/* installs the PKCS11 module & update registry */
SECStatus
SECMOD_AddNewModuleEx(const char* moduleName, const char* dllPath,
unsigned long defaultMechanismFlags,
unsigned long cipherEnableFlags,
char* modparms, char* nssparms)
{
SECMODModule *module;
SECStatus result = SECFailure;
int s,i;
PK11SlotInfo* slot;
PR_SetErrorText(0, NULL);
if (!moduleLock) {
PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
return result;
}
module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms);
if (module == NULL) {
return result;
}
if (module->dllName != NULL) {
if (module->dllName[0] != 0) {
result = SECMOD_AddModule(module);
if (result == SECSuccess) {
/* turn on SSL cipher enable flags */
module->ssl[0] = cipherEnableFlags;
SECMOD_GetReadLock(moduleLock);
/* check each slot to turn on appropriate mechanisms */
for (s = 0; s < module->slotCount; s++) {
slot = (module->slots)[s];
/* for each possible mechanism */
for (i=0; i < num_pk11_default_mechanisms; i++) {
/* we are told to turn it on by default ? */
PRBool add =
(PK11_DefaultArray[i].flag & defaultMechanismFlags) ?
PR_TRUE: PR_FALSE;
result = PK11_UpdateSlotAttribute(slot,
&(PK11_DefaultArray[i]), add);
} /* for each mechanism */
/* disable each slot if the defaultFlags say so */
if (defaultMechanismFlags & PK11_DISABLE_FLAG) {
PK11_UserDisableSlot(slot);
}
} /* for each slot of this module */
SECMOD_ReleaseReadLock(moduleLock);
/* delete and re-add module in order to save changes
* to the module */
result = SECMOD_UpdateModule(module);
}
}
}
SECMOD_DestroyModule(module);
return result;
}
/*
* find a module by name and delete it off the module list
*/
SECStatus
SECMOD_DeleteInternalModule(const char *name)
{
SECMODModuleList *mlp;
SECMODModuleList **mlpp;
SECStatus rv = SECFailure;
if (pendingModule) {
PORT_SetError(SEC_ERROR_MODULE_STUCK);
return rv;
}
if (!moduleLock) {
PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
return rv;
}
SECMOD_GetWriteLock(moduleLock);
for(mlpp = &modules,mlp = modules;
mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
/* don't delete the internal module */
if (mlp->module->internal) {
SECMOD_RemoveList(mlpp,mlp);
rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
}
break;
}
}
SECMOD_ReleaseWriteLock(moduleLock);
if (rv == SECSuccess) {
SECMODModule *newModule,*oldModule;
if (mlp->module->isFIPS) {
newModule = SECMOD_CreateModule(NULL, SECMOD_INT_NAME,
NULL, SECMOD_INT_FLAGS);
} else {
newModule = SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME,
NULL, SECMOD_FIPS_FLAGS);
}
if (newModule) {
PK11SlotInfo *slot;
newModule->libraryParams =
PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams);
/* if an explicit internal key slot has been set, reset it */
slot = pk11_SwapInternalKeySlot(NULL);
if (slot) {
secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
}
rv = SECMOD_AddModule(newModule);
if (rv != SECSuccess) {
/* load failed, restore the internal key slot */
pk11_SetInternalKeySlot(slot);
SECMOD_DestroyModule(newModule);
newModule = NULL;
}
/* free the old explicit internal key slot, we now have a new one */
if (slot) {
PK11_FreeSlot(slot);
}
}
if (newModule == NULL) {
SECMODModuleList *last = NULL,*mlp2;
/* we're in pretty deep trouble if this happens...Security
* not going to work well... try to put the old module back on
* the list */
SECMOD_GetWriteLock(moduleLock);
for(mlp2 = modules; mlp2 != NULL; mlp2 = mlp->next) {
last = mlp2;
}
if (last == NULL) {
modules = mlp;
} else {
SECMOD_AddList(last,mlp,NULL);
}
SECMOD_ReleaseWriteLock(moduleLock);
return SECFailure;
}
pendingModule = oldModule = internalModule;
internalModule = NULL;
SECMOD_DestroyModule(oldModule);
SECMOD_DeletePermDB(mlp->module);
SECMOD_DestroyModuleListElement(mlp);
internalModule = newModule; /* adopt the module */
}
return rv;
}