Skip to content

Commit

Permalink
Use private NSS context if NSS supports it (RhBug:871485)
Browse files Browse the repository at this point in the history
- Older NSS versions operate on global context, which can cause
  all sorts of trouble when an API user tries to use NSS for their
  own purposes: eg they might want to use NSS databases which is not
  possible once we've initialized NSS with NSS_NoDB_Init(). Further
  background on the subject at https://wiki.mozilla.org/NSS_Library_Init
- Use private private NSS context when possible (NSS >= 3.12.5) to
  avoid such clashes, but keep support for older versions for now.
  • Loading branch information
pmatilai committed Oct 31, 2012
1 parent eb23d21 commit 5ecfdce
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
4 changes: 4 additions & 0 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,10 @@ AC_CHECK_HEADERS([nspr.h nss.h sechash.h], [], [
])
AC_CHECK_LIB(nss3, NSS_NoDB_Init, [
WITH_NSS_LIB=-lnss3
AC_CHECK_LIB(nss3, NSS_InitContext, [
AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [Define to 1 if NSS has NSS_InitContext])
AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
]),
], [
AC_MSG_ERROR([missing required NSS library 'nss3'])
])
Expand Down
24 changes: 23 additions & 1 deletion rpmio/digest_nss.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@
static int _crypto_initialized = 0;
static int _new_process = 1;

#if HAVE_NSS_INITCONTEXT
static NSSInitContext * _nss_ctx = NULL;
#endif

/**
* MD5/SHA1 digest private data.
*/
Expand Down Expand Up @@ -41,9 +45,22 @@ int rpmInitCrypto(void)
rpmFreeCrypto();
}

/* Initialize NSS if not already done */
/*
* Initialize NSS if not already done.
* NSS prior to 3.12.5 only supports a global context which can cause
* trouble when an API user wants to use NSS for their own purposes, use
* a private context if possible.
*/
if (!_crypto_initialized) {
#if HAVE_NSS_INITCONTEXT
PRUint32 flags = (NSS_INIT_READONLY|NSS_INIT_NOCERTDB|
NSS_INIT_NOMODDB|NSS_INIT_FORCEOPEN|
NSS_INIT_NOROOTINIT|NSS_INIT_OPTIMIZESPACE);
_nss_ctx = NSS_InitContext(NULL, NULL, NULL, NULL, NULL, flags);
if (_nss_ctx == NULL) {
#else
if (NSS_NoDB_Init(NULL) != SECSuccess) {
#endif
rc = -1;
} else {
_crypto_initialized = 1;
Expand All @@ -64,7 +81,12 @@ int rpmFreeCrypto(void)
{
int rc = 0;
if (_crypto_initialized) {
#if HAVE_NSS_INITCONTEXT
rc = (NSS_ShutdownContext(_nss_ctx) != SECSuccess);
_nss_ctx = NULL;
#else
rc = (NSS_Shutdown() != SECSuccess);
#endif
_crypto_initialized = 0;
}
return rc;
Expand Down

0 comments on commit 5ecfdce

Please sign in to comment.