You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2019/06/22 23:58:06 UTC
svn commit: r1861894 - in /apr/apr/trunk: crypto/apr_crypto.c
crypto/apr_crypto_internal.c crypto/apr_crypto_nss.c
include/private/apr_crypto_internal.h
Author: minfrin
Date: Sat Jun 22 23:58:06 2019
New Revision: 1861894
URL: http://svn.apache.org/viewvc?rev=1861894&view=rev
Log:
Revert r1833421 et al:
Move NSS initialisation back to apr_crypto_nss, reinstate
DSO support.
Modified:
apr/apr/trunk/crypto/apr_crypto.c
apr/apr/trunk/crypto/apr_crypto_internal.c
apr/apr/trunk/crypto/apr_crypto_nss.c
apr/apr/trunk/include/private/apr_crypto_internal.h
Modified: apr/apr/trunk/crypto/apr_crypto.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto.c?rev=1861894&r1=1861893&r2=1861894&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_crypto.c (original)
+++ apr/apr/trunk/crypto/apr_crypto.c Sat Jun 22 23:58:06 2019
@@ -386,13 +386,6 @@ APR_DECLARE(apr_status_t) apr_crypto_lib
}
else
#endif
-#if APU_HAVE_NSS
- if (!strcmp(name, "nss")) {
- *version = apr__crypto_nss_version();
- rv = *version ? APR_SUCCESS : APR_NOTFOUND;
- }
- else
-#endif
;
return rv;
}
@@ -451,16 +444,6 @@ APR_DECLARE(apr_status_t) apr_crypto_lib
}
else
#endif
-#if APU_HAVE_NSS
- if (!strcmp(name, "nss")) {
- rv = apr__crypto_nss_init(params, result, pool);
- if (rv == APR_SUCCESS) {
- lib->term = apr__crypto_nss_term;
- lib->name = "nss";
- }
- }
- else
-#endif
;
if (rv == APR_SUCCESS) {
lib->pool = pool;
@@ -495,12 +478,6 @@ static apr_status_t crypto_lib_term(cons
rv = APR_SUCCESS;
}
else
-#endif
-#if APU_HAVE_NSS
- if (!strcmp(name, "nss")) {
- rv = APR_SUCCESS;
- }
- else
#endif
;
if (rv == APR_SUCCESS) {
Modified: apr/apr/trunk/crypto/apr_crypto_internal.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_internal.c?rev=1861894&r1=1861893&r2=1861894&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_crypto_internal.c (original)
+++ apr/apr/trunk/crypto/apr_crypto_internal.c Sat Jun 22 23:58:06 2019
@@ -354,137 +354,4 @@ static apr_status_t ossl_thread_setup(ap
#endif /* APU_HAVE_OPENSSL */
-#if APU_HAVE_NSS
-
-#include <prerror.h>
-
-#ifdef HAVE_NSS_NSS_H
-#include <nss/nss.h>
-#endif
-#ifdef HAVE_NSS_H
-#include <nss.h>
-#endif
-
-const char *apr__crypto_nss_version(void)
-{
- return NSS_VERSION;
-}
-
-apr_status_t apr__crypto_nss_init(const char *params,
- const apu_err_t **result,
- apr_pool_t *pool)
-{
- SECStatus s;
- const char *dir = NULL;
- const char *keyPrefix = NULL;
- const char *certPrefix = NULL;
- const char *secmod = NULL;
- int noinit = 0;
- PRUint32 flags = 0;
-
- struct {
- const char *field;
- const char *value;
- int set;
- } fields[] = {
- { "dir", NULL, 0 },
- { "key3", NULL, 0 },
- { "cert7", NULL, 0 },
- { "secmod", NULL, 0 },
- { "noinit", NULL, 0 },
- { NULL, NULL, 0 }
- };
- const char *ptr;
- size_t klen;
- char **elts = NULL;
- char *elt;
- int i = 0, j;
- apr_status_t status;
-
- if (params) {
- if (APR_SUCCESS != (status = apr_tokenize_to_argv(params, &elts, pool))) {
- return status;
- }
- while ((elt = elts[i])) {
- ptr = strchr(elt, '=');
- if (ptr) {
- for (klen = ptr - elt; klen && apr_isspace(elt[klen - 1]); --klen)
- ;
- ptr++;
- }
- else {
- for (klen = strlen(elt); klen && apr_isspace(elt[klen - 1]); --klen)
- ;
- }
- elt[klen] = 0;
-
- for (j = 0; fields[j].field != NULL; ++j) {
- if (klen && !strcasecmp(fields[j].field, elt)) {
- fields[j].set = 1;
- if (ptr) {
- fields[j].value = ptr;
- }
- break;
- }
- }
-
- i++;
- }
- dir = fields[0].value;
- keyPrefix = fields[1].value;
- certPrefix = fields[2].value;
- secmod = fields[3].value;
- noinit = fields[4].set;
- }
-
- /* if we've been asked to bypass, do so here */
- if (noinit) {
- return APR_SUCCESS;
- }
-
- /* sanity check - we can only initialise NSS once */
- if (NSS_IsInitialized()) {
- return APR_EREINIT;
- }
-
- if (keyPrefix || certPrefix || secmod) {
- s = NSS_Initialize(dir, certPrefix, keyPrefix, secmod, flags);
- }
- else if (dir) {
- s = NSS_InitReadWrite(dir);
- }
- else {
- s = NSS_NoDB_Init(NULL);
- }
- if (s != SECSuccess) {
- if (result) {
- /* Note: all memory must be owned by the caller, in case we're unloaded */
- apu_err_t *err = apr_pcalloc(pool, sizeof(apu_err_t));
- err->rc = PR_GetError();
- err->msg = apr_pstrdup(pool, PR_ErrorToName(s));
- err->reason = apr_pstrdup(pool, "Error during 'nss' initialisation");
- *result = err;
- }
-
- return APR_ECRYPT;
- }
-
- return APR_SUCCESS;
-}
-
-apr_status_t apr__crypto_nss_term(void)
-{
- if (NSS_IsInitialized()) {
- SECStatus s = NSS_Shutdown();
- if (s != SECSuccess) {
- fprintf(stderr, "NSS failed to shutdown, possible leak: %d: %s",
- PR_GetError(), PR_ErrorToName(s));
- return APR_EINIT;
- }
- }
- return APR_SUCCESS;
-}
-
-#endif /* APU_HAVE_NSS */
-
#endif /* APU_HAVE_CRYPTO */
Modified: apr/apr/trunk/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_nss.c?rev=1861894&r1=1861893&r2=1861894&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_crypto_nss.c (original)
+++ apr/apr/trunk/crypto/apr_crypto_nss.c Sat Jun 22 23:58:06 2019
@@ -135,7 +135,20 @@ static apr_status_t crypto_error(const a
*/
static apr_status_t crypto_shutdown(void)
{
- return apr_crypto_lib_term("nss");
+ if (NSS_IsInitialized()) {
+ SECStatus s = NSS_Shutdown();
+ if (s != SECSuccess) {
+ fprintf(stderr, "NSS failed to shutdown, possible leak: %d: %s",
+ PR_GetError(), PR_ErrorToName(s));
+ return APR_EINIT;
+ }
+ }
+ return APR_SUCCESS;
+}
+
+static apr_status_t crypto_shutdown_helper(void *data)
+{
+ return crypto_shutdown();
}
/**
@@ -144,7 +157,105 @@ static apr_status_t crypto_shutdown(void
static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
const apu_err_t **result)
{
- return apr_crypto_lib_init("nss", params, result, pool);
+ SECStatus s;
+ const char *dir = NULL;
+ const char *keyPrefix = NULL;
+ const char *certPrefix = NULL;
+ const char *secmod = NULL;
+ int noinit = 0;
+ PRUint32 flags = 0;
+
+ struct {
+ const char *field;
+ const char *value;
+ int set;
+ } fields[] = {
+ { "dir", NULL, 0 },
+ { "key3", NULL, 0 },
+ { "cert7", NULL, 0 },
+ { "secmod", NULL, 0 },
+ { "noinit", NULL, 0 },
+ { NULL, NULL, 0 }
+ };
+ const char *ptr;
+ size_t klen;
+ char **elts = NULL;
+ char *elt;
+ int i = 0, j;
+ apr_status_t status;
+
+ if (params) {
+ if (APR_SUCCESS != (status = apr_tokenize_to_argv(params, &elts, pool))) {
+ return status;
+ }
+ while ((elt = elts[i])) {
+ ptr = strchr(elt, '=');
+ if (ptr) {
+ for (klen = ptr - elt; klen && apr_isspace(elt[klen - 1]); --klen)
+ ;
+ ptr++;
+ }
+ else {
+ for (klen = strlen(elt); klen && apr_isspace(elt[klen - 1]); --klen)
+ ;
+ }
+ elt[klen] = 0;
+
+ for (j = 0; fields[j].field != NULL; ++j) {
+ if (klen && !strcasecmp(fields[j].field, elt)) {
+ fields[j].set = 1;
+ if (ptr) {
+ fields[j].value = ptr;
+ }
+ break;
+ }
+ }
+
+ i++;
+ }
+ dir = fields[0].value;
+ keyPrefix = fields[1].value;
+ certPrefix = fields[2].value;
+ secmod = fields[3].value;
+ noinit = fields[4].set;
+ }
+
+ /* if we've been asked to bypass, do so here */
+ if (noinit) {
+ return APR_SUCCESS;
+ }
+
+ /* sanity check - we can only initialise NSS once */
+ if (NSS_IsInitialized()) {
+ return APR_EREINIT;
+ }
+
+ if (keyPrefix || certPrefix || secmod) {
+ s = NSS_Initialize(dir, certPrefix, keyPrefix, secmod, flags);
+ }
+ else if (dir) {
+ s = NSS_InitReadWrite(dir);
+ }
+ else {
+ s = NSS_NoDB_Init(NULL);
+ }
+ if (s != SECSuccess) {
+ if (result) {
+ /* Note: all memory must be owned by the caller, in case we're unloaded */
+ apu_err_t *err = apr_pcalloc(pool, sizeof(apu_err_t));
+ err->rc = PR_GetError();
+ err->msg = apr_pstrdup(pool, PR_ErrorToName(s));
+ err->reason = apr_pstrdup(pool, "Error during 'nss' initialisation");
+ *result = err;
+ }
+
+ return APR_ECRYPT;
+ }
+
+ apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper,
+ apr_pool_cleanup_null);
+
+ return APR_SUCCESS;
}
/**
Modified: apr/apr/trunk/include/private/apr_crypto_internal.h
URL: http://svn.apache.org/viewvc/apr/apr/trunk/include/private/apr_crypto_internal.h?rev=1861894&r1=1861893&r2=1861894&view=diff
==============================================================================
--- apr/apr/trunk/include/private/apr_crypto_internal.h (original)
+++ apr/apr/trunk/include/private/apr_crypto_internal.h Sat Jun 22 23:58:06 2019
@@ -428,14 +428,6 @@ apr_status_t apr__crypto_openssl_init(co
apr_status_t apr__crypto_openssl_term(void);
#endif
-#if APU_HAVE_NSS
-const char *apr__crypto_nss_version(void);
-apr_status_t apr__crypto_nss_init(const char *params,
- const apu_err_t **result,
- apr_pool_t *pool);
-apr_status_t apr__crypto_nss_term(void);
-#endif
-
#endif
#ifdef __cplusplus