/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c

Bug Summary

File:	root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c
Warning:	line 1433, column 17 Value stored to 'crv' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pk11slot.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/pk11wrap/pk11wrap_pk11wrap -fcoverage-compilation-dir=/root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/pk11wrap/pk11wrap_pk11wrap -resource-dir /usr/lib/llvm-21/lib/clang/21 -include /root/firefox-clang/obj-x86_64-pc-linux-gnu/mozilla-config.h -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D _GLIBCXX_ASSERTIONS -D DEBUG -D SHLIB_SUFFIX="so" -D SHLIB_PREFIX="lib" -D NSS_SHLIB_VERSION="3" -D SOFTOKEN_SHLIB_VERSION="3" -D NSS_FIPS_DISABLED -D NSS_NO_INIT_SUPPORT -D NSS_X86_OR_X64 -D NSS_X64 -D NSS_USE_64 -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -D LINUX2_1 -D LINUX -D linux -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D HAVE_STRERROR -D XP_UNIX -D _REENTRANT -D NSS_DISABLE_DBM -D NSS_DISABLE_LIBPKIX -I /root/firefox-clang/security/nss/lib/pk11wrap -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/security/nss/lib/pk11wrap/pk11wrap_pk11wrap -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/private/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include/nss -I /root/firefox-clang/obj-x86_64-pc-linux-gnu/dist/include -D MOZILLA_CLIENT -internal-isystem /usr/lib/llvm-21/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-range-loop-analysis -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-unknown-warning-option -ferror-limit 19 -fstrict-flex-arrays=1 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2025-06-30-093548-1913035-1 -x c /root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4	/*
5	* Deal with PKCS #11 Slots.
6	*/
7
8	#include <stddef.h>
9
10	#include "seccomon.h"
11	#include "secmod.h"
12	#include "nssilock.h"
13	#include "secmodi.h"
14	#include "secmodti.h"
15	#include "pkcs11t.h"
16	#include "pk11func.h"
17	#include "secitem.h"
18	#include "secerr.h"
19
20	#include "dev.h"
21	#include "dev3hack.h"
22	#include "pkim.h"
23	#include "utilpars.h"
24	#include "pkcs11uri.h"
25
26	/*************************************************************
27	* local static and global data
28	*************************************************************/
29
30	/*
31	* This array helps parsing between names, mechanisms, and flags.
32	* to make the config files understand more entries, add them
33	* to this table.
34	*/
35	const PK11DefaultArrayEntry PK11_DefaultArray[] = {
36	{ "RSA", SECMOD_RSA_FLAG0x00000001L, CKM_RSA_PKCS0x00000001UL },
37	{ "DSA", SECMOD_DSA_FLAG0x00000002L, CKM_DSA0x00000011UL },
38	{ "ECC", SECMOD_ECC_FLAG0x00040000L, CKM_ECDSA0x00001041UL },
39	{ "EDDSA", SECMOD_ECC_FLAG0x00040000L, CKM_EDDSA0x00001057UL },
40	{ "DH", SECMOD_DH_FLAG0x00000020L, CKM_DH_PKCS_DERIVE0x00000021UL },
41	{ "RC2", SECMOD_RC2_FLAG0x00000004L, CKM_RC2_CBC0x00000102UL },
42	{ "RC4", SECMOD_RC4_FLAG0x00000008L, CKM_RC40x00000111UL },
43	{ "DES", SECMOD_DES_FLAG0x00000010L, CKM_DES_CBC0x00000122UL },
44	{ "AES", SECMOD_AES_FLAG0x00002000L, CKM_AES_CBC0x00001082UL },
45	{ "Camellia", SECMOD_CAMELLIA_FLAG0x00010000L, CKM_CAMELLIA_CBC0x00000552UL },
46	{ "SEED", SECMOD_SEED_FLAG0x00020000L, CKM_SEED_CBC0x00000652UL },
47	{ "RC5", SECMOD_RC5_FLAG0x00000080L, CKM_RC5_CBC0x00000332UL },
48	{ "SHA-1", SECMOD_SHA1_FLAG0x00000100L, CKM_SHA_10x00000220UL },
49	/* { "SHA224", SECMOD_SHA256_FLAG, CKM_SHA224 }, */
50	{ "SHA256", SECMOD_SHA256_FLAG0x00004000L, CKM_SHA2560x00000250UL },
51	/* { "SHA384", SECMOD_SHA512_FLAG, CKM_SHA384 }, */
52	{ "SHA512", SECMOD_SHA512_FLAG0x00008000L, CKM_SHA5120x00000270UL },
53	{ "MD5", SECMOD_MD5_FLAG0x00000200L, CKM_MD50x00000210UL },
54	{ "MD2", SECMOD_MD2_FLAG0x00000400L, CKM_MD20x00000200UL },
55	{ "SSL", SECMOD_SSL_FLAG0x00000800L, CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL },
56	{ "TLS", SECMOD_TLS_FLAG0x00001000L, CKM_TLS_MASTER_KEY_DERIVE0x00000375UL },
57	{ "SKIPJACK", SECMOD_FORTEZZA_FLAG0x00000040L, CKM_SKIPJACK_CBC640x00001002UL },
58	{ "Publicly-readable certs", SECMOD_FRIENDLY_FLAG0x10000000L, CKM_INVALID_MECHANISM0xffffffffUL },
59	{ "Random Num Generator", SECMOD_RANDOM_FLAG0x80000000L, CKM_FAKE_RANDOM0x80000efeUL },
60	};
61	const int num_pk11_default_mechanisms =
62	sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);
63
64	const PK11DefaultArrayEntry *
65	PK11_GetDefaultArray(int *size)
66	{
67	if (size) {
68	*size = num_pk11_default_mechanisms;
69	}
70	return PK11_DefaultArray;
71	}
72
73	/*
74	* These slotlists are lists of modules which provide default support for
75	* a given algorithm or mechanism.
76	*/
77	static PK11SlotList
78	pk11_seedSlotList,
79	pk11_camelliaSlotList,
80	pk11_aesSlotList,
81	pk11_desSlotList,
82	pk11_rc4SlotList,
83	pk11_rc2SlotList,
84	pk11_rc5SlotList,
85	pk11_sha1SlotList,
86	pk11_md5SlotList,
87	pk11_md2SlotList,
88	pk11_rsaSlotList,
89	pk11_dsaSlotList,
90	pk11_dhSlotList,
91	pk11_ecSlotList,
92	pk11_ideaSlotList,
93	pk11_sslSlotList,
94	pk11_tlsSlotList,
95	pk11_randomSlotList,
96	pk11_sha256SlotList,
97	pk11_sha512SlotList; /* slots do SHA512 and SHA384 */
98
99	/************************************************************
100	* Generic Slot List and Slot List element manipulations
101	************************************************************/
102
103	/*
104	* allocate a new list
105	*/
106	PK11SlotList *
107	PK11_NewSlotList(void)
108	{
109	PK11SlotList *list;
110
111	list = (PK11SlotList *)PORT_AllocPORT_Alloc_Util(sizeof(PK11SlotList));
112	if (list == NULL((void*)0))
113	return NULL((void*)0);
114	list->head = NULL((void*)0);
115	list->tail = NULL((void*)0);
116	list->lock = PZ_NewLock(nssILockList)PR_NewLock();
117	if (list->lock == NULL((void*)0)) {
118	PORT_FreePORT_Free_Util(list);
119	return NULL((void*)0);
120	}
121
122	return list;
123	}
124
125	/*
126	* free a list element when all the references go away.
127	*/
128	SECStatus
129	PK11_FreeSlotListElement(PK11SlotList list, PK11SlotListElement le)
130	{
131	PRBool freeit = PR_FALSE0;
132
133	if (list == NULL((void)0) \|\| le == NULL((void)0)) {
134	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
135	return SECFailure;
136	}
137
138	PZ_Lock(list->lock)PR_Lock((list->lock));
139	if (le->refCount-- == 1) {
140	freeit = PR_TRUE1;
141	}
142	PZ_Unlock(list->lock)PR_Unlock((list->lock));
143	if (freeit) {
144	PK11_FreeSlot(le->slot);
145	PORT_FreePORT_Free_Util(le);
146	}
147	return SECSuccess;
148	}
149
150	static void
151	pk11_FreeSlotListStatic(PK11SlotList *list)
152	{
153	PK11SlotListElement le, next;
154	if (list == NULL((void*)0))
155	return;
156
157	for (le = list->head; le; le = next) {
158	next = le->next;
159	PK11_FreeSlotListElement(list, le);
160	}
161	if (list->lock) {
162	PZ_DestroyLock(list->lock)PR_DestroyLock((list->lock));
163	}
164	list->lock = NULL((void*)0);
165	list->head = NULL((void*)0);
166	}
167
168	/*
169	* if we are freeing the list, we must be the only ones with a pointer
170	* to the list.
171	*/
172	void
173	PK11_FreeSlotList(PK11SlotList *list)
174	{
175	pk11_FreeSlotListStatic(list);
176	PORT_FreePORT_Free_Util(list);
177	}
178
179	/*
180	* add a slot to a list
181	* "slot" is the slot to be added. Ownership is not transferred.
182	* "sorted" indicates whether or not the slot should be inserted according to
183	* cipherOrder of the associated module. PR_FALSE indicates that the slot
184	* should be inserted to the head of the list.
185	*/
186	SECStatus
187	PK11_AddSlotToList(PK11SlotList list, PK11SlotInfo slot, PRBool sorted)
188	{
189	PK11SlotListElement *le;
190	PK11SlotListElement *element;
191
192	le = (PK11SlotListElement *)PORT_AllocPORT_Alloc_Util(sizeof(PK11SlotListElement));
193	if (le == NULL((void*)0))
194	return SECFailure;
195
196	le->slot = PK11_ReferenceSlot(slot);
197	le->prev = NULL((void*)0);
198	le->refCount = 1;
199	PZ_Lock(list->lock)PR_Lock((list->lock));
200	element = list->head;
201	/* Insertion sort, with higher cipherOrders are sorted first in the list */
202	while (element && sorted && (element->slot->module->cipherOrder > le->slot->module->cipherOrder)) {
203	element = element->next;
204	}
205	if (element) {
206	le->prev = element->prev;
207	element->prev = le;
208	le->next = element;
209	} else {
210	le->prev = list->tail;
211	le->next = NULL((void*)0);
212	list->tail = le;
213	}
214	if (le->prev)
215	le->prev->next = le;
216	if (list->head == element)
217	list->head = le;
218	PZ_Unlock(list->lock)PR_Unlock((list->lock));
219
220	return SECSuccess;
221	}
222
223	/*
224	* remove a slot entry from the list
225	*/
226	SECStatus
227	PK11_DeleteSlotFromList(PK11SlotList list, PK11SlotListElement le)
228	{
229	PZ_Lock(list->lock)PR_Lock((list->lock));
230	if (le->prev)
231	le->prev->next = le->next;
232	else
233	list->head = le->next;
234	if (le->next)
235	le->next->prev = le->prev;
236	else
237	list->tail = le->prev;
238	le->next = le->prev = NULL((void*)0);
239	PZ_Unlock(list->lock)PR_Unlock((list->lock));
240	PK11_FreeSlotListElement(list, le);
241	return SECSuccess;
242	}
243
244	/*
245	* Move a list to the end of the target list.
246	* NOTE: There is no locking here... This assumes BOTH lists are private copy
247	* lists. It also does not re-sort the target list.
248	*/
249	SECStatus
250	pk11_MoveListToList(PK11SlotList target, PK11SlotList src)
251	{
252	if (src->head == NULL((void*)0))
253	return SECSuccess;
254
255	if (target->tail == NULL((void*)0)) {
256	target->head = src->head;
257	} else {
258	target->tail->next = src->head;
259	}
260	src->head->prev = target->tail;
261	target->tail = src->tail;
262	src->head = src->tail = NULL((void*)0);
263	return SECSuccess;
264	}
265
266	/*
267	* get an element from the list with a reference. You must own the list.
268	*/
269	PK11SlotListElement *
270	PK11_GetFirstRef(PK11SlotList *list)
271	{
272	PK11SlotListElement *le;
273
274	le = list->head;
275	if (le != NULL((void*)0))
276	(le)->refCount++;
277	return le;
278	}
279
280	/*
281	* get the next element from the list with a reference. You must own the list.
282	*/
283	PK11SlotListElement *
284	PK11_GetNextRef(PK11SlotList list, PK11SlotListElement le, PRBool restart)
285	{
286	PK11SlotListElement *new_le;
287	new_le = le->next;
288	if (new_le)
289	new_le->refCount++;
290	PK11_FreeSlotListElement(list, le);
291	return new_le;
292	}
293
294	/*
295	* get an element safely from the list. This just makes sure that if
296	* this element is not deleted while we deal with it.
297	*/
298	PK11SlotListElement *
299	PK11_GetFirstSafe(PK11SlotList *list)
300	{
301	PK11SlotListElement *le;
302
303	PZ_Lock(list->lock)PR_Lock((list->lock));
304	le = list->head;
305	if (le != NULL((void*)0))
306	(le)->refCount++;
307	PZ_Unlock(list->lock)PR_Unlock((list->lock));
308	return le;
309	}
310
311	/*
312	* NOTE: if this element gets deleted, we can no longer safely traverse using
313	* it's pointers. We can either terminate the loop, or restart from the
314	* beginning. This is controlled by the restart option.
315	*/
316	PK11SlotListElement *
317	PK11_GetNextSafe(PK11SlotList list, PK11SlotListElement le, PRBool restart)
318	{
319	PK11SlotListElement *new_le;
320	PZ_Lock(list->lock)PR_Lock((list->lock));
321	new_le = le->next;
322	if (le->next == NULL((void*)0)) {
323	/* if the prev and next fields are NULL then either this element
324	* has been removed and we need to walk the list again (if restart
325	* is true) or this was the only element on the list */
326	if ((le->prev == NULL((void*)0)) && restart && (list->head != le)) {
327	new_le = list->head;
328	}
329	}
330	if (new_le)
331	new_le->refCount++;
332	PZ_Unlock(list->lock)PR_Unlock((list->lock));
333	PK11_FreeSlotListElement(list, le);
334	return new_le;
335	}
336
337	/*
338	* Find the element that holds this slot
339	*/
340	PK11SlotListElement *
341	PK11_FindSlotElement(PK11SlotList list, PK11SlotInfo slot)
342	{
343	PK11SlotListElement *le;
344
345	for (le = PK11_GetFirstSafe(list); le;
346	le = PK11_GetNextSafe(list, le, PR_TRUE1)) {
347	if (le->slot == slot)
348	return le;
349	}
350	return NULL((void*)0);
351	}
352
353	/************************************************************
354	* Generic Slot Utilities
355	************************************************************/
356	/*
357	* Create a new slot structure
358	*/
359	PK11SlotInfo *
360	PK11_NewSlotInfo(SECMODModule *mod)
361	{
362	PK11SlotInfo *slot;
363
364	slot = (PK11SlotInfo *)PORT_AllocPORT_Alloc_Util(sizeof(PK11SlotInfo));
365	if (slot == NULL((void*)0)) {
366	return slot;
367	}
368	slot->freeListLock = PZ_NewLock(nssILockFreelist)PR_NewLock();
369	if (slot->freeListLock == NULL((void*)0)) {
370	PORT_FreePORT_Free_Util(slot);
371	return NULL((void*)0);
372	}
373	slot->nssTokenLock = PZ_NewLock(nssILockOther)PR_NewLock();
374	if (slot->nssTokenLock == NULL((void*)0)) {
375	PZ_DestroyLock(slot->freeListLock)PR_DestroyLock((slot->freeListLock));
376	PORT_FreePORT_Free_Util(slot);
377	return NULL((void*)0);
378	}
379	slot->sessionLock = mod->isThreadSafe ? PZ_NewLock(nssILockSession)PR_NewLock() : mod->refLock;
380	if (slot->sessionLock == NULL((void*)0)) {
381	PZ_DestroyLock(slot->nssTokenLock)PR_DestroyLock((slot->nssTokenLock));
382	PZ_DestroyLock(slot->freeListLock)PR_DestroyLock((slot->freeListLock));
383	PORT_FreePORT_Free_Util(slot);
384	return NULL((void*)0);
385	}
386	slot->freeSymKeysWithSessionHead = NULL((void*)0);
387	slot->freeSymKeysHead = NULL((void*)0);
388	slot->keyCount = 0;
389	slot->maxKeyCount = 0;
390	slot->functionList = NULL((void*)0);
391	slot->needTest = PR_TRUE1;
392	slot->isPerm = PR_FALSE0;
393	slot->isHW = PR_FALSE0;
394	slot->isInternal = PR_FALSE0;
395	slot->isThreadSafe = PR_FALSE0;
396	slot->disabled = PR_FALSE0;
397	slot->series = 1;
398	slot->flagSeries = 0;
399	slot->flagState = PR_FALSE0;
400	slot->wrapKey = 0;
401	slot->wrapMechanism = CKM_INVALID_MECHANISM0xffffffffUL;
402	slot->refKeys[0] = CK_INVALID_HANDLE0;
403	slot->reason = PK11_DIS_NONE;
404	slot->readOnly = PR_TRUE1;
405	slot->needLogin = PR_FALSE0;
406	slot->hasRandom = PR_FALSE0;
407	slot->defRWSession = PR_FALSE0;
408	slot->protectedAuthPath = PR_FALSE0;
409	slot->flags = 0;
410	slot->session = CK_INVALID_HANDLE0;
411	slot->slotID = 0;
412	slot->defaultFlags = 0;
413	slot->refCount = 1;
414	slot->askpw = 0;
415	slot->timeout = 0;
416	slot->mechanismList = NULL((void*)0);
417	slot->mechanismCount = 0;
418	slot->cert_array = NULL((void*)0);
419	slot->cert_count = 0;
420	slot->slot_name[0] = 0;
421	slot->token_name[0] = 0;
422	PORT_Memsetmemset(slot->serial, ' ', sizeof(slot->serial));
423	PORT_Memsetmemset(&slot->tokenInfo, 0, sizeof(slot->tokenInfo));
424	slot->module = NULL((void*)0);
425	slot->authTransact = 0;
426	slot->authTime = LL_ZERO0L;
427	slot->minPassword = 0;
428	slot->maxPassword = 0;
429	slot->hasRootCerts = PR_FALSE0;
430	slot->hasRootTrust = PR_FALSE0;
431	slot->nssToken = NULL((void*)0);
432	slot->profileList = NULL((void*)0);
433	slot->profileCount = 0;
434	return slot;
435	}
436
437	/* create a new reference to a slot so it doesn't go away */
438	PK11SlotInfo *
439	PK11_ReferenceSlot(PK11SlotInfo *slot)
440	{
441	PR_ATOMIC_INCREMENT(&slot->refCount)__sync_add_and_fetch(&slot->refCount, 1);
442	return slot;
443	}
444
445	/* Destroy all info on a slot we have built up */
446	void
447	PK11_DestroySlot(PK11SlotInfo *slot)
448	{
449	/* free up the cached keys and sessions */
450	PK11_CleanKeyList(slot);
451
452	/* free up all the sessions on this slot */
453	if (slot->functionList) {
454	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
455	->C_CloseAllSessions(slot->slotID);
456	}
457
458	if (slot->mechanismList) {
459	PORT_FreePORT_Free_Util(slot->mechanismList);
460	}
461	if (slot->profileList) {
462	PORT_FreePORT_Free_Util(slot->profileList);
463	}
464	if (slot->isThreadSafe && slot->sessionLock) {
465	PZ_DestroyLock(slot->sessionLock)PR_DestroyLock((slot->sessionLock));
466	}
467	slot->sessionLock = NULL((void*)0);
468	if (slot->freeListLock) {
469	PZ_DestroyLock(slot->freeListLock)PR_DestroyLock((slot->freeListLock));
470	slot->freeListLock = NULL((void*)0);
471	}
472	if (slot->nssTokenLock) {
473	PZ_DestroyLock(slot->nssTokenLock)PR_DestroyLock((slot->nssTokenLock));
474	slot->nssTokenLock = NULL((void*)0);
475	}
476
477	/* finally Tell our parent module that we've gone away so it can unload */
478	if (slot->module) {
479	SECMOD_SlotDestroyModule(slot->module, PR_TRUE1);
480	}
481
482	/* ok, well not quit finally... now we free the memory */
483	PORT_FreePORT_Free_Util(slot);
484	}
485
486	/* We're all done with the slot, free it */
487	void
488	PK11_FreeSlot(PK11SlotInfo *slot)
489	{
490	if (PR_ATOMIC_DECREMENT(&slot->refCount)__sync_sub_and_fetch(&slot->refCount, 1) == 0) {
491	PK11_DestroySlot(slot);
492	}
493	}
494
495	void
496	PK11_EnterSlotMonitor(PK11SlotInfo *slot)
497	{
498	PZ_Lock(slot->sessionLock)PR_Lock((slot->sessionLock));
499	}
500
501	void
502	PK11_ExitSlotMonitor(PK11SlotInfo *slot)
503	{
504	PZ_Unlock(slot->sessionLock)PR_Unlock((slot->sessionLock));
505	}
506
507	/***********************************************************
508	* Functions to find specific slots.
509	***********************************************************/
510	PRBool
511	SECMOD_HasRootCerts(void)
512	{
513	SECMODModuleList *mlp;
514	SECMODModuleList *modules;
515	SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
516	int i;
517	PRBool found = PR_FALSE0;
518
519	if (!moduleLock) {
520	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NOT_INITIALIZED);
521	return found;
522	}
523
524	/* work through all the slots */
525	SECMOD_GetReadLock(moduleLock);
526	modules = SECMOD_GetDefaultModuleList();
527	for (mlp = modules; mlp != NULL((void*)0); mlp = mlp->next) {
528	for (i = 0; i < mlp->module->slotCount; i++) {
529	PK11SlotInfo *tmpSlot = mlp->module->slots[i];
530	if (PK11_IsPresent(tmpSlot)) {
531	if (tmpSlot->hasRootCerts) {
532	found = PR_TRUE1;
533	break;
534	}
535	}
536	}
537	if (found)
538	break;
539	}
540	SECMOD_ReleaseReadLock(moduleLock);
541
542	return found;
543	}
544
545	/***********************************************************
546	* Functions to find specific slots.
547	***********************************************************/
548	PK11SlotList *
549	PK11_FindSlotsByNames(const char dllName, const char slotName,
550	const char *tokenName, PRBool presentOnly)
551	{
552	SECMODModuleList *mlp;
553	SECMODModuleList *modules;
554	SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
555	int i;
556	PK11SlotList slotList = NULL((void)0);
557	PRUint32 slotcount = 0;
558	SECStatus rv = SECSuccess;
559
560	if (!moduleLock) {
561	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NOT_INITIALIZED);
562	return slotList;
563	}
564
565	slotList = PK11_NewSlotList();
566	if (!slotList) {
567	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MEMORY);
568	return slotList;
569	}
570
571	if (((NULL((void)0) == dllName) \|\| (0 == dllName)) &&
572	((NULL((void)0) == slotName) \|\| (0 == slotName)) &&
573	((NULL((void)0) == tokenName) \|\| (0 == tokenName))) {
574	/* default to softoken */
575	/* PK11_GetInternalKeySlot increments the refcount on the internal slot,
576	* but so does PK11_AddSlotToList. To avoid erroneously increasing the
577	* refcount twice, we get our own reference to the internal slot and
578	* decrement its refcount when we're done with it. */
579	PK11SlotInfo *internalKeySlot = PK11_GetInternalKeySlot();
580	PK11_AddSlotToList(slotList, internalKeySlot, PR_TRUE1);
581	PK11_FreeSlot(internalKeySlot);
582	return slotList;
583	}
584
585	/* work through all the slots */
586	SECMOD_GetReadLock(moduleLock);
587	modules = SECMOD_GetDefaultModuleList();
588	for (mlp = modules; mlp != NULL((void*)0); mlp = mlp->next) {
589	PORT_Assert(mlp->module)((mlp->module)?((void)0):PR_Assert("mlp->module","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,589));
590	if (!mlp->module) {
591	rv = SECFailure;
592	break;
593	}
594	if ((!dllName) \|\| (mlp->module->dllName &&
595	(0 == PORT_Strcmpstrcmp(mlp->module->dllName, dllName)))) {
596	for (i = 0; i < mlp->module->slotCount; i++) {
597	PK11SlotInfo tmpSlot = (mlp->module->slots ? mlp->module->slots[i] : NULL((void)0));
598	PORT_Assert(tmpSlot)((tmpSlot)?((void)0):PR_Assert("tmpSlot","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,598));
599	if (!tmpSlot) {
600	rv = SECFailure;
601	break;
602	}
603	if ((PR_FALSE0 == presentOnly \|\| PK11_IsPresent(tmpSlot)) &&
604	((!tokenName) \|\|
605	(0 == PORT_Strcmpstrcmp(tmpSlot->token_name, tokenName))) &&
606	((!slotName) \|\|
607	(0 == PORT_Strcmpstrcmp(tmpSlot->slot_name, slotName)))) {
608	PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE1);
609	slotcount++;
610	}
611	}
612	}
613	}
614	SECMOD_ReleaseReadLock(moduleLock);
615
616	if ((0 == slotcount) \|\| (SECFailure == rv)) {
617	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_TOKEN);
618	PK11_FreeSlotList(slotList);
619	slotList = NULL((void*)0);
620	}
621
622	if (SECFailure == rv) {
623	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE);
624	}
625
626	return slotList;
627	}
628
629	typedef PRBool (PK11SlotMatchFunc)(PK11SlotInfo slot, const void *arg);
630
631	static PRBool
632	pk11_MatchSlotByTokenName(PK11SlotInfo slot, const void arg)
633	{
634	return PORT_Strcmpstrcmp(slot->token_name, arg) == 0;
635	}
636
637	static PRBool
638	pk11_MatchSlotBySerial(PK11SlotInfo slot, const void arg)
639	{
640	return PORT_Memcmpmemcmp(slot->serial, arg, sizeof(slot->serial)) == 0;
641	}
642
643	static PRBool
644	pk11_MatchSlotByTokenURI(PK11SlotInfo slot, const void arg)
645	{
646	return pk11_MatchUriTokenInfo(slot, (PK11URI *)arg);
647	}
648
649	static PK11SlotInfo *
650	pk11_FindSlot(const void *arg, PK11SlotMatchFunc func)
651	{
652	SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
653	SECMODModuleList *mlp;
654	SECMODModuleList *modules;
655	int i;
656	PK11SlotInfo slot = NULL((void)0);
657
658	if (!moduleLock) {
659	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NOT_INITIALIZED);
660	return slot;
661	}
662	/* work through all the slots */
663	SECMOD_GetReadLock(moduleLock);
664	modules = SECMOD_GetDefaultModuleList();
665	for (mlp = modules; mlp != NULL((void*)0); mlp = mlp->next) {
666	for (i = 0; i < mlp->module->slotCount; i++) {
667	PK11SlotInfo *tmpSlot = mlp->module->slots[i];
668	if (PK11_IsPresent(tmpSlot)) {
669	if (func(tmpSlot, arg)) {
670	slot = PK11_ReferenceSlot(tmpSlot);
671	break;
672	}
673	}
674	}
675	if (slot != NULL((void*)0))
676	break;
677	}
678	SECMOD_ReleaseReadLock(moduleLock);
679
680	if (slot == NULL((void*)0)) {
681	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_TOKEN);
682	}
683
684	return slot;
685	}
686
687	static PK11SlotInfo *
688	pk11_FindSlotByTokenURI(const char *uriString)
689	{
690	PK11SlotInfo slot = NULL((void)0);
691	PK11URI *uri;
692
693	uri = PK11URI_ParseURI(uriString);
694	if (!uri) {
695	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
696	return slot;
697	}
698
699	slot = pk11_FindSlot(uri, pk11_MatchSlotByTokenURI);
700	PK11URI_DestroyURI(uri);
701	return slot;
702	}
703
704	PK11SlotInfo *
705	PK11_FindSlotByName(const char *name)
706	{
707	if ((name == NULL((void)0)) \|\| (name == 0)) {
708	return PK11_GetInternalKeySlot();
709	}
710
711	if (!PORT_StrncasecmpPL_strncasecmp(name, "pkcs11:", strlen("pkcs11:"))) {
712	return pk11_FindSlotByTokenURI(name);
713	}
714
715	return pk11_FindSlot(name, pk11_MatchSlotByTokenName);
716	}
717
718	PK11SlotInfo *
719	PK11_FindSlotBySerial(char *serial)
720	{
721	return pk11_FindSlot(serial, pk11_MatchSlotBySerial);
722	}
723
724	/*
725	* notification stub. If we ever get interested in any events that
726	* the pkcs11 functions may pass back to use, we can catch them here...
727	* currently pdata is a slotinfo structure.
728	*/
729	CK_RV
730	pk11_notify(CK_SESSION_HANDLE session, CK_NOTIFICATION event,
731	CK_VOID_PTR pdata)
732	{
733	return CKR_OK0x00000000UL;
734	}
735
736	/*
737	* grab a new RW session
738	* !!! has a side effect of grabbing the Monitor if either the slot's default
739	* session is RW or the slot is not thread safe. Monitor is release in function
740	* below
741	*/
742	CK_SESSION_HANDLE
743	PK11_GetRWSession(PK11SlotInfo *slot)
744	{
745	CK_SESSION_HANDLE rwsession;
746	CK_RV crv;
747	PRBool haveMonitor = PR_FALSE0;
748
749	if (!slot->isThreadSafe \|\| slot->defRWSession) {
750	PK11_EnterSlotMonitor(slot);
751	haveMonitor = PR_TRUE1;
752	}
753	if (slot->defRWSession) {
754	PORT_Assert(slot->session != CK_INVALID_HANDLE)((slot->session != 0)?((void)0):PR_Assert("slot->session != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c",754 ));
755	if (slot->session != CK_INVALID_HANDLE0)
756	return slot->session;
757	}
758
759	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_OpenSession(slot->slotID,
760	CKF_RW_SESSION0x00000002UL \| CKF_SERIAL_SESSION0x00000004UL,
761	slot, pk11_notify, &rwsession);
762	PORT_Assert(rwsession != CK_INVALID_HANDLE \|\| crv != CKR_OK)((rwsession != 0 \|\| crv != 0x00000000UL)?((void)0):PR_Assert( "rwsession != CK_INVALID_HANDLE \|\| crv != CKR_OK","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,762));
763	if (crv != CKR_OK0x00000000UL \|\| rwsession == CK_INVALID_HANDLE0) {
764	if (crv == CKR_OK0x00000000UL)
765	crv = CKR_DEVICE_ERROR0x00000030UL;
766	if (haveMonitor)
767	PK11_ExitSlotMonitor(slot);
768	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
769	return CK_INVALID_HANDLE0;
770	}
771	if (slot->defRWSession) { /* we have the monitor */
772	slot->session = rwsession;
773	}
774	return rwsession;
775	}
776
777	PRBool
778	PK11_RWSessionHasLock(PK11SlotInfo *slot, CK_SESSION_HANDLE session_handle)
779	{
780	PRBool hasLock;
781	hasLock = (PRBool)(!slot->isThreadSafe \|\|
782	(slot->defRWSession && slot->session != CK_INVALID_HANDLE0));
783	return hasLock;
784	}
785
786	static PRBool
787	pk11_RWSessionIsDefault(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
788	{
789	PRBool isDefault;
790	isDefault = (PRBool)(slot->session == rwsession &&
791	slot->defRWSession &&
792	slot->session != CK_INVALID_HANDLE0);
793	return isDefault;
794	}
795
796	/*
797	* close the rwsession and restore our readonly session
798	* !!! has a side effect of releasing the Monitor if either the slot's default
799	* session is RW or the slot is not thread safe.
800	*/
801	void
802	PK11_RestoreROSession(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
803	{
804	PORT_Assert(rwsession != CK_INVALID_HANDLE)((rwsession != 0)?((void)0):PR_Assert("rwsession != CK_INVALID_HANDLE" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c",804 ));
805	if (rwsession != CK_INVALID_HANDLE0) {
806	PRBool doExit = PK11_RWSessionHasLock(slot, rwsession);
807	if (!pk11_RWSessionIsDefault(slot, rwsession))
808	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
809	->C_CloseSession(rwsession);
810	if (doExit)
811	PK11_ExitSlotMonitor(slot);
812	}
813	}
814
815	/************************************************************
816	* Manage the built-In Slot Lists
817	************************************************************/
818
819	/* Init the static built int slot list (should actually integrate
820	* with PK11_NewSlotList */
821	static void
822	pk11_InitSlotListStatic(PK11SlotList *list)
823	{
824	list->lock = PZ_NewLock(nssILockList)PR_NewLock();
825	list->head = NULL((void*)0);
826	}
827
828	/* initialize the system slotlists */
829	SECStatus
830	PK11_InitSlotLists(void)
831	{
832	pk11_InitSlotListStatic(&pk11_seedSlotList);
833	pk11_InitSlotListStatic(&pk11_camelliaSlotList);
834	pk11_InitSlotListStatic(&pk11_aesSlotList);
835	pk11_InitSlotListStatic(&pk11_desSlotList);
836	pk11_InitSlotListStatic(&pk11_rc4SlotList);
837	pk11_InitSlotListStatic(&pk11_rc2SlotList);
838	pk11_InitSlotListStatic(&pk11_rc5SlotList);
839	pk11_InitSlotListStatic(&pk11_md5SlotList);
840	pk11_InitSlotListStatic(&pk11_md2SlotList);
841	pk11_InitSlotListStatic(&pk11_sha1SlotList);
842	pk11_InitSlotListStatic(&pk11_rsaSlotList);
843	pk11_InitSlotListStatic(&pk11_dsaSlotList);
844	pk11_InitSlotListStatic(&pk11_dhSlotList);
845	pk11_InitSlotListStatic(&pk11_ecSlotList);
846	pk11_InitSlotListStatic(&pk11_ideaSlotList);
847	pk11_InitSlotListStatic(&pk11_sslSlotList);
848	pk11_InitSlotListStatic(&pk11_tlsSlotList);
849	pk11_InitSlotListStatic(&pk11_randomSlotList);
850	pk11_InitSlotListStatic(&pk11_sha256SlotList);
851	pk11_InitSlotListStatic(&pk11_sha512SlotList);
852	return SECSuccess;
853	}
854
855	void
856	PK11_DestroySlotLists(void)
857	{
858	pk11_FreeSlotListStatic(&pk11_seedSlotList);
859	pk11_FreeSlotListStatic(&pk11_camelliaSlotList);
860	pk11_FreeSlotListStatic(&pk11_aesSlotList);
861	pk11_FreeSlotListStatic(&pk11_desSlotList);
862	pk11_FreeSlotListStatic(&pk11_rc4SlotList);
863	pk11_FreeSlotListStatic(&pk11_rc2SlotList);
864	pk11_FreeSlotListStatic(&pk11_rc5SlotList);
865	pk11_FreeSlotListStatic(&pk11_md5SlotList);
866	pk11_FreeSlotListStatic(&pk11_md2SlotList);
867	pk11_FreeSlotListStatic(&pk11_sha1SlotList);
868	pk11_FreeSlotListStatic(&pk11_rsaSlotList);
869	pk11_FreeSlotListStatic(&pk11_dsaSlotList);
870	pk11_FreeSlotListStatic(&pk11_dhSlotList);
871	pk11_FreeSlotListStatic(&pk11_ecSlotList);
872	pk11_FreeSlotListStatic(&pk11_ideaSlotList);
873	pk11_FreeSlotListStatic(&pk11_sslSlotList);
874	pk11_FreeSlotListStatic(&pk11_tlsSlotList);
875	pk11_FreeSlotListStatic(&pk11_randomSlotList);
876	pk11_FreeSlotListStatic(&pk11_sha256SlotList);
877	pk11_FreeSlotListStatic(&pk11_sha512SlotList);
878	return;
879	}
880
881	/* return a system slot list based on mechanism */
882	PK11SlotList *
883	PK11_GetSlotList(CK_MECHANISM_TYPE type)
884	{
885	/* XXX a workaround for Bugzilla bug #55267 */
886	#if defined(HPUX) && defined(__LP64__1)
887	if (CKM_INVALID_MECHANISM0xffffffffUL == type)
888	return NULL((void*)0);
889	#endif
890	switch (type) {
891	case CKM_SEED_CBC0x00000652UL:
892	case CKM_SEED_ECB0x00000651UL:
893	return &pk11_seedSlotList;
894	case CKM_CAMELLIA_CBC0x00000552UL:
895	case CKM_CAMELLIA_ECB0x00000551UL:
896	return &pk11_camelliaSlotList;
897	case CKM_AES_CBC0x00001082UL:
898	case CKM_AES_CCM0x00001088UL:
899	case CKM_AES_CTR0x00001086UL:
900	case CKM_AES_CTS0x00001089UL:
901	case CKM_AES_GCM0x00001087UL:
902	case CKM_AES_ECB0x00001081UL:
903	return &pk11_aesSlotList;
904	case CKM_DES_CBC0x00000122UL:
905	case CKM_DES_ECB0x00000121UL:
906	case CKM_DES3_ECB0x00000132UL:
907	case CKM_DES3_CBC0x00000133UL:
908	return &pk11_desSlotList;
909	case CKM_RC40x00000111UL:
910	return &pk11_rc4SlotList;
911	case CKM_RC5_CBC0x00000332UL:
912	return &pk11_rc5SlotList;
913	case CKM_SHA_10x00000220UL:
914	return &pk11_sha1SlotList;
915	case CKM_SHA2240x00000255UL:
916	case CKM_SHA2560x00000250UL:
917	case CKM_SHA3_2240x000002B5UL:
918	case CKM_SHA3_2560x000002B0UL:
919	return &pk11_sha256SlotList;
920	case CKM_SHA3840x00000260UL:
921	case CKM_SHA5120x00000270UL:
922	case CKM_SHA3_3840x000002C0UL:
923	case CKM_SHA3_5120x000002D0UL:
924	return &pk11_sha512SlotList;
925	case CKM_MD50x00000210UL:
926	return &pk11_md5SlotList;
927	case CKM_MD20x00000200UL:
928	return &pk11_md2SlotList;
929	case CKM_RC2_ECB0x00000101UL:
930	case CKM_RC2_CBC0x00000102UL:
931	return &pk11_rc2SlotList;
932	case CKM_RSA_PKCS0x00000001UL:
933	case CKM_RSA_PKCS_KEY_PAIR_GEN0x00000000UL:
934	case CKM_RSA_X_5090x00000003UL:
935	return &pk11_rsaSlotList;
936	case CKM_DSA0x00000011UL:
937	return &pk11_dsaSlotList;
938	case CKM_DH_PKCS_KEY_PAIR_GEN0x00000020UL:
939	case CKM_DH_PKCS_DERIVE0x00000021UL:
940	return &pk11_dhSlotList;
941	case CKM_EDDSA0x00001057UL:
942	case CKM_EC_EDWARDS_KEY_PAIR_GEN0x00001055UL:
943	case CKM_ECDSA0x00001041UL:
944	case CKM_ECDSA_SHA10x00001042UL:
945	case CKM_EC_KEY_PAIR_GEN0x00001040UL: /* aka CKM_ECDSA_KEY_PAIR_GEN */
946	case CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN((0x80000000UL \| 0x4E534350) + 47):
947	case CKM_ECDH1_DERIVE0x00001050UL:
948	case CKM_NSS_KYBER_KEY_PAIR_GEN((0x80000000UL \| 0x4E534350) + 45): /* Bug 1893029 */
949	case CKM_NSS_KYBER((0x80000000UL \| 0x4E534350) + 46):
950	case CKM_NSS_ML_KEM_KEY_PAIR_GEN((0x80000000UL \| 0x4E534350) + 48): /* Bug 1893029 */
951	case CKM_NSS_ML_KEM((0x80000000UL \| 0x4E534350) + 49):
952	return &pk11_ecSlotList;
953	case CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL:
954	case CKM_SSL3_MASTER_KEY_DERIVE0x00000371UL:
955	case CKM_SSL3_SHA1_MAC0x00000381UL:
956	case CKM_SSL3_MD5_MAC0x00000380UL:
957	return &pk11_sslSlotList;
958	case CKM_TLS_MASTER_KEY_DERIVE0x00000375UL:
959	case CKM_TLS_KEY_AND_MAC_DERIVE0x00000376UL:
960	case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256((0x80000000UL \| 0x4E534350) + 23):
961	return &pk11_tlsSlotList;
962	case CKM_IDEA_CBC0x00000342UL:
963	case CKM_IDEA_ECB0x00000341UL:
964	return &pk11_ideaSlotList;
965	case CKM_FAKE_RANDOM0x80000efeUL:
966	return &pk11_randomSlotList;
967	}
968	return NULL((void*)0);
969	}
970
971	/*
972	* load the static SlotInfo structures used to select a PKCS11 slot.
973	* preSlotInfo has a list of all the default flags for the slots on this
974	* module.
975	*/
976	void
977	PK11_LoadSlotList(PK11SlotInfo slot, PK11PreSlotInfo psi, int count)
978	{
979	int i;
980
981	for (i = 0; i < count; i++) {
982	if (psi[i].slotID == slot->slotID)
983	break;
984	}
985
986	if (i == count)
987	return;
988
989	slot->defaultFlags = psi[i].defaultFlags;
990	slot->askpw = psi[i].askpw;
991	slot->timeout = psi[i].timeout;
992	slot->hasRootCerts = psi[i].hasRootCerts;
993
994	/* if the slot is already disabled, don't load them into the
995	* default slot lists. We get here so we can save the default
996	* list value. */
997	if (slot->disabled)
998	return;
999
1000	/* if the user has disabled us, don't load us in */
1001	if (slot->defaultFlags & PK11_DISABLE_FLAG0x40000000L) {
1002	slot->disabled = PR_TRUE1;
1003	slot->reason = PK11_DIS_USER_SELECTED;
1004	/* free up sessions and things?? */
1005	return;
1006	}
1007
1008	for (i = 0; i < num_pk11_default_mechanisms; i++) {
1009	if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
1010	CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
1011	PK11SlotList *slotList = PK11_GetSlotList(mechanism);
1012
1013	if (slotList)
1014	PK11_AddSlotToList(slotList, slot, PR_FALSE0);
1015	}
1016	}
1017
1018	return;
1019	}
1020
1021	/*
1022	* update a slot to its new attribute according to the slot list
1023	* returns: SECSuccess if nothing to do or add/delete is successful
1024	*/
1025	SECStatus
1026	PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
1027	const PK11DefaultArrayEntry *entry,
1028	PRBool add)
1029	/* add: PR_TRUE if want to turn on */
1030	{
1031	SECStatus result = SECSuccess;
1032	PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);
1033
1034	if (add) { /* trying to turn on a mechanism */
1035
1036	/* turn on the default flag in the slot */
1037	slot->defaultFlags \|= entry->flag;
1038
1039	/* add this slot to the list */
1040	if (slotList != NULL((void*)0))
1041	result = PK11_AddSlotToList(slotList, slot, PR_FALSE0);
1042
1043	} else { /* trying to turn off */
1044
1045	/* turn OFF the flag in the slot */
1046	slot->defaultFlags &= ~entry->flag;
1047
1048	if (slotList) {
1049	/* find the element in the list & delete it */
1050	PK11SlotListElement *le = PK11_FindSlotElement(slotList, slot);
1051
1052	/* remove the slot from the list */
1053	if (le)
1054	result = PK11_DeleteSlotFromList(slotList, le);
1055	}
1056	}
1057	return result;
1058	}
1059
1060	/*
1061	* clear a slot off of all of it's default list
1062	*/
1063	void
1064	PK11_ClearSlotList(PK11SlotInfo *slot)
1065	{
1066	int i;
1067
1068	if (slot->disabled)
1069	return;
1070	if (slot->defaultFlags == 0)
1071	return;
1072
1073	for (i = 0; i < num_pk11_default_mechanisms; i++) {
1074	if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
1075	CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
1076	PK11SlotList *slotList = PK11_GetSlotList(mechanism);
1077	PK11SlotListElement le = NULL((void)0);
1078
1079	if (slotList)
1080	le = PK11_FindSlotElement(slotList, slot);
1081
1082	if (le) {
1083	PK11_DeleteSlotFromList(slotList, le);
1084	PK11_FreeSlotListElement(slotList, le);
1085	}
1086	}
1087	}
1088	}
1089
1090	/******************************************************************
1091	* Slot initialization
1092	******************************************************************/
1093	/*
1094	* turn a PKCS11 Static Label into a string
1095	*/
1096	char *
1097	PK11_MakeString(PLArenaPool arena, char space,
1098	char *staticString, int stringLen)
1099	{
1100	int i;
1101	char *newString;
1102	for (i = (stringLen - 1); i >= 0; i--) {
1103	if (staticString[i] != ' ')
1104	break;
1105	}
1106	/* move i to point to the last space */
1107	i++;
1108	if (arena) {
1109	newString = (char )PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, i + 1 / space for NULL */);
1110	} else if (space) {
1111	newString = space;
1112	} else {
1113	newString = (char )PORT_AllocPORT_Alloc_Util(i + 1 / space for NULL */);
1114	}
1115	if (newString == NULL((void*)0))
1116	return NULL((void*)0);
1117
1118	if (i)
1119	PORT_Memcpymemcpy(newString, staticString, i);
1120	newString[i] = 0;
1121
1122	return newString;
1123	}
1124
1125	/*
1126	* check if a null-terminated string matches with a PKCS11 Static Label
1127	*/
1128	PRBool
1129	pk11_MatchString(const char *string,
1130	const char *staticString, size_t staticStringLen)
1131	{
1132	size_t i = staticStringLen;
1133
1134	/* move i to point to the last space */
1135	while (i > 0) {
1136	if (staticString[i - 1] != ' ')
1137	break;
1138	i--;
1139	}
1140
1141	if (strlen(string) == i && memcmp(string, staticString, i) == 0) {
1142	return PR_TRUE1;
1143	}
1144
1145	return PR_FALSE0;
1146	}
1147
1148	/*
1149	* Reads in the slots mechanism list for later use
1150	*/
1151	SECStatus
1152	PK11_ReadMechanismList(PK11SlotInfo *slot)
1153	{
1154	CK_ULONG count;
1155	CK_RV crv;
1156	PRUint32 i;
1157
1158	if (slot->mechanismList) {
1159	PORT_FreePORT_Free_Util(slot->mechanismList);
1160	slot->mechanismList = NULL((void*)0);
1161	}
1162	slot->mechanismCount = 0;
1163
1164	if (!slot->isThreadSafe)
1165	PK11_EnterSlotMonitor(slot);
1166	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismList(slot->slotID, NULL((void*)0), &count);
1167	if (crv != CKR_OK0x00000000UL) {
1168	if (!slot->isThreadSafe)
1169	PK11_ExitSlotMonitor(slot);
1170	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1171	return SECFailure;
1172	}
1173
1174	slot->mechanismList = (CK_MECHANISM_TYPE *)
1175	PORT_AllocPORT_Alloc_Util(count * sizeof(CK_MECHANISM_TYPE));
1176	if (slot->mechanismList == NULL((void*)0)) {
1177	if (!slot->isThreadSafe)
1178	PK11_ExitSlotMonitor(slot);
1179	return SECFailure;
1180	}
1181	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismList(slot->slotID,
1182	slot->mechanismList, &count);
1183	if (!slot->isThreadSafe)
1184	PK11_ExitSlotMonitor(slot);
1185	if (crv != CKR_OK0x00000000UL) {
1186	PORT_FreePORT_Free_Util(slot->mechanismList);
1187	slot->mechanismList = NULL((void*)0);
1188	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1189	return SECSuccess;
1190	}
1191	slot->mechanismCount = count;
1192	PORT_Memsetmemset(slot->mechanismBits, 0, sizeof(slot->mechanismBits));
1193
1194	for (i = 0; i < count; i++) {
1195	CK_MECHANISM_TYPE mech = slot->mechanismList[i];
1196	if (mech < 0x7ff) {
1197	slot->mechanismBits[mech & 0xff] \|= 1 << (mech >> 8);
1198	}
1199	}
1200	return SECSuccess;
1201	}
1202
1203	static SECStatus
1204	pk11_ReadProfileList(PK11SlotInfo *slot)
1205	{
1206	CK_ATTRIBUTE findTemp[2];
1207	CK_ATTRIBUTE *attrs;
1208	CK_BBOOL cktrue = CK_TRUE1;
1209	CK_OBJECT_CLASS oclass = CKO_PROFILE0x00000009UL;
1210	size_t tsize;
1211	int objCount;
1212	CK_OBJECT_HANDLE handles = NULL((void)0);
1213	int i;
1214
1215	attrs = findTemp;
1216	PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue))(attrs)->type = (0x00000001UL); (attrs)->pValue = (& cktrue); (attrs)->ulValueLen = (sizeof(cktrue));;
1217	attrs++;
1218	PK11_SETATTRS(attrs, CKA_CLASS, &oclass, sizeof(oclass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& oclass); (attrs)->ulValueLen = (sizeof(oclass));;
1219	attrs++;
1220	tsize = attrs - findTemp;
1221	PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))((tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c",1221 ));
1222
1223	if (slot->profileList) {
1224	PORT_FreePORT_Free_Util(slot->profileList);
1225	slot->profileList = NULL((void*)0);
1226	}
1227	slot->profileCount = 0;
1228
1229	objCount = 0;
1230	handles = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
1231	if (handles == NULL((void*)0)) {
1232	if (objCount < 0) {
1233	return SECFailure; /* error code is set */
1234	}
1235	PORT_Assert(objCount == 0)((objCount == 0)?((void)0):PR_Assert("objCount == 0","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,1235));
1236	return SECSuccess;
1237	}
1238
1239	slot->profileList = (CK_PROFILE_ID *)
1240	PORT_AllocPORT_Alloc_Util(objCount * sizeof(CK_PROFILE_ID));
1241	if (slot->profileList == NULL((void*)0)) {
1242	PORT_FreePORT_Free_Util(handles);
1243	return SECFailure; /* error code is set */
1244	}
1245
1246	for (i = 0; i < objCount; i++) {
1247	CK_ULONG value;
1248
1249	value = PK11_ReadULongAttribute(slot, handles[i], CKA_PROFILE_ID0x00000601UL);
1250	if (value == CK_UNAVAILABLE_INFORMATION(~0UL)) {
1251	continue;
1252	}
1253	slot->profileList[slot->profileCount++] = value;
1254	}
1255
1256	PORT_FreePORT_Free_Util(handles);
1257	return SECSuccess;
1258	}
1259
1260	static PRBool
1261	pk11_HasProfile(PK11SlotInfo *slot, CK_PROFILE_ID id)
1262	{
1263	int i;
1264
1265	for (i = 0; i < slot->profileCount; i++) {
1266	if (slot->profileList[i] == id) {
1267	return PR_TRUE1;
1268	}
1269	}
1270	return PR_FALSE0;
1271	}
1272
1273	/*
1274	* initialize a new token
1275	* unlike initialize slot, this can be called multiple times in the lifetime
1276	* of NSS. It reads the information associated with a card or token,
1277	* that is not going to change unless the card or token changes.
1278	*/
1279	SECStatus
1280	PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
1281	{
1282	CK_RV crv;
1283	SECStatus rv;
1284	PRStatus status;
1285	NSSToken *nssToken;
1286
1287	/* set the slot flags to the current token values */
1288	if (!slot->isThreadSafe)
1289	PK11_EnterSlotMonitor(slot);
1290	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetTokenInfo(slot->slotID, &slot->tokenInfo);
1291	if (!slot->isThreadSafe)
1292	PK11_ExitSlotMonitor(slot);
1293	if (crv != CKR_OK0x00000000UL) {
1294	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1295	return SECFailure;
1296	}
1297
1298	/* set the slot flags to the current token values */
1299	slot->series++; /* allow other objects to detect that the
1300	* slot is different */
1301	slot->flags = slot->tokenInfo.flags;
1302	slot->needLogin = ((slot->tokenInfo.flags & CKF_LOGIN_REQUIRED0x00000004UL) ? PR_TRUE1 : PR_FALSE0);
1303	slot->readOnly = ((slot->tokenInfo.flags & CKF_WRITE_PROTECTED0x00000002UL) ? PR_TRUE1 : PR_FALSE0);
1304
1305	slot->hasRandom = ((slot->tokenInfo.flags & CKF_RNG0x00000001UL) ? PR_TRUE1 : PR_FALSE0);
1306	slot->protectedAuthPath =
1307	((slot->tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH0x00000100UL)
1308	? PR_TRUE1
1309	: PR_FALSE0);
1310	slot->lastLoginCheck = 0;
1311	slot->lastState = 0;
1312	/* on some platforms Active Card incorrectly sets the
1313	* CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */
1314	if (slot->isActiveCard) {
1315	slot->protectedAuthPath = PR_FALSE0;
1316	}
1317	(void)PK11_MakeString(NULL((void*)0), slot->token_name,
1318	(char *)slot->tokenInfo.label, sizeof(slot->tokenInfo.label));
1319	slot->minPassword = slot->tokenInfo.ulMinPinLen;
1320	slot->maxPassword = slot->tokenInfo.ulMaxPinLen;
1321	PORT_Memcpymemcpy(slot->serial, slot->tokenInfo.serialNumber, sizeof(slot->serial));
1322
1323	nssToken = PK11Slot_GetNSSToken(slot);
1324	nssToken_UpdateName(nssToken); /* null token is OK */
1325	(void)nssToken_Destroy(nssToken);
1326
1327	slot->defRWSession = (PRBool)((!slot->readOnly) &&
1328	(slot->tokenInfo.ulMaxSessionCount == 1));
1329	rv = PK11_ReadMechanismList(slot);
1330	if (rv != SECSuccess)
1331	return rv;
1332
1333	slot->hasRSAInfo = PR_FALSE0;
1334	slot->RSAInfoFlags = 0;
1335
1336	/* initialize the maxKeyCount value */
1337	if (slot->tokenInfo.ulMaxSessionCount == 0) {
1338	slot->maxKeyCount = 800; /* should be #define or a config param */
1339	} else if (slot->tokenInfo.ulMaxSessionCount < 20) {
1340	/* don't have enough sessions to keep that many keys around */
1341	slot->maxKeyCount = 0;
1342	} else {
1343	slot->maxKeyCount = slot->tokenInfo.ulMaxSessionCount / 2;
1344	}
1345
1346	/* Make sure our session handle is valid */
1347	if (slot->session == CK_INVALID_HANDLE0) {
1348	/* we know we don't have a valid session, go get one */
1349	CK_SESSION_HANDLE session;
1350
1351	/* session should be Readonly, serial */
1352	if (!slot->isThreadSafe)
1353	PK11_EnterSlotMonitor(slot);
1354	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_OpenSession(slot->slotID,
1355	(slot->defRWSession ? CKF_RW_SESSION0x00000002UL : 0) \| CKF_SERIAL_SESSION0x00000004UL,
1356	slot, pk11_notify, &session);
1357	if (!slot->isThreadSafe)
1358	PK11_ExitSlotMonitor(slot);
1359	if (crv != CKR_OK0x00000000UL) {
1360	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1361	return SECFailure;
1362	}
1363	slot->session = session;
1364	} else {
1365	/* The session we have may be defunct (the token associated with it)
1366	* has been removed */
1367	CK_SESSION_INFO sessionInfo;
1368
1369	if (!slot->isThreadSafe)
1370	PK11_EnterSlotMonitor(slot);
1371	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetSessionInfo(slot->session, &sessionInfo);
1372	if (crv == CKR_DEVICE_ERROR0x00000030UL) {
1373	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
1374	->C_CloseSession(slot->session);
1375	crv = CKR_SESSION_CLOSED0x000000B0UL;
1376	}
1377	if ((crv == CKR_SESSION_CLOSED0x000000B0UL) \|\| (crv == CKR_SESSION_HANDLE_INVALID0x000000B3UL)) {
1378	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_OpenSession(slot->slotID,
1379	(slot->defRWSession ? CKF_RW_SESSION0x00000002UL : 0) \| CKF_SERIAL_SESSION0x00000004UL,
1380	slot, pk11_notify, &slot->session);
1381	if (crv != CKR_OK0x00000000UL) {
1382	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1383	slot->session = CK_INVALID_HANDLE0;
1384	if (!slot->isThreadSafe)
1385	PK11_ExitSlotMonitor(slot);
1386	return SECFailure;
1387	}
1388	}
1389	if (!slot->isThreadSafe)
1390	PK11_ExitSlotMonitor(slot);
1391	}
1392
1393	nssToken = PK11Slot_GetNSSToken(slot);
1394	status = nssToken_Refresh(nssToken); /* null token is OK */
1395	(void)nssToken_Destroy(nssToken);
1396	if (status != PR_SUCCESS)
1397	return SECFailure;
1398
1399	/* Not all tokens have profile objects or even recognize what profile
1400	* objects are it's OK for pk11_ReadProfileList to fail */
1401	(void)pk11_ReadProfileList(slot);
1402
1403	if (!(slot->isInternal) && (slot->hasRandom)) {
1404	/* if this slot has a random number generater, use it to add entropy
1405	* to the internal slot. */
1406	PK11SlotInfo *int_slot = PK11_GetInternalSlot();
1407
1408	if (int_slot) {
1409	unsigned char random_bytes[32];
1410
1411	/* if this slot can issue random numbers, get some entropy from
1412	* that random number generater and give it to our internal token.
1413	*/
1414	PK11_EnterSlotMonitor(slot);
1415	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GenerateRandom(slot->session, random_bytes, sizeof(random_bytes));
1416	PK11_ExitSlotMonitor(slot);
1417	if (crv == CKR_OK0x00000000UL) {
1418	PK11_EnterSlotMonitor(int_slot);
1419	PK11_GETTAB(int_slot)((CK_FUNCTION_LIST_3_0_PTR)((int_slot)->functionList))
1420	->C_SeedRandom(int_slot->session,
1421	random_bytes, sizeof(random_bytes));
1422	PK11_ExitSlotMonitor(int_slot);
1423	}
1424
1425	/* Now return the favor and send entropy to the token's random
1426	* number generater */
1427	PK11_EnterSlotMonitor(int_slot);
1428	crv = PK11_GETTAB(int_slot)((CK_FUNCTION_LIST_3_0_PTR)((int_slot)->functionList))->C_GenerateRandom(int_slot->session,
1429	random_bytes, sizeof(random_bytes));
1430	PK11_ExitSlotMonitor(int_slot);
1431	if (crv == CKR_OK0x00000000UL) {
1432	PK11_EnterSlotMonitor(slot);
1433	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_SeedRandom(slot->session,
	Value stored to 'crv' is never read
1434	random_bytes, sizeof(random_bytes));
1435	PK11_ExitSlotMonitor(slot);
1436	}
1437	PK11_FreeSlot(int_slot);
1438	}
1439	}
1440	/* work around a problem in softoken where it incorrectly
1441	* reports databases opened read only as read/write. */
1442	if (slot->isInternal && !slot->readOnly) {
1443	CK_SESSION_HANDLE session = CK_INVALID_HANDLE0;
1444
1445	/* try to open a R/W session */
1446	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_OpenSession(slot->slotID,
1447	CKF_RW_SESSION0x00000002UL \| CKF_SERIAL_SESSION0x00000004UL, slot, pk11_notify, &session);
1448	/* what a well behaved token should return if you open
1449	* a RW session on a read only token */
1450	if (crv == CKR_TOKEN_WRITE_PROTECTED0x000000E2UL) {
1451	slot->readOnly = PR_TRUE1;
1452	} else if (crv == CKR_OK0x00000000UL) {
1453	CK_SESSION_INFO sessionInfo;
1454
1455	/* Because of a second bug in softoken, which silently returns
1456	* a RO session, we need to check what type of session we got. */
1457	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetSessionInfo(session, &sessionInfo);
1458	if (crv == CKR_OK0x00000000UL) {
1459	if ((sessionInfo.flags & CKF_RW_SESSION0x00000002UL) == 0) {
1460	/* session was readonly, so this softoken slot must be readonly */
1461	slot->readOnly = PR_TRUE1;
1462	}
1463	}
1464	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
1465	->C_CloseSession(session);
1466	}
1467	}
1468
1469	return SECSuccess;
1470	}
1471
1472	/*
1473	* initialize a new token
1474	* unlike initialize slot, this can be called multiple times in the lifetime
1475	* of NSS. It reads the information associated with a card or token,
1476	* that is not going to change unless the card or token changes.
1477	*/
1478	SECStatus
1479	PK11_TokenRefresh(PK11SlotInfo *slot)
1480	{
1481	CK_RV crv;
1482
1483	/* set the slot flags to the current token values */
1484	if (!slot->isThreadSafe)
1485	PK11_EnterSlotMonitor(slot);
1486	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetTokenInfo(slot->slotID, &slot->tokenInfo);
1487	if (!slot->isThreadSafe)
1488	PK11_ExitSlotMonitor(slot);
1489	if (crv != CKR_OK0x00000000UL) {
1490	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1491	return SECFailure;
1492	}
1493
1494	slot->flags = slot->tokenInfo.flags;
1495	slot->needLogin = ((slot->tokenInfo.flags & CKF_LOGIN_REQUIRED0x00000004UL) ? PR_TRUE1 : PR_FALSE0);
1496	slot->readOnly = ((slot->tokenInfo.flags & CKF_WRITE_PROTECTED0x00000002UL) ? PR_TRUE1 : PR_FALSE0);
1497	slot->hasRandom = ((slot->tokenInfo.flags & CKF_RNG0x00000001UL) ? PR_TRUE1 : PR_FALSE0);
1498	slot->protectedAuthPath =
1499	((slot->tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH0x00000100UL)
1500	? PR_TRUE1
1501	: PR_FALSE0);
1502	/* on some platforms Active Card incorrectly sets the
1503	* CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */
1504	if (slot->isActiveCard) {
1505	slot->protectedAuthPath = PR_FALSE0;
1506	}
1507	return SECSuccess;
1508	}
1509
1510	static PRBool
1511	pk11_isRootSlot(PK11SlotInfo *slot)
1512	{
1513	CK_ATTRIBUTE findTemp[1];
1514	CK_ATTRIBUTE *attrs;
1515	CK_OBJECT_CLASS oclass = CKO_NSS_BUILTIN_ROOT_LIST((0x80000000UL \| 0x4E534350) + 4);
1516	size_t tsize;
1517	CK_OBJECT_HANDLE handle;
1518
1519	attrs = findTemp;
1520	PK11_SETATTRS(attrs, CKA_CLASS, &oclass, sizeof(oclass))(attrs)->type = (0x00000000UL); (attrs)->pValue = (& oclass); (attrs)->ulValueLen = (sizeof(oclass));;
1521	attrs++;
1522	tsize = attrs - findTemp;
1523	PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))((tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE))?((void )0):PR_Assert("tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE)" ,"/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c",1523 ));
1524
1525	handle = pk11_FindObjectByTemplate(slot, findTemp, tsize);
1526	if (handle == CK_INVALID_HANDLE0) {
1527	return PR_FALSE0;
1528	}
1529	return PR_TRUE1;
1530	}
1531
1532	/*
1533	* Initialize the slot :
1534	* This initialization code is called on each slot a module supports when
1535	* it is loaded. It does the bringup initialization. The difference between
1536	* this and InitToken is Init slot does those one time initialization stuff,
1537	* usually associated with the reader, while InitToken may get called multiple
1538	* times as tokens are removed and re-inserted.
1539	*/
1540	void
1541	PK11_InitSlot(SECMODModule mod, CK_SLOT_ID slotID, PK11SlotInfo slot)
1542	{
1543	SECStatus rv;
1544	CK_SLOT_INFO slotInfo;
1545
1546	slot->functionList = mod->functionList;
1547	slot->isInternal = mod->internal;
1548	slot->slotID = slotID;
1549	slot->isThreadSafe = mod->isThreadSafe;
1550	slot->hasRSAInfo = PR_FALSE0;
1551	slot->module = mod; /* NOTE: we don't make a reference here because
1552	* modules have references to their slots. This
1553	* works because modules keep implicit references
1554	* from their slots, and won't unload and disappear
1555	* until all their slots have been freed */
1556
1557	if (PK11_GetSlotInfo(slot, &slotInfo) != SECSuccess) {
1558	slot->disabled = PR_TRUE1;
1559	slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
1560	return;
1561	}
1562
1563	/* test to make sure claimed mechanism work */
1564	slot->needTest = mod->internal ? PR_FALSE0 : PR_TRUE1;
1565	(void)PK11_MakeString(NULL((void*)0), slot->slot_name,
1566	(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
1567	slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT0x00000004UL) == CKF_HW_SLOT0x00000004UL);
1568	#define ACTIVE_CARD"ActivCard SA" "ActivCard SA"
1569	slot->isActiveCard = (PRBool)(PORT_Strncmpstrncmp((char *)slotInfo.manufacturerID,
1570	ACTIVE_CARD"ActivCard SA", sizeof(ACTIVE_CARD"ActivCard SA") - 1) == 0);
1571	if ((slotInfo.flags & CKF_REMOVABLE_DEVICE0x00000002UL) == 0) {
1572	slot->isPerm = PR_TRUE1;
1573	/* permanment slots must have the token present always */
1574	if ((slotInfo.flags & CKF_TOKEN_PRESENT0x00000001UL) == 0) {
1575	slot->disabled = PR_TRUE1;
1576	slot->reason = PK11_DIS_TOKEN_NOT_PRESENT;
1577	return; /* nothing else to do */
1578	}
1579	}
1580	/* if the token is present, initialize it */
1581	if ((slotInfo.flags & CKF_TOKEN_PRESENT0x00000001UL) != 0) {
1582	rv = PK11_InitToken(slot, PR_TRUE1);
1583	/* the only hard failures are on permanent devices, or function
1584	* verify failures... function verify failures are already handled
1585	* by tokenInit */
1586	if ((rv != SECSuccess) && (slot->isPerm) && (!slot->disabled)) {
1587	slot->disabled = PR_TRUE1;
1588	slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
1589	}
1590	if (rv == SECSuccess && pk11_isRootSlot(slot)) {
1591	if (!slot->hasRootCerts) {
1592	slot->module->trustOrder = 100;
1593	}
1594	slot->hasRootCerts = PR_TRUE1;
1595	}
1596	}
1597	if ((slotInfo.flags & CKF_USER_PIN_INITIALIZED0x00000008UL) != 0) {
1598	slot->flags \|= CKF_USER_PIN_INITIALIZED0x00000008UL;
1599	}
1600	}
1601
1602	/*********************************************************************
1603	* Slot mapping utility functions.
1604	*********************************************************************/
1605
1606	/*
1607	* determine if the token is present. If the token is present, make sure
1608	* we have a valid session handle. Also set the value of needLogin
1609	* appropriately.
1610	*/
1611	static PRBool
1612	pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
1613	{
1614	CK_SLOT_INFO slotInfo;
1615	CK_SESSION_INFO sessionInfo;
1616	CK_RV crv;
1617
1618	/* disabled slots are never present */
1619	if (slot->disabled) {
1620	return PR_FALSE0;
1621	}
1622
1623	/* permanent slots are always present */
1624	if (slot->isPerm && (slot->session != CK_INVALID_HANDLE0)) {
1625	return PR_TRUE1;
1626	}
1627
1628	NSSToken *nssToken = PK11Slot_GetNSSToken(slot);
1629	if (nssToken) {
1630	PRBool present = nssToken_IsPresent(nssToken);
1631	(void)nssToken_Destroy(nssToken);
1632	return present;
1633	}
1634
1635	/* removable slots have a flag that says they are present */
1636	if (PK11_GetSlotInfo(slot, &slotInfo) != SECSuccess) {
1637	return PR_FALSE0;
1638	}
1639
1640	if ((slotInfo.flags & CKF_TOKEN_PRESENT0x00000001UL) == 0) {
1641	/* if the slot is no longer present, close the session */
1642	if (slot->session != CK_INVALID_HANDLE0) {
1643	if (!slot->isThreadSafe) {
1644	PK11_EnterSlotMonitor(slot);
1645	}
1646	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
1647	->C_CloseSession(slot->session);
1648	slot->session = CK_INVALID_HANDLE0;
1649	if (!slot->isThreadSafe) {
1650	PK11_ExitSlotMonitor(slot);
1651	}
1652	}
1653	return PR_FALSE0;
1654	}
1655
1656	/* use the session Info to determine if the card has been removed and then
1657	* re-inserted */
1658	if (slot->session != CK_INVALID_HANDLE0) {
1659	if (slot->isThreadSafe) {
1660	PK11_EnterSlotMonitor(slot);
1661	}
1662	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetSessionInfo(slot->session, &sessionInfo);
1663	if (crv != CKR_OK0x00000000UL) {
1664	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
1665	->C_CloseSession(slot->session);
1666	slot->session = CK_INVALID_HANDLE0;
1667	}
1668	if (slot->isThreadSafe) {
1669	PK11_ExitSlotMonitor(slot);
1670	}
1671	}
1672
1673	/* card has not been removed, current token info is correct */
1674	if (slot->session != CK_INVALID_HANDLE0)
1675	return PR_TRUE1;
1676
1677	/* initialize the token info state */
1678	if (PK11_InitToken(slot, loadCerts) != SECSuccess) {
1679	return PR_FALSE0;
1680	}
1681
1682	return PR_TRUE1;
1683	}
1684
1685	/*
1686	* old version of the routine
1687	*/
1688	PRBool
1689	PK11_IsPresent(PK11SlotInfo *slot)
1690	{
1691	return pk11_IsPresentCertLoad(slot, PR_TRUE1);
1692	}
1693
1694	/* is the slot disabled? */
1695	PRBool
1696	PK11_IsDisabled(PK11SlotInfo *slot)
1697	{
1698	return slot->disabled;
1699	}
1700
1701	/* and why? */
1702	PK11DisableReasons
1703	PK11_GetDisabledReason(PK11SlotInfo *slot)
1704	{
1705	return slot->reason;
1706	}
1707
1708	/* returns PR_TRUE if successfully disable the slot */
1709	/* returns PR_FALSE otherwise */
1710	PRBool
1711	PK11_UserDisableSlot(PK11SlotInfo *slot)
1712	{
1713
1714	/* Prevent users from disabling the internal module. */
1715	if (slot->isInternal) {
1716	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS);
1717	return PR_FALSE0;
1718	}
1719
1720	slot->defaultFlags \|= PK11_DISABLE_FLAG0x40000000L;
1721	slot->disabled = PR_TRUE1;
1722	slot->reason = PK11_DIS_USER_SELECTED;
1723
1724	return PR_TRUE1;
1725	}
1726
1727	PRBool
1728	PK11_UserEnableSlot(PK11SlotInfo *slot)
1729	{
1730
1731	slot->defaultFlags &= ~PK11_DISABLE_FLAG0x40000000L;
1732	slot->disabled = PR_FALSE0;
1733	slot->reason = PK11_DIS_NONE;
1734	return PR_TRUE1;
1735	}
1736
1737	PRBool
1738	PK11_HasRootCerts(PK11SlotInfo *slot)
1739	{
1740	return slot->hasRootCerts;
1741	}
1742
1743	/* Get the module this slot is attached to */
1744	SECMODModule *
1745	PK11_GetModule(PK11SlotInfo *slot)
1746	{
1747	return slot->module;
1748	}
1749
1750	/* return the default flags of a slot */
1751	unsigned long
1752	PK11_GetDefaultFlags(PK11SlotInfo *slot)
1753	{
1754	return slot->defaultFlags;
1755	}
1756
1757	/*
1758	* The following wrapper functions allow us to export an opaque slot
1759	* function to the rest of libsec and the world... */
1760	PRBool
1761	PK11_IsReadOnly(PK11SlotInfo *slot)
1762	{
1763	return slot->readOnly;
1764	}
1765
1766	PRBool
1767	PK11_IsHW(PK11SlotInfo *slot)
1768	{
1769	return slot->isHW;
1770	}
1771
1772	PRBool
1773	PK11_IsRemovable(PK11SlotInfo *slot)
1774	{
1775	return !slot->isPerm;
1776	}
1777
1778	PRBool
1779	PK11_IsInternal(PK11SlotInfo *slot)
1780	{
1781	return slot->isInternal;
1782	}
1783
1784	PRBool
1785	PK11_IsInternalKeySlot(PK11SlotInfo *slot)
1786	{
1787	PK11SlotInfo *int_slot;
1788	PRBool result;
1789
1790	if (!slot->isInternal) {
1791	return PR_FALSE0;
1792	}
1793
1794	int_slot = PK11_GetInternalKeySlot();
1795	result = (int_slot == slot) ? PR_TRUE1 : PR_FALSE0;
1796	PK11_FreeSlot(int_slot);
1797	return result;
1798	}
1799
1800	PRBool
1801	PK11_NeedLogin(PK11SlotInfo *slot)
1802	{
1803	return slot->needLogin;
1804	}
1805
1806	PRBool
1807	PK11_IsFriendly(PK11SlotInfo *slot)
1808	{
1809	/* internal slot always has public readable certs */
1810	return (PRBool)(slot->isInternal \|\|
1811	pk11_HasProfile(slot, CKP_PUBLIC_CERTIFICATES_TOKEN0x00000004UL) \|\|
1812	((slot->defaultFlags & SECMOD_FRIENDLY_FLAG0x10000000L) ==
1813	SECMOD_FRIENDLY_FLAG0x10000000L));
1814	}
1815
1816	char *
1817	PK11_GetTokenName(PK11SlotInfo *slot)
1818	{
1819	return slot->token_name;
1820	}
1821
1822	char *
1823	PK11_GetTokenURI(PK11SlotInfo *slot)
1824	{
1825	PK11URI *uri;
1826	char ret = NULL((void)0);
1827	char label[32 + 1], manufacturer[32 + 1], serial[16 + 1], model[16 + 1];
1828	PK11URIAttribute attrs[4];
1829	size_t nattrs = 0;
1830
1831	PK11_MakeString(NULL((void)0), label, (char )slot->tokenInfo.label,
1832	sizeof(slot->tokenInfo.label));
1833	if (*label != '\0') {
1834	attrs[nattrs].name = PK11URI_PATTR_TOKEN"token";
1835	attrs[nattrs].value = label;
1836	nattrs++;
1837	}
1838
1839	PK11_MakeString(NULL((void)0), manufacturer, (char )slot->tokenInfo.manufacturerID,
1840	sizeof(slot->tokenInfo.manufacturerID));
1841	if (*manufacturer != '\0') {
1842	attrs[nattrs].name = PK11URI_PATTR_MANUFACTURER"manufacturer";
1843	attrs[nattrs].value = manufacturer;
1844	nattrs++;
1845	}
1846
1847	PK11_MakeString(NULL((void)0), serial, (char )slot->tokenInfo.serialNumber,
1848	sizeof(slot->tokenInfo.serialNumber));
1849	if (*serial != '\0') {
1850	attrs[nattrs].name = PK11URI_PATTR_SERIAL"serial";
1851	attrs[nattrs].value = serial;
1852	nattrs++;
1853	}
1854
1855	PK11_MakeString(NULL((void)0), model, (char )slot->tokenInfo.model,
1856	sizeof(slot->tokenInfo.model));
1857	if (*model != '\0') {
1858	attrs[nattrs].name = PK11URI_PATTR_MODEL"model";
1859	attrs[nattrs].value = model;
1860	nattrs++;
1861	}
1862
1863	uri = PK11URI_CreateURI(attrs, nattrs, NULL((void*)0), 0);
1864	if (uri == NULL((void*)0)) {
1865	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE);
1866	return NULL((void*)0);
1867	}
1868
1869	ret = PK11URI_FormatURI(NULL((void*)0), uri);
1870	PK11URI_DestroyURI(uri);
1871
1872	if (ret == NULL((void*)0)) {
1873	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_LIBRARY_FAILURE);
1874	}
1875
1876	return ret;
1877	}
1878
1879	char *
1880	PK11_GetSlotName(PK11SlotInfo *slot)
1881	{
1882	return slot->slot_name;
1883	}
1884
1885	int
1886	PK11_GetSlotSeries(PK11SlotInfo *slot)
1887	{
1888	return slot->series;
1889	}
1890
1891	int
1892	PK11_GetCurrentWrapIndex(PK11SlotInfo *slot)
1893	{
1894	return slot->wrapKey;
1895	}
1896
1897	CK_SLOT_ID
1898	PK11_GetSlotID(PK11SlotInfo *slot)
1899	{
1900	return slot->slotID;
1901	}
1902
1903	SECMODModuleID
1904	PK11_GetModuleID(PK11SlotInfo *slot)
1905	{
1906	return slot->module->moduleID;
1907	}
1908
1909	static void
1910	pk11_zeroTerminatedToBlankPadded(CK_CHAR *buffer, size_t buffer_size)
1911	{
1912	CK_CHAR *walk = buffer;
1913	CK_CHAR *end = buffer + buffer_size;
1914
1915	/* find the NULL */
1916	while (walk < end && *walk != '\0') {
1917	walk++;
1918	}
1919
1920	/* clear out the buffer */
1921	while (walk < end) {
1922	*walk++ = ' ';
1923	}
1924	}
1925
1926	/* return the slot info structure */
1927	SECStatus
1928	PK11_GetSlotInfo(PK11SlotInfo slot, CK_SLOT_INFO info)
1929	{
1930	CK_RV crv;
1931
1932	if (!slot->isThreadSafe)
1933	PK11_EnterSlotMonitor(slot);
1934	/*
1935	* some buggy drivers do not fill the buffer completely,
1936	* erase the buffer first
1937	*/
1938	PORT_Memsetmemset(info->slotDescription, ' ', sizeof(info->slotDescription));
1939	PORT_Memsetmemset(info->manufacturerID, ' ', sizeof(info->manufacturerID));
1940	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetSlotInfo(slot->slotID, info);
1941	pk11_zeroTerminatedToBlankPadded(info->slotDescription,
1942	sizeof(info->slotDescription));
1943	pk11_zeroTerminatedToBlankPadded(info->manufacturerID,
1944	sizeof(info->manufacturerID));
1945	if (!slot->isThreadSafe)
1946	PK11_ExitSlotMonitor(slot);
1947	if (crv != CKR_OK0x00000000UL) {
1948	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1949	return SECFailure;
1950	}
1951	return SECSuccess;
1952	}
1953
1954	/* return the token info structure */
1955	SECStatus
1956	PK11_GetTokenInfo(PK11SlotInfo slot, CK_TOKEN_INFO info)
1957	{
1958	CK_RV crv;
1959	if (!slot->isThreadSafe)
1960	PK11_EnterSlotMonitor(slot);
1961	/*
1962	* some buggy drivers do not fill the buffer completely,
1963	* erase the buffer first
1964	*/
1965	PORT_Memsetmemset(info->label, ' ', sizeof(info->label));
1966	PORT_Memsetmemset(info->manufacturerID, ' ', sizeof(info->manufacturerID));
1967	PORT_Memsetmemset(info->model, ' ', sizeof(info->model));
1968	PORT_Memsetmemset(info->serialNumber, ' ', sizeof(info->serialNumber));
1969	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetTokenInfo(slot->slotID, info);
1970	pk11_zeroTerminatedToBlankPadded(info->label, sizeof(info->label));
1971	pk11_zeroTerminatedToBlankPadded(info->manufacturerID,
1972	sizeof(info->manufacturerID));
1973	pk11_zeroTerminatedToBlankPadded(info->model, sizeof(info->model));
1974	pk11_zeroTerminatedToBlankPadded(info->serialNumber,
1975	sizeof(info->serialNumber));
1976	if (!slot->isThreadSafe)
1977	PK11_ExitSlotMonitor(slot);
1978	if (crv != CKR_OK0x00000000UL) {
1979	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
1980	return SECFailure;
1981	}
1982	return SECSuccess;
1983	}
1984
1985	PRBool
1986	pk11_MatchUriTokenInfo(PK11SlotInfo slot, PK11URI uri)
1987	{
1988	const char *value;
1989
1990	value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_TOKEN"token");
1991	if (value) {
1992	if (!pk11_MatchString(value, (char *)slot->tokenInfo.label,
1993	sizeof(slot->tokenInfo.label))) {
1994	return PR_FALSE0;
1995	}
1996	}
1997
1998	value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_MANUFACTURER"manufacturer");
1999	if (value) {
2000	if (!pk11_MatchString(value, (char *)slot->tokenInfo.manufacturerID,
2001	sizeof(slot->tokenInfo.manufacturerID))) {
2002	return PR_FALSE0;
2003	}
2004	}
2005
2006	value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_SERIAL"serial");
2007	if (value) {
2008	if (!pk11_MatchString(value, (char *)slot->tokenInfo.serialNumber,
2009	sizeof(slot->tokenInfo.serialNumber))) {
2010	return PR_FALSE0;
2011	}
2012	}
2013
2014	value = PK11URI_GetPathAttribute(uri, PK11URI_PATTR_MODEL"model");
2015	if (value) {
2016	if (!pk11_MatchString(value, (char *)slot->tokenInfo.model,
2017	sizeof(slot->tokenInfo.model))) {
2018	return PR_FALSE0;
2019	}
2020	}
2021
2022	return PR_TRUE1;
2023	}
2024
2025	/* Find out if we need to initialize the user's pin */
2026	PRBool
2027	PK11_NeedUserInit(PK11SlotInfo *slot)
2028	{
2029	PRBool needUserInit = (PRBool)((slot->flags & CKF_USER_PIN_INITIALIZED0x00000008UL) == 0);
2030
2031	if (needUserInit) {
2032	CK_TOKEN_INFO info;
2033	SECStatus rv;
2034
2035	/* see if token has been initialized off line */
2036	rv = PK11_GetTokenInfo(slot, &info);
2037	if (rv == SECSuccess) {
2038	slot->flags = info.flags;
2039	}
2040	}
2041	return (PRBool)((slot->flags & CKF_USER_PIN_INITIALIZED0x00000008UL) == 0);
2042	}
2043
2044	static PK11SlotInfo pk11InternalKeySlot = NULL((void)0);
2045
2046	/*
2047	* Set a new default internal keyslot. If one has already been set, clear it.
2048	* Passing NULL falls back to the NSS normally selected default internal key
2049	* slot.
2050	*/
2051	void
2052	pk11_SetInternalKeySlot(PK11SlotInfo *slot)
2053	{
2054	if (pk11InternalKeySlot) {
2055	PK11_FreeSlot(pk11InternalKeySlot);
2056	}
2057	pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL((void*)0);
2058	}
2059
2060	/*
2061	* Set a new default internal keyslot if the normal key slot has not already
2062	* been overridden. Subsequent calls to this function will be ignored unless
2063	* pk11_SetInternalKeySlot is used to clear the current default.
2064	*/
2065	void
2066	pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
2067	{
2068	if (pk11InternalKeySlot) {
2069	return;
2070	}
2071	pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL((void*)0);
2072	}
2073
2074	/*
2075	* Swap out a default internal keyslot. Caller owns the Slot Reference
2076	*/
2077	PK11SlotInfo *
2078	pk11_SwapInternalKeySlot(PK11SlotInfo *slot)
2079	{
2080	PK11SlotInfo *swap = pk11InternalKeySlot;
2081
2082	pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL((void*)0);
2083	return swap;
2084	}
2085
2086	/* get the internal key slot. FIPS has only one slot for both key slots and
2087	* default slots */
2088	PK11SlotInfo *
2089	PK11_GetInternalKeySlot(void)
2090	{
2091	SECMODModule *mod;
2092
2093	if (pk11InternalKeySlot) {
2094	return PK11_ReferenceSlot(pk11InternalKeySlot);
2095	}
2096
2097	mod = SECMOD_GetInternalModule();
2098	PORT_Assert(mod != NULL)((mod != ((void*)0))?((void)0):PR_Assert("mod != NULL","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,2098));
2099	if (!mod) {
2100	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
2101	return NULL((void*)0);
2102	}
2103	return PK11_ReferenceSlot(mod->isFIPS ? mod->slots[0] : mod->slots[1]);
2104	}
2105
2106	/* get the internal default slot */
2107	PK11SlotInfo *
2108	PK11_GetInternalSlot(void)
2109	{
2110	SECMODModule *mod = SECMOD_GetInternalModule();
2111	PORT_Assert(mod != NULL)((mod != ((void*)0))?((void)0):PR_Assert("mod != NULL","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,2111));
2112	if (!mod) {
2113	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_MODULE);
2114	return NULL((void*)0);
2115	}
2116	if (mod->isFIPS) {
2117	return PK11_GetInternalKeySlot();
2118	}
2119	return PK11_ReferenceSlot(mod->slots[0]);
2120	}
2121
2122	/*
2123	* check if a given slot supports the requested mechanism
2124	*/
2125	PRBool
2126	PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
2127	{
2128	int i;
2129
2130	/* CKM_FAKE_RANDOM is not a real PKCS mechanism. It's a marker to
2131	* tell us we're looking form someone that has implemented get
2132	* random bits */
2133	if (type == CKM_FAKE_RANDOM0x80000efeUL) {
2134	return slot->hasRandom;
2135	}
2136
2137	/* for most mechanism, bypass the linear lookup */
2138	if (type < 0x7ff) {
2139	return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8))) ? PR_TRUE1 : PR_FALSE0;
2140	}
2141
2142	for (i = 0; i < (int)slot->mechanismCount; i++) {
2143	if (slot->mechanismList[i] == type)
2144	return PR_TRUE1;
2145	}
2146	return PR_FALSE0;
2147	}
2148
2149	PRBool pk11_filterSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism,
2150	CK_FLAGS mechanismInfoFlags, unsigned int keySize);
2151	/*
2152	* Check that the given mechanism has the appropriate flags. This function
2153	* presumes that slot can already do the given mechanism.
2154	*/
2155	PRBool
2156	PK11_DoesMechanismFlag(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
2157	CK_FLAGS flags)
2158	{
2159	return !pk11_filterSlot(slot, type, flags, 0);
2160	}
2161
2162	/*
2163	* Return true if a token that can do the desired mechanism exists.
2164	* This allows us to have hardware tokens that can do function XYZ magically
2165	* allow SSL Ciphers to appear if they are plugged in.
2166	*/
2167	PRBool
2168	PK11_TokenExists(CK_MECHANISM_TYPE type)
2169	{
2170	SECMODModuleList *mlp;
2171	SECMODModuleList *modules;
2172	SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
2173	PK11SlotInfo *slot;
2174	PRBool found = PR_FALSE0;
2175	int i;
2176
2177	if (!moduleLock) {
2178	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NOT_INITIALIZED);
2179	return found;
2180	}
2181	/* we only need to know if there is a token that does this mechanism.
2182	* check the internal module first because it's fast, and supports
2183	* almost everything. */
2184	slot = PK11_GetInternalSlot();
2185	if (slot) {
2186	found = PK11_DoesMechanism(slot, type);
2187	PK11_FreeSlot(slot);
2188	}
2189	if (found)
2190	return PR_TRUE1; /* bypass getting module locks */
2191
2192	SECMOD_GetReadLock(moduleLock);
2193	modules = SECMOD_GetDefaultModuleList();
2194	for (mlp = modules; mlp != NULL((void*)0) && (!found); mlp = mlp->next) {
2195	for (i = 0; i < mlp->module->slotCount; i++) {
2196	slot = mlp->module->slots[i];
2197	if (PK11_IsPresent(slot)) {
2198	if (PK11_DoesMechanism(slot, type)) {
2199	found = PR_TRUE1;
2200	break;
2201	}
2202	}
2203	}
2204	}
2205	SECMOD_ReleaseReadLock(moduleLock);
2206	return found;
2207	}
2208
2209	/*
2210	* get all the currently available tokens in a list.
2211	* that can perform the given mechanism. If mechanism is CKM_INVALID_MECHANISM,
2212	* get all the tokens. Make sure tokens that need authentication are put at
2213	* the end of this list.
2214	*/
2215	PK11SlotList *
2216	PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
2217	void *wincx)
2218	{
2219	PK11SlotList *list;
2220	PK11SlotList *loginList;
2221	PK11SlotList *friendlyList;
2222	SECMODModuleList *mlp;
2223	SECMODModuleList *modules;
2224	SECMODListLock *moduleLock;
2225	int i;
2226
2227	moduleLock = SECMOD_GetDefaultModuleListLock();
2228	if (!moduleLock) {
2229	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NOT_INITIALIZED);
2230	return NULL((void*)0);
2231	}
2232
2233	list = PK11_NewSlotList();
2234	loginList = PK11_NewSlotList();
2235	friendlyList = PK11_NewSlotList();
2236	if ((list == NULL((void)0)) \|\| (loginList == NULL((void)0)) \|\| (friendlyList == NULL((void*)0))) {
2237	if (list)
2238	PK11_FreeSlotList(list);
2239	if (loginList)
2240	PK11_FreeSlotList(loginList);
2241	if (friendlyList)
2242	PK11_FreeSlotList(friendlyList);
2243	return NULL((void*)0);
2244	}
2245
2246	SECMOD_GetReadLock(moduleLock);
2247
2248	modules = SECMOD_GetDefaultModuleList();
2249	for (mlp = modules; mlp != NULL((void*)0); mlp = mlp->next) {
2250	for (i = 0; i < mlp->module->slotCount; i++) {
2251	PK11SlotInfo *slot = mlp->module->slots[i];
2252
2253	if (pk11_IsPresentCertLoad(slot, loadCerts)) {
2254	if (needRW && slot->readOnly)
2255	continue;
2256	if ((type == CKM_INVALID_MECHANISM0xffffffffUL) \|\| PK11_DoesMechanism(slot, type)) {
2257	if (pk11_LoginStillRequired(slot, wincx)) {
2258	if (PK11_IsFriendly(slot)) {
2259	PK11_AddSlotToList(friendlyList, slot, PR_TRUE1);
2260	} else {
2261	PK11_AddSlotToList(loginList, slot, PR_TRUE1);
2262	}
2263	} else {
2264	PK11_AddSlotToList(list, slot, PR_TRUE1);
2265	}
2266	}
2267	}
2268	}
2269	}
2270	SECMOD_ReleaseReadLock(moduleLock);
2271
2272	pk11_MoveListToList(list, friendlyList);
2273	PK11_FreeSlotList(friendlyList);
2274	pk11_MoveListToList(list, loginList);
2275	PK11_FreeSlotList(loginList);
2276
2277	return list;
2278	}
2279
2280	/*
2281	* NOTE: This routine is working from a private List generated by
2282	* PK11_GetAllTokens. That is why it does not need to lock.
2283	*/
2284	PK11SlotList *
2285	PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type, PRBool needRW, void *wincx)
2286	{
2287	PK11SlotList *list = PK11_GetAllTokens(type, needRW, PR_TRUE1, wincx);
2288	PK11SlotListElement le, next;
2289	SECStatus rv;
2290
2291	if (list == NULL((void*)0))
2292	return list;
2293
2294	for (le = list->head; le; le = next) {
2295	next = le->next; /* save the pointer here in case we have to
2296	* free the element later */
2297	rv = PK11_Authenticate(le->slot, PR_TRUE1, wincx);
2298	if (rv != SECSuccess) {
2299	PK11_DeleteSlotFromList(list, le);
2300	continue;
2301	}
2302	}
2303	return list;
2304	}
2305
2306	/*
2307	* returns true if the slot doesn't conform to the requested attributes
2308	*/
2309	PRBool
2310	pk11_filterSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism,
2311	CK_FLAGS mechanismInfoFlags, unsigned int keySize)
2312	{
2313	CK_MECHANISM_INFO mechanism_info;
2314	CK_RV crv = CKR_OK0x00000000UL;
2315
2316	/* handle the only case where we don't actually fetch the mechanisms
2317	* on the fly */
2318	if ((keySize == 0) && (mechanism == CKM_RSA_PKCS0x00000001UL) && (slot->hasRSAInfo)) {
2319	mechanism_info.flags = slot->RSAInfoFlags;
2320	} else {
2321	if (!slot->isThreadSafe)
2322	PK11_EnterSlotMonitor(slot);
2323	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismInfo(slot->slotID, mechanism,
2324	&mechanism_info);
2325	if (!slot->isThreadSafe)
2326	PK11_ExitSlotMonitor(slot);
2327	/* if we were getting the RSA flags, save them */
2328	if ((crv == CKR_OK0x00000000UL) && (mechanism == CKM_RSA_PKCS0x00000001UL) && (!slot->hasRSAInfo)) {
2329	slot->RSAInfoFlags = mechanism_info.flags;
2330	slot->hasRSAInfo = PR_TRUE1;
2331	}
2332	}
2333	/* couldn't get the mechanism info */
2334	if (crv != CKR_OK0x00000000UL) {
2335	return PR_TRUE1;
2336	}
2337	if (keySize && ((mechanism_info.ulMinKeySize > keySize) \|\| (mechanism_info.ulMaxKeySize < keySize))) {
2338	/* Token can do mechanism, but not at the key size we
2339	* want */
2340	return PR_TRUE1;
2341	}
2342	if (mechanismInfoFlags && ((mechanism_info.flags & mechanismInfoFlags) !=
2343	mechanismInfoFlags)) {
2344	return PR_TRUE1;
2345	}
2346	return PR_FALSE0;
2347	}
2348
2349	/*
2350	* Find the best slot which supports the given set of mechanisms and key sizes.
2351	* In normal cases this should grab the first slot on the list with no fuss.
2352	* The size array is presumed to match one for one with the mechanism type
2353	* array, which allows you to specify the required key size for each
2354	* mechanism in the list. Whether key size is in bits or bytes is mechanism
2355	* dependent. Typically asymetric keys are in bits and symetric keys are in
2356	* bytes.
2357	*/
2358	PK11SlotInfo *
2359	PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type,
2360	CK_FLAGS mechanismInfoFlags, unsigned int keySize,
2361	unsigned int mech_count, void *wincx)
2362	{
2363	PK11SlotList list = NULL((void)0);
2364	PK11SlotListElement *le;
2365	PK11SlotInfo slot = NULL((void)0);
2366	PRBool freeit = PR_FALSE0;
2367	PRBool listNeedLogin = PR_FALSE0;
2368	unsigned int i;
2369	SECStatus rv;
2370
2371	list = PK11_GetSlotList(type[0]);
2372
2373	if ((list == NULL((void)0)) \|\| (list->head == NULL((void)0))) {
2374	/* We need to look up all the tokens for the mechanism */
2375	list = PK11_GetAllTokens(type[0], PR_FALSE0, PR_TRUE1, wincx);
2376	freeit = PR_TRUE1;
2377	}
2378
2379	/* no one can do it! */
2380	if (list == NULL((void*)0)) {
2381	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_TOKEN);
2382	return NULL((void*)0);
2383	}
2384
2385	PORT_SetErrorPORT_SetError_Util(0);
2386
2387	listNeedLogin = PR_FALSE0;
2388	for (i = 0; i < mech_count; i++) {
2389	if ((type[i] != CKM_FAKE_RANDOM0x80000efeUL) &&
2390	(type[i] != CKM_SHA_10x00000220UL) &&
2391	(type[i] != CKM_SHA2240x00000255UL) &&
2392	(type[i] != CKM_SHA2560x00000250UL) &&
2393	(type[i] != CKM_SHA3840x00000260UL) &&
2394	(type[i] != CKM_SHA5120x00000270UL) &&
2395	(type[i] != CKM_MD50x00000210UL) &&
2396	(type[i] != CKM_MD20x00000200UL)) {
2397	listNeedLogin = PR_TRUE1;
2398	break;
2399	}
2400	}
2401
2402	for (le = PK11_GetFirstSafe(list); le;
2403	le = PK11_GetNextSafe(list, le, PR_TRUE1)) {
2404	if (PK11_IsPresent(le->slot)) {
2405	PRBool doExit = PR_FALSE0;
2406	for (i = 0; i < mech_count; i++) {
2407	if (!PK11_DoesMechanism(le->slot, type[i])) {
2408	doExit = PR_TRUE1;
2409	break;
2410	}
2411	if ((mechanismInfoFlags && mechanismInfoFlags[i]) \|\|
2412	(keySize && keySize[i])) {
2413	if (pk11_filterSlot(le->slot, type[i],
2414	mechanismInfoFlags ? mechanismInfoFlags[i] : 0,
2415	keySize ? keySize[i] : 0)) {
2416	doExit = PR_TRUE1;
2417	break;
2418	}
2419	}
2420	}
2421
2422	if (doExit)
2423	continue;
2424
2425	if (listNeedLogin && le->slot->needLogin) {
2426	rv = PK11_Authenticate(le->slot, PR_TRUE1, wincx);
2427	if (rv != SECSuccess)
2428	continue;
2429	}
2430	slot = le->slot;
2431	PK11_ReferenceSlot(slot);
2432	PK11_FreeSlotListElement(list, le);
2433	if (freeit) {
2434	PK11_FreeSlotList(list);
2435	}
2436	return slot;
2437	}
2438	}
2439	if (freeit) {
2440	PK11_FreeSlotList(list);
2441	}
2442	if (PORT_GetErrorPORT_GetError_Util() == 0) {
2443	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_NO_TOKEN);
2444	}
2445	return NULL((void*)0);
2446	}
2447
2448	PK11SlotInfo *
2449	PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type,
2450	unsigned int mech_count, void *wincx)
2451	{
2452	return PK11_GetBestSlotMultipleWithAttributes(type, NULL((void)0), NULL((void)0),
2453	mech_count, wincx);
2454	}
2455
2456	/* original get best slot now calls the multiple version with only one type */
2457	PK11SlotInfo *
2458	PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx)
2459	{
2460	return PK11_GetBestSlotMultipleWithAttributes(&type, NULL((void)0), NULL((void)0), 1, wincx);
2461	}
2462
2463	PK11SlotInfo *
2464	PK11_GetBestSlotWithAttributes(CK_MECHANISM_TYPE type, CK_FLAGS mechanismFlags,
2465	unsigned int keySize, void *wincx)
2466	{
2467	return PK11_GetBestSlotMultipleWithAttributes(&type, &mechanismFlags,
2468	&keySize, 1, wincx);
2469	}
2470
2471	int
2472	PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism)
2473	{
2474	CK_MECHANISM_INFO mechanism_info;
2475	CK_RV crv;
2476
2477	if (!slot->isThreadSafe)
2478	PK11_EnterSlotMonitor(slot);
2479	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismInfo(slot->slotID,
2480	mechanism, &mechanism_info);
2481	if (!slot->isThreadSafe)
2482	PK11_ExitSlotMonitor(slot);
2483	if (crv != CKR_OK0x00000000UL)
2484	return 0;
2485
2486	if (mechanism_info.ulMinKeySize == mechanism_info.ulMaxKeySize)
2487	return 0;
2488	return mechanism_info.ulMaxKeySize;
2489	}
2490
2491	/*
2492	* This function uses the existing PKCS #11 module to find the
2493	* longest supported key length in the preferred token for a mechanism.
2494	* This varies from the above function in that 1) it returns the key length
2495	* even for fixed key algorithms, and 2) it looks through the tokens
2496	* generally rather than for a specific token. This is used in liu of
2497	* a PK11_GetKeyLength function in pk11mech.c since we can actually read
2498	* supported key lengths from PKCS #11.
2499	*
2500	* For symmetric key operations the length is returned in bytes.
2501	*/
2502	int
2503	PK11_GetMaxKeyLength(CK_MECHANISM_TYPE mechanism)
2504	{
2505	CK_MECHANISM_INFO mechanism_info;
2506	PK11SlotList list = NULL((void)0);
2507	PK11SlotListElement *le;
2508	PRBool freeit = PR_FALSE0;
2509	int keyLength = 0;
2510
2511	list = PK11_GetSlotList(mechanism);
2512
2513	if ((list == NULL((void)0)) \|\| (list->head == NULL((void)0))) {
2514	/* We need to look up all the tokens for the mechanism */
2515	list = PK11_GetAllTokens(mechanism, PR_FALSE0, PR_FALSE0, NULL((void*)0));
2516	freeit = PR_TRUE1;
2517	}
2518
2519	/* no tokens recognize this mechanism */
2520	if (list == NULL((void*)0)) {
2521	PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ALGORITHM);
2522	return 0;
2523	}
2524
2525	for (le = PK11_GetFirstSafe(list); le;
2526	le = PK11_GetNextSafe(list, le, PR_TRUE1)) {
2527	PK11SlotInfo *slot = le->slot;
2528	CK_RV crv;
2529	if (PK11_IsPresent(slot)) {
2530	if (!slot->isThreadSafe)
2531	PK11_EnterSlotMonitor(slot);
2532	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GetMechanismInfo(slot->slotID,
2533	mechanism, &mechanism_info);
2534	if (!slot->isThreadSafe)
2535	PK11_ExitSlotMonitor(slot);
2536	if ((crv == CKR_OK0x00000000UL) && (mechanism_info.ulMaxKeySize != 0) && (mechanism_info.ulMaxKeySize != 0xffffffff)) {
2537	keyLength = mechanism_info.ulMaxKeySize;
2538	break;
2539	}
2540	}
2541	}
2542
2543	/* fallback to pk11_GetPredefinedKeyLength for fixed key size algorithms */
2544	if (keyLength == 0) {
2545	CK_KEY_TYPE keyType;
2546	keyType = PK11_GetKeyType(mechanism, 0);
2547	keyLength = pk11_GetPredefinedKeyLength(keyType);
2548	}
2549
2550	if (le)
2551	PK11_FreeSlotListElement(list, le);
2552	if (freeit)
2553	PK11_FreeSlotList(list);
2554	return keyLength;
2555	}
2556
2557	SECStatus
2558	PK11_SeedRandom(PK11SlotInfo slot, unsigned char data, int len)
2559	{
2560	CK_RV crv;
2561
2562	PK11_EnterSlotMonitor(slot);
2563	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_SeedRandom(slot->session, data, (CK_ULONG)len);
2564	PK11_ExitSlotMonitor(slot);
2565	if (crv != CKR_OK0x00000000UL) {
2566	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2567	return SECFailure;
2568	}
2569	return SECSuccess;
2570	}
2571
2572	SECStatus
2573	PK11_GenerateRandomOnSlot(PK11SlotInfo slot, unsigned char data, int len)
2574	{
2575	CK_RV crv;
2576
2577	if (!slot->isInternal)
2578	PK11_EnterSlotMonitor(slot);
2579	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_GenerateRandom(slot->session, data,
2580	(CK_ULONG)len);
2581	if (!slot->isInternal)
2582	PK11_ExitSlotMonitor(slot);
2583	if (crv != CKR_OK0x00000000UL) {
2584	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2585	return SECFailure;
2586	}
2587	return SECSuccess;
2588	}
2589
2590	/* Attempts to update the Best Slot for "FAKE RANDOM" generation.
2591	** If that's not the internal slot, then it also attempts to update the
2592	** internal slot.
2593	** The return value indicates if the INTERNAL slot was updated OK.
2594	*/
2595	SECStatus
2596	PK11_RandomUpdate(void *data, size_t bytes)
2597	{
2598	PK11SlotInfo *slot;
2599	PRBool bestIsInternal;
2600	SECStatus status;
2601
2602	slot = PK11_GetBestSlot(CKM_FAKE_RANDOM0x80000efeUL, NULL((void*)0));
2603	if (slot == NULL((void*)0)) {
2604	slot = PK11_GetInternalSlot();
2605	if (!slot)
2606	return SECFailure;
2607	}
2608
2609	bestIsInternal = PK11_IsInternal(slot);
2610	status = PK11_SeedRandom(slot, data, bytes);
2611	PK11_FreeSlot(slot);
2612
2613	if (!bestIsInternal) {
2614	/* do internal slot, too. */
2615	slot = PK11_GetInternalSlot();
2616	PORT_Assert(slot)((slot)?((void)0):PR_Assert("slot","/root/firefox-clang/security/nss/lib/pk11wrap/pk11slot.c" ,2616));
2617	if (!slot) {
2618	return SECFailure;
2619	}
2620	status = PK11_SeedRandom(slot, data, bytes);
2621	PK11_FreeSlot(slot);
2622	}
2623	return status;
2624	}
2625
2626	SECStatus
2627	PK11_GenerateRandom(unsigned char *data, int len)
2628	{
2629	PK11SlotInfo *slot;
2630	SECStatus rv;
2631
2632	slot = PK11_GetBestSlot(CKM_FAKE_RANDOM0x80000efeUL, NULL((void*)0));
2633	if (slot == NULL((void*)0))
2634	return SECFailure;
2635
2636	rv = PK11_GenerateRandomOnSlot(slot, data, len);
2637	PK11_FreeSlot(slot);
2638	return rv;
2639	}
2640
2641	/*
2642	* Reset the token to it's initial state. For the internal module, this will
2643	* Purge your keydb, and reset your cert db certs to USER_INIT.
2644	*/
2645	SECStatus
2646	PK11_ResetToken(PK11SlotInfo slot, char sso_pwd)
2647	{
2648	unsigned char tokenName[32];
2649	size_t tokenNameLen;
2650	CK_RV crv;
2651
2652	/* reconstruct the token name */
2653	tokenNameLen = PORT_Strlen(slot->token_name)strlen(slot->token_name);
2654	if (tokenNameLen > sizeof(tokenName)) {
2655	tokenNameLen = sizeof(tokenName);
2656	}
2657
2658	PORT_Memcpymemcpy(tokenName, slot->token_name, tokenNameLen);
2659	if (tokenNameLen < sizeof(tokenName)) {
2660	PORT_Memsetmemset(&tokenName[tokenNameLen], ' ',
2661	sizeof(tokenName) - tokenNameLen);
2662	}
2663
2664	/* initialize the token */
2665	PK11_EnterSlotMonitor(slot);
2666
2667	/* first shutdown the token. Existing sessions will get closed here */
2668	PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))
2669	->C_CloseAllSessions(slot->slotID);
2670	slot->session = CK_INVALID_HANDLE0;
2671
2672	/* now re-init the token */
2673	crv = PK11_GETTAB(slot)((CK_FUNCTION_LIST_3_0_PTR)((slot)->functionList))->C_InitToken(slot->slotID,
2674	(unsigned char *)sso_pwd, sso_pwd ? PORT_Strlen(sso_pwd)strlen(sso_pwd) : 0, tokenName);
2675
2676	/* finally bring the token back up */
2677	PK11_InitToken(slot, PR_TRUE1);
2678	PK11_ExitSlotMonitor(slot);
2679	if (crv != CKR_OK0x00000000UL) {
2680	PORT_SetErrorPORT_SetError_Util(PK11_MapError(crv));
2681	return SECFailure;
2682	}
2683	NSSToken *token = PK11Slot_GetNSSToken(slot);
2684	if (token) {
2685	nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain, token);
2686	(void)nssToken_Destroy(token);
2687	}
2688	return SECSuccess;
2689	}
2690
2691	void
2692	PK11Slot_SetNSSToken(PK11SlotInfo sl, NSSToken nsst)
2693	{
2694	NSSToken *old;
2695	if (nsst) {
2696	nsst = nssToken_AddRef(nsst);
2697	}
2698
2699	PZ_Lock(sl->nssTokenLock)PR_Lock((sl->nssTokenLock));
2700	old = sl->nssToken;
2701	sl->nssToken = nsst;
2702	PZ_Unlock(sl->nssTokenLock)PR_Unlock((sl->nssTokenLock));
2703
2704	if (old) {
2705	(void)nssToken_Destroy(old);
2706	}
2707	}
2708
2709	NSSToken *
2710	PK11Slot_GetNSSToken(PK11SlotInfo *sl)
2711	{
2712	NSSToken rv = NULL((void)0);
2713
2714	PZ_Lock(sl->nssTokenLock)PR_Lock((sl->nssTokenLock));
2715	if (sl->nssToken) {
2716	rv = nssToken_AddRef(sl->nssToken);
2717	}
2718	PZ_Unlock(sl->nssTokenLock)PR_Unlock((sl->nssTokenLock));
2719
2720	return rv;
2721	}
2722
2723	PRBool
2724	pk11slot_GetFIPSStatus(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
2725	CK_OBJECT_HANDLE object, CK_ULONG operationType)
2726	{
2727	SECMODModule *mod = slot->module;
2728	CK_RV crv;
2729	CK_ULONG fipsState = CKS_NSS_FIPS_NOT_OK0UL;
2730
2731	/* handle the obvious conditions:
2732	* 1) the module doesn't have a fipsIndicator - fips state must be false */
2733	if (mod->fipsIndicator == NULL((void*)0)) {
2734	return PR_FALSE0;
2735	}
2736	/* 2) the session doesn't exist - fips state must be false */
2737	if (session == CK_INVALID_HANDLE0) {
2738	return PR_FALSE0;
2739	}
2740
2741	/* go fetch the state */
2742	crv = mod->fipsIndicator(session, object, operationType, &fipsState);
2743	if (crv != CKR_OK0x00000000UL) {
2744	return PR_FALSE0;
2745	}
2746	return (fipsState == CKS_NSS_FIPS_OK1UL) ? PR_TRUE1 : PR_FALSE0;
2747	}
2748
2749	PRBool
2750	PK11_SlotGetLastFIPSStatus(PK11SlotInfo *slot)
2751	{
2752	return pk11slot_GetFIPSStatus(slot, slot->session, CK_INVALID_HANDLE0,
2753	CKT_NSS_SESSION_LAST_CHECK4UL);
2754	}
2755
2756	/*
2757	* wait for a token to change it's state. The application passes in the expected
2758	* new state in event.
2759	*/
2760	PK11TokenStatus
2761	PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,
2762	PRIntervalTime timeout, PRIntervalTime latency, int series)
2763	{
2764	PRIntervalTime first_time = 0;
2765	PRBool first_time_set = PR_FALSE0;
2766	PRBool waitForRemoval;
2767
2768	if (slot->isPerm) {
2769	return PK11TokenNotRemovable;
2770	}
2771	if (latency == 0) {
2772	latency = PR_SecondsToInterval(5);
2773	}
2774	waitForRemoval = (PRBool)(event == PK11TokenRemovedOrChangedEvent);
2775
2776	if (series == 0) {
2777	series = PK11_GetSlotSeries(slot);
2778	}
2779	while (PK11_IsPresent(slot) == waitForRemoval) {
2780	PRIntervalTime interval;
2781
2782	if (waitForRemoval && series != PK11_GetSlotSeries(slot)) {
2783	return PK11TokenChanged;
2784	}
2785	if (timeout == PR_INTERVAL_NO_WAIT0UL) {
2786	return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;
2787	}
2788	if (timeout != PR_INTERVAL_NO_TIMEOUT0xffffffffUL) {
2789	interval = PR_IntervalNow();
2790	if (!first_time_set) {
2791	first_time = interval;
2792	first_time_set = PR_TRUE1;
2793	}
2794	if ((interval - first_time) > timeout) {
2795	return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;
2796	}
2797	}
2798	PR_Sleep(latency);
2799	}
2800	return waitForRemoval ? PK11TokenRemoved : PK11TokenPresent;
2801	}