Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(349)

Unified Diff: patches/nss-static.patch

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « patches/nss-remove-fortezza.patch ('k') | patches/nss-urandom-abort.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: patches/nss-static.patch
diff --git a/patches/nss-static.patch b/patches/nss-static.patch
deleted file mode 100644
index b897b6e4a21c48dfbc2e586d38534793a3d0213e..0000000000000000000000000000000000000000
--- a/patches/nss-static.patch
+++ /dev/null
@@ -1,498 +0,0 @@
-diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
-index a86f8a0..eff77fc 100644
---- a/nss/lib/certhigh/certvfy.c
-+++ b/nss/lib/certhigh/certvfy.c
-@@ -12,9 +12,11 @@
- #include "certdb.h"
- #include "certi.h"
- #include "cryptohi.h"
-+#ifndef NSS_DISABLE_LIBPKIX
- #include "pkix.h"
- /*#include "pkix_sample_modules.h" */
- #include "pkix_pl_cert.h"
-+#endif /* NSS_DISABLE_LIBPKIX */
-
- #include "nsspki.h"
- #include "pkitm.h"
-@@ -23,6 +25,47 @@
- #include "base.h"
- #include "keyhi.h"
-
-+#ifdef NSS_DISABLE_LIBPKIX
-+SECStatus
-+cert_VerifyCertChainPkix(
-+ CERTCertificate *cert,
-+ PRBool checkSig,
-+ SECCertUsage requiredUsage,
-+ PRTime time,
-+ void *wincx,
-+ CERTVerifyLog *log,
-+ PRBool *pSigerror,
-+ PRBool *pRevoked)
-+{
-+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-+ return SECFailure;
-+}
-+
-+SECStatus
-+CERT_SetUsePKIXForValidation(PRBool enable)
-+{
-+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-+ return SECFailure;
-+}
-+
-+PRBool
-+CERT_GetUsePKIXForValidation()
-+{
-+ return PR_FALSE;
-+}
-+
-+SECStatus CERT_PKIXVerifyCert(
-+ CERTCertificate *cert,
-+ SECCertificateUsage usages,
-+ CERTValInParam *paramsIn,
-+ CERTValOutParam *paramsOut,
-+ void *wincx)
-+{
-+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-+ return SECFailure;
-+}
-+#endif /* NSS_DISABLE_LIBPKIX */
-+
- /*
- * Check the validity times of a certificate
- */
-diff --git a/nss/lib/ckfw/nssck.api b/nss/lib/ckfw/nssck.api
-index 55b4351..8364258 100644
---- a/nss/lib/ckfw/nssck.api
-+++ b/nss/lib/ckfw/nssck.api
-@@ -1752,7 +1752,7 @@ C_WaitForSlotEvent
- }
- #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
-
--static CK_RV CK_ENTRY
-+CK_RV CK_ENTRY
- __ADJOIN(MODULE_NAME,C_GetFunctionList)
- (
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-@@ -1830,7 +1830,7 @@ __ADJOIN(MODULE_NAME,C_CancelFunction),
- __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
- };
-
--static CK_RV CK_ENTRY
-+CK_RV CK_ENTRY
- __ADJOIN(MODULE_NAME,C_GetFunctionList)
- (
- CK_FUNCTION_LIST_PTR_PTR ppFunctionList
-@@ -1840,6 +1840,7 @@ __ADJOIN(MODULE_NAME,C_GetFunctionList)
- return CKR_OK;
- }
-
-+#ifndef NSS_STATIC
- /* This one is always present */
- CK_RV CK_ENTRY
- C_GetFunctionList
-@@ -1849,6 +1850,7 @@ C_GetFunctionList
- {
- return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
- }
-+#endif
-
- #undef __ADJOIN
-
-diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c
-index 823d8de..48b557b 100644
---- a/nss/lib/freebl/rsa.c
-+++ b/nss/lib/freebl/rsa.c
-@@ -1532,6 +1532,13 @@ void BL_Cleanup(void)
- RSA_Cleanup();
- }
-
-+#ifdef NSS_STATIC
-+void
-+BL_Unload(void)
-+{
-+}
-+#endif
-+
- PRBool bl_parentForkedAfterC_Initialize;
-
- /*
-diff --git a/nss/lib/freebl/shvfy.c b/nss/lib/freebl/shvfy.c
-index ad64a26..33714b8 100644
---- a/nss/lib/freebl/shvfy.c
-+++ b/nss/lib/freebl/shvfy.c
-@@ -273,9 +273,21 @@ readItem(PRFileDesc *fd, SECItem *item)
- return SECSuccess;
- }
-
-+/*
-+ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
-+ * if you're using NSS as static libraries), but want to conform to the
-+ * rest of the FIPS requirements.
-+ */
-+#ifdef NSS_STATIC
-+#define PSEUDO_FIPS
-+#endif
-+
- PRBool
- BLAPI_SHVerify(const char *name, PRFuncPtr addr)
- {
-+#ifdef PSEUDO_FIPS
-+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */
-+#else
- PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
- /* find our shared library name */
-@@ -291,11 +303,15 @@ loser:
- }
-
- return result;
-+#endif /* PSEUDO_FIPS */
- }
-
- PRBool
- BLAPI_SHVerifyFile(const char *shName)
- {
-+#ifdef PSEUDO_FIPS
-+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */
-+#else
- char *checkName = NULL;
- PRFileDesc *checkFD = NULL;
- PRFileDesc *shFD = NULL;
-@@ -492,6 +508,7 @@ loser:
- }
-
- return result;
-+#endif /* PSEUDO_FIPS */
- }
-
- PRBool
-diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
-index 471f920..ecf58ce 100755
---- a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
-+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
-@@ -201,7 +201,10 @@ certCallback(void *arg, SECItem **secitemCerts, int numcerts)
-
- typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
- CERTImportCertificateFunc f, void *arg);
--
-+#ifdef NSS_STATIC
-+extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen,
-+ CERTImportCertificateFunc f, void* arg);
-+#endif
-
- struct pkix_DecodeFuncStr {
- pkix_DecodeCertsFunc func; /* function pointer to the
-@@ -223,6 +226,11 @@ static const PRCallOnceType pkix_pristine;
- */
- static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
- {
-+#ifdef NSS_STATIC
-+ pkix_decodeFunc.smimeLib = NULL;
-+ pkix_decodeFunc.func = CERT_DecodeCertPackage;
-+ return PR_SUCCESS;
-+#else
- pkix_decodeFunc.smimeLib =
- PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
- if (pkix_decodeFunc.smimeLib == NULL) {
-@@ -235,7 +243,7 @@ static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
- return PR_FAILURE;
- }
- return PR_SUCCESS;
--
-+#endif
- }
-
- /*
-diff --git a/nss/lib/nss/nssinit.c b/nss/lib/nss/nssinit.c
-index b73d447..7150cf5 100644
---- a/nss/lib/nss/nssinit.c
-+++ b/nss/lib/nss/nssinit.c
-@@ -20,9 +20,11 @@
- #include "secerr.h"
- #include "nssbase.h"
- #include "nssutil.h"
-+#ifndef NSS_DISABLE_LIBPKIX
- #include "pkixt.h"
- #include "pkix.h"
- #include "pkix_tools.h"
-+#endif /* NSS_DISABLE_LIBPKIX */
-
- #include "pki3hack.h"
- #include "certi.h"
-@@ -526,8 +528,10 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
- PRBool dontFinalizeModules)
- {
- SECStatus rv = SECFailure;
-+#ifndef NSS_DISABLE_LIBPKIX
- PKIX_UInt32 actualMinorVersion = 0;
- PKIX_Error *pkixError = NULL;
-+#endif
- PRBool isReallyInitted;
- char *configStrings = NULL;
- char *configName = NULL;
-@@ -684,6 +688,7 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
- pk11sdr_Init();
- cert_CreateSubjectKeyIDHashTable();
-
-+#ifndef NSS_DISABLE_LIBPKIX
- pkixError = PKIX_Initialize
- (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
- PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
-@@ -696,6 +701,7 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
- CERT_SetUsePKIXForValidation(PR_TRUE);
- }
- }
-+#endif /* NSS_DISABLE_LIBPKIX */
-
-
- }
-@@ -1080,7 +1086,9 @@ nss_Shutdown(void)
- cert_DestroyLocks();
- ShutdownCRLCache();
- OCSP_ShutdownGlobal();
-+#ifndef NSS_DISABLE_LIBPKIX
- PKIX_Shutdown(plContext);
-+#endif
- SECOID_Shutdown();
- status = STAN_Shutdown();
- cert_DestroySubjectKeyIDHashTable();
-diff --git a/nss/lib/pk11wrap/pk11load.c b/nss/lib/pk11wrap/pk11load.c
-index 5c5d2ca..bfc4886 100644
---- a/nss/lib/pk11wrap/pk11load.c
-+++ b/nss/lib/pk11wrap/pk11load.c
-@@ -341,6 +341,12 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, SECMODModule *mod) {
- }
- }
-
-+#ifdef NSS_STATIC
-+extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
-+extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
-+extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args);
-+extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
-+#else
- static const char* my_shlib_name =
- SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
- static const char* softoken_shlib_name =
-@@ -349,12 +355,14 @@ static const PRCallOnceType pristineCallOnce;
- static PRCallOnceType loadSoftokenOnce;
- static PRLibrary* softokenLib;
- static PRInt32 softokenLoadCount;
-+#endif /* NSS_STATIC */
-
- #include "prio.h"
- #include "prprf.h"
- #include <stdio.h>
- #include "prsystem.h"
-
-+#ifndef NSS_STATIC
- /* This function must be run only once. */
- /* determine if hybrid platform, then actually load the DSO. */
- static PRStatus
-@@ -371,6 +379,7 @@ softoken_LoadDSO( void )
- }
- return PR_FAILURE;
- }
-+#endif /* !NSS_STATIC */
-
- /*
- * load a new module into our address space and initialize it.
-@@ -389,6 +398,16 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) {
-
- /* intenal modules get loaded from their internal list */
- if (mod->internal && (mod->dllName == NULL)) {
-+#ifdef NSS_STATIC
-+ if (mod->isFIPS) {
-+ entry = FC_GetFunctionList;
-+ } else {
-+ entry = NSC_GetFunctionList;
-+ }
-+ if (mod->isModuleDB) {
-+ mod->moduleDBFunc = NSC_ModuleDBFunc;
-+ }
-+#else
- /*
- * Loads softoken as a dynamic library,
- * even though the rest of NSS assumes this as the "internal" module.
-@@ -414,6 +433,7 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) {
- mod->moduleDBFunc = (CK_C_GetFunctionList)
- PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
- }
-+#endif
-
- if (mod->moduleDBOnly) {
- mod->loaded = PR_TRUE;
-@@ -424,6 +444,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) {
- if (mod->dllName == NULL) {
- return SECFailure;
- }
-+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
-+ if (strstr(mod->dllName, "nssckbi") != NULL) {
-+ mod->library = NULL;
-+ PORT_Assert(!mod->moduleDBOnly);
-+ entry = builtinsC_GetFunctionList;
-+ PORT_Assert(!mod->isModuleDB);
-+ goto library_loaded;
-+ }
-+#endif
-
- /* load the library. If this succeeds, then we have to remember to
- * unload the library if anything goes wrong from here on out...
-@@ -446,6 +475,9 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) {
- mod->moduleDBFunc = (void *)
- PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
- }
-+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
-+library_loaded:
-+#endif
- if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
- if (entry == NULL) {
- if (mod->isModuleDB) {
-@@ -585,6 +617,7 @@ SECMOD_UnloadModule(SECMODModule *mod) {
- * if not, we should change this to SECFailure and move it above the
- * mod->loaded = PR_FALSE; */
- if (mod->internal && (mod->dllName == NULL)) {
-+#ifndef NSS_STATIC
- if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
- if (softokenLib) {
- disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
-@@ -600,12 +633,18 @@ SECMOD_UnloadModule(SECMODModule *mod) {
- }
- loadSoftokenOnce = pristineCallOnce;
- }
-+#endif
- return SECSuccess;
- }
-
- library = (PRLibrary *)mod->library;
- /* paranoia */
- if (library == NULL) {
-+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
-+ if (strstr(mod->dllName, "nssckbi") != NULL) {
-+ return SECSuccess;
-+ }
-+#endif
- return SECFailure;
- }
-
-diff --git a/nss/lib/softoken/lgglue.c b/nss/lib/softoken/lgglue.c
-index 653501c..155991b 100644
---- a/nss/lib/softoken/lgglue.c
-+++ b/nss/lib/softoken/lgglue.c
-@@ -23,6 +23,7 @@ static LGDeleteSecmodFunc legacy_glue_deleteSecmod = NULL;
- static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
- static LGShutdownFunc legacy_glue_shutdown = NULL;
-
-+#ifndef NSS_STATIC
- /*
- * The following 3 functions duplicate the work done by bl_LoadLibrary.
- * We should make bl_LoadLibrary a global and replace the call to
-@@ -160,6 +161,7 @@ done:
-
- return lib;
- }
-+#endif /* STATIC LIBRARIES */
-
- /*
- * stub files for legacy db's to be able to encrypt and decrypt
-@@ -272,6 +274,21 @@ sftkdbLoad_Legacy(PRBool isFIPS)
- return SECSuccess;
- }
-
-+#ifdef NSS_STATIC
-+#ifdef NSS_DISABLE_DBM
-+ return SECFailure;
-+#else
-+ lib = (PRLibrary *) 0x8;
-+
-+ legacy_glue_open = legacy_Open;
-+ legacy_glue_readSecmod = legacy_ReadSecmodDB;
-+ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
-+ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
-+ legacy_glue_addSecmod = legacy_AddSecmodDB;
-+ legacy_glue_shutdown = legacy_Shutdown;
-+ setCryptFunction = legacy_SetCryptFunctions;
-+#endif
-+#else
- lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
- if (lib == NULL) {
- return SECFailure;
-@@ -297,11 +314,14 @@ sftkdbLoad_Legacy(PRBool isFIPS)
- PR_UnloadLibrary(lib);
- return SECFailure;
- }
-+#endif /* NSS_STATIC */
-
- /* verify the loaded library if we are in FIPS mode */
- if (isFIPS) {
- if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
-+#ifndef NSS_STATIC
- PR_UnloadLibrary(lib);
-+#endif
- return SECFailure;
- }
- legacy_glue_libCheckSucceeded = PR_TRUE;
-@@ -418,10 +438,12 @@ sftkdbCall_Shutdown(void)
- #endif
- crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
- }
-+#ifndef NSS_STATIC
- disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
- if (!disableUnload) {
- PR_UnloadLibrary(legacy_glue_lib);
- }
-+#endif
- legacy_glue_lib = NULL;
- legacy_glue_open = NULL;
- legacy_glue_readSecmod = NULL;
-diff --git a/nss/lib/softoken/lgglue.h b/nss/lib/softoken/lgglue.h
-index b87f756..c8c562f 100644
---- a/nss/lib/softoken/lgglue.h
-+++ b/nss/lib/softoken/lgglue.h
-@@ -38,6 +38,25 @@ typedef SECStatus (*LGShutdownFunc)(PRBool forked);
- typedef void (*LGSetForkStateFunc)(PRBool);
- typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
-
-+extern CK_RV legacy_Open(const char *dir, const char *certPrefix,
-+ const char *keyPrefix,
-+ int certVersion, int keyVersion, int flags,
-+ SDB **certDB, SDB **keyDB);
-+extern char ** legacy_ReadSecmodDB(const char *appName,
-+ const char *filename,
-+ const char *dbname, char *params, PRBool rw);
-+extern SECStatus legacy_ReleaseSecmodDBData(const char *appName,
-+ const char *filename,
-+ const char *dbname, char **params, PRBool rw);
-+extern SECStatus legacy_DeleteSecmodDB(const char *appName,
-+ const char *filename,
-+ const char *dbname, char *params, PRBool rw);
-+extern SECStatus legacy_AddSecmodDB(const char *appName,
-+ const char *filename,
-+ const char *dbname, char *params, PRBool rw);
-+extern SECStatus legacy_Shutdown(PRBool forked);
-+extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc);
-+
- /*
- * Softoken Glue Functions
- */
-diff --git a/nss/lib/util/secport.h b/nss/lib/util/secport.h
-index 7d2f5e0..95c73c8 100644
---- a/nss/lib/util/secport.h
-+++ b/nss/lib/util/secport.h
-@@ -223,6 +223,7 @@ extern int NSS_PutEnv(const char * envVarName, const char * envValue);
-
- extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
-
-+#ifndef NSS_STATIC
- /*
- * Load a shared library called "newShLibName" in the same directory as
- * a shared library that is already loaded, called existingShLibName.
-@@ -257,6 +258,7 @@ PRLibrary *
- PORT_LoadLibraryFromOrigin(const char* existingShLibName,
- PRFuncPtr staticShLibFunc,
- const char *newShLibName);
-+#endif /* NSS_STATIC */
-
- SEC_END_PROTOS
-
« no previous file with comments | « patches/nss-remove-fortezza.patch ('k') | patches/nss-urandom-abort.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698