Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(149)

Side by Side Diff: patches/nss-static.patch

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « patches/nss-remove-fortezza.patch ('k') | patches/nss-urandom-abort.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
2 index a86f8a0..eff77fc 100644
3 --- a/nss/lib/certhigh/certvfy.c
4 +++ b/nss/lib/certhigh/certvfy.c
5 @@ -12,9 +12,11 @@
6 #include "certdb.h"
7 #include "certi.h"
8 #include "cryptohi.h"
9 +#ifndef NSS_DISABLE_LIBPKIX
10 #include "pkix.h"
11 /*#include "pkix_sample_modules.h" */
12 #include "pkix_pl_cert.h"
13 +#endif /* NSS_DISABLE_LIBPKIX */
14
15 #include "nsspki.h"
16 #include "pkitm.h"
17 @@ -23,6 +25,47 @@
18 #include "base.h"
19 #include "keyhi.h"
20
21 +#ifdef NSS_DISABLE_LIBPKIX
22 +SECStatus
23 +cert_VerifyCertChainPkix(
24 + CERTCertificate *cert,
25 + PRBool checkSig,
26 + SECCertUsage requiredUsage,
27 + PRTime time,
28 + void *wincx,
29 + CERTVerifyLog *log,
30 + PRBool *pSigerror,
31 + PRBool *pRevoked)
32 +{
33 + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
34 + return SECFailure;
35 +}
36 +
37 +SECStatus
38 +CERT_SetUsePKIXForValidation(PRBool enable)
39 +{
40 + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
41 + return SECFailure;
42 +}
43 +
44 +PRBool
45 +CERT_GetUsePKIXForValidation()
46 +{
47 + return PR_FALSE;
48 +}
49 +
50 +SECStatus CERT_PKIXVerifyCert(
51 + CERTCertificate *cert,
52 + SECCertificateUsage usages,
53 + CERTValInParam *paramsIn,
54 + CERTValOutParam *paramsOut,
55 + void *wincx)
56 +{
57 + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
58 + return SECFailure;
59 +}
60 +#endif /* NSS_DISABLE_LIBPKIX */
61 +
62 /*
63 * Check the validity times of a certificate
64 */
65 diff --git a/nss/lib/ckfw/nssck.api b/nss/lib/ckfw/nssck.api
66 index 55b4351..8364258 100644
67 --- a/nss/lib/ckfw/nssck.api
68 +++ b/nss/lib/ckfw/nssck.api
69 @@ -1752,7 +1752,7 @@ C_WaitForSlotEvent
70 }
71 #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
72
73 -static CK_RV CK_ENTRY
74 +CK_RV CK_ENTRY
75 __ADJOIN(MODULE_NAME,C_GetFunctionList)
76 (
77 CK_FUNCTION_LIST_PTR_PTR ppFunctionList
78 @@ -1830,7 +1830,7 @@ __ADJOIN(MODULE_NAME,C_CancelFunction),
79 __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
80 };
81
82 -static CK_RV CK_ENTRY
83 +CK_RV CK_ENTRY
84 __ADJOIN(MODULE_NAME,C_GetFunctionList)
85 (
86 CK_FUNCTION_LIST_PTR_PTR ppFunctionList
87 @@ -1840,6 +1840,7 @@ __ADJOIN(MODULE_NAME,C_GetFunctionList)
88 return CKR_OK;
89 }
90
91 +#ifndef NSS_STATIC
92 /* This one is always present */
93 CK_RV CK_ENTRY
94 C_GetFunctionList
95 @@ -1849,6 +1850,7 @@ C_GetFunctionList
96 {
97 return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
98 }
99 +#endif
100
101 #undef __ADJOIN
102
103 diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c
104 index 823d8de..48b557b 100644
105 --- a/nss/lib/freebl/rsa.c
106 +++ b/nss/lib/freebl/rsa.c
107 @@ -1532,6 +1532,13 @@ void BL_Cleanup(void)
108 RSA_Cleanup();
109 }
110
111 +#ifdef NSS_STATIC
112 +void
113 +BL_Unload(void)
114 +{
115 +}
116 +#endif
117 +
118 PRBool bl_parentForkedAfterC_Initialize;
119
120 /*
121 diff --git a/nss/lib/freebl/shvfy.c b/nss/lib/freebl/shvfy.c
122 index ad64a26..33714b8 100644
123 --- a/nss/lib/freebl/shvfy.c
124 +++ b/nss/lib/freebl/shvfy.c
125 @@ -273,9 +273,21 @@ readItem(PRFileDesc *fd, SECItem *item)
126 return SECSuccess;
127 }
128
129 +/*
130 + * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
131 + * if you're using NSS as static libraries), but want to conform to the
132 + * rest of the FIPS requirements.
133 + */
134 +#ifdef NSS_STATIC
135 +#define PSEUDO_FIPS
136 +#endif
137 +
138 PRBool
139 BLAPI_SHVerify(const char *name, PRFuncPtr addr)
140 {
141 +#ifdef PSEUDO_FIPS
142 + return PR_TRUE; /* a lie, hence *pseudo* FIPS */
143 +#else
144 PRBool result = PR_FALSE; /* if anything goes wrong,
145 * the signature does not verify */
146 /* find our shared library name */
147 @@ -291,11 +303,15 @@ loser:
148 }
149
150 return result;
151 +#endif /* PSEUDO_FIPS */
152 }
153
154 PRBool
155 BLAPI_SHVerifyFile(const char *shName)
156 {
157 +#ifdef PSEUDO_FIPS
158 + return PR_TRUE; /* a lie, hence *pseudo* FIPS */
159 +#else
160 char *checkName = NULL;
161 PRFileDesc *checkFD = NULL;
162 PRFileDesc *shFD = NULL;
163 @@ -492,6 +508,7 @@ loser:
164 }
165
166 return result;
167 +#endif /* PSEUDO_FIPS */
168 }
169
170 PRBool
171 diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c b/nss/li b/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
172 index 471f920..ecf58ce 100755
173 --- a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
174 +++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
175 @@ -201,7 +201,10 @@ certCallback(void *arg, SECItem **secitemCerts, int numcert s)
176
177 typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
178 CERTImportCertificateFunc f, void *ar g);
179 -
180 +#ifdef NSS_STATIC
181 +extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen,
182 + CERTImportCertificateFunc f, void* arg) ;
183 +#endif
184
185 struct pkix_DecodeFuncStr {
186 pkix_DecodeCertsFunc func; /* function pointer to the
187 @@ -223,6 +226,11 @@ static const PRCallOnceType pkix_pristine;
188 */
189 static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
190 {
191 +#ifdef NSS_STATIC
192 + pkix_decodeFunc.smimeLib = NULL;
193 + pkix_decodeFunc.func = CERT_DecodeCertPackage;
194 + return PR_SUCCESS;
195 +#else
196 pkix_decodeFunc.smimeLib =
197 PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
198 if (pkix_decodeFunc.smimeLib == NULL) {
199 @@ -235,7 +243,7 @@ static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
200 return PR_FAILURE;
201 }
202 return PR_SUCCESS;
203 -
204 +#endif
205 }
206
207 /*
208 diff --git a/nss/lib/nss/nssinit.c b/nss/lib/nss/nssinit.c
209 index b73d447..7150cf5 100644
210 --- a/nss/lib/nss/nssinit.c
211 +++ b/nss/lib/nss/nssinit.c
212 @@ -20,9 +20,11 @@
213 #include "secerr.h"
214 #include "nssbase.h"
215 #include "nssutil.h"
216 +#ifndef NSS_DISABLE_LIBPKIX
217 #include "pkixt.h"
218 #include "pkix.h"
219 #include "pkix_tools.h"
220 +#endif /* NSS_DISABLE_LIBPKIX */
221
222 #include "pki3hack.h"
223 #include "certi.h"
224 @@ -526,8 +528,10 @@ nss_Init(const char *configdir, const char *certPrefix, con st char *keyPrefix,
225 PRBool dontFinalizeModules)
226 {
227 SECStatus rv = SECFailure;
228 +#ifndef NSS_DISABLE_LIBPKIX
229 PKIX_UInt32 actualMinorVersion = 0;
230 PKIX_Error *pkixError = NULL;
231 +#endif
232 PRBool isReallyInitted;
233 char *configStrings = NULL;
234 char *configName = NULL;
235 @@ -684,6 +688,7 @@ nss_Init(const char *configdir, const char *certPrefix, cons t char *keyPrefix,
236 pk11sdr_Init();
237 cert_CreateSubjectKeyIDHashTable();
238
239 +#ifndef NSS_DISABLE_LIBPKIX
240 pkixError = PKIX_Initialize
241 (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
242 PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
243 @@ -696,6 +701,7 @@ nss_Init(const char *configdir, const char *certPrefix, cons t char *keyPrefix,
244 CERT_SetUsePKIXForValidation(PR_TRUE);
245 }
246 }
247 +#endif /* NSS_DISABLE_LIBPKIX */
248
249
250 }
251 @@ -1080,7 +1086,9 @@ nss_Shutdown(void)
252 cert_DestroyLocks();
253 ShutdownCRLCache();
254 OCSP_ShutdownGlobal();
255 +#ifndef NSS_DISABLE_LIBPKIX
256 PKIX_Shutdown(plContext);
257 +#endif
258 SECOID_Shutdown();
259 status = STAN_Shutdown();
260 cert_DestroySubjectKeyIDHashTable();
261 diff --git a/nss/lib/pk11wrap/pk11load.c b/nss/lib/pk11wrap/pk11load.c
262 index 5c5d2ca..bfc4886 100644
263 --- a/nss/lib/pk11wrap/pk11load.c
264 +++ b/nss/lib/pk11wrap/pk11load.c
265 @@ -341,6 +341,12 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, SECMODModule *mod) {
266 }
267 }
268
269 +#ifdef NSS_STATIC
270 +extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
271 +extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
272 +extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *a rgs);
273 +extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
274 +#else
275 static const char* my_shlib_name =
276 SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
277 static const char* softoken_shlib_name =
278 @@ -349,12 +355,14 @@ static const PRCallOnceType pristineCallOnce;
279 static PRCallOnceType loadSoftokenOnce;
280 static PRLibrary* softokenLib;
281 static PRInt32 softokenLoadCount;
282 +#endif /* NSS_STATIC */
283
284 #include "prio.h"
285 #include "prprf.h"
286 #include <stdio.h>
287 #include "prsystem.h"
288
289 +#ifndef NSS_STATIC
290 /* This function must be run only once. */
291 /* determine if hybrid platform, then actually load the DSO. */
292 static PRStatus
293 @@ -371,6 +379,7 @@ softoken_LoadDSO( void )
294 }
295 return PR_FAILURE;
296 }
297 +#endif /* !NSS_STATIC */
298
299 /*
300 * load a new module into our address space and initialize it.
301 @@ -389,6 +398,16 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **o ldModule) {
302
303 /* intenal modules get loaded from their internal list */
304 if (mod->internal && (mod->dllName == NULL)) {
305 +#ifdef NSS_STATIC
306 + if (mod->isFIPS) {
307 + entry = FC_GetFunctionList;
308 + } else {
309 + entry = NSC_GetFunctionList;
310 + }
311 + if (mod->isModuleDB) {
312 + mod->moduleDBFunc = NSC_ModuleDBFunc;
313 + }
314 +#else
315 /*
316 * Loads softoken as a dynamic library,
317 * even though the rest of NSS assumes this as the "internal" module.
318 @@ -414,6 +433,7 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **ol dModule) {
319 mod->moduleDBFunc = (CK_C_GetFunctionList)
320 PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
321 }
322 +#endif
323
324 if (mod->moduleDBOnly) {
325 mod->loaded = PR_TRUE;
326 @@ -424,6 +444,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **o ldModule) {
327 if (mod->dllName == NULL) {
328 return SECFailure;
329 }
330 +#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
331 + if (strstr(mod->dllName, "nssckbi") != NULL) {
332 + mod->library = NULL;
333 + PORT_Assert(!mod->moduleDBOnly);
334 + entry = builtinsC_GetFunctionList;
335 + PORT_Assert(!mod->isModuleDB);
336 + goto library_loaded;
337 + }
338 +#endif
339
340 /* load the library. If this succeeds, then we have to remember to
341 * unload the library if anything goes wrong from here on out...
342 @@ -446,6 +475,9 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **ol dModule) {
343 mod->moduleDBFunc = (void *)
344 PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
345 }
346 +#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
347 +library_loaded:
348 +#endif
349 if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
350 if (entry == NULL) {
351 if (mod->isModuleDB) {
352 @@ -585,6 +617,7 @@ SECMOD_UnloadModule(SECMODModule *mod) {
353 * if not, we should change this to SECFailure and move it above the
354 * mod->loaded = PR_FALSE; */
355 if (mod->internal && (mod->dllName == NULL)) {
356 +#ifndef NSS_STATIC
357 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
358 if (softokenLib) {
359 disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
360 @@ -600,12 +633,18 @@ SECMOD_UnloadModule(SECMODModule *mod) {
361 }
362 loadSoftokenOnce = pristineCallOnce;
363 }
364 +#endif
365 return SECSuccess;
366 }
367
368 library = (PRLibrary *)mod->library;
369 /* paranoia */
370 if (library == NULL) {
371 +#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
372 + if (strstr(mod->dllName, "nssckbi") != NULL) {
373 + return SECSuccess;
374 + }
375 +#endif
376 return SECFailure;
377 }
378
379 diff --git a/nss/lib/softoken/lgglue.c b/nss/lib/softoken/lgglue.c
380 index 653501c..155991b 100644
381 --- a/nss/lib/softoken/lgglue.c
382 +++ b/nss/lib/softoken/lgglue.c
383 @@ -23,6 +23,7 @@ static LGDeleteSecmodFunc legacy_glue_deleteSecmod = NULL;
384 static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
385 static LGShutdownFunc legacy_glue_shutdown = NULL;
386
387 +#ifndef NSS_STATIC
388 /*
389 * The following 3 functions duplicate the work done by bl_LoadLibrary.
390 * We should make bl_LoadLibrary a global and replace the call to
391 @@ -160,6 +161,7 @@ done:
392
393 return lib;
394 }
395 +#endif /* STATIC LIBRARIES */
396
397 /*
398 * stub files for legacy db's to be able to encrypt and decrypt
399 @@ -272,6 +274,21 @@ sftkdbLoad_Legacy(PRBool isFIPS)
400 return SECSuccess;
401 }
402
403 +#ifdef NSS_STATIC
404 +#ifdef NSS_DISABLE_DBM
405 + return SECFailure;
406 +#else
407 + lib = (PRLibrary *) 0x8;
408 +
409 + legacy_glue_open = legacy_Open;
410 + legacy_glue_readSecmod = legacy_ReadSecmodDB;
411 + legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
412 + legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
413 + legacy_glue_addSecmod = legacy_AddSecmodDB;
414 + legacy_glue_shutdown = legacy_Shutdown;
415 + setCryptFunction = legacy_SetCryptFunctions;
416 +#endif
417 +#else
418 lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
419 if (lib == NULL) {
420 return SECFailure;
421 @@ -297,11 +314,14 @@ sftkdbLoad_Legacy(PRBool isFIPS)
422 PR_UnloadLibrary(lib);
423 return SECFailure;
424 }
425 +#endif /* NSS_STATIC */
426
427 /* verify the loaded library if we are in FIPS mode */
428 if (isFIPS) {
429 if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
430 +#ifndef NSS_STATIC
431 PR_UnloadLibrary(lib);
432 +#endif
433 return SECFailure;
434 }
435 legacy_glue_libCheckSucceeded = PR_TRUE;
436 @@ -418,10 +438,12 @@ sftkdbCall_Shutdown(void)
437 #endif
438 crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
439 }
440 +#ifndef NSS_STATIC
441 disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
442 if (!disableUnload) {
443 PR_UnloadLibrary(legacy_glue_lib);
444 }
445 +#endif
446 legacy_glue_lib = NULL;
447 legacy_glue_open = NULL;
448 legacy_glue_readSecmod = NULL;
449 diff --git a/nss/lib/softoken/lgglue.h b/nss/lib/softoken/lgglue.h
450 index b87f756..c8c562f 100644
451 --- a/nss/lib/softoken/lgglue.h
452 +++ b/nss/lib/softoken/lgglue.h
453 @@ -38,6 +38,25 @@ typedef SECStatus (*LGShutdownFunc)(PRBool forked);
454 typedef void (*LGSetForkStateFunc)(PRBool);
455 typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
456
457 +extern CK_RV legacy_Open(const char *dir, const char *certPrefix,
458 + const char *keyPrefix,
459 + int certVersion, int keyVersion, int flags,
460 + SDB **certDB, SDB **keyDB);
461 +extern char ** legacy_ReadSecmodDB(const char *appName,
462 + const char *filename,
463 + const char *dbname, char *params, PRBool rw);
464 +extern SECStatus legacy_ReleaseSecmodDBData(const char *appName,
465 + const char *filename,
466 + const char *dbname, char **params, PRBool rw);
467 +extern SECStatus legacy_DeleteSecmodDB(const char *appName,
468 + const char *filename,
469 + const char *dbname, char *params, PRBool rw);
470 +extern SECStatus legacy_AddSecmodDB(const char *appName,
471 + const char *filename,
472 + const char *dbname, char *params, PRBool rw);
473 +extern SECStatus legacy_Shutdown(PRBool forked);
474 +extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc);
475 +
476 /*
477 * Softoken Glue Functions
478 */
479 diff --git a/nss/lib/util/secport.h b/nss/lib/util/secport.h
480 index 7d2f5e0..95c73c8 100644
481 --- a/nss/lib/util/secport.h
482 +++ b/nss/lib/util/secport.h
483 @@ -223,6 +223,7 @@ extern int NSS_PutEnv(const char * envVarName, const char * envValue);
484
485 extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
486
487 +#ifndef NSS_STATIC
488 /*
489 * Load a shared library called "newShLibName" in the same directory as
490 * a shared library that is already loaded, called existingShLibName.
491 @@ -257,6 +258,7 @@ PRLibrary *
492 PORT_LoadLibraryFromOrigin(const char* existingShLibName,
493 PRFuncPtr staticShLibFunc,
494 const char *newShLibName);
495 +#endif /* NSS_STATIC */
496
497 SEC_END_PROTOS
498
OLDNEW
« no previous file with comments | « patches/nss-remove-fortezza.patch ('k') | patches/nss-urandom-abort.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698