diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2015-10-02 10:39:01 -0700 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2015-10-02 10:39:01 -0700 |
| commit | 6e9537d3283b8a9c27ca7caf2e40984728127024 (patch) | |
| tree | 942a903b4d7662925141be31fea4f4aa8233029f /lib | |
| parent | f6cdf929f75afd8327296a410feaaaedb24f7764 (diff) | |
| download | nss-hg-6e9537d3283b8a9c27ca7caf2e40984728127024.tar.gz | |
Bug 1009429 - enhancement: Make the algorithm selection in NSS more flexible
0006-Added-config-parameter.patch
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/nss/nss.def | 1 | ||||
| -rw-r--r-- | lib/pk11wrap/pk11pars.c | 23 | ||||
| -rw-r--r-- | lib/pk11wrap/secmod.h | 3 | ||||
| -rw-r--r-- | lib/util/nssutil.def | 6 | ||||
| -rw-r--r-- | lib/util/utilpars.c | 49 | ||||
| -rw-r--r-- | lib/util/utilpars.h | 4 |
6 files changed, 79 insertions, 7 deletions
diff --git a/lib/nss/nss.def b/lib/nss/nss.def index 980ac1f88..cd2920c05 100644 --- a/lib/nss/nss.def +++ b/lib/nss/nss.def @@ -1086,6 +1086,7 @@ SECKEY_BigIntegerBitLength; ;+ global: NSS_OptionGet; NSS_OptionSet; +SECMOD_CreateModuleEx; ;+ local: ;+ *; ;+}; diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c index 314062bda..40ac79085 100644 --- a/lib/pk11wrap/pk11pars.c +++ b/lib/pk11wrap/pk11pars.c @@ -134,6 +134,17 @@ SECMODModule * SECMOD_CreateModule(const char *library, const char *moduleName, const char *parameters, const char *nss) { + return SECMOD_CreateModuleEx(library, moduleName, parameters, nss, NULL); +} + +/* + * for 3.4 we continue to use the old SECMODModule structure + */ +SECMODModule * +SECMOD_CreateModuleEx(const char *library, const char *moduleName, + const char *parameters, const char *nss, + const char *config) +{ SECMODModule *mod = secmod_NewModule(); char *slotParams,*ciphers; /* pk11pars.h still does not have const char * interfaces */ @@ -148,6 +159,9 @@ SECMOD_CreateModule(const char *library, const char *moduleName, if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } + if (config) { + /* XXX: Apply configuration */ + } mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); @@ -977,6 +991,7 @@ SECMODModule * SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) { char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL; + char *config = NULL; SECStatus status; SECMODModule *module = NULL; SECMODModule *oldModule = NULL; @@ -985,17 +1000,19 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) /* initialize the underlying module structures */ SECMOD_Init(); - status = NSSUTIL_ArgParseModuleSpec(modulespec, &library, &moduleName, - ¶meters, &nss); + status = NSSUTIL_ArgParseModuleSpecEx(modulespec, &library, &moduleName, + ¶meters, &nss, + &config); if (status != SECSuccess) { goto loser; } - module = SECMOD_CreateModule(library, moduleName, parameters, nss); + module = SECMOD_CreateModuleEx(library, moduleName, parameters, nss, config); if (library) PORT_Free(library); if (moduleName) PORT_Free(moduleName); if (parameters) PORT_Free(parameters); if (nss) PORT_Free(nss); + if (config) PORT_Free(config); if (!module) { goto loser; } diff --git a/lib/pk11wrap/secmod.h b/lib/pk11wrap/secmod.h index 9cc4cfb52..c194d9a7a 100644 --- a/lib/pk11wrap/secmod.h +++ b/lib/pk11wrap/secmod.h @@ -64,6 +64,9 @@ SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, const char *param, const char *nss); +SECMODModule * SECMOD_CreateModuleEx(const char *lib, const char *name, + const char *param, const char *nss, + const char *config); /* * After a fork(), PKCS #11 says we need to call C_Initialize again in * the child before we can use the module. This function causes this diff --git a/lib/util/nssutil.def b/lib/util/nssutil.def index 9d98df222..631a49911 100644 --- a/lib/util/nssutil.def +++ b/lib/util/nssutil.def @@ -277,3 +277,9 @@ _SGN_VerifyPKCS1DigestInfo; ;+ local: ;+ *; ;+}; +;+NSSUTIL_3.21 { # NSS Utilities 3.21 release +;+ global: +NSSUTIL_ArgParseModuleSpecEx; +;+ local: +;+ *; +;+}; diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c index d2cd3e04a..278f9c426 100644 --- a/lib/util/utilpars.c +++ b/lib/util/utilpars.c @@ -767,6 +767,31 @@ NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, * and NSS specifi parameters. */ SECStatus +NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, + char **parameters, char **nss, + char **config) +{ + int next; + modulespec = NSSUTIL_ArgStrip(modulespec); + + *lib = *mod = *parameters = *nss = *config = 0; + + while (*modulespec) { + NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;) + NSSUTIL_HANDLE_STRING_ARG(modulespec,*config,"config=",;) + NSSUTIL_HANDLE_FINAL_ARG(modulespec) + } + return SECSuccess; +} + +/************************************************************************ + * Parse Full module specs into: library, commonName, module parameters, + * and NSS specifi parameters. + */ +SECStatus NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, char **parameters, char **nss) { @@ -788,11 +813,12 @@ NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, /************************************************************************ * make a new module spec from it's components */ char * -NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, - char *NSS) +NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, + char *NSS, + char *config) { char *moduleSpec; - char *lib,*name,*param,*nss; + char *lib,*name,*param,*nss,*conf; /* * now the final spec @@ -801,7 +827,13 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, name = nssutil_formatPair("name",commonName,'\"'); param = nssutil_formatPair("parameters",parameters,'\"'); nss = nssutil_formatPair("NSS",NSS,'\"'); - moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); + if (config) { + conf = nssutil_formatPair("config",config,'\"'); + moduleSpec = PR_smprintf("%s %s %s %s %s", lib,name,param,nss,conf); + nssutil_freePair(conf); + } else { + moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); + } nssutil_freePair(lib); nssutil_freePair(name); nssutil_freePair(param); @@ -809,6 +841,15 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, return (moduleSpec); } +/************************************************************************ + * make a new module spec from it's components */ +char * +NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, + char *NSS) +{ + return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL); +} + #define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA" /****************************************************************************** diff --git a/lib/util/utilpars.h b/lib/util/utilpars.h index e01ba14c9..7562bb65b 100644 --- a/lib/util/utilpars.h +++ b/lib/util/utilpars.h @@ -39,8 +39,12 @@ char * NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, PRBool hasRootCerts, PRBool hasRootTrust); SECStatus NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, char **parameters, char **nss); +SECStatus NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, + char **parameters, char **nss, char **config); char *NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, char *NSS); +char *NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, + char *parameters, char *NSS, char *config); void NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,char *cipherList); char * NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, |