Mercurial > trustbridge > nss-cmake-static
diff patches/nss-static.patch @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/nss-static.patch Mon Jul 28 10:47:06 2014 +0200 @@ -0,0 +1,488 @@ +diff -r db5b7e3c69a5 lib/certhigh/certvfy.c +--- a/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700 +@@ -13,9 +13,11 @@ + #include "certdb.h" + #include "certi.h" + #include "cryptohi.h" ++#ifndef NSS_DISABLE_LIBPKIX + #include "pkix.h" + /*#include "pkix_sample_modules.h" */ + #include "pkix_pl_cert.h" ++#endif /* NSS_DISABLE_LIBPKIX */ + + + #include "nsspki.h" +@@ -24,6 +26,47 @@ + #include "pki3hack.h" + #include "base.h" + ++#ifdef NSS_DISABLE_LIBPKIX ++SECStatus ++cert_VerifyCertChainPkix( ++ CERTCertificate *cert, ++ PRBool checkSig, ++ SECCertUsage requiredUsage, ++ PRTime time, ++ void *wincx, ++ CERTVerifyLog *log, ++ PRBool *pSigerror, ++ PRBool *pRevoked) ++{ ++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); ++ return SECFailure; ++} ++ ++SECStatus ++CERT_SetUsePKIXForValidation(PRBool enable) ++{ ++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); ++ return SECFailure; ++} ++ ++PRBool ++CERT_GetUsePKIXForValidation() ++{ ++ return PR_FALSE; ++} ++ ++SECStatus CERT_PKIXVerifyCert( ++ CERTCertificate *cert, ++ SECCertificateUsage usages, ++ CERTValInParam *paramsIn, ++ CERTValOutParam *paramsOut, ++ void *wincx) ++{ ++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); ++ return SECFailure; ++} ++#endif /* NSS_DISABLE_LIBPKIX */ ++ + /* + * Check the validity times of a certificate + */ +diff -r db5b7e3c69a5 lib/ckfw/nssck.api +--- a/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200 ++++ b/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700 +@@ -1752,7 +1752,7 @@ + } + #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +-static CK_RV CK_ENTRY ++CK_RV CK_ENTRY + __ADJOIN(MODULE_NAME,C_GetFunctionList) + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +@@ -1830,7 +1830,7 @@ + __ADJOIN(MODULE_NAME,C_WaitForSlotEvent) + }; + +-static CK_RV CK_ENTRY ++CK_RV CK_ENTRY + __ADJOIN(MODULE_NAME,C_GetFunctionList) + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +@@ -1840,6 +1840,7 @@ + return CKR_OK; + } + ++#ifndef NSS_STATIC + /* This one is always present */ + CK_RV CK_ENTRY + C_GetFunctionList +@@ -1849,6 +1850,7 @@ + { + return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList); + } ++#endif + + #undef __ADJOIN + +diff -r db5b7e3c69a5 lib/freebl/rsa.c +--- a/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700 +@@ -1559,6 +1559,13 @@ + RSA_Cleanup(); + } + ++#ifdef NSS_STATIC ++void ++BL_Unload(void) ++{ ++} ++#endif ++ + PRBool bl_parentForkedAfterC_Initialize; + + /* +diff -r db5b7e3c69a5 lib/freebl/shvfy.c +--- a/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700 +@@ -273,9 +273,21 @@ + return SECSuccess; + } + ++/* ++ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g., ++ * if you're using NSS as static libraries), but want to conform to the ++ * rest of the FIPS requirements. ++ */ ++#ifdef NSS_STATIC ++#define PSEUDO_FIPS ++#endif ++ + PRBool + BLAPI_SHVerify(const char *name, PRFuncPtr addr) + { ++#ifdef PSEUDO_FIPS ++ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ ++#else + PRBool result = PR_FALSE; /* if anything goes wrong, + * the signature does not verify */ + /* find our shared library name */ +@@ -291,11 +303,15 @@ + } + + return result; ++#endif /* PSEUDO_FIPS */ + } + + PRBool + BLAPI_SHVerifyFile(const char *shName) + { ++#ifdef PSEUDO_FIPS ++ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ ++#else + char *checkName = NULL; + PRFileDesc *checkFD = NULL; + PRFileDesc *shFD = NULL; +@@ -492,6 +508,7 @@ + } + + return result; ++#endif /* PSEUDO_FIPS */ + } + + PRBool +diff -r db5b7e3c69a5 lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c +--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700 +@@ -201,7 +201,10 @@ + + typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen, + CERTImportCertificateFunc f, void *arg); +- ++#ifdef NSS_STATIC ++extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen, ++ CERTImportCertificateFunc f, void* arg); ++#endif + + struct pkix_DecodeFuncStr { + pkix_DecodeCertsFunc func; /* function pointer to the +@@ -223,6 +226,11 @@ + */ + static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) + { ++#ifdef NSS_STATIC ++ pkix_decodeFunc.smimeLib = NULL; ++ pkix_decodeFunc.func = CERT_DecodeCertPackage; ++ return PR_SUCCESS; ++#else + pkix_decodeFunc.smimeLib = + PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); + if (pkix_decodeFunc.smimeLib == NULL) { +@@ -235,7 +243,7 @@ + return PR_FAILURE; + } + return PR_SUCCESS; +- ++#endif + } + + /* +diff -r db5b7e3c69a5 lib/nss/nssinit.c +--- a/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700 +@@ -20,9 +20,11 @@ + #include "secerr.h" + #include "nssbase.h" + #include "nssutil.h" ++#ifndef NSS_DISABLE_LIBPKIX + #include "pkixt.h" + #include "pkix.h" + #include "pkix_tools.h" ++#endif /* NSS_DISABLE_LIBPKIX */ + + #include "pki3hack.h" + #include "certi.h" +@@ -530,8 +532,10 @@ + PRBool dontFinalizeModules) + { + SECStatus rv = SECFailure; ++#ifndef NSS_DISABLE_LIBPKIX + PKIX_UInt32 actualMinorVersion = 0; + PKIX_Error *pkixError = NULL; ++#endif + PRBool isReallyInitted; + char *configStrings = NULL; + char *configName = NULL; +@@ -685,6 +689,7 @@ + pk11sdr_Init(); + cert_CreateSubjectKeyIDHashTable(); + ++#ifndef NSS_DISABLE_LIBPKIX + pkixError = PKIX_Initialize + (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); +@@ -697,6 +702,7 @@ + CERT_SetUsePKIXForValidation(PR_TRUE); + } + } ++#endif /* NSS_DISABLE_LIBPKIX */ + + + } +@@ -1081,7 +1087,9 @@ + cert_DestroyLocks(); + ShutdownCRLCache(); + OCSP_ShutdownGlobal(); ++#ifndef NSS_DISABLE_LIBPKIX + PKIX_Shutdown(plContext); ++#endif + SECOID_Shutdown(); + status = STAN_Shutdown(); + cert_DestroySubjectKeyIDHashTable(); +diff -r db5b7e3c69a5 lib/pk11wrap/pk11load.c +--- a/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700 +@@ -318,6 +318,12 @@ + } + } + ++#ifdef NSS_STATIC ++extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); ++extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); ++extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args); ++extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); ++#else + static const char* my_shlib_name = + SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX; + static const char* softoken_shlib_name = +@@ -326,12 +332,14 @@ + static PRCallOnceType loadSoftokenOnce; + static PRLibrary* softokenLib; + static PRInt32 softokenLoadCount; ++#endif /* NSS_STATIC */ + + #include "prio.h" + #include "prprf.h" + #include <stdio.h> + #include "prsystem.h" + ++#ifndef NSS_STATIC + /* This function must be run only once. */ + /* determine if hybrid platform, then actually load the DSO. */ + static PRStatus +@@ -348,6 +356,7 @@ + } + return PR_FAILURE; + } ++#endif /* !NSS_STATIC */ + + /* + * load a new module into our address space and initialize it. +@@ -366,6 +375,16 @@ + + /* intenal modules get loaded from their internal list */ + if (mod->internal && (mod->dllName == NULL)) { ++#ifdef NSS_STATIC ++ if (mod->isFIPS) { ++ entry = FC_GetFunctionList; ++ } else { ++ entry = NSC_GetFunctionList; ++ } ++ if (mod->isModuleDB) { ++ mod->moduleDBFunc = NSC_ModuleDBFunc; ++ } ++#else + /* + * Loads softoken as a dynamic library, + * even though the rest of NSS assumes this as the "internal" module. +@@ -391,6 +410,7 @@ + mod->moduleDBFunc = (CK_C_GetFunctionList) + PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc"); + } ++#endif + + if (mod->moduleDBOnly) { + mod->loaded = PR_TRUE; +@@ -401,6 +421,15 @@ + if (mod->dllName == NULL) { + return SECFailure; + } ++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) ++ if (strstr(mod->dllName, "nssckbi") != NULL) { ++ mod->library = NULL; ++ PORT_Assert(!mod->moduleDBOnly); ++ entry = builtinsC_GetFunctionList; ++ PORT_Assert(!mod->isModuleDB); ++ goto library_loaded; ++ } ++#endif + + /* load the library. If this succeeds, then we have to remember to + * unload the library if anything goes wrong from here on out... +@@ -423,6 +452,9 @@ + mod->moduleDBFunc = (void *) + PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); + } ++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) ++library_loaded: ++#endif + if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE; + if (entry == NULL) { + if (mod->isModuleDB) { +@@ -562,6 +594,7 @@ + * if not, we should change this to SECFailure and move it above the + * mod->loaded = PR_FALSE; */ + if (mod->internal && (mod->dllName == NULL)) { ++#ifndef NSS_STATIC + if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { + if (softokenLib) { + disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); +@@ -573,12 +606,18 @@ + } + loadSoftokenOnce = pristineCallOnce; + } ++#endif + return SECSuccess; + } + + library = (PRLibrary *)mod->library; + /* paranoia */ + if (library == NULL) { ++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) ++ if (strstr(mod->dllName, "nssckbi") != NULL) { ++ return SECSuccess; ++ } ++#endif + return SECFailure; + } + +diff -r db5b7e3c69a5 lib/softoken/lgglue.c +--- a/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200 ++++ b/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700 +@@ -23,6 +23,7 @@ + static LGAddSecmodFunc legacy_glue_addSecmod = NULL; + static LGShutdownFunc legacy_glue_shutdown = NULL; + ++#ifndef NSS_STATIC + /* + * The following 3 functions duplicate the work done by bl_LoadLibrary. + * We should make bl_LoadLibrary a global and replace the call to +@@ -160,6 +161,7 @@ + + return lib; + } ++#endif /* STATIC LIBRARIES */ + + /* + * stub files for legacy db's to be able to encrypt and decrypt +@@ -272,6 +274,21 @@ + return SECSuccess; + } + ++#ifdef NSS_STATIC ++#ifdef NSS_DISABLE_DBM ++ return SECFailure; ++#else ++ lib = (PRLibrary *) 0x8; ++ ++ legacy_glue_open = legacy_Open; ++ legacy_glue_readSecmod = legacy_ReadSecmodDB; ++ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData; ++ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB; ++ legacy_glue_addSecmod = legacy_AddSecmodDB; ++ legacy_glue_shutdown = legacy_Shutdown; ++ setCryptFunction = legacy_SetCryptFunctions; ++#endif ++#else + lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME); + if (lib == NULL) { + return SECFailure; +@@ -297,11 +314,14 @@ + PR_UnloadLibrary(lib); + return SECFailure; + } ++#endif /* NSS_STATIC */ + + /* verify the loaded library if we are in FIPS mode */ + if (isFIPS) { + if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { ++#ifndef NSS_STATIC + PR_UnloadLibrary(lib); ++#endif + return SECFailure; + } + legacy_glue_libCheckSucceeded = PR_TRUE; +@@ -418,10 +438,12 @@ + #endif + crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize); + } ++#ifndef NSS_STATIC + disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + if (!disableUnload) { + PR_UnloadLibrary(legacy_glue_lib); + } ++#endif + legacy_glue_lib = NULL; + legacy_glue_open = NULL; + legacy_glue_readSecmod = NULL; +diff -r db5b7e3c69a5 lib/softoken/lgglue.h +--- a/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200 ++++ b/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700 +@@ -38,6 +38,25 @@ + typedef void (*LGSetForkStateFunc)(PRBool); + typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc); + ++extern CK_RV legacy_Open(const char *dir, const char *certPrefix, ++ const char *keyPrefix, ++ int certVersion, int keyVersion, int flags, ++ SDB **certDB, SDB **keyDB); ++extern char ** legacy_ReadSecmodDB(const char *appName, ++ const char *filename, ++ const char *dbname, char *params, PRBool rw); ++extern SECStatus legacy_ReleaseSecmodDBData(const char *appName, ++ const char *filename, ++ const char *dbname, char **params, PRBool rw); ++extern SECStatus legacy_DeleteSecmodDB(const char *appName, ++ const char *filename, ++ const char *dbname, char *params, PRBool rw); ++extern SECStatus legacy_AddSecmodDB(const char *appName, ++ const char *filename, ++ const char *dbname, char *params, PRBool rw); ++extern SECStatus legacy_Shutdown(PRBool forked); ++extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc); ++ + /* + * Softoken Glue Functions + */ +diff -r db5b7e3c69a5 lib/util/secport.h +--- a/lib/util/secport.h Tue May 28 23:37:46 2013 +0200 ++++ b/lib/util/secport.h Fri May 31 17:44:06 2013 -0700 +@@ -210,6 +210,7 @@ + + extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n); + ++#ifndef NSS_STATIC + /* + * Load a shared library called "newShLibName" in the same directory as + * a shared library that is already loaded, called existingShLibName. +@@ -244,6 +245,7 @@ + PORT_LoadLibraryFromOrigin(const char* existingShLibName, + PRFuncPtr staticShLibFunc, + const char *newShLibName); ++#endif /* NSS_STATIC */ + + SEC_END_PROTOS +