Skip to content

Commit

Permalink
Bug 1227795 - Add NSS_DISABLE_LIBPKIX to allow compiling without libp…
Browse files Browse the repository at this point in the history 
…kix, r=franziskus,wtc
  • Loading branch information
Eugen Sawin committed Jun 22, 2016
1 parent 4a3206d commit c678b5f
Show file tree
Hide file tree
Showing 9 changed files with 101 additions and 5 deletions.
8 changes: 7 additions & 1 deletion cmd/manifest.mn
View file
Expand Up @@ -58,7 +58,6 @@ NSS_SRCDIRS = \
pk11gcmtest \
pk11mode \
pk1sign \
pkix-errcodes \
pp \
pwdecrypt \
rsaperf \
Expand All @@ -76,6 +75,13 @@ NSS_SRCDIRS = \
vfyserv \
modutil \
$(NULL)

ifndef NSS_DISABLE_LIBPKIX
NSS_SRCDIRS += \
pkix-errcodes \
$(NULL)
endif

endif
endif

Expand Down
2 changes: 2 additions & 0 deletions cmd/platlibs.mk
View file
Expand Up @@ -51,6 +51,7 @@ EXTRA_SHARED_LIBS += \
$(NULL)
endif

ifndef NSS_DISABLE_LIBPKIX
ifndef NSS_BUILD_SOFTOKEN_ONLY
PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
Expand All @@ -66,6 +67,7 @@ PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixresults.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
endif
endif

NSS_LIBS_1=
SECTOOL_LIB=
Expand Down
4 changes: 4 additions & 0 deletions coreconf/config.mk
View file
Expand Up @@ -162,6 +162,10 @@ ifdef BUILD_LIBPKIX_TESTS
DEFINES += -DBUILD_LIBPKIX_TESTS
endif

ifdef NSS_DISABLE_LIBPKIX
DEFINES += -DNSS_DISABLE_LIBPKIX
endif

ifdef NSS_DISABLE_DBM
DEFINES += -DNSS_DISABLE_DBM
endif
Expand Down
4 changes: 4 additions & 0 deletions lib/Makefile
View file
Expand Up @@ -50,6 +50,10 @@ ifeq ($(NSS_BUILD_UTIL_ONLY),1)
SYSINIT_SRCDIR=
endif

ifndef NSS_DISABLE_LIBPKIX
LIBPKIX_SRCDIR = libpkix # Add the libpkix directory to DIRS.
endif

#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
Expand Down
6 changes: 5 additions & 1 deletion lib/certhigh/certvfy.c
View file
Expand Up @@ -12,9 +12,13 @@
#include "certdb.h"
#include "certi.h"
#include "cryptohi.h"

#ifndef NSS_DISABLE_LIBPKIX
#include "pkix.h"
/*#include "pkix_sample_modules.h" */
#include "pkix_pl_cert.h"
#else
#include "nss.h"
#endif /* NSS_DISABLE_LIBPKIX */

#include "nsspki.h"
#include "pkitm.h"
Expand Down
61 changes: 61 additions & 0 deletions lib/certhigh/certvfypkix.c
View file
Expand Up @@ -23,6 +23,7 @@
#include "secder.h"
#include "pkit.h"

#ifndef NSS_DISABLE_LIBPKIX
#include "pkix_pl_common.h"

extern PRLogModuleInfo *pkixLog;
Expand All @@ -39,6 +40,7 @@ PRInt32 parallelFnInvocationCount;
#endif /* PKIX_OBJECT_LEAK_TEST */

static PRBool usePKIXValidationEngine = PR_FALSE;
#endif /* NSS_DISABLE_LIBPKIX */

/*
* FUNCTION: CERT_SetUsePKIXForValidation
Expand All @@ -58,8 +60,13 @@ static PRBool usePKIXValidationEngine = PR_FALSE;
SECStatus
CERT_SetUsePKIXForValidation(PRBool enable)
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
#else
usePKIXValidationEngine = (enable > 0) ? PR_TRUE : PR_FALSE;
return SECSuccess;
#endif /* NSS_DISABLE_LIBPKIX */
}

/*
Expand All @@ -79,9 +86,14 @@ CERT_SetUsePKIXForValidation(PRBool enable)
PRBool
CERT_GetUsePKIXForValidation()
{
#ifdef NSS_DISABLE_LIBPKIX
return PR_FALSE;
#else
return usePKIXValidationEngine;
#endif /* NSS_DISABLE_LIBPKIX */
}

#ifndef NSS_DISABLE_LIBPKIX
#ifdef NOTDEF
/*
* FUNCTION: cert_NssKeyUsagesToPkix
Expand Down Expand Up @@ -1062,6 +1074,7 @@ cert_GetBuildResults(

PKIX_RETURN(CERTVFYPKIX);
}
#endif /* NSS_DISABLE_LIBPKIX */

/*
* FUNCTION: cert_VerifyCertChainPkix
Expand Down Expand Up @@ -1108,6 +1121,10 @@ cert_VerifyCertChainPkix(
PRBool *pSigerror,
PRBool *pRevoked)
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
#else
PKIX_ProcessingParams *procParams = NULL;
PKIX_BuildResult *result = NULL;
PKIX_VerifyNode *verifyNode = NULL;
Expand Down Expand Up @@ -1226,8 +1243,10 @@ cert_VerifyCertChainPkix(
#endif /* PKIX_OBJECT_LEAK_TEST */

return rv;
#endif /* NSS_DISABLE_LIBPKIX */
}

#ifndef NSS_DISABLE_LIBPKIX
PKIX_CertSelector *
cert_GetTargetCertConstraints(CERTCertificate *target, void *plContext)
{
Expand Down Expand Up @@ -1756,13 +1775,20 @@ static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy = {
0,
0 }
};
#endif /* NSS_DISABLE_LIBPKIX */

extern const CERTRevocationFlags *
CERT_GetClassicOCSPEnabledSoftFailurePolicy()
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
#else
return &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy;
#endif /* NSS_DISABLE_LIBPKIX */
}

#ifndef NSS_DISABLE_LIBPKIX
static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD |
Expand Down Expand Up @@ -1801,13 +1827,20 @@ static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy = {
0,
0 }
};
#endif /* NSS_DISABLE_LIBPKIX */

extern const CERTRevocationFlags *
CERT_GetClassicOCSPEnabledHardFailurePolicy()
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
#else
return &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy;
#endif /* NSS_DISABLE_LIBPKIX */
}

#ifndef NSS_DISABLE_LIBPKIX
static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD |
Expand Down Expand Up @@ -1840,13 +1873,20 @@ static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Disabled_Policy = {
0,
0 }
};
#endif /* NSS_DISABLE_LIBPKIX */

extern const CERTRevocationFlags *
CERT_GetClassicOCSPDisabledPolicy()
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
#else
return &certRev_NSS_3_11_Ocsp_Disabled_Policy;
#endif /* NSS_DISABLE_LIBPKIX */
}

#ifndef NSS_DISABLE_LIBPKIX
static PRUint64 certRev_PKIX_Verify_Nist_Policy_LeafFlags[2] = {
/* crl */
CERT_REV_M_TEST_USING_THIS_METHOD |
Expand Down Expand Up @@ -1879,18 +1919,28 @@ static const CERTRevocationFlags certRev_PKIX_Verify_Nist_Policy = {
0,
0 }
};
#endif /* NSS_DISABLE_LIBPKIX */

extern const CERTRevocationFlags *
CERT_GetPKIXVerifyNistRevocationPolicy()
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
#else
return &certRev_PKIX_Verify_Nist_Policy;
#endif /* NSS_DISABLE_LIBPKIX */
}

CERTRevocationFlags *
CERT_AllocCERTRevocationFlags(
PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods)
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
#else
CERTRevocationFlags *flags;

flags = PORT_New(CERTRevocationFlags);
Expand Down Expand Up @@ -1922,11 +1972,16 @@ CERT_AllocCERTRevocationFlags(
}

return flags;
#endif /* NSS_DISABLE_LIBPKIX */
}

void
CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return;
#else
if (!flags)
return;

Expand All @@ -1943,6 +1998,7 @@ CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
PORT_Free(flags->chainTests.preferred_methods);

PORT_Free(flags);
#endif /* NSS_DISABLE_LIBPKIX */
}

/*
Expand Down Expand Up @@ -1978,6 +2034,10 @@ CERT_PKIXVerifyCert(
CERTValOutParam *paramsOut,
void *wincx)
{
#ifdef NSS_DISABLE_LIBPKIX
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
#else
SECStatus r = SECFailure;
PKIX_Error *error = NULL;
PKIX_ProcessingParams *procParams = NULL;
Expand Down Expand Up @@ -2241,4 +2301,5 @@ CERT_PKIXVerifyCert(
#endif /* PKIX_OBJECT_LEAK_TEST */

return r;
#endif /* NSS_DISABLE_LIBPKIX */
}
2 changes: 1 addition & 1 deletion lib/manifest.mn
View file
Expand Up @@ -27,7 +27,7 @@ ifndef NSS_BUILD_SOFTOKEN_ONLY
# the rest of nss
NSS_SRCDIRS = \
base dev pki \
libpkix \
$(LIBPKIX_SRCDIR) \
certdb certhigh pk11wrap cryptohi nss \
$(ZLIB_SRCDIR) ssl \
pkcs7 pkcs12 smime \
Expand Down
5 changes: 5 additions & 0 deletions lib/nss/config.mk
View file
Expand Up @@ -79,6 +79,10 @@ SHARED_LIBRARY_DIRS = \
../pki \
../dev \
../base \
$(NULL)

ifndef NSS_DISABLE_LIBPKIX
SHARED_LIBRARY_DIRS += \
../libpkix/pkix/certsel \
../libpkix/pkix/checker \
../libpkix/pkix/params \
Expand All @@ -91,6 +95,7 @@ SHARED_LIBRARY_DIRS = \
../libpkix/pkix_pl_nss/system \
../libpkix/pkix_pl_nss/module \
$(NULL)
endif

ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
ifndef NS_USE_GCC
Expand Down
14 changes: 12 additions & 2 deletions lib/nss/nssinit.c
View file
Expand Up @@ -20,9 +20,12 @@
#include "secerr.h"
#include "nssbase.h"
#include "nssutil.h"

#ifndef NSS_DISABLE_LIBPKIX
#include "pkixt.h"
#include "pkix.h"
#include "pkix_tools.h"
#endif /* NSS_DISABLE_LIBPKIX */

#include "pki3hack.h"
#include "certi.h"
Expand Down Expand Up @@ -481,7 +484,10 @@ nss_InitModules(const char *configdir, const char *certPrefix,

static PRBool nssIsInitted = PR_FALSE;
static NSSInitContext *nssInitContextList = NULL;

#ifndef NSS_DISABLE_LIBPKIX
static void* plContext = NULL;
#endif /* NSS_DISABLE_LIBPKIX */

struct NSSInitContextStr {
NSSInitContext *next;
Expand Down Expand Up @@ -526,8 +532,10 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
PRBool dontFinalizeModules)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_LIBPKIX
PKIX_UInt32 actualMinorVersion = 0;
PKIX_Error *pkixError = NULL;
#endif /* NSS_DISABLE_LIBPKIX */
PRBool isReallyInitted;
char *configStrings = NULL;
char *configName = NULL;
Expand Down Expand Up @@ -684,6 +692,7 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
pk11sdr_Init();
cert_CreateSubjectKeyIDHashTable();

#ifndef NSS_DISABLE_LIBPKIX
pkixError = PKIX_Initialize
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
Expand All @@ -696,8 +705,7 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
CERT_SetUsePKIXForValidation(PR_TRUE);
}
}


#endif /* NSS_DISABLE_LIBPKIX */
}

/*
Expand Down Expand Up @@ -1080,7 +1088,9 @@ nss_Shutdown(void)
cert_DestroyLocks();
ShutdownCRLCache();
OCSP_ShutdownGlobal();
#ifndef NSS_DISABLE_LIBPKIX
PKIX_Shutdown(plContext);
#endif /* NSS_DISABLE_LIBPKIX */
SECOID_Shutdown();
status = STAN_Shutdown();
cert_DestroySubjectKeyIDHashTable();
Expand Down

0 comments on commit c678b5f

Please sign in to comment.