environment. NSS has no control over which of these environments will
be inherited by any child processes, so when NSS modifies or adds an
environment variable, it needs to do so to both environments.
This fixes bugzilla bug 66615. Reviewed by wtc.
it searches for libfreebl_*.so in the same directory where it resides.
As a result, libnss3.so, not libnspr4.so, must be the one calling dlopen,
so libnss3.so can't call PR_LoadLibraryWithFlags.
Modified files: lib/freebl/loader.c, lib/nss/config.mk
The individual fixes:
1) A complete QA failure produces a readable email now
2) the nssqa has goes thru a central Exit
3) hanging processes under NT and Win2K are killed (tail -f)
4) Functionallity is implemented to kill other remaining processes (killpif file)
5) improved general cleanup in Exit functions
6) the header is sourced from the nssqa dir rateher than /u/sonmi/bin
7) Problems with QA being reported as passed even if missing fixed
8) Most problems with the "missing Platform list" fixed
9) One QA failure path (cd to a dir without permission) did not give
errormessage about the reason of failure before
10) fixed html errors in generated email
11) stopped filtering the "bad password" cases as real failures (was fixed in
nssqa a while ago, but still filtered
12) removing more tmp files from /tmp (decreased debugging)
linker option. The temporary workaround in two makefiles were removed.
Modified Files:
coreconf/OSF1.mk nss/lib/ckfw/builtins/Makefile
nss/lib/fortcrypt/swfort/pkcs11/Makefile
Add necessary exported symbols.
Fix bug in NSS_Initialize where we weren't passing the read only paramter
through.
Add function to search for Certificate Lists so that Traverse does not need to
be exposed.
Update pkcs11 names.
Define the NSS version macros and add NSS_VersionCheck in nss.h.
Add linker option to record internal name of shared libraries.
Add Windows resource files. Add rcs and sccs id strings that can be
retrieved with 'ident' and 'what'.
Modified Files:
coreconf/HP-UX.mk coreconf/OSF1.mk coreconf/SunOS5.mk
coreconf/WIN954.0.mk coreconf/WINNT4.0.mk coreconf/WINNT5.0.mk
coreconf/rules.mk nss/lib/nss/config.mk
nss/lib/nss/manifest.mn nss/lib/nss/nss.h
nss/lib/nss/nssinit.c nss/lib/smime/config.mk
nss/lib/smime/manifest.mn nss/lib/ssl/config.mk
nss/lib/ssl/manifest.mn
Added Files:
nss/lib/nss/nss.rc nss/lib/nss/nssver.c nss/lib/smime/smime.rc
nss/lib/smime/smimever.c nss/lib/ssl/ssl.rc
nss/lib/ssl/sslver.c
1. Increase maximum tries to 600 (based on 2*(approx. frequency of 1024-bit primes))
2. Lower the number of Miller-Rabin iterations for p and q based on HAC table 4.4
r=nelsonb,a=wtc
The same values that the compiler would assign are assigned, with only
one exception (cmmfNoPKIStatus in cmmft.h). This is patch id=22555,
reviewed by Nelson Bolyard.
performed will be done in accordance with a table published in the
Handbook of Applied Cryptography. See Bug 65151. Also, changes to
test program for this function.
address of an external variable that comes from another DLL.
This is a fundamental difference between WIN32 DLLs and Unix DSOs.
So, for every SEC_ASN1Template inside of libnss3 that is referenced by
other templates outside of libnss3, a new "chooser" function was created
that returns the address of that template. For WIN32, the templates
outside of libnss3 access libnss3's templates by the chooser function
rather than by direct reference. Some simple macros allow Unix to
continue to use direct references, avoiding the extra function calls.
With these changes, all.sh (qa script) passes all tests on NT with DLLs.
Modified Files:
cmd/checkcert/checkcert.c cmd/lib/secutil.c lib/asn1/asn1t.h
lib/certdb/certdb.c lib/certdb/certt.h lib/certdb/crl.c
lib/certhigh/certreq.c lib/crmf/asn1cmn.c lib/crmf/crmfcont.c
lib/crmf/crmftmpl.c lib/cryptohi/secsign.c lib/nss/nss.def
lib/pkcs12/p12local.c lib/pkcs12/p12tmpl.c
lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7local.c
lib/smime/cmsasn1.c lib/smime/cmsattr.c lib/smime/cmspubkey.c
lib/smime/cmssigdata.c lib/smime/smimeutil.c
lib/softoken/keydb.c lib/softoken/keydbt.h lib/util/secalgid.c
lib/util/secasn1.h lib/util/secasn1d.c lib/util/secasn1t.h
lib/util/secasn1u.c lib/util/secdig.c lib/util/secdig.h
lib/util/secoid.h
progam stop compiling. So, as a temporary measure, to fix the build,
ifdef out the calls to the missing functions, and always behave as if
the "-n none" option had been supplied.
As a result of this move I have to export one more data symbol
(SECAnyTemplate) from libnss3.so. :( Removed the temporary workaround
in coreconf/rules.mk.
Modified Files:
coreconf/rules.mk nss/lib/certhigh/manifest.mn
nss/lib/nss/mapfile nss/lib/nss/nss.def
nss/lib/pkcs7/manifest.mn
Added Files:
nss/lib/pkcs7/certread.c
Removed Files:
nss/lib/certhigh/certread.c
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.
coreconf/rules.mk has a temporary workaround for the dependency of
certread.c on some PKCS7 symbols.
Modified Files:
coreconf/rules.mk nss/lib/manifest.mn nss/lib/nss/config.mk
nss/lib/nss/mapfile nss/lib/nss/nss.def
nss/lib/smime/config.mk nss/lib/smime/mapfile
nss/lib/smime/smime.def
in cms.h was probably cut and pasted from secpkcs7.h, which was added
in rev. 1.3 of secpkcs7.h in the Netscape internal /m/src cvs repository
in 11/1996.)
Modified files: secpkcs7.h, cms.h
cryptohi.h, pk11func.h, secpkcs7.h, and cms.h. Some files now need to
include <errno.h>. They were including <errno.h> indirectly through
mcom_db.h.
Modified Files:
cmd/atob/atob.c cmd/btoa/btoa.c cmd/derdump/derdump.c
lib/cryptohi/cryptohi.h lib/pk11wrap/pk11func.h
lib/pkcs7/secpkcs7.h lib/smime/cms.h lib/ssl/sslsnce.c
and fail when something on the command line is not recognized. Also
exiting with distinct status values for all error conditions (previously
we always exited with '1').
the object files needed to resolve referenced symbols, so we will need to
link with the objects directly as we do on Unix. As a result, nss3.dll
needs to export more (PKCS7) symbols, needed by the new PKCS12 objects
that are linked into smime3.dll.
the object files needed to resolve referenced symbols, so we will need to
link with the objects directly as we do on Unix. As a result, nss3.dll
needs to export more (PKCS7) symbols, needed by the new PKCS12 objects
that are linked into smime3.dll.
Modified Files:
coreconf/rules.mk nss/lib/nss/config.mk
nss/lib/smime/config.mk nss/lib/ssl/config.mk
not want the "32" in the DLL names that coreconf adds by default. We
use module-definition (.DEF) files to control the exported symbols.
Made pkcs7 part of nss3.dll to temporarily work around circular dependency
between nss3.dll and smime3.dll (certread.c depends on some PKCS7 symbols).
Modified files: lib/nss/config.mk, lib/smime/config.mk, lib/ssl/config.mk
Build two DSOs, both conforming to the platform's 32-bit ABI, one of
which uses only 32-bit instructions, the other uses 64-bit instructions.
Then load the best one for the local CPU at run time. This allows
greatly enhanced performance on 64-bit CPUs while still supporting older
32-bit CPUs.
1. Implemented a way to link all the objects in archive libraries into
a shared library. I query each subdirectory for the list of objects
comprising an archive library (the get_objs makefile target) and link
these objects as opposed to the archive libraries. Not all linkers
support the --whole-archive, -all, or -z allextract options. The
*sym.c solution cannot fully control what objects in the archive
libraries are pulled and what symbols are exported.
2. Moved pkcs7 from libsmime3.so to libnss3.so because certread.c in
libcerthi.a (part of libnss3.so) depends on some PKCS7 functions,
which creates a circular dependency between libsmime3.so and libnss3.so.
This should work on all Unix platforms.
single platform. The best implementation for the local CPU is dynamicly
loaded at run time. Requires DSOs to be in the LD_LIBRARY_PATH or
equivalent (e.g. SHLIB_PATH).
Three directories pull the NSS libraries together into a three shared libaries:
nss, ssl, and smime. Symbols need to be exported by the DLL from the imported
libraries are defined in XXX/XXXsym.c Library linkage is controlled by
XXX/config.mk