PRBool BLAPI_VerifySelf(const char *name) { if (name == NULL) { /* * If name is NULL, freebl is statically linked into softoken. * softoken will call BLAPI_SHVerify next to verify itself. */ return PR_TRUE; } return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt); }
/* * This function is called at dll load time, the code tha makes this * happen is platform specific on defined above. */ static void sftk_startup_tests(void) { SECStatus rv; const char *libraryName = SOFTOKEN_LIB_NAME; PORT_Assert(!sftk_self_tests_ran); PORT_Assert(!sftk_self_tests_success); sftk_self_tests_ran = PR_TRUE; sftk_self_tests_success = PR_FALSE; /* just in case */ /* need to initiallize the oid library before the RSA tests */ rv = SECOID_Init(); if (rv != SECSuccess) { return; } /* make sure freebl is initialized, or our RSA check * may fail. This is normally done at freebl load time, but it's * possible we may have shut freebl down without unloading it. */ rv = BL_Init(); if (rv != SECSuccess) { return; } rv = RNG_RNGInit(); if (rv != SECSuccess) { return; } /* check the RSA combined functions in softoken */ rv = sftk_fips_RSA_PowerUpSelfTest(); if (rv != SECSuccess) { return; } if (!BLAPI_SHVerify(libraryName, (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) { /* something is wrong with the library, fail without enabling * the token */ return; } sftk_self_tests_success = PR_TRUE; }
static SECStatus sftkdbLoad_Legacy(PRBool isFIPS) { PRLibrary *lib = NULL; LGSetCryptFunc setCryptFunction = NULL; if (legacy_glue_lib) { /* this check is necessary because it's possible we loaded the * legacydb to read secmod.db, which told us whether we were in * FIPS mode or not. */ if (isFIPS && !legacy_glue_libCheckSucceeded) { if (legacy_glue_libCheckFailed || !BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { legacy_glue_libCheckFailed = PR_TRUE; /* don't clobber legacy glue to avoid race. just let it * get cleared in shutdown */ return SECFailure; } legacy_glue_libCheckSucceeded = PR_TRUE; } return SECSuccess; } #ifdef NSS_STATIC #ifdef NSS_DISABLE_DBM return SECFailure; #else lib = (PRLibrary *) 0x8; legacy_glue_open = legacy_Open; legacy_glue_readSecmod = legacy_ReadSecmodDB; legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData; legacy_glue_deleteSecmod = legacy_DeleteSecmodDB; legacy_glue_addSecmod = legacy_AddSecmodDB; legacy_glue_shutdown = legacy_Shutdown; setCryptFunction = legacy_SetCryptFunctions; #endif #else lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME); if (lib == NULL) { return SECFailure; } legacy_glue_open = (LGOpenFunc)PR_FindFunctionSymbol(lib, "legacy_Open"); legacy_glue_readSecmod = (LGReadSecmodFunc) PR_FindFunctionSymbol(lib, "legacy_ReadSecmodDB"); legacy_glue_releaseSecmod = (LGReleaseSecmodFunc) PR_FindFunctionSymbol(lib, "legacy_ReleaseSecmodDBData"); legacy_glue_deleteSecmod = (LGDeleteSecmodFunc) PR_FindFunctionSymbol(lib, "legacy_DeleteSecmodDB"); legacy_glue_addSecmod = (LGAddSecmodFunc)PR_FindFunctionSymbol(lib, "legacy_AddSecmodDB"); legacy_glue_shutdown = (LGShutdownFunc) PR_FindFunctionSymbol(lib, "legacy_Shutdown"); setCryptFunction = (LGSetCryptFunc) PR_FindFunctionSymbol(lib, "legacy_SetCryptFunctions"); if (!legacy_glue_open || !legacy_glue_readSecmod || !legacy_glue_releaseSecmod || !legacy_glue_deleteSecmod || !legacy_glue_addSecmod || !setCryptFunction) { PR_UnloadLibrary(lib); return SECFailure; } #endif /* NSS_STATIC */ /* verify the loaded library if we are in FIPS mode */ if (isFIPS) { if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { #ifndef NSS_STATIC PR_UnloadLibrary(lib); #endif return SECFailure; } legacy_glue_libCheckSucceeded = PR_TRUE; } setCryptFunction(sftkdb_encrypt_stub,sftkdb_decrypt_stub); legacy_glue_lib = lib; return SECSuccess; }