diff options
Diffstat (limited to 'nss/lib/nss')
-rw-r--r-- | nss/lib/nss/config.mk | 12 | ||||
-rw-r--r-- | nss/lib/nss/exports.gyp | 32 | ||||
-rw-r--r-- | nss/lib/nss/nss.def | 7 | ||||
-rw-r--r-- | nss/lib/nss/nss.gyp | 83 | ||||
-rw-r--r-- | nss/lib/nss/nss.h | 212 | ||||
-rw-r--r-- | nss/lib/nss/nssinit.c | 1017 | ||||
-rw-r--r-- | nss/lib/nss/nssoptions.c | 83 | ||||
-rw-r--r-- | nss/lib/nss/nssoptions.h | 3 | ||||
-rw-r--r-- | nss/lib/nss/utilwrap.c | 372 |
9 files changed, 1063 insertions, 758 deletions
diff --git a/nss/lib/nss/config.mk b/nss/lib/nss/config.mk index 170e999..a17f3ef 100644 --- a/nss/lib/nss/config.mk +++ b/nss/lib/nss/config.mk @@ -79,6 +79,10 @@ SHARED_LIBRARY_DIRS = \ ../pki \ ../dev \ ../base \ + $(NULL) + +ifndef NSS_DISABLE_LIBPKIX +SHARED_LIBRARY_DIRS += \ ../libpkix/pkix/certsel \ ../libpkix/pkix/checker \ ../libpkix/pkix/params \ @@ -91,6 +95,7 @@ SHARED_LIBRARY_DIRS = \ ../libpkix/pkix_pl_nss/system \ ../libpkix/pkix_pl_nss/module \ $(NULL) +endif ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) ifndef NS_USE_GCC @@ -100,3 +105,10 @@ DEFINES += -DWIN32_NSS3_DLL_COMPAT DLLFLAGS += -EXPORT:mktemp=nss_mktemp,PRIVATE endif endif + +ifdef POLICY_FILE +ifndef POLICY_PATH +$(error You must define POLICY_PATH if you set POLICY_FILE) +endif +DEFINES += -DPOLICY_FILE=\"$(POLICY_FILE)\" -DPOLICY_PATH=\"$(POLICY_PATH)\" +endif diff --git a/nss/lib/nss/exports.gyp b/nss/lib/nss/exports.gyp new file mode 100644 index 0000000..6f874f6 --- /dev/null +++ b/nss/lib/nss/exports.gyp @@ -0,0 +1,32 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_nss_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + 'nss.h' + ], + 'destination': '<(nss_public_dist_dir)/<(module)' + }, + { + 'files': [ + 'nssoptions.h', + 'nssrenam.h' + ], + 'destination': '<(nss_private_dist_dir)/<(module)' + } + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/nss/nss.def b/nss/lib/nss/nss.def index cd2920c..1760b96 100644 --- a/nss/lib/nss/nss.def +++ b/nss/lib/nss/nss.def @@ -1090,3 +1090,10 @@ SECMOD_CreateModuleEx; ;+ local: ;+ *; ;+}; +;+NSS_3.22 { # NSS 3.22 release +;+ global: +PK11_SignWithMechanism; +PK11_VerifyWithMechanism; +;+ local: +;+ *; +;+}; diff --git a/nss/lib/nss/nss.gyp b/nss/lib/nss/nss.gyp new file mode 100644 index 0000000..56984d9 --- /dev/null +++ b/nss/lib/nss/nss.gyp @@ -0,0 +1,83 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'nss_static', + 'type': 'static_library', + 'sources': [ + 'nssinit.c', + 'nssoptions.c', + 'nssver.c', + 'utilwrap.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + ] + }, + { + # This is here so Firefox can link this without having to + # repeat the list of dependencies. + 'target_name': 'nss3_deps', + 'type': 'none', + 'dependencies': [ + 'nss_static', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/base/base.gyp:nssb', + ], + 'conditions': [ + [ 'disable_libpkix==0', { + 'dependencies': [ + '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel', + '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker', + '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams', + '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults', + '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop', + '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil', + '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel', + '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore', + '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki', + '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem', + '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule' + ], + }], + ], + }, + { + 'target_name': 'nss3', + 'type': 'shared_library', + 'dependencies': [ + 'nss3_deps', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + ], + 'variables': { + 'mapfile': 'nss.def' + } + } + ], + 'conditions': [ + [ 'moz_fold_libs==1', { + 'targets': [ + { + 'target_name': 'nss3_static', + 'type': 'static_library', + 'dependencies': [ + 'nss3_deps', + ], + } + ], + }], + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/nss/lib/nss/nss.h b/nss/lib/nss/nss.h index 2433cfc..e1c67ec 100644 --- a/nss/lib/nss/nss.h +++ b/nss/lib/nss/nss.h @@ -8,22 +8,11 @@ #ifndef __nss_h_ #define __nss_h_ -/* The private macro _NSS_ECC_STRING is for NSS internal use only. */ -#ifndef NSS_DISABLE_ECC -#ifdef NSS_ECC_MORE_THAN_SUITE_B -#define _NSS_ECC_STRING " Extended ECC" -#else -#define _NSS_ECC_STRING " Basic ECC" -#endif -#else -#define _NSS_ECC_STRING "" -#endif - /* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */ #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) #define _NSS_CUSTOMIZED " (Customized build)" #else -#define _NSS_CUSTOMIZED +#define _NSS_CUSTOMIZED #endif /* @@ -33,12 +22,12 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED -#define NSS_VMAJOR 3 -#define NSS_VMINOR 21 -#define NSS_VPATCH 0 -#define NSS_VBUILD 0 -#define NSS_BETA PR_FALSE +#define NSS_VERSION "3.28.1" _NSS_CUSTOMIZED +#define NSS_VMAJOR 3 +#define NSS_VMINOR 28 +#define NSS_VPATCH 1 +#define NSS_VBUILD 0 +#define NSS_BETA PR_FALSE #ifndef RC_INVOKED @@ -47,76 +36,75 @@ typedef struct NSSInitParametersStr NSSInitParameters; /* - * parameters used to initialize softoken. Mostly strings used to + * parameters used to initialize softoken. Mostly strings used to * internationalize softoken. Memory for the strings are owned by the caller, - * who is free to free them once NSS_ContextInit returns. If the string + * who is free to free them once NSS_ContextInit returns. If the string * parameter is NULL (as opposed to empty, zero length), then the softoken - * default is used. These are equivalent to the parameters for + * default is used. These are equivalent to the parameters for * PK11_ConfigurePKCS11(). * - * field names match their equivalent parameter names for softoken strings + * field names match their equivalent parameter names for softoken strings * documented at https://developer.mozilla.org/en/PKCS11_Module_Specs. - * - * minPWLen - * Minimum password length in bytes. - * manufacturerID - * Override the default manufactureID value for the module returned in - * the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an - * internationalize string (UTF8). This value will be truncated at 32 + * + * minPWLen + * Minimum password length in bytes. + * manufacturerID + * Override the default manufactureID value for the module returned in + * the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an + * internationalize string (UTF8). This value will be truncated at 32 * bytes (not including the trailing NULL, partial UTF8 characters will be - * dropped). - * libraryDescription + * dropped). + * libraryDescription * Override the default libraryDescription value for the module returned in * the CK_INFO structure with an internationalize string (UTF8). This value - * will be truncated at 32 bytes(not including the trailing NULL, partial - * UTF8 characters will be dropped). - * cryptoTokenDescription + * will be truncated at 32 bytes(not including the trailing NULL, partial + * UTF8 characters will be dropped). + * cryptoTokenDescription * Override the default label value for the internal crypto token returned * in the CK_TOKEN_INFO structure with an internationalize string (UTF8). * This value will be truncated at 32 bytes (not including the trailing - * NULL, partial UTF8 characters will be dropped). - * dbTokenDescription - * Override the default label value for the internal DB token returned in + * NULL, partial UTF8 characters will be dropped). + * dbTokenDescription + * Override the default label value for the internal DB token returned in * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This * value will be truncated at 32 bytes (not including the trailing NULL, - * partial UTF8 characters will be dropped). - * FIPSTokenDescription + * partial UTF8 characters will be dropped). + * FIPSTokenDescription * Override the default label value for the internal FIPS token returned in * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This * value will be truncated at 32 bytes (not including the trailing NULL, - * partial UTF8 characters will be dropped). - * cryptoSlotDescription + * partial UTF8 characters will be dropped). + * cryptoSlotDescription * Override the default slotDescription value for the internal crypto token * returned in the CK_SLOT_INFO structure with an internationalize string * (UTF8). This value will be truncated at 64 bytes (not including the - * trailing NULL, partial UTF8 characters will be dropped). - * dbSlotDescription - * Override the default slotDescription value for the internal DB token - * returned in the CK_SLOT_INFO structure with an internationalize string + * trailing NULL, partial UTF8 characters will be dropped). + * dbSlotDescription + * Override the default slotDescription value for the internal DB token + * returned in the CK_SLOT_INFO structure with an internationalize string * (UTF8). This value will be truncated at 64 bytes (not including the - * trailing NULL, partial UTF8 characters will be dropped). - * FIPSSlotDescription + * trailing NULL, partial UTF8 characters will be dropped). + * FIPSSlotDescription * Override the default slotDecription value for the internal FIPS token * returned in the CK_SLOT_INFO structure with an internationalize string * (UTF8). This value will be truncated at 64 bytes (not including the - * trailing NULL, partial UTF8 characters will be dropped). + * trailing NULL, partial UTF8 characters will be dropped). * */ struct NSSInitParametersStr { - unsigned int length; /* allow this structure to grow in the future, - * must be set */ - PRBool passwordRequired; - int minPWLen; - char * manufactureID; /* variable names for strings match the */ - char * libraryDescription; /* parameter name in softoken */ - char * cryptoTokenDescription; - char * dbTokenDescription; - char * FIPSTokenDescription; - char * cryptoSlotDescription; - char * dbSlotDescription; - char * FIPSSlotDescription; + unsigned int length; /* allow this structure to grow in the future, + * must be set */ + PRBool passwordRequired; + int minPWLen; + char *manufactureID; /* variable names for strings match the */ + char *libraryDescription; /* parameter name in softoken */ + char *cryptoTokenDescription; + char *dbTokenDescription; + char *FIPSTokenDescription; + char *cryptoSlotDescription; + char *dbSlotDescription; + char *FIPSSlotDescription; }; - SEC_BEGIN_PROTOS @@ -169,20 +157,20 @@ extern SECStatus NSS_InitReadWrite(const char *configdir); * * configdir - base directory where all the cert, key, and module datbases live. * certPrefix - prefix added to the beginning of the cert database example: " - * "https-server1-" + * "https-server1-" * keyPrefix - prefix added to the beginning of the key database example: " - * "https-server1-" + * "https-server1-" * secmodName - name of the security module database (usually "secmod.db"). * flags - change the open options of NSS_Initialize as follows: - * NSS_INIT_READONLY - Open the databases read only. - * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just - * initialize the volatile certdb. - * NSS_INIT_NOMODDB - Don't open the security module DB, just - * initialize the PKCS #11 module. - * NSS_INIT_FORCEOPEN - Continue to force initializations even if the - * databases cannot be opened. + * NSS_INIT_READONLY - Open the databases read only. + * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just + * initialize the volatile certdb. + * NSS_INIT_NOMODDB - Don't open the security module DB, just + * initialize the PKCS #11 module. + * NSS_INIT_FORCEOPEN - Continue to force initializations even if the + * databases cannot be opened. * NSS_INIT_NOROOTINIT - Don't try to look for the root certs module - * automatically. + * automatically. * NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches. * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are * thread-safe, ie. that support locking - either OS @@ -215,37 +203,36 @@ extern SECStatus NSS_InitReadWrite(const char *configdir); * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that * use both NSS and the Java SunPKCS11 provider. * - * Also NOTE: This is not the recommended method for initializing NSS. + * Also NOTE: This is not the recommended method for initializing NSS. * The preferred method is NSS_init(). */ -#define NSS_INIT_READONLY 0x1 -#define NSS_INIT_NOCERTDB 0x2 -#define NSS_INIT_NOMODDB 0x4 -#define NSS_INIT_FORCEOPEN 0x8 -#define NSS_INIT_NOROOTINIT 0x10 -#define NSS_INIT_OPTIMIZESPACE 0x20 -#define NSS_INIT_PK11THREADSAFE 0x40 -#define NSS_INIT_PK11RELOAD 0x80 -#define NSS_INIT_NOPK11FINALIZE 0x100 -#define NSS_INIT_RESERVED 0x200 - -#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \ - NSS_INIT_PK11RELOAD | \ - NSS_INIT_NOPK11FINALIZE | \ - NSS_INIT_RESERVED +#define NSS_INIT_READONLY 0x1 +#define NSS_INIT_NOCERTDB 0x2 +#define NSS_INIT_NOMODDB 0x4 +#define NSS_INIT_FORCEOPEN 0x8 +#define NSS_INIT_NOROOTINIT 0x10 +#define NSS_INIT_OPTIMIZESPACE 0x20 +#define NSS_INIT_PK11THREADSAFE 0x40 +#define NSS_INIT_PK11RELOAD 0x80 +#define NSS_INIT_NOPK11FINALIZE 0x100 +#define NSS_INIT_RESERVED 0x200 + +#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \ + NSS_INIT_PK11RELOAD | \ + NSS_INIT_NOPK11FINALIZE | \ + NSS_INIT_RESERVED #define SECMOD_DB "secmod.db" typedef struct NSSInitContextStr NSSInitContext; +extern SECStatus NSS_Initialize(const char *configdir, + const char *certPrefix, const char *keyPrefix, + const char *secmodName, PRUint32 flags); -extern SECStatus NSS_Initialize(const char *configdir, - const char *certPrefix, const char *keyPrefix, - const char *secmodName, PRUint32 flags); - -extern NSSInitContext *NSS_InitContext(const char *configdir, - const char *certPrefix, const char *keyPrefix, - const char *secmodName, NSSInitParameters *initParams, PRUint32 flags); +extern NSSInitContext *NSS_InitContext(const char *configdir, + const char *certPrefix, const char *keyPrefix, + const char *secmodName, NSSInitParameters *initParams, PRUint32 flags); extern SECStatus NSS_ShutdownContext(NSSInitContext *); @@ -259,11 +246,11 @@ extern SECStatus NSS_ShutdownContext(NSSInitContext *); * the specific database. * updatName is the name the user will be prompted for when * asking to authenticate to the old database */ -extern SECStatus NSS_InitWithMerge(const char *configdir, - const char *certPrefix, const char *keyPrefix, const char *secmodName, - const char *updatedir, const char *updCertPrefix, - const char *updKeyPrefix, const char *updateID, - const char *updateName, PRUint32 flags); +extern SECStatus NSS_InitWithMerge(const char *configdir, + const char *certPrefix, const char *keyPrefix, const char *secmodName, + const char *updatedir, const char *updCertPrefix, + const char *updKeyPrefix, const char *updateID, + const char *updateName, PRUint32 flags); /* * initialize NSS without a creating cert db's, key db's, or secmod db's. */ @@ -273,10 +260,10 @@ SECStatus NSS_NoDB_Init(const char *configdir); * Allow applications and libraries to register with NSS so that they are called * when NSS shuts down. * - * void *appData application specific data passed in by the application at + * void *appData application specific data passed in by the application at * NSS_RegisterShutdown() time. - * void *nssData is NULL in this release, but is reserved for future versions of - * NSS to pass some future status information * back to the shutdown function. + * void *nssData is NULL in this release, but is reserved for future versions of + * NSS to pass some future status information * back to the shutdown function. * * If the shutdown function returns SECFailure, * Shutdown will still complete, but NSS_Shutdown() will return SECFailure. @@ -296,9 +283,13 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); /* Available options for NSS_OptionSet() and NSS_OptionGet(). */ -#define NSS_RSA_MIN_KEY_SIZE (1<<0) -#define NSS_DH_MIN_KEY_SIZE (1<<1) -#define NSS_DSA_MIN_KEY_SIZE (1<<2) +#define NSS_RSA_MIN_KEY_SIZE 0x001 +#define NSS_DH_MIN_KEY_SIZE 0x002 +#define NSS_DSA_MIN_KEY_SIZE 0x004 +#define NSS_TLS_VERSION_MIN_POLICY 0x008 +#define NSS_TLS_VERSION_MAX_POLICY 0x009 +#define NSS_DTLS_VERSION_MIN_POLICY 0x00a +#define NSS_DTLS_VERSION_MAX_POLICY 0x00b /* * Set and get global options for the NSS library. @@ -306,8 +297,7 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value); SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value); - -/* +/* * Close the Cert, Key databases. */ extern SECStatus NSS_Shutdown(void); @@ -315,10 +305,10 @@ extern SECStatus NSS_Shutdown(void); /* * set the PKCS #11 strings for the internal token. */ -void PK11_ConfigurePKCS11(const char *man, const char *libdesc, - const char *tokdesc, const char *ptokdesc, const char *slotdesc, - const char *pslotdesc, const char *fslotdesc, const char *fpslotdesc, - int minPwd, int pwRequired); +void PK11_ConfigurePKCS11(const char *man, const char *libdesc, + const char *tokdesc, const char *ptokdesc, const char *slotdesc, + const char *pslotdesc, const char *fslotdesc, const char *fpslotdesc, + int minPwd, int pwRequired); /* * Dump the contents of the certificate cache and the temporary cert store. diff --git a/nss/lib/nss/nssinit.c b/nss/lib/nss/nssinit.c index b22f915..5d62d47 100644 --- a/nss/lib/nss/nssinit.c +++ b/nss/lib/nss/nssinit.c @@ -20,9 +20,12 @@ #include "secerr.h" #include "nssbase.h" #include "nssutil.h" + +#ifndef NSS_DISABLE_LIBPKIX #include "pkixt.h" #include "pkix.h" #include "pkix_tools.h" +#endif /* NSS_DISABLE_LIBPKIX */ #include "pki3hack.h" #include "certi.h" @@ -49,141 +52,153 @@ nss_mktemp(char *path) } #endif -#define NSS_MAX_FLAG_SIZE sizeof("readOnly")+sizeof("noCertDB")+ \ - sizeof("noModDB")+sizeof("forceOpen")+sizeof("passwordRequired")+ \ - sizeof ("optimizeSpace") +#define NSS_MAX_FLAG_SIZE sizeof("readOnly") + sizeof("noCertDB") + \ + sizeof("noModDB") + sizeof("forceOpen") + sizeof("passwordRequired") + \ + sizeof("optimizeSpace") #define NSS_DEFAULT_MOD_NAME "NSS Internal Module" static char * -nss_makeFlags(PRBool readOnly, PRBool noCertDB, - PRBool noModDB, PRBool forceOpen, - PRBool passwordRequired, PRBool optimizeSpace) +nss_makeFlags(PRBool readOnly, PRBool noCertDB, + PRBool noModDB, PRBool forceOpen, + PRBool passwordRequired, PRBool optimizeSpace) { char *flags = (char *)PORT_Alloc(NSS_MAX_FLAG_SIZE); PRBool first = PR_TRUE; - PORT_Memset(flags,0,NSS_MAX_FLAG_SIZE); + PORT_Memset(flags, 0, NSS_MAX_FLAG_SIZE); if (readOnly) { - PORT_Strcat(flags,"readOnly"); + PORT_Strcat(flags, "readOnly"); first = PR_FALSE; } if (noCertDB) { - if (!first) PORT_Strcat(flags,","); - PORT_Strcat(flags,"noCertDB"); + if (!first) + PORT_Strcat(flags, ","); + PORT_Strcat(flags, "noCertDB"); first = PR_FALSE; } if (noModDB) { - if (!first) PORT_Strcat(flags,","); - PORT_Strcat(flags,"noModDB"); + if (!first) + PORT_Strcat(flags, ","); + PORT_Strcat(flags, "noModDB"); first = PR_FALSE; } if (forceOpen) { - if (!first) PORT_Strcat(flags,","); - PORT_Strcat(flags,"forceOpen"); + if (!first) + PORT_Strcat(flags, ","); + PORT_Strcat(flags, "forceOpen"); first = PR_FALSE; } if (passwordRequired) { - if (!first) PORT_Strcat(flags,","); - PORT_Strcat(flags,"passwordRequired"); + if (!first) + PORT_Strcat(flags, ","); + PORT_Strcat(flags, "passwordRequired"); first = PR_FALSE; } if (optimizeSpace) { - if (!first) PORT_Strcat(flags,","); - PORT_Strcat(flags,"optimizeSpace"); - first = PR_FALSE; + if (!first) + PORT_Strcat(flags, ","); + PORT_Strcat(flags, "optimizeSpace"); } return flags; } - /* * build config string from individual internationalized strings */ char * nss_MkConfigString(const char *man, const char *libdesc, const char *tokdesc, - const char *ptokdesc, const char *slotdesc, const char *pslotdesc, - const char *fslotdesc, const char *fpslotdesc, int minPwd) + const char *ptokdesc, const char *slotdesc, const char *pslotdesc, + const char *fslotdesc, const char *fpslotdesc, int minPwd) { char *strings = NULL; char *newStrings; /* make sure the internationalization was done correctly... */ strings = PR_smprintf(""); - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (man) { - newStrings = PR_smprintf("%s manufacturerID='%s'",strings,man); - PR_smprintf_free(strings); - strings = newStrings; + newStrings = PR_smprintf("%s manufacturerID='%s'", strings, man); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (libdesc) { - newStrings = PR_smprintf("%s libraryDescription='%s'",strings,libdesc); - PR_smprintf_free(strings); - strings = newStrings; + newStrings = PR_smprintf("%s libraryDescription='%s'", strings, libdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (tokdesc) { - newStrings = PR_smprintf("%s cryptoTokenDescription='%s'",strings, - tokdesc); - PR_smprintf_free(strings); - strings = newStrings; + newStrings = PR_smprintf("%s cryptoTokenDescription='%s'", strings, + tokdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (ptokdesc) { - newStrings = PR_smprintf("%s dbTokenDescription='%s'",strings,ptokdesc); - PR_smprintf_free(strings); - strings = newStrings; + newStrings = PR_smprintf("%s dbTokenDescription='%s'", strings, ptokdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (slotdesc) { - newStrings = PR_smprintf("%s cryptoSlotDescription='%s'",strings, - slotdesc); - PR_smprintf_free(strings); - strings = newStrings; + newStrings = PR_smprintf("%s cryptoSlotDescription='%s'", strings, + slotdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (pslotdesc) { - newStrings = PR_smprintf("%s dbSlotDescription='%s'",strings,pslotdesc); - PR_smprintf_free(strings); - strings = newStrings; + newStrings = PR_smprintf("%s dbSlotDescription='%s'", strings, pslotdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (fslotdesc) { newStrings = PR_smprintf("%s FIPSSlotDescription='%s'", - strings,fslotdesc); - PR_smprintf_free(strings); - strings = newStrings; + strings, fslotdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; if (fpslotdesc) { newStrings = PR_smprintf("%s FIPSTokenDescription='%s'", - strings,fpslotdesc); - PR_smprintf_free(strings); - strings = newStrings; + strings, fpslotdesc); + PR_smprintf_free(strings); + strings = newStrings; } - if (strings == NULL) return NULL; + if (strings == NULL) + return NULL; newStrings = PR_smprintf("%s minPS=%d", strings, minPwd); PR_smprintf_free(strings); strings = newStrings; - return(strings); + return (strings); } /* * statics to remember the PK11_ConfigurePKCS11() * info. */ -static char * pk11_config_strings = NULL; -static char * pk11_config_name = NULL; +static char *pk11_config_strings = NULL; +static char *pk11_config_name = NULL; static PRBool pk11_password_required = PR_FALSE; /* @@ -192,27 +207,27 @@ static PRBool pk11_password_required = PR_FALSE; */ void PK11_ConfigurePKCS11(const char *man, const char *libdesc, const char *tokdesc, - const char *ptokdesc, const char *slotdesc, const char *pslotdesc, - const char *fslotdesc, const char *fpslotdesc, int minPwd, - int pwRequired) + const char *ptokdesc, const char *slotdesc, const char *pslotdesc, + const char *fslotdesc, const char *fpslotdesc, int minPwd, + int pwRequired) { - char * strings; + char *strings; - strings = nss_MkConfigString(man,libdesc,tokdesc,ptokdesc,slotdesc, - pslotdesc,fslotdesc,fpslotdesc,minPwd); + strings = nss_MkConfigString(man, libdesc, tokdesc, ptokdesc, slotdesc, + pslotdesc, fslotdesc, fpslotdesc, minPwd); if (strings == NULL) { - return; + return; } if (libdesc) { - if (pk11_config_name != NULL) { - PORT_Free(pk11_config_name); - } - pk11_config_name = PORT_Strdup(libdesc); + if (pk11_config_name != NULL) { + PORT_Free(pk11_config_name); + } + pk11_config_name = PORT_Strdup(libdesc); } if (pk11_config_strings != NULL) { - PR_smprintf_free(pk11_config_strings); + PR_smprintf_free(pk11_config_strings); } pk11_config_strings = strings; pk11_password_required = pwRequired; @@ -220,10 +235,11 @@ PK11_ConfigurePKCS11(const char *man, const char *libdesc, const char *tokdesc, return; } -void PK11_UnconfigurePKCS11(void) +void +PK11_UnconfigurePKCS11(void) { if (pk11_config_strings != NULL) { - PR_smprintf_free(pk11_config_strings); + PR_smprintf_free(pk11_config_strings); pk11_config_strings = NULL; } if (pk11_config_name) { @@ -240,23 +256,24 @@ void PK11_UnconfigurePKCS11(void) static const char *dllname = #if defined(XP_WIN32) || defined(XP_OS2) - "nssckbi.dll"; -#elif defined(HPUX) && !defined(__ia64) /* HP-UX PA-RISC */ - "libnssckbi.sl"; + "nssckbi.dll"; +#elif defined(HPUX) && !defined(__ia64) /* HP-UX PA-RISC */ + "libnssckbi.sl"; #elif defined(DARWIN) - "libnssckbi.dylib"; + "libnssckbi.dylib"; #elif defined(XP_UNIX) || defined(XP_BEOS) - "libnssckbi.so"; + "libnssckbi.so"; #else - #error "Uh! Oh! I don't know about this platform." +#error "Uh! Oh! I don't know about this platform." #endif /* Should we have platform ifdefs here??? */ #define FILE_SEP '/' -static void nss_FindExternalRootPaths(const char *dbpath, - const char* secmodprefix, - char** retoldpath, char** retnewpath) +static void +nss_FindExternalRootPaths(const char *dbpath, + const char *secmodprefix, + char **retoldpath, char **retnewpath) { char *path, *oldpath = NULL, *lastsep; int len, path_len, secmod_len, dll_len; @@ -267,26 +284,27 @@ static void nss_FindExternalRootPaths(const char *dbpath, len = path_len + secmod_len + dll_len + 2; /* FILE_SEP + NULL */ path = PORT_Alloc(len); - if (path == NULL) return; + if (path == NULL) + return; /* back up to the top of the directory */ - PORT_Memcpy(path,dbpath,path_len); - if (path[path_len-1] != FILE_SEP) { + PORT_Memcpy(path, dbpath, path_len); + if (path[path_len - 1] != FILE_SEP) { path[path_len++] = FILE_SEP; } - PORT_Strcpy(&path[path_len],dllname); + PORT_Strcpy(&path[path_len], dllname); if (secmod_len > 0) { lastsep = PORT_Strrchr(secmodprefix, FILE_SEP); if (lastsep) { - int secmoddir_len = lastsep-secmodprefix+1; /* FILE_SEP */ + int secmoddir_len = lastsep - secmodprefix + 1; /* FILE_SEP */ oldpath = PORT_Alloc(len); if (oldpath == NULL) { PORT_Free(path); return; } - PORT_Memcpy(oldpath,path,path_len); - PORT_Memcpy(&oldpath[path_len],secmodprefix,secmoddir_len); - PORT_Strcpy(&oldpath[path_len+secmoddir_len],dllname); + PORT_Memcpy(oldpath, path, path_len); + PORT_Memcpy(&oldpath[path_len], secmodprefix, secmoddir_len); + PORT_Strcpy(&oldpath[path_len + secmoddir_len], dllname); } } *retoldpath = oldpath; @@ -294,7 +312,8 @@ static void nss_FindExternalRootPaths(const char *dbpath, return; } -static void nss_FreeExternalRootPaths(char* oldpath, char* path) +static void +nss_FreeExternalRootPaths(char *oldpath, char *path) { if (path) { PORT_Free(path); @@ -305,27 +324,27 @@ static void nss_FreeExternalRootPaths(char* oldpath, char* path) } static void -nss_FindExternalRoot(const char *dbpath, const char* secmodprefix) +nss_FindExternalRoot(const char *dbpath, const char *secmodprefix) { - char *path = NULL; - char *oldpath = NULL; - PRBool hasrootcerts = PR_FALSE; + char *path = NULL; + char *oldpath = NULL; + PRBool hasrootcerts = PR_FALSE; - /* - * 'oldpath' is the external root path in NSS 3.3.x or older. - * For backward compatibility we try to load the root certs - * module with the old path first. - */ - nss_FindExternalRootPaths(dbpath, secmodprefix, &oldpath, &path); - if (oldpath) { - (void) SECMOD_AddNewModule("Root Certs",oldpath, 0, 0); - hasrootcerts = SECMOD_HasRootCerts(); - } - if (path && !hasrootcerts) { - (void) SECMOD_AddNewModule("Root Certs",path, 0, 0); - } - nss_FreeExternalRootPaths(oldpath, path); - return; + /* + * 'oldpath' is the external root path in NSS 3.3.x or older. + * For backward compatibility we try to load the root certs + * module with the old path first. + */ + nss_FindExternalRootPaths(dbpath, secmodprefix, &oldpath, &path); + if (oldpath) { + (void)SECMOD_AddNewModule("Root Certs", oldpath, 0, 0); + hasrootcerts = SECMOD_HasRootCerts(); + } + if (path && !hasrootcerts) { + (void)SECMOD_AddNewModule("Root Certs", path, 0, 0); + } + nss_FreeExternalRootPaths(oldpath, path); + return; } /* @@ -335,17 +354,17 @@ nss_FindExternalRoot(const char *dbpath, const char* secmodprefix) * set statics (from PKCS11_Configure, for instance), and uses it to kick off * the loading of the various PKCS #11 modules. */ -static SECStatus -nss_InitModules(const char *configdir, const char *certPrefix, - const char *keyPrefix, const char *secmodName, - const char *updateDir, const char *updCertPrefix, - const char *updKeyPrefix, const char *updateID, - const char *updateName, char *configName, char *configStrings, - PRBool pwRequired, PRBool readOnly, PRBool noCertDB, - PRBool noModDB, PRBool forceOpen, PRBool optimizeSpace, - PRBool isContextInit) +static SECMODModule * +nss_InitModules(const char *configdir, const char *certPrefix, + const char *keyPrefix, const char *secmodName, + const char *updateDir, const char *updCertPrefix, + const char *updKeyPrefix, const char *updateID, + const char *updateName, char *configName, char *configStrings, + PRBool pwRequired, PRBool readOnly, PRBool noCertDB, + PRBool noModDB, PRBool forceOpen, PRBool optimizeSpace, + PRBool isContextInit) { - SECStatus rv = SECFailure; + SECMODModule *module = NULL; char *moduleSpec = NULL; char *flags = NULL; char *lconfigdir = NULL; @@ -359,13 +378,14 @@ nss_InitModules(const char *configdir, const char *certPrefix, char *lupdateName = NULL; if (NSS_InitializePRErrorTable() != SECSuccess) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return rv; + PORT_SetError(SEC_ERROR_NO_MEMORY); + return NULL; } - flags = nss_makeFlags(readOnly,noCertDB,noModDB,forceOpen, - pwRequired, optimizeSpace); - if (flags == NULL) return rv; + flags = nss_makeFlags(readOnly, noCertDB, noModDB, forceOpen, + pwRequired, optimizeSpace); + if (flags == NULL) + return NULL; /* * configdir is double nested, and Windows uses the same character @@ -373,73 +393,82 @@ nss_InitModules(const char *configdir, const char *certPrefix, */ lconfigdir = NSSUTIL_DoubleEscape(configdir, '\'', '\"'); if (lconfigdir == NULL) { - goto loser; + goto loser; } lcertPrefix = NSSUTIL_DoubleEscape(certPrefix, '\'', '\"'); if (lcertPrefix == NULL) { - goto loser; + goto loser; } lkeyPrefix = NSSUTIL_DoubleEscape(keyPrefix, '\'', '\"'); if (lkeyPrefix == NULL) { - goto loser; + goto loser; } lsecmodName = NSSUTIL_DoubleEscape(secmodName, '\'', '\"'); if (lsecmodName == NULL) { - goto loser; + goto loser; } lupdateDir = NSSUTIL_DoubleEscape(updateDir, '\'', '\"'); if (lupdateDir == NULL) { - goto loser; + goto loser; } lupdCertPrefix = NSSUTIL_DoubleEscape(updCertPrefix, '\'', '\"'); if (lupdCertPrefix == NULL) { - goto loser; + goto loser; } lupdKeyPrefix = NSSUTIL_DoubleEscape(updKeyPrefix, '\'', '\"'); if (lupdKeyPrefix == NULL) { - goto loser; + goto loser; } lupdateID = NSSUTIL_DoubleEscape(updateID, '\'', '\"'); if (lupdateID == NULL) { - goto loser; + goto loser; } lupdateName = NSSUTIL_DoubleEscape(updateName, '\'', '\"'); if (lupdateName == NULL) { - goto loser; + goto loser; } moduleSpec = PR_smprintf( - "name=\"%s\" parameters=\"configdir='%s' certPrefix='%s' keyPrefix='%s' " - "secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' " - "updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s\" " - "NSS=\"flags=internal,moduleDB,moduleDBOnly,critical%s\"", - configName ? configName : NSS_DEFAULT_MOD_NAME, - lconfigdir,lcertPrefix,lkeyPrefix,lsecmodName,flags, - lupdateDir, lupdCertPrefix, lupdKeyPrefix, lupdateID, - lupdateName, configStrings ? configStrings : "", - isContextInit ? "" : ",defaultModDB,internalKeySlot"); + "name=\"%s\" parameters=\"configdir='%s' certPrefix='%s' keyPrefix='%s' " + "secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' " + "updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s\" " + "NSS=\"flags=internal,moduleDB,moduleDBOnly,critical%s\"", + configName ? configName : NSS_DEFAULT_MOD_NAME, + lconfigdir, lcertPrefix, lkeyPrefix, lsecmodName, flags, + lupdateDir, lupdCertPrefix, lupdKeyPrefix, lupdateID, + lupdateName, configStrings ? configStrings : "", + isContextInit ? "" : ",defaultModDB,internalKeySlot"); loser: PORT_Free(flags); - if (lconfigdir) PORT_Free(lconfigdir); - if (lcertPrefix) PORT_Free(lcertPrefix); - if (lkeyPrefix) PORT_Free(lkeyPrefix); - if (lsecmodName) PORT_Free(lsecmodName); - if (lupdateDir) PORT_Free(lupdateDir); - if (lupdCertPrefix) PORT_Free(lupdCertPrefix); - if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix); - if (lupdateID) PORT_Free(lupdateID); - if (lupdateName) PORT_Free(lupdateName); + if (lconfigdir) + PORT_Free(lconfigdir); + if (lcertPrefix) + PORT_Free(lcertPrefix); + if (lkeyPrefix) + PORT_Free(lkeyPrefix); + if (lsecmodName) + PORT_Free(lsecmodName); + if (lupdateDir) + PORT_Free(lupdateDir); + if (lupdCertPrefix) + PORT_Free(lupdCertPrefix); + if (lupdKeyPrefix) + PORT_Free(lupdKeyPrefix); + if (lupdateID) + PORT_Free(lupdateID); + if (lupdateName) + PORT_Free(lupdateName); if (moduleSpec) { - SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE); - PR_smprintf_free(moduleSpec); - if (module) { - if (module->loaded) rv=SECSuccess; - SECMOD_DestroyModule(module); - } + module = SECMOD_LoadModule(moduleSpec, NULL, PR_TRUE); + PR_smprintf_free(moduleSpec); + if (module && !module->loaded) { + SECMOD_DestroyModule(module); + return NULL; + } } - return rv; + return module; } /* @@ -447,9 +476,9 @@ loser: * * configdir - base directory where all the cert, key, and module datbases live. * certPrefix - prefix added to the beginning of the cert database example: " - * "https-server1-" + * "https-server1-" * keyPrefix - prefix added to the beginning of the key database example: " - * "https-server1-" + * "https-server1-" * secmodName - name of the security module database (usually "secmod.db"). * updateDir - used in initMerge, old directory to update from. * updateID - used in initMerge, unique ID to represent the updated directory. @@ -457,12 +486,12 @@ loser: * initContextPtr - used in initContext, pointer to return a unique context * value. * readOnly - Boolean: true if the databases are to be opened read only. - * nocertdb - Don't open the cert DB and key DB's, just initialize the - * Volatile certdb. - * nomoddb - Don't open the security module DB, just initialize the - * PKCS #11 module. + * nocertdb - Don't open the cert DB and key DB's, just initialize the + * Volatile certdb. + * nomoddb - Don't open the security module DB, just initialize the + * PKCS #11 module. * forceOpen - Continue to force initializations even if the databases cannot - * be opened. + * be opened. * noRootInit - don't try to automatically load the root cert store if one is * not found. * optimizeSpace - tell NSS to use fewer hash table buckets. @@ -479,9 +508,12 @@ loser: * don'tFinalizeModules - dont shutdown modules we may have loaded. */ -static PRBool nssIsInitted = PR_FALSE; +static PRBool nssIsInitted = PR_FALSE; static NSSInitContext *nssInitContextList = NULL; -static void* plContext = NULL; + +#ifndef NSS_DISABLE_LIBPKIX +static void *plContext = NULL; +#endif /* NSS_DISABLE_LIBPKIX */ struct NSSInitContextStr { NSSInitContext *next; @@ -502,62 +534,66 @@ nss_doLockInit(void) { nssInitLock = PZ_NewLock(nssILockOther); if (nssInitLock == NULL) { - return PR_FAILURE; + return PR_FAILURE; } nssInitCondition = PZ_NewCondVar(nssInitLock); if (nssInitCondition == NULL) { - return PR_FAILURE; + return PR_FAILURE; } return PR_SUCCESS; } - static SECStatus nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, - const char *secmodName, const char *updateDir, - const char *updCertPrefix, const char *updKeyPrefix, - const char *updateID, const char *updateName, - NSSInitContext ** initContextPtr, - NSSInitParameters *initParams, - PRBool readOnly, PRBool noCertDB, - PRBool noModDB, PRBool forceOpen, PRBool noRootInit, - PRBool optimizeSpace, PRBool noSingleThreadedModules, - PRBool allowAlreadyInitializedModules, - PRBool dontFinalizeModules) + const char *secmodName, const char *updateDir, + const char *updCertPrefix, const char *updKeyPrefix, + const char *updateID, const char *updateName, + NSSInitContext **initContextPtr, + NSSInitParameters *initParams, + PRBool readOnly, PRBool noCertDB, + PRBool noModDB, PRBool forceOpen, PRBool noRootInit, + PRBool optimizeSpace, PRBool noSingleThreadedModules, + PRBool allowAlreadyInitializedModules, + PRBool dontFinalizeModules) { - SECStatus rv = SECFailure; + SECMODModule *parent = NULL; +#ifndef NSS_DISABLE_LIBPKIX PKIX_UInt32 actualMinorVersion = 0; PKIX_Error *pkixError = NULL; +#endif /* NSS_DISABLE_LIBPKIX */ PRBool isReallyInitted; char *configStrings = NULL; char *configName = NULL; PRBool passwordRequired = PR_FALSE; +#ifdef POLICY_FILE + char *ignoreVar; +#endif /* if we are trying to init with a traditional NSS_Init call, maintain * the traditional idempotent behavior. */ if (!initContextPtr && nssIsInitted) { - return SECSuccess; + return SECSuccess; } - + /* make sure our lock and condition variable are initialized one and only - * one time */ + * one time */ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { - return SECFailure; + return SECFailure; } /* - * if we haven't done basic initialization, single thread the + * if we haven't done basic initialization, single thread the * initializations. */ PZ_Lock(nssInitLock); isReallyInitted = NSS_IsInitialized(); if (!isReallyInitted) { - while (!isReallyInitted && nssIsInInit) { - PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT); - isReallyInitted = NSS_IsInitialized(); - } - /* once we've completed basic initialization, we can allow more than - * one process initialize NSS at a time. */ + while (!isReallyInitted && nssIsInInit) { + PZ_WaitCondVar(nssInitCondition, PR_INTERVAL_NO_TIMEOUT); + isReallyInitted = NSS_IsInitialized(); + } + /* once we've completed basic initialization, we can allow more than + * one process initialize NSS at a time. */ } nssIsInInit++; PZ_Unlock(nssInitLock); @@ -569,21 +605,21 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, if (!isReallyInitted) { #ifdef DEBUG CERTCertificate dummyCert; - /* New option bits must not change the size of CERTCertificate. */ - PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); + /* New option bits must not change the size of CERTCertificate. */ + PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); #endif - if (SECSuccess != cert_InitLocks()) { - goto loser; - } + if (SECSuccess != cert_InitLocks()) { + goto loser; + } + + if (SECSuccess != InitCRLCache()) { + goto loser; + } - if (SECSuccess != InitCRLCache()) { - goto loser; - } - - if (SECSuccess != OCSP_InitGlobal()) { - goto loser; - } + if (SECSuccess != OCSP_InitGlobal()) { + goto loser; + } } if (noSingleThreadedModules || allowAlreadyInitializedModules || @@ -594,110 +630,146 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, } if (initContextPtr) { - *initContextPtr = PORT_ZNew(NSSInitContext); - if (*initContextPtr == NULL) { - goto loser; - } - /* - * For traditional NSS_Init, we used the PK11_Configure() call to set - * globals. with InitContext, we pass those strings in as parameters. - * - * This allows old NSS_Init calls to work as before, while at the same - * time new calls and old calls will not interfere with each other. - */ + *initContextPtr = PORT_ZNew(NSSInitContext); + if (*initContextPtr == NULL) { + goto loser; + } + /* + * For traditional NSS_Init, we used the PK11_Configure() call to set + * globals. with InitContext, we pass those strings in as parameters. + * + * This allows old NSS_Init calls to work as before, while at the same + * time new calls and old calls will not interfere with each other. + */ if (initParams) { - if (initParams->length < sizeof(NSSInitParameters)) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - configStrings = nss_MkConfigString(initParams->manufactureID, - initParams->libraryDescription, - initParams->cryptoTokenDescription, - initParams->dbTokenDescription, - initParams->cryptoSlotDescription, - initParams->dbSlotDescription, - initParams->FIPSSlotDescription, - initParams->FIPSTokenDescription, - initParams->minPWLen); - if (configStrings == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto loser; - } - configName = initParams->libraryDescription; - passwordRequired = initParams->passwordRequired; - } + if (initParams->length < sizeof(NSSInitParameters)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + goto loser; + } + configStrings = nss_MkConfigString(initParams->manufactureID, + initParams->libraryDescription, + initParams->cryptoTokenDescription, + initParams->dbTokenDescription, + initParams->cryptoSlotDescription, + initParams->dbSlotDescription, + initParams->FIPSSlotDescription, + initParams->FIPSTokenDescription, + initParams->minPWLen); + if (configStrings == NULL) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + goto loser; + } + configName = initParams->libraryDescription; + passwordRequired = initParams->passwordRequired; + } + + /* If we're NSS_ContextInit, we're probably a library. It could be + * possible that the application initialized NSS then forked(). The + * library would have no knowledge of that. If we call + * SECMOD_RestartModules() here, we will be able to continue on with + * NSS as normal. SECMOD_RestartModules() does have the side affect + * of losing all our PKCS #11 objects in the new process, but only if + * the module needs to be reinited. If it needs to be reinit those + * objects are inaccessible anyway, it's always save to call + * SECMOD_RestartModules(PR_FALSE). + */ + /* NOTE: We could call SECMOD_Init() here, but if we aren't already + * inited, then there's no modules to restart, so SECMOD_RestartModules + * will return immediately */ + SECMOD_RestartModules(PR_FALSE); } else { - configStrings = pk11_config_strings; - configName = pk11_config_name; - passwordRequired = pk11_password_required; + configStrings = pk11_config_strings; + configName = pk11_config_name; + passwordRequired = pk11_password_required; } /* Skip the module init if we are already initted and we are trying * to init with noCertDB and noModDB */ if (!(isReallyInitted && noCertDB && noModDB)) { - rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, - updateDir, updCertPrefix, updKeyPrefix, updateID, - updateName, configName, configStrings, passwordRequired, - readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, - (initContextPtr != NULL)); - - if (rv != SECSuccess) { - goto loser; - } + parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, + updateDir, updCertPrefix, updKeyPrefix, updateID, + updateName, configName, configStrings, passwordRequired, + readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, + (initContextPtr != NULL)); + + if (parent == NULL) { + goto loser; + } } - /* finish up initialization */ if (!isReallyInitted) { - if (SECOID_Init() != SECSuccess) { - goto loser; - } - if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) { - goto loser; - } - if (nss_InitShutdownList() != SECSuccess) { - goto loser; - } - CERT_SetDefaultCertDB((CERTCertDBHandle *) - STAN_GetDefaultTrustDomain()); - if ((!noModDB) && (!noCertDB) && (!noRootInit)) { - if (!SECMOD_HasRootCerts()) { - const char *dbpath = configdir; - /* handle supported database modifiers */ - if (strncmp(dbpath, "sql:", 4) == 0) { - dbpath += 4; - } else if(strncmp(dbpath, "dbm:", 4) == 0) { - dbpath += 4; - } else if(strncmp(dbpath, "extern:", 7) == 0) { - dbpath += 7; - } else if(strncmp(dbpath, "rdb:", 4) == 0) { - /* if rdb: is specified, the configdir isn't really a - * path. Skip it */ - dbpath = NULL; - } - if (dbpath) { - nss_FindExternalRoot(dbpath, secmodName); - } - } - } - - pk11sdr_Init(); - cert_CreateSubjectKeyIDHashTable(); - - pkixError = PKIX_Initialize - (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, - PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); - - if (pkixError != NULL) { - goto loser; - } else { - char *ev = getenv("NSS_ENABLE_PKIX_VERIFY"); - if (ev && ev[0]) { - CERT_SetUsePKIXForValidation(PR_TRUE); + if (SECOID_Init() != SECSuccess) { + goto loser; + } + if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) { + goto loser; + } + if (nss_InitShutdownList() != SECSuccess) { + goto loser; + } + CERT_SetDefaultCertDB((CERTCertDBHandle *) + STAN_GetDefaultTrustDomain()); + if ((!noModDB) && (!noCertDB) && (!noRootInit)) { + if (!SECMOD_HasRootCerts()) { + const char *dbpath = configdir; + /* handle supported database modifiers */ + if (strncmp(dbpath, "sql:", 4) == 0) { + dbpath += 4; + } else if (strncmp(dbpath, "dbm:", 4) == 0) { + dbpath += 4; + } else if (strncmp(dbpath, "extern:", 7) == 0) { + dbpath += 7; + } else if (strncmp(dbpath, "rdb:", 4) == 0) { + /* if rdb: is specified, the configdir isn't really a + * path. Skip it */ + dbpath = NULL; + } + if (dbpath) { + nss_FindExternalRoot(dbpath, secmodName); + } + } + } +#ifdef POLICY_FILE + /* Load the system crypto policy file if it exists, + * unless the NSS_IGNORE_SYSTEM_POLICY environment + * variable has been set to 1. */ + ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY"); + if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) { + if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) { + SECMODModule *module = SECMOD_LoadModule( + "name=\"Policy File\" " + "parameters=\"configdir='sql:" POLICY_PATH "' " + "secmod='" POLICY_FILE "' " + "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" " + "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"", + parent, PR_TRUE); + if (module) { + PRBool isLoaded = module->loaded; + SECMOD_DestroyModule(module); + if (!isLoaded) { + goto loser; + } + } } } +#endif + pk11sdr_Init(); + cert_CreateSubjectKeyIDHashTable(); +#ifndef NSS_DISABLE_LIBPKIX + pkixError = PKIX_Initialize(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); + if (pkixError != NULL) { + goto loser; + } else { + char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY"); + if (ev && ev[0]) { + CERT_SetUsePKIXForValidation(PR_TRUE); + } + } +#endif /* NSS_DISABLE_LIBPKIX */ } /* @@ -707,11 +779,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, */ PZ_Lock(nssInitLock); if (!initContextPtr) { - nssIsInitted = PR_TRUE; + nssIsInitted = PR_TRUE; } else { - (*initContextPtr)->magic = NSS_INIT_MAGIC; - (*initContextPtr)->next = nssInitContextList; - nssInitContextList = (*initContextPtr); + (*initContextPtr)->magic = NSS_INIT_MAGIC; + (*initContextPtr)->next = nssInitContextList; + nssInitContextList = (*initContextPtr); } nssIsInInit--; /* now that we are inited, all waiters can move forward */ @@ -719,42 +791,47 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, PZ_Unlock(nssInitLock); if (initContextPtr && configStrings) { - PR_smprintf_free(configStrings); + PR_smprintf_free(configStrings); + } + if (parent) { + SECMOD_DestroyModule(parent); } return SECSuccess; loser: if (initContextPtr && *initContextPtr) { - PORT_Free(*initContextPtr); - *initContextPtr = NULL; - if (configStrings) { - PR_smprintf_free(configStrings); - } + PORT_Free(*initContextPtr); + *initContextPtr = NULL; + if (configStrings) { + PR_smprintf_free(configStrings); + } } PZ_Lock(nssInitLock); nssIsInInit--; /* We failed to init, allow one to move forward */ PZ_NotifyCondVar(nssInitCondition); PZ_Unlock(nssInitLock); + if (parent) { + SECMOD_DestroyModule(parent); + } return SECFailure; } - SECStatus NSS_Init(const char *configdir) { return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL, - NULL, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); + NULL, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, + PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); } SECStatus NSS_InitReadWrite(const char *configdir) { return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL, - NULL, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, - PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); + NULL, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, + PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); } /* @@ -762,18 +839,18 @@ NSS_InitReadWrite(const char *configdir) * * configdir - base directory where all the cert, key, and module datbases live. * certPrefix - prefix added to the beginning of the cert database example: " - * "https-server1-" + * "https-server1-" * keyPrefix - prefix added to the beginning of the key database example: " - * "https-server1-" + * "https-server1-" * secmodName - name of the security module database (usually "secmod.db"). * flags - change the open options of NSS_Initialize as follows: - * NSS_INIT_READONLY - Open the databases read only. - * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just - * initialize the volatile certdb. - * NSS_INIT_NOMODDB - Don't open the security module DB, just - * initialize the PKCS #11 module. - * NSS_INIT_FORCEOPEN - Continue to force initializations even if the - * databases cannot be opened. + * NSS_INIT_READONLY - Open the databases read only. + * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just + * initialize the volatile certdb. + * NSS_INIT_NOMODDB - Don't open the security module DB, just + * initialize the PKCS #11 module. + * NSS_INIT_FORCEOPEN - Continue to force initializations even if the + * databases cannot be opened. * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are * thread-safe, ie. that support locking - either OS * locking or NSS-provided locks . If a PKCS#11 @@ -803,111 +880,110 @@ NSS_InitReadWrite(const char *configdir) * provider. This should occur after a new flag is defined * for C_Initialize by the PKCS#11 working group. * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that - * use both NSS and the Java SunPKCS11 provider. + * use both NSS and the Java SunPKCS11 provider. */ SECStatus -NSS_Initialize(const char *configdir, const char *certPrefix, - const char *keyPrefix, const char *secmodName, PRUint32 flags) +NSS_Initialize(const char *configdir, const char *certPrefix, + const char *keyPrefix, const char *secmodName, PRUint32 flags) { return nss_Init(configdir, certPrefix, keyPrefix, secmodName, - "", "", "", "", "", NULL, NULL, - ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), - ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), - ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), - ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), - ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT), - ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), - ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), - ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), - ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); + "", "", "", "", "", NULL, NULL, + ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), + ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), + ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), + ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), + ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT), + ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), + ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), + ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), + ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); } NSSInitContext * -NSS_InitContext(const char *configdir, const char *certPrefix, - const char *keyPrefix, const char *secmodName, - NSSInitParameters *initParams, PRUint32 flags) +NSS_InitContext(const char *configdir, const char *certPrefix, + const char *keyPrefix, const char *secmodName, + NSSInitParameters *initParams, PRUint32 flags) { SECStatus rv; NSSInitContext *context; rv = nss_Init(configdir, certPrefix, keyPrefix, secmodName, - "", "", "", "", "", &context, initParams, - ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), - ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), - ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), - ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), PR_TRUE, - ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), - ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), - ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), - ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); + "", "", "", "", "", &context, initParams, + ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), + ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), + ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), + ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), PR_TRUE, + ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), + ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), + ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), + ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); return (rv == SECSuccess) ? context : NULL; } SECStatus -NSS_InitWithMerge(const char *configdir, const char *certPrefix, - const char *keyPrefix, const char *secmodName, - const char *updateDir, const char *updCertPrefix, - const char *updKeyPrefix, const char *updateID, - const char *updateName, PRUint32 flags) +NSS_InitWithMerge(const char *configdir, const char *certPrefix, + const char *keyPrefix, const char *secmodName, + const char *updateDir, const char *updCertPrefix, + const char *updKeyPrefix, const char *updateID, + const char *updateName, PRUint32 flags) { return nss_Init(configdir, certPrefix, keyPrefix, secmodName, - updateDir, updCertPrefix, updKeyPrefix, updateID, updateName, - NULL, NULL, - ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), - ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), - ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), - ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), - ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT), - ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), - ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), - ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), - ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); + updateDir, updCertPrefix, updKeyPrefix, updateID, updateName, + NULL, NULL, + ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), + ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), + ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), + ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), + ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT), + ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), + ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), + ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), + ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); } /* * initialize NSS without a creating cert db's, key db's, or secmod db's. */ SECStatus -NSS_NoDB_Init(const char * configdir) +NSS_NoDB_Init(const char *configdir) { - return nss_Init("","","","", "", "", "", "", "", NULL, NULL, - PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE, - PR_FALSE,PR_FALSE,PR_FALSE); + return nss_Init("", "", "", "", "", "", "", "", "", NULL, NULL, + PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE, + PR_FALSE, PR_FALSE, PR_FALSE); } - #define NSS_SHUTDOWN_STEP 10 struct NSSShutdownFuncPair { - NSS_ShutdownFunc func; - void *appData; + NSS_ShutdownFunc func; + void *appData; }; static struct NSSShutdownListStr { - PZLock *lock; - int allocatedFuncs; - int peakFuncs; - struct NSSShutdownFuncPair *funcs; + PZLock *lock; + int allocatedFuncs; + int peakFuncs; + struct NSSShutdownFuncPair *funcs; } nssShutdownList = { 0 }; /* * find and existing shutdown function */ -static int +static int nss_GetShutdownEntry(NSS_ShutdownFunc sFunc, void *appData) { int count, i; count = nssShutdownList.peakFuncs; - for (i=0; i < count; i++) { - if ((nssShutdownList.funcs[i].func == sFunc) && - (nssShutdownList.funcs[i].appData == appData)){ - return i; - } + for (i = 0; i < count; i++) { + if ((nssShutdownList.funcs[i].func == sFunc) && + (nssShutdownList.funcs[i].appData == appData)) { + return i; + } } return -1; } - + /* * register a callback to be called when NSS shuts down */ @@ -917,21 +993,21 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData) int i; /* make sure our lock and condition variable are initialized one and only - * one time */ + * one time */ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { - return SECFailure; + return SECFailure; } PZ_Lock(nssInitLock); if (!NSS_IsInitialized()) { - PZ_Unlock(nssInitLock); - PORT_SetError(SEC_ERROR_NOT_INITIALIZED); - return SECFailure; + PZ_Unlock(nssInitLock); + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; } PZ_Unlock(nssInitLock); if (sFunc == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } PORT_Assert(nssShutdownList.lock); @@ -940,30 +1016,28 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData) /* make sure we don't have a duplicate */ i = nss_GetShutdownEntry(sFunc, appData); if (i >= 0) { - PZ_Unlock(nssShutdownList.lock); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; + PZ_Unlock(nssShutdownList.lock); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; } /* find an empty slot */ i = nss_GetShutdownEntry(NULL, NULL); if (i >= 0) { - nssShutdownList.funcs[i].func = sFunc; - nssShutdownList.funcs[i].appData = appData; - PZ_Unlock(nssShutdownList.lock); - return SECSuccess; + nssShutdownList.funcs[i].func = sFunc; + nssShutdownList.funcs[i].appData = appData; + PZ_Unlock(nssShutdownList.lock); + return SECSuccess; } if (nssShutdownList.allocatedFuncs == nssShutdownList.peakFuncs) { - struct NSSShutdownFuncPair *funcs = - (struct NSSShutdownFuncPair *)PORT_Realloc - (nssShutdownList.funcs, - (nssShutdownList.allocatedFuncs + NSS_SHUTDOWN_STEP) - *sizeof(struct NSSShutdownFuncPair)); - if (!funcs) { - PZ_Unlock(nssShutdownList.lock); - return SECFailure; - } - nssShutdownList.funcs = funcs; - nssShutdownList.allocatedFuncs += NSS_SHUTDOWN_STEP; + struct NSSShutdownFuncPair *funcs = + (struct NSSShutdownFuncPair *)PORT_Realloc(nssShutdownList.funcs, + (nssShutdownList.allocatedFuncs + NSS_SHUTDOWN_STEP) * sizeof(struct NSSShutdownFuncPair)); + if (!funcs) { + PZ_Unlock(nssShutdownList.lock); + return SECFailure; + } + nssShutdownList.funcs = funcs; + nssShutdownList.allocatedFuncs += NSS_SHUTDOWN_STEP; } nssShutdownList.funcs[nssShutdownList.peakFuncs].func = sFunc; nssShutdownList.funcs[nssShutdownList.peakFuncs].appData = appData; @@ -981,15 +1055,15 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData) int i; /* make sure our lock and condition variable are initialized one and only - * one time */ + * one time */ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { - return SECFailure; + return SECFailure; } PZ_Lock(nssInitLock); if (!NSS_IsInitialized()) { - PZ_Unlock(nssInitLock); - PORT_SetError(SEC_ERROR_NOT_INITIALIZED); - return SECFailure; + PZ_Unlock(nssInitLock); + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; } PZ_Unlock(nssInitLock); @@ -997,14 +1071,14 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData) PZ_Lock(nssShutdownList.lock); i = nss_GetShutdownEntry(sFunc, appData); if (i >= 0) { - nssShutdownList.funcs[i].func = NULL; - nssShutdownList.funcs[i].appData = NULL; + nssShutdownList.funcs[i].func = NULL; + nssShutdownList.funcs[i].appData = NULL; } PZ_Unlock(nssShutdownList.lock); if (i < 0) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; } return SECSuccess; } @@ -1016,18 +1090,18 @@ static SECStatus nss_InitShutdownList(void) { if (nssShutdownList.lock != NULL) { - return SECSuccess; + return SECSuccess; } nssShutdownList.lock = PZ_NewLock(nssILockOther); if (nssShutdownList.lock == NULL) { - return SECFailure; + return SECFailure; } - nssShutdownList.funcs = PORT_ZNewArray(struct NSSShutdownFuncPair, - NSS_SHUTDOWN_STEP); + nssShutdownList.funcs = PORT_ZNewArray(struct NSSShutdownFuncPair, + NSS_SHUTDOWN_STEP); if (nssShutdownList.funcs == NULL) { - PZ_DestroyLock(nssShutdownList.lock); - nssShutdownList.lock = NULL; - return SECFailure; + PZ_DestroyLock(nssShutdownList.lock); + nssShutdownList.lock = NULL; + return SECFailure; } nssShutdownList.allocatedFuncs = NSS_SHUTDOWN_STEP; nssShutdownList.peakFuncs = 0; @@ -1042,13 +1116,13 @@ nss_ShutdownShutdownList(void) int i; /* call all the registerd functions first */ - for (i=0; i < nssShutdownList.peakFuncs; i++) { - struct NSSShutdownFuncPair *funcPair = &nssShutdownList.funcs[i]; - if (funcPair->func) { - if ((*funcPair->func)(funcPair->appData,NULL) != SECSuccess) { - rv = SECFailure; - } - } + for (i = 0; i < nssShutdownList.peakFuncs; i++) { + struct NSSShutdownFuncPair *funcPair = &nssShutdownList.funcs[i]; + if (funcPair->func) { + if ((*funcPair->func)(funcPair->appData, NULL) != SECSuccess) { + rv = SECFailure; + } + } } nssShutdownList.peakFuncs = 0; @@ -1056,13 +1130,12 @@ nss_ShutdownShutdownList(void) PORT_Free(nssShutdownList.funcs); nssShutdownList.funcs = NULL; if (nssShutdownList.lock) { - PZ_DestroyLock(nssShutdownList.lock); + PZ_DestroyLock(nssShutdownList.lock); } nssShutdownList.lock = NULL; return rv; } - extern const NSSError NSS_ERROR_BUSY; SECStatus @@ -1075,27 +1148,29 @@ nss_Shutdown(void) rv = nss_ShutdownShutdownList(); if (rv != SECSuccess) { - shutdownRV = SECFailure; + shutdownRV = SECFailure; } cert_DestroyLocks(); ShutdownCRLCache(); OCSP_ShutdownGlobal(); +#ifndef NSS_DISABLE_LIBPKIX PKIX_Shutdown(plContext); +#endif /* NSS_DISABLE_LIBPKIX */ SECOID_Shutdown(); status = STAN_Shutdown(); cert_DestroySubjectKeyIDHashTable(); pk11_SetInternalKeySlot(NULL); rv = SECMOD_Shutdown(); if (rv != SECSuccess) { - shutdownRV = SECFailure; + shutdownRV = SECFailure; } pk11sdr_Shutdown(); nssArena_Shutdown(); if (status == PR_FAILURE) { - if (NSS_GetError() == NSS_ERROR_BUSY) { - PORT_SetError(SEC_ERROR_BUSY); - } - shutdownRV = SECFailure; + if (NSS_GetError() == NSS_ERROR_BUSY) { + PORT_SetError(SEC_ERROR_BUSY); + } + shutdownRV = SECFailure; } /* * A thread's error stack is automatically destroyed when the thread @@ -1113,10 +1188,10 @@ nss_Shutdown(void) /* free the old list. This is necessary when we are called from * NSS_Shutdown(). */ while (temp) { - NSSInitContext *next = temp->next; - temp->magic = 0; - PORT_Free(temp); - temp = next; + NSSInitContext *next = temp->next; + temp->magic = 0; + PORT_Free(temp); + temp = next; } return shutdownRV; } @@ -1126,22 +1201,22 @@ NSS_Shutdown(void) { SECStatus rv; /* make sure our lock and condition variable are initialized one and only - * one time */ + * one time */ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { - return SECFailure; + return SECFailure; } PZ_Lock(nssInitLock); if (!nssIsInitted) { - PZ_Unlock(nssInitLock); - PORT_SetError(SEC_ERROR_NOT_INITIALIZED); - return SECFailure; + PZ_Unlock(nssInitLock); + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; } /* If one or more threads are in the middle of init, wait for them * to complete */ while (nssIsInInit) { - PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT); + PZ_WaitCondVar(nssInitCondition, PR_INTERVAL_NO_TIMEOUT); } rv = nss_Shutdown(); PZ_Unlock(nssInitLock); @@ -1152,25 +1227,26 @@ NSS_Shutdown(void) * remove the context from a list. return true if found, false if not */ PRBool -nss_RemoveList(NSSInitContext *context) { +nss_RemoveList(NSSInitContext *context) +{ NSSInitContext *this = nssInitContextList; NSSInitContext **last = &nssInitContextList; while (this) { - if (this == context) { - *last = this->next; - this->magic = 0; - PORT_Free(this); - return PR_TRUE; - } - last = &this->next; - this=this->next; + if (this == context) { + *last = this->next; + this->magic = 0; + PORT_Free(this); + return PR_TRUE; + } + last = &this->next; + this = this->next; } return PR_FALSE; } /* - * This form of shutdown is safe in the case where we may have multiple + * This form of shutdown is safe in the case where we may have multiple * entities using NSS in a single process. Each entity calls shutdown with * it's own context. The application (which doesn't get a context), calls * shutdown with NULL. Once all users have 'checked in' NSS will shutdown. @@ -1183,34 +1259,34 @@ NSS_ShutdownContext(NSSInitContext *context) SECStatus rv = SECSuccess; /* make sure our lock and condition variable are initialized one and only - * one time */ + * one time */ if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) { - return SECFailure; + return SECFailure; } PZ_Lock(nssInitLock); /* If one or more threads are in the middle of init, wait for them * to complete */ while (nssIsInInit) { - PZ_WaitCondVar(nssInitCondition,PR_INTERVAL_NO_TIMEOUT); + PZ_WaitCondVar(nssInitCondition, PR_INTERVAL_NO_TIMEOUT); } /* OK, we are the only thread now either initializing or shutting down */ - + if (!context) { - if (!nssIsInitted) { - PZ_Unlock(nssInitLock); - PORT_SetError(SEC_ERROR_NOT_INITIALIZED); - return SECFailure; - } - nssIsInitted = 0; - } else if (! nss_RemoveList(context)) { - PZ_Unlock(nssInitLock); - /* context was already freed or wasn't valid */ - PORT_SetError(SEC_ERROR_NOT_INITIALIZED); - return SECFailure; + if (!nssIsInitted) { + PZ_Unlock(nssInitLock); + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; + } + nssIsInitted = 0; + } else if (!nss_RemoveList(context)) { + PZ_Unlock(nssInitLock); + /* context was already freed or wasn't valid */ + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; } if ((nssIsInitted == 0) && (nssInitContextList == NULL)) { - rv = nss_Shutdown(); + rv = nss_Shutdown(); } /* NOTE: we don't try to free the nssInitLocks to prevent races against @@ -1227,7 +1303,6 @@ NSS_IsInitialized(void) { return (nssIsInitted) || (nssInitContextList != NULL); } - extern const char __nss_base_version[]; diff --git a/nss/lib/nss/nssoptions.c b/nss/lib/nss/nssoptions.c index 10b0138..fc97d62 100644 --- a/nss/lib/nss/nssoptions.c +++ b/nss/lib/nss/nssoptions.c @@ -19,31 +19,51 @@ struct nssOps { PRInt32 rsaMinKeySize; PRInt32 dhMinKeySize; PRInt32 dsaMinKeySize; + PRInt32 tlsVersionMinPolicy; + PRInt32 tlsVersionMaxPolicy; + PRInt32 dtlsVersionMinPolicy; + PRInt32 dtlsVersionMaxPolicy; }; static struct nssOps nss_ops = { SSL_RSA_MIN_MODULUS_BITS, SSL_DH_MIN_P_BITS, - SSL_DSA_MIN_P_BITS + SSL_DSA_MIN_P_BITS, + 1, /* Set TLS min to less the the smallest legal SSL value */ + 0xffff, /* set TLS max to more than the largest legal SSL value */ + 1, + 0xffff, }; SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value) { -SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess; switch (which) { - case NSS_RSA_MIN_KEY_SIZE: - nss_ops.rsaMinKeySize = value; - break; - case NSS_DH_MIN_KEY_SIZE: - nss_ops.dhMinKeySize = value; - break; - case NSS_DSA_MIN_KEY_SIZE: - nss_ops.dsaMinKeySize = value; - break; - default: - rv = SECFailure; + case NSS_RSA_MIN_KEY_SIZE: + nss_ops.rsaMinKeySize = value; + break; + case NSS_DH_MIN_KEY_SIZE: + nss_ops.dhMinKeySize = value; + break; + case NSS_DSA_MIN_KEY_SIZE: + nss_ops.dsaMinKeySize = value; + break; + case NSS_TLS_VERSION_MIN_POLICY: + nss_ops.tlsVersionMinPolicy = value; + break; + case NSS_TLS_VERSION_MAX_POLICY: + nss_ops.tlsVersionMaxPolicy = value; + break; + case NSS_DTLS_VERSION_MIN_POLICY: + nss_ops.dtlsVersionMinPolicy = value; + break; + case NSS_DTLS_VERSION_MAX_POLICY: + nss_ops.dtlsVersionMaxPolicy = value; + break; + default: + rv = SECFailure; } return rv; @@ -52,22 +72,33 @@ SECStatus rv = SECSuccess; SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value) { -SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess; switch (which) { - case NSS_RSA_MIN_KEY_SIZE: - *value = nss_ops.rsaMinKeySize; - break; - case NSS_DH_MIN_KEY_SIZE: - *value = nss_ops.dhMinKeySize; - break; - case NSS_DSA_MIN_KEY_SIZE: - *value = nss_ops.dsaMinKeySize; - break; - default: - rv = SECFailure; + case NSS_RSA_MIN_KEY_SIZE: + *value = nss_ops.rsaMinKeySize; + break; + case NSS_DH_MIN_KEY_SIZE: + *value = nss_ops.dhMinKeySize; + break; + case NSS_DSA_MIN_KEY_SIZE: + *value = nss_ops.dsaMinKeySize; + break; + case NSS_TLS_VERSION_MIN_POLICY: + *value = nss_ops.tlsVersionMinPolicy; + break; + case NSS_TLS_VERSION_MAX_POLICY: + *value = nss_ops.tlsVersionMaxPolicy; + break; + case NSS_DTLS_VERSION_MIN_POLICY: + *value = nss_ops.dtlsVersionMinPolicy; + break; + case NSS_DTLS_VERSION_MAX_POLICY: + *value = nss_ops.dtlsVersionMaxPolicy; + break; + default: + rv = SECFailure; } return rv; } - diff --git a/nss/lib/nss/nssoptions.h b/nss/lib/nss/nssoptions.h index daa0944..024c1e9 100644 --- a/nss/lib/nss/nssoptions.h +++ b/nss/lib/nss/nssoptions.h @@ -7,7 +7,7 @@ /* * Include the default limits here */ -/* SSL default limits are here so we don't have to import a private SSL header +/* SSL default limits are here so we don't have to import a private SSL header * file into NSS proper */ /* The minimum server key sizes accepted by the clients. @@ -18,4 +18,3 @@ * happens because NSS used to count bit lengths incorrectly. */ #define SSL_DH_MIN_P_BITS 1023 #define SSL_DSA_MIN_P_BITS 1023 - diff --git a/nss/lib/nss/utilwrap.c b/nss/lib/nss/utilwrap.c index d3b6037..938d95c 100644 --- a/nss/lib/nss/utilwrap.c +++ b/nss/lib/nss/utilwrap.c @@ -236,518 +236,595 @@ PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc) void PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc) -{ +{ PORT_SetUCS2_ASCIIConversionFunction_Util(convFunc); } void PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc) -{ +{ PORT_SetUCS2_UTF8ConversionFunction_Util(convFunc); } -PRBool +PRBool PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf, - unsigned int inBufLen, unsigned char *outBuf, - unsigned int maxOutBufLen, unsigned int *outBufLen) + unsigned int inBufLen, unsigned char *outBuf, + unsigned int maxOutBufLen, unsigned int *outBufLen) { return PORT_UCS2_UTF8Conversion_Util(toUnicode, inBuf, inBufLen, outBuf, - maxOutBufLen, outBufLen); -} + maxOutBufLen, outBufLen); +} -PRBool +PRBool PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf, - unsigned int inBufLen, unsigned char *outBuf, - unsigned int maxOutBufLen, unsigned int *outBufLen, - PRBool swapBytes) + unsigned int inBufLen, unsigned char *outBuf, + unsigned int maxOutBufLen, unsigned int *outBufLen, + PRBool swapBytes) { return PORT_UCS2_ASCIIConversion_Util(toUnicode, inBuf, inBufLen, outBuf, - maxOutBufLen, outBufLen, swapBytes); + maxOutBufLen, outBufLen, swapBytes); } int -NSS_PutEnv(const char * envVarName, const char * envValue) +NSS_PutEnv(const char *envVarName, const char *envValue) { return NSS_PutEnv_Util(envVarName, envValue); } -SECOidData *SECOID_FindOID( const SECItem *oid) +SECOidData * +SECOID_FindOID(const SECItem *oid) { return SECOID_FindOID_Util(oid); } -SECOidTag SECOID_FindOIDTag(const SECItem *oid) +SECOidTag +SECOID_FindOIDTag(const SECItem *oid) { return SECOID_FindOIDTag_Util(oid); } -SECOidData *SECOID_FindOIDByTag(SECOidTag tagnum) +SECOidData * +SECOID_FindOIDByTag(SECOidTag tagnum) { return SECOID_FindOIDByTag_Util(tagnum); } -SECStatus SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid, - SECOidTag tag, SECItem *params) +SECStatus +SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid, + SECOidTag tag, SECItem *params) { return SECOID_SetAlgorithmID_Util(arena, aid, tag, params); } -SECStatus SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest, - const SECAlgorithmID *src) +SECStatus +SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest, + const SECAlgorithmID *src) { return SECOID_CopyAlgorithmID_Util(arena, dest, src); } -SECOidTag SECOID_GetAlgorithmTag(const SECAlgorithmID *aid) +SECOidTag +SECOID_GetAlgorithmTag(const SECAlgorithmID *aid) { return SECOID_GetAlgorithmTag_Util(aid); } -void SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit) +void +SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit) { SECOID_DestroyAlgorithmID_Util(aid, freeit); } -SECComparison SECOID_CompareAlgorithmID(SECAlgorithmID *a, - SECAlgorithmID *b) +SECComparison +SECOID_CompareAlgorithmID(SECAlgorithmID *a, + SECAlgorithmID *b) { return SECOID_CompareAlgorithmID_Util(a, b); } -const char *SECOID_FindOIDTagDescription(SECOidTag tagnum) +const char * +SECOID_FindOIDTagDescription(SECOidTag tagnum) { return SECOID_FindOIDTagDescription_Util(tagnum); } -SECOidTag SECOID_AddEntry(const SECOidData * src) +SECOidTag +SECOID_AddEntry(const SECOidData *src) { return SECOID_AddEntry_Util(src); } -SECItem *SECITEM_AllocItem(PLArenaPool *arena, SECItem *item, - unsigned int len) +SECItem * +SECITEM_AllocItem(PLArenaPool *arena, SECItem *item, + unsigned int len) { return SECITEM_AllocItem_Util(arena, item, len); } -SECComparison SECITEM_CompareItem(const SECItem *a, const SECItem *b) +SECComparison +SECITEM_CompareItem(const SECItem *a, const SECItem *b) { return SECITEM_CompareItem_Util(a, b); } -PRBool SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b) +PRBool +SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b) { return SECITEM_ItemsAreEqual_Util(a, b); } -SECStatus SECITEM_CopyItem(PLArenaPool *arena, SECItem *to, - const SECItem *from) +SECStatus +SECITEM_CopyItem(PLArenaPool *arena, SECItem *to, + const SECItem *from) { return SECITEM_CopyItem_Util(arena, to, from); } -SECItem *SECITEM_DupItem(const SECItem *from) +SECItem * +SECITEM_DupItem(const SECItem *from) { return SECITEM_DupItem_Util(from); } -SECItem *SECITEM_ArenaDupItem(PLArenaPool *arena, const SECItem *from) +SECItem * +SECITEM_ArenaDupItem(PLArenaPool *arena, const SECItem *from) { return SECITEM_ArenaDupItem_Util(arena, from); } -void SECITEM_FreeItem(SECItem *zap, PRBool freeit) +void +SECITEM_FreeItem(SECItem *zap, PRBool freeit) { SECITEM_FreeItem_Util(zap, freeit); } -void SECITEM_ZfreeItem(SECItem *zap, PRBool freeit) +void +SECITEM_ZfreeItem(SECItem *zap, PRBool freeit) { SECITEM_ZfreeItem_Util(zap, freeit); } -SGNDigestInfo *SGN_CreateDigestInfo(SECOidTag algorithm, - unsigned char *sig, - unsigned int sigLen) +SGNDigestInfo * +SGN_CreateDigestInfo(SECOidTag algorithm, + unsigned char *sig, + unsigned int sigLen) { return SGN_CreateDigestInfo_Util(algorithm, sig, sigLen); } -void SGN_DestroyDigestInfo(SGNDigestInfo *info) +void +SGN_DestroyDigestInfo(SGNDigestInfo *info) { SGN_DestroyDigestInfo_Util(info); } -SECStatus SGN_CopyDigestInfo(PLArenaPool *poolp, - SGNDigestInfo *a, - SGNDigestInfo *b) +SECStatus +SGN_CopyDigestInfo(PLArenaPool *poolp, + SGNDigestInfo *a, + SGNDigestInfo *b) { return SGN_CopyDigestInfo_Util(poolp, a, b); } -SECComparison SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b) +SECComparison +SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b) { return SGN_CompareDigestInfo_Util(a, b); } -SECStatus DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *t, - void *src) +SECStatus +DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *t, + void *src) { return DER_Encode_Util(arena, dest, t, src); } -SECStatus DER_Lengths(SECItem *item, int *header_len_p, - PRUint32 *contents_len_p) +SECStatus +DER_Lengths(SECItem *item, int *header_len_p, + PRUint32 *contents_len_p) { return DER_Lengths_Util(item, header_len_p, contents_len_p); } -long DER_GetInteger(const SECItem *src) +long +DER_GetInteger(const SECItem *src) { return DER_GetInteger_Util(src); } -SECStatus DER_TimeToUTCTime(SECItem *result, PRTime time) +SECStatus +DER_TimeToUTCTime(SECItem *result, PRTime time) { return DER_TimeToUTCTime_Util(result, time); } -SECStatus DER_AsciiToTime(PRTime *result, const char *string) +SECStatus +DER_AsciiToTime(PRTime *result, const char *string) { return DER_AsciiToTime_Util(result, string); } -SECStatus DER_UTCTimeToTime(PRTime *result, const SECItem *time) +SECStatus +DER_UTCTimeToTime(PRTime *result, const SECItem *time) { return DER_UTCTimeToTime_Util(result, time); } -char *DER_UTCTimeToAscii(SECItem *utcTime) +char * +DER_UTCTimeToAscii(SECItem *utcTime) { return DER_UTCTimeToAscii_Util(utcTime); } -char *DER_UTCDayToAscii(SECItem *utctime) +char * +DER_UTCDayToAscii(SECItem *utctime) { return DER_UTCDayToAscii_Util(utctime); } -char *DER_GeneralizedDayToAscii(SECItem *gentime) +char * +DER_GeneralizedDayToAscii(SECItem *gentime) { return DER_GeneralizedDayToAscii_Util(gentime); } -char *DER_TimeChoiceDayToAscii(SECItem *timechoice) +char * +DER_TimeChoiceDayToAscii(SECItem *timechoice) { return DER_TimeChoiceDayToAscii_Util(timechoice); } -SECStatus DER_TimeToGeneralizedTime(SECItem *dst, PRTime gmttime) +SECStatus +DER_TimeToGeneralizedTime(SECItem *dst, PRTime gmttime) { return DER_TimeToGeneralizedTime_Util(dst, gmttime); } -SECStatus DER_TimeToGeneralizedTimeArena(PLArenaPool* arenaOpt, - SECItem *dst, PRTime gmttime) +SECStatus +DER_TimeToGeneralizedTimeArena(PLArenaPool *arenaOpt, + SECItem *dst, PRTime gmttime) { return DER_TimeToGeneralizedTimeArena_Util(arenaOpt, dst, gmttime); } -SECStatus DER_GeneralizedTimeToTime(PRTime *dst, const SECItem *time) +SECStatus +DER_GeneralizedTimeToTime(PRTime *dst, const SECItem *time) { return DER_GeneralizedTimeToTime_Util(dst, time); } -char *CERT_GenTime2FormattedAscii(PRTime genTime, char *format) +char * +CERT_GenTime2FormattedAscii(PRTime genTime, char *format) { return CERT_GenTime2FormattedAscii_Util(genTime, format); } -SECStatus DER_DecodeTimeChoice(PRTime* output, const SECItem* input) +SECStatus +DER_DecodeTimeChoice(PRTime *output, const SECItem *input) { return DER_DecodeTimeChoice_Util(output, input); } -SECStatus DER_EncodeTimeChoice(PLArenaPool* arena, SECItem* output, - PRTime input) +SECStatus +DER_EncodeTimeChoice(PLArenaPool *arena, SECItem *output, + PRTime input) { return DER_EncodeTimeChoice_Util(arena, output, input); } -SEC_ASN1DecoderContext *SEC_ASN1DecoderStart(PLArenaPool *pool, - void *dest, - const SEC_ASN1Template *t) +SEC_ASN1DecoderContext * +SEC_ASN1DecoderStart(PLArenaPool *pool, + void *dest, + const SEC_ASN1Template *t) { return SEC_ASN1DecoderStart_Util(pool, dest, t); } -SECStatus SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx, - const char *buf, - unsigned long len) +SECStatus +SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx, + const char *buf, + unsigned long len) { return SEC_ASN1DecoderUpdate_Util(cx, buf, len); } -SECStatus SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx) +SECStatus +SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx) { return SEC_ASN1DecoderFinish_Util(cx); } -void SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error) +void +SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error) { SEC_ASN1DecoderAbort_Util(cx, error); } -void SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx, - SEC_ASN1WriteProc fn, - void *arg, PRBool no_store) +void +SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx, + SEC_ASN1WriteProc fn, + void *arg, PRBool no_store) { SEC_ASN1DecoderSetFilterProc_Util(cx, fn, arg, no_store); } -void SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx) +void +SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx) { SEC_ASN1DecoderClearFilterProc_Util(cx); } -void SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx, - SEC_ASN1NotifyProc fn, - void *arg) +void +SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx, + SEC_ASN1NotifyProc fn, + void *arg) { SEC_ASN1DecoderSetNotifyProc_Util(cx, fn, arg); } -void SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx) +void +SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx) { SEC_ASN1DecoderClearNotifyProc_Util(cx); } -SECStatus SEC_ASN1Decode(PLArenaPool *pool, void *dest, - const SEC_ASN1Template *t, - const char *buf, long len) +SECStatus +SEC_ASN1Decode(PLArenaPool *pool, void *dest, + const SEC_ASN1Template *t, + const char *buf, long len) { return SEC_ASN1Decode_Util(pool, dest, t, buf, len); } -SECStatus SEC_ASN1DecodeItem(PLArenaPool *pool, void *dest, - const SEC_ASN1Template *t, - const SECItem *src) +SECStatus +SEC_ASN1DecodeItem(PLArenaPool *pool, void *dest, + const SEC_ASN1Template *t, + const SECItem *src) { return SEC_ASN1DecodeItem_Util(pool, dest, t, src); } -SECStatus SEC_QuickDERDecodeItem(PLArenaPool* arena, void* dest, - const SEC_ASN1Template* templateEntry, - const SECItem* src) +SECStatus +SEC_QuickDERDecodeItem(PLArenaPool *arena, void *dest, + const SEC_ASN1Template *templateEntry, + const SECItem *src) { return SEC_QuickDERDecodeItem_Util(arena, dest, templateEntry, src); } -SEC_ASN1EncoderContext *SEC_ASN1EncoderStart(const void *src, - const SEC_ASN1Template *t, - SEC_ASN1WriteProc fn, - void *output_arg) +SEC_ASN1EncoderContext * +SEC_ASN1EncoderStart(const void *src, + const SEC_ASN1Template *t, + SEC_ASN1WriteProc fn, + void *output_arg) { return SEC_ASN1EncoderStart_Util(src, t, fn, output_arg); } -SECStatus SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx, - const char *buf, - unsigned long len) +SECStatus +SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx, + const char *buf, + unsigned long len) { return SEC_ASN1EncoderUpdate_Util(cx, buf, len); } -void SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx) +void +SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx) { SEC_ASN1EncoderFinish_Util(cx); } -void SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error) +void +SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error) { SEC_ASN1EncoderAbort_Util(cx, error); } -void SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx, - SEC_ASN1NotifyProc fn, - void *arg) +void +SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx, + SEC_ASN1NotifyProc fn, + void *arg) { SEC_ASN1EncoderSetNotifyProc_Util(cx, fn, arg); } -void SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx) +void +SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx) { SEC_ASN1EncoderClearNotifyProc_Util(cx); } -void SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx) +void +SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx) { SEC_ASN1EncoderSetStreaming_Util(cx); } -void SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx) +void +SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx) { SEC_ASN1EncoderClearStreaming_Util(cx); } -void SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx) +void +SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx) { SEC_ASN1EncoderSetTakeFromBuf_Util(cx); } -void SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx) +void +SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx) { SEC_ASN1EncoderClearTakeFromBuf_Util(cx); } -SECStatus SEC_ASN1Encode(const void *src, const SEC_ASN1Template *t, - SEC_ASN1WriteProc output_proc, - void *output_arg) +SECStatus +SEC_ASN1Encode(const void *src, const SEC_ASN1Template *t, + SEC_ASN1WriteProc output_proc, + void *output_arg) { return SEC_ASN1Encode_Util(src, t, output_proc, output_arg); } -SECItem * SEC_ASN1EncodeItem(PLArenaPool *pool, SECItem *dest, - const void *src, const SEC_ASN1Template *t) +SECItem * +SEC_ASN1EncodeItem(PLArenaPool *pool, SECItem *dest, + const void *src, const SEC_ASN1Template *t) { return SEC_ASN1EncodeItem_Util(pool, dest, src, t); } -SECItem * SEC_ASN1EncodeInteger(PLArenaPool *pool, - SECItem *dest, long value) +SECItem * +SEC_ASN1EncodeInteger(PLArenaPool *pool, + SECItem *dest, long value) { return SEC_ASN1EncodeInteger_Util(pool, dest, value); } -SECItem * SEC_ASN1EncodeUnsignedInteger(PLArenaPool *pool, - SECItem *dest, - unsigned long value) +SECItem * +SEC_ASN1EncodeUnsignedInteger(PLArenaPool *pool, + SECItem *dest, + unsigned long value) { return SEC_ASN1EncodeUnsignedInteger_Util(pool, dest, value); } -SECStatus SEC_ASN1DecodeInteger(SECItem *src, - unsigned long *value) +SECStatus +SEC_ASN1DecodeInteger(SECItem *src, + unsigned long *value) { return SEC_ASN1DecodeInteger_Util(src, value); } -int SEC_ASN1LengthLength (unsigned long len) +int +SEC_ASN1LengthLength(unsigned long len) { return SEC_ASN1LengthLength_Util(len); } -char *BTOA_DataToAscii(const unsigned char *data, unsigned int len) +char * +BTOA_DataToAscii(const unsigned char *data, unsigned int len) { return BTOA_DataToAscii_Util(data, len); } -unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp) +unsigned char * +ATOB_AsciiToData(const char *string, unsigned int *lenp) { return ATOB_AsciiToData_Util(string, lenp); } - -SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii) + +SECStatus +ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii) { return ATOB_ConvertAsciiToItem_Util(binary_item, ascii); } -char *BTOA_ConvertItemToAscii(SECItem *binary_item) +char * +BTOA_ConvertItemToAscii(SECItem *binary_item) { return BTOA_ConvertItemToAscii_Util(binary_item); } NSSBase64Decoder * -NSSBase64Decoder_Create (PRInt32 (*output_fn) (void *, const unsigned char *, - PRInt32), - void *output_arg) +NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *, + PRInt32), + void *output_arg) { return NSSBase64Decoder_Create_Util(output_fn, output_arg); } NSSBase64Encoder * -NSSBase64Encoder_Create (PRInt32 (*output_fn) (void *, const char *, PRInt32), - void *output_arg) +NSSBase64Encoder_Create(PRInt32 (*output_fn)(void *, const char *, PRInt32), + void *output_arg) { return NSSBase64Encoder_Create_Util(output_fn, output_arg); } SECStatus -NSSBase64Decoder_Update (NSSBase64Decoder *data, const char *buffer, - PRUint32 size) +NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer, + PRUint32 size) { return NSSBase64Decoder_Update_Util(data, buffer, size); } SECStatus -NSSBase64Encoder_Update (NSSBase64Encoder *data, const unsigned char *buffer, - PRUint32 size) +NSSBase64Encoder_Update(NSSBase64Encoder *data, const unsigned char *buffer, + PRUint32 size) { return NSSBase64Encoder_Update_Util(data, buffer, size); } SECStatus -NSSBase64Decoder_Destroy (NSSBase64Decoder *data, PRBool abort_p) +NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p) { return NSSBase64Decoder_Destroy_Util(data, abort_p); } SECStatus -NSSBase64Encoder_Destroy (NSSBase64Encoder *data, PRBool abort_p) +NSSBase64Encoder_Destroy(NSSBase64Encoder *data, PRBool abort_p) { return NSSBase64Encoder_Destroy_Util(data, abort_p); } SECItem * -NSSBase64_DecodeBuffer (PLArenaPool *arenaOpt, SECItem *outItemOpt, - const char *inStr, unsigned int inLen) +NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt, + const char *inStr, unsigned int inLen) { return NSSBase64_DecodeBuffer_Util(arenaOpt, outItemOpt, inStr, inLen); } char * -NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, - unsigned int maxOutLen, SECItem *inItem) +NSSBase64_EncodeItem(PLArenaPool *arenaOpt, char *outStrOpt, + unsigned int maxOutLen, SECItem *inItem) { return NSSBase64_EncodeItem_Util(arenaOpt, outStrOpt, maxOutLen, inItem); } -NSSRWLock* NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) +NSSRWLock * +NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) { return NSSRWLock_New_Util(lock_rank, lock_name); } -void NSSRWLock_Destroy(NSSRWLock *lock) +void +NSSRWLock_Destroy(NSSRWLock *lock) { NSSRWLock_Destroy_Util(lock); } -void NSSRWLock_LockRead(NSSRWLock *lock) +void +NSSRWLock_LockRead(NSSRWLock *lock) { NSSRWLock_LockRead_Util(lock); } -void NSSRWLock_LockWrite(NSSRWLock *lock) +void +NSSRWLock_LockWrite(NSSRWLock *lock) { NSSRWLock_LockWrite_Util(lock); } -void NSSRWLock_UnlockRead(NSSRWLock *lock) +void +NSSRWLock_UnlockRead(NSSRWLock *lock) { NSSRWLock_UnlockRead_Util(lock); } -void NSSRWLock_UnlockWrite(NSSRWLock *lock) +void +NSSRWLock_UnlockWrite(NSSRWLock *lock) { NSSRWLock_UnlockWrite_Util(lock); } -PRBool NSSRWLock_HaveWriteLock(NSSRWLock *rwlock) +PRBool +NSSRWLock_HaveWriteLock(NSSRWLock *rwlock) { return NSSRWLock_HaveWriteLock_Util(rwlock); } -SECStatus __nss_InitLock( PZLock **ppLock, nssILockType ltype ) +SECStatus +__nss_InitLock(PZLock **ppLock, nssILockType ltype) { PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return SECFailure; @@ -791,4 +868,3 @@ SECStatus __nss_InitLock( PZLock **ppLock, nssILockType ltype ) #undef sgn_DigestInfoTemplate #include "templates.c" - |