diff options
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11pars.c | 43 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11util.c | 34 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmod.h | 6 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodi.h | 1 |
4 files changed, 75 insertions, 9 deletions
diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index 4e137be03..06cdb69f3 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -272,6 +272,9 @@ SECMOD_FreeModuleSpecList(SECMODModule *parent, char **moduleSpecList) return SECSuccess; } +/* internal function that loads a PKCS#11 module but does not add it to the + default NSS trust domain */ + SECMODModule * SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) { @@ -349,3 +352,43 @@ loser: } return module; } + +/* exported function that loads a PKCS#11 module and adds it to the default + NSS trust domain */ + +SECMODModule * +SECMOD_LoadUserModule(char *modulespec,SECMODModule *parent, PRBool recurse) +{ + SECStatus rv = SECSuccess; + SECMODModule * newmod = SECMOD_LoadModule(modulespec, parent, recurse); + if (newmod) + { + rv = STAN_AddModuleToDefaultTrustDomain(newmod); + if (SECSuccess != rv) + { + SECMOD_DestroyModule(newmod); + return NULL; + } + } + return newmod; +} + +/* exported call that removes the PKCS#11 module from the default NSS trust + domain, call C_Finalize, and destroy the module structure */ + +SECStatus SECMOD_UnloadUserModule(SECMODModule *mod) +{ + SECStatus rv = SECSuccess; + int atype = 0; + if (!mod) + { + return SECFailure; + } + rv = STAN_AddModuleToDefaultTrustDomain(mod); + if (SECSuccess != rv) + { + return SECFailure; + } + return SECMOD_DeleteModuleEx(NULL, mod, &atype, PR_FALSE); +} + diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 04feb3059..92e14816c 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -224,12 +224,13 @@ PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID moduleID,CK_SLOT_ID slotID) { return NULL; } - /* - * find a module by name and delete it of the module list + * find a module by name or module pointer, and delete it off the module list + * optionally remove it from secmod.db */ + SECStatus -SECMOD_DeleteModule(char *name, int *type) { +SECMOD_DeleteModuleEx(char * name, SECMODModule *mod, int *type, PRBool permdb) { SECMODModuleList *mlp; SECMODModuleList **mlpp; SECStatus rv = SECFailure; @@ -240,7 +241,8 @@ SECMOD_DeleteModule(char *name, int *type) { SECMOD_GetWriteLock(moduleLock); for(mlpp = &modules,mlp = modules; mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) { - if (PORT_Strcmp(name,mlp->module->commonName) == 0) { + if ( ( name && (PORT_Strcmp(name,mlp->module->commonName) == 0) ) || + mod == mlp->module ) { /* don't delete the internal module */ if (!mlp->module->internal) { SECMOD_RemoveList(mlpp,mlp); @@ -256,9 +258,10 @@ SECMOD_DeleteModule(char *name, int *type) { } SECMOD_ReleaseWriteLock(moduleLock); - if (rv == SECSuccess) { - SECMOD_DeletePermDB(mlp->module); + if (permdb) { + SECMOD_DeletePermDB(mlp->module); + } SECMOD_DestroyModuleListElement(mlp); } return rv; @@ -268,6 +271,14 @@ SECMOD_DeleteModule(char *name, int *type) { * find a module by name and delete it of the module list */ SECStatus +SECMOD_DeleteModule(char *name, int *type) { + return SECMOD_DeleteModuleEx(name, NULL, type, PR_TRUE); +} + +/* + * find a module by name and delete it of the module list + */ +SECStatus SECMOD_DeleteInternalModule(char *name) { SECMODModuleList *mlp; SECMODModuleList **mlpp; @@ -329,7 +340,7 @@ SECMOD_DeleteInternalModule(char *name) { } SECStatus -SECMOD_AddModule(SECMODModule *newModule) { +SECMOD_AddModuleEx(SECMODModule *newModule, PRBool permdb) { SECStatus rv; SECMODModule *oldModule; @@ -353,7 +364,9 @@ SECMOD_AddModule(SECMODModule *newModule) { newModule->parent = SECMOD_ReferenceModule(defaultDBModule); } - SECMOD_AddPermDB(newModule); + if (permdb) { + SECMOD_AddPermDB(newModule); + } SECMOD_AddModuleToList(newModule); rv = STAN_AddModuleToDefaultTrustDomain(newModule); @@ -361,6 +374,11 @@ SECMOD_AddModule(SECMODModule *newModule) { return rv; } +SECStatus +SECMOD_AddModule(SECMODModule *newModule) { + return SECMOD_AddModuleEx(newModule, PR_TRUE); +} + PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name) { int i; char *string; diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 51920dbb9..f147fda43 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -81,8 +81,11 @@ SEC_BEGIN_PROTOS */ /* Initialization */ -extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent, +extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec,SECMODModule *parent, PRBool recurse); + +SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); + SECMODModule * SECMOD_CreateModule(char *lib, char *name, char *param, char *nss); extern void SECMOD_Shutdown(void); @@ -91,6 +94,7 @@ extern void SECMOD_Shutdown(void); /* Module Management */ char **SECMOD_GetModuleSpecList(SECMODModule *module); SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module,char **moduleSpecList); + /* protoypes */ extern SECMODModuleList *SECMOD_GetDefaultModuleList(void); diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h index 685af1c2f..9e78addb4 100644 --- a/security/nss/lib/pk11wrap/secmodi.h +++ b/security/nss/lib/pk11wrap/secmodi.h @@ -74,6 +74,7 @@ extern SECMODModuleList *SECMOD_NewModuleListElement(void); extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *); extern void SECMOD_DestroyModuleList(SECMODModuleList *); extern SECStatus SECMOD_AddModule(SECMODModule *newModule); +SECStatus SECMOD_DeleteModuleEx(char * name, SECMODModule *mod, int *type, PRBool permdb); extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags); |