Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(311)

Unified Diff: nss/lib/nss/nssinit.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/nss/nss.h ('k') | nss/lib/nss/nssoptions.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/nss/nssinit.c
diff --git a/nss/lib/nss/nssinit.c b/nss/lib/nss/nssinit.c
deleted file mode 100644
index 7150cf578e5a7537257db77485340716dfd9c561..0000000000000000000000000000000000000000
--- a/nss/lib/nss/nssinit.c
+++ /dev/null
@@ -1,1305 +0,0 @@
-/*
- * NSS utility functions
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <ctype.h>
-#include <string.h>
-#include "seccomon.h"
-#include "prinit.h"
-#include "prprf.h"
-#include "prmem.h"
-#include "cert.h"
-#include "key.h"
-#include "secmod.h"
-#include "secoid.h"
-#include "nss.h"
-#include "pk11func.h"
-#include "secerr.h"
-#include "nssbase.h"
-#include "nssutil.h"
-#ifndef NSS_DISABLE_LIBPKIX
-#include "pkixt.h"
-#include "pkix.h"
-#include "pkix_tools.h"
-#endif /* NSS_DISABLE_LIBPKIX */
-
-#include "pki3hack.h"
-#include "certi.h"
-#include "secmodi.h"
-#include "ocspti.h"
-#include "ocspi.h"
-#include "utilpars.h"
-
-/*
- * On Windows nss3.dll needs to export the symbol 'mktemp' to be
- * fully backward compatible with the nss3.dll in NSS 3.2.x and
- * 3.3.x. This symbol was unintentionally exported and its
- * definition (in DBM) was moved from nss3.dll to softokn3.dll
- * in NSS 3.4. See bug 142575.
- */
-#ifdef WIN32_NSS3_DLL_COMPAT
-#include <io.h>
-
-/* exported as 'mktemp' */
-char *
-nss_mktemp(char *path)
-{
- return _mktemp(path);
-}
-#endif
-
-#define NSS_MAX_FLAG_SIZE sizeof("readOnly")+sizeof("noCertDB")+ \
- sizeof("noModDB")+sizeof("forceOpen")+sizeof("passwordRequired")+ \
- sizeof ("optimizeSpace")
-#define NSS_DEFAULT_MOD_NAME "NSS Internal Module"
-
-static char *
-nss_makeFlags(PRBool readOnly, PRBool noCertDB,
- PRBool noModDB, PRBool forceOpen,
- PRBool passwordRequired, PRBool optimizeSpace)
-{
- char *flags = (char *)PORT_Alloc(NSS_MAX_FLAG_SIZE);
- PRBool first = PR_TRUE;
-
- PORT_Memset(flags,0,NSS_MAX_FLAG_SIZE);
- if (readOnly) {
- PORT_Strcat(flags,"readOnly");
- first = PR_FALSE;
- }
- if (noCertDB) {
- if (!first) PORT_Strcat(flags,",");
- PORT_Strcat(flags,"noCertDB");
- first = PR_FALSE;
- }
- if (noModDB) {
- if (!first) PORT_Strcat(flags,",");
- PORT_Strcat(flags,"noModDB");
- first = PR_FALSE;
- }
- if (forceOpen) {
- if (!first) PORT_Strcat(flags,",");
- PORT_Strcat(flags,"forceOpen");
- first = PR_FALSE;
- }
- if (passwordRequired) {
- if (!first) PORT_Strcat(flags,",");
- PORT_Strcat(flags,"passwordRequired");
- first = PR_FALSE;
- }
- if (optimizeSpace) {
- if (!first) PORT_Strcat(flags,",");
- PORT_Strcat(flags,"optimizeSpace");
- first = PR_FALSE;
- }
- return flags;
-}
-
-
-/*
- * build config string from individual internationalized strings
- */
-char *
-nss_MkConfigString(const char *man, const char *libdesc, const char *tokdesc,
- const char *ptokdesc, const char *slotdesc, const char *pslotdesc,
- const char *fslotdesc, const char *fpslotdesc, int minPwd)
-{
- char *strings = NULL;
- char *newStrings;
-
- /* make sure the internationalization was done correctly... */
- strings = PR_smprintf("");
- if (strings == NULL) return NULL;
-
- if (man) {
- newStrings = PR_smprintf("%s manufacturerID='%s'",strings,man);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (libdesc) {
- newStrings = PR_smprintf("%s libraryDescription='%s'",strings,libdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (tokdesc) {
- newStrings = PR_smprintf("%s cryptoTokenDescription='%s'",strings,
- tokdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (ptokdesc) {
- newStrings = PR_smprintf("%s dbTokenDescription='%s'",strings,ptokdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (slotdesc) {
- newStrings = PR_smprintf("%s cryptoSlotDescription='%s'",strings,
- slotdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (pslotdesc) {
- newStrings = PR_smprintf("%s dbSlotDescription='%s'",strings,pslotdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (fslotdesc) {
- newStrings = PR_smprintf("%s FIPSSlotDescription='%s'",
- strings,fslotdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- if (fpslotdesc) {
- newStrings = PR_smprintf("%s FIPSTokenDescription='%s'",
- strings,fpslotdesc);
- PR_smprintf_free(strings);
- strings = newStrings;
- }
- if (strings == NULL) return NULL;
-
- newStrings = PR_smprintf("%s minPS=%d", strings, minPwd);
- PR_smprintf_free(strings);
- strings = newStrings;
-
- return(strings);
-}
-
-/*
- * statics to remember the PK11_ConfigurePKCS11()
- * info.
- */
-static char * pk11_config_strings = NULL;
-static char * pk11_config_name = NULL;
-static PRBool pk11_password_required = PR_FALSE;
-
-/*
- * this is a legacy configuration function which used to be part of
- * the PKCS #11 internal token.
- */
-void
-PK11_ConfigurePKCS11(const char *man, const char *libdesc, const char *tokdesc,
- const char *ptokdesc, const char *slotdesc, const char *pslotdesc,
- const char *fslotdesc, const char *fpslotdesc, int minPwd,
- int pwRequired)
-{
- char * strings;
-
- strings = nss_MkConfigString(man,libdesc,tokdesc,ptokdesc,slotdesc,
- pslotdesc,fslotdesc,fpslotdesc,minPwd);
- if (strings == NULL) {
- return;
- }
-
- if (libdesc) {
- if (pk11_config_name != NULL) {
- PORT_Free(pk11_config_name);
- }
- pk11_config_name = PORT_Strdup(libdesc);
- }
-
- if (pk11_config_strings != NULL) {
- PR_smprintf_free(pk11_config_strings);
- }
- pk11_config_strings = strings;
- pk11_password_required = pwRequired;
-
- return;
-}
-
-void PK11_UnconfigurePKCS11(void)
-{
- if (pk11_config_strings != NULL) {
- PR_smprintf_free(pk11_config_strings);
- pk11_config_strings = NULL;
- }
- if (pk11_config_name) {
- PORT_Free(pk11_config_name);
- pk11_config_name = NULL;
- }
-}
-
-/*
- * The following code is an attempt to automagically find the external root
- * module.
- * Note: Keep the #if-defined chunks in order. HPUX must select before UNIX.
- */
-
-static const char *dllname =
-#if defined(XP_WIN32) || defined(XP_OS2)
- "nssckbi.dll";
-#elif defined(HPUX) && !defined(__ia64) /* HP-UX PA-RISC */
- "libnssckbi.sl";
-#elif defined(DARWIN)
- "libnssckbi.dylib";
-#elif defined(XP_UNIX) || defined(XP_BEOS)
- "libnssckbi.so";
-#else
- #error "Uh! Oh! I don't know about this platform."
-#endif
-
-/* Should we have platform ifdefs here??? */
-#define FILE_SEP '/'
-
-static void nss_FindExternalRootPaths(const char *dbpath,
- const char* secmodprefix,
- char** retoldpath, char** retnewpath)
-{
- char *path, *oldpath = NULL, *lastsep;
- int len, path_len, secmod_len, dll_len;
-
- path_len = PORT_Strlen(dbpath);
- secmod_len = secmodprefix ? PORT_Strlen(secmodprefix) : 0;
- dll_len = PORT_Strlen(dllname);
- len = path_len + secmod_len + dll_len + 2; /* FILE_SEP + NULL */
-
- path = PORT_Alloc(len);
- if (path == NULL) return;
-
- /* back up to the top of the directory */
- PORT_Memcpy(path,dbpath,path_len);
- if (path[path_len-1] != FILE_SEP) {
- path[path_len++] = FILE_SEP;
- }
- PORT_Strcpy(&path[path_len],dllname);
- if (secmod_len > 0) {
- lastsep = PORT_Strrchr(secmodprefix, FILE_SEP);
- if (lastsep) {
- int secmoddir_len = lastsep-secmodprefix+1; /* FILE_SEP */
- oldpath = PORT_Alloc(len);
- if (oldpath == NULL) {
- PORT_Free(path);
- return;
- }
- PORT_Memcpy(oldpath,path,path_len);
- PORT_Memcpy(&oldpath[path_len],secmodprefix,secmoddir_len);
- PORT_Strcpy(&oldpath[path_len+secmoddir_len],dllname);
- }
- }
- *retoldpath = oldpath;
- *retnewpath = path;
- return;
-}
-
-static void nss_FreeExternalRootPaths(char* oldpath, char* path)
-{
- if (path) {
- PORT_Free(path);
- }
- if (oldpath) {
- PORT_Free(oldpath);
- }
-}
-
-static void
-nss_FindExternalRoot(const char *dbpath, const char* secmodprefix)
-{
- char *path = NULL;
- char *oldpath = NULL;
- PRBool hasrootcerts = PR_FALSE;
-
- /*
- * 'oldpath' is the external root path in NSS 3.3.x or older.
- * For backward compatibility we try to load the root certs
- * module with the old path first.
- */
- nss_FindExternalRootPaths(dbpath, secmodprefix, &oldpath, &path);
- if (oldpath) {
- (void) SECMOD_AddNewModule("Root Certs",oldpath, 0, 0);
- hasrootcerts = SECMOD_HasRootCerts();
- }
- if (path && !hasrootcerts) {
- (void) SECMOD_AddNewModule("Root Certs",path, 0, 0);
- }
- nss_FreeExternalRootPaths(oldpath, path);
- return;
-}
-
-/*
- * see nss_Init for definitions of the various options.
- *
- * this function builds a moduleSpec string from the options and previously
- * set statics (from PKCS11_Configure, for instance), and uses it to kick off
- * the loading of the various PKCS #11 modules.
- */
-static SECStatus
-nss_InitModules(const char *configdir, const char *certPrefix,
- const char *keyPrefix, const char *secmodName,
- const char *updateDir, const char *updCertPrefix,
- const char *updKeyPrefix, const char *updateID,
- const char *updateName, char *configName, char *configStrings,
- PRBool pwRequired, PRBool readOnly, PRBool noCertDB,
- PRBool noModDB, PRBool forceOpen, PRBool optimizeSpace,
- PRBool isContextInit)
-{
- SECStatus rv = SECFailure;
- char *moduleSpec = NULL;
- char *flags = NULL;
- char *lconfigdir = NULL;
- char *lcertPrefix = NULL;
- char *lkeyPrefix = NULL;
- char *lsecmodName = NULL;
- char *lupdateDir = NULL;
- char *lupdCertPrefix = NULL;
- char *lupdKeyPrefix = NULL;
- char *lupdateID = NULL;
- char *lupdateName = NULL;
-
- if (NSS_InitializePRErrorTable() != SECSuccess) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return rv;
- }
-
- flags = nss_makeFlags(readOnly,noCertDB,noModDB,forceOpen,
- pwRequired, optimizeSpace);
- if (flags == NULL) return rv;
-
- /*
- * configdir is double nested, and Windows uses the same character
- * for file seps as we use for escapes! (sigh).
- */
- lconfigdir = NSSUTIL_DoubleEscape(configdir, '\'', '\"');
- if (lconfigdir == NULL) {
- goto loser;
- }
- lcertPrefix = NSSUTIL_DoubleEscape(certPrefix, '\'', '\"');
- if (lcertPrefix == NULL) {
- goto loser;
- }
- lkeyPrefix = NSSUTIL_DoubleEscape(keyPrefix, '\'', '\"');
- if (lkeyPrefix == NULL) {
- goto loser;
- }
- lsecmodName = NSSUTIL_DoubleEscape(secmodName, '\'', '\"');
- if (lsecmodName == NULL) {
- goto loser;
- }
- lupdateDir = NSSUTIL_DoubleEscape(updateDir, '\'', '\"');
- if (lupdateDir == NULL) {
- goto loser;
- }
- lupdCertPrefix = NSSUTIL_DoubleEscape(updCertPrefix, '\'', '\"');
- if (lupdCertPrefix == NULL) {
- goto loser;
- }
- lupdKeyPrefix = NSSUTIL_DoubleEscape(updKeyPrefix, '\'', '\"');
- if (lupdKeyPrefix == NULL) {
- goto loser;
- }
- lupdateID = NSSUTIL_DoubleEscape(updateID, '\'', '\"');
- if (lupdateID == NULL) {
- goto loser;
- }
- lupdateName = NSSUTIL_DoubleEscape(updateName, '\'', '\"');
- if (lupdateName == NULL) {
- goto loser;
- }
-
- moduleSpec = PR_smprintf(
- "name=\"%s\" parameters=\"configdir='%s' certPrefix='%s' keyPrefix='%s' "
- "secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' "
- "updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s\" "
- "NSS=\"flags=internal,moduleDB,moduleDBOnly,critical%s\"",
- configName ? configName : NSS_DEFAULT_MOD_NAME,
- lconfigdir,lcertPrefix,lkeyPrefix,lsecmodName,flags,
- lupdateDir, lupdCertPrefix, lupdKeyPrefix, lupdateID,
- lupdateName, configStrings ? configStrings : "",
- isContextInit ? "" : ",defaultModDB,internalKeySlot");
-
-loser:
- PORT_Free(flags);
- if (lconfigdir) PORT_Free(lconfigdir);
- if (lcertPrefix) PORT_Free(lcertPrefix);
- if (lkeyPrefix) PORT_Free(lkeyPrefix);
- if (lsecmodName) PORT_Free(lsecmodName);
- if (lupdateDir) PORT_Free(lupdateDir);
- if (lupdCertPrefix) PORT_Free(lupdCertPrefix);
- if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix);
- if (lupdateID) PORT_Free(lupdateID);
- if (lupdateName) PORT_Free(lupdateName);
-
- if (moduleSpec) {
- SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE);
- PR_smprintf_free(moduleSpec);
- if (module) {
- if (module->loaded) rv=SECSuccess;
- SECMOD_DestroyModule(module);
- }
- }
- return rv;
-}
-
-/*
- * OK there are now lots of options here, lets go through them all:
- *
- * configdir - base directory where all the cert, key, and module datbases live.
- * certPrefix - prefix added to the beginning of the cert database example: "
- * "https-server1-"
- * keyPrefix - prefix added to the beginning of the key database example: "
- * "https-server1-"
- * secmodName - name of the security module database (usually "secmod.db").
- * updateDir - used in initMerge, old directory to update from.
- * updateID - used in initMerge, unique ID to represent the updated directory.
- * updateName - used in initMerge, token name when updating.
- * initContextPtr - used in initContext, pointer to return a unique context
- * value.
- * readOnly - Boolean: true if the databases are to be opened read only.
- * nocertdb - Don't open the cert DB and key DB's, just initialize the
- * Volatile certdb.
- * nomoddb - Don't open the security module DB, just initialize the
- * PKCS #11 module.
- * forceOpen - Continue to force initializations even if the databases cannot
- * be opened.
- * noRootInit - don't try to automatically load the root cert store if one is
- * not found.
- * optimizeSpace - tell NSS to use fewer hash table buckets.
- *
- * The next three options are used in an attempt to share PKCS #11 modules
- * with other loaded, running libraries. PKCS #11 was not designed with this
- * sort of sharing in mind, so use of these options may lead to questionable
- * results. These options are may be incompatible with NSS_LoadContext() calls.
- *
- * noSingleThreadedModules - don't load modules that are not thread safe (many
- * smart card tokens will not work).
- * allowAlreadyInitializedModules - if a module has already been loaded and
- * initialize try to use it.
- * don'tFinalizeModules - dont shutdown modules we may have loaded.
- */
-
-static PRBool nssIsInitted = PR_FALSE;
-static NSSInitContext *nssInitContextList = NULL;
-static void* plContext = NULL;
-
-struct NSSInitContextStr {
- NSSInitContext *next;
- PRUint32 magic;
-};
-
-#define NSS_INIT_MAGIC 0x1413A91C
-static SECStatus nss_InitShutdownList(void);
-
-/* All initialized to zero in BSS */
-static PRCallOnceType nssInitOnce;
-static PZLock *nssInitLock;
-static PZCondVar *nssInitCondition;
-static int nssIsInInit;
-
-static PRStatus
-nss_doLockInit(void)
-{
- nssInitLock = PZ_NewLock(nssILockOther);
- if (nssInitLock == NULL) {
- return PR_FAILURE;
- }
- nssInitCondition = PZ_NewCondVar(nssInitLock);
- if (nssInitCondition == NULL) {
- return PR_FAILURE;
- }
- return PR_SUCCESS;
-}
-
-
-static SECStatus
-nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
- const char *secmodName, const char *updateDir,
- const char *updCertPrefix, const char *updKeyPrefix,
- const char *updateID, const char *updateName,
- NSSInitContext ** initContextPtr,
- NSSInitParameters *initParams,
- PRBool readOnly, PRBool noCertDB,
- PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
- PRBool optimizeSpace, PRBool noSingleThreadedModules,
- PRBool allowAlreadyInitializedModules,
- PRBool dontFinalizeModules)
-{
- SECStatus rv = SECFailure;
-#ifndef NSS_DISABLE_LIBPKIX
- PKIX_UInt32 actualMinorVersion = 0;
- PKIX_Error *pkixError = NULL;
-#endif
- PRBool isReallyInitted;
- char *configStrings = NULL;
- char *configName = NULL;
- PRBool passwordRequired = PR_FALSE;
-
- /* if we are trying to init with a traditional NSS_Init call, maintain
- * the traditional idempotent behavior. */
- if (!initContextPtr && nssIsInitted) {
- return SECSuccess;
- }
-
- /* make sure our lock and condition variable are initialized one and only
- * one time */
- if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
- return SECFailure;
- }
-
- /*
- * if we haven't done basic initialization, single thread the
- * initializations.
- */
- PZ_Lock(nssInitLock);
- isReallyInitted = NSS_IsInitialized();
- if (!isReallyInitted) {
- while (!isReallyInitted && nssIsInInit) {
- PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT);
- isReallyInitted = NSS_IsInitialized();
- }
- /* once we've completed basic initialization, we can allow more than
- * one process initialize NSS at a time. */
- }
- nssIsInInit++;
- PZ_Unlock(nssInitLock);
-
- /* this tells us whether or not some library has already initialized us.
- * if so, we don't want to double call some of the basic initialization
- * functions */
-
- if (!isReallyInitted) {
-#ifdef DEBUG
- CERTCertificate dummyCert;
- /* New option bits must not change the size of CERTCertificate. */
- PORT_Assert(sizeof(dummyCert.options) == sizeof(void *));
-#endif
-
- if (SECSuccess != cert_InitLocks()) {
- goto loser;
- }
-
- if (SECSuccess != InitCRLCache()) {
- goto loser;
- }
-
- if (SECSuccess != OCSP_InitGlobal()) {
- goto loser;
- }
- }
-
- if (noSingleThreadedModules || allowAlreadyInitializedModules ||
- dontFinalizeModules) {
- pk11_setGlobalOptions(noSingleThreadedModules,
- allowAlreadyInitializedModules,
- dontFinalizeModules);
- }
-
- if (initContextPtr) {
- *initContextPtr = PORT_ZNew(NSSInitContext);
- if (*initContextPtr == NULL) {
- goto loser;
- }
- /*
- * For traditional NSS_Init, we used the PK11_Configure() call to set
- * globals. with InitContext, we pass those strings in as parameters.
- *
- * This allows old NSS_Init calls to work as before, while at the same
- * time new calls and old calls will not interfere with each other.
- */
- if (initParams) {
- if (initParams->length < sizeof(NSSInitParameters)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto loser;
- }
- configStrings = nss_MkConfigString(initParams->manufactureID,
- initParams->libraryDescription,
- initParams->cryptoTokenDescription,
- initParams->dbTokenDescription,
- initParams->cryptoSlotDescription,
- initParams->dbSlotDescription,
- initParams->FIPSSlotDescription,
- initParams->FIPSTokenDescription,
- initParams->minPWLen);
- if (configStrings == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- configName = initParams->libraryDescription;
- passwordRequired = initParams->passwordRequired;
- }
- } else {
- configStrings = pk11_config_strings;
- configName = pk11_config_name;
- passwordRequired = pk11_password_required;
- }
-
- /* Skip the module init if we are already initted and we are trying
- * to init with noCertDB and noModDB */
- if (!(isReallyInitted && noCertDB && noModDB)) {
- rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
- updateDir, updCertPrefix, updKeyPrefix, updateID,
- updateName, configName, configStrings, passwordRequired,
- readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
- (initContextPtr != NULL));
-
- if (rv != SECSuccess) {
- goto loser;
- }
- }
-
-
- /* finish up initialization */
- if (!isReallyInitted) {
- if (SECOID_Init() != SECSuccess) {
- goto loser;
- }
- if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) {
- goto loser;
- }
- if (nss_InitShutdownList() != SECSuccess) {
- goto loser;
- }
- CERT_SetDefaultCertDB((CERTCertDBHandle *)
- STAN_GetDefaultTrustDomain());
- if ((!noModDB) && (!noCertDB) && (!noRootInit)) {
- if (!SECMOD_HasRootCerts()) {
- const char *dbpath = configdir;
- /* handle supported database modifiers */
- if (strncmp(dbpath, "sql:", 4) == 0) {
- dbpath += 4;
- } else if(strncmp(dbpath, "dbm:", 4) == 0) {
- dbpath += 4;
- } else if(strncmp(dbpath, "extern:", 7) == 0) {
- dbpath += 7;
- } else if(strncmp(dbpath, "rdb:", 4) == 0) {
- /* if rdb: is specified, the configdir isn't really a
- * path. Skip it */
- dbpath = NULL;
- }
- if (dbpath) {
- nss_FindExternalRoot(dbpath, secmodName);
- }
- }
- }
-
- pk11sdr_Init();
- cert_CreateSubjectKeyIDHashTable();
-
-#ifndef NSS_DISABLE_LIBPKIX
- pkixError = PKIX_Initialize
- (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
- PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
-
- if (pkixError != NULL) {
- goto loser;
- } else {
- char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
- if (ev && ev[0]) {
- CERT_SetUsePKIXForValidation(PR_TRUE);
- }
- }
-#endif /* NSS_DISABLE_LIBPKIX */
-
-
- }
-
- /*
- * Now mark the appropriate init state. If initContextPtr was passed
- * in, then return the new context pointer and add it to the
- * nssInitContextList. Otherwise set the global nss_isInitted flag
- */
- PZ_Lock(nssInitLock);
- if (!initContextPtr) {
- nssIsInitted = PR_TRUE;
- } else {
- (*initContextPtr)->magic = NSS_INIT_MAGIC;
- (*initContextPtr)->next = nssInitContextList;
- nssInitContextList = (*initContextPtr);
- }
- nssIsInInit--;
- /* now that we are inited, all waiters can move forward */
- PZ_NotifyAllCondVar(nssInitCondition);
- PZ_Unlock(nssInitLock);
-
- if (initContextPtr && configStrings) {
- PR_smprintf_free(configStrings);
- }
-
- return SECSuccess;
-
-loser:
- if (initContextPtr && *initContextPtr) {
- PORT_Free(*initContextPtr);
- *initContextPtr = NULL;
- if (configStrings) {
- PR_smprintf_free(configStrings);
- }
- }
- PZ_Lock(nssInitLock);
- nssIsInInit--;
- /* We failed to init, allow one to move forward */
- PZ_NotifyCondVar(nssInitCondition);
- PZ_Unlock(nssInitLock);
- return SECFailure;
-}
-
-
-SECStatus
-NSS_Init(const char *configdir)
-{
- return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL,
- NULL, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
-}
-
-SECStatus
-NSS_InitReadWrite(const char *configdir)
-{
- return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL,
- NULL, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE,
- PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
-}
-
-/*
- * OK there are now lots of options here, lets go through them all:
- *
- * configdir - base directory where all the cert, key, and module datbases live.
- * certPrefix - prefix added to the beginning of the cert database example: "
- * "https-server1-"
- * keyPrefix - prefix added to the beginning of the key database example: "
- * "https-server1-"
- * secmodName - name of the security module database (usually "secmod.db").
- * flags - change the open options of NSS_Initialize as follows:
- * NSS_INIT_READONLY - Open the databases read only.
- * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
- * initialize the volatile certdb.
- * NSS_INIT_NOMODDB - Don't open the security module DB, just
- * initialize the PKCS #11 module.
- * NSS_INIT_FORCEOPEN - Continue to force initializations even if the
- * databases cannot be opened.
- * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
- * thread-safe, ie. that support locking - either OS
- * locking or NSS-provided locks . If a PKCS#11
- * module isn't thread-safe, don't serialize its
- * calls; just don't load it instead. This is necessary
- * if another piece of code is using the same PKCS#11
- * modules that NSS is accessing without going through
- * NSS, for example the Java SunPKCS11 provider.
- * NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
- * error when loading PKCS#11 modules. This is necessary
- * if another piece of code is using the same PKCS#11
- * modules that NSS is accessing without going through
- * NSS, for example Java SunPKCS11 provider.
- * NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
- * PKCS#11 module. This may be necessary in order to
- * ensure continuous operation and proper shutdown
- * sequence if another piece of code is using the same
- * PKCS#11 modules that NSS is accessing without going
- * through NSS, for example Java SunPKCS11 provider.
- * The following limitation applies when this is set :
- * SECMOD_WaitForAnyTokenEvent will not use
- * C_WaitForSlotEvent, in order to prevent the need for
- * C_Finalize. This call will be emulated instead.
- * NSS_INIT_RESERVED - Currently has no effect, but may be used in the
- * future to trigger better cooperation between PKCS#11
- * modules used by both NSS and the Java SunPKCS11
- * provider. This should occur after a new flag is defined
- * for C_Initialize by the PKCS#11 working group.
- * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
- * use both NSS and the Java SunPKCS11 provider.
- */
-SECStatus
-NSS_Initialize(const char *configdir, const char *certPrefix,
- const char *keyPrefix, const char *secmodName, PRUint32 flags)
-{
- return nss_Init(configdir, certPrefix, keyPrefix, secmodName,
- "", "", "", "", "", NULL, NULL,
- ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
- ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
- ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
- ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN),
- ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT),
- ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
- ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
- ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
- ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
-}
-
-NSSInitContext *
-NSS_InitContext(const char *configdir, const char *certPrefix,
- const char *keyPrefix, const char *secmodName,
- NSSInitParameters *initParams, PRUint32 flags)
-{
- SECStatus rv;
- NSSInitContext *context;
-
- rv = nss_Init(configdir, certPrefix, keyPrefix, secmodName,
- "", "", "", "", "", &context, initParams,
- ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
- ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
- ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
- ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), PR_TRUE,
- ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
- ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
- ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
- ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
- return (rv == SECSuccess) ? context : NULL;
-}
-
-SECStatus
-NSS_InitWithMerge(const char *configdir, const char *certPrefix,
- const char *keyPrefix, const char *secmodName,
- const char *updateDir, const char *updCertPrefix,
- const char *updKeyPrefix, const char *updateID,
- const char *updateName, PRUint32 flags)
-{
- return nss_Init(configdir, certPrefix, keyPrefix, secmodName,
- updateDir, updCertPrefix, updKeyPrefix, updateID, updateName,
- NULL, NULL,
- ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
- ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
- ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
- ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN),
- ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT),
- ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
- ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
- ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
- ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
-}
-
-/*
- * initialize NSS without a creating cert db's, key db's, or secmod db's.
- */
-SECStatus
-NSS_NoDB_Init(const char * configdir)
-{
- return nss_Init("","","","", "", "", "", "", "", NULL, NULL,
- PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,
- PR_FALSE,PR_FALSE,PR_FALSE);
-}
-
-
-#define NSS_SHUTDOWN_STEP 10
-
-struct NSSShutdownFuncPair {
- NSS_ShutdownFunc func;
- void *appData;
-};
-
-static struct NSSShutdownListStr {
- PZLock *lock;
- int allocatedFuncs;
- int peakFuncs;
- struct NSSShutdownFuncPair *funcs;
-} nssShutdownList = { 0 };
-
-/*
- * find and existing shutdown function
- */
-static int
-nss_GetShutdownEntry(NSS_ShutdownFunc sFunc, void *appData)
-{
- int count, i;
- count = nssShutdownList.peakFuncs;
-
- for (i=0; i < count; i++) {
- if ((nssShutdownList.funcs[i].func == sFunc) &&
- (nssShutdownList.funcs[i].appData == appData)){
- return i;
- }
- }
- return -1;
-}
-
-/*
- * register a callback to be called when NSS shuts down
- */
-SECStatus
-NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
-{
- int i;
-
- /* make sure our lock and condition variable are initialized one and only
- * one time */
- if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
- return SECFailure;
- }
-
- PZ_Lock(nssInitLock);
- if (!NSS_IsInitialized()) {
- PZ_Unlock(nssInitLock);
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
- }
- PZ_Unlock(nssInitLock);
- if (sFunc == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- PORT_Assert(nssShutdownList.lock);
- PZ_Lock(nssShutdownList.lock);
-
- /* make sure we don't have a duplicate */
- i = nss_GetShutdownEntry(sFunc, appData);
- if (i >= 0) {
- PZ_Unlock(nssShutdownList.lock);
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- /* find an empty slot */
- i = nss_GetShutdownEntry(NULL, NULL);
- if (i >= 0) {
- nssShutdownList.funcs[i].func = sFunc;
- nssShutdownList.funcs[i].appData = appData;
- PZ_Unlock(nssShutdownList.lock);
- return SECSuccess;
- }
- if (nssShutdownList.allocatedFuncs == nssShutdownList.peakFuncs) {
- struct NSSShutdownFuncPair *funcs =
- (struct NSSShutdownFuncPair *)PORT_Realloc
- (nssShutdownList.funcs,
- (nssShutdownList.allocatedFuncs + NSS_SHUTDOWN_STEP)
- *sizeof(struct NSSShutdownFuncPair));
- if (!funcs) {
- PZ_Unlock(nssShutdownList.lock);
- return SECFailure;
- }
- nssShutdownList.funcs = funcs;
- nssShutdownList.allocatedFuncs += NSS_SHUTDOWN_STEP;
- }
- nssShutdownList.funcs[nssShutdownList.peakFuncs].func = sFunc;
- nssShutdownList.funcs[nssShutdownList.peakFuncs].appData = appData;
- nssShutdownList.peakFuncs++;
- PZ_Unlock(nssShutdownList.lock);
- return SECSuccess;
-}
-
-/*
- * unregister a callback so it won't get called on shutdown.
- */
-SECStatus
-NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
-{
- int i;
-
- /* make sure our lock and condition variable are initialized one and only
- * one time */
- if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
- return SECFailure;
- }
- PZ_Lock(nssInitLock);
- if (!NSS_IsInitialized()) {
- PZ_Unlock(nssInitLock);
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
- }
- PZ_Unlock(nssInitLock);
-
- PORT_Assert(nssShutdownList.lock);
- PZ_Lock(nssShutdownList.lock);
- i = nss_GetShutdownEntry(sFunc, appData);
- if (i >= 0) {
- nssShutdownList.funcs[i].func = NULL;
- nssShutdownList.funcs[i].appData = NULL;
- }
- PZ_Unlock(nssShutdownList.lock);
-
- if (i < 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-/*
- * bring up and shutdown the shutdown list
- */
-static SECStatus
-nss_InitShutdownList(void)
-{
- if (nssShutdownList.lock != NULL) {
- return SECSuccess;
- }
- nssShutdownList.lock = PZ_NewLock(nssILockOther);
- if (nssShutdownList.lock == NULL) {
- return SECFailure;
- }
- nssShutdownList.funcs = PORT_ZNewArray(struct NSSShutdownFuncPair,
- NSS_SHUTDOWN_STEP);
- if (nssShutdownList.funcs == NULL) {
- PZ_DestroyLock(nssShutdownList.lock);
- nssShutdownList.lock = NULL;
- return SECFailure;
- }
- nssShutdownList.allocatedFuncs = NSS_SHUTDOWN_STEP;
- nssShutdownList.peakFuncs = 0;
-
- return SECSuccess;
-}
-
-static SECStatus
-nss_ShutdownShutdownList(void)
-{
- SECStatus rv = SECSuccess;
- int i;
-
- /* call all the registerd functions first */
- for (i=0; i < nssShutdownList.peakFuncs; i++) {
- struct NSSShutdownFuncPair *funcPair = &nssShutdownList.funcs[i];
- if (funcPair->func) {
- if ((*funcPair->func)(funcPair->appData,NULL) != SECSuccess) {
- rv = SECFailure;
- }
- }
- }
-
- nssShutdownList.peakFuncs = 0;
- nssShutdownList.allocatedFuncs = 0;
- PORT_Free(nssShutdownList.funcs);
- nssShutdownList.funcs = NULL;
- if (nssShutdownList.lock) {
- PZ_DestroyLock(nssShutdownList.lock);
- }
- nssShutdownList.lock = NULL;
- return rv;
-}
-
-
-extern const NSSError NSS_ERROR_BUSY;
-
-SECStatus
-nss_Shutdown(void)
-{
- SECStatus shutdownRV = SECSuccess;
- SECStatus rv;
- PRStatus status;
- NSSInitContext *temp;
-
- rv = nss_ShutdownShutdownList();
- if (rv != SECSuccess) {
- shutdownRV = SECFailure;
- }
- cert_DestroyLocks();
- ShutdownCRLCache();
- OCSP_ShutdownGlobal();
-#ifndef NSS_DISABLE_LIBPKIX
- PKIX_Shutdown(plContext);
-#endif
- SECOID_Shutdown();
- status = STAN_Shutdown();
- cert_DestroySubjectKeyIDHashTable();
- pk11_SetInternalKeySlot(NULL);
- rv = SECMOD_Shutdown();
- if (rv != SECSuccess) {
- shutdownRV = SECFailure;
- }
- pk11sdr_Shutdown();
- nssArena_Shutdown();
- if (status == PR_FAILURE) {
- if (NSS_GetError() == NSS_ERROR_BUSY) {
- PORT_SetError(SEC_ERROR_BUSY);
- }
- shutdownRV = SECFailure;
- }
- /*
- * A thread's error stack is automatically destroyed when the thread
- * terminates, except for the primordial thread, whose error stack is
- * destroyed by PR_Cleanup. Since NSS is usually shut down by the
- * primordial thread and many NSS-based apps don't call PR_Cleanup,
- * we destroy the calling thread's error stack here. This must be
- * done after any NSS_GetError call, otherwise NSS_GetError will
- * create the error stack again.
- */
- nss_DestroyErrorStack();
- nssIsInitted = PR_FALSE;
- temp = nssInitContextList;
- nssInitContextList = NULL;
- /* free the old list. This is necessary when we are called from
- * NSS_Shutdown(). */
- while (temp) {
- NSSInitContext *next = temp->next;
- temp->magic = 0;
- PORT_Free(temp);
- temp = next;
- }
- return shutdownRV;
-}
-
-SECStatus
-NSS_Shutdown(void)
-{
- SECStatus rv;
- /* make sure our lock and condition variable are initialized one and only
- * one time */
- if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
- return SECFailure;
- }
- PZ_Lock(nssInitLock);
-
- if (!nssIsInitted) {
- PZ_Unlock(nssInitLock);
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
- }
-
- /* If one or more threads are in the middle of init, wait for them
- * to complete */
- while (nssIsInInit) {
- PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT);
- }
- rv = nss_Shutdown();
- PZ_Unlock(nssInitLock);
- return rv;
-}
-
-/*
- * remove the context from a list. return true if found, false if not
- */
-PRBool
-nss_RemoveList(NSSInitContext *context) {
- NSSInitContext *this = nssInitContextList;
- NSSInitContext **last = &nssInitContextList;
-
- while (this) {
- if (this == context) {
- *last = this->next;
- this->magic = 0;
- PORT_Free(this);
- return PR_TRUE;
- }
- last = &this->next;
- this=this->next;
- }
- return PR_FALSE;
-}
-
-/*
- * This form of shutdown is safe in the case where we may have multiple
- * entities using NSS in a single process. Each entity calls shutdown with
- * it's own context. The application (which doesn't get a context), calls
- * shutdown with NULL. Once all users have 'checked in' NSS will shutdown.
- * This is different than NSS_Shutdown, where calling it will shutdown NSS
- * irreguardless of who else may have NSS open.
- */
-SECStatus
-NSS_ShutdownContext(NSSInitContext *context)
-{
- SECStatus rv = SECSuccess;
-
- /* make sure our lock and condition variable are initialized one and only
- * one time */
- if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
- return SECFailure;
- }
- PZ_Lock(nssInitLock);
- /* If one or more threads are in the middle of init, wait for them
- * to complete */
- while (nssIsInInit) {
- PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT);
- }
-
- /* OK, we are the only thread now either initializing or shutting down */
-
- if (!context) {
- if (!nssIsInitted) {
- PZ_Unlock(nssInitLock);
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
- }
- nssIsInitted = 0;
- } else if (! nss_RemoveList(context)) {
- PZ_Unlock(nssInitLock);
- /* context was already freed or wasn't valid */
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return SECFailure;
- }
- if ((nssIsInitted == 0) && (nssInitContextList == NULL)) {
- rv = nss_Shutdown();
- }
-
- /* NOTE: we don't try to free the nssInitLocks to prevent races against
- * the locks. There may be a thread, right now, waiting in NSS_Init for us
- * to free the lock below. If we delete the locks, bad things would happen
- * to that thread */
- PZ_Unlock(nssInitLock);
-
- return rv;
-}
-
-PRBool
-NSS_IsInitialized(void)
-{
- return (nssIsInitted) || (nssInitContextList != NULL);
-}
-
-
-extern const char __nss_base_version[];
-
-PRBool
-NSS_VersionCheck(const char *importedVersion)
-{
- /*
- * This is the secret handshake algorithm.
- *
- * This release has a simple version compatibility
- * check algorithm. This release is not backward
- * compatible with previous major releases. It is
- * not compatible with future major, minor, or
- * patch releases or builds.
- */
- int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0;
- const char *ptr = importedVersion;
-#define NSS_VERSION_VARIABLE __nss_base_version
-#include "verref.h"
-
- while (isdigit(*ptr)) {
- vmajor = 10 * vmajor + *ptr - '0';
- ptr++;
- }
- if (*ptr == '.') {
- ptr++;
- while (isdigit(*ptr)) {
- vminor = 10 * vminor + *ptr - '0';
- ptr++;
- }
- if (*ptr == '.') {
- ptr++;
- while (isdigit(*ptr)) {
- vpatch = 10 * vpatch + *ptr - '0';
- ptr++;
- }
- if (*ptr == '.') {
- ptr++;
- while (isdigit(*ptr)) {
- vbuild = 10 * vbuild + *ptr - '0';
- ptr++;
- }
- }
- }
- }
-
- if (vmajor != NSS_VMAJOR) {
- return PR_FALSE;
- }
- if (vmajor == NSS_VMAJOR && vminor > NSS_VMINOR) {
- return PR_FALSE;
- }
- if (vmajor == NSS_VMAJOR && vminor == NSS_VMINOR && vpatch > NSS_VPATCH) {
- return PR_FALSE;
- }
- if (vmajor == NSS_VMAJOR && vminor == NSS_VMINOR &&
- vpatch == NSS_VPATCH && vbuild > NSS_VBUILD) {
- return PR_FALSE;
- }
- return PR_TRUE;
-}
-
-const char *
-NSS_GetVersion(void)
-{
- return NSS_VERSION;
-}
« no previous file with comments | « nss/lib/nss/nss.h ('k') | nss/lib/nss/nssoptions.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698