| Index: mozilla/security/nss/lib/certhigh/certvfy.c |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/certhigh/certvfy.c,v |
| retrieving revision 1.69 |
| diff -p -u -8 -r1.69 certvfy.c |
| --- mozilla/security/nss/lib/certhigh/certvfy.c 13 Mar 2009 02:59:04 -0000 1.69 |
| +++ mozilla/security/nss/lib/certhigh/certvfy.c 9 Jan 2010 03:02:21 -0000 |
| @@ -40,27 +40,71 @@ |
| #include "secoid.h" |
| #include "sslerr.h" |
| #include "genname.h" |
| #include "keyhi.h" |
| #include "cert.h" |
| #include "certdb.h" |
| #include "certi.h" |
| #include "cryptohi.h" |
| +#define NO_LIBPKIX |
| +#ifndef NO_LIBPKIX |
| #include "pkix.h" |
| /*#include "pkix_sample_modules.h" */ |
| #include "pkix_pl_cert.h" |
| +#endif /* NO_LIBPKIX */ |
| |
| |
| #include "nsspki.h" |
| #include "pkitm.h" |
| #include "pkim.h" |
| #include "pki3hack.h" |
| #include "base.h" |
| |
| +#ifdef NO_LIBPKIX |
| +SECStatus |
| +cert_VerifyCertChainPkix( |
| + CERTCertificate *cert, |
| + PRBool checkSig, |
| + SECCertUsage requiredUsage, |
| + PRTime time, |
| + void *wincx, |
| + CERTVerifyLog *log, |
| + PRBool *pSigerror, |
| + PRBool *pRevoked) |
| +{ |
| + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
| + return SECFailure; |
| +} |
| + |
| +SECStatus |
| +CERT_SetUsePKIXForValidation(PRBool enable) |
| +{ |
| + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
| + return SECFailure; |
| +} |
| + |
| +PRBool |
| +CERT_GetUsePKIXForValidation() |
| +{ |
| + return PR_FALSE; |
| +} |
| + |
| +SECStatus CERT_PKIXVerifyCert( |
| + CERTCertificate *cert, |
| + SECCertificateUsage usages, |
| + CERTValInParam *paramsIn, |
| + CERTValOutParam *paramsOut, |
| + void *wincx) |
| +{ |
| + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
| + return SECFailure; |
| +} |
| +#endif /* NO_LIBPKIX */ |
| + |
| /* |
| * Check the validity times of a certificate |
| */ |
| SECStatus |
| CERT_CertTimesValid(CERTCertificate *c) |
| { |
| SECCertTimeValidity valid = CERT_CheckCertValidTimes(c, PR_Now(), PR_TRUE); |
| return (valid == secCertTimeValid) ? SECSuccess : SECFailure; |
| Index: mozilla/security/nss/lib/freebl/blapii.h |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/freebl/blapii.h,v |
| retrieving revision 1.1 |
| diff -p -u -8 -r1.1 blapii.h |
| --- mozilla/security/nss/lib/freebl/blapii.h 3 Feb 2009 05:34:40 -0000 1.1 |
| +++ mozilla/security/nss/lib/freebl/blapii.h 9 Jan 2010 03:02:21 -0000 |
| @@ -39,19 +39,19 @@ |
| #define _BLAPII_H_ |
| |
| #include "blapit.h" |
| |
| SEC_BEGIN_PROTOS |
| |
| #if defined(XP_UNIX) && !defined(NO_CHECK_FORK) |
| |
| -extern PRBool parentForkedAfterC_Initialize; |
| +extern PRBool bl_parentForkedAfterC_Initialize; |
| |
| -#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x |
| +#define SKIP_AFTER_FORK(x) if (!bl_parentForkedAfterC_Initialize) x |
| |
| #else |
| |
| #define SKIP_AFTER_FORK(x) x |
| |
| #endif |
| |
| SEC_END_PROTOS |
| Index: mozilla/security/nss/lib/freebl/rsa.c |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/freebl/rsa.c,v |
| retrieving revision 1.39 |
| diff -p -u -8 -r1.39 rsa.c |
| --- mozilla/security/nss/lib/freebl/rsa.c 3 Feb 2009 05:34:41 -0000 1.39 |
| +++ mozilla/security/nss/lib/freebl/rsa.c 9 Jan 2010 03:02:22 -0000 |
| @@ -967,18 +967,25 @@ void RSA_Cleanup(void) |
| * free_bl may have allocated along the way. Currently only RSA does this, |
| * so I've put it here for now. |
| */ |
| void BL_Cleanup(void) |
| { |
| RSA_Cleanup(); |
| } |
| |
| -PRBool parentForkedAfterC_Initialize; |
| +#if 1 /* STATIC LIBRARIES */ |
| +void |
| +BL_Unload(void) |
| +{ |
| +} |
| +#endif |
| + |
| +PRBool bl_parentForkedAfterC_Initialize; |
| |
| /* |
| * Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms. |
| */ |
| void BL_SetForkState(PRBool forked) |
| { |
| - parentForkedAfterC_Initialize = forked; |
| + bl_parentForkedAfterC_Initialize = forked; |
| } |
| |
| Index: mozilla/security/nss/lib/freebl/shvfy.c |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/freebl/shvfy.c,v |
| retrieving revision 1.11 |
| diff -p -u -8 -r1.11 shvfy.c |
| --- mozilla/security/nss/lib/freebl/shvfy.c 18 Nov 2008 19:48:24 -0000 1.11 |
| +++ mozilla/security/nss/lib/freebl/shvfy.c 9 Jan 2010 03:02:22 -0000 |
| @@ -97,19 +97,29 @@ readItem(PRFileDesc *fd, SECItem *item) |
| PORT_Free(item->data); |
| item->data = NULL; |
| item->len = 0; |
| return SECFailure; |
| } |
| return SECSuccess; |
| } |
| |
| +/* |
| + * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g., |
| + * if you're using NSS as static libraries), but want to confirm to the |
| + * rest of the FIPS requirements. |
| + */ |
| +#define PSEUDO_FIPS |
| + |
| PRBool |
| BLAPI_SHVerify(const char *name, PRFuncPtr addr) |
| { |
| +#ifdef PSEUDO_FIPS |
| + return PR_TRUE; /* a lie, hence *pseudo* FIPS */ |
| +#else |
| /* find our shared library name */ |
| char *shName = PR_GetLibraryFilePathname(name, addr); |
| char *checkName = NULL; |
| PRFileDesc *checkFD = NULL; |
| PRFileDesc *shFD = NULL; |
| SHA1Context *hashcx = NULL; |
| SECItem signature = { 0, NULL, 0 }; |
| SECItem hash; |
| @@ -282,19 +292,23 @@ loser: |
| if (key.params.base.data != NULL) { |
| PORT_Free(key.params.base.data); |
| } |
| if (key.publicValue.data != NULL) { |
| PORT_Free(key.publicValue.data); |
| } |
| |
| return result; |
| +#endif /* PSEUDO_FIPS */ |
| } |
| |
| PRBool |
| BLAPI_VerifySelf(const char *name) |
| { |
| - /* to separate shlib to verify if name is NULL */ |
| if (name == NULL) { |
| + /* |
| + * If name is NULL, freebl is statically linked into softoken. |
| + * softoken will call BLAPI_SHVerify next to verify itself. |
| + */ |
| return PR_TRUE; |
| } |
| return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt); |
| } |
| Index: mozilla/security/nss/lib/nss/nssinit.c |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/nss/nssinit.c,v |
| retrieving revision 1.103 |
| diff -p -u -8 -r1.103 nssinit.c |
| --- mozilla/security/nss/lib/nss/nssinit.c 29 Oct 2009 21:33:10 -0000 1.103 |
| +++ mozilla/security/nss/lib/nss/nssinit.c 9 Jan 2010 03:02:22 -0000 |
| @@ -49,19 +49,22 @@ |
| #include "ssl.h" |
| #include "sslproto.h" |
| #include "secmod.h" |
| #include "secoid.h" |
| #include "nss.h" |
| #include "pk11func.h" |
| #include "secerr.h" |
| #include "nssbase.h" |
| +#define NO_LIBPKIX |
| +#ifndef NO_LIBPKIX |
| #include "pkixt.h" |
| #include "pkix.h" |
| #include "pkix_tools.h" |
| +#endif /* NO_LIBPKIX */ |
| |
| #include "pki3hack.h" |
| #include "certi.h" |
| #include "secmodi.h" |
| #include "ocspti.h" |
| #include "ocspi.h" |
| |
| /* |
| @@ -532,18 +535,20 @@ nss_Init(const char *configdir, const ch |
| NSSInitParameters *initParams, |
| PRBool readOnly, PRBool noCertDB, |
| PRBool noModDB, PRBool forceOpen, PRBool noRootInit, |
| PRBool optimizeSpace, PRBool noSingleThreadedModules, |
| PRBool allowAlreadyInitializedModules, |
| PRBool dontFinalizeModules) |
| { |
| SECStatus rv = SECFailure; |
| +#ifndef NO_LIBPKIX |
| PKIX_UInt32 actualMinorVersion = 0; |
| PKIX_Error *pkixError = NULL; |
| +#endif |
| PRBool isReallyInitted; |
| char *configStrings = NULL; |
| char *configName = NULL; |
| PRBool passwordRequired = PR_FALSE; |
| |
| /* if we are trying to init with a traditional NSS_Init call, maintain |
| * the traditional idempotent behavior. */ |
| if (!initContextPtr && nssIsInitted) { |
| @@ -662,28 +667,30 @@ nss_Init(const char *configdir, const ch |
| nss_FindExternalRoot(dbpath, secmodName); |
| } |
| } |
| } |
| |
| pk11sdr_Init(); |
| cert_CreateSubjectKeyIDHashTable(); |
| |
| +#ifndef NO_LIBPKIX |
| pkixError = PKIX_Initialize |
| (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, |
| PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); |
| |
| if (pkixError != NULL) { |
| goto loser; |
| } else { |
| char *ev = getenv("NSS_ENABLE_PKIX_VERIFY"); |
| if (ev && ev[0]) { |
| CERT_SetUsePKIXForValidation(PR_TRUE); |
| } |
| } |
| +#endif /* NO_LIBPKIX */ |
| |
| |
| } |
| |
| /* |
| * Now mark the appropriate init state. If initContextPtr was passed |
| * in, then return the new context pointer and add it to the |
| * nssInitContextList. Otherwise set the global nss_isInitted flag |
| @@ -1026,17 +1033,19 @@ nss_Shutdown(void) |
| |
| rv = nss_ShutdownShutdownList(); |
| if (rv != SECSuccess) { |
| shutdownRV = SECFailure; |
| } |
| cert_DestroyLocks(); |
| ShutdownCRLCache(); |
| OCSP_ShutdownGlobal(); |
| +#ifndef NO_LIBPKIX |
| PKIX_Shutdown(plContext); |
| +#endif |
| SECOID_Shutdown(); |
| status = STAN_Shutdown(); |
| cert_DestroySubjectKeyIDHashTable(); |
| pk11_SetInternalKeySlot(NULL); |
| rv = SECMOD_Shutdown(); |
| if (rv != SECSuccess) { |
| shutdownRV = SECFailure; |
| } |
| Index: mozilla/security/nss/lib/pk11wrap/pk11load.c |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v |
| retrieving revision 1.28 |
| diff -p -u -8 -r1.28 pk11load.c |
| --- mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Oct 2009 09:44:45 -0000 1.28 |
| +++ mozilla/security/nss/lib/pk11wrap/pk11load.c 9 Jan 2010 03:02:22 -0000 |
| @@ -344,46 +344,54 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, |
| mod->slotInfo = psi_list; |
| mod->slotInfoCount++; |
| |
| } |
| psi->hasRootCerts = 1; |
| } |
| } |
| |
| +#if 1 /* STATIC LIBRARIES */ |
| +extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); |
| +extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); |
| +extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args); |
| +#else |
| static const char* my_shlib_name = |
| SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX; |
| static const char* softoken_shlib_name = |
| SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX; |
| static const PRCallOnceType pristineCallOnce; |
| static PRCallOnceType loadSoftokenOnce; |
| static PRLibrary* softokenLib; |
| static PRInt32 softokenLoadCount; |
| +#endif /* STATIC LIBRARIES */ |
| |
| #include "prio.h" |
| #include "prprf.h" |
| #include <stdio.h> |
| #include "prsystem.h" |
| |
| +#if 0 /* STATIC LIBRARIES */ |
| /* This function must be run only once. */ |
| /* determine if hybrid platform, then actually load the DSO. */ |
| static PRStatus |
| softoken_LoadDSO( void ) |
| { |
| PRLibrary * handle; |
| |
| handle = PORT_LoadLibraryFromOrigin(my_shlib_name, |
| (PRFuncPtr) &softoken_LoadDSO, |
| softoken_shlib_name); |
| if (handle) { |
| softokenLib = handle; |
| return PR_SUCCESS; |
| } |
| return PR_FAILURE; |
| } |
| +#endif /* STATIC LIBRARIES */ |
| |
| /* |
| * load a new module into our address space and initialize it. |
| */ |
| SECStatus |
| secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) { |
| PRLibrary *library = NULL; |
| CK_C_GetFunctionList entry = NULL; |
| @@ -393,16 +401,26 @@ secmod_LoadPKCS11Module(SECMODModule *mo |
| SECStatus rv; |
| PRBool alreadyLoaded = PR_FALSE; |
| char *disableUnload = NULL; |
| |
| if (mod->loaded) return SECSuccess; |
| |
| /* intenal modules get loaded from their internal list */ |
| if (mod->internal && (mod->dllName == NULL)) { |
| +#if 1 /* STATIC LIBRARIES */ |
| + if (mod->isFIPS) { |
| + entry = FC_GetFunctionList; |
| + } else { |
| + entry = NSC_GetFunctionList; |
| + } |
| + if (mod->isModuleDB) { |
| + mod->moduleDBFunc = NSC_ModuleDBFunc; |
| + } |
| +#else |
| /* |
| * Loads softoken as a dynamic library, |
| * even though the rest of NSS assumes this as the "internal" module. |
| */ |
| if (!softokenLib && |
| PR_SUCCESS != PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO)) |
| return SECFailure; |
| |
| @@ -418,16 +436,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo |
| |
| if (!entry) |
| return SECFailure; |
| |
| if (mod->isModuleDB) { |
| mod->moduleDBFunc = (CK_C_GetFunctionList) |
| PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc"); |
| } |
| +#endif |
| |
| if (mod->moduleDBOnly) { |
| mod->loaded = PR_TRUE; |
| return SECSuccess; |
| } |
| } else { |
| /* Not internal, load the DLL and look up C_GetFunctionList */ |
| if (mod->dllName == NULL) { |
| @@ -587,27 +606,29 @@ SECMOD_UnloadModule(SECMODModule *mod) { |
| } |
| mod->moduleID = 0; |
| mod->loaded = PR_FALSE; |
| |
| /* do we want the semantics to allow unloading the internal library? |
| * if not, we should change this to SECFailure and move it above the |
| * mod->loaded = PR_FALSE; */ |
| if (mod->internal) { |
| +#if 0 /* STATIC LIBRARIES */ |
| if (0 == PR_AtomicDecrement(&softokenLoadCount)) { |
| if (softokenLib) { |
| disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); |
| if (!disableUnload) { |
| PRStatus status = PR_UnloadLibrary(softokenLib); |
| PORT_Assert(PR_SUCCESS == status); |
| } |
| softokenLib = NULL; |
| } |
| loadSoftokenOnce = pristineCallOnce; |
| } |
| +#endif |
| return SECSuccess; |
| } |
| |
| library = (PRLibrary *)mod->library; |
| /* paranoia */ |
| if (library == NULL) { |
| return SECFailure; |
| } |
| Index: mozilla/security/nss/lib/softoken/lgglue.c |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/softoken/lgglue.c,v |
| retrieving revision 1.13 |
| diff -p -u -8 -r1.13 lgglue.c |
| --- mozilla/security/nss/lib/softoken/lgglue.c 16 Apr 2009 18:19:26 -0000 1.13 |
| +++ mozilla/security/nss/lib/softoken/lgglue.c 9 Jan 2010 03:02:23 -0000 |
| @@ -50,16 +50,17 @@ |
| |
| static LGOpenFunc legacy_glue_open = NULL; |
| static LGReadSecmodFunc legacy_glue_readSecmod = NULL; |
| static LGReleaseSecmodFunc legacy_glue_releaseSecmod = NULL; |
| static LGDeleteSecmodFunc legacy_glue_deleteSecmod = NULL; |
| static LGAddSecmodFunc legacy_glue_addSecmod = NULL; |
| static LGShutdownFunc legacy_glue_shutdown = NULL; |
| |
| +#if 0 /* STATIC LIBRARIES */ |
| /* |
| * The following 3 functions duplicate the work done by bl_LoadLibrary. |
| * We should make bl_LoadLibrary a global and replace the call to |
| * sftkdb_LoadLibrary(const char *libname) with it. |
| */ |
| #ifdef XP_UNIX |
| #include <unistd.h> |
| #define LG_MAX_LINKS 20 |
| @@ -187,16 +188,17 @@ done: |
| PRLibSpec libSpec; |
| libSpec.type = PR_LibSpec_Pathname; |
| libSpec.value.pathname = libname; |
| lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL); |
| } |
| |
| return lib; |
| } |
| +#endif /* STATIC LIBRARIES */ |
| |
| /* |
| * stub files for legacy db's to be able to encrypt and decrypt |
| * various keys and attributes. |
| */ |
| static SECStatus |
| sftkdb_encrypt_stub(PRArenaPool *arena, SDB *sdb, SECItem *plainText, |
| SECItem **cipherText) |
| @@ -299,16 +301,33 @@ sftkdbLoad_Legacy(PRBool isFIPS) |
| * get cleared in shutdown */ |
| return SECFailure; |
| } |
| legacy_glue_libCheckSucceeded = PR_TRUE; |
| } |
| return SECSuccess; |
| } |
| |
| +#undef TRY_TO_USE_NSSDBM |
| +#if 1 /* STATIC LIBRARIES */ |
| +#ifdef TRY_TO_USE_NSSDBM |
| + lib = (PRLibrary *) 0x8; |
| + |
| + legacy_glue_open = legacy_Open; |
| + legacy_glue_readSecmod = legacy_ReadSecmodDB; |
| + legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData; |
| + legacy_glue_deleteSecmod = legacy_DeleteSecmodDB; |
| + legacy_glue_addSecmod = legacy_AddSecmodDB; |
| + legacy_glue_shutdown = legacy_Shutdown; |
| + setCryptFunction = legacy_SetCryptFunctions; |
| +#else |
| + fprintf(stderr, "NSSDBM omitted!\n"); |
| + return SECFailure; |
| +#endif |
| +#else |
| lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME); |
| if (lib == NULL) { |
| return SECFailure; |
| } |
| |
| legacy_glue_open = (LGOpenFunc)PR_FindFunctionSymbol(lib, "legacy_Open"); |
| legacy_glue_readSecmod = (LGReadSecmodFunc) PR_FindFunctionSymbol(lib, |
| "legacy_ReadSecmodDB"); |
| @@ -324,21 +343,24 @@ sftkdbLoad_Legacy(PRBool isFIPS) |
| "legacy_SetCryptFunctions"); |
| |
| if (!legacy_glue_open || !legacy_glue_readSecmod || |
| !legacy_glue_releaseSecmod || !legacy_glue_deleteSecmod || |
| !legacy_glue_addSecmod || !setCryptFunction) { |
| PR_UnloadLibrary(lib); |
| return SECFailure; |
| } |
| +#endif /* STATIC LIBRARIES */ |
| |
| /* verify the loaded library if we are in FIPS mode */ |
| if (isFIPS) { |
| if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { |
| +#if 0 /* STATIC LIBRARIES */ |
| PR_UnloadLibrary(lib); |
| +#endif |
| return SECFailure; |
| } |
| legacy_glue_libCheckSucceeded = PR_TRUE; |
| } |
| |
| setCryptFunction(sftkdb_encrypt_stub,sftkdb_decrypt_stub); |
| legacy_glue_lib = lib; |
| return SECSuccess; |
| @@ -445,20 +467,22 @@ sftkdbCall_Shutdown(void) |
| return CKR_OK; |
| } |
| if (legacy_glue_shutdown) { |
| #ifdef NO_FORK_CHECK |
| PRBool parentForkedAfterC_Initialize = PR_FALSE; |
| #endif |
| crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize); |
| } |
| +#if 0 /* STATIC LIBRARIES */ |
| disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); |
| if (!disableUnload) { |
| PR_UnloadLibrary(legacy_glue_lib); |
| } |
| +#endif |
| legacy_glue_lib = NULL; |
| legacy_glue_open = NULL; |
| legacy_glue_readSecmod = NULL; |
| legacy_glue_releaseSecmod = NULL; |
| legacy_glue_deleteSecmod = NULL; |
| legacy_glue_addSecmod = NULL; |
| legacy_glue_libCheckFailed = PR_FALSE; |
| legacy_glue_libCheckSucceeded = PR_FALSE; |
| Index: mozilla/security/nss/lib/softoken/lgglue.h |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/softoken/lgglue.h,v |
| retrieving revision 1.4 |
| diff -p -u -8 -r1.4 lgglue.h |
| --- mozilla/security/nss/lib/softoken/lgglue.h 16 Apr 2009 18:19:26 -0000 1.4 |
| +++ mozilla/security/nss/lib/softoken/lgglue.h 9 Jan 2010 03:02:23 -0000 |
| @@ -65,16 +65,35 @@ typedef SECStatus (*LGDeleteSecmodFunc)( |
| const char *dbname, char *params, PRBool rw); |
| typedef SECStatus (*LGAddSecmodFunc)(const char *appName, |
| const char *filename, |
| const char *dbname, char *params, PRBool rw); |
| typedef SECStatus (*LGShutdownFunc)(PRBool forked); |
| typedef void (*LGSetForkStateFunc)(PRBool); |
| typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc); |
| |
| +extern CK_RV legacy_Open(const char *dir, const char *certPrefix, |
| + const char *keyPrefix, |
| + int certVersion, int keyVersion, int flags, |
| + SDB **certDB, SDB **keyDB); |
| +extern char ** legacy_ReadSecmodDB(const char *appName, |
| + const char *filename, |
| + const char *dbname, char *params, PRBool rw); |
| +extern SECStatus legacy_ReleaseSecmodDBData(const char *appName, |
| + const char *filename, |
| + const char *dbname, char **params, PRBool rw); |
| +extern SECStatus legacy_DeleteSecmodDB(const char *appName, |
| + const char *filename, |
| + const char *dbname, char *params, PRBool rw); |
| +extern SECStatus legacy_AddSecmodDB(const char *appName, |
| + const char *filename, |
| + const char *dbname, char *params, PRBool rw); |
| +extern SECStatus legacy_Shutdown(PRBool forked); |
| +extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc); |
| + |
| /* |
| * Softoken Glue Functions |
| */ |
| CK_RV sftkdbCall_open(const char *dir, const char *certPrefix, |
| const char *keyPrefix, |
| int certVersion, int keyVersion, int flags, PRBool isFIPS, |
| SDB **certDB, SDB **keyDB); |
| char ** sftkdbCall_ReadSecmodDB(const char *appName, const char *filename, |
| Index: mozilla/security/nss/lib/util/secport.h |
| =================================================================== |
| RCS file: /cvsroot/mozilla/security/nss/lib/util/secport.h,v |
| retrieving revision 1.23 |
| diff -p -u -8 -r1.23 secport.h |
| --- mozilla/security/nss/lib/util/secport.h 30 Oct 2009 09:44:47 -0000 1.23 |
| +++ mozilla/security/nss/lib/util/secport.h 9 Jan 2010 03:02:23 -0000 |
| @@ -238,16 +238,17 @@ sec_port_iso88591_utf8_conversion_functi |
| unsigned int maxOutBufLen, |
| unsigned int *outBufLen |
| ); |
| |
| extern int NSS_PutEnv(const char * envVarName, const char * envValue); |
| |
| extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n); |
| |
| +#if 0 /* STATIC LIBRARIES */ |
| /* |
| * Load a shared library called "newShLibName" in the same directory as |
| * a shared library that is already loaded, called existingShLibName. |
| * A pointer to a static function in that shared library, |
| * staticShLibFunc, is required. |
| * |
| * existingShLibName: |
| * The file name of the shared library that shall be used as the |
| @@ -272,12 +273,13 @@ extern int NSS_SecureMemcmp(const void * |
| * |
| * If the new shared library is not found in the same location as the reference |
| * library, it will then be loaded from the normal system library path. |
| */ |
| PRLibrary * |
| PORT_LoadLibraryFromOrigin(const char* existingShLibName, |
| PRFuncPtr staticShLibFunc, |
| const char *newShLibName); |
| +#endif /* STATIC LIBRARIES */ |
| |
| SEC_END_PROTOS |
| |
| #endif /* _SECPORT_H_ */ |