From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 6 Feb 2018 11:46:26 +0100 Subject: Update NSS to 3.32.1-RTM --- security/nss/lib/softoken/fipstokn.c | 2 +- security/nss/lib/softoken/legacydb/dbmshim.c | 61 --------------------- security/nss/lib/softoken/legacydb/legacydb.gyp | 2 +- security/nss/lib/softoken/legacydb/pcertdb.c | 11 ++++ security/nss/lib/softoken/lowpbe.c | 11 ++-- security/nss/lib/softoken/pkcs11.c | 20 +++---- security/nss/lib/softoken/pkcs11c.c | 71 +++++++++++++++++++----- security/nss/lib/softoken/pkcs11u.c | 6 +-- security/nss/lib/softoken/sdb.c | 4 +- security/nss/lib/softoken/softkver.h | 6 +-- security/nss/lib/softoken/softoken.gyp | 72 +++++++++++++++++-------- security/nss/lib/softoken/softoken.h | 2 +- 12 files changed, 147 insertions(+), 121 deletions(-) (limited to 'security/nss/lib/softoken') diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index 12ff77cf8..fd4fd4207 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -36,7 +36,7 @@ #ifdef LINUX #include #include -#define LIBAUDIT_NAME "libaudit.so.0" +#define LIBAUDIT_NAME "libaudit.so.1" #ifndef AUDIT_CRYPTO_TEST_USER #define AUDIT_CRYPTO_TEST_USER 2400 /* Crypto test results */ #define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */ diff --git a/security/nss/lib/softoken/legacydb/dbmshim.c b/security/nss/lib/softoken/legacydb/dbmshim.c index ae498faea..cca24bc6b 100644 --- a/security/nss/lib/softoken/legacydb/dbmshim.c +++ b/security/nss/lib/softoken/legacydb/dbmshim.c @@ -47,9 +47,6 @@ struct DBSStr { char *blobdir; int mode; PRBool readOnly; - PRFileMap *dbs_mapfile; - unsigned char *dbs_addr; - PRUint32 dbs_len; char staticBlobArea[BLOB_BUF_LEN]; }; @@ -243,43 +240,6 @@ loser: return -1; } -/* - * we need to keep a address map in memory between calls to DBM. - * remember what we have mapped can close it when we get another dbm - * call. - * - * NOTE: Not all platforms support mapped files. This code is designed to - * detect this at runtime. If map files aren't supported the OS will indicate - * this by failing the PR_Memmap call. In this case we emulate mapped files - * by just reading in the file into regular memory. We signal this state by - * making dbs_mapfile NULL and dbs_addr non-NULL. - */ - -static void -dbs_freemap(DBS *dbsp) -{ - if (dbsp->dbs_mapfile) { - PR_MemUnmap(dbsp->dbs_addr, dbsp->dbs_len); - PR_CloseFileMap(dbsp->dbs_mapfile); - dbsp->dbs_mapfile = NULL; - dbsp->dbs_addr = NULL; - dbsp->dbs_len = 0; - } else if (dbsp->dbs_addr) { - PORT_Free(dbsp->dbs_addr); - dbsp->dbs_addr = NULL; - dbsp->dbs_len = 0; - } - return; -} - -static void -dbs_setmap(DBS *dbsp, PRFileMap *mapfile, unsigned char *addr, PRUint32 len) -{ - dbsp->dbs_mapfile = mapfile; - dbsp->dbs_addr = addr; - dbsp->dbs_len = len; -} - /* * platforms that cannot map the file need to read it into a temp buffer. */ @@ -317,7 +277,6 @@ dbs_readBlob(DBS *dbsp, DBT *data) { char *file = NULL; PRFileDesc *filed = NULL; - PRFileMap *mapfile = NULL; unsigned char *addr = NULL; int error; int len = -1; @@ -344,7 +303,6 @@ dbs_readBlob(DBS *dbsp, DBT *data) goto loser; } PR_Close(filed); - dbs_setmap(dbsp, mapfile, addr, len); data->data = addr; data->size = len; @@ -353,9 +311,6 @@ dbs_readBlob(DBS *dbsp, DBT *data) loser: /* preserve the error code */ error = PR_GetError(); - if (mapfile) { - PR_CloseFileMap(mapfile); - } if (filed) { PR_Close(filed); } @@ -373,8 +328,6 @@ dbs_get(const DB *dbs, const DBT *key, DBT *data, unsigned int flags) DBS *dbsp = (DBS *)dbs; DB *db = (DB *)dbs->internal; - dbs_freemap(dbsp); - ret = (*db->get)(db, key, data, flags); if ((ret == 0) && dbs_IsBlob(data)) { ret = dbs_readBlob(dbsp, data); @@ -391,8 +344,6 @@ dbs_put(const DB *dbs, DBT *key, const DBT *data, unsigned int flags) DBS *dbsp = (DBS *)dbs; DB *db = (DB *)dbs->internal; - dbs_freemap(dbsp); - /* If the db is readonly, just pass the data down to rdb and let it fail */ if (!dbsp->readOnly) { DBT oldData; @@ -425,10 +376,6 @@ static int dbs_sync(const DB *dbs, unsigned int flags) { DB *db = (DB *)dbs->internal; - DBS *dbsp = (DBS *)dbs; - - dbs_freemap(dbsp); - return (*db->sync)(db, flags); } @@ -439,8 +386,6 @@ dbs_del(const DB *dbs, const DBT *key, unsigned int flags) DBS *dbsp = (DBS *)dbs; DB *db = (DB *)dbs->internal; - dbs_freemap(dbsp); - if (!dbsp->readOnly) { DBT oldData; ret = (*db->get)(db, key, &oldData, 0); @@ -459,8 +404,6 @@ dbs_seq(const DB *dbs, DBT *key, DBT *data, unsigned int flags) DBS *dbsp = (DBS *)dbs; DB *db = (DB *)dbs->internal; - dbs_freemap(dbsp); - ret = (*db->seq)(db, key, data, flags); if ((ret == 0) && dbs_IsBlob(data)) { /* don't return a blob read as an error so traversals keep going */ @@ -477,7 +420,6 @@ dbs_close(DB *dbs) DB *db = (DB *)dbs->internal; int ret; - dbs_freemap(dbsp); ret = (*db->close)(db); PORT_Free(dbsp->blobdir); PORT_Free(dbsp); @@ -568,9 +510,6 @@ dbsopen(const char *dbname, int flags, int mode, DBTYPE type, } dbsp->mode = mode; dbsp->readOnly = (PRBool)(flags == NO_RDONLY); - dbsp->dbs_mapfile = NULL; - dbsp->dbs_addr = NULL; - dbsp->dbs_len = 0; /* the real dbm call */ db = dbopen(dbname, flags, mode, type, &dbs_hashInfo); diff --git a/security/nss/lib/softoken/legacydb/legacydb.gyp b/security/nss/lib/softoken/legacydb/legacydb.gyp index 6431fb5c1..34c0235bd 100644 --- a/security/nss/lib/softoken/legacydb/legacydb.gyp +++ b/security/nss/lib/softoken/legacydb/legacydb.gyp @@ -57,7 +57,7 @@ 'defines': [ 'SHLIB_SUFFIX=\"<(dll_suffix)\"', 'SHLIB_PREFIX=\"<(dll_prefix)\"', - 'LG_LIB_NAME=\"libnssdbm3.so\"' + 'LG_LIB_NAME=\"<(dll_prefix)nssdbm3.<(dll_suffix)\"' ] }, 'variables': { diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 65da51687..f1444bf04 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -733,6 +733,12 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry) entry->derCert.len += lenoff; } + /* Is data long enough? */ + if (dbentry->len < headerlen + entry->derCert.len) { + PORT_SetError(SEC_ERROR_BAD_DATABASE); + goto loser; + } + /* copy the dercert */ entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen], entry->derCert.len, entry->derCertSpace, sizeof(entry->derCertSpace)); @@ -743,6 +749,11 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry) /* copy the nickname */ if (nnlen > 1) { + /* Is data long enough? */ + if (dbentry->len < headerlen + entry->derCert.len + nnlen) { + PORT_SetError(SEC_ERROR_BAD_DATABASE); + goto loser; + } entry->nickname = (char *)pkcs11_copyStaticData( &dbentry->data[headerlen + entry->derCert.len], nnlen, (unsigned char *)entry->nicknameSpace, diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index b78302ed7..0a47804bf 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -408,7 +408,6 @@ loser: return result; } -#define HMAC_BUFFER 64 #define NSSPBE_ROUNDUP(x, y) ((((x) + ((y)-1)) / (y)) * (y)) #define NSSPBE_MIN(x, y) ((x) < (y) ? (x) : (y)) /* @@ -430,6 +429,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, int iter; unsigned char *iterBuf; void *hash = NULL; + unsigned int bufferLength; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) { @@ -439,8 +439,11 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, /* how many hash object lengths are needed */ c = (bytesNeeded + (hashLength - 1)) / hashLength; + /* 64 if 0 < hashLength <= 32, 128 if 32 < hashLength <= 64 */ + bufferLength = NSSPBE_ROUNDUP(hashLength * 2, 64); + /* initialize our buffers */ - D.len = HMAC_BUFFER; + D.len = bufferLength; /* B and D are the same length, use one alloc go get both */ D.data = (unsigned char *)PORT_ArenaZAlloc(arena, D.len * 2); B.len = D.len; @@ -452,8 +455,8 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, goto loser; } - SLen = NSSPBE_ROUNDUP(salt->len, HMAC_BUFFER); - PLen = NSSPBE_ROUNDUP(pwitem->len, HMAC_BUFFER); + SLen = NSSPBE_ROUNDUP(salt->len, bufferLength); + PLen = NSSPBE_ROUNDUP(pwitem->len, bufferLength); I.len = SLen + PLen; I.data = (unsigned char *)PORT_ArenaZAlloc(arena, I.len); if (I.data == NULL) { diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index ee255cf21..a594fd501 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -480,6 +480,10 @@ static const struct mechanismList mechanisms[] = { { CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, { 20, 20, CKF_GENERATE }, PR_TRUE }, { CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE }, { CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE }, + { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 28, 28, CKF_GENERATE }, PR_TRUE }, + { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE }, + { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE }, + { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE }, /* ------------------ AES Key Wrap (also encrypt) ------------------- */ { CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, { CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, @@ -3145,9 +3149,11 @@ nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS) * this call doesn't force freebl to be reloaded. */ BL_SetForkState(PR_FALSE); +#ifndef NSS_TEST_BUILD /* unload freeBL shared library from memory. This may only decrement the * OS refcount if it's been loaded multiple times, eg. by libssl */ BL_Unload(); +#endif /* clean up the default OID table */ SECOID_Shutdown(); @@ -4757,7 +4763,7 @@ sftk_pruneSearch(CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount, static CK_RV sftk_searchTokenList(SFTKSlot *slot, SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount, - PRBool *tokenOnly, PRBool isLoggedIn) + PRBool isLoggedIn) { CK_RV crv = CKR_OK; CK_RV crv2; @@ -4792,7 +4798,6 @@ NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, SFTKSearchResults *search = NULL, *freeSearch = NULL; SFTKSession *session = NULL; SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); - PRBool tokenOnly = PR_FALSE; CK_RV crv = CKR_OK; PRBool isLoggedIn; @@ -4823,18 +4828,15 @@ NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, search->array_size = NSC_SEARCH_BLOCK_SIZE; isLoggedIn = (PRBool)((!slot->needLogin) || slot->isLoggedIn); - crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, &tokenOnly, - isLoggedIn); + crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, isLoggedIn); if (crv != CKR_OK) { goto loser; } /* build list of found objects in the session */ - if (!tokenOnly) { - crv = sftk_searchObjectList(search, slot->sessObjHashTable, - slot->sessObjHashSize, slot->objectLock, - pTemplate, ulCount, isLoggedIn); - } + crv = sftk_searchObjectList(search, slot->sessObjHashTable, + slot->sessObjHashSize, slot->objectLock, + pTemplate, ulCount, isLoggedIn); if (crv != CKR_OK) { goto loser; } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 5c696115b..0234aa431 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -2639,6 +2639,11 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, #define INIT_HMAC_MECH(mmm) \ case CKM_##mmm##_HMAC_GENERAL: \ + PORT_Assert(pMechanism->pParameter); \ + if (!pMechanism->pParameter) { \ + crv = CKR_MECHANISM_PARAM_INVALID; \ + break; \ + } \ crv = sftk_doHMACInit(context, HASH_Alg##mmm, key, \ *(CK_ULONG *)pMechanism->pParameter); \ break; \ @@ -2654,6 +2659,11 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, INIT_HMAC_MECH(SHA512) case CKM_SHA_1_HMAC_GENERAL: + PORT_Assert(pMechanism->pParameter); + if (!pMechanism->pParameter) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } crv = sftk_doHMACInit(context, HASH_AlgSHA1, key, *(CK_ULONG *)pMechanism->pParameter); break; @@ -2662,10 +2672,20 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, break; case CKM_SSL3_MD5_MAC: + PORT_Assert(pMechanism->pParameter); + if (!pMechanism->pParameter) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_SSL3_SHA1_MAC: + PORT_Assert(pMechanism->pParameter); + if (!pMechanism->pParameter) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key, *(CK_ULONG *)pMechanism->pParameter); break; @@ -3314,6 +3334,11 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, INIT_HMAC_MECH(SHA512) case CKM_SHA_1_HMAC_GENERAL: + PORT_Assert(pMechanism->pParameter); + if (!pMechanism->pParameter) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } crv = sftk_doHMACInit(context, HASH_AlgSHA1, key, *(CK_ULONG *)pMechanism->pParameter); break; @@ -3322,10 +3347,20 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, break; case CKM_SSL3_MD5_MAC: + PORT_Assert(pMechanism->pParameter); + if (!pMechanism->pParameter) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key, *(CK_ULONG *)pMechanism->pParameter); break; case CKM_SSL3_SHA1_MAC: + PORT_Assert(pMechanism->pParameter); + if (!pMechanism->pParameter) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key, *(CK_ULONG *)pMechanism->pParameter); break; @@ -3971,6 +4006,22 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe) params->hashType = HASH_AlgMD2; params->keyLen = 16; break; + case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA224; + params->keyLen = 28; + break; + case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA256; + params->keyLen = 32; + break; + case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA384; + params->keyLen = 48; + break; + case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN: + params->hashType = HASH_AlgSHA512; + params->keyLen = 64; + break; default: PORT_FreeArena(arena, PR_TRUE); return CKR_MECHANISM_INVALID; @@ -4189,6 +4240,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSession, case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN: case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN: + case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN: key_gen_type = nsc_pbe; key_type = CKK_GENERIC_SECRET; crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param); @@ -5571,6 +5626,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) switch (SECOID_GetAlgorithmTag(&pki->algorithm)) { case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: keyTemplate = nsslowkey_RSAPrivateKeyTemplate; paramTemplate = NULL; paramDest = NULL; @@ -7222,12 +7278,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, pubKeyLen = EC_GetPointSize(&privKey->u.ec.ecParams); - /* if the len is too small, can't be a valid point */ - if (ecPoint.len < pubKeyLen) { - goto ec_loser; - } - /* if the len is too large, must be an encoded point (length is - * equal case just falls through */ + /* if the len is too large, might be an encoded point */ if (ecPoint.len > pubKeyLen) { SECItem newPoint; @@ -7247,14 +7298,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { withCofactor = PR_TRUE; - } else { - /* When not using cofactor derivation, one should - * validate the public key to avoid small subgroup - * attacks. - */ - if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) != SECSuccess) { - goto ec_loser; - } } rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar, diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index a5694ee38..c51211b6c 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1649,10 +1649,8 @@ sftk_searchObjectList(SFTKSearchResults *search, SFTKObject **head, SFTKObject *object; CK_RV crv = CKR_OK; + PZ_Lock(lock); for (i = 0; i < size; i++) { - /* We need to hold the lock to copy a consistant version of - * the linked list. */ - PZ_Lock(lock); for (object = head[i]; object != NULL; object = object->next) { if (sftk_objectMatch(object, theTemplate, count)) { /* don't return objects that aren't yet visible */ @@ -1661,8 +1659,8 @@ sftk_searchObjectList(SFTKSearchResults *search, SFTKObject **head, sftk_addHandle(search, object->handle); } } - PZ_Unlock(lock); } + PZ_Unlock(lock); return crv; } diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 0e321dd52..8690df34c 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -674,8 +674,8 @@ struct SDBFindStr { sqlite3_stmt *findstmt; }; -static const char FIND_OBJECTS_CMD[] = "SELECT ALL * FROM %s WHERE %s;"; -static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL * FROM %s;"; +static const char FIND_OBJECTS_CMD[] = "SELECT ALL id FROM %s WHERE %s;"; +static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL id FROM %s;"; CK_RV sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count, SDBFind **find) diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index cc46891a4..fb2e5bda5 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -21,10 +21,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.28.6" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.32.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 28 -#define SOFTOKEN_VPATCH 6 +#define SOFTOKEN_VMINOR 32 +#define SOFTOKEN_VPATCH 1 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/softoken/softoken.gyp b/security/nss/lib/softoken/softoken.gyp index 8d72e60c5..ba917cfc8 100644 --- a/security/nss/lib/softoken/softoken.gyp +++ b/security/nss/lib/softoken/softoken.gyp @@ -7,34 +7,64 @@ ], 'targets': [ { - 'target_name': 'softokn', + 'target_name': 'softokn_static', 'type': 'static_library', - 'sources': [ - 'fipsaudt.c', - 'fipstest.c', - 'fipstokn.c', - 'jpakesftk.c', - 'lgglue.c', - 'lowkey.c', - 'lowpbe.c', - 'padbuf.c', - 'pkcs11.c', - 'pkcs11c.c', - 'pkcs11u.c', - 'sdb.c', - 'sftkdb.c', - 'sftkhmac.c', - 'sftkpars.c', - 'sftkpwd.c', - 'softkver.c', - 'tlsprf.c' + 'defines': [ + 'NSS_TEST_BUILD', + ], + 'dependencies': [ + 'softokn_base', + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/lib/freebl/freebl.gyp:freebl_static', + ], + 'conditions': [ + [ 'use_system_sqlite==1', { + 'dependencies': [ + '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', + ], + }, { + 'dependencies': [ + '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite', + ], + }], ], + }, + { + 'target_name': 'softokn', + 'type': 'static_library', 'dependencies': [ + 'softokn_base', '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', '<(DEPTH)/lib/freebl/freebl.gyp:freebl', ] }, + { + 'target_name': 'softokn_base', + 'type': 'none', + 'direct_dependent_settings': { + 'sources': [ + 'fipsaudt.c', + 'fipstest.c', + 'fipstokn.c', + 'jpakesftk.c', + 'lgglue.c', + 'lowkey.c', + 'lowpbe.c', + 'padbuf.c', + 'pkcs11.c', + 'pkcs11c.c', + 'pkcs11u.c', + 'sdb.c', + 'sftkdb.c', + 'sftkhmac.c', + 'sftkpars.c', + 'sftkpwd.c', + 'softkver.c', + 'tlsprf.c' + ], + }, + }, { 'target_name': 'softokn3', 'type': 'shared_library', @@ -61,7 +91,7 @@ 'defines': [ 'SHLIB_SUFFIX=\"<(dll_suffix)\"', 'SHLIB_PREFIX=\"<(dll_prefix)\"', - 'SOFTOKEN_LIB_NAME=\"libsoftokn3.so\"', + 'SOFTOKEN_LIB_NAME=\"<(dll_prefix)softokn3.<(dll_suffix)\"', 'SHLIB_VERSION=\"3\"' ] }, diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h index 0e943d3cb..4626e7849 100644 --- a/security/nss/lib/softoken/softoken.h +++ b/security/nss/lib/softoken/softoken.h @@ -183,7 +183,7 @@ extern PRBool sftk_fatalError; #define CHECK_FORK_MIXED -#elif defined(LINUX) +#elif defined(LINUX) || defined(__GLIBC__) || defined(FREEBSD) || defined(OPENBSD) #define CHECK_FORK_PTHREAD -- cgit v1.2.3