diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2020-02-18 11:47:29 -0800 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2020-02-18 11:47:29 -0800 |
| commit | cba7139e8a83e94a3aa4c01b166269b09c66c4ea (patch) | |
| tree | 83e8b4ee327a1768650cf1106b0114138014e6b3 /nss-tool | |
| parent | 6ea4341163d6bd979283116d880e92ea55709e2e (diff) | |
| download | nss-hg-cba7139e8a83e94a3aa4c01b166269b09c66c4ea.tar.gz | |
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye
https://phabricator.services.mozilla.com/D63241
This patch implements the first phase: updating the headers.
lib/util/pkcs11.h
lib/util/pkcs11f.h
lib/util/pkcs11t.h
Were updated using the released OASIS PKCS #11 v3.0 header files.
lib/util/pkcs11n.h was updated to finally deprecate all uses of CK?_NETSCAPE_?.
A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the small
semantic changes (including the removal of deprecated defines) between the
NSS PKCS #11 v2 header file and the new PKCS #11 v3 are reverted in favor of
the PKCS #11 v2 definitions. This include the removal of CK?_NETSCAPE_? in
favor of CK?_NSS_?.
One notable change was caused by an inconsistancy between the spec and the
released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an extra field in
the header that was not in the spec. OASIS considers the header file to be
normative, so PKCS #11 v3.0 resolved the issue in favor of the header file
definition. NSS had the spec definition, so now there are 2 defines for this
structure:
CK_NSS_GCM_PARAMS - the old nss define. Still used internally in freebl.
CK_GCM_PARAMS_V3 - the new define.
CK_GCM_PARAMS - no longer referenced in NSS itself. It's defined as
CK_GCM_PARAMS_V3 if NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.
Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.
One other semantic difference between the 3.0 version of pkcs11f.h and the
version here: In the oasis version of the header, you must define
CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In our version you
must define CK_PKCS11_3 to get the PCKS #11 v3 defines.
Most of this patch is to handle changing the deprecated defines that have been
removed in PCKS #11 v3 from NSS.
Differential Revision: https://phabricator.services.mozilla.com/D63241
Diffstat (limited to 'nss-tool')
| -rw-r--r-- | nss-tool/enc/enctool.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nss-tool/enc/enctool.cc b/nss-tool/enc/enctool.cc index e37e4593a..e17153285 100644 --- a/nss-tool/enc/enctool.cc +++ b/nss-tool/enc/enctool.cc @@ -87,8 +87,8 @@ bool EncTool::GetAesGcmKey(const std::vector<uint8_t>& aad, } // GCM params. - CK_GCM_PARAMS* gcm_params = - static_cast<CK_GCM_PARAMS*>(PORT_Malloc(sizeof(struct CK_GCM_PARAMS))); + CK_NSS_GCM_PARAMS* gcm_params = static_cast<CK_NSS_GCM_PARAMS*>( + PORT_Malloc(sizeof(struct CK_NSS_GCM_PARAMS))); if (!gcm_params) { return false; } |