- Update to NSS_3_12_10_BETA1
- Update nss-539183.patch for new 3.12.10 sources - Remove patches we no longer need as the fixes are applied upstream for nss-3.12.10 - Remove unneeded honor-user-trust-preferences.patch - Remove unneeded allow-content-types-beyond-smime.patch - Remove unneeded nss-recurse.patch - Remove unneeded dont-use-cpp-reserved-words.patch - Remove unneeded swap-internal-key-slot.patch
This commit is contained in:
parent
6e1b6bdc24
commit
508cdeae12
File diff suppressed because it is too large
Load Diff
@ -1,460 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 ./mozilla/security/nss/lib/smime/cmscinfo.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 2011-02-09 14:03:55.133296665 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmscinfo.c 2011-02-09 14:03:55.151294755 -0800
|
|
||||||
@@ -56,27 +56,27 @@
|
|
||||||
SECStatus
|
|
||||||
NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo)
|
|
||||||
{
|
|
||||||
- if (cinfo->private) {
|
|
||||||
+ if (cinfo->privateInfo) {
|
|
||||||
return SECSuccess;
|
|
||||||
}
|
|
||||||
- cinfo->private = PORT_ZNew(NSSCMSContentInfoPrivate);
|
|
||||||
- return (cinfo->private) ? SECSuccess: SECFailure;
|
|
||||||
+ cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate);
|
|
||||||
+ return (cinfo->privateInfo) ? SECSuccess : SECFailure;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void
|
|
||||||
-nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *private)
|
|
||||||
+nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *privateInfo)
|
|
||||||
{
|
|
||||||
- if (private->digcx) {
|
|
||||||
+ if (privateInfo->digcx) {
|
|
||||||
/* must destroy digest objects */
|
|
||||||
- NSS_CMSDigestContext_Cancel(private->digcx);
|
|
||||||
- private->digcx = NULL;
|
|
||||||
+ NSS_CMSDigestContext_Cancel(privateInfo->digcx);
|
|
||||||
+ privateInfo->digcx = NULL;
|
|
||||||
}
|
|
||||||
- if (private->ciphcx) {
|
|
||||||
- NSS_CMSCipherContext_Destroy(private->ciphcx);
|
|
||||||
- private->ciphcx = NULL;
|
|
||||||
+ if (privateInfo->ciphcx) {
|
|
||||||
+ NSS_CMSCipherContext_Destroy(privateInfo->ciphcx);
|
|
||||||
+ privateInfo->ciphcx = NULL;
|
|
||||||
}
|
|
||||||
- PORT_Free(private);
|
|
||||||
+ PORT_Free(privateInfo);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -106,9 +106,9 @@ NSS_CMSContentInfo_Destroy(NSSCMSContent
|
|
||||||
/* XXX Anything else that needs to be "manually" freed/destroyed? */
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
- if (cinfo->private) {
|
|
||||||
- nss_cmsContentInfo_private_destroy(cinfo->private);
|
|
||||||
- cinfo->private = NULL;
|
|
||||||
+ if (cinfo->privateInfo) {
|
|
||||||
+ nss_cmsContentInfo_private_destroy(cinfo->privateInfo);
|
|
||||||
+ cinfo->privateInfo = NULL;
|
|
||||||
}
|
|
||||||
if (cinfo->bulkkey) {
|
|
||||||
PK11_FreeSymKey(cinfo->bulkkey);
|
|
||||||
@@ -153,7 +153,7 @@ NSS_CMSContentInfo_GetChildContentInfo(N
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
- if (ccinfo && !ccinfo->private) {
|
|
||||||
+ if (ccinfo && !ccinfo->privateInfo) {
|
|
||||||
NSS_CMSContentInfo_Private_Init(ccinfo);
|
|
||||||
}
|
|
||||||
return ccinfo;
|
|
||||||
@@ -169,7 +169,7 @@ NSS_CMSContentInfo_SetDontStream(NSSCMSC
|
|
||||||
/* default is streaming, failure to get ccinfo will not effect this */
|
|
||||||
return dontStream ? SECFailure : SECSuccess ;
|
|
||||||
}
|
|
||||||
- cinfo->private->dontStream = dontStream;
|
|
||||||
+ cinfo->privateInfo->dontStream = dontStream;
|
|
||||||
return SECSuccess;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmsdecode.c.676036 ./mozilla/security/nss/lib/smime/cmsdecode.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsdecode.c.676036 2011-02-09 14:03:55.149294968 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsdecode.c 2011-02-09 14:03:55.152294649 -0800
|
|
||||||
@@ -458,7 +458,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (cinfo->private && cinfo->private->ciphcx != NULL) {
|
|
||||||
+ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
|
|
||||||
/*
|
|
||||||
* we are decrypting.
|
|
||||||
*
|
|
||||||
@@ -472,7 +472,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
|
||||||
unsigned int buflen; /* length available for decrypted data */
|
|
||||||
|
|
||||||
/* find out about the length of decrypted data */
|
|
||||||
- buflen = NSS_CMSCipherContext_DecryptLength(cinfo->private->ciphcx, len, final);
|
|
||||||
+ buflen = NSS_CMSCipherContext_DecryptLength(cinfo->privateInfo->ciphcx, len, final);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* it might happen that we did not provide enough data for a full
|
|
||||||
@@ -503,7 +503,7 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
|
||||||
* any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to
|
|
||||||
* keep track of incoming data
|
|
||||||
*/
|
|
||||||
- rv = NSS_CMSCipherContext_Decrypt(cinfo->private->ciphcx, buf, &outlen, buflen,
|
|
||||||
+ rv = NSS_CMSCipherContext_Decrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
|
|
||||||
data, len, final);
|
|
||||||
if (rv != SECSuccess) {
|
|
||||||
p7dcx->error = PORT_GetError();
|
|
||||||
@@ -523,8 +523,8 @@ nss_cms_decoder_work_data(NSSCMSDecoderC
|
|
||||||
/*
|
|
||||||
* Update the running digests with plaintext bytes (if we need to).
|
|
||||||
*/
|
|
||||||
- if (cinfo->private && cinfo->private->digcx)
|
|
||||||
- NSS_CMSDigestContext_Update(cinfo->private->digcx, data, len);
|
|
||||||
+ if (cinfo->privateInfo && cinfo->privateInfo->digcx)
|
|
||||||
+ NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
|
|
||||||
|
|
||||||
/* at this point, we have the plain decoded & decrypted data
|
|
||||||
** which is either more encoded DER (which we need to hand to the child
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmsdigdata.c.676036 ./mozilla/security/nss/lib/smime/cmsdigdata.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsdigdata.c.676036 2011-02-09 14:03:55.134296559 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsdigdata.c 2011-02-09 14:03:55.152294649 -0800
|
|
||||||
@@ -143,8 +143,8 @@ NSS_CMSDigestedData_Encode_BeforeData(NS
|
|
||||||
/* set up the digests */
|
|
||||||
if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) {
|
|
||||||
/* if digest is already there, do nothing */
|
|
||||||
- digd->contentInfo.private->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
|
||||||
- if (digd->contentInfo.private->digcx == NULL)
|
|
||||||
+ digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
|
||||||
+ if (digd->contentInfo.privateInfo->digcx == NULL)
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
return SECSuccess;
|
|
||||||
@@ -162,12 +162,12 @@ NSS_CMSDigestedData_Encode_AfterData(NSS
|
|
||||||
{
|
|
||||||
SECStatus rv = SECSuccess;
|
|
||||||
/* did we have digest calculation going on? */
|
|
||||||
- if (digd->contentInfo.private && digd->contentInfo.private->digcx) {
|
|
||||||
- rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.private->digcx,
|
|
||||||
+ if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
|
|
||||||
+ rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
|
|
||||||
digd->cmsg->poolp,
|
|
||||||
&(digd->digest));
|
|
||||||
/* error has been set by NSS_CMSDigestContext_FinishSingle */
|
|
||||||
- digd->contentInfo.private->digcx = NULL;
|
|
||||||
+ digd->contentInfo.privateInfo->digcx = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return rv;
|
|
||||||
@@ -194,8 +194,8 @@ NSS_CMSDigestedData_Decode_BeforeData(NS
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
|
|
||||||
- digd->contentInfo.private->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
|
||||||
- if (digd->contentInfo.private->digcx == NULL)
|
|
||||||
+ digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
|
|
||||||
+ if (digd->contentInfo.privateInfo->digcx == NULL)
|
|
||||||
return SECFailure;
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
@@ -213,12 +213,12 @@ NSS_CMSDigestedData_Decode_AfterData(NSS
|
|
||||||
{
|
|
||||||
SECStatus rv = SECSuccess;
|
|
||||||
/* did we have digest calculation going on? */
|
|
||||||
- if (digd->contentInfo.private && digd->contentInfo.private->digcx) {
|
|
||||||
- rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.private->digcx,
|
|
||||||
+ if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
|
|
||||||
+ rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
|
|
||||||
digd->cmsg->poolp,
|
|
||||||
&(digd->cdigest));
|
|
||||||
/* error has been set by NSS_CMSDigestContext_FinishSingle */
|
|
||||||
- digd->contentInfo.private->digcx = NULL;
|
|
||||||
+ digd->contentInfo.privateInfo->digcx = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return rv;
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmsencdata.c.676036 ./mozilla/security/nss/lib/smime/cmsencdata.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsencdata.c.676036 2011-02-09 14:03:55.135296453 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsencdata.c 2011-02-09 14:03:55.153294543 -0800
|
|
||||||
@@ -200,9 +200,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N
|
|
||||||
/* this may modify algid (with IVs generated in a token).
|
|
||||||
* it is therefore essential that algid is a pointer to the "real" contentEncAlg,
|
|
||||||
* not just to a copy */
|
|
||||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
|
|
||||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
|
|
||||||
PK11_FreeSymKey(bulkkey);
|
|
||||||
- if (cinfo->private->ciphcx == NULL)
|
|
||||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
|
||||||
return SECFailure;
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
@@ -214,9 +214,9 @@ NSS_CMSEncryptedData_Encode_BeforeData(N
|
|
||||||
SECStatus
|
|
||||||
NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd)
|
|
||||||
{
|
|
||||||
- if (encd->contentInfo.private && encd->contentInfo.private->ciphcx) {
|
|
||||||
- NSS_CMSCipherContext_Destroy(encd->contentInfo.private->ciphcx);
|
|
||||||
- encd->contentInfo.private->ciphcx = NULL;
|
|
||||||
+ if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
|
|
||||||
+ NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
|
|
||||||
+ encd->contentInfo.privateInfo->ciphcx = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* nothing to do after data */
|
|
||||||
@@ -255,8 +255,8 @@ NSS_CMSEncryptedData_Decode_BeforeData(N
|
|
||||||
}
|
|
||||||
rv = SECFailure;
|
|
||||||
|
|
||||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
|
||||||
- if (cinfo->private->ciphcx == NULL)
|
|
||||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
|
||||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
|
||||||
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
|
|
||||||
|
|
||||||
|
|
||||||
@@ -275,9 +275,9 @@ loser:
|
|
||||||
SECStatus
|
|
||||||
NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd)
|
|
||||||
{
|
|
||||||
- if (encd->contentInfo.private && encd->contentInfo.private->ciphcx) {
|
|
||||||
- NSS_CMSCipherContext_Destroy(encd->contentInfo.private->ciphcx);
|
|
||||||
- encd->contentInfo.private->ciphcx = NULL;
|
|
||||||
+ if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
|
|
||||||
+ NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
|
|
||||||
+ encd->contentInfo.privateInfo->ciphcx = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmsencode.c.676036 ./mozilla/security/nss/lib/smime/cmsencode.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsencode.c.676036 2011-02-09 14:03:55.136296347 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsencode.c 2011-02-09 14:03:55.154294437 -0800
|
|
||||||
@@ -332,7 +332,7 @@ nss_cms_before_data(NSSCMSEncoderContext
|
|
||||||
* Indicate that we are streaming. We will be streaming until we
|
|
||||||
* get past the contents bytes.
|
|
||||||
*/
|
|
||||||
- if (!cinfo->private || !cinfo->private->dontStream)
|
|
||||||
+ if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
|
|
||||||
SEC_ASN1EncoderSetStreaming(childp7ecx->ecx);
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -430,23 +430,23 @@ nss_cms_encoder_work_data(NSSCMSEncoderC
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Update the running digest. */
|
|
||||||
- if (len && cinfo->private && cinfo->private->digcx != NULL)
|
|
||||||
- NSS_CMSDigestContext_Update(cinfo->private->digcx, data, len);
|
|
||||||
+ if (len && cinfo->privateInfo && cinfo->privateInfo->digcx != NULL)
|
|
||||||
+ NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
|
|
||||||
|
|
||||||
/* Encrypt this chunk. */
|
|
||||||
- if (cinfo->private && cinfo->private->ciphcx != NULL) {
|
|
||||||
+ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
|
|
||||||
unsigned int inlen; /* length of data being encrypted */
|
|
||||||
unsigned int outlen; /* length of encrypted data */
|
|
||||||
unsigned int buflen; /* length available for encrypted data */
|
|
||||||
|
|
||||||
inlen = len;
|
|
||||||
- buflen = NSS_CMSCipherContext_EncryptLength(cinfo->private->ciphcx, inlen, final);
|
|
||||||
+ buflen = NSS_CMSCipherContext_EncryptLength(cinfo->privateInfo->ciphcx, inlen, final);
|
|
||||||
if (buflen == 0) {
|
|
||||||
/*
|
|
||||||
* No output is expected, but the input data may be buffered
|
|
||||||
* so we still have to call Encrypt.
|
|
||||||
*/
|
|
||||||
- rv = NSS_CMSCipherContext_Encrypt(cinfo->private->ciphcx, NULL, NULL, 0,
|
|
||||||
+ rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, NULL, NULL, 0,
|
|
||||||
data, inlen, final);
|
|
||||||
if (final) {
|
|
||||||
len = 0;
|
|
||||||
@@ -463,7 +463,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderC
|
|
||||||
if (buf == NULL) {
|
|
||||||
rv = SECFailure;
|
|
||||||
} else {
|
|
||||||
- rv = NSS_CMSCipherContext_Encrypt(cinfo->private->ciphcx, buf, &outlen, buflen,
|
|
||||||
+ rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
|
|
||||||
data, inlen, final);
|
|
||||||
data = buf;
|
|
||||||
len = outlen;
|
|
||||||
@@ -484,7 +484,7 @@ nss_cms_encoder_work_data(NSSCMSEncoderC
|
|
||||||
|
|
||||||
done:
|
|
||||||
|
|
||||||
- if (cinfo->private && cinfo->private->ciphcx != NULL) {
|
|
||||||
+ if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
|
|
||||||
if (dest != NULL) {
|
|
||||||
dest->data = buf;
|
|
||||||
dest->len = len;
|
|
||||||
@@ -592,7 +592,7 @@ NSS_CMSEncoder_Start(NSSCMSMessage *cmsg
|
|
||||||
* Indicate that we are streaming. We will be streaming until we
|
|
||||||
* get past the contents bytes.
|
|
||||||
*/
|
|
||||||
- if (!cinfo->private || !cinfo->private->dontStream)
|
|
||||||
+ if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
|
|
||||||
SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
|
|
||||||
|
|
||||||
/*
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 ./mozilla/security/nss/lib/smime/cmsenvdata.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsenvdata.c.676036 2011-02-09 14:03:55.137296241 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsenvdata.c 2011-02-09 14:03:55.155294331 -0800
|
|
||||||
@@ -289,9 +289,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N
|
|
||||||
/* this may modify algid (with IVs generated in a token).
|
|
||||||
* it is essential that algid is a pointer to the contentEncAlg data, not a
|
|
||||||
* pointer to a copy! */
|
|
||||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
|
|
||||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
|
|
||||||
PK11_FreeSymKey(bulkkey);
|
|
||||||
- if (cinfo->private->ciphcx == NULL)
|
|
||||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
|
||||||
return SECFailure;
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
@@ -303,9 +303,9 @@ NSS_CMSEnvelopedData_Encode_BeforeData(N
|
|
||||||
SECStatus
|
|
||||||
NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd)
|
|
||||||
{
|
|
||||||
- if (envd->contentInfo.private && envd->contentInfo.private->ciphcx) {
|
|
||||||
- NSS_CMSCipherContext_Destroy(envd->contentInfo.private->ciphcx);
|
|
||||||
- envd->contentInfo.private->ciphcx = NULL;
|
|
||||||
+ if (envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
|
|
||||||
+ NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
|
|
||||||
+ envd->contentInfo.privateInfo->ciphcx = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* nothing else to do after data */
|
|
||||||
@@ -338,7 +338,7 @@ NSS_CMSEnvelopedData_Decode_BeforeData(N
|
|
||||||
}
|
|
||||||
|
|
||||||
/* look if one of OUR cert's issuerSN is on the list of recipients, and if so, */
|
|
||||||
- /* get the cert and private key for it right away */
|
|
||||||
+ /* get the cert and private key for it right away */
|
|
||||||
recipient_list = nss_cms_recipient_list_create(envd->recipientInfos);
|
|
||||||
if (recipient_list == NULL)
|
|
||||||
goto loser;
|
|
||||||
@@ -390,8 +390,8 @@ NSS_CMSEnvelopedData_Decode_BeforeData(N
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
rv = SECFailure;
|
|
||||||
- cinfo->private->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
|
||||||
- if (cinfo->private->ciphcx == NULL)
|
|
||||||
+ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
|
|
||||||
+ if (cinfo->privateInfo->ciphcx == NULL)
|
|
||||||
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
|
|
||||||
|
|
||||||
|
|
||||||
@@ -411,9 +411,9 @@ loser:
|
|
||||||
SECStatus
|
|
||||||
NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd)
|
|
||||||
{
|
|
||||||
- if (envd && envd->contentInfo.private && envd->contentInfo.private->ciphcx) {
|
|
||||||
- NSS_CMSCipherContext_Destroy(envd->contentInfo.private->ciphcx);
|
|
||||||
- envd->contentInfo.private->ciphcx = NULL;
|
|
||||||
+ if (envd && envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
|
|
||||||
+ NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
|
|
||||||
+ envd->contentInfo.privateInfo->ciphcx = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return SECSuccess;
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cms.h.676036 ./mozilla/security/nss/lib/smime/cms.h
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cms.h.676036 2011-02-09 14:05:46.178513159 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cms.h 2011-02-09 14:35:29.675010023 -0800
|
|
||||||
@@ -1171,7 +1171,7 @@ NSS_CMSDEREncode(NSSCMSMessage *cmsg, SE
|
|
||||||
* against that data structure.
|
|
||||||
*/
|
|
||||||
SECStatus NSS_CMSType_RegisterContentType(SECOidTag type,
|
|
||||||
- SEC_ASN1Template *template, size_t size,
|
|
||||||
+ SEC_ASN1Template *asn1Template, size_t size,
|
|
||||||
NSSCMSGenericWrapperDataDestroy destroy,
|
|
||||||
NSSCMSGenericWrapperDataCallback decode_before,
|
|
||||||
NSSCMSGenericWrapperDataCallback decode_after,
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmssigdata.c.676036 ./mozilla/security/nss/lib/smime/cmssigdata.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmssigdata.c.676036 2011-02-09 14:03:55.139296029 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmssigdata.c 2011-02-09 14:03:55.155294331 -0800
|
|
||||||
@@ -228,11 +228,11 @@ NSS_CMSSignedData_Encode_BeforeData(NSSC
|
|
||||||
}
|
|
||||||
/* set up the digests */
|
|
||||||
if (sigd->digests && sigd->digests[0]) {
|
|
||||||
- sigd->contentInfo.private->digcx = NULL; /* don't attempt to make new ones. */
|
|
||||||
+ sigd->contentInfo.privateInfo->digcx = NULL; /* don't attempt to make new ones. */
|
|
||||||
} else if (sigd->digestAlgorithms != NULL) {
|
|
||||||
- sigd->contentInfo.private->digcx =
|
|
||||||
+ sigd->contentInfo.privateInfo->digcx =
|
|
||||||
NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
|
|
||||||
- if (sigd->contentInfo.private->digcx == NULL)
|
|
||||||
+ if (sigd->contentInfo.privateInfo->digcx == NULL)
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
return SECSuccess;
|
|
||||||
@@ -272,11 +272,11 @@ NSS_CMSSignedData_Encode_AfterData(NSSCM
|
|
||||||
cinfo = &(sigd->contentInfo);
|
|
||||||
|
|
||||||
/* did we have digest calculation going on? */
|
|
||||||
- if (cinfo->private && cinfo->private->digcx) {
|
|
||||||
- rv = NSS_CMSDigestContext_FinishMultiple(cinfo->private->digcx, poolp,
|
|
||||||
+ if (cinfo->privateInfo && cinfo->privateInfo->digcx) {
|
|
||||||
+ rv = NSS_CMSDigestContext_FinishMultiple(cinfo->privateInfo->digcx, poolp,
|
|
||||||
&(sigd->digests));
|
|
||||||
/* error has been set by NSS_CMSDigestContext_FinishMultiple */
|
|
||||||
- cinfo->private->digcx = NULL;
|
|
||||||
+ cinfo->privateInfo->digcx = NULL;
|
|
||||||
if (rv != SECSuccess)
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
@@ -409,8 +409,8 @@ NSS_CMSSignedData_Decode_BeforeData(NSSC
|
|
||||||
/* set up the digests */
|
|
||||||
if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) {
|
|
||||||
/* if digests are already there, do nothing */
|
|
||||||
- sigd->contentInfo.private->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
|
|
||||||
- if (sigd->contentInfo.private->digcx == NULL)
|
|
||||||
+ sigd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
|
|
||||||
+ if (sigd->contentInfo.privateInfo->digcx == NULL)
|
|
||||||
return SECFailure;
|
|
||||||
}
|
|
||||||
return SECSuccess;
|
|
||||||
@@ -431,11 +431,11 @@ NSS_CMSSignedData_Decode_AfterData(NSSCM
|
|
||||||
}
|
|
||||||
|
|
||||||
/* did we have digest calculation going on? */
|
|
||||||
- if (sigd->contentInfo.private && sigd->contentInfo.private->digcx) {
|
|
||||||
- rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.private->digcx,
|
|
||||||
+ if (sigd->contentInfo.privateInfo && sigd->contentInfo.privateInfo->digcx) {
|
|
||||||
+ rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.privateInfo->digcx,
|
|
||||||
sigd->cmsg->poolp, &(sigd->digests));
|
|
||||||
/* error set by NSS_CMSDigestContext_FinishMultiple */
|
|
||||||
- sigd->contentInfo.private->digcx = NULL;
|
|
||||||
+ sigd->contentInfo.privateInfo->digcx = NULL;
|
|
||||||
}
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmst.h.676036 ./mozilla/security/nss/lib/smime/cmst.h
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmst.h.676036 2011-02-09 14:03:55.141295816 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmst.h 2011-02-09 14:03:55.156294225 -0800
|
|
||||||
@@ -182,7 +182,7 @@ struct NSSCMSContentInfoStr {
|
|
||||||
* (only used by creation code) */
|
|
||||||
SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
|
|
||||||
* (only used by creation code) */
|
|
||||||
- NSSCMSContentInfoPrivate *private; /* place for NSS private info */
|
|
||||||
+ NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */
|
|
||||||
void *reserved; /* keep binary compatibility */
|
|
||||||
};
|
|
||||||
|
|
||||||
diff -up ./mozilla/security/nss/lib/smime/cmsudf.c.676036 ./mozilla/security/nss/lib/smime/cmsudf.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsudf.c.676036 2011-02-09 14:08:23.907775957 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsudf.c 2011-02-09 14:36:56.043841454 -0800
|
|
||||||
@@ -435,7 +435,7 @@ NSS_CMSGenericWrapperData_Encode_AfterDa
|
|
||||||
|
|
||||||
SECStatus
|
|
||||||
NSS_CMSType_RegisterContentType(SECOidTag type,
|
|
||||||
- SEC_ASN1Template *template, size_t size,
|
|
||||||
+ SEC_ASN1Template *asn1Template, size_t size,
|
|
||||||
NSSCMSGenericWrapperDataDestroy destroy,
|
|
||||||
NSSCMSGenericWrapperDataCallback decode_before,
|
|
||||||
NSSCMSGenericWrapperDataCallback decode_after,
|
|
||||||
@@ -462,10 +462,10 @@ NSS_CMSType_RegisterContentType(SECOidTa
|
|
||||||
return SECSuccess;
|
|
||||||
}
|
|
||||||
typeInfo = PORT_ArenaNew(nsscmstypeArena, nsscmstypeInfo);
|
|
||||||
- typeInfo->type =type;
|
|
||||||
+ typeInfo->type = type;
|
|
||||||
typeInfo->size = size;
|
|
||||||
typeInfo->isData = isData;
|
|
||||||
- typeInfo->template = template;
|
|
||||||
+ typeInfo->template = asn1Template;
|
|
||||||
typeInfo->destroy = destroy;
|
|
||||||
typeInfo->decode_before = decode_before;
|
|
||||||
typeInfo->decode_after = decode_after;
|
|
@ -1,196 +0,0 @@
|
|||||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
|
|
||||||
retrieving revision 1.30
|
|
||||||
retrieving revision 1.30.2.2
|
|
||||||
diff -u -p -r1.30 -r1.30.2.2
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 27 Jan 2011 01:35:46 -0000 1.30.2.2
|
|
||||||
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
|
|
||||||
char *oldModuleSpec;
|
|
||||||
|
|
||||||
if (secmod_IsInternalKeySlot(newModule)) {
|
|
||||||
- pk11_SetInternalKeySlot(slot);
|
|
||||||
- }
|
|
||||||
+ pk11_SetInternalKeySlotIfFirst(slot);
|
|
||||||
+ }
|
|
||||||
newID = slot->slotID;
|
|
||||||
PK11_FreeSlot(slot);
|
|
||||||
for (thisChild=children, thisID=ids; thisChild && *thisChild;
|
|
||||||
@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
|
|
||||||
/* look down the slot info table */
|
|
||||||
PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
|
|
||||||
SECMOD_SetRootCerts(mod->slots[i],mod);
|
|
||||||
+ /* explicitly mark the internal slot as such if IsInternalKeySlot()
|
|
||||||
+ * is set */
|
|
||||||
+ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
|
|
||||||
+ pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
mod->slotCount = slotCount;
|
|
||||||
mod->slotInfoCount = 0;
|
|
||||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
|
|
||||||
retrieving revision 1.13
|
|
||||||
retrieving revision 1.13.2.2
|
|
||||||
diff -u -p -r1.13 -r1.13.2.2
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Jan 2011 01:35:46 -0000 1.13.2.2
|
|
||||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
|
||||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
|
||||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
|
||||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
|
||||||
+void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
|
||||||
|
|
||||||
/*********************************************************************
|
|
||||||
* Mechanism Mapping functions
|
|
||||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
|
|
||||||
retrieving revision 1.101
|
|
||||||
retrieving revision 1.101.2.3
|
|
||||||
diff -u -p -r1.101 -r1.101.2.3
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 27 Jan 2011 01:35:46 -0000 1.101.2.3
|
|
||||||
@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
|
|
||||||
* times as tokens are removed and re-inserted.
|
|
||||||
*/
|
|
||||||
void
|
|
||||||
-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
|
|
||||||
+PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
|
|
||||||
{
|
|
||||||
SECStatus rv;
|
|
||||||
char *tmp;
|
|
||||||
@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
|
|
||||||
}
|
|
||||||
|
|
||||||
static PK11SlotInfo *pk11InternalKeySlot = NULL;
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set a new default internal keyslot. If one has already been set, clear it.
|
|
||||||
+ * Passing NULL falls back to the NSS normally selected default internal key
|
|
||||||
+ * slot.
|
|
||||||
+ */
|
|
||||||
void
|
|
||||||
pk11_SetInternalKeySlot(PK11SlotInfo *slot)
|
|
||||||
{
|
|
||||||
@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
|
|
||||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * Set a new default internal keyslot if the normal key slot has not already
|
|
||||||
+ * been overridden. Subsequent calls to this function will be ignored unless
|
|
||||||
+ * pk11_SetInternalKeySlot is used to clear the current default.
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
|
|
||||||
+{
|
|
||||||
+ if (pk11InternalKeySlot) {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
|
|
||||||
/* get the internal key slot. FIPS has only one slot for both key slots and
|
|
||||||
* default slots */
|
|
||||||
Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
|
|
||||||
retrieving revision 1.2
|
|
||||||
retrieving revision 1.2.2.2
|
|
||||||
diff -u -p -r1.2 -r1.2.2.2
|
|
||||||
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
|
|
||||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 26 Jan 2011 00:52:31 -0000 1.2.2.2
|
|
||||||
@@ -221,16 +221,16 @@ getFIPSMode(void)
|
|
||||||
* 2 for the key slot, and
|
|
||||||
* 3 for the crypto operations slot fips
|
|
||||||
*/
|
|
||||||
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
|
|
||||||
+#define CIPHER_ORDER_FLAGS "cipherOrder=100"
|
|
||||||
#define SLOT_FLAGS \
|
|
||||||
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
|
|
||||||
" askpw=any timeout=30 ]"
|
|
||||||
|
|
||||||
static const char *nssDefaultFlags =
|
|
||||||
- ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
|
||||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
|
||||||
|
|
||||||
static const char *nssDefaultFIPSFlags =
|
|
||||||
- ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
|
||||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This function builds the list of databases and modules to load, and sets
|
|
||||||
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
|
|
||||||
"library= "
|
|
||||||
"module=\"NSS User database\" "
|
|
||||||
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
|
|
||||||
- "NSS=\"%sflags=internal%s\"",
|
|
||||||
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
|
|
||||||
userdb, stripped_parameters, nssflags,
|
|
||||||
isFIPS ? ",FIPS" : "");
|
|
||||||
|
|
||||||
@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
|
|
||||||
userdb, stripped_parameters);
|
|
||||||
}
|
|
||||||
|
|
||||||
-#if 0
|
|
||||||
- /* This doesn't actually work. If we register
|
|
||||||
- both this and the sysdb (in either order)
|
|
||||||
- then only one of them actually shows up */
|
|
||||||
-
|
|
||||||
- /* Using a NULL filename as a Boolean flag to
|
|
||||||
- * prevent registering both an application-defined
|
|
||||||
- * db and the system db. rhbz #546211.
|
|
||||||
- */
|
|
||||||
- PORT_Assert(filename);
|
|
||||||
- if (sysdb && PL_CompareStrings(filename, sysdb))
|
|
||||||
- filename = NULL;
|
|
||||||
- else if (userdb && PL_CompareStrings(filename, userdb))
|
|
||||||
- filename = NULL;
|
|
||||||
-
|
|
||||||
- if (filename && !userIsRoot()) {
|
|
||||||
- module_list[next++] = PR_smprintf(
|
|
||||||
- "library= "
|
|
||||||
- "module=\"NSS database\" "
|
|
||||||
- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
|
|
||||||
- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
/* now the system database (always read only unless it's root) */
|
|
||||||
if (sysdb) {
|
|
||||||
const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
|
|
||||||
@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
|
|
||||||
"library= "
|
|
||||||
"module=\"NSS system database\" "
|
|
||||||
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
|
||||||
- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
|
|
||||||
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* that was the last module */
|
|
||||||
@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
|
|
||||||
|
|
||||||
/* determine what options the user was trying to open this database with */
|
|
||||||
/* filename is the directory pointed to by configdir= */
|
|
||||||
-/* stripped is the rest of the paramters with configdir= stripped out */
|
|
||||||
+/* stripped is the rest of the parameters with configdir= stripped out */
|
|
||||||
static SECStatus
|
|
||||||
-parse_paramters(char *parameters, char **filename, char **stripped)
|
|
||||||
+parse_parameters(char *parameters, char **filename, char **stripped)
|
|
||||||
{
|
|
||||||
char *sourcePrev;
|
|
||||||
char *sourceCurr;
|
|
||||||
@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
|
|
||||||
char **retString = NULL;
|
|
||||||
SECStatus rv;
|
|
||||||
|
|
||||||
- rv = parse_paramters(parameters, &filename, &stripped);
|
|
||||||
+ rv = parse_parameters(parameters, &filename, &stripped);
|
|
||||||
if (rv != SECSuccess) {
|
|
||||||
/* use defaults */
|
|
||||||
filename = getSystemDB();
|
|
@ -1,17 +0,0 @@
|
|||||||
Handle decoding of one CMS structure inside another. Plain data as the
|
|
||||||
top-level item in a message needs work.
|
|
||||||
|
|
||||||
diff -ur ./mozilla/security/nss/lib/smime/cmsdecode.c ./mozilla/security/nss/lib/smime/cmsdecode.c
|
|
||||||
--- ./mozilla/security/nss/lib/smime/cmsdecode.c 2010-12-23 13:03:41.000000000 -0500
|
|
||||||
+++ ./mozilla/security/nss/lib/smime/cmsdecode.c 2011-01-12 15:22:22.245908999 -0500
|
|
||||||
@@ -307,6 +307,9 @@
|
|
||||||
if (childp7dcx->content.pointer == NULL)
|
|
||||||
goto loser;
|
|
||||||
|
|
||||||
+ /* give the parent a copy of the pointer so that it doesn't get lost */
|
|
||||||
+ cinfo->content.pointer = childp7dcx->content.pointer;
|
|
||||||
+
|
|
||||||
/* start the child decoder */
|
|
||||||
childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer,
|
|
||||||
template);
|
|
||||||
|
|
@ -1,97 +0,0 @@
|
|||||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11pars.c
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss 2011-02-11 07:45:38.324083242 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 2011-02-11 07:48:14.514166538 -0800
|
|
||||||
@@ -258,6 +258,19 @@ secmod_IsInternalKeySlot(SECMODModule *m
|
|
||||||
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
+void
|
|
||||||
+secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val)
|
|
||||||
+{
|
|
||||||
+ char flags = (char) mod->internal;
|
|
||||||
+
|
|
||||||
+ if (val) {
|
|
||||||
+ flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
|
|
||||||
+ } else {
|
|
||||||
+ flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT;
|
|
||||||
+ }
|
|
||||||
+ mod->internal = flags;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* forward declarations */
|
|
||||||
static int secmod_escapeSize(const char *string, char quote);
|
|
||||||
static char *secmod_addEscape(const char *string, char quote);
|
|
||||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss 2011-02-11 07:47:45.037226877 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2011-02-11 07:48:28.854164207 -0800
|
|
||||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
|
||||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
|
||||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
|
||||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
|
||||||
+PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot);
|
|
||||||
void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
|
||||||
|
|
||||||
/*********************************************************************
|
|
||||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss 2011-02-11 07:41:11.258746774 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 2011-02-11 07:48:51.291595867 -0800
|
|
||||||
@@ -1755,6 +1755,18 @@ pk11_SetInternalKeySlotIfFirst(PK11SlotI
|
|
||||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * Swap out a default internal keyslot. Caller owns the Slot Reference
|
|
||||||
+ */
|
|
||||||
+PK11SlotInfo *
|
|
||||||
+pk11_SwapInternalKeySlot(PK11SlotInfo *slot)
|
|
||||||
+{
|
|
||||||
+ PK11SlotInfo *swap = pk11InternalKeySlot;
|
|
||||||
+
|
|
||||||
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
|
||||||
+ return swap;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
|
|
||||||
/* get the internal key slot. FIPS has only one slot for both key slots and
|
|
||||||
* default slots */
|
|
||||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11util.c
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss 2011-02-11 07:40:23.748066635 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11util.c 2011-02-11 07:49:19.674611909 -0800
|
|
||||||
@@ -483,13 +483,25 @@ SECMOD_DeleteInternalModule(const char *
|
|
||||||
NULL, SECMOD_FIPS_FLAGS);
|
|
||||||
}
|
|
||||||
if (newModule) {
|
|
||||||
+ PK11SlotInfo *slot;
|
|
||||||
newModule->libraryParams =
|
|
||||||
PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams);
|
|
||||||
+ /* if an explicit internal key slot has been set, reset it */
|
|
||||||
+ slot = pk11_SwapInternalKeySlot(NULL);
|
|
||||||
+ if (slot) {
|
|
||||||
+ secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
|
|
||||||
+ }
|
|
||||||
rv = SECMOD_AddModule(newModule);
|
|
||||||
if (rv != SECSuccess) {
|
|
||||||
+ /* load failed, restore the internal key slot */
|
|
||||||
+ pk11_SetInternalKeySlot(slot);
|
|
||||||
SECMOD_DestroyModule(newModule);
|
|
||||||
newModule = NULL;
|
|
||||||
}
|
|
||||||
+ /* free the old explicit internal key slot, we now have a new one */
|
|
||||||
+ if (slot) {
|
|
||||||
+ PK11_FreeSlot(slot);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
if (newModule == NULL) {
|
|
||||||
SECMODModuleList *last = NULL,*mlp2;
|
|
||||||
diff -up ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss ./mozilla/security/nss/lib/pk11wrap/secmodi.h
|
|
||||||
--- ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss 2011-02-11 07:39:04.685590962 -0800
|
|
||||||
+++ ./mozilla/security/nss/lib/pk11wrap/secmodi.h 2011-02-11 07:49:28.120021571 -0800
|
|
||||||
@@ -90,6 +90,8 @@ SECStatus secmod_LoadPKCS11Module(SECMOD
|
|
||||||
SECStatus SECMOD_UnloadModule(SECMODModule *);
|
|
||||||
void SECMOD_SetInternalModule(SECMODModule *);
|
|
||||||
PRBool secmod_IsInternalKeySlot(SECMODModule *);
|
|
||||||
+void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val);
|
|
||||||
+
|
|
||||||
|
|
||||||
/* tools for checking if we are loading the same database twice */
|
|
||||||
typedef struct SECMODConfigListStr SECMODConfigList;
|
|
Loading…
Reference in New Issue
Block a user