120 lines
3.4 KiB
C
120 lines
3.4 KiB
C
/*
|
|
* PKCS #11 FIPS Power-Up Self Test.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
|
|
|
|
#ifndef NSS_FIPS_DISABLED
|
|
|
|
#include "seccomon.h"
|
|
#include "lgdb.h"
|
|
#include "blapi.h"
|
|
|
|
/*
|
|
* different platforms have different ways of calling and initial entry point
|
|
* when the dll/.so is loaded. Most platforms support either a posix pragma
|
|
* or the GCC attribute. Some platforms suppor a pre-defined name, and some
|
|
* platforms have a link line way of invoking this function.
|
|
*/
|
|
|
|
/* The pragma */
|
|
#if defined(USE_INIT_PRAGMA)
|
|
#pragma init(lg_startup_tests)
|
|
#endif
|
|
|
|
/* GCC Attribute */
|
|
#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
|
|
#define INIT_FUNCTION __attribute__((constructor))
|
|
#else
|
|
#define INIT_FUNCTION
|
|
#endif
|
|
|
|
static void INIT_FUNCTION lg_startup_tests(void);
|
|
|
|
/* Windows pre-defined entry */
|
|
#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
|
|
#include <windows.h>
|
|
|
|
BOOL WINAPI
|
|
DllMain(
|
|
HINSTANCE hinstDLL, // handle to DLL module
|
|
DWORD fdwReason, // reason for calling function
|
|
LPVOID lpReserved) // reserved
|
|
{
|
|
// Perform actions based on the reason for calling.
|
|
switch (fdwReason) {
|
|
case DLL_PROCESS_ATTACH:
|
|
// Initialize once for each new process.
|
|
// Return FALSE to fail DLL load.
|
|
lg_startup_tests();
|
|
break;
|
|
|
|
case DLL_THREAD_ATTACH:
|
|
// Do thread-specific initialization.
|
|
break;
|
|
|
|
case DLL_THREAD_DETACH:
|
|
// Do thread-specific cleanup.
|
|
break;
|
|
|
|
case DLL_PROCESS_DETACH:
|
|
// Perform any necessary cleanup.
|
|
break;
|
|
}
|
|
return TRUE; // Successful DLL_PROCESS_ATTACH.
|
|
}
|
|
#endif
|
|
|
|
static PRBool lg_self_tests_ran = PR_FALSE;
|
|
static PRBool lg_self_tests_success = PR_FALSE;
|
|
|
|
static void
|
|
lg_local_function(void)
|
|
{
|
|
}
|
|
|
|
/*
|
|
* This function is called at dll load time, the code tha makes this
|
|
* happen is platform specific on defined above.
|
|
*/
|
|
static void
|
|
lg_startup_tests(void)
|
|
{
|
|
const char *libraryName = LG_LIB_NAME;
|
|
|
|
PORT_Assert(!lg_self_tests_ran);
|
|
PORT_Assert(!lg_self_tests_success);
|
|
lg_self_tests_ran = PR_TRUE;
|
|
lg_self_tests_success = PR_FALSE; /* just in case */
|
|
|
|
/* no self tests required for the legacy db, only the integrity check */
|
|
/* check the integrity of our shared library */
|
|
if (!BLAPI_SHVerify(libraryName, (PRFuncPtr)&lg_local_function)) {
|
|
/* something is wrong with the library, fail without enabling
|
|
* the fips token */
|
|
return;
|
|
}
|
|
/* FIPS product has been installed and is functioning, allow
|
|
* the module to operate in fips mode */
|
|
lg_self_tests_success = PR_TRUE;
|
|
}
|
|
|
|
PRBool
|
|
lg_FIPSEntryOK()
|
|
{
|
|
#ifdef NSS_NO_INIT_SUPPORT
|
|
/* this should only be set on platforms that can't handle one of the INIT
|
|
* schemes. This code allows those platforms to continue to function,
|
|
* though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT
|
|
* is not set, and init support has not been properly enabled, softken
|
|
* will always fail because of the test below */
|
|
if (!lg_self_tests_ran) {
|
|
lg_startup_tests();
|
|
}
|
|
#endif
|
|
return lg_self_tests_success;
|
|
}
|
|
|
|
#endif /* NSS_FIPS_DISABLED */
|