void
nssCleanup (void)
{
/* Shutdown NSS and exit NSPR gracefully. */
NSS_Shutdown ();
PR_Cleanup ();
}
/* Global cleanup */
void Curl_nss_cleanup(void)
{
/* This function isn't required to be threadsafe and this is only done
* as a safety feature.
*/
PR_Lock(nss_initlock);
if(initialized) {
/* Free references to client certificates held in the SSL session cache.
* Omitting this hampers destruction of the security module owning
* the certificates. */
SSL_ClearSessionCache();
if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
SECMOD_DestroyModule(mod);
mod = NULL;
}
#ifdef HAVE_NSS_INITCONTEXT
NSS_ShutdownContext(nss_context);
nss_context = NULL;
#else /* HAVE_NSS_INITCONTEXT */
NSS_Shutdown();
#endif
}
PR_Unlock(nss_initlock);
PR_DestroyLock(nss_initlock);
PR_DestroyLock(nss_crllock);
nss_initlock = NULL;
initialized = 0;
}
void
crypto_global_finish(void)
{
NSS_Shutdown();
PL_ArenaFinish();
PR_Cleanup();
}
void MozillaRenderer::shutdown(void)
{
// Shutdown NSS and NSPR
NSS_Shutdown();
// FIXME: this hangs, waiting on a condition variable
//PR_Cleanup();
}
void lsw_nss_shutdown(void)
{
NSS_Shutdown();
if (!(flags & LSW_NSS_SKIP_PR_CLEANUP)) {
PR_Cleanup();
}
}
/**
* camel_shutdown:
*
* Since: 2.24
**/
void
camel_shutdown (void)
{
CamelCertDB *certdb;
if (!initialised)
return;
certdb = camel_certdb_get_default ();
if (certdb) {
camel_certdb_save (certdb);
camel_certdb_set_default (NULL);
}
/* These next calls must come last. */
if (nss_initlock != NULL) {
PR_Lock (nss_initlock);
if (nss_initialized)
NSS_Shutdown ();
PR_Unlock (nss_initlock);
}
initialised = FALSE;
}
int
qdevice_model_net_destroy(struct qdevice_instance *instance)
{
struct qdevice_net_instance *net_instance;
net_instance = instance->model_data;
qdevice_log(LOG_DEBUG, "Destroying algorithm");
qdevice_net_algorithm_destroy(net_instance);
qdevice_log(LOG_DEBUG, "Destroying qdevice_net_instance");
qdevice_net_instance_destroy(net_instance);
qdevice_log(LOG_DEBUG, "Shutting down NSS");
SSL_ClearSessionCache();
if (NSS_Shutdown() != SECSuccess) {
qdevice_log_nss(LOG_WARNING, "Can't shutdown NSS");
}
if (PR_Cleanup() != PR_SUCCESS) {
qdevice_log_nss(LOG_WARNING, "Can't shutdown NSPR");
}
free(net_instance);
return (0);
}
void release_pkcs11_module(pkcs11_handle_t *h)
{
SECStatus rv;
close_pkcs11_session(h);
if (h->is_user_module) {
rv = SECMOD_UnloadUserModule(h->module);
if (rv != SECSuccess) {
DBG1("Unloading UserModule failed: %s", SECU_Strerror(PR_GetError()));
}
}
if (h->module) {
SECMOD_DestroyModule(h->module);
}
memset(h, 0, sizeof(pkcs11_handle_t));
free(h);
/* if we initialized NSS, then we need to shut it down */
if (!app_has_NSS) {
rv = NSS_Shutdown();
if (rv != SECSuccess) {
DBG1("NSS Shutdown Failed: %s", SECU_Strerror(PR_GetError()));
}
}
}
static
int runCmd(mainTestFn fnPointer,
int argc,
char **argv,
char *dbPath)
{
int retStat = 0;
/* Initialize NSPR and NSS. */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* if using databases, use NSS_Init and not NSS_NoDB_Init */
if (dbPath && PORT_Strlen(dbPath) != 0) {
if (NSS_Init(dbPath) != SECSuccess)
return SECFailure;
} else {
if (NSS_NoDB_Init(NULL) != 0)
return SECFailure;
}
retStat = fnPointer(argc, argv);
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
PR_Cleanup();
return retStat;
}
void tls_deinit(void *ssl_ctx) {
tls_nss_ref_count--;
if (tls_nss_ref_count == 0) {
if (NSS_Shutdown() != SECSuccess)
wpa_printf(MSG_ERROR, "NSS: NSS_Shutdown() failed");
}
}
/*
* _import_crl <url> <der size>
* the der blob is passed through STDIN from pluto's fork
*/
int main(int argc, char *argv[])
{
char *url, *lenstr;
unsigned char *buf, *tbuf;
size_t len, tlen;
ssize_t rd;
int fin;
if (argc != 3)
exit(-1);
progname = argv[0];
url = argv[1];
lenstr = argv[2];
/* can't be 0 */
if (*lenstr == '0' && strlen(lenstr) == 1)
exit(-1);
while (*lenstr != '\0') {
if (!isalnum(*lenstr++)) {
exit(-1);
}
}
tlen = len = (size_t) atoi(argv[2]);
tbuf = buf = (unsigned char *) malloc(len);
if (tbuf == NULL)
exit(-1);
while (tlen != 0 && (rd = read(STDIN_FILENO, buf, len)) != 0) {
if (rd == -1) {
if (errno == EINTR)
continue;
exit(-1);
}
tlen -= rd;
buf += rd;
}
if ((size_t)(buf - tbuf) != len)
exit(-1);
const struct lsw_conf_options *oco = lsw_init_options();
lsw_nss_buf_t err;
if (!lsw_nss_setup(oco->nssdir, 0, lsw_nss_get_password, err)) {
fprintf(stderr, "%s: %s\n", progname, err);
exit(1);
}
fin = import_crl(url, tbuf, len);
if (tbuf != NULL)
free(tbuf);
NSS_Shutdown();
return fin;
}
gboolean
sc_shutdown_nss (GError **error)
{
NSS_Shutdown ();
sc_debug ("NSS shut down");
return TRUE;
}
static void
ssl_nss_uninit(void)
{
NSS_Shutdown();
PR_Cleanup();
_nss_methods = NULL;
}
void
crypto_deinit (void)
{
if (initialized) {
NSS_Shutdown ();
PR_Cleanup ();
}
}
int
main(int argc, char **argv)
{
char * progName = NULL;
SECStatus secStatus;
PLOptState *optstate;
PLOptStatus status;
/* Call the NSPR initialization routines */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
progName = PL_strdup(argv[0]);
hostName = NULL;
optstate = PL_CreateOptState(argc, argv, "d:h:i:o:p:t:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK)
{
switch(optstate->option)
{
case 'd' : certDir = PL_strdup(optstate->value); break;
case 'h' : hostName = PL_strdup(optstate->value); break;
case 'i' : infileName = PL_strdup(optstate->value); break;
case 'o' : outfileName = PL_strdup(optstate->value); break;
case 'p' : port = PORT_Atoi(optstate->value); break;
case 't' : trustNewServer_p = PL_strdup(optstate->value); break;
case '?' :
default : Usage(progName);
}
}
if (port == 0 || hostName == NULL || infileName == NULL || outfileName == NULL || certDir == NULL)
Usage(progName);
#if 0 /* no client authentication */
/* Set our password function callback. */
PK11_SetPasswordFunc(myPasswd);
#endif
/* Initialize the NSS libraries. */
secStatus = NSS_InitReadWrite(certDir);
if (secStatus != SECSuccess)
{
/* Try it again, readonly. */
secStatus = NSS_Init(certDir);
if (secStatus != SECSuccess)
exitErr("Error initializing NSS", GENERAL_ERROR);
}
/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
NSS_SetDomesticPolicy();
client_main(port);
NSS_Shutdown();
PR_Cleanup();
return 0;
}
/**
* Shutdown the crypto library and release resources.
*
* It is safe to shut down twice.
*/
static apr_status_t crypto_shutdown(void)
{
if (NSS_IsInitialized()) {
SECStatus s = NSS_Shutdown();
if (s != SECSuccess) {
return APR_EINIT;
}
}
return APR_SUCCESS;
}
void
exitErr(char *function)
{
errWarn(function);
/* Exit gracefully. */
/* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
(void) NSS_Shutdown();
PR_Cleanup();
exit(1);
}
static void
exitErr(const char* errorStr, int rc)
{
fprintf (stderr, "%s: ", errorStr);
nssError();
/* Exit gracefully. */
/* ignoring return value of NSS_Shutdown. */
(void) NSS_Shutdown();
PR_Cleanup();
exit(rc);
}
static
int
__pkcs11h_crypto_nss_uninitialize (
IN void * const global_data
) {
if (*(int *)global_data != FALSE) {
NSS_Shutdown ();
}
return TRUE;
}
am_status_t Connection::shutdown(void)
{
//
// NOTE: This may not always be the right thing to do, as somebody may
// have initialized NSS before we did and expect it to keep working
// after we are done.
//
if (initialized) {
NSS_Shutdown();
initialized = false;
}
return AM_SUCCESS;
}
static void
unload_nss (GsdSmartcardManager *self)
{
g_debug ("attempting to unload NSS security system with database '%s'",
GSD_SMARTCARD_MANAGER_NSS_DB);
if (self->priv->nss_is_loaded) {
NSS_Shutdown ();
self->priv->nss_is_loaded = FALSE;
g_debug ("NSS database '%s' unloaded", GSD_SMARTCARD_MANAGER_NSS_DB);
} else {
g_debug ("NSS database '%s' already not loaded", GSD_SMARTCARD_MANAGER_NSS_DB);
}
}
void
cms_context_fini(cms_context *ctx)
{
if (ctx->cert) {
CERT_DestroyCertificate(ctx->cert);
ctx->cert = NULL;
}
if (ctx->privkey) {
free(ctx->privkey);
ctx->privkey = NULL;
}
if (ctx->pe_digest) {
free_poison(ctx->pe_digest->data, ctx->pe_digest->len);
/* XXX sure seems like we should be freeing it here, but
* that's segfaulting, and we know it'll get cleaned up with
* PORT_FreeArena a couple of lines down.
*/
ctx->pe_digest = NULL;
}
if (ctx->ci_digest) {
free_poison(ctx->ci_digest->data, ctx->ci_digest->len);
/* XXX sure seems like we should be freeing it here, but
* that's segfaulting, and we know it'll get cleaned up with
* PORT_FreeArena a couple of lines down.
*/
ctx->ci_digest = NULL;
}
#if 0
for (int i = 0; i < ctx->num_signatures; i++) {
if (ctx->signatures[i]) {
if (ctx->signatures[i]->data)
free(ctx->signatures[i]->data);
free(ctx->signatures[i]);
}
}
free(ctx->signatures);
#endif
ctx->signatures = NULL;
PORT_FreeArena(ctx->arena, PR_TRUE);
memset(ctx, '\0', sizeof(*ctx));
NSS_Shutdown();
}
/**
* xmlSecNssAppShutdown:
*
* General crypto engine shutdown. This function is used
* by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecNssAppShutdown(void) {
SECStatus rv;
/*
SSL_ClearSessionCache();
*/
PK11_LogoutAll();
rv = NSS_Shutdown();
if(rv != SECSuccess) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"NSS_Shutdown",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/* Global cleanup */
void Curl_nss_cleanup(void)
{
/* This function isn't required to be threadsafe and this is only done
* as a safety feature.
*/
PR_Lock(nss_initlock);
if (initialized) {
if(mod)
SECMOD_DestroyModule(mod);
mod = NULL;
NSS_Shutdown();
}
PR_Unlock(nss_initlock);
PR_DestroyLock(nss_initlock);
nss_initlock = NULL;
initialized = 0;
}
/* leave pluto, with status.
* Once child is launched, parent must not exit this way because
* the lock would be released.
*
* 0 OK
* 1 general discomfort
* 10 lock file exists
*/
void
exit_pluto(int status)
{
reset_globals(); /* needed because we may be called in odd state */
free_preshared_secrets();
free_remembered_public_keys();
delete_every_connection();
/* free memory allocated by initialization routines. Please don't
forget to do this. */
#ifdef TPM
free_tpm();
#endif
#ifdef HAVE_THREADS
free_crl_fetch(); /* free chain of crl fetch requests */
#endif
#ifdef HAVE_OCSP
free_ocsp_fetch(); /* free chain of ocsp fetch requests */
#endif
free_authcerts(); /* free chain of X.509 authority certificates */
free_crls(); /* free chain of X.509 CRLs */
free_acerts(); /* free chain of X.509 attribute certificates */
free_ocsp(); /* free ocsp cache */
osw_conf_free_oco(); /* free global_oco containing path names */
free_myFQDN(); /* free myid FQDN */
free_ifaces(); /* free interface list from memory */
stop_adns(); /* Stop async DNS process (if running) */
free_md_pool(); /* free the md pool */
#ifdef HAVE_LIBNSS
NSS_Shutdown();
#endif
delete_lock(); /* delete any lock files */
#ifdef LEAK_DETECTIVE
report_leaks(); /* report memory leaks now, after all free()s */
#endif /* LEAK_DETECTIVE */
close_log(); /* close the logfiles */
exit(status); /* exit, with our error code */
}
int nspr_nss_cleanup(void)
{
SECStatus sret;
/* nothing to do */
if (nspr_nss_init_done == 0) return SECSuccess;
sret = NSS_Shutdown();
if (sret != SECSuccess) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Error shutting down connection to NSS [%d]\n",
PR_GetError());
return EIO;
}
PR_Cleanup();
nspr_nss_init_done = 0;
return EOK;
}
int main(int argc, char **argv)
{
if (argc < 2) exit(1);
NSS_NoDB_Init(NULL);
/*************/
/* AES */
/*************/
if (strcmp(argv[1], "aes") == 0) {
/* argv[2]=kat argv[3]=gcm argv[4]=<test name>.rsp */
if (strcmp(argv[2], "kat") == 0) {
/* Known Answer Test (KAT) */
aes_gcm_kat(argv[4]);
}
}
NSS_Shutdown();
return 0;
}
/*
* leave pluto, with status.
* Once child is launched, parent must not exit this way because
* the lock would be released.
*
* 0 OK
* 1 general discomfort
* 10 lock file exists
*/
void exit_pluto(int status)
{
/* needed because we may be called in odd state */
reset_globals();
free_preshared_secrets();
free_remembered_public_keys();
delete_every_connection();
/*
* free memory allocated by initialization routines. Please don't
* forget to do this.
*/
#if defined(LIBCURL) || defined(LDAP_VER)
free_crl_fetch(); /* free chain of crl fetch requests */
#endif
lsw_conf_free_oco(); /* free global_oco containing path names */
free_myFQDN(); /* free myid FQDN */
free_ifaces(); /* free interface list from memory */
#ifdef USE_ADNS
stop_adns(); /* Stop async DNS process (if running) */
#endif
free_md_pool(); /* free the md pool */
NSS_Shutdown();
delete_lock(); /* delete any lock files */
free_virtual_ip(); /* virtual_private= */
free_kernelfd(); /* stop listening to kernel FD, remove event */
free_pluto_main(); /* our static chars */
/* report memory leaks now, after all free_* calls */
if (leak_detective)
report_leaks();
close_log(); /* close the logfiles */
exit(status); /* exit, with our error code */
}
void
__pmSecureServerShutdown(void)
{
PM_INIT_LOCKS();
PM_LOCK(secureserver_lock);
if (secure_server.certificate) {
CERT_DestroyCertificate(secure_server.certificate);
secure_server.certificate = NULL;
}
if (secure_server.private_key) {
SECKEY_DestroyPrivateKey(secure_server.private_key);
secure_server.private_key = NULL;
}
if (secure_server.ssl_session_cache_setup) {
SSL_ShutdownServerSessionIDCache();
secure_server.ssl_session_cache_setup = 0;
}
if (secure_server.initialized) {
NSS_Shutdown();
secure_server.initialized = 0;
}
PM_UNLOCK(secureserver_lock);
}
int main(int argc, char **argv)
{
int rv, ascii;
char *progName;
FILE *outFile;
PRFileDesc *inFile;
SECItem der, data;
char *typeTag;
PLOptState *optstate;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
ascii = 0;
inFile = 0;
outFile = 0;
typeTag = 0;
optstate = PL_CreateOptState(argc, argv, "at:i:o:");
while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'a':
ascii = 1;
break;
case 'i':
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 't':
typeTag = strdup(optstate->value);
break;
}
}
PL_DestroyOptState(optstate);
if (!typeTag) Usage(progName);
if (!inFile) inFile = PR_STDIN;
if (!outFile) outFile = stdout;
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_NoDB_Init(NULL);
if (rv != SECSuccess) {
fprintf(stderr, "%s: NSS_NoDB_Init failed (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
exit(1);
}
SECU_RegisterDynamicOids();
rv = SECU_ReadDERFromFile(&der, inFile, ascii, PR_FALSE);
if (rv != SECSuccess) {
fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
exit(1);
}
/* Data is untyped, using the specified type */
data.data = der.data;
data.len = der.len;
/* Pretty print it */
if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
SECU_PrintCertificate);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0) {
PRBool saveWrapeState = SECU_GetWrapEnabled();
SECU_EnableWrap(PR_FALSE);
rv = SECU_PrintSignedContent(outFile, &data, 0, 0,
SECU_PrintDumpDerIssuerAndSerial);
SECU_EnableWrap(saveWrapeState);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
SECU_PrintCertificateRequest);
} else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) {
rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
#ifdef HAVE_EPV_TEMPLATE
} else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
#endif
} else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0);
} else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) {
rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
"PKCS #7 Content Info", 0);
} else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0) {
rv = SECU_PrintDERName(outFile, &data, "Name", 0);
} else {
fprintf(stderr, "%s: don't know how to print out '%s' files\n",
progName, typeTag);
SECU_PrintAny(outFile, &data, "File contains", 0);
return -1;
}
if (inFile != PR_STDIN)
PR_Close(inFile);
PORT_Free(der.data);
if (rv) {
fprintf(stderr, "%s: problem converting data (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
}
if (NSS_Shutdown() != SECSuccess) {
fprintf(stderr, "%s: NSS_Shutdown failed (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
rv = SECFailure;
}
PR_Cleanup();
return rv;
}
