mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bugzilla Bug 347024: Moved the software integrity test from 

nsc_CommonInitialize to the new function sftk_fipsSoftwareIntegrityTest
and have sftk_fipsPowerUpSelfTest call sftk_fipsSoftwareIntegrityTest.
Updated the audit logging code.  Removed an extraneous comma between two
string literals in fipstokn.c. r=relyea,nelsonb.
Modified files: fipstest.c fipstokn.c pkcs11.c
This commit is contained in:
wtchang%redhat.com 2006-08-03 21:50:51 +00:00
Родитель d37535bf42
Коммит fed6abf266
3 изменённых файлов: 23 добавлений и 19 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

21
security/nss/lib/softoken/fipstest.c
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL. * the terms of any one of the MPL, the GPL or the LGPL.
* *
* ***** END LICENSE BLOCK ***** */ * ***** END LICENSE BLOCK ***** */
/* $Id: fipstest.c,v 1.17 2006/07/28 20:45:01 wtchang%redhat.com Exp $ */ /* $Id: fipstest.c,v 1.18 2006/08/03 21:50:51 wtchang%redhat.com Exp $ */
#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */ #include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
/* DES-CBC, DES3-ECB, DES3-CBC, RSA */ /* DES-CBC, DES3-ECB, DES3-CBC, RSA */
@ -1831,6 +1831,19 @@ sftk_fips_RNG_PowerUpSelfTest( void )
return( CKR_OK ); return( CKR_OK );
} }
static CK_RV
sftk_fipsSoftwareIntegrityTest(void)
{
CK_RV crv = CKR_OK;
/* make sure that our check file signatures are OK */
if( !BLAPI_VerifySelf( NULL ) ||
!BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
}
return crv;
}
CK_RV CK_RV
sftk_fipsPowerUpSelfTest( void ) sftk_fipsPowerUpSelfTest( void )
{ {
@ -1928,6 +1941,12 @@ sftk_fipsPowerUpSelfTest( void )
return rv; return rv;
#endif #endif
/* Software/Firmware Integrity Test. */
rv = sftk_fipsSoftwareIntegrityTest();
if( rv != CKR_OK )
return rv;
/* Passed Power-Up SelfTest(s). */ /* Passed Power-Up SelfTest(s). */
return( CKR_OK ); return( CKR_OK );
} }

6
security/nss/lib/softoken/fipstokn.c
Просмотреть файл

@ -438,7 +438,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
char msg[128]; char msg[128];
PR_snprintf(msg,sizeof msg, PR_snprintf(msg,sizeof msg,
"C_Initialize()=0x%08lX " "C_Initialize()=0x%08lX "
"self-test: cryptographic algorithm test failed", "power-up self-tests failed",
(PRUint32)crv); (PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg); sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
} }
@ -637,8 +637,8 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
if (sftk_fatalError) { if (sftk_fatalError) {
severity = NSS_AUDIT_ERROR; severity = NSS_AUDIT_ERROR;
PR_snprintf(msg,sizeof msg, PR_snprintf(msg,sizeof msg,
"C_Login(hSession=%lu, userType=%lu)=0x%08lX ", "C_Login(hSession=%lu, userType=%lu)=0x%08lX "
"self-test: cryptographic algorithm test failed", "power-up self-tests failed",
(PRUint32)hSession,(PRUint32)userType,(PRUint32)rv); (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
} else { } else {
severity = (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ? severity = (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ?

15
security/nss/lib/softoken/pkcs11.c
Просмотреть файл

@ -2986,21 +2986,6 @@ CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
if (isFIPS) { if (isFIPS) {
/* make sure that our check file signatures are OK */
if (!BLAPI_VerifySelf(NULL) ||
!BLAPI_SHVerify(SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_closePeer)) {
crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
if (sftk_audit_enabled) {
char msg[128];
PR_snprintf(msg,sizeof msg,
"C_Initialize()=0x%08lX "
"self-test: software/firmware integrity test failed",
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, msg);
}
return crv;
}
loginWaitTime = PR_SecondsToInterval(1); loginWaitTime = PR_SecondsToInterval(1);
} }