1
/***********************************************************************
3
* A copy of nss.h from NSS 3.11.4 for the directories that make up the
4
* NSS cryptographic module (lib/freebl and lib/softoken).
6
* When compiling in these directories, the compiler uses the local copy
7
* of nss.h, allowing the NSS cryptographic module to stay at version
8
* 3.11.4 (the version submitted to NIST for FIPS 140-2 validation).
10
* DO NOT CHANGE THIS FILE.
12
***********************************************************************/
14
* NSS utility functions
16
* ***** BEGIN LICENSE BLOCK *****
17
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
19
* The contents of this file are subject to the Mozilla Public License Version
20
* 1.1 (the "License"); you may not use this file except in compliance with
21
* the License. You may obtain a copy of the License at
22
* http://www.mozilla.org/MPL/
24
* Software distributed under the License is distributed on an "AS IS" basis,
25
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
26
* for the specific language governing rights and limitations under the
29
* The Original Code is the Netscape security libraries.
31
* The Initial Developer of the Original Code is
32
* Netscape Communications Corporation.
33
* Portions created by the Initial Developer are Copyright (C) 1994-2000
34
* the Initial Developer. All Rights Reserved.
38
* Alternatively, the contents of this file may be used under the terms of
39
* either the GNU General Public License Version 2 or later (the "GPL"), or
40
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
41
* in which case the provisions of the GPL or the LGPL are applicable instead
42
* of those above. If you wish to allow use of your version of this file only
43
* under the terms of either the GPL or the LGPL, and not to allow others to
44
* use your version of this file under the terms of the MPL, indicate your
45
* decision by deleting the provisions above and replace them with the notice
46
* and other provisions required by the GPL or the LGPL. If you do not delete
47
* the provisions above, a recipient may use your version of this file under
48
* the terms of any one of the MPL, the GPL or the LGPL.
50
* ***** END LICENSE BLOCK ***** */
51
/* $Id: nss.h,v 1.1.2.1 2006/12/06 02:56:53 wtchang%redhat.com Exp $ */
61
* NSS's major version, minor version, patch level, and whether
62
* this is a beta release.
64
* The format of the version string should be
65
* "<major version>.<minor version>[.<patch level>] [<Beta>]"
67
/* ***** DO NOT CHANGE THIS FILE. ***** */
69
#ifdef NSS_ECC_MORE_THAN_SUITE_B
70
#define NSS_VERSION "3.11.4 Extended ECC"
72
#define NSS_VERSION "3.11.4 Basic ECC"
75
#define NSS_VERSION "3.11.4"
80
#define NSS_BETA PR_FALSE
83
* Return a boolean that indicates whether the underlying library
84
* will perform as the caller expects.
86
* The only argument is a string, which should be the verson
87
* identifier of the NSS library. That string will be compared
88
* against a string that represents the actual build version of
89
* the NSS library. It also invokes the version checking functions
90
* of the dependent libraries such as NSPR.
92
extern PRBool NSS_VersionCheck(const char *importedVersion);
95
* Open the Cert, Key, and Security Module databases, read only.
96
* Initialize the Random Number Generator.
97
* Does not initialize the cipher policies or enables.
98
* Default policy settings disallow all ciphers.
100
extern SECStatus NSS_Init(const char *configdir);
103
* Returns whether NSS has already been initialized or not.
105
extern PRBool NSS_IsInitialized(void);
108
* Open the Cert, Key, and Security Module databases, read/write.
109
* Initialize the Random Number Generator.
110
* Does not initialize the cipher policies or enables.
111
* Default policy settings disallow all ciphers.
113
extern SECStatus NSS_InitReadWrite(const char *configdir);
116
* Open the Cert, Key, and Security Module databases, read/write.
117
* Initialize the Random Number Generator.
118
* Does not initialize the cipher policies or enables.
119
* Default policy settings disallow all ciphers.
121
* This allows using application defined prefixes for the cert and key db's
122
* and an alternate name for the secmod database. NOTE: In future releases,
123
* the database prefixes my not necessarily map to database names.
125
* configdir - base directory where all the cert, key, and module datbases live.
126
* certPrefix - prefix added to the beginning of the cert database example: "
128
* keyPrefix - prefix added to the beginning of the key database example: "
130
* secmodName - name of the security module database (usually "secmod.db").
131
* flags - change the open options of NSS_Initialize as follows:
132
* NSS_INIT_READONLY - Open the databases read only.
133
* NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
134
* initialize the volatile certdb.
135
* NSS_INIT_NOMODDB - Don't open the security module DB, just
136
* initialize the PKCS #11 module.
137
* NSS_INIT_FORCEOPEN - Continue to force initializations even if the
138
* databases cannot be opened.
139
* NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
141
* NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
142
* NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
143
* thread-safe, ie. that support locking - either OS
144
* locking or NSS-provided locks . If a PKCS#11
145
* module isn't thread-safe, don't serialize its
146
* calls; just don't load it instead. This is necessary
147
* if another piece of code is using the same PKCS#11
148
* modules that NSS is accessing without going through
149
* NSS, for example the Java SunPKCS11 provider.
150
* NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
151
* error when loading PKCS#11 modules. This is necessary
152
* if another piece of code is using the same PKCS#11
153
* modules that NSS is accessing without going through
154
* NSS, for example Java SunPKCS11 provider.
155
* NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
156
* PKCS#11 module. This may be necessary in order to
157
* ensure continuous operation and proper shutdown
158
* sequence if another piece of code is using the same
159
* PKCS#11 modules that NSS is accessing without going
160
* through NSS, for example Java SunPKCS11 provider.
161
* The following limitation applies when this is set :
162
* SECMOD_WaitForAnyTokenEvent will not use
163
* C_WaitForSlotEvent, in order to prevent the need for
164
* C_Finalize. This call will be emulated instead.
165
* NSS_INIT_RESERVED - Currently has no effect, but may be used in the
166
* future to trigger better cooperation between PKCS#11
167
* modules used by both NSS and the Java SunPKCS11
168
* provider. This should occur after a new flag is defined
169
* for C_Initialize by the PKCS#11 working group.
170
* NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
171
* use both NSS and the Java SunPKCS11 provider.
173
* Also NOTE: This is not the recommended method for initializing NSS.
174
* The prefered method is NSS_init().
176
#define NSS_INIT_READONLY 0x1
177
#define NSS_INIT_NOCERTDB 0x2
178
#define NSS_INIT_NOMODDB 0x4
179
#define NSS_INIT_FORCEOPEN 0x8
180
#define NSS_INIT_NOROOTINIT 0x10
181
#define NSS_INIT_OPTIMIZESPACE 0x20
182
#define NSS_INIT_PK11THREADSAFE 0x40
183
#define NSS_INIT_PK11RELOAD 0x80
184
#define NSS_INIT_NOPK11FINALIZE 0x100
185
#define NSS_INIT_RESERVED 0x200
187
#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \
188
NSS_INIT_PK11RELOAD | \
189
NSS_INIT_NOPK11FINALIZE | \
193
#define SECMOD_DB "Security Modules"
195
#define SECMOD_DB "secmod.db"
198
extern SECStatus NSS_Initialize(const char *configdir,
199
const char *certPrefix, const char *keyPrefix,
200
const char *secmodName, PRUint32 flags);
203
* initialize NSS without a creating cert db's, key db's, or secmod db's.
205
SECStatus NSS_NoDB_Init(const char *configdir);
208
* Allow applications and libraries to register with NSS so that they are called
209
* when NSS shuts down.
211
* void *appData application specific data passed in by the application at
212
* NSS_RegisterShutdown() time.
213
* void *nssData is NULL in this release, but is reserved for future versions of
214
* NSS to pass some future status information * back to the shutdown function.
216
* If the shutdown function returns SECFailure,
217
* Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
219
typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
222
* Register a shutdown function.
224
SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
227
* Remove an existing shutdown function (you may do this if your library is
228
* complete and going away, but NSS is still running).
230
SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
233
* Close the Cert, Key databases.
235
extern SECStatus NSS_Shutdown(void);
238
* set the PKCS #11 strings for the internal token.
240
void PK11_ConfigurePKCS11(const char *man, const char *libdes,
241
const char *tokdes, const char *ptokdes, const char *slotdes,
242
const char *pslotdes, const char *fslotdes, const char *fpslotdes,
243
int minPwd, int pwRequired);
246
* Dump the contents of the certificate cache and the temporary cert store.
247
* Use to detect leaked references of certs at shutdown time.
249
void nss_DumpCertificateCacheInfo(void);
253
#endif /* __nss_h_ */