trustbridge/nss-cmake-static: patches/nss-static.patch comparison

comparison patches/nss-static.patch @ 0:1e5118fa0cb1

This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Mon, 28 Jul 2014 10:47:06 +0200
parents
children

comparison

equal deleted inserted replaced

--1:000000000000
+:1e5118fa0cb1
+diff -r db5b7e3c69a5 lib/certhigh/certvfy.c
+--- a/lib/certhigh/certvfy.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/certhigh/certvfy.c	Fri May 31 17:44:06 2013 -0700
+@@ -13,9 +13,11 @@
+#include "certdb.h"
+#include "certi.h"
+#include "cryptohi.h"
++#ifndef NSS_DISABLE_LIBPKIX
+#include "pkix.h"
+/*#include "pkix_sample_modules.h" */
+#include "pkix_pl_cert.h"
++#endif  /* NSS_DISABLE_LIBPKIX */
+#include "nsspki.h"
+@@ -24,6 +26,47 @@
+#include "pki3hack.h"
+#include "base.h"
++#ifdef NSS_DISABLE_LIBPKIX
++SECStatus
++cert_VerifyCertChainPkix(
++    CERTCertificate *cert,
++    PRBool           checkSig,
++    SECCertUsage     requiredUsage,
++    PRTime           time,
++    void            *wincx,
++    CERTVerifyLog   *log,
++    PRBool          *pSigerror,
++    PRBool          *pRevoked)
++{
++    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
++    return SECFailure;
++}
++
++SECStatus
++CERT_SetUsePKIXForValidation(PRBool enable)
++{
++    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
++    return SECFailure;
++}
++
++PRBool
++CERT_GetUsePKIXForValidation()
++{
++    return PR_FALSE;
++}
++
++SECStatus CERT_PKIXVerifyCert(
++    CERTCertificate *cert,
++    SECCertificateUsage usages,
++    CERTValInParam *paramsIn,
++    CERTValOutParam *paramsOut,
++    void *wincx)
++{
++    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
++    return SECFailure;
++}
++#endif  /* NSS_DISABLE_LIBPKIX */
++
+/*
+* Check the validity times of a certificate
+*/
+diff -r db5b7e3c69a5 lib/ckfw/nssck.api
+--- a/lib/ckfw/nssck.api	Tue May 28 23:37:46 2013 +0200
++++ b/lib/ckfw/nssck.api	Fri May 31 17:44:06 2013 -0700
+@@ -1752,7 +1752,7 @@
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+-static CK_RV CK_ENTRY
++CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionList)
+(
+CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+@@ -1830,7 +1830,7 @@
+__ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
+};
+-static CK_RV CK_ENTRY
++CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionList)
+(
+CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+@@ -1840,6 +1840,7 @@
+return CKR_OK;
+}
++#ifndef NSS_STATIC
+/* This one is always present */
+CK_RV CK_ENTRY
+C_GetFunctionList
+@@ -1849,6 +1850,7 @@
+{
+return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
+}
++#endif
+#undef __ADJOIN
+diff -r db5b7e3c69a5 lib/freebl/rsa.c
+--- a/lib/freebl/rsa.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/freebl/rsa.c	Fri May 31 17:44:06 2013 -0700
+@@ -1559,6 +1559,13 @@
+RSA_Cleanup();
+}
++#ifdef NSS_STATIC
++void
++BL_Unload(void)
++{
++}
++#endif
++
+PRBool bl_parentForkedAfterC_Initialize;
+/*
+diff -r db5b7e3c69a5 lib/freebl/shvfy.c
+--- a/lib/freebl/shvfy.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/freebl/shvfy.c	Fri May 31 17:44:06 2013 -0700
+@@ -273,9 +273,21 @@
+return SECSuccess;
+}
++/*
++ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
++ * if you're using NSS as static libraries), but want to conform to the
++ * rest of the FIPS requirements.
++ */
++#ifdef NSS_STATIC
++#define PSEUDO_FIPS
++#endif
++
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
++#ifdef PSEUDO_FIPS
++    return PR_TRUE;  /* a lie, hence *pseudo* FIPS */
++#else
+PRBool result = PR_FALSE; /* if anything goes wrong,
+			       * the signature does not verify */
+/* find our shared library name */
+@@ -291,11 +303,15 @@
+}
+return result;
++#endif  /* PSEUDO_FIPS */
+}
+PRBool
+BLAPI_SHVerifyFile(const char *shName)
+{
++#ifdef PSEUDO_FIPS
++    return PR_TRUE;  /* a lie, hence *pseudo* FIPS */
++#else
+char *checkName = NULL;
+PRFileDesc *checkFD = NULL;
+PRFileDesc *shFD = NULL;
+@@ -492,6 +508,7 @@
+}
+return result;
++#endif  /* PSEUDO_FIPS */
+}
+PRBool
+diff -r db5b7e3c69a5 lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
+--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c	Fri May 31 17:44:06 2013 -0700
+@@ -201,7 +201,10 @@
+typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
+CERTImportCertificateFunc f, void *arg);
+-
++#ifdef NSS_STATIC
++extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen,
++                                        CERTImportCertificateFunc f, void* arg);
++#endif
+struct pkix_DecodeFuncStr {
+pkix_DecodeCertsFunc func;          /* function pointer to the
+@@ -223,6 +226,11 @@
+*/
+static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
+{
++#ifdef NSS_STATIC
++    pkix_decodeFunc.smimeLib = NULL;
++    pkix_decodeFunc.func = CERT_DecodeCertPackage;
++    return PR_SUCCESS;
++#else
+pkix_decodeFunc.smimeLib =
+		PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
+if (pkix_decodeFunc.smimeLib == NULL) {
+@@ -235,7 +243,7 @@
+	return PR_FAILURE;
+}
+return PR_SUCCESS;
+-
++#endif
+}
+/*
+diff -r db5b7e3c69a5 lib/nss/nssinit.c
+--- a/lib/nss/nssinit.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/nss/nssinit.c	Fri May 31 17:44:06 2013 -0700
+@@ -20,9 +20,11 @@
+#include "secerr.h"
+#include "nssbase.h"
+#include "nssutil.h"
++#ifndef NSS_DISABLE_LIBPKIX
+#include "pkixt.h"
+#include "pkix.h"
+#include "pkix_tools.h"
++#endif  /* NSS_DISABLE_LIBPKIX */
+#include "pki3hack.h"
+#include "certi.h"
+@@ -530,8 +532,10 @@
+		 PRBool dontFinalizeModules)
+{
+SECStatus rv = SECFailure;
++#ifndef NSS_DISABLE_LIBPKIX
+PKIX_UInt32 actualMinorVersion = 0;
+PKIX_Error *pkixError = NULL;
++#endif
+PRBool isReallyInitted;
+char *configStrings = NULL;
+char *configName = NULL;
+@@ -685,6 +689,7 @@
+	pk11sdr_Init();
+	cert_CreateSubjectKeyIDHashTable();
++#ifndef NSS_DISABLE_LIBPKIX
+	pkixError = PKIX_Initialize
+	    (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
+	    PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
+@@ -697,6 +702,7 @@
+CERT_SetUsePKIXForValidation(PR_TRUE);
+}
+}
++#endif  /* NSS_DISABLE_LIBPKIX */
+}
+@@ -1081,7 +1087,9 @@
+cert_DestroyLocks();
+ShutdownCRLCache();
+OCSP_ShutdownGlobal();
++#ifndef NSS_DISABLE_LIBPKIX
+PKIX_Shutdown(plContext);
++#endif
+SECOID_Shutdown();
+status = STAN_Shutdown();
+cert_DestroySubjectKeyIDHashTable();
+diff -r db5b7e3c69a5 lib/pk11wrap/pk11load.c
+--- a/lib/pk11wrap/pk11load.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/pk11wrap/pk11load.c	Fri May 31 17:44:06 2013 -0700
+@@ -318,6 +318,12 @@
+}
+}
++#ifdef NSS_STATIC
++extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
++extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
++extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args);
++extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
++#else
+static const char* my_shlib_name =
+SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
+static const char* softoken_shlib_name =
+@@ -326,12 +332,14 @@
+static PRCallOnceType loadSoftokenOnce;
+static PRLibrary* softokenLib;
+static PRInt32 softokenLoadCount;
++#endif  /* NSS_STATIC */
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
++#ifndef NSS_STATIC
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+@@ -348,6 +356,7 @@
+}
+return PR_FAILURE;
+}
++#endif  /* !NSS_STATIC */
+/*
+* load a new module into our address space and initialize it.
+@@ -366,6 +375,16 @@
+/* intenal modules get loaded from their internal list */
+if (mod->internal && (mod->dllName == NULL)) {
++#ifdef NSS_STATIC
++    if (mod->isFIPS) {
++        entry = FC_GetFunctionList;
++    } else {
++        entry = NSC_GetFunctionList;
++    }
++    if (mod->isModuleDB) {
++        mod->moduleDBFunc = NSC_ModuleDBFunc;
++    }
++#else
+/*
+* Loads softoken as a dynamic library,
+* even though the rest of NSS assumes this as the "internal" module.
+@@ -391,6 +410,7 @@
+mod->moduleDBFunc = (CK_C_GetFunctionList)
+PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
+}
++#endif
+if (mod->moduleDBOnly) {
+mod->loaded = PR_TRUE;
+@@ -401,6 +421,15 @@
+	if (mod->dllName == NULL) {
+	    return SECFailure;
+	}
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
++	if (strstr(mod->dllName, "nssckbi") != NULL) {
++	    mod->library = NULL;
++	    PORT_Assert(!mod->moduleDBOnly);
++	    entry = builtinsC_GetFunctionList;
++	    PORT_Assert(!mod->isModuleDB);
++	    goto library_loaded;
++	}
++#endif
+	/* load the library. If this succeeds, then we have to remember to
+	 * unload the library if anything goes wrong from here on out...
+@@ -423,6 +452,9 @@
+	    mod->moduleDBFunc = (void *)
+			PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
+	}
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
++library_loaded:
++#endif
+	if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
+	if (entry == NULL) {
+	    if (mod->isModuleDB) {
+@@ -562,6 +594,7 @@
+* if not, we should change this to SECFailure and move it above the
+* mod->loaded = PR_FALSE; */
+if (mod->internal && (mod->dllName == NULL)) {
++#ifndef NSS_STATIC
+if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
+if (softokenLib) {
+disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+@@ -573,12 +606,18 @@
+}
+loadSoftokenOnce = pristineCallOnce;
+}
++#endif
+	return SECSuccess;
+}
+library = (PRLibrary *)mod->library;
+/* paranoia */
+if (library == NULL) {
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
++	if (strstr(mod->dllName, "nssckbi") != NULL) {
++	    return SECSuccess;
++	}
++#endif
+	return SECFailure;
+}
+diff -r db5b7e3c69a5 lib/softoken/lgglue.c
+--- a/lib/softoken/lgglue.c	Tue May 28 23:37:46 2013 +0200
++++ b/lib/softoken/lgglue.c	Fri May 31 17:44:06 2013 -0700
+@@ -23,6 +23,7 @@
+static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
+static LGShutdownFunc legacy_glue_shutdown = NULL;
++#ifndef NSS_STATIC
+/*
+* The following 3 functions duplicate the work done by bl_LoadLibrary.
+* We should make bl_LoadLibrary a global and replace the call to
+@@ -160,6 +161,7 @@
+return lib;
+}
++#endif  /* STATIC LIBRARIES */
+/*
+* stub files for legacy db's to be able to encrypt and decrypt
+@@ -272,6 +274,21 @@
+	return SECSuccess;
+}
++#ifdef NSS_STATIC
++#ifdef NSS_DISABLE_DBM
++    return SECFailure;
++#else
++    lib = (PRLibrary *) 0x8;
++
++    legacy_glue_open = legacy_Open;
++    legacy_glue_readSecmod = legacy_ReadSecmodDB;
++    legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
++    legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
++    legacy_glue_addSecmod = legacy_AddSecmodDB;
++    legacy_glue_shutdown = legacy_Shutdown;
++    setCryptFunction = legacy_SetCryptFunctions;
++#endif
++#else
+lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
+if (lib == NULL) {
+	return SECFailure;
+@@ -297,11 +314,14 @@
+	PR_UnloadLibrary(lib);
+	return SECFailure;
+}
++#endif  /* NSS_STATIC */
+/* verify the loaded library if we are in FIPS mode */
+if (isFIPS) {
+	if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
++#ifndef NSS_STATIC
+	    PR_UnloadLibrary(lib);
++#endif
+	    return SECFailure;
+	}
+	legacy_glue_libCheckSucceeded = PR_TRUE;
+@@ -418,10 +438,12 @@
+#endif
+	crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
+}
++#ifndef NSS_STATIC
+disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+if (!disableUnload) {
+PR_UnloadLibrary(legacy_glue_lib);
+}
++#endif
+legacy_glue_lib = NULL;
+legacy_glue_open = NULL;
+legacy_glue_readSecmod = NULL;
+diff -r db5b7e3c69a5 lib/softoken/lgglue.h
+--- a/lib/softoken/lgglue.h	Tue May 28 23:37:46 2013 +0200
++++ b/lib/softoken/lgglue.h	Fri May 31 17:44:06 2013 -0700
+@@ -38,6 +38,25 @@
+typedef void (*LGSetForkStateFunc)(PRBool);
+typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
++extern CK_RV legacy_Open(const char *dir, const char *certPrefix,
++		const char *keyPrefix,
++		int certVersion, int keyVersion, int flags,
++		SDB **certDB, SDB **keyDB);
++extern char ** legacy_ReadSecmodDB(const char *appName,
++			const char *filename,
++			const char *dbname, char *params, PRBool rw);
++extern SECStatus legacy_ReleaseSecmodDBData(const char *appName,
++			const char *filename,
++			const char *dbname, char **params, PRBool rw);
++extern SECStatus legacy_DeleteSecmodDB(const char *appName,
++			const char *filename,
++			const char *dbname, char *params, PRBool rw);
++extern SECStatus legacy_AddSecmodDB(const char *appName,
++			const char *filename,
++			const char *dbname, char *params, PRBool rw);
++extern SECStatus legacy_Shutdown(PRBool forked);
++extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc);
++
+/*
+* Softoken Glue Functions
+*/
+diff -r db5b7e3c69a5 lib/util/secport.h
+--- a/lib/util/secport.h	Tue May 28 23:37:46 2013 +0200
++++ b/lib/util/secport.h	Fri May 31 17:44:06 2013 -0700
+@@ -210,6 +210,7 @@
+extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
++#ifndef NSS_STATIC
+/*
+* Load a shared library called "newShLibName" in the same directory as
+* a shared library that is already loaded, called existingShLibName.
+@@ -244,6 +245,7 @@
+PORT_LoadLibraryFromOrigin(const char* existingShLibName,
+PRFuncPtr staticShLibFunc,
+const char *newShLibName);
++#endif  /* NSS_STATIC */
+SEC_END_PROTOS

Mercurial > trustbridge > nss-cmake-static

comparison patches/nss-static.patch @ 0:1e5118fa0cb1