diff options
| author | relyea%netscape.com <devnull@localhost> | 2001-11-19 19:04:59 +0000 |
|---|---|---|
| committer | relyea%netscape.com <devnull@localhost> | 2001-11-19 19:04:59 +0000 |
| commit | 262a1ac4c0616db75b94d813561845827b46c130 (patch) | |
| tree | 89ae48fee03718c95c54eb5cee5bf1008a84667a /security/nss | |
| parent | 090d4a44aa2c644957fe5da262f8aee55b892fef (diff) | |
| download | nss-hg-262a1ac4c0616db75b94d813561845827b46c130.tar.gz | |
NSS 3.4 integration changes.
1) 3.4 needs to bump the version numbers up by one on secmod.db from NSS 3.3
2) Need to add escapes to the configdirectory. (should add them to other parameters as well.
3) put exported files back into the correct headers.
4) Add _BEGIN/_END protos where appropriate.
Diffstat (limited to 'security/nss')
| -rw-r--r-- | security/nss/lib/certdb/certdb.h | 7 | ||||
| -rw-r--r-- | security/nss/lib/cryptohi/keythi.h | 3 | ||||
| -rw-r--r-- | security/nss/lib/nss/nss.h | 7 | ||||
| -rw-r--r-- | security/nss/lib/nss/nssinit.c | 41 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmod.h | 3 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodi.h | 3 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodt.h | 12 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodti.h | 10 | ||||
| -rw-r--r-- | security/nss/lib/softoken/pk11db.c | 6 | ||||
| -rw-r--r-- | security/nss/lib/softoken/pk11pars.h | 10 | ||||
| -rw-r--r-- | security/nss/lib/util/nssilckt.h | 1 |
11 files changed, 82 insertions, 21 deletions
diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index 736d5f097..4222a615d 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -75,6 +75,12 @@ SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type); SECStatus SEC_DestroyCrl(CERTSignedCrl *crl); +SECStatus +CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, + CERTCertTrust *trust); + +SECStatus SEC_DeletePermCertificate(CERTCertificate *cert); + #ifdef notdef /* ** Add a DER encoded certificate to the permanent database. @@ -96,7 +102,6 @@ SECStatus SEC_OpenPermCertDB(PCERTCertDBHandle *handle, PCERTDBNameFunc namecb, void *cbarg); -SECStatus SEC_DeletePermCertificate(PCERTCertificate *cert); typedef SECStatus (PR_CALLBACK * PermCertCallback)(PCERTCertificate *cert, SECItem *k, void *pdata); diff --git a/security/nss/lib/cryptohi/keythi.h b/security/nss/lib/cryptohi/keythi.h index 9191bd7ff..9a7f9c9ea 100644 --- a/security/nss/lib/cryptohi/keythi.h +++ b/security/nss/lib/cryptohi/keythi.h @@ -50,6 +50,8 @@ typedef enum { /* ** Template Definitions **/ + +SEC_BEGIN_PROTOS extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[]; extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[]; extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[]; @@ -60,6 +62,7 @@ extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[]; /* Windows DLL accessor functions */ extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_DSAPublicKeyTemplate; extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_RSAPublicKeyTemplate; +SEC_END_PROTOS /* diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 7084019e9..8c6f5be93 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -131,6 +131,13 @@ SECStatus NSS_NoDB_Init(const char *configdir); */ extern void NSS_Shutdown(void); +/* + * set the PKCS #11 strings for the internal token. + */ +void PK11_ConfigurePKCS11(char *man, char *libdes, char *tokdes, char *ptokdes, + char *slotdes, char *pslotdes, char *fslotdes, char *fpslotdes, + int minPwd, int pwRequired); + SEC_END_PROTOS #endif /* __nss_h_ */ diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index fa0e8f61c..619231313 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -194,6 +194,29 @@ PK11_ConfigurePKCS11(char *man, char *libdes, char *tokdes, char *ptokdes, return; } +static char * +nss_addEscape(char *string, char quote) +{ + int len = PORT_Strlen(string); + char *newString = PORT_ZAlloc(2*len+1); /* worst case */ + char *src,*dest; + + if (newString == NULL) { + return NULL; + } + + for (src=string, dest=newString; *src; src++,dest++) { + if ((*src == '\\') || (*src == quote)) { + *dest++ = '\\'; + } + *dest = *src; + } + + return newString; +} + + + /* * OK there are now lots of options here, lets go through them all: * @@ -225,11 +248,27 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, pk11_password_required); if (flags == NULL) return rv; - moduleSpec = PR_smprintf("name=\"%s\" parameters=\"configdir=%s certPrefix=%s keyPrefix=%s secmod=%s flags=%s %s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"", + /* + * configdir is double nested, and Windows uses the same character + * for file seps as we use for escapes! (sigh). + */ + if (configdir) { + char *esc_configdir; + esc_configdir = nss_addEscape(configdir,'\''); + if (esc_configdir) { + configdir = nss_addEscape(esc_configdir,'"'); + PORT_Free(esc_configdir); + } + } + + moduleSpec = PR_smprintf("name=\"%s\" parameters=\"configdir='%s' certPrefix=%s keyPrefix=%s secmod=%s flags=%s %s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"", pk11_config_name ? pk11_config_name : NSS_DEFAULT_MOD_NAME, configdir,certPrefix,keyPrefix,secmodName,flags, pk11_config_strings ? pk11_config_strings : ""); PORT_Free(flags); + if (configdir) { + PORT_Free(configdir); + } if (moduleSpec) { SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE); diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index a1099fb39..d0ac74da2 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -83,6 +83,8 @@ SEC_BEGIN_PROTOS /* Initialization */ extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent, PRBool recurse); +SECMODModule * SECMOD_CreateModule(char *lib, char *name, char *param, + char *nss); /* Module Management */ char **SECMOD_GetModuleSpecList(SECMODModule *module); @@ -115,6 +117,7 @@ extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module); extern void SECMOD_DestroyModule(SECMODModule *module); extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module, unsigned long slotID); +extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name); /* Funtion reports true if at least one of the modules */ /* of modType has been installed */ diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h index 5686f4ff6..40415d22f 100644 --- a/security/nss/lib/pk11wrap/secmodi.h +++ b/security/nss/lib/pk11wrap/secmodi.h @@ -54,8 +54,6 @@ SEC_BEGIN_PROTOS /* proto-types */ -SECMODModule * SECMOD_CreateModule(char *lib, char *name, char *param, - char *nss); extern SECStatus SECMOD_DeletePermDB(SECMODModule *module); extern SECStatus SECMOD_AddPermDB(SECMODModule *module); @@ -77,7 +75,6 @@ extern SECMODModuleList *SECMOD_NewModuleListElement(void); extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *); extern void SECMOD_DestroyModuleList(SECMODModuleList *); extern SECStatus SECMOD_AddModule(SECMODModule *newModule); -extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name); extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags); diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index de2ae10f3..8cba61d93 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -168,6 +168,18 @@ struct PK11DefaultArrayEntryStr { #define SECMOD_INTERNAL 1 /* internal default module */ #define SECMOD_FIPS 2 /* internal fips module */ +/* default module configuration strings */ +#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES]" + +#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \ +"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})" + +#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module" +#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1) +#define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module" +#define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3) + + /* * What is the origin of a given Key. Normally this doesn't matter, but * the fortezza code needs to know if it needs to invoke the SSL3 fortezza diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h index 30f431f90..a10f97c77 100644 --- a/security/nss/lib/pk11wrap/secmodti.h +++ b/security/nss/lib/pk11wrap/secmodti.h @@ -133,16 +133,6 @@ struct PK11SlotInfoStr { NSSToken *nssToken; }; -#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES]" - -#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \ -"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})" - -#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module" -#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1) -#define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module" -#define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3) - /* Symetric Key structure. Reference Counted */ struct PK11SymKeyStr { CK_MECHANISM_TYPE type; /* type of operation this key was created for*/ diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index 162d53714..3c89766d8 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -333,9 +333,9 @@ struct secmodSlotDataStr { }; #define SECMOD_DB_VERSION_MAJOR 0 -#define SECMOD_DB_VERSION_MINOR 5 +#define SECMOD_DB_VERSION_MINOR 6 #define SECMOD_DB_EXT1_VERSION_MAJOR 0 -#define SECMOD_DB_EXT1_VERSION_MINOR 5 +#define SECMOD_DB_EXT1_VERSION_MINOR 6 #define SECMOD_DB_NOUI_VERSION_MAJOR 0 #define SECMOD_DB_NOUI_VERSION_MINOR 4 @@ -581,7 +581,7 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) } } if (internal) { - parameters = PORT_ArenaStrdup(arena,defParams); + parameters = pk11_formatValue(arena,defParams,'"'); } /* decode SSL cipher enable flags */ diff --git a/security/nss/lib/softoken/pk11pars.h b/security/nss/lib/softoken/pk11pars.h index 9e273f104..7a00dc4f0 100644 --- a/security/nss/lib/softoken/pk11pars.h +++ b/security/nss/lib/softoken/pk11pars.h @@ -522,7 +522,7 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) static char *pk11_nullString = ""; static char * -pk11_formatValue(char *value,char quote) +pk11_formatValue(PRArenaPool *arena, char *value, char quote) { char *vp,*vp2,*retval; int size = 0, escapes = 0; @@ -531,7 +531,11 @@ pk11_formatValue(char *value,char quote) if ((*vp == quote) || (*vp == PK11_ARG_ESCAPE)) escapes++; size++; } - retval = PORT_ZAlloc(size+escapes+1); + if (arena) { + retval = PORT_ArenaZAlloc(arena,size+escapes+1); + } else { + retval = PORT_ZAlloc(size+escapes+1); + } if (retval == NULL) return NULL; vp2 = retval; for (vp=value; *vp; vp++) { @@ -557,7 +561,7 @@ static char *pk11_formatPair(char *name,char *value, char quote) if ((need_quote && pk11_argHasChar(value,closeQuote)) || pk11_argHasChar(value,PK11_ARG_ESCAPE)) { - value = newValue = pk11_formatValue(value,quote); + value = newValue = pk11_formatValue(NULL, value,quote); if (newValue == NULL) return pk11_nullString; } if (need_quote) { diff --git a/security/nss/lib/util/nssilckt.h b/security/nss/lib/util/nssilckt.h index 34fa60234..e0b49902f 100644 --- a/security/nss/lib/util/nssilckt.h +++ b/security/nss/lib/util/nssilckt.h @@ -195,6 +195,7 @@ struct pzTrace_s { char file[24]; /* filename */ }; +PR_BEGIN_EXTERN_C /* ** conditionally compile in nssilock features */ |