search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump version to 5.0-14
[LibreOffice.git] / external / nss / nss-chromium-nss-static.patch
blob9d7a4e4352b1d052d45ccd73ee4cb3f7b24aa3a0
1 Based on http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/patches/nss-static.patch
2
3 --- a/a/nss/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200
4 +++ a/a/nss/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700
5 @@ -13,9 +13,11 @@
6 #include "certdb.h"
7 #include "certi.h"
8 #include "cryptohi.h"
9 +#ifndef NSS_DISABLE_LIBPKIX
10 #include "pkix.h"
11 /*#include "pkix_sample_modules.h" */
12 #include "pkix_pl_cert.h"
13 +#endif /* NSS_DISABLE_LIBPKIX */
14
15
16 #include "nsspki.h"
17 @@ -24,6 +26,47 @@
18 #include "pki3hack.h"
19 #include "base.h"
20
21 +#ifdef NSS_DISABLE_LIBPKIX
22 +SECStatus
23 +cert_VerifyCertChainPkix(
24 + CERTCertificate *cert,
25 + PRBool checkSig,
26 + SECCertUsage requiredUsage,
27 + PRTime time,
28 + void *wincx,
29 + CERTVerifyLog *log,
30 + PRBool *pSigerror,
31 + PRBool *pRevoked)
32 +{
33 + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
34 + return SECFailure;
35 +}
36 +
37 +SECStatus
38 +CERT_SetUsePKIXForValidation(PRBool enable)
39 +{
40 + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
41 + return SECFailure;
42 +}
43 +
44 +PRBool
45 +CERT_GetUsePKIXForValidation()
46 +{
47 + return PR_FALSE;
48 +}
49 +
50 +SECStatus CERT_PKIXVerifyCert(
51 + CERTCertificate *cert,
52 + SECCertificateUsage usages,
53 + CERTValInParam *paramsIn,
54 + CERTValOutParam *paramsOut,
55 + void *wincx)
56 +{
57 + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
58 + return SECFailure;
59 +}
60 +#endif /* NSS_DISABLE_LIBPKIX */
61 +
62 /*
63 * Check the validity times of a certificate
64 */
65 --- a/a/nss/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200
66 +++ a/a/nss/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700
67 @@ -1752,7 +1752,7 @@
68 }
69 #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
70
71 -static CK_RV CK_ENTRY
72 +CK_RV CK_ENTRY
73 __ADJOIN(MODULE_NAME,C_GetFunctionList)
74 (
75 CK_FUNCTION_LIST_PTR_PTR ppFunctionList
76 @@ -1830,7 +1830,7 @@
77 __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
78 };
79
80 -static CK_RV CK_ENTRY
81 +CK_RV CK_ENTRY
82 __ADJOIN(MODULE_NAME,C_GetFunctionList)
83 (
84 CK_FUNCTION_LIST_PTR_PTR ppFunctionList
85 @@ -1840,6 +1840,8 @@
86 return CKR_OK;
87 }
88
89 +#define NSS_STATIC
90 +#ifndef NSS_STATIC
91 /* This one is always present */
92 CK_RV CK_ENTRY
93 C_GetFunctionList
94 @@ -1849,6 +1850,7 @@
95 {
96 return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
97 }
98 +#endif
99
100 #undef __ADJOIN
101
102 --- a/a/nss/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200
103 +++ a/a/nss/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700
104 @@ -1559,6 +1559,14 @@
105 RSA_Cleanup();
106 }
107
108 +#define NSS_STATIC
109 +#ifdef NSS_STATIC
110 +void
111 +BL_Unload(void)
112 +{
113 +}
114 +#endif
115 +
116 PRBool bl_parentForkedAfterC_Initialize;
117
118 /*
119 --- a/a/nss/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200
120 +++ a/a/nss/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700
121 @@ -273,9 +273,22 @@
122 return SECSuccess;
123 }
124
125 +/*
126 + * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
127 + * if you're using NSS as static libraries), but want to conform to the
128 + * rest of the FIPS requirements.
129 + */
130 +#define NSS_STATIC
131 +#ifdef NSS_STATIC
132 +#define PSEUDO_FIPS
133 +#endif
134 +
135 PRBool
136 BLAPI_SHVerify(const char *name, PRFuncPtr addr)
137 {
138 +#ifdef PSEUDO_FIPS
139 + return PR_TRUE; /* a lie, hence *pseudo* FIPS */
140 +#else
141 PRBool result = PR_FALSE; /* if anything goes wrong,
142 * the signature does not verify */
143 /* find our shared library name */
144 @@ -291,11 +303,15 @@
145 }
146
147 return result;
148 +#endif /* PSEUDO_FIPS */
149 }
150
151 PRBool
152 BLAPI_SHVerifyFile(const char *shName)
153 {
154 +#ifdef PSEUDO_FIPS
155 + return PR_TRUE; /* a lie, hence *pseudo* FIPS */
156 +#else
157 char *checkName = NULL;
158 PRFileDesc *checkFD = NULL;
159 PRFileDesc *shFD = NULL;
160 @@ -492,6 +508,7 @@
161 }
162
163 return result;
164 +#endif /* PSEUDO_FIPS */
165 }
166
167 PRBool
168 --- a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200
169 +++ a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700
170 @@ -201,7 +201,11 @@
171
172 typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
173 CERTImportCertificateFunc f, void *arg);
174 -
175 +#define NSS_STATIC
176 +#ifdef NSS_STATIC
177 +extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen,
178 + CERTImportCertificateFunc f, void* arg);
179 +#endif
180
181 struct pkix_DecodeFuncStr {
182 pkix_DecodeCertsFunc func; /* function pointer to the
183 @@ -223,6 +226,11 @@
184 */
185 static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
186 {
187 +#ifdef NSS_STATIC
188 + pkix_decodeFunc.smimeLib = NULL;
189 + pkix_decodeFunc.func = CERT_DecodeCertPackage;
190 + return PR_SUCCESS;
191 +#else
192 pkix_decodeFunc.smimeLib =
193 PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
194 if (pkix_decodeFunc.smimeLib == NULL) {
195 @@ -235,7 +243,7 @@
196 return PR_FAILURE;
197 }
198 return PR_SUCCESS;
199 -
200 +#endif
201 }
202
203 /*
204 --- a/a/nss/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200
205 +++ a/a/nss/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700
206 @@ -20,9 +20,11 @@
207 #include "secerr.h"
208 #include "nssbase.h"
209 #include "nssutil.h"
210 +#ifndef NSS_DISABLE_LIBPKIX
211 #include "pkixt.h"
212 #include "pkix.h"
213 #include "pkix_tools.h"
214 +#endif /* NSS_DISABLE_LIBPKIX */
215
216 #include "pki3hack.h"
217 #include "certi.h"
218 @@ -530,8 +532,10 @@
219 PRBool dontFinalizeModules)
220 {
221 SECStatus rv = SECFailure;
222 +#ifndef NSS_DISABLE_LIBPKIX
223 PKIX_UInt32 actualMinorVersion = 0;
224 PKIX_Error *pkixError = NULL;
225 +#endif
226 PRBool isReallyInitted;
227 char *configStrings = NULL;
228 char *configName = NULL;
229 @@ -685,6 +689,7 @@
230 pk11sdr_Init();
231 cert_CreateSubjectKeyIDHashTable();
232
233 +#ifndef NSS_DISABLE_LIBPKIX
234 pkixError = PKIX_Initialize
235 (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
236 PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
237 @@ -697,6 +702,7 @@
238 CERT_SetUsePKIXForValidation(PR_TRUE);
239 }
240 }
241 +#endif /* NSS_DISABLE_LIBPKIX */
242
243
244 }
245 @@ -1081,7 +1087,9 @@
246 cert_DestroyLocks();
247 ShutdownCRLCache();
248 OCSP_ShutdownGlobal();
249 +#ifndef NSS_DISABLE_LIBPKIX
250 PKIX_Shutdown(plContext);
251 +#endif
252 SECOID_Shutdown();
253 status = STAN_Shutdown();
254 cert_DestroySubjectKeyIDHashTable();
255 --- a/a/nss/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200
256 +++ a/a/nss/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700
257 @@ -318,6 +318,13 @@
258 }
259 }
260
261 +#define NSS_STATIC
262 +#ifdef NSS_STATIC
263 +extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
264 +extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
265 +extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args);
266 +extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
267 +#else
268 static const char* my_shlib_name =
269 SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
270 static const char* softoken_shlib_name =
271 @@ -326,12 +332,14 @@
272 static PRCallOnceType loadSoftokenOnce;
273 static PRLibrary* softokenLib;
274 static PRInt32 softokenLoadCount;
275 +#endif /* NSS_STATIC */
276
277 #include "prio.h"
278 #include "prprf.h"
279 #include <stdio.h>
280 #include "prsystem.h"
281
282 +#ifndef NSS_STATIC
283 /* This function must be run only once. */
284 /* determine if hybrid platform, then actually load the DSO. */
285 static PRStatus
286 @@ -348,6 +356,7 @@
287 }
288 return PR_FAILURE;
289 }
290 +#endif /* !NSS_STATIC */
291
292 /*
293 * load a new module into our address space and initialize it.
294 @@ -366,6 +375,16 @@
295
296 /* intenal modules get loaded from their internal list */
297 if (mod->internal && (mod->dllName == NULL)) {
298 +#ifdef NSS_STATIC
299 + if (mod->isFIPS) {
300 + entry = FC_GetFunctionList;
301 + } else {
302 + entry = NSC_GetFunctionList;
303 + }
304 + if (mod->isModuleDB) {
305 + mod->moduleDBFunc = NSC_ModuleDBFunc;
306 + }
307 +#else
308 /*
309 * Loads softoken as a dynamic library,
310 * even though the rest of NSS assumes this as the "internal" module.
311 @@ -391,6 +410,7 @@
312 mod->moduleDBFunc = (CK_C_GetFunctionList)
313 PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
314 }
315 +#endif
316
317 if (mod->moduleDBOnly) {
318 mod->loaded = PR_TRUE;
319 @@ -401,6 +421,15 @@
320 if (mod->dllName == NULL) {
321 return SECFailure;
322 }
323 +#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
324 + if (strstr(mod->dllName, "nssckbi") != NULL) {
325 + mod->library = NULL;
326 + PORT_Assert(!mod->moduleDBOnly);
327 + entry = builtinsC_GetFunctionList;
328 + PORT_Assert(!mod->isModuleDB);
329 + goto library_loaded;
330 + }
331 +#endif
332
333 /* load the library. If this succeeds, then we have to remember to
334 * unload the library if anything goes wrong from here on out...
335 @@ -423,6 +452,9 @@
336 mod->moduleDBFunc = (void *)
337 PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
338 }
339 +#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
340 +library_loaded:
341 +#endif
342 if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
343 if (entry == NULL) {
344 if (mod->isModuleDB) {
345 @@ -562,6 +594,7 @@
346 * if not, we should change this to SECFailure and move it above the
347 * mod->loaded = PR_FALSE; */
348 if (mod->internal && (mod->dllName == NULL)) {
349 +#ifndef NSS_STATIC
350 if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
351 if (softokenLib) {
352 disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
353 @@ -573,12 +606,18 @@
354 }
355 loadSoftokenOnce = pristineCallOnce;
356 }
357 +#endif
358 return SECSuccess;
359 }
360
361 library = (PRLibrary *)mod->library;
362 /* paranoia */
363 if (library == NULL) {
364 +#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
365 + if (strstr(mod->dllName, "nssckbi") != NULL) {
366 + return SECSuccess;
367 + }
368 +#endif
369 return SECFailure;
370 }
371
372 --- a/a/nss/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200
373 +++ a/a/nss/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700
374 @@ -23,6 +23,8 @@
375 static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
376 static LGShutdownFunc legacy_glue_shutdown = NULL;
377
378 +#define NSS_STATIC
379 +#ifndef NSS_STATIC
380 /*
381 * The following 3 functions duplicate the work done by bl_LoadLibrary.
382 * We should make bl_LoadLibrary a global and replace the call to
383 @@ -160,6 +161,7 @@
384
385 return lib;
386 }
387 +#endif /* STATIC LIBRARIES */
388
389 /*
390 * stub files for legacy db's to be able to encrypt and decrypt
391 @@ -272,6 +274,21 @@
392 return SECSuccess;
393 }
394
395 +#ifdef NSS_STATIC
396 +#ifdef NSS_DISABLE_DBM
397 + return SECFailure;
398 +#else
399 + lib = (PRLibrary *) 0x8;
400 +
401 + legacy_glue_open = legacy_Open;
402 + legacy_glue_readSecmod = legacy_ReadSecmodDB;
403 + legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
404 + legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
405 + legacy_glue_addSecmod = legacy_AddSecmodDB;
406 + legacy_glue_shutdown = legacy_Shutdown;
407 + setCryptFunction = legacy_SetCryptFunctions;
408 +#endif
409 +#else
410 lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
411 if (lib == NULL) {
412 return SECFailure;
413 @@ -297,11 +314,14 @@
414 PR_UnloadLibrary(lib);
415 return SECFailure;
416 }
417 +#endif /* NSS_STATIC */
418
419 /* verify the loaded library if we are in FIPS mode */
420 if (isFIPS) {
421 if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
422 +#ifndef NSS_STATIC
423 PR_UnloadLibrary(lib);
424 +#endif
425 return SECFailure;
426 }
427 legacy_glue_libCheckSucceeded = PR_TRUE;
428 @@ -418,10 +438,12 @@
429 #endif
430 crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
431 }
432 +#ifndef NSS_STATIC
433 disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
434 if (!disableUnload) {
435 PR_UnloadLibrary(legacy_glue_lib);
436 }
437 +#endif
438 legacy_glue_lib = NULL;
439 legacy_glue_open = NULL;
440 legacy_glue_readSecmod = NULL;
441 --- a/a/nss/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200
442 +++ a/a/nss/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700
443 @@ -38,6 +38,25 @@
444 typedef void (*LGSetForkStateFunc)(PRBool);
445 typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
446
447 +extern CK_RV legacy_Open(const char *dir, const char *certPrefix,
448 + const char *keyPrefix,
449 + int certVersion, int keyVersion, int flags,
450 + SDB **certDB, SDB **keyDB);
451 +extern char ** legacy_ReadSecmodDB(const char *appName,
452 + const char *filename,
453 + const char *dbname, char *params, PRBool rw);
454 +extern SECStatus legacy_ReleaseSecmodDBData(const char *appName,
455 + const char *filename,
456 + const char *dbname, char **params, PRBool rw);
457 +extern SECStatus legacy_DeleteSecmodDB(const char *appName,
458 + const char *filename,
459 + const char *dbname, char *params, PRBool rw);
460 +extern SECStatus legacy_AddSecmodDB(const char *appName,
461 + const char *filename,
462 + const char *dbname, char *params, PRBool rw);
463 +extern SECStatus legacy_Shutdown(PRBool forked);
464 +extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc);
465 +
466 /*
467 * Softoken Glue Functions
468 */
469 --- a/a/nss/lib/util/secport.h Tue May 28 23:37:46 2013 +0200
470 +++ a/a/nss/lib/util/secport.h Fri May 31 17:44:06 2013 -0700
471 @@ -210,6 +210,8 @@
472
473 extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
474
475 +#define NSS_STATIC
476 +#ifndef NSS_STATIC
477 /*
478 * Load a shared library called "newShLibName" in the same directory as
479 * a shared library that is already loaded, called existingShLibName.
480 @@ -244,6 +245,7 @@
481 PORT_LoadLibraryFromOrigin(const char* existingShLibName,
482 PRFuncPtr staticShLibFunc,
483 const char *newShLibName);
484 +#endif /* NSS_STATIC */
485
486 SEC_END_PROTOS
487
FREE OFFICE SUITE