1358 of file pk11obj.c.

{
    CK_OBJECT_HANDLE object;
    CK_RV crv;
    CK_ULONG objectCount;

    /*
     * issue the find
     */
    PK11_EnterSlotMonitor(slot);
    crv=PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, theTemplate, tsize);
    if (crv != CKR_OK) {
        PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       return CK_INVALID_HANDLE;
    }

    crv=PK11_GETTAB(slot)->C_FindObjects(slot->session,&object,1,&objectCount);
    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
    PK11_ExitSlotMonitor(slot);
    if ((crv != CKR_OK) || (objectCount < 1)) {
       /* shouldn't use SSL_ERROR... here */
       PORT_SetError( crv != CKR_OK ? PK11_MapError(crv) :
                                            SSL_ERROR_NO_CERTIFICATE);
       return CK_INVALID_HANDLE;
    }

    /* blow up if the PKCS #11 module returns us and invalid object handle */
    PORT_Assert(object != CK_INVALID_HANDLE);
    return object;
} 

Here is the call graph for this function:

Here is the caller graph for this function:

CK_OBJECT_HANDLE* pk11_FindObjectsByTemplate ( PK11SlotInfo *  slot,
CK_ATTRIBUTE inTemplate,
int  tsize,
int objCount 
)

Definition at line 1394 of file pk11obj.c.

                                                                          {
    CK_OBJECT_HANDLE *objID = NULL;
    CK_ULONG returned_count = 0;
    CK_RV crv;


    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, findTemplate, 
                                                        findCount);
    if (crv != CKR_OK) {
       PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       *object_count = -1;
       return NULL;
    }


    /*
     * collect all the Matching Objects
     */
    do {
       CK_OBJECT_HANDLE *oldObjID = objID;

       if (objID == NULL) {
           objID = (CK_OBJECT_HANDLE *) PORT_Alloc(sizeof(CK_OBJECT_HANDLE)*
                            (*object_count+ PK11_SEARCH_CHUNKSIZE));
       } else {
           objID = (CK_OBJECT_HANDLE *) PORT_Realloc(objID,
              sizeof(CK_OBJECT_HANDLE)*(*object_count+PK11_SEARCH_CHUNKSIZE));
       }

       if (objID == NULL) {
           if (oldObjID) PORT_Free(oldObjID);
           break;
       }
       crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
              &objID[*object_count],PK11_SEARCH_CHUNKSIZE,&returned_count);
       if (crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           PORT_Free(objID);
           objID = NULL;
           break;
       }
       *object_count += returned_count;
    } while (returned_count == PK11_SEARCH_CHUNKSIZE);

    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
    PK11_ExitSlotMonitor(slot);

    if (objID && (*object_count == 0)) {
       PORT_Free(objID);
       return NULL;
    }
    if (objID == NULL) *object_count = -1;
    return objID;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_OBJECT_HANDLE pk11_FindPrivateKeyFromCertID ( PK11SlotInfo *  slot,
SECItem *  keyID 
)

Definition at line 1799 of file pk11akey.c.

{
    CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY;
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_ID, NULL, 0 },
       { CKA_CLASS, NULL, 0 },
    };
    /* if you change the array, change the variable below as well */
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_ATTRIBUTE *attrs = theTemplate;

    PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len ); attrs++;
    PK11_SETATTRS(attrs, CKA_CLASS, &privKey, sizeof(privKey));

    return pk11_FindObjectByTemplate(slot,theTemplate,tsize);
} 

Here is the call graph for this function:

Here is the caller graph for this function:

CK_OBJECT_HANDLE pk11_FindPubKeyByAnyCert ( CERTCertificate *  cert,
PK11SlotInfo **  slot,
void wincx 
)

Definition at line 1650 of file pk11cert.c.

{
    CK_OBJECT_HANDLE certHandle;
    CK_OBJECT_HANDLE keyHandle;

    certHandle = PK11_FindObjectForCert(cert, wincx, slot);
    if (certHandle == CK_INVALID_HANDLE) {
        return CK_INVALID_HANDLE;
    }
    keyHandle = PK11_MatchItem(*slot,certHandle,CKO_PUBLIC_KEY);
    if (keyHandle == CK_INVALID_HANDLE) { 
       PK11_FreeSlot(*slot);
       return CK_INVALID_HANDLE;
    }
    return keyHandle;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SymKey* pk11_ForceSlot ( PK11SymKey *  symKey,
CK_MECHANISM_TYPE  type,
CK_ATTRIBUTE_TYPE  operation 
)

Definition at line 845 of file pk11skey.c.

{
    PK11SlotInfo *slot = symKey->slot;
    PK11SymKey *newKey = NULL;

    if ((slot== NULL) || !PK11_DoesMechanism(slot,type)) {
       slot = PK11_GetBestSlot(type,symKey->cx);
       if (slot == NULL) {
           PORT_SetError( SEC_ERROR_NO_MODULE );
           return NULL;
       }
       newKey = pk11_CopyToSlot(slot, type, operation, symKey);
       PK11_FreeSlot(slot);
    }
    return newKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* pk11_GetLowLevelKeyFromHandle ( PK11SlotInfo *  slot,
CK_OBJECT_HANDLE  handle 
)

Definition at line 1675 of file pk11obj.c.

{
    CK_ATTRIBUTE theTemplate[] = {
       { CKA_ID, NULL, 0 },
    };
    int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
    CK_RV crv;
    SECItem *item;

    item = SECITEM_AllocItem(NULL, NULL, 0);

    if (item == NULL) {
       return NULL;
    }

    crv = PK11_GetAttributes(NULL,slot,handle,theTemplate,tsize);
    if (crv != CKR_OK) {
       SECITEM_FreeItem(item,PR_TRUE);
       PORT_SetError( PK11_MapError(crv) );
       return NULL;
    }

    item->data = (unsigned char*) theTemplate[0].pValue;
    item->len =theTemplate[0].ulValueLen;

    return item;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CK_SESSION_HANDLE pk11_GetNewSession ( PK11SlotInfo *  slot,
PRBool owner 
)

Definition at line 364 of file pk11obj.c.

{
    CK_SESSION_HANDLE session;
    *owner =  PR_TRUE;
    if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
    if ( PK11_GETTAB(slot)->C_OpenSession(slot->slotID,CKF_SERIAL_SESSION, 
                     slot,pk11_notify,&session) != CKR_OK) {
       *owner = PR_FALSE;
       session = slot->session;
    }
    if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);

    return session;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool pk11_HandleTrustObject ( PK11SlotInfo *  slot,
CERTCertificate *  cert,
CERTCertTrust *  trust 
)

Definition at line 88 of file pk11nobj.c.

{
  PRArenaPool *arena;

  CK_ATTRIBUTE tobjTemplate[] = {
    { CKA_CLASS, NULL, 0 },
    { CKA_CERT_SHA1_HASH, NULL, 0 },
  };

  CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
  CK_OBJECT_HANDLE tobjID;
  unsigned char sha1_hash[SHA1_LENGTH];

  CK_TRUST serverAuth, codeSigning, emailProtection, clientAuth;

  PK11_HashBuf(SEC_OID_SHA1, sha1_hash, cert->derCert.data, cert->derCert.len);

  PK11_SETATTRS(&tobjTemplate[0], CKA_CLASS, &tobjc, sizeof(tobjc));
  PK11_SETATTRS(&tobjTemplate[1], CKA_CERT_SHA1_HASH, sha1_hash, 
                SHA1_LENGTH);

  tobjID = pk11_FindObjectByTemplate(slot, tobjTemplate, 
                                     sizeof(tobjTemplate)/sizeof(tobjTemplate[0]));
  if( CK_INVALID_HANDLE == tobjID ) {
    return PR_FALSE;
  }

  arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
  if( NULL == arena ) return PR_FALSE;

  /* Unfortunately, it seems that PK11_GetAttributes doesn't deal
   * well with nonexistant attributes.  I guess we have to check 
   * the trust info fields one at a time.
   */

  /* We could verify CKA_CERT_HASH here */

  /* We could verify CKA_EXPIRES here */


  /* "Purpose" trust information */
  serverAuth = pk11_GetTrustField(slot, arena, tobjID, CKA_TRUST_SERVER_AUTH);
  clientAuth = pk11_GetTrustField(slot, arena, tobjID, CKA_TRUST_CLIENT_AUTH);
  codeSigning = pk11_GetTrustField(slot, arena, tobjID, CKA_TRUST_CODE_SIGNING);
  emailProtection = pk11_GetTrustField(slot, arena, tobjID, 
                                          CKA_TRUST_EMAIL_PROTECTION);
  /* Here's where the fun logic happens.  We have to map back from the 
   * key usage, extended key usage, purpose, and possibly other trust values 
   * into the old trust-flags bits.  */

  /* First implementation: keep it simple for testing.  We can study what other
   * mappings would be appropriate and add them later.. fgmr 20000724 */

  if ( serverAuth ==  CKT_NETSCAPE_TRUSTED ) {
    trust->sslFlags |= CERTDB_VALID_PEER | CERTDB_TRUSTED;
  }

  if ( serverAuth == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->sslFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | 
                                                 CERTDB_NS_TRUSTED_CA;
  }
  if ( clientAuth == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->sslFlags |=  CERTDB_TRUSTED_CLIENT_CA ;
  }

  if ( emailProtection == CKT_NETSCAPE_TRUSTED ) {
    trust->emailFlags |= CERTDB_VALID_PEER | CERTDB_TRUSTED;
  }

  if ( emailProtection == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->emailFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
  }

  if( codeSigning == CKT_NETSCAPE_TRUSTED ) {
    trust->objectSigningFlags |= CERTDB_VALID_PEER | CERTDB_TRUSTED;
  }

  if( codeSigning == CKT_NETSCAPE_TRUSTED_DELEGATOR ) {
    trust->objectSigningFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
  }

  /* There's certainly a lot more logic that can go here.. */

  PORT_FreeArena(arena, PR_FALSE);

  return PR_TRUE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PK11SymKey* pk11_KeyExchange ( PK11SlotInfo *  slot,
CK_MECHANISM_TYPE  type,
CK_ATTRIBUTE_TYPE  operation,
CK_FLAGS  flags,
PRBool  isPerm,
PK11SymKey *  symKey 
)

Definition at line 76 of file pk11kea.c.

{
    PK11SymKey *newSymKey = NULL;
    SECStatus rv;
    /* performance improvement can go here --- use a generated key at startup
     * to generate a per token wrapping key. If it exists, use it, otherwise 
     * do a full key exchange. */

    /* find a common Key Exchange algorithm */
    /* RSA */
    if (PK11_DoesMechanism(symKey->slot, CKM_RSA_PKCS) && 
                            PK11_DoesMechanism(slot,CKM_RSA_PKCS)) {
       CK_OBJECT_HANDLE pubKeyHandle = CK_INVALID_HANDLE;
       CK_OBJECT_HANDLE privKeyHandle = CK_INVALID_HANDLE;
       SECKEYPublicKey *pubKey = NULL;
       SECKEYPrivateKey *privKey = NULL;
       SECItem wrapData;
       unsigned int     symKeyLength = PK11_GetKeyLength(symKey);

       wrapData.data = NULL;

       /* find RSA Public Key on target */
       pubKeyHandle = pk11_FindRSAPubKey(slot);
       if (pubKeyHandle != CK_INVALID_HANDLE) {
           privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
       }

       /* if no key exists, generate a key pair */
       if (privKeyHandle == CK_INVALID_HANDLE) {
           PK11RSAGenParams rsaParams;

           if (symKeyLength > 53) /* bytes */ {
              /* we'd have to generate an RSA key pair > 512 bits long,
              ** and that's too costly.  Don't even try. 
              */
              PORT_SetError( SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY );
              goto rsa_failed;
           }
           rsaParams.keySizeInBits = 
               (symKeyLength > 21 || symKeyLength == 0) ? 512 : 256;
           rsaParams.pe  = 0x10001;
           privKey = PK11_GenerateKeyPair(slot,CKM_RSA_PKCS_KEY_PAIR_GEN, 
                         &rsaParams, &pubKey,PR_FALSE,PR_TRUE,symKey->cx);
       } else {
           /* if keys exist, build SECKEY data structures for them */
           privKey = PK11_MakePrivKey(slot,nullKey, PR_TRUE, privKeyHandle,
                                   symKey->cx);
           if (privKey != NULL) {
              pubKey = PK11_ExtractPublicKey(slot, rsaKey, pubKeyHandle);
              if (pubKey && pubKey->pkcs11Slot) {
                  PK11_FreeSlot(pubKey->pkcs11Slot);
                  pubKey->pkcs11Slot = NULL;
                  pubKey->pkcs11ID = CK_INVALID_HANDLE;
              }
           }
       }
       if (privKey == NULL) goto rsa_failed;
       if (pubKey == NULL)  goto rsa_failed;

        wrapData.len  = SECKEY_PublicKeyStrength(pubKey);
        if (!wrapData.len) goto rsa_failed;
        wrapData.data = PORT_Alloc(wrapData.len);
        if (wrapData.data == NULL) goto rsa_failed;

       /* now wrap the keys in and out */
       rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, symKey, &wrapData);
       if (rv == SECSuccess) {
           newSymKey = PK11_PubUnwrapSymKeyWithFlagsPerm(privKey,
                     &wrapData,type,operation,symKeyLength,flags,isPerm);
           /* make sure we wound up where we wanted to be! */
           if (newSymKey && newSymKey->slot != slot) {
              PK11_FreeSymKey(newSymKey);
              newSymKey = NULL;
           }
       }
rsa_failed:
       if (wrapData.data != NULL) PORT_Free(wrapData.data);
       if (privKey != NULL) SECKEY_DestroyPrivateKey(privKey);
       if (pubKey != NULL) SECKEY_DestroyPublicKey(pubKey);

       return  newSymKey;
    }
    PORT_SetError( SEC_ERROR_NO_MODULE );
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool pk11_LoginStillRequired ( PK11SlotInfo *  slot,
void wincx 
)

Definition at line 284 of file pk11auth.c.

{
    return slot->needLogin && !PK11_IsLoggedIn(slot,wincx);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECKEYPrivateKey* PK11_MakePrivKey ( PK11SlotInfo *  slot,
KeyType  keyType,
PRBool  isTemp,
CK_OBJECT_HANDLE  privID,
void wincx 
)

Definition at line 393 of file pk11akey.c.

{
    PRArenaPool *arena;
    SECKEYPrivateKey *privKey;
    PRBool isPrivate;
    SECStatus rv;

    /* don't know? look it up */
    if (keyType == nullKey) {
       CK_KEY_TYPE pk11Type = CKK_RSA;

       pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE);
       isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN);
       switch (pk11Type) {
       case CKK_RSA: keyType = rsaKey; break;
       case CKK_DSA: keyType = dsaKey; break;
       case CKK_DH: keyType = dhKey; break;
       case CKK_KEA: keyType = fortezzaKey; break;
       case CKK_EC: keyType = ecKey; break;
       default:
              break;
       }
    }

    /* if the key is private, make sure we are authenticated to the
     * token before we try to use it */
    isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE);
    if (isPrivate) {
       rv = PK11_Authenticate(slot, PR_TRUE, wincx);
       if (rv != SECSuccess) {
           return NULL;
       }
    }

    /* now we need to create space for the private key */
    arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) return NULL;

    privKey = (SECKEYPrivateKey *) 
                     PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
    if (privKey == NULL) {
       PORT_FreeArena(arena, PR_FALSE);
       return NULL;
    }

    privKey->arena = arena;
    privKey->keyType = keyType;
    privKey->pkcs11Slot = PK11_ReferenceSlot(slot);
    privKey->pkcs11ID = privID;
    privKey->pkcs11IsTemp = isTemp;
    privKey->wincx = wincx;

    return privKey;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1762 of file pk11mech.c.

{
    switch (keyType) {
    case rsaKey:
       return CKM_RSA_PKCS;
    /* Add fortezza?? */
    default:
       break;
    }
    return CKM_INVALID_MECHANISM;
}

Here is the caller graph for this function:

CK_RV pk11_notify ( CK_SESSION_HANDLE  session,
CK_NOTIFICATION  event,
CK_VOID_PTR  pdata 
)

Definition at line 654 of file pk11slot.c.

{
    return CKR_OK;
}

Here is the caller graph for this function:

int PK11_NumberObjectsFor ( PK11SlotInfo *  slot,
CK_ATTRIBUTE findTemplate,
int  templateCount 
)

Definition at line 1507 of file pk11obj.c.

{
    CK_OBJECT_HANDLE objID[PK11_SEARCH_CHUNKSIZE];
    int object_count = 0;
    CK_ULONG returned_count = 0;
    CK_RV crv;

    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session,
                                   findTemplate, templateCount);
    if (crv != CKR_OK) {
        PK11_ExitSlotMonitor(slot);
       PORT_SetError( PK11_MapError(crv) );
       return 0;
    }

    /*
     * collect all the Matching Objects
     */
    do {
       crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
                            objID,PK11_SEARCH_CHUNKSIZE,&returned_count);
       if (crv != CKR_OK) {
           PORT_SetError( PK11_MapError(crv) );
           break;
       }
       object_count += returned_count;
    } while (returned_count == PK11_SEARCH_CHUNKSIZE);

    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
    PK11_ExitSlotMonitor(slot);
    return object_count;
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned int pk11_OpFlagsToAttributes ( CK_FLAGS  flags,
CK_ATTRIBUTE attrs,
CK_BBOOL ckTrue 
)

Definition at line 428 of file pk11obj.c.

{

    const static CK_ATTRIBUTE_TYPE attrTypes[12] = {
       CKA_ENCRYPT,      CKA_DECRYPT, 0 /* DIGEST */,     CKA_SIGN,
       CKA_SIGN_RECOVER, CKA_VERIFY,  CKA_VERIFY_RECOVER, 0 /* GEN */,
       0 /* GEN PAIR */, CKA_WRAP,    CKA_UNWRAP,         CKA_DERIVE 
    };

    const CK_ATTRIBUTE_TYPE *pType = attrTypes;
          CK_ATTRIBUTE      *attr  = attrs;
          CK_FLAGS          test   = CKF_ENCRYPT;


    PR_ASSERT(!(flags & ~CKF_KEY_OPERATION_FLAGS));
    flags &= CKF_KEY_OPERATION_FLAGS;

    for (; flags && test <= CKF_DERIVE; test <<= 1, ++pType) {
       if (test & flags) {
           flags ^= test;
           PR_ASSERT(*pType);
           PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue); 
           ++attr;
       }
    }
    return (attr - attrs);
}

Here is the caller graph for this function:

Definition at line 347 of file pk11obj.c.

                                            {
    char *ptr = (char *)attrib->pValue;
    unsigned long len = attrib->ulValueLen;

    while (len && (*ptr == 0)) {
       len--;
       ptr++;
    }
    attrib->pValue = ptr;
    attrib->ulValueLen = len;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_TraverseSlot ( PK11SlotInfo *  slot,
void arg 
)

Definition at line 1546 of file pk11obj.c.

{
    int i;
    CK_OBJECT_HANDLE *objID = NULL;
    int object_count = 0;
    pk11TraverseSlot *slotcb = (pk11TraverseSlot*) arg;

    objID = pk11_FindObjectsByTemplate(slot,slotcb->findTemplate,
              slotcb->templateCount,&object_count);

    /*Actually this isn't a failure... there just were no objs to be found*/
    if (object_count == 0) {
       return SECSuccess;
    }

    if (objID == NULL) {
       return SECFailure;
    }

    for (i=0; i < object_count; i++) {
       (*slotcb->callback)(slot,objID[i],slotcb->callbackArg);
    }
    PORT_Free(objID);
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus PK11_UpdateSlotAttribute ( PK11SlotInfo *  slot,
PK11DefaultArrayEntry *  entry,
PRBool  add 
)

Definition at line 920 of file pk11slot.c.

{
    SECStatus result = SECSuccess;
    PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);

    if (add) { /* trying to turn on a mechanism */
                 
        /* turn on the default flag in the slot */
        slot->defaultFlags |= entry->flag;
        
        /* add this slot to the list */
        if (slotList!=NULL)
            result = PK11_AddSlotToList(slotList, slot);
        
    } else { /* trying to turn off */
            
        /* turn OFF the flag in the slot */ 
        slot->defaultFlags &= ~entry->flag;
        
        if (slotList) {
            /* find the element in the list & delete it */
            PK11SlotListElement *le = PK11_FindSlotElement(slotList, slot);

            /* remove the slot from the list */
            if (le)
                result = PK11_DeleteSlotFromList(slotList, le);
        }
    }
    return result;
}

Here is the call graph for this function:

Definition at line 134 of file pk11sdr.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 140 of file pk11sdr.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void SECMOD_AddList ( SECMODModuleList *  ,
SECMODModuleList *  ,
SECMODListLock  
)

Definition at line 116 of file pk11list.c.

{
    if (lock) { SECMOD_GetWriteLock(lock); }

    child->next = parent->next;
    parent->next = child;

   if (lock) { SECMOD_ReleaseWriteLock(lock); }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_AddModule ( SECMODModule *  newModule)

Definition at line 471 of file pk11util.c.

{
    SECStatus rv;
    SECMODModule *oldModule;

    /* Test if a module w/ the same name already exists */
    /* and return SECWouldBlock if so. */
    /* We should probably add a new return value such as */
    /* SECDublicateModule, but to minimize ripples, I'll */
    /* give SECWouldBlock a new meaning */
    if ((oldModule = SECMOD_FindModule(newModule->commonName)) != NULL) {
       SECMOD_DestroyModule(oldModule);
        return SECWouldBlock;
        /* module already exists. */
    }

    rv = SECMOD_LoadPKCS11Module(newModule);
    if (rv != SECSuccess) {
       return rv;
    }

    if (newModule->parent == NULL) {
       newModule->parent = SECMOD_ReferenceModule(defaultDBModule);
    }

    SECMOD_AddPermDB(newModule);
    SECMOD_AddModuleToList(newModule);

    rv = STAN_AddModuleToDefaultTrustDomain(newModule);

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_AddModuleToDBOnlyList ( SECMODModule *  newModule)

Definition at line 180 of file pk11util.c.

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_AddModuleToList ( SECMODModule *  newModule)

Definition at line 171 of file pk11util.c.

{
    if (newModule->internal && !internalModule) {
       internalModule = SECMOD_ReferenceModule(newModule);
    }
    return secmod_AddModuleToList(&modules,newModule);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_AddModuleToUnloadList ( SECMODModule *  newModule)

Definition at line 189 of file pk11util.c.

{
    return secmod_AddModuleToList(&modulesUnload,newModule);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_AddPermDB ( SECMODModule *  module)

Definition at line 238 of file pk11pars.c.

{
    SECMODModuleDBFunc func;
    char *moduleSpec;
    char **retString;

    if (module->parent == NULL) return SECFailure;

    func  = (SECMODModuleDBFunc) module->parent->moduleDBFunc;
    if (func) {
       moduleSpec = secmod_mkModuleSpec(module);
       retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD,
              module->parent->libraryParams,moduleSpec);
       PORT_Free(moduleSpec);
       if (retString != NULL) return SECSuccess;
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_DeleteModuleEx ( const char *  name,
SECMODModule *  mod,
int type,
PRBool  permdb 
)

Definition at line 325 of file pk11util.c.

{
    SECMODModuleList *mlp;
    SECMODModuleList **mlpp;
    SECStatus rv = SECFailure;

    *type = SECMOD_EXTERNAL;

    SECMOD_GetWriteLock(moduleLock);
    for (mlpp = &modules,mlp = modules; 
                            mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
       if ((name && (PORT_Strcmp(name,mlp->module->commonName) == 0)) ||
                                                 mod == mlp->module) {
           /* don't delete the internal module */
           if (!mlp->module->internal) {
              SECMOD_RemoveList(mlpp,mlp);
              /* delete it after we release the lock */
              rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
           } else if (mlp->module->isFIPS) {
              *type = SECMOD_FIPS;
           } else {
              *type = SECMOD_INTERNAL;
           }
           break;
       }
    }
    if (mlp) {
       goto found;
    }
    /* not on the internal list, check the unload list */
    for (mlpp = &modulesUnload,mlp = modulesUnload; 
                            mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
       if ((name && (PORT_Strcmp(name,mlp->module->commonName) == 0)) ||
                                                 mod == mlp->module) {
           /* don't delete the internal module */
           if (!mlp->module->internal) {
              SECMOD_RemoveList(mlpp,mlp);
              rv = SECSuccess;
           } else if (mlp->module->isFIPS) {
              *type = SECMOD_FIPS;
           } else {
              *type = SECMOD_INTERNAL;
           }
           break;
       }
    }
found:
    SECMOD_ReleaseWriteLock(moduleLock);


    if (rv == SECSuccess) {
       if (permdb) {
           SECMOD_DeletePermDB(mlp->module);
       }
       SECMOD_DestroyModuleListElement(mlp);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_BEGIN_PROTOS SECStatus SECMOD_DeletePermDB ( SECMODModule *  module)

Definition at line 258 of file pk11pars.c.

{
    SECMODModuleDBFunc func;
    char *moduleSpec;
    char **retString;

    if (module->parent == NULL) return SECFailure;

    func  = (SECMODModuleDBFunc) module->parent->moduleDBFunc;
    if (func) {
       moduleSpec = secmod_mkModuleSpec(module);
       retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL,
              module->parent->libraryParams,moduleSpec);
       PORT_Free(moduleSpec);
       if (retString != NULL) return SECSuccess;
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 59 of file pk11list.c.

Here is the call graph for this function:

Here is the caller graph for this function:

void SECMOD_DestroyModuleList ( SECMODModuleList *  )

Definition at line 837 of file pk11util.c.

{
    SECMODModuleList *lp;

    for ( lp = list; lp != NULL; lp = SECMOD_DestroyModuleListElement(lp)) ;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECMODModuleList* SECMOD_DestroyModuleListElement ( SECMODModuleList *  )

Definition at line 820 of file pk11util.c.

{
    SECMODModuleList *next = element->next;

    if (element->module) {
       SECMOD_DestroyModule(element->module);
       element->module = NULL;
    }
    PORT_Free(element);
    return next;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 256 of file pk11util.c.

{
    SECMODModuleList *mlp;
    SECMODModule *module = NULL;

    SECMOD_GetReadLock(moduleLock);
    for(mlp = modules; mlp != NULL; mlp = mlp->next) {
       if (id == mlp->module->moduleID) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
    }
    SECMOD_ReleaseReadLock(moduleLock);
    if (module == NULL) {
       PORT_SetError(SEC_ERROR_NO_MODULE);
    }
    return module;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 86 of file pk11list.c.

{
    NSSRWLock_LockWrite(modLock);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 67 of file pk11util.c.

{
    /* don't initialize twice */
    if (moduleLock) return;

    moduleLock = SECMOD_NewListLock();
    PK11_InitSlotLists();
}

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned long SECMOD_InternaltoPubCipherFlags ( unsigned long  internalFlags)

Definition at line 686 of file pk11util.c.

{
    return internalFlags;
}
unsigned long SECMOD_InternaltoPubMechFlags ( unsigned long  internalFlags)

Definition at line 664 of file pk11util.c.

{
    unsigned long publicFlags = internalFlags;

    if (internalFlags & SECMOD_RANDOM_FLAG) {
        publicFlags &= ~SECMOD_RANDOM_FLAG;
        publicFlags |= PUBLIC_MECH_RANDOM_FLAG;
    }
    return publicFlags;
}
SECStatus SECMOD_LoadPKCS11Module ( SECMODModule *  )

Definition at line 229 of file pk11load.c.

                                           {
    PRLibrary *library = NULL;
    CK_C_GetFunctionList entry = NULL;
    char * full_name;
    CK_INFO info;
    CK_ULONG slotCount = 0;
    SECStatus rv;
    PRBool alreadyLoaded = PR_FALSE;
    char *disableUnload = NULL;

    if (mod->loaded) return SECSuccess;

    /* intenal modules get loaded from their internal list */
    if (mod->internal) {
       /* internal, statically get the C_GetFunctionList function */
       if (mod->isFIPS) {
           entry = (CK_C_GetFunctionList) FC_GetFunctionList;
       } else {
           entry = (CK_C_GetFunctionList) NSC_GetFunctionList;
       }
       if (mod->isModuleDB) {
           mod->moduleDBFunc = (void *) NSC_ModuleDBFunc;
       }
       if (mod->moduleDBOnly) {
           mod->loaded = PR_TRUE;
           return SECSuccess;
       }
    } else {
       /* Not internal, load the DLL and look up C_GetFunctionList */
       if (mod->dllName == NULL) {
           return SECFailure;
       }

#ifdef notdef
       /* look up the library name */
       full_name = PR_GetLibraryName(PR_GetLibraryPath(),mod->dllName);
       if (full_name == NULL) {
           return SECFailure;
       }
#else
       full_name = PORT_Strdup(mod->dllName);
#endif

       /* load the library. If this succeeds, then we have to remember to
        * unload the library if anything goes wrong from here on out...
        */
       library = PR_LoadLibrary(full_name);
       mod->library = (void *)library;
       PORT_Free(full_name);
       if (library == NULL) {
           return SECFailure;
       }

       /*
        * now we need to get the entry point to find the function pointers
        */
       if (!mod->moduleDBOnly) {
           entry = (CK_C_GetFunctionList)
                     PR_FindSymbol(library, "C_GetFunctionList");
       }
       if (mod->isModuleDB) {
           mod->moduleDBFunc = (void *)
                     PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
       }
       if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
       if (entry == NULL) {
           if (mod->isModuleDB) {
              mod->loaded = PR_TRUE;
              mod->moduleDBOnly = PR_TRUE;
              return SECSuccess;
           }
           PR_UnloadLibrary(library);
           return SECFailure;
       }
    }

    /*
     * We need to get the function list
     */
    if ((*entry)((CK_FUNCTION_LIST_PTR *)&mod->functionList) != CKR_OK) 
                                                        goto fail;

#ifdef DEBUG_MODULE
    if (PR_TRUE) {
       modToDBG = PR_GetEnv("NSS_DEBUG_PKCS11_MODULE");
       if (modToDBG && strcmp(mod->commonName, modToDBG) == 0) {
           mod->functionList = (void *)nss_InsertDeviceLog(
                                  (CK_FUNCTION_LIST_PTR)mod->functionList);
       }
    }
#endif

    mod->isThreadSafe = PR_TRUE;

    /* Now we initialize the module */
    rv = secmod_ModuleInit(mod, &alreadyLoaded);
    if (rv != SECSuccess) {
       goto fail;
    }

    /* check the version number */
    if (PK11_GETTAB(mod)->C_GetInfo(&info) != CKR_OK) goto fail2;
    if (info.cryptokiVersion.major != 2) goto fail2;
    /* all 2.0 are a priori *not* thread safe */
    if (info.cryptokiVersion.minor < 1) {
        if (!loadSingleThreadedModules) {
            PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
            goto fail2;
        } else {
            mod->isThreadSafe = PR_FALSE;
        }
    }
    mod->cryptokiVersion = info.cryptokiVersion;

    /* If we don't have a common name, get it from the PKCS 11 module */
    if ((mod->commonName == NULL) || (mod->commonName[0] == 0)) {
       mod->commonName = PK11_MakeString(mod->arena,NULL,
          (char *)info.libraryDescription, sizeof(info.libraryDescription));
       if (mod->commonName == NULL) goto fail2;
    }
    

    /* initialize the Slots */
    if (PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, NULL, &slotCount) == CKR_OK) {
       CK_SLOT_ID *slotIDs;
       int i;
       CK_RV crv;

       mod->slots = (PK11SlotInfo **)PORT_ArenaAlloc(mod->arena,
                                   sizeof(PK11SlotInfo *) * slotCount);
       if (mod->slots == NULL) goto fail2;

       slotIDs = (CK_SLOT_ID *) PORT_Alloc(sizeof(CK_SLOT_ID)*slotCount);
       if (slotIDs == NULL) {
           goto fail2;
       }  
       crv = PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, slotIDs, &slotCount);
       if (crv != CKR_OK) {
           PORT_Free(slotIDs);
           goto fail2;
       }

       /* Initialize each slot */
       for (i=0; i < (int)slotCount; i++) {
           mod->slots[i] = PK11_NewSlotInfo(mod);
           PK11_InitSlot(mod,slotIDs[i],mod->slots[i]);
           /* look down the slot info table */
           PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
           SECMOD_SetRootCerts(mod->slots[i],mod);
       }
       mod->slotCount = slotCount;
       mod->slotInfoCount = 0;
       PORT_Free(slotIDs);
    }
    
    mod->loaded = PR_TRUE;
    mod->moduleID = nextModuleID++;
    return SECSuccess;
fail2:
    if (enforceAlreadyInitializedError || (!alreadyLoaded)) {
        PK11_GETTAB(mod)->C_Finalize(NULL);
    }
fail:
    mod->functionList = NULL;
    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
    if (library && !disableUnload) {
        PR_UnloadLibrary(library);
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus secmod_ModuleInit ( SECMODModule *  mod,
PRBool alreadyLoaded 
)

Definition at line 131 of file pk11load.c.

{
    CK_C_INITIALIZE_ARGS moduleArgs;
    CK_VOID_PTR pInitArgs;
    CK_RV crv;

    if (!mod || !alreadyLoaded) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    if (mod->isThreadSafe == PR_FALSE) {
       pInitArgs = NULL;
    } else if (mod->libraryParams == NULL) {
       pInitArgs = (void *) &secmodLockFunctions;
    } else {
       moduleArgs = secmodLockFunctions;
       moduleArgs.LibraryParameters = (void *) mod->libraryParams;
       pInitArgs = &moduleArgs;
    }
    crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs);
    if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) &&
        (!enforceAlreadyInitializedError)) {
        *alreadyLoaded = PR_TRUE;
        return SECSuccess;
    }
    if (crv != CKR_OK) {
       if (pInitArgs == NULL ||
              crv == CKR_NETSCAPE_CERTDB_FAILED ||
              crv == CKR_NETSCAPE_KEYDB_FAILED) {
           PORT_SetError(PK11_MapError(crv));
           return SECFailure;
       }
       if (!loadSingleThreadedModules) {
           PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
           return SECFailure;
       }
       mod->isThreadSafe = PR_FALSE;
       crv = PK11_GETTAB(mod)->C_Initialize(NULL);
       if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) &&
           (!enforceAlreadyInitializedError)) {
           *alreadyLoaded = PR_TRUE;
           return SECSuccess;
       }
       if (crv != CKR_OK)  {
           PORT_SetError(PK11_MapError(crv));
           return SECFailure;
       }
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 51 of file pk11list.c.

{
    return NSSRWLock_New( 10, "moduleListLock");
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECMODModuleList* SECMOD_NewModuleListElement ( void  )

Definition at line 712 of file pk11util.c.

{
    SECMODModuleList *newModList;

    newModList= (SECMODModuleList *) PORT_Alloc(sizeof(SECMODModuleList));
    if (newModList) {
       newModList->next = NULL;
       newModList->module = NULL;
    }
    return newModList;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 96 of file pk11list.c.

{
    NSSRWLock_UnlockWrite(modLock);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECMOD_RemoveList ( SECMODModuleList **  ,
SECMODModuleList *   
)

Definition at line 106 of file pk11list.c.

{
    *parent = child->next;
    child->next = NULL;
}

Here is the caller graph for this function:

void SECMOD_SetInternalModule ( SECMODModule *  )

Definition at line 78 of file pk11util.c.

{
    /* destroy the lock */
    if (moduleLock) {
       SECMOD_DestroyListLock(moduleLock);
       moduleLock = NULL;
    }
    /* free the internal module */
    if (internalModule) {
       SECMOD_DestroyModule(internalModule);
       internalModule = NULL;
    }

    /* free the default database module */
    if (defaultDBModule) {
       SECMOD_DestroyModule(defaultDBModule);
       defaultDBModule = NULL;
    }
       
    /* destroy the list */
    if (modules) {
       SECMOD_DestroyModuleList(modules);
       modules = NULL;
    }
   
    if (modulesDB) {
       SECMOD_DestroyModuleList(modulesDB);
       modulesDB = NULL;
    }

    if (modulesUnload) {
       SECMOD_DestroyModuleList(modulesUnload);
       modulesUnload = NULL;
    }

    /* make all the slots and the lists go away */
    PK11_DestroySlotLists();

    nss_DumpModuleLog();

#ifdef DEBUG
    if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
       PORT_Assert(secmod_PrivateModuleCount == 0);
    }
#endif
    if (secmod_PrivateModuleCount) {
       PORT_SetError(SEC_ERROR_BUSY);
       return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECMOD_SlotDestroyModule ( SECMODModule *  module,
PRBool  fromSlot 
)

Definition at line 789 of file pk11util.c.

{
    PRBool willfree = PR_FALSE;
    if (fromSlot) {
        PORT_Assert(module->refCount == 0);
       PZ_Lock(module->refLock);
       if (module->slotCount-- == 1) {
           willfree = PR_TRUE;
       }
       PORT_Assert(willfree || (module->slotCount > 0));
       PZ_Unlock(module->refLock);
        if (!willfree) return;
    }

    if (module == pendingModule) {
       pendingModule = NULL;
    }

    if (module->loaded) {
       SECMOD_UnloadModule(module);
    }
    PZ_DestroyLock(module->refLock);
    PORT_FreeArena(module->arena,PR_FALSE);
    secmod_PrivateModuleCount--;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECMOD_UnloadModule ( SECMODModule *  )

Definition at line 401 of file pk11load.c.

                                       {
    PRLibrary *library;
    char *disableUnload = NULL;

    if (!mod->loaded) {
       return SECFailure;
    }
    if (finalizeModules) {
        if (!mod->moduleDBOnly) PK11_GETTAB(mod)->C_Finalize(NULL);
    }
    mod->moduleID = 0;
    mod->loaded = PR_FALSE;
    
    /* do we want the semantics to allow unloading the internal library?
     * if not, we should change this to SECFailure and move it above the
     * mod->loaded = PR_FALSE; */
    if (mod->internal) {
       return SECSuccess;
    }

    library = (PRLibrary *)mod->library;
    /* paranoia */
    if (library == NULL) {
       return SECFailure;
    }

    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
    if (!disableUnload) {
        PR_UnloadLibrary(library);
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 60 of file pk11util.c.