diff options
author | Graham Leggett <minfrin@apache.org> | 2019-06-22 23:58:06 +0000 |
---|---|---|
committer | Graham Leggett <minfrin@apache.org> | 2019-06-22 23:58:06 +0000 |
commit | 6c6926d56bf0a4c4939bf3e5200539200b198cff (patch) | |
tree | 84f59108a127163b568a523a40139f0a384b0370 /crypto | |
parent | 80dd1ce33200dbd0d7e27a3a7ad4d975ebd5ef3c (diff) | |
download | apr-6c6926d56bf0a4c4939bf3e5200539200b198cff.tar.gz |
Revert r1833421 et al:
Move NSS initialisation back to apr_crypto_nss, reinstate
DSO support.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1861894 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/apr_crypto.c | 23 | ||||
-rw-r--r-- | crypto/apr_crypto_internal.c | 133 | ||||
-rw-r--r-- | crypto/apr_crypto_nss.c | 115 |
3 files changed, 113 insertions, 158 deletions
diff --git a/crypto/apr_crypto.c b/crypto/apr_crypto.c index f41bc356c..ea6575b4f 100644 --- a/crypto/apr_crypto.c +++ b/crypto/apr_crypto.c @@ -386,13 +386,6 @@ APR_DECLARE(apr_status_t) apr_crypto_lib_version(const char *name, } else #endif -#if APU_HAVE_NSS - if (!strcmp(name, "nss")) { - *version = apr__crypto_nss_version(); - rv = *version ? APR_SUCCESS : APR_NOTFOUND; - } - else -#endif ; return rv; } @@ -451,16 +444,6 @@ APR_DECLARE(apr_status_t) apr_crypto_lib_init(const char *name, } else #endif -#if APU_HAVE_NSS - if (!strcmp(name, "nss")) { - rv = apr__crypto_nss_init(params, result, pool); - if (rv == APR_SUCCESS) { - lib->term = apr__crypto_nss_term; - lib->name = "nss"; - } - } - else -#endif ; if (rv == APR_SUCCESS) { lib->pool = pool; @@ -496,12 +479,6 @@ static apr_status_t crypto_lib_term(const char *name) } else #endif -#if APU_HAVE_NSS - if (!strcmp(name, "nss")) { - rv = APR_SUCCESS; - } - else -#endif ; if (rv == APR_SUCCESS) { apr_pool_cleanup_kill(lib->pool, lib, crypto_lib_cleanup); diff --git a/crypto/apr_crypto_internal.c b/crypto/apr_crypto_internal.c index fda8924e9..2dcd24a7c 100644 --- a/crypto/apr_crypto_internal.c +++ b/crypto/apr_crypto_internal.c @@ -354,137 +354,4 @@ static apr_status_t ossl_thread_setup(apr_pool_t *pool) #endif /* APU_HAVE_OPENSSL */ -#if APU_HAVE_NSS - -#include <prerror.h> - -#ifdef HAVE_NSS_NSS_H -#include <nss/nss.h> -#endif -#ifdef HAVE_NSS_H -#include <nss.h> -#endif - -const char *apr__crypto_nss_version(void) -{ - return NSS_VERSION; -} - -apr_status_t apr__crypto_nss_init(const char *params, - const apu_err_t **result, - apr_pool_t *pool) -{ - SECStatus s; - const char *dir = NULL; - const char *keyPrefix = NULL; - const char *certPrefix = NULL; - const char *secmod = NULL; - int noinit = 0; - PRUint32 flags = 0; - - struct { - const char *field; - const char *value; - int set; - } fields[] = { - { "dir", NULL, 0 }, - { "key3", NULL, 0 }, - { "cert7", NULL, 0 }, - { "secmod", NULL, 0 }, - { "noinit", NULL, 0 }, - { NULL, NULL, 0 } - }; - const char *ptr; - size_t klen; - char **elts = NULL; - char *elt; - int i = 0, j; - apr_status_t status; - - if (params) { - if (APR_SUCCESS != (status = apr_tokenize_to_argv(params, &elts, pool))) { - return status; - } - while ((elt = elts[i])) { - ptr = strchr(elt, '='); - if (ptr) { - for (klen = ptr - elt; klen && apr_isspace(elt[klen - 1]); --klen) - ; - ptr++; - } - else { - for (klen = strlen(elt); klen && apr_isspace(elt[klen - 1]); --klen) - ; - } - elt[klen] = 0; - - for (j = 0; fields[j].field != NULL; ++j) { - if (klen && !strcasecmp(fields[j].field, elt)) { - fields[j].set = 1; - if (ptr) { - fields[j].value = ptr; - } - break; - } - } - - i++; - } - dir = fields[0].value; - keyPrefix = fields[1].value; - certPrefix = fields[2].value; - secmod = fields[3].value; - noinit = fields[4].set; - } - - /* if we've been asked to bypass, do so here */ - if (noinit) { - return APR_SUCCESS; - } - - /* sanity check - we can only initialise NSS once */ - if (NSS_IsInitialized()) { - return APR_EREINIT; - } - - if (keyPrefix || certPrefix || secmod) { - s = NSS_Initialize(dir, certPrefix, keyPrefix, secmod, flags); - } - else if (dir) { - s = NSS_InitReadWrite(dir); - } - else { - s = NSS_NoDB_Init(NULL); - } - if (s != SECSuccess) { - if (result) { - /* Note: all memory must be owned by the caller, in case we're unloaded */ - apu_err_t *err = apr_pcalloc(pool, sizeof(apu_err_t)); - err->rc = PR_GetError(); - err->msg = apr_pstrdup(pool, PR_ErrorToName(s)); - err->reason = apr_pstrdup(pool, "Error during 'nss' initialisation"); - *result = err; - } - - return APR_ECRYPT; - } - - return APR_SUCCESS; -} - -apr_status_t apr__crypto_nss_term(void) -{ - if (NSS_IsInitialized()) { - SECStatus s = NSS_Shutdown(); - if (s != SECSuccess) { - fprintf(stderr, "NSS failed to shutdown, possible leak: %d: %s", - PR_GetError(), PR_ErrorToName(s)); - return APR_EINIT; - } - } - return APR_SUCCESS; -} - -#endif /* APU_HAVE_NSS */ - #endif /* APU_HAVE_CRYPTO */ diff --git a/crypto/apr_crypto_nss.c b/crypto/apr_crypto_nss.c index 606216ef6..46972ea18 100644 --- a/crypto/apr_crypto_nss.c +++ b/crypto/apr_crypto_nss.c @@ -135,7 +135,20 @@ static apr_status_t crypto_error(const apu_err_t **result, */ static apr_status_t crypto_shutdown(void) { - return apr_crypto_lib_term("nss"); + if (NSS_IsInitialized()) { + SECStatus s = NSS_Shutdown(); + if (s != SECSuccess) { + fprintf(stderr, "NSS failed to shutdown, possible leak: %d: %s", + PR_GetError(), PR_ErrorToName(s)); + return APR_EINIT; + } + } + return APR_SUCCESS; +} + +static apr_status_t crypto_shutdown_helper(void *data) +{ + return crypto_shutdown(); } /** @@ -144,7 +157,105 @@ static apr_status_t crypto_shutdown(void) static apr_status_t crypto_init(apr_pool_t *pool, const char *params, const apu_err_t **result) { - return apr_crypto_lib_init("nss", params, result, pool); + SECStatus s; + const char *dir = NULL; + const char *keyPrefix = NULL; + const char *certPrefix = NULL; + const char *secmod = NULL; + int noinit = 0; + PRUint32 flags = 0; + + struct { + const char *field; + const char *value; + int set; + } fields[] = { + { "dir", NULL, 0 }, + { "key3", NULL, 0 }, + { "cert7", NULL, 0 }, + { "secmod", NULL, 0 }, + { "noinit", NULL, 0 }, + { NULL, NULL, 0 } + }; + const char *ptr; + size_t klen; + char **elts = NULL; + char *elt; + int i = 0, j; + apr_status_t status; + + if (params) { + if (APR_SUCCESS != (status = apr_tokenize_to_argv(params, &elts, pool))) { + return status; + } + while ((elt = elts[i])) { + ptr = strchr(elt, '='); + if (ptr) { + for (klen = ptr - elt; klen && apr_isspace(elt[klen - 1]); --klen) + ; + ptr++; + } + else { + for (klen = strlen(elt); klen && apr_isspace(elt[klen - 1]); --klen) + ; + } + elt[klen] = 0; + + for (j = 0; fields[j].field != NULL; ++j) { + if (klen && !strcasecmp(fields[j].field, elt)) { + fields[j].set = 1; + if (ptr) { + fields[j].value = ptr; + } + break; + } + } + + i++; + } + dir = fields[0].value; + keyPrefix = fields[1].value; + certPrefix = fields[2].value; + secmod = fields[3].value; + noinit = fields[4].set; + } + + /* if we've been asked to bypass, do so here */ + if (noinit) { + return APR_SUCCESS; + } + + /* sanity check - we can only initialise NSS once */ + if (NSS_IsInitialized()) { + return APR_EREINIT; + } + + if (keyPrefix || certPrefix || secmod) { + s = NSS_Initialize(dir, certPrefix, keyPrefix, secmod, flags); + } + else if (dir) { + s = NSS_InitReadWrite(dir); + } + else { + s = NSS_NoDB_Init(NULL); + } + if (s != SECSuccess) { + if (result) { + /* Note: all memory must be owned by the caller, in case we're unloaded */ + apu_err_t *err = apr_pcalloc(pool, sizeof(apu_err_t)); + err->rc = PR_GetError(); + err->msg = apr_pstrdup(pool, PR_ErrorToName(s)); + err->reason = apr_pstrdup(pool, "Error during 'nss' initialisation"); + *result = err; + } + + return APR_ECRYPT; + } + + apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper, + apr_pool_cleanup_null); + + return APR_SUCCESS; } /** |