|
|
dc0051 |
diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c
|
|
|
dc0051 |
--- a/cmd/bltest/blapitest.c
|
|
|
dc0051 |
+++ b/cmd/bltest/blapitest.c
|
|
|
dc0051 |
@@ -3870,17 +3870,17 @@ main(int argc, char **argv)
|
|
|
dc0051 |
rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
|
|
|
dc0051 |
encrypt, decrypt);
|
|
|
dc0051 |
PORT_Free(cipherInfo);
|
|
|
dc0051 |
return rv == SECSuccess ? 0 : 1;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
/* Do FIPS self-test */
|
|
|
dc0051 |
if (bltest.commands[cmd_FIPS].activated) {
|
|
|
dc0051 |
- CK_RV ckrv = sftk_FIPSEntryOK();
|
|
|
dc0051 |
+ CK_RV ckrv = sftk_FIPSEntryOK(PR_FALSE);
|
|
|
dc0051 |
fprintf(stdout, "CK_RV: %ld.\n", ckrv);
|
|
|
dc0051 |
PORT_Free(cipherInfo);
|
|
|
dc0051 |
if (ckrv == CKR_OK)
|
|
|
dc0051 |
return SECSuccess;
|
|
|
dc0051 |
return SECFailure;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
diff --git a/cmd/pk11mode/pk11mode.c b/cmd/pk11mode/pk11mode.c
|
|
|
dc0051 |
--- a/cmd/pk11mode/pk11mode.c
|
|
|
dc0051 |
+++ b/cmd/pk11mode/pk11mode.c
|
|
|
dc0051 |
@@ -318,23 +318,25 @@ static PRBool verbose = PR_FALSE;
|
|
|
dc0051 |
|
|
|
dc0051 |
int
|
|
|
dc0051 |
main(int argc, char **argv)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
CK_C_GetFunctionList pC_GetFunctionList;
|
|
|
dc0051 |
CK_FUNCTION_LIST_PTR pFunctionList;
|
|
|
dc0051 |
CK_RV crv = CKR_OK;
|
|
|
dc0051 |
CK_C_INITIALIZE_ARGS_NSS initArgs;
|
|
|
dc0051 |
+ CK_C_INITIALIZE_ARGS_NSS initArgsRerun; /* rerun selftests */
|
|
|
dc0051 |
CK_SLOT_ID *pSlotList = NULL;
|
|
|
dc0051 |
CK_TOKEN_INFO tokenInfo;
|
|
|
dc0051 |
CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */
|
|
|
dc0051 |
|
|
|
dc0051 |
CK_UTF8CHAR *pwd = NULL;
|
|
|
dc0051 |
CK_ULONG pwdLen = 0;
|
|
|
dc0051 |
char *moduleSpec = NULL;
|
|
|
dc0051 |
+ char *moduleSpecRerun = NULL;
|
|
|
dc0051 |
char *configDir = NULL;
|
|
|
dc0051 |
char *dbPrefix = NULL;
|
|
|
dc0051 |
char *disableUnload = NULL;
|
|
|
dc0051 |
PRBool doForkTests = PR_TRUE;
|
|
|
dc0051 |
|
|
|
dc0051 |
PLOptStatus os;
|
|
|
dc0051 |
PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
|
|
|
dc0051 |
while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) {
|
|
|
dc0051 |
@@ -458,18 +460,23 @@ main(int argc, char **argv)
|
|
|
dc0051 |
initArgs.CreateMutex = NULL;
|
|
|
dc0051 |
initArgs.DestroyMutex = NULL;
|
|
|
dc0051 |
initArgs.LockMutex = NULL;
|
|
|
dc0051 |
initArgs.UnlockMutex = NULL;
|
|
|
dc0051 |
initArgs.flags = CKF_OS_LOCKING_OK;
|
|
|
dc0051 |
moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
|
|
|
dc0051 |
"keyPrefix='%s' secmod='secmod.db' flags= ",
|
|
|
dc0051 |
configDir, dbPrefix, dbPrefix);
|
|
|
dc0051 |
+ moduleSpecRerun = PR_smprintf("configdir='%s' certPrefix='%s' "
|
|
|
dc0051 |
+ "keyPrefix='%s' secmod='secmod.db' flags=forcePOST ",
|
|
|
dc0051 |
+ configDir, dbPrefix, dbPrefix);
|
|
|
dc0051 |
initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
|
|
|
dc0051 |
initArgs.pReserved = NULL;
|
|
|
dc0051 |
+ initArgsRerun = initArgs;
|
|
|
dc0051 |
+ initArgsRerun.LibraryParameters = (CK_CHAR_PTR *)moduleSpecRerun;
|
|
|
dc0051 |
|
|
|
dc0051 |
/*DebugBreak();*/
|
|
|
dc0051 |
/* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */
|
|
|
dc0051 |
/* NSS cryptographic module library initialization for the FIPS */
|
|
|
dc0051 |
/* Approved mode when FC_Initialize is envoked will perfom */
|
|
|
dc0051 |
/* software integrity test, and power-up self-tests before */
|
|
|
dc0051 |
/* FC_Initialize returns */
|
|
|
dc0051 |
crv = pFunctionList->C_Initialize(&initArgs);
|
|
|
dc0051 |
@@ -705,17 +712,17 @@ main(int argc, char **argv)
|
|
|
dc0051 |
PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
|
|
|
dc0051 |
PKM_CK_RVtoStr(crv));
|
|
|
dc0051 |
goto cleanup;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
if (doForkTests) {
|
|
|
dc0051 |
/* testing one more C_Initialize / C_Finalize to exercise getpid()
|
|
|
dc0051 |
* fork check code */
|
|
|
dc0051 |
- crv = pFunctionList->C_Initialize(&initArgs);
|
|
|
dc0051 |
+ crv = pFunctionList->C_Initialize(&initArgsRerun);
|
|
|
dc0051 |
if (crv == CKR_OK) {
|
|
|
dc0051 |
PKM_LogIt("C_Initialize succeeded\n");
|
|
|
dc0051 |
} else {
|
|
|
dc0051 |
PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
|
|
|
dc0051 |
PKM_CK_RVtoStr(crv));
|
|
|
dc0051 |
goto cleanup;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
crv = pFunctionList->C_Finalize(NULL);
|
|
|
dc0051 |
@@ -741,16 +748,19 @@ cleanup:
|
|
|
dc0051 |
free(configDir);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
if (dbPrefix) {
|
|
|
dc0051 |
free(dbPrefix);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
if (moduleSpec) {
|
|
|
dc0051 |
PR_smprintf_free(moduleSpec);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
+ if (moduleSpecRerun) {
|
|
|
dc0051 |
+ PR_smprintf_free(moduleSpecRerun);
|
|
|
dc0051 |
+ }
|
|
|
dc0051 |
|
|
|
dc0051 |
#ifdef _WIN32
|
|
|
dc0051 |
FreeLibrary(hModule);
|
|
|
dc0051 |
#else
|
|
|
dc0051 |
disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
|
|
|
dc0051 |
if (!disableUnload) {
|
|
|
dc0051 |
PR_UnloadLibrary(lib);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
diff --git a/lib/freebl/blapii.h b/lib/freebl/blapii.h
|
|
|
dc0051 |
--- a/lib/freebl/blapii.h
|
|
|
dc0051 |
+++ b/lib/freebl/blapii.h
|
|
|
dc0051 |
@@ -24,17 +24,17 @@ typedef SECStatus (*freeblAeadFunc)(void
|
|
|
dc0051 |
void *params, unsigned int paramsLen,
|
|
|
dc0051 |
const unsigned char *aad, unsigned int aadLen,
|
|
|
dc0051 |
unsigned int blocksize);
|
|
|
dc0051 |
typedef void (*freeblDestroyFunc)(void *cx, PRBool freeit);
|
|
|
dc0051 |
|
|
|
dc0051 |
SEC_BEGIN_PROTOS
|
|
|
dc0051 |
|
|
|
dc0051 |
#ifndef NSS_FIPS_DISABLED
|
|
|
dc0051 |
-SECStatus BL_FIPSEntryOK(PRBool freeblOnly);
|
|
|
dc0051 |
+SECStatus BL_FIPSEntryOK(PRBool freeblOnly, PRBool rerun);
|
|
|
dc0051 |
PRBool BL_POSTRan(PRBool freeblOnly);
|
|
|
dc0051 |
#endif
|
|
|
dc0051 |
|
|
|
dc0051 |
#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
|
|
|
dc0051 |
|
|
|
dc0051 |
extern PRBool bl_parentForkedAfterC_Initialize;
|
|
|
dc0051 |
|
|
|
dc0051 |
#define SKIP_AFTER_FORK(x) \
|
|
|
dc0051 |
diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h
|
|
|
dc0051 |
--- a/lib/freebl/blapit.h
|
|
|
dc0051 |
+++ b/lib/freebl/blapit.h
|
|
|
dc0051 |
@@ -223,16 +223,21 @@ typedef int __BLAPI_DEPRECATED __attribu
|
|
|
dc0051 |
*
|
|
|
dc0051 |
* If we arbitrarily set p = 10^-18 (1 chance in trillion trillion operation)
|
|
|
dc0051 |
* we get GCMIV_RANDOM_BIRTHDAY_BITS = -(-18)/.301 -1 = 59 (.301 = log10 2)
|
|
|
dc0051 |
* GCMIV_RANDOM_BIRTHDAY_BITS should be at least 59, call it a round 64. NOTE:
|
|
|
dc0051 |
* the variable IV size for TLS is 64 bits, which explains why it's not safe
|
|
|
dc0051 |
* to use a random value for the nonce in TLS. */
|
|
|
dc0051 |
#define GCMIV_RANDOM_BIRTHDAY_BITS 64
|
|
|
dc0051 |
|
|
|
dc0051 |
+/* flag to tell BLAPI_Verify* to rerun the post and integrity tests */
|
|
|
dc0051 |
+#define BLAPI_FIPS_RERUN_FLAG '\377' /* 0xff, 255 invalide code for UFT8/ASCII */
|
|
|
dc0051 |
+#define BLAPI_FIPS_RERUN_FLAG_STRING "\377" /* The above as a C string */
|
|
|
dc0051 |
+
|
|
|
dc0051 |
+
|
|
|
dc0051 |
/***************************************************************************
|
|
|
dc0051 |
** Opaque objects
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
|
|
|
dc0051 |
struct DESContextStr;
|
|
|
dc0051 |
struct RC2ContextStr;
|
|
|
dc0051 |
struct RC4ContextStr;
|
|
|
dc0051 |
struct RC5ContextStr;
|
|
|
dc0051 |
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
|
|
|
dc0051 |
--- a/lib/freebl/fipsfreebl.c
|
|
|
dc0051 |
+++ b/lib/freebl/fipsfreebl.c
|
|
|
dc0051 |
@@ -2211,29 +2211,37 @@ bl_startup_tests(void)
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
* this is called from the freebl init entry points that controll access to
|
|
|
dc0051 |
* all other freebl functions. This prevents freebl from operating if our
|
|
|
dc0051 |
* power on selftest failed.
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
SECStatus
|
|
|
dc0051 |
-BL_FIPSEntryOK(PRBool freebl_only)
|
|
|
dc0051 |
+BL_FIPSEntryOK(PRBool freebl_only, PRBool rerun)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
#ifdef NSS_NO_INIT_SUPPORT
|
|
|
dc0051 |
/* this should only be set on platforms that can't handle one of the INIT
|
|
|
dc0051 |
* schemes. This code allows those platforms to continue to function,
|
|
|
dc0051 |
* though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
|
|
|
dc0051 |
* is not set, and init support has not been properly enabled, freebl
|
|
|
dc0051 |
* will always fail because of the test below
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
if (!self_tests_freebl_ran) {
|
|
|
dc0051 |
bl_startup_tests();
|
|
|
dc0051 |
}
|
|
|
dc0051 |
#endif
|
|
|
dc0051 |
+ if (rerun) {
|
|
|
dc0051 |
+ /* reset the flags */
|
|
|
dc0051 |
+ self_tests_freebl_ran = PR_FALSE;
|
|
|
dc0051 |
+ self_tests_success = PR_FALSE;
|
|
|
dc0051 |
+ self_tests_success = PR_FALSE;
|
|
|
dc0051 |
+ self_tests_freebl_success = PR_FALSE;
|
|
|
dc0051 |
+ bl_startup_tests();
|
|
|
dc0051 |
+ }
|
|
|
dc0051 |
/* if the general self tests succeeded, we're done */
|
|
|
dc0051 |
if (self_tests_success) {
|
|
|
dc0051 |
return SECSuccess;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
/* standalone freebl can initialize */
|
|
|
dc0051 |
if (freebl_only && self_tests_freebl_success) {
|
|
|
dc0051 |
return SECSuccess;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c
|
|
|
dc0051 |
--- a/lib/freebl/nsslowhash.c
|
|
|
dc0051 |
+++ b/lib/freebl/nsslowhash.c
|
|
|
dc0051 |
@@ -55,17 +55,17 @@ NSSLOW_Init(void)
|
|
|
dc0051 |
#ifdef FREEBL_NO_DEPEND
|
|
|
dc0051 |
(void)FREEBL_InitStubs();
|
|
|
dc0051 |
#endif
|
|
|
dc0051 |
|
|
|
dc0051 |
#ifndef NSS_FIPS_DISABLED
|
|
|
dc0051 |
/* make sure the FIPS product is installed if we are trying to
|
|
|
dc0051 |
* go into FIPS mode */
|
|
|
dc0051 |
if (nsslow_GetFIPSEnabled()) {
|
|
|
dc0051 |
- if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
|
|
|
dc0051 |
+ if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
|
|
|
dc0051 |
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
|
dc0051 |
post_failed = PR_TRUE;
|
|
|
dc0051 |
return NULL;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
}
|
|
|
dc0051 |
#endif
|
|
|
dc0051 |
post_failed = PR_FALSE;
|
|
|
dc0051 |
|
|
|
dc0051 |
diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
|
|
|
dc0051 |
--- a/lib/freebl/shvfy.c
|
|
|
dc0051 |
+++ b/lib/freebl/shvfy.c
|
|
|
dc0051 |
@@ -282,52 +282,62 @@ readItem(PRFileDesc *fd, SECItem *item)
|
|
|
dc0051 |
PORT_Free(item->data);
|
|
|
dc0051 |
item->data = NULL;
|
|
|
dc0051 |
item->len = 0;
|
|
|
dc0051 |
return SECFailure;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
return SECSuccess;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
-static PRBool blapi_SHVerifyFile(const char *shName, PRBool self);
|
|
|
dc0051 |
+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun);
|
|
|
dc0051 |
|
|
|
dc0051 |
static PRBool
|
|
|
dc0051 |
-blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self)
|
|
|
dc0051 |
+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
PRBool result = PR_FALSE; /* if anything goes wrong,
|
|
|
dc0051 |
* the signature does not verify */
|
|
|
dc0051 |
/* find our shared library name */
|
|
|
dc0051 |
char *shName = PR_GetLibraryFilePathname(name, addr);
|
|
|
dc0051 |
if (!shName) {
|
|
|
dc0051 |
goto loser;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
- result = blapi_SHVerifyFile(shName, self);
|
|
|
dc0051 |
+ result = blapi_SHVerifyFile(shName, self, rerun);
|
|
|
dc0051 |
|
|
|
dc0051 |
loser:
|
|
|
dc0051 |
if (shName != NULL) {
|
|
|
dc0051 |
PR_Free(shName);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
return result;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
PRBool
|
|
|
dc0051 |
BLAPI_SHVerify(const char *name, PRFuncPtr addr)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
- return blapi_SHVerify(name, addr, PR_FALSE);
|
|
|
dc0051 |
+ PRBool rerun = PR_FALSE;
|
|
|
dc0051 |
+ if (name && *name == BLAPI_FIPS_RERUN_FLAG) {
|
|
|
dc0051 |
+ name++;
|
|
|
dc0051 |
+ rerun = PR_TRUE;
|
|
|
dc0051 |
+ }
|
|
|
dc0051 |
+ return blapi_SHVerify(name, addr, PR_FALSE, rerun);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
PRBool
|
|
|
dc0051 |
BLAPI_SHVerifyFile(const char *shName)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
- return blapi_SHVerifyFile(shName, PR_FALSE);
|
|
|
dc0051 |
+ PRBool rerun = PR_FALSE;
|
|
|
dc0051 |
+ if (shName && *shName == BLAPI_FIPS_RERUN_FLAG) {
|
|
|
dc0051 |
+ shName++;
|
|
|
dc0051 |
+ rerun = PR_TRUE;
|
|
|
dc0051 |
+ }
|
|
|
dc0051 |
+ return blapi_SHVerifyFile(shName, PR_FALSE, rerun);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
static PRBool
|
|
|
dc0051 |
-blapi_SHVerifyFile(const char *shName, PRBool self)
|
|
|
dc0051 |
+blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
char *checkName = NULL;
|
|
|
dc0051 |
PRFileDesc *checkFD = NULL;
|
|
|
dc0051 |
PRFileDesc *shFD = NULL;
|
|
|
dc0051 |
void *hashcx = NULL;
|
|
|
dc0051 |
const SECHashObject *hashObj = NULL;
|
|
|
dc0051 |
SECItem signature = { 0, NULL, 0 };
|
|
|
dc0051 |
SECItem hash;
|
|
|
dc0051 |
@@ -346,17 +356,17 @@ blapi_SHVerifyFile(const char *shName, P
|
|
|
dc0051 |
unsigned char hashBuf[HASH_LENGTH_MAX];
|
|
|
dc0051 |
|
|
|
dc0051 |
PORT_Memset(&key, 0, sizeof(key));
|
|
|
dc0051 |
hash.data = hashBuf;
|
|
|
dc0051 |
hash.len = sizeof(hashBuf);
|
|
|
dc0051 |
|
|
|
dc0051 |
/* If our integrity check was never ran or failed, fail any other
|
|
|
dc0051 |
* integrity checks to prevent any token going into FIPS mode. */
|
|
|
dc0051 |
- if (!self && (BL_FIPSEntryOK(PR_FALSE) != SECSuccess)) {
|
|
|
dc0051 |
+ if (!self && (BL_FIPSEntryOK(PR_FALSE, rerun) != SECSuccess)) {
|
|
|
dc0051 |
return PR_FALSE;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
if (!shName) {
|
|
|
dc0051 |
goto loser;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
/* figure out the name of our check file */
|
|
|
dc0051 |
@@ -536,17 +546,17 @@ BLAPI_VerifySelf(const char *name)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
if (name == NULL) {
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
* If name is NULL, freebl is statically linked into softoken.
|
|
|
dc0051 |
* softoken will call BLAPI_SHVerify next to verify itself.
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
return PR_TRUE;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
|
|
|
dc0051 |
+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
#else /* NSS_FIPS_DISABLED */
|
|
|
dc0051 |
|
|
|
dc0051 |
PRBool
|
|
|
dc0051 |
BLAPI_SHVerifyFile(const char *shName)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
return PR_FALSE;
|
|
|
dc0051 |
diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
|
|
|
dc0051 |
--- a/lib/softoken/fipstest.c
|
|
|
dc0051 |
+++ b/lib/softoken/fipstest.c
|
|
|
dc0051 |
@@ -684,22 +684,25 @@ sftk_fips_HKDF_PowerUpSelfTest(void)
|
|
|
dc0051 |
|
|
|
dc0051 |
static PRBool sftk_self_tests_ran = PR_FALSE;
|
|
|
dc0051 |
static PRBool sftk_self_tests_success = PR_FALSE;
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
* This function is called at dll load time, the code tha makes this
|
|
|
dc0051 |
* happen is platform specific on defined above.
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
-static void
|
|
|
dc0051 |
-sftk_startup_tests(void)
|
|
|
dc0051 |
+void sftk_startup_tests_with_rerun(PRBool rerun)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
SECStatus rv;
|
|
|
dc0051 |
- const char *libraryName = SOFTOKEN_LIB_NAME;
|
|
|
dc0051 |
-
|
|
|
dc0051 |
+ /*const char *nlibraryName = SOFTOKEN_LIB_NAME;
|
|
|
dc0051 |
+ const char *rlibraryName = BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME; */
|
|
|
dc0051 |
+ const char *libraryName = rerun ?
|
|
|
dc0051 |
+ BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME :
|
|
|
dc0051 |
+ SOFTOKEN_LIB_NAME;
|
|
|
dc0051 |
+
|
|
|
dc0051 |
PORT_Assert(!sftk_self_tests_ran);
|
|
|
dc0051 |
PORT_Assert(!sftk_self_tests_success);
|
|
|
dc0051 |
sftk_self_tests_ran = PR_TRUE;
|
|
|
dc0051 |
sftk_self_tests_success = PR_FALSE; /* just in case */
|
|
|
dc0051 |
|
|
|
dc0051 |
/* need to initiallize the oid library before the RSA tests */
|
|
|
dc0051 |
rv = SECOID_Init();
|
|
|
dc0051 |
if (rv != SECSuccess) {
|
|
|
dc0051 |
@@ -746,35 +749,46 @@ sftk_startup_tests(void)
|
|
|
dc0051 |
rv = sftk_fips_pbkdf_PowerUpSelfTests();
|
|
|
dc0051 |
if (rv != SECSuccess) {
|
|
|
dc0051 |
return;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
sftk_self_tests_success = PR_TRUE;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
+static void
|
|
|
dc0051 |
+sftk_startup_tests(void)
|
|
|
dc0051 |
+{
|
|
|
dc0051 |
+ sftk_startup_tests_with_rerun(PR_FALSE);
|
|
|
dc0051 |
+}
|
|
|
dc0051 |
+
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
* this is called from nsc_Common_Initizialize entry points that gates access
|
|
|
dc0051 |
* to * all other pkcs11 functions. This prevents softoken operation if our
|
|
|
dc0051 |
* power on selftest failed.
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
CK_RV
|
|
|
dc0051 |
-sftk_FIPSEntryOK()
|
|
|
dc0051 |
+sftk_FIPSEntryOK(PRBool rerun)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
#ifdef NSS_NO_INIT_SUPPORT
|
|
|
dc0051 |
/* this should only be set on platforms that can't handle one of the INIT
|
|
|
dc0051 |
* schemes. This code allows those platforms to continue to function,
|
|
|
dc0051 |
* though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
|
|
|
dc0051 |
* is not set, and init support has not been properly enabled, softken
|
|
|
dc0051 |
* will always fail because of the test below
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
if (!sftk_self_tests_ran) {
|
|
|
dc0051 |
sftk_startup_tests();
|
|
|
dc0051 |
}
|
|
|
dc0051 |
#endif
|
|
|
dc0051 |
+ if (rerun) {
|
|
|
dc0051 |
+ sftk_self_tests_ran = PR_FALSE;
|
|
|
dc0051 |
+ sftk_self_tests_success = PR_FALSE;
|
|
|
dc0051 |
+ sftk_startup_tests_with_rerun(PR_TRUE);
|
|
|
dc0051 |
+ }
|
|
|
dc0051 |
if (!sftk_self_tests_success) {
|
|
|
dc0051 |
return CKR_DEVICE_ERROR;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
return CKR_OK;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
#else
|
|
|
dc0051 |
#include "pkcs11t.h"
|
|
|
dc0051 |
CK_RV
|
|
|
dc0051 |
diff --git a/lib/softoken/fipstokn.c b/lib/softoken/fipstokn.c
|
|
|
dc0051 |
--- a/lib/softoken/fipstokn.c
|
|
|
dc0051 |
+++ b/lib/softoken/fipstokn.c
|
|
|
dc0051 |
@@ -524,25 +524,32 @@ fc_log_init_error(CK_RV crv)
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
/* FC_Initialize initializes the PKCS #11 library. */
|
|
|
dc0051 |
CK_RV
|
|
|
dc0051 |
FC_Initialize(CK_VOID_PTR pReserved)
|
|
|
dc0051 |
{
|
|
|
dc0051 |
const char *envp;
|
|
|
dc0051 |
CK_RV crv;
|
|
|
dc0051 |
+ PRBool rerun;
|
|
|
dc0051 |
|
|
|
dc0051 |
if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) {
|
|
|
dc0051 |
sftk_audit_enabled = (atoi(envp) == 1);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
+ /* if we have the forcePOST flag on, rerun the integrity checks */
|
|
|
dc0051 |
+ /* we need to know this before we fully parse the arguments in
|
|
|
dc0051 |
+ * nsc_CommonInitialize, so read it now */
|
|
|
dc0051 |
+ rerun = sftk_RawArgHasFlag("flags", "forcePost", pReserved);
|
|
|
dc0051 |
+
|
|
|
dc0051 |
/* At this point we should have already done post and integrity checks.
|
|
|
dc0051 |
* if we haven't, it probably means the FIPS product has not been installed
|
|
|
dc0051 |
- * or the tests failed. Don't let an application try to enter FIPS mode */
|
|
|
dc0051 |
- crv = sftk_FIPSEntryOK();
|
|
|
dc0051 |
+ * or the tests failed. Don't let an application try to enter FIPS mode. This
|
|
|
dc0051 |
+ * also forces the tests to be rerun if forcePOST is set. */
|
|
|
dc0051 |
+ crv = sftk_FIPSEntryOK(rerun);
|
|
|
dc0051 |
if (crv != CKR_OK) {
|
|
|
dc0051 |
sftk_fatalError = PR_TRUE;
|
|
|
dc0051 |
fc_log_init_error(crv);
|
|
|
dc0051 |
return crv;
|
|
|
dc0051 |
}
|
|
|
dc0051 |
|
|
|
dc0051 |
sftk_ForkReset(pReserved, &crv;;
|
|
|
dc0051 |
|
|
|
dc0051 |
diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h
|
|
|
dc0051 |
--- a/lib/softoken/pkcs11i.h
|
|
|
dc0051 |
+++ b/lib/softoken/pkcs11i.h
|
|
|
dc0051 |
@@ -869,16 +869,17 @@ extern CK_RV sftk_MechAllowsOperation(CK
|
|
|
dc0051 |
* acquiring a reference to the keydb from the slot */
|
|
|
dc0051 |
NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
* parameter parsing functions
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS);
|
|
|
dc0051 |
void sftk_freeParams(sftk_parameters *params);
|
|
|
dc0051 |
+PRBool sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved);
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
* narrow objects
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
SFTKSessionObject *sftk_narrowToSessionObject(SFTKObject *);
|
|
|
dc0051 |
SFTKTokenObject *sftk_narrowToTokenObject(SFTKObject *);
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
diff --git a/lib/softoken/sftkpars.c b/lib/softoken/sftkpars.c
|
|
|
dc0051 |
--- a/lib/softoken/sftkpars.c
|
|
|
dc0051 |
+++ b/lib/softoken/sftkpars.c
|
|
|
dc0051 |
@@ -244,8 +244,21 @@ sftk_freeParams(sftk_parameters *params)
|
|
|
dc0051 |
FREE_CLEAR(params->configdir);
|
|
|
dc0051 |
FREE_CLEAR(params->secmodName);
|
|
|
dc0051 |
FREE_CLEAR(params->man);
|
|
|
dc0051 |
FREE_CLEAR(params->libdes);
|
|
|
dc0051 |
FREE_CLEAR(params->tokens);
|
|
|
dc0051 |
FREE_CLEAR(params->updatedir);
|
|
|
dc0051 |
FREE_CLEAR(params->updateID);
|
|
|
dc0051 |
}
|
|
|
dc0051 |
+
|
|
|
dc0051 |
+PRBool
|
|
|
dc0051 |
+sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved)
|
|
|
dc0051 |
+{
|
|
|
dc0051 |
+ CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved;
|
|
|
dc0051 |
+
|
|
|
dc0051 |
+ /* if we don't have any params, the flag isn't set */
|
|
|
dc0051 |
+ if ((!init_args || !init_args->LibraryParameters)) {
|
|
|
dc0051 |
+ return PR_FALSE;
|
|
|
dc0051 |
+ }
|
|
|
dc0051 |
+
|
|
|
dc0051 |
+ return NSSUTIL_ArgHasFlag(entry, flag, (const char *)init_args->LibraryParameters);
|
|
|
dc0051 |
+}
|
|
|
dc0051 |
diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h
|
|
|
dc0051 |
--- a/lib/softoken/softoken.h
|
|
|
dc0051 |
+++ b/lib/softoken/softoken.h
|
|
|
dc0051 |
@@ -52,17 +52,17 @@ extern unsigned char *CBC_PadBuffer(PLAr
|
|
|
dc0051 |
unsigned int inlen, unsigned int *outlen,
|
|
|
dc0051 |
int blockSize);
|
|
|
dc0051 |
|
|
|
dc0051 |
/****************************************/
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
** Power-Up selftests are required for FIPS.
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
/* make sure Power-up selftests have been run. */
|
|
|
dc0051 |
-extern CK_RV sftk_FIPSEntryOK(void);
|
|
|
dc0051 |
+extern CK_RV sftk_FIPSEntryOK(PRBool rerun);
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
** make known fixed PKCS #11 key types to their sizes in bytes
|
|
|
dc0051 |
*/
|
|
|
dc0051 |
unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
|
|
|
dc0051 |
|
|
|
dc0051 |
/*
|
|
|
dc0051 |
** FIPS 140-2 auditing
|