diff --git a/dont-use-cpp-reserved-words.patch b/dont-use-cpp-reserved-words.patch index 8c7d336..c476494 100644 --- a/dont-use-cpp-reserved-words.patch +++ b/dont-use-cpp-reserved-words.patch @@ -12,7 +12,7 @@ diff -up ./mozilla/security/nss/lib/smime/cmscinfo.c.676036 ./mozilla/security/n - cinfo->private = PORT_ZNew(NSSCMSContentInfoPrivate); - return (cinfo->private) ? SECSuccess: SECFailure; + cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate); -+ return (cinfo->privateInfo) ? SECSuccess: SECFailure; ++ return (cinfo->privateInfo) ? SECSuccess : SECFailure; } diff --git a/nss.spec b/nss.spec index 7c4f4b4..afcb629 100644 --- a/nss.spec +++ b/nss.spec @@ -46,6 +46,7 @@ Patch11: honor-user-trust-preferences.patch Patch12: allow-content-types-beyond-smime.patch Patch13: nss-recurse.patch Patch14: dont-use-cpp-reserved-words.patch +Patch15: swap-internal-key-slot.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -121,6 +122,7 @@ low level services. %patch12 -p1 -b .contenttypes %patch13 -p1 -b .recurse %patch14 -p1 -b .676036 +%patch15 -p1 -b .jss %build @@ -500,6 +502,7 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h * Thu Feb 10 2011 Elio Maldonado - 3.12.9-10 - Fix cms headers to not use c++ reserved words (#676036) - Reenabling Bug 499444 patches +- Fix to swap internal key slot on fips mode switches * Tue Feb 08 2011 Elio Maldonado - 3.12.9-9 - Revert patches for 499444 until all c++ reserved words are found and extirpated diff --git a/swap-internal-key-slot.patch b/swap-internal-key-slot.patch new file mode 100644 index 0000000..ead072e --- /dev/null +++ b/swap-internal-key-slot.patch @@ -0,0 +1,97 @@ +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11pars.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss 2011-02-11 07:45:38.324083242 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 2011-02-11 07:48:14.514166538 -0800 +@@ -258,6 +258,19 @@ secmod_IsInternalKeySlot(SECMODModule *m + return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE; + } + ++void ++secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val) ++{ ++ char flags = (char) mod->internal; ++ ++ if (val) { ++ flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; ++ } else { ++ flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT; ++ } ++ mod->internal = flags; ++} ++ + /* forward declarations */ + static int secmod_escapeSize(const char *string, char quote); + static char *secmod_addEscape(const char *string, char quote); +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss ./mozilla/security/nss/lib/pk11wrap/pk11priv.h +--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss 2011-02-11 07:47:45.037226877 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2011-02-11 07:48:28.854164207 -0800 +@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_ + PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot); + SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot); + void pk11_SetInternalKeySlot(PK11SlotInfo *slot); ++PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot); + void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot); + + /********************************************************************* +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11slot.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss 2011-02-11 07:41:11.258746774 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 2011-02-11 07:48:51.291595867 -0800 +@@ -1755,6 +1755,18 @@ pk11_SetInternalKeySlotIfFirst(PK11SlotI + pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; + } + ++/* ++ * Swap out a default internal keyslot. Caller owns the Slot Reference ++ */ ++PK11SlotInfo * ++pk11_SwapInternalKeySlot(PK11SlotInfo *slot) ++{ ++ PK11SlotInfo *swap = pk11InternalKeySlot; ++ ++ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL; ++ return swap; ++} ++ + + /* get the internal key slot. FIPS has only one slot for both key slots and + * default slots */ +diff -up ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11util.c +--- ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss 2011-02-11 07:40:23.748066635 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/pk11util.c 2011-02-11 07:49:19.674611909 -0800 +@@ -483,13 +483,25 @@ SECMOD_DeleteInternalModule(const char * + NULL, SECMOD_FIPS_FLAGS); + } + if (newModule) { ++ PK11SlotInfo *slot; + newModule->libraryParams = + PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams); ++ /* if an explicit internal key slot has been set, reset it */ ++ slot = pk11_SwapInternalKeySlot(NULL); ++ if (slot) { ++ secmod_SetInternalKeySlotFlag(newModule, PR_TRUE); ++ } + rv = SECMOD_AddModule(newModule); + if (rv != SECSuccess) { ++ /* load failed, restore the internal key slot */ ++ pk11_SetInternalKeySlot(slot); + SECMOD_DestroyModule(newModule); + newModule = NULL; + } ++ /* free the old explicit internal key slot, we now have a new one */ ++ if (slot) { ++ PK11_FreeSlot(slot); ++ } + } + if (newModule == NULL) { + SECMODModuleList *last = NULL,*mlp2; +diff -up ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss ./mozilla/security/nss/lib/pk11wrap/secmodi.h +--- ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss 2011-02-11 07:39:04.685590962 -0800 ++++ ./mozilla/security/nss/lib/pk11wrap/secmodi.h 2011-02-11 07:49:28.120021571 -0800 +@@ -90,6 +90,8 @@ SECStatus secmod_LoadPKCS11Module(SECMOD + SECStatus SECMOD_UnloadModule(SECMODModule *); + void SECMOD_SetInternalModule(SECMODModule *); + PRBool secmod_IsInternalKeySlot(SECMODModule *); ++void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val); ++ + + /* tools for checking if we are loading the same database twice */ + typedef struct SECMODConfigListStr SECMODConfigList;