summaryrefslogtreecommitdiff
path: root/external/nss
diff options
context:
space:
mode:
authorTor Lillqvist <tml@collabora.com>2014-08-12 16:55:13 +0300
committerTor Lillqvist <tml@collabora.com>2014-08-12 17:03:45 +0300
commitd308eda13dc2168d166e51ec55e1655fb546f3f1 (patch)
treee533c9759cd2258cef86ba276e3d722390e03bec /external/nss
parent3442b004e6263cb0526b0c2d96318d21623eec2b (diff)
Use Chromium's patch to build NSS statically for iOS
Change-Id: Ica2cf641bc54f6e924b759cd4cf96dd96347c53b
Diffstat (limited to 'external/nss')
-rw-r--r--external/nss/UnpackedTarball_nss.mk1
-rw-r--r--external/nss/nss-chromium-nss-static.patch487
2 files changed, 488 insertions, 0 deletions
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk
index 4e14e3529cde..0ca3de2af3f3 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -25,6 +25,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/nspr-build-config.patch \
external/nss/ubsan.patch.0 \
$(if $(filter IOS,$(OS)), \
+ external/nss/nss-chromium-nss-static.patch \
external/nss/nss-ios.patch) \
))
diff --git a/external/nss/nss-chromium-nss-static.patch b/external/nss/nss-chromium-nss-static.patch
new file mode 100644
index 000000000000..9d7a4e4352b1
--- /dev/null
+++ b/external/nss/nss-chromium-nss-static.patch
@@ -0,0 +1,487 @@
+Based on http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/patches/nss-static.patch
+
+--- a/a/nss/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700
+@@ -13,9 +13,11 @@
+ #include "certdb.h"
+ #include "certi.h"
+ #include "cryptohi.h"
++#ifndef NSS_DISABLE_LIBPKIX
+ #include "pkix.h"
+ /*#include "pkix_sample_modules.h" */
+ #include "pkix_pl_cert.h"
++#endif /* NSS_DISABLE_LIBPKIX */
+
+
+ #include "nsspki.h"
+@@ -24,6 +26,47 @@
+ #include "pki3hack.h"
+ #include "base.h"
+
++#ifdef NSS_DISABLE_LIBPKIX
++SECStatus
++cert_VerifyCertChainPkix(
++ CERTCertificate *cert,
++ PRBool checkSig,
++ SECCertUsage requiredUsage,
++ PRTime time,
++ void *wincx,
++ CERTVerifyLog *log,
++ PRBool *pSigerror,
++ PRBool *pRevoked)
++{
++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
++ return SECFailure;
++}
++
++SECStatus
++CERT_SetUsePKIXForValidation(PRBool enable)
++{
++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
++ return SECFailure;
++}
++
++PRBool
++CERT_GetUsePKIXForValidation()
++{
++ return PR_FALSE;
++}
++
++SECStatus CERT_PKIXVerifyCert(
++ CERTCertificate *cert,
++ SECCertificateUsage usages,
++ CERTValInParam *paramsIn,
++ CERTValOutParam *paramsOut,
++ void *wincx)
++{
++ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
++ return SECFailure;
++}
++#endif /* NSS_DISABLE_LIBPKIX */
++
+ /*
+ * Check the validity times of a certificate
+ */
+--- a/a/nss/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700
+@@ -1752,7 +1752,7 @@
+ }
+ #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+-static CK_RV CK_ENTRY
++CK_RV CK_ENTRY
+ __ADJOIN(MODULE_NAME,C_GetFunctionList)
+ (
+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+@@ -1830,7 +1830,7 @@
+ __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
+ };
+
+-static CK_RV CK_ENTRY
++CK_RV CK_ENTRY
+ __ADJOIN(MODULE_NAME,C_GetFunctionList)
+ (
+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+@@ -1840,6 +1840,8 @@
+ return CKR_OK;
+ }
+
++#define NSS_STATIC
++#ifndef NSS_STATIC
+ /* This one is always present */
+ CK_RV CK_ENTRY
+ C_GetFunctionList
+@@ -1849,6 +1850,7 @@
+ {
+ return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
+ }
++#endif
+
+ #undef __ADJOIN
+
+--- a/a/nss/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700
+@@ -1559,6 +1559,14 @@
+ RSA_Cleanup();
+ }
+
++#define NSS_STATIC
++#ifdef NSS_STATIC
++void
++BL_Unload(void)
++{
++}
++#endif
++
+ PRBool bl_parentForkedAfterC_Initialize;
+
+ /*
+--- a/a/nss/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700
+@@ -273,9 +273,22 @@
+ return SECSuccess;
+ }
+
++/*
++ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g.,
++ * if you're using NSS as static libraries), but want to conform to the
++ * rest of the FIPS requirements.
++ */
++#define NSS_STATIC
++#ifdef NSS_STATIC
++#define PSEUDO_FIPS
++#endif
++
+ PRBool
+ BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+ {
++#ifdef PSEUDO_FIPS
++ return PR_TRUE; /* a lie, hence *pseudo* FIPS */
++#else
+ PRBool result = PR_FALSE; /* if anything goes wrong,
+ * the signature does not verify */
+ /* find our shared library name */
+@@ -291,11 +303,15 @@
+ }
+
+ return result;
++#endif /* PSEUDO_FIPS */
+ }
+
+ PRBool
+ BLAPI_SHVerifyFile(const char *shName)
+ {
++#ifdef PSEUDO_FIPS
++ return PR_TRUE; /* a lie, hence *pseudo* FIPS */
++#else
+ char *checkName = NULL;
+ PRFileDesc *checkFD = NULL;
+ PRFileDesc *shFD = NULL;
+@@ -492,6 +508,7 @@
+ }
+
+ return result;
++#endif /* PSEUDO_FIPS */
+ }
+
+ PRBool
+--- a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700
+@@ -201,7 +201,11 @@
+
+ typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
+ CERTImportCertificateFunc f, void *arg);
+-
++#define NSS_STATIC
++#ifdef NSS_STATIC
++extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen,
++ CERTImportCertificateFunc f, void* arg);
++#endif
+
+ struct pkix_DecodeFuncStr {
+ pkix_DecodeCertsFunc func; /* function pointer to the
+@@ -223,6 +226,11 @@
+ */
+ static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
+ {
++#ifdef NSS_STATIC
++ pkix_decodeFunc.smimeLib = NULL;
++ pkix_decodeFunc.func = CERT_DecodeCertPackage;
++ return PR_SUCCESS;
++#else
+ pkix_decodeFunc.smimeLib =
+ PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
+ if (pkix_decodeFunc.smimeLib == NULL) {
+@@ -235,7 +243,7 @@
+ return PR_FAILURE;
+ }
+ return PR_SUCCESS;
+-
++#endif
+ }
+
+ /*
+--- a/a/nss/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700
+@@ -20,9 +20,11 @@
+ #include "secerr.h"
+ #include "nssbase.h"
+ #include "nssutil.h"
++#ifndef NSS_DISABLE_LIBPKIX
+ #include "pkixt.h"
+ #include "pkix.h"
+ #include "pkix_tools.h"
++#endif /* NSS_DISABLE_LIBPKIX */
+
+ #include "pki3hack.h"
+ #include "certi.h"
+@@ -530,8 +532,10 @@
+ PRBool dontFinalizeModules)
+ {
+ SECStatus rv = SECFailure;
++#ifndef NSS_DISABLE_LIBPKIX
+ PKIX_UInt32 actualMinorVersion = 0;
+ PKIX_Error *pkixError = NULL;
++#endif
+ PRBool isReallyInitted;
+ char *configStrings = NULL;
+ char *configName = NULL;
+@@ -685,6 +689,7 @@
+ pk11sdr_Init();
+ cert_CreateSubjectKeyIDHashTable();
+
++#ifndef NSS_DISABLE_LIBPKIX
+ pkixError = PKIX_Initialize
+ (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
+ PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
+@@ -697,6 +702,7 @@
+ CERT_SetUsePKIXForValidation(PR_TRUE);
+ }
+ }
++#endif /* NSS_DISABLE_LIBPKIX */
+
+
+ }
+@@ -1081,7 +1087,9 @@
+ cert_DestroyLocks();
+ ShutdownCRLCache();
+ OCSP_ShutdownGlobal();
++#ifndef NSS_DISABLE_LIBPKIX
+ PKIX_Shutdown(plContext);
++#endif
+ SECOID_Shutdown();
+ status = STAN_Shutdown();
+ cert_DestroySubjectKeyIDHashTable();
+--- a/a/nss/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700
+@@ -318,6 +318,13 @@
+ }
+ }
+
++#define NSS_STATIC
++#ifdef NSS_STATIC
++extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
++extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
++extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args);
++extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
++#else
+ static const char* my_shlib_name =
+ SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX;
+ static const char* softoken_shlib_name =
+@@ -326,12 +332,14 @@
+ static PRCallOnceType loadSoftokenOnce;
+ static PRLibrary* softokenLib;
+ static PRInt32 softokenLoadCount;
++#endif /* NSS_STATIC */
+
+ #include "prio.h"
+ #include "prprf.h"
+ #include <stdio.h>
+ #include "prsystem.h"
+
++#ifndef NSS_STATIC
+ /* This function must be run only once. */
+ /* determine if hybrid platform, then actually load the DSO. */
+ static PRStatus
+@@ -348,6 +356,7 @@
+ }
+ return PR_FAILURE;
+ }
++#endif /* !NSS_STATIC */
+
+ /*
+ * load a new module into our address space and initialize it.
+@@ -366,6 +375,16 @@
+
+ /* intenal modules get loaded from their internal list */
+ if (mod->internal && (mod->dllName == NULL)) {
++#ifdef NSS_STATIC
++ if (mod->isFIPS) {
++ entry = FC_GetFunctionList;
++ } else {
++ entry = NSC_GetFunctionList;
++ }
++ if (mod->isModuleDB) {
++ mod->moduleDBFunc = NSC_ModuleDBFunc;
++ }
++#else
+ /*
+ * Loads softoken as a dynamic library,
+ * even though the rest of NSS assumes this as the "internal" module.
+@@ -391,6 +410,7 @@
+ mod->moduleDBFunc = (CK_C_GetFunctionList)
+ PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
+ }
++#endif
+
+ if (mod->moduleDBOnly) {
+ mod->loaded = PR_TRUE;
+@@ -401,6 +421,15 @@
+ if (mod->dllName == NULL) {
+ return SECFailure;
+ }
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
++ if (strstr(mod->dllName, "nssckbi") != NULL) {
++ mod->library = NULL;
++ PORT_Assert(!mod->moduleDBOnly);
++ entry = builtinsC_GetFunctionList;
++ PORT_Assert(!mod->isModuleDB);
++ goto library_loaded;
++ }
++#endif
+
+ /* load the library. If this succeeds, then we have to remember to
+ * unload the library if anything goes wrong from here on out...
+@@ -423,6 +452,9 @@
+ mod->moduleDBFunc = (void *)
+ PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
+ }
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
++library_loaded:
++#endif
+ if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE;
+ if (entry == NULL) {
+ if (mod->isModuleDB) {
+@@ -562,6 +594,7 @@
+ * if not, we should change this to SECFailure and move it above the
+ * mod->loaded = PR_FALSE; */
+ if (mod->internal && (mod->dllName == NULL)) {
++#ifndef NSS_STATIC
+ if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
+ if (softokenLib) {
+ disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+@@ -573,12 +606,18 @@
+ }
+ loadSoftokenOnce = pristineCallOnce;
+ }
++#endif
+ return SECSuccess;
+ }
+
+ library = (PRLibrary *)mod->library;
+ /* paranoia */
+ if (library == NULL) {
++#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
++ if (strstr(mod->dllName, "nssckbi") != NULL) {
++ return SECSuccess;
++ }
++#endif
+ return SECFailure;
+ }
+
+--- a/a/nss/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700
+@@ -23,6 +23,8 @@
+ static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
+ static LGShutdownFunc legacy_glue_shutdown = NULL;
+
++#define NSS_STATIC
++#ifndef NSS_STATIC
+ /*
+ * The following 3 functions duplicate the work done by bl_LoadLibrary.
+ * We should make bl_LoadLibrary a global and replace the call to
+@@ -160,6 +161,7 @@
+
+ return lib;
+ }
++#endif /* STATIC LIBRARIES */
+
+ /*
+ * stub files for legacy db's to be able to encrypt and decrypt
+@@ -272,6 +274,21 @@
+ return SECSuccess;
+ }
+
++#ifdef NSS_STATIC
++#ifdef NSS_DISABLE_DBM
++ return SECFailure;
++#else
++ lib = (PRLibrary *) 0x8;
++
++ legacy_glue_open = legacy_Open;
++ legacy_glue_readSecmod = legacy_ReadSecmodDB;
++ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData;
++ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB;
++ legacy_glue_addSecmod = legacy_AddSecmodDB;
++ legacy_glue_shutdown = legacy_Shutdown;
++ setCryptFunction = legacy_SetCryptFunctions;
++#endif
++#else
+ lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
+ if (lib == NULL) {
+ return SECFailure;
+@@ -297,11 +314,14 @@
+ PR_UnloadLibrary(lib);
+ return SECFailure;
+ }
++#endif /* NSS_STATIC */
+
+ /* verify the loaded library if we are in FIPS mode */
+ if (isFIPS) {
+ if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) {
++#ifndef NSS_STATIC
+ PR_UnloadLibrary(lib);
++#endif
+ return SECFailure;
+ }
+ legacy_glue_libCheckSucceeded = PR_TRUE;
+@@ -418,10 +438,12 @@
+ #endif
+ crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
+ }
++#ifndef NSS_STATIC
+ disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ if (!disableUnload) {
+ PR_UnloadLibrary(legacy_glue_lib);
+ }
++#endif
+ legacy_glue_lib = NULL;
+ legacy_glue_open = NULL;
+ legacy_glue_readSecmod = NULL;
+--- a/a/nss/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700
+@@ -38,6 +38,25 @@
+ typedef void (*LGSetForkStateFunc)(PRBool);
+ typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
+
++extern CK_RV legacy_Open(const char *dir, const char *certPrefix,
++ const char *keyPrefix,
++ int certVersion, int keyVersion, int flags,
++ SDB **certDB, SDB **keyDB);
++extern char ** legacy_ReadSecmodDB(const char *appName,
++ const char *filename,
++ const char *dbname, char *params, PRBool rw);
++extern SECStatus legacy_ReleaseSecmodDBData(const char *appName,
++ const char *filename,
++ const char *dbname, char **params, PRBool rw);
++extern SECStatus legacy_DeleteSecmodDB(const char *appName,
++ const char *filename,
++ const char *dbname, char *params, PRBool rw);
++extern SECStatus legacy_AddSecmodDB(const char *appName,
++ const char *filename,
++ const char *dbname, char *params, PRBool rw);
++extern SECStatus legacy_Shutdown(PRBool forked);
++extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc);
++
+ /*
+ * Softoken Glue Functions
+ */
+--- a/a/nss/lib/util/secport.h Tue May 28 23:37:46 2013 +0200
++++ a/a/nss/lib/util/secport.h Fri May 31 17:44:06 2013 -0700
+@@ -210,6 +210,8 @@
+
+ extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
+
++#define NSS_STATIC
++#ifndef NSS_STATIC
+ /*
+ * Load a shared library called "newShLibName" in the same directory as
+ * a shared library that is already loaded, called existingShLibName.
+@@ -244,6 +245,7 @@
+ PORT_LoadLibraryFromOrigin(const char* existingShLibName,
+ PRFuncPtr staticShLibFunc,
+ const char *newShLibName);
++#endif /* NSS_STATIC */
+
+ SEC_END_PROTOS
+