diff options
author | Robert Relyea <rrelyea@redhat.com> | 2020-02-18 11:47:29 -0800 |
---|---|---|
committer | Robert Relyea <rrelyea@redhat.com> | 2020-02-18 11:47:29 -0800 |
commit | cba7139e8a83e94a3aa4c01b166269b09c66c4ea (patch) | |
tree | 83e8b4ee327a1768650cf1106b0114138014e6b3 /lib/certdb | |
parent | 6ea4341163d6bd979283116d880e92ea55709e2e (diff) | |
download | nss-hg-cba7139e8a83e94a3aa4c01b166269b09c66c4ea.tar.gz |
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye
https://phabricator.services.mozilla.com/D63241
This patch implements the first phase: updating the headers.
lib/util/pkcs11.h
lib/util/pkcs11f.h
lib/util/pkcs11t.h
Were updated using the released OASIS PKCS #11 v3.0 header files.
lib/util/pkcs11n.h was updated to finally deprecate all uses of CK?_NETSCAPE_?.
A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the small
semantic changes (including the removal of deprecated defines) between the
NSS PKCS #11 v2 header file and the new PKCS #11 v3 are reverted in favor of
the PKCS #11 v2 definitions. This include the removal of CK?_NETSCAPE_? in
favor of CK?_NSS_?.
One notable change was caused by an inconsistancy between the spec and the
released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an extra field in
the header that was not in the spec. OASIS considers the header file to be
normative, so PKCS #11 v3.0 resolved the issue in favor of the header file
definition. NSS had the spec definition, so now there are 2 defines for this
structure:
CK_NSS_GCM_PARAMS - the old nss define. Still used internally in freebl.
CK_GCM_PARAMS_V3 - the new define.
CK_GCM_PARAMS - no longer referenced in NSS itself. It's defined as
CK_GCM_PARAMS_V3 if NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.
Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.
One other semantic difference between the 3.0 version of pkcs11f.h and the
version here: In the oasis version of the header, you must define
CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In our version you
must define CK_PKCS11_3 to get the PCKS #11 v3 defines.
Most of this patch is to handle changing the deprecated defines that have been
removed in PCKS #11 v3 from NSS.
Differential Revision: https://phabricator.services.mozilla.com/D63241
Diffstat (limited to 'lib/certdb')
-rw-r--r-- | lib/certdb/crl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c index 63adcad46..cc5c71f20 100644 --- a/lib/certdb/crl.c +++ b/lib/certdb/crl.c @@ -1405,7 +1405,7 @@ TokenCRLStillExists(CERTSignedCrl* crl) if (SECITEM_CompareItem(oldSubject, &subject) != SECEqual) { xstatus = PR_FALSE; } - if (CKO_NETSCAPE_CRL != crl_class) { + if (CKO_NSS_CRL != crl_class) { xstatus = PR_FALSE; } } else { |