PRBool
BLAPI_VerifySelf(const char *name)
{
if (name == NULL) {
/*
* If name is NULL, freebl is statically linked into softoken.
* softoken will call BLAPI_SHVerify next to verify itself.
*/
return PR_TRUE;
}
return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt);
}
/*
* This function is called at dll load time, the code tha makes this
* happen is platform specific on defined above.
*/
static void
sftk_startup_tests(void)
{
SECStatus rv;
const char *libraryName = SOFTOKEN_LIB_NAME;
PORT_Assert(!sftk_self_tests_ran);
PORT_Assert(!sftk_self_tests_success);
sftk_self_tests_ran = PR_TRUE;
sftk_self_tests_success = PR_FALSE; /* just in case */
/* need to initiallize the oid library before the RSA tests */
rv = SECOID_Init();
if (rv != SECSuccess) {
return;
}
/* make sure freebl is initialized, or our RSA check
* may fail. This is normally done at freebl load time, but it's
* possible we may have shut freebl down without unloading it. */
rv = BL_Init();
if (rv != SECSuccess) {
return;
}
rv = RNG_RNGInit();
if (rv != SECSuccess) {
return;
}
/* check the RSA combined functions in softoken */
rv = sftk_fips_RSA_PowerUpSelfTest();
if (rv != SECSuccess) {
return;
}
if (!BLAPI_SHVerify(libraryName,
(PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) {
/* something is wrong with the library, fail without enabling
* the token */
return;
}
sftk_self_tests_success = PR_TRUE;
}
static SECStatus
sftkdbLoad_Legacy(PRBool isFIPS)
{
PRLibrary *lib = NULL;
LGSetCryptFunc setCryptFunction = NULL;
if (legacy_glue_lib) {
/* this check is necessary because it's possible we loaded the
* legacydb to read secmod.db, which told us whether we were in
* FIPS mode or not. */
if (isFIPS && !legacy_glue_libCheckSucceeded) {
if (legacy_glue_libCheckFailed ||
!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
legacy_glue_libCheckFailed = PR_TRUE;
/* don't clobber legacy glue to avoid race. just let it
* get cleared in shutdown */
return SECFailure;
}
legacy_glue_libCheckSucceeded = PR_TRUE;
}
return SECSuccess;
}
#ifdef NSS_STATIC
#ifdef NSS_DISABLE_DBM
return SECFailure;
#else
lib = (PRLibrary *) 0x8;
legacy_glue_open = legacy_Open;
legacy_glue_readSecmod = legacy_ReadSecmodDB;
legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
legacy_glue_addSecmod = legacy_AddSecmodDB;
legacy_glue_shutdown = legacy_Shutdown;
setCryptFunction = legacy_SetCryptFunctions;
#endif
#else
lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
if (lib == NULL) {
return SECFailure;
}
legacy_glue_open = (LGOpenFunc)PR_FindFunctionSymbol(lib, "legacy_Open");
legacy_glue_readSecmod = (LGReadSecmodFunc) PR_FindFunctionSymbol(lib,
"legacy_ReadSecmodDB");
legacy_glue_releaseSecmod = (LGReleaseSecmodFunc) PR_FindFunctionSymbol(lib,
"legacy_ReleaseSecmodDBData");
legacy_glue_deleteSecmod = (LGDeleteSecmodFunc) PR_FindFunctionSymbol(lib,
"legacy_DeleteSecmodDB");
legacy_glue_addSecmod = (LGAddSecmodFunc)PR_FindFunctionSymbol(lib,
"legacy_AddSecmodDB");
legacy_glue_shutdown = (LGShutdownFunc) PR_FindFunctionSymbol(lib,
"legacy_Shutdown");
setCryptFunction = (LGSetCryptFunc) PR_FindFunctionSymbol(lib,
"legacy_SetCryptFunctions");
if (!legacy_glue_open || !legacy_glue_readSecmod ||
!legacy_glue_releaseSecmod || !legacy_glue_deleteSecmod ||
!legacy_glue_addSecmod || !setCryptFunction) {
PR_UnloadLibrary(lib);
return SECFailure;
}
#endif /* NSS_STATIC */
/* verify the loaded library if we are in FIPS mode */
if (isFIPS) {
if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
#ifndef NSS_STATIC
PR_UnloadLibrary(lib);
#endif
return SECFailure;
}
legacy_glue_libCheckSucceeded = PR_TRUE;
}
setCryptFunction(sftkdb_encrypt_stub,sftkdb_decrypt_stub);
legacy_glue_lib = lib;
return SECSuccess;
}
