4 files changed, 113 insertions, 0 deletions

diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols b/security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols
new file mode 100644
index 0000000000..562ecea21d
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/ipcclientcerts.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/moz.build b/security/manager/ssl/ipcclientcerts/dynamic-library/moz.build
new file mode 100644
index 0000000000..7f2ab5e27f
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/moz.build
@@ -0,0 +1,40 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+USE_LIBS += ["ipcclientcerts-static"]
+
+# On Linux (but not when building for Android), this needs to use the C++
+# version to avoid linking against the wrong libc symbols.
+# On Android, this needs to use the C version to avoid multiple definitions
+# of symbols caused by their presence in libgcc and ipcclientcerts-static.
+if CONFIG["OS_ARCH"] == "Linux" and CONFIG["OS_TARGET"] != "Android":
+    SOURCES += [
+        "stub.cpp",
+    ]
+else:
+    SOURCES += [
+        "stub.c",
+    ]
+
+if CONFIG["OS_TARGET"] == "Android":
+    OS_LIBS += ["m"]
+
+if CONFIG["OS_ARCH"] == "WINNT":
+    OS_LIBS += [
+        "advapi32",
+        "userenv",
+        "ws2_32",
+    ]
+    OS_LIBS += [
+        "bcrypt",
+        "ntdll",
+    ]
+
+
+SharedLibrary("ipcclientcerts")
+
+NoVisibilityFlags()
+SYMBOLS_FILE = "ipcclientcerts.symbols"
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/stub.c b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.c
new file mode 100644
index 0000000000..f679e5dfd4
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.c
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+// The build system builds the rust library ipcclientcerts as a static library
+// called ipcclientcerts_static. On macOS and Windows, that static library can
+// be linked with an empty file and turned into a shared library with the
+// function C_GetFunctionList exposed. This allows that shared library to be
+// used as a PKCS#11 module (see osclientcerts).
+// Unfortunately, on Linux, exposing the C_GetFunctionList in the static
+// library doesn't work for some unknown reason. As a workaround, this file
+// declares its own C_GetFunctionList that can be exposed in the shared
+// library. It then calls the function IPCCC_GetFunctionList exposed
+// (internally to the linkage in question) by ipcclientcerts. This enables
+// the build system to ultimately turn ipcclientcerts into a shared library
+// that exposes a C_GetFunctionList function, meaning it can be used as a
+// PKCS#11 module.
+
+CK_RV IPCCC_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  return IPCCC_GetFunctionList(ppFunctionList);
+}
+
+// On MinGW there's a toolchain mismatch that results in _Unwind_Resume being
+// undefined. It's never going to get called here anyway, so this defines it to
+// satisfy the linker. See bug 1745855 and
+// https://github.com/rust-lang/rust/issues/79609#issuecomment-987107562.
+#ifdef __MINGW32__
+#  include "mozilla/Assertions.h"
+void _Unwind_Resume() { MOZ_CRASH("Unexpected call to _Unwind_*"); }
+void _Unwind_GetDataRelBase() { _Unwind_Resume(); }
+void _Unwind_GetTextRelBase() { _Unwind_Resume(); }
+void _Unwind_GetLanguageSpecificData() { _Unwind_Resume(); }
+void _Unwind_GetIPInfo() { _Unwind_Resume(); }
+void _Unwind_GetRegionStart() { _Unwind_Resume(); }
+void _Unwind_SetGR() { _Unwind_Resume(); }
+void _Unwind_SetIP() { _Unwind_Resume(); }
+void _GCC_specific_handler() { _Unwind_Resume(); }
+#endif
diff --git a/security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp
new file mode 100644
index 0000000000..e50f867574
--- /dev/null
+++ b/security/manager/ssl/ipcclientcerts/dynamic-library/stub.cpp
@@ -0,0 +1,29 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+// The build system builds the rust library ipcclientcerts as a static library
+// called ipcclientcerts_static. On macOS and Windows, that static library can
+// be linked with an empty file and turned into a shared library with the
+// function C_GetFunctionList exposed. This allows that shared library to be
+// used as a PKCS#11 module (see osclientcerts).
+// Unfortunately, on Linux, exposing the C_GetFunctionList in the static
+// library doesn't work for some unknown reason. As a workaround, this file
+// declares its own C_GetFunctionList that can be exposed in the shared
+// library. It then calls the function IPCCC_GetFunctionList exposed
+// (internally to the linkage in question) by ipcclientcerts. This enables
+// the build system to ultimately turn ipcclientcerts into a shared library
+// that exposes a C_GetFunctionList function, meaning it can be used as a
+// PKCS#11 module.
+
+extern "C" {
+
+CK_RV IPCCC_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+  return IPCCC_GetFunctionList(ppFunctionList);
+}
+}