diff options
author | Tor Lillqvist <tml@collabora.com> | 2014-08-12 16:55:13 +0300 |
---|---|---|
committer | Tor Lillqvist <tml@collabora.com> | 2014-08-12 17:03:45 +0300 |
commit | d308eda13dc2168d166e51ec55e1655fb546f3f1 (patch) | |
tree | e533c9759cd2258cef86ba276e3d722390e03bec /external/nss | |
parent | 3442b004e6263cb0526b0c2d96318d21623eec2b (diff) |
Use Chromium's patch to build NSS statically for iOS
Change-Id: Ica2cf641bc54f6e924b759cd4cf96dd96347c53b
Diffstat (limited to 'external/nss')
-rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 1 | ||||
-rw-r--r-- | external/nss/nss-chromium-nss-static.patch | 487 |
2 files changed, 488 insertions, 0 deletions
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 4e14e3529cde..0ca3de2af3f3 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -25,6 +25,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nspr-build-config.patch \ external/nss/ubsan.patch.0 \ $(if $(filter IOS,$(OS)), \ + external/nss/nss-chromium-nss-static.patch \ external/nss/nss-ios.patch) \ )) diff --git a/external/nss/nss-chromium-nss-static.patch b/external/nss/nss-chromium-nss-static.patch new file mode 100644 index 000000000000..9d7a4e4352b1 --- /dev/null +++ b/external/nss/nss-chromium-nss-static.patch @@ -0,0 +1,487 @@ +Based on http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/patches/nss-static.patch + +--- a/a/nss/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700 +@@ -13,9 +13,11 @@ + #include "certdb.h" + #include "certi.h" + #include "cryptohi.h" ++#ifndef NSS_DISABLE_LIBPKIX + #include "pkix.h" + /*#include "pkix_sample_modules.h" */ + #include "pkix_pl_cert.h" ++#endif /* NSS_DISABLE_LIBPKIX */ + + + #include "nsspki.h" +@@ -24,6 +26,47 @@ + #include "pki3hack.h" + #include "base.h" + ++#ifdef NSS_DISABLE_LIBPKIX ++SECStatus ++cert_VerifyCertChainPkix( ++ CERTCertificate *cert, ++ PRBool checkSig, ++ SECCertUsage requiredUsage, ++ PRTime time, ++ void *wincx, ++ CERTVerifyLog *log, ++ PRBool *pSigerror, ++ PRBool *pRevoked) ++{ ++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); ++ return SECFailure; ++} ++ ++SECStatus ++CERT_SetUsePKIXForValidation(PRBool enable) ++{ ++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); ++ return SECFailure; ++} ++ ++PRBool ++CERT_GetUsePKIXForValidation() ++{ ++ return PR_FALSE; ++} ++ ++SECStatus CERT_PKIXVerifyCert( ++ CERTCertificate *cert, ++ SECCertificateUsage usages, ++ CERTValInParam *paramsIn, ++ CERTValOutParam *paramsOut, ++ void *wincx) ++{ ++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); ++ return SECFailure; ++} ++#endif /* NSS_DISABLE_LIBPKIX */ ++ + /* + * Check the validity times of a certificate + */ +--- a/a/nss/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700 +@@ -1752,7 +1752,7 @@ + } + #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ + +-static CK_RV CK_ENTRY ++CK_RV CK_ENTRY + __ADJOIN(MODULE_NAME,C_GetFunctionList) + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +@@ -1830,7 +1830,7 @@ + __ADJOIN(MODULE_NAME,C_WaitForSlotEvent) + }; + +-static CK_RV CK_ENTRY ++CK_RV CK_ENTRY + __ADJOIN(MODULE_NAME,C_GetFunctionList) + ( + CK_FUNCTION_LIST_PTR_PTR ppFunctionList +@@ -1840,6 +1840,8 @@ + return CKR_OK; + } + ++#define NSS_STATIC ++#ifndef NSS_STATIC + /* This one is always present */ + CK_RV CK_ENTRY + C_GetFunctionList +@@ -1849,6 +1850,7 @@ + { + return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList); + } ++#endif + + #undef __ADJOIN + +--- a/a/nss/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700 +@@ -1559,6 +1559,14 @@ + RSA_Cleanup(); + } + ++#define NSS_STATIC ++#ifdef NSS_STATIC ++void ++BL_Unload(void) ++{ ++} ++#endif ++ + PRBool bl_parentForkedAfterC_Initialize; + + /* +--- a/a/nss/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700 +@@ -273,9 +273,22 @@ + return SECSuccess; + } + ++/* ++ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g., ++ * if you're using NSS as static libraries), but want to conform to the ++ * rest of the FIPS requirements. ++ */ ++#define NSS_STATIC ++#ifdef NSS_STATIC ++#define PSEUDO_FIPS ++#endif ++ + PRBool + BLAPI_SHVerify(const char *name, PRFuncPtr addr) + { ++#ifdef PSEUDO_FIPS ++ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ ++#else + PRBool result = PR_FALSE; /* if anything goes wrong, + * the signature does not verify */ + /* find our shared library name */ +@@ -291,11 +303,15 @@ + } + + return result; ++#endif /* PSEUDO_FIPS */ + } + + PRBool + BLAPI_SHVerifyFile(const char *shName) + { ++#ifdef PSEUDO_FIPS ++ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ ++#else + char *checkName = NULL; + PRFileDesc *checkFD = NULL; + PRFileDesc *shFD = NULL; +@@ -492,6 +508,7 @@ + } + + return result; ++#endif /* PSEUDO_FIPS */ + } + + PRBool +--- a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700 +@@ -201,7 +201,11 @@ + + typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen, + CERTImportCertificateFunc f, void *arg); +- ++#define NSS_STATIC ++#ifdef NSS_STATIC ++extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen, ++ CERTImportCertificateFunc f, void* arg); ++#endif + + struct pkix_DecodeFuncStr { + pkix_DecodeCertsFunc func; /* function pointer to the +@@ -223,6 +226,11 @@ + */ + static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) + { ++#ifdef NSS_STATIC ++ pkix_decodeFunc.smimeLib = NULL; ++ pkix_decodeFunc.func = CERT_DecodeCertPackage; ++ return PR_SUCCESS; ++#else + pkix_decodeFunc.smimeLib = + PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); + if (pkix_decodeFunc.smimeLib == NULL) { +@@ -235,7 +243,7 @@ + return PR_FAILURE; + } + return PR_SUCCESS; +- ++#endif + } + + /* +--- a/a/nss/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700 +@@ -20,9 +20,11 @@ + #include "secerr.h" + #include "nssbase.h" + #include "nssutil.h" ++#ifndef NSS_DISABLE_LIBPKIX + #include "pkixt.h" + #include "pkix.h" + #include "pkix_tools.h" ++#endif /* NSS_DISABLE_LIBPKIX */ + + #include "pki3hack.h" + #include "certi.h" +@@ -530,8 +532,10 @@ + PRBool dontFinalizeModules) + { + SECStatus rv = SECFailure; ++#ifndef NSS_DISABLE_LIBPKIX + PKIX_UInt32 actualMinorVersion = 0; + PKIX_Error *pkixError = NULL; ++#endif + PRBool isReallyInitted; + char *configStrings = NULL; + char *configName = NULL; +@@ -685,6 +689,7 @@ + pk11sdr_Init(); + cert_CreateSubjectKeyIDHashTable(); + ++#ifndef NSS_DISABLE_LIBPKIX + pkixError = PKIX_Initialize + (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); +@@ -697,6 +702,7 @@ + CERT_SetUsePKIXForValidation(PR_TRUE); + } + } ++#endif /* NSS_DISABLE_LIBPKIX */ + + + } +@@ -1081,7 +1087,9 @@ + cert_DestroyLocks(); + ShutdownCRLCache(); + OCSP_ShutdownGlobal(); ++#ifndef NSS_DISABLE_LIBPKIX + PKIX_Shutdown(plContext); ++#endif + SECOID_Shutdown(); + status = STAN_Shutdown(); + cert_DestroySubjectKeyIDHashTable(); +--- a/a/nss/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700 +@@ -318,6 +318,13 @@ + } + } + ++#define NSS_STATIC ++#ifdef NSS_STATIC ++extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); ++extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); ++extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args); ++extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); ++#else + static const char* my_shlib_name = + SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX; + static const char* softoken_shlib_name = +@@ -326,12 +332,14 @@ + static PRCallOnceType loadSoftokenOnce; + static PRLibrary* softokenLib; + static PRInt32 softokenLoadCount; ++#endif /* NSS_STATIC */ + + #include "prio.h" + #include "prprf.h" + #include <stdio.h> + #include "prsystem.h" + ++#ifndef NSS_STATIC + /* This function must be run only once. */ + /* determine if hybrid platform, then actually load the DSO. */ + static PRStatus +@@ -348,6 +356,7 @@ + } + return PR_FAILURE; + } ++#endif /* !NSS_STATIC */ + + /* + * load a new module into our address space and initialize it. +@@ -366,6 +375,16 @@ + + /* intenal modules get loaded from their internal list */ + if (mod->internal && (mod->dllName == NULL)) { ++#ifdef NSS_STATIC ++ if (mod->isFIPS) { ++ entry = FC_GetFunctionList; ++ } else { ++ entry = NSC_GetFunctionList; ++ } ++ if (mod->isModuleDB) { ++ mod->moduleDBFunc = NSC_ModuleDBFunc; ++ } ++#else + /* + * Loads softoken as a dynamic library, + * even though the rest of NSS assumes this as the "internal" module. +@@ -391,6 +410,7 @@ + mod->moduleDBFunc = (CK_C_GetFunctionList) + PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc"); + } ++#endif + + if (mod->moduleDBOnly) { + mod->loaded = PR_TRUE; +@@ -401,6 +421,15 @@ + if (mod->dllName == NULL) { + return SECFailure; + } ++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) ++ if (strstr(mod->dllName, "nssckbi") != NULL) { ++ mod->library = NULL; ++ PORT_Assert(!mod->moduleDBOnly); ++ entry = builtinsC_GetFunctionList; ++ PORT_Assert(!mod->isModuleDB); ++ goto library_loaded; ++ } ++#endif + + /* load the library. If this succeeds, then we have to remember to + * unload the library if anything goes wrong from here on out... +@@ -423,6 +452,9 @@ + mod->moduleDBFunc = (void *) + PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); + } ++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) ++library_loaded: ++#endif + if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE; + if (entry == NULL) { + if (mod->isModuleDB) { +@@ -562,6 +594,7 @@ + * if not, we should change this to SECFailure and move it above the + * mod->loaded = PR_FALSE; */ + if (mod->internal && (mod->dllName == NULL)) { ++#ifndef NSS_STATIC + if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { + if (softokenLib) { + disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); +@@ -573,12 +606,18 @@ + } + loadSoftokenOnce = pristineCallOnce; + } ++#endif + return SECSuccess; + } + + library = (PRLibrary *)mod->library; + /* paranoia */ + if (library == NULL) { ++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) ++ if (strstr(mod->dllName, "nssckbi") != NULL) { ++ return SECSuccess; ++ } ++#endif + return SECFailure; + } + +--- a/a/nss/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700 +@@ -23,6 +23,8 @@ + static LGAddSecmodFunc legacy_glue_addSecmod = NULL; + static LGShutdownFunc legacy_glue_shutdown = NULL; + ++#define NSS_STATIC ++#ifndef NSS_STATIC + /* + * The following 3 functions duplicate the work done by bl_LoadLibrary. + * We should make bl_LoadLibrary a global and replace the call to +@@ -160,6 +161,7 @@ + + return lib; + } ++#endif /* STATIC LIBRARIES */ + + /* + * stub files for legacy db's to be able to encrypt and decrypt +@@ -272,6 +274,21 @@ + return SECSuccess; + } + ++#ifdef NSS_STATIC ++#ifdef NSS_DISABLE_DBM ++ return SECFailure; ++#else ++ lib = (PRLibrary *) 0x8; ++ ++ legacy_glue_open = legacy_Open; ++ legacy_glue_readSecmod = legacy_ReadSecmodDB; ++ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData; ++ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB; ++ legacy_glue_addSecmod = legacy_AddSecmodDB; ++ legacy_glue_shutdown = legacy_Shutdown; ++ setCryptFunction = legacy_SetCryptFunctions; ++#endif ++#else + lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME); + if (lib == NULL) { + return SECFailure; +@@ -297,11 +314,14 @@ + PR_UnloadLibrary(lib); + return SECFailure; + } ++#endif /* NSS_STATIC */ + + /* verify the loaded library if we are in FIPS mode */ + if (isFIPS) { + if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { ++#ifndef NSS_STATIC + PR_UnloadLibrary(lib); ++#endif + return SECFailure; + } + legacy_glue_libCheckSucceeded = PR_TRUE; +@@ -418,10 +438,12 @@ + #endif + crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize); + } ++#ifndef NSS_STATIC + disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + if (!disableUnload) { + PR_UnloadLibrary(legacy_glue_lib); + } ++#endif + legacy_glue_lib = NULL; + legacy_glue_open = NULL; + legacy_glue_readSecmod = NULL; +--- a/a/nss/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700 +@@ -38,6 +38,25 @@ + typedef void (*LGSetForkStateFunc)(PRBool); + typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc); + ++extern CK_RV legacy_Open(const char *dir, const char *certPrefix, ++ const char *keyPrefix, ++ int certVersion, int keyVersion, int flags, ++ SDB **certDB, SDB **keyDB); ++extern char ** legacy_ReadSecmodDB(const char *appName, ++ const char *filename, ++ const char *dbname, char *params, PRBool rw); ++extern SECStatus legacy_ReleaseSecmodDBData(const char *appName, ++ const char *filename, ++ const char *dbname, char **params, PRBool rw); ++extern SECStatus legacy_DeleteSecmodDB(const char *appName, ++ const char *filename, ++ const char *dbname, char *params, PRBool rw); ++extern SECStatus legacy_AddSecmodDB(const char *appName, ++ const char *filename, ++ const char *dbname, char *params, PRBool rw); ++extern SECStatus legacy_Shutdown(PRBool forked); ++extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc); ++ + /* + * Softoken Glue Functions + */ +--- a/a/nss/lib/util/secport.h Tue May 28 23:37:46 2013 +0200 ++++ a/a/nss/lib/util/secport.h Fri May 31 17:44:06 2013 -0700 +@@ -210,6 +210,8 @@ + + extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n); + ++#define NSS_STATIC ++#ifndef NSS_STATIC + /* + * Load a shared library called "newShLibName" in the same directory as + * a shared library that is already loaded, called existingShLibName. +@@ -244,6 +245,7 @@ + PORT_LoadLibraryFromOrigin(const char* existingShLibName, + PRFuncPtr staticShLibFunc, + const char *newShLibName); ++#endif /* NSS_STATIC */ + + SEC_END_PROTOS + |