rpms/nss
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Patch nsssysinit to set the default flags on the crypto module - #545779

Browse Source
This commit is contained in:
Elio Maldonado 2009-12-12 06:48:43 +00:00
parent 43678392b1
commit 911a125478
2 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nss.spec
View File

@ -7,7 +7,7 @@
Summary: Network Security Services Summary: Network Security Services
Name: nss Name: nss
Version: 3.12.5 Version: 3.12.5
Release: 1%{?dist}.4 Release: 1%{?dist}.5
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/ URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -43,6 +43,7 @@ Patch2: nss-nolocalsql.patch
Patch6: nss-enable-pem.patch Patch6: nss-enable-pem.patch
Patch7: 533125-ammend.patch Patch7: 533125-ammend.patch
Patch8: nss-sysinit.patch Patch8: nss-sysinit.patch
Patch9: nsssysinit.patch
%description %description
Network Security Services (NSS) is a set of libraries designed to Network Security Services (NSS) is a set of libraries designed to
@ -110,6 +111,7 @@ low level services.
%patch6 -p0 -b .libpem %patch6 -p0 -b .libpem
%patch7 -p0 -b .533125-ammend %patch7 -p0 -b .533125-ammend
%patch8 -p0 -b .sysinit %patch8 -p0 -b .sysinit
%patch9 -p0 -b .nsssysinit
%build %build
@ -471,7 +473,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog %changelog
* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-2.1 * Thu Dec 10 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.5
- Fix nsssysinit to set the default flags on the crypto module (#545779)
- Remove redundant header from the pem module
* Wed Dec 09 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1
- Remove unneeded patch - Remove unneeded patch
* Thu Dec 03 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1 * Thu Dec 03 2009 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.1

49
nsssysinit.patch Normal file
View File

@ -0,0 +1,49 @@
Index: mozilla/security/nss/lib/sysinit/nsssysinit.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
retrieving revision 1.1
diff -u -p -r1.1 nsssysinit.c
--- mozilla/security/nss/lib/sysinit/nsssysinit.c 8 Oct 2009 17:08:36 -0000 1.1
+++ mozilla/security/nss/lib/sysinit/nsssysinit.c 12 Dec 2009 03:34:17 -0000
@@ -198,11 +198,20 @@ getFIPSMode(void)
* the decision making process.
*
*/
+static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] } ";
+static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
+slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
+askpw=any timeout=30 ] } ";
+
static char **
get_list(char *filename, char *stripped_parameters)
{
char **module_list = PORT_ZNewArray(char *, 4);
char *userdb;
+ int isFIPS = getFIPSMode();
+ const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
int next = 0;
/* can't get any space */
@@ -217,8 +226,9 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s\" "
- "NSS=\"flags=internal%s\"",
- userdb, stripped_parameters, getFIPSMode() ? ",FIPS" : "");
+ "NSS=\"%sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
/* now open the user's defined PKCS #11 modules */
/* skip the local user DB entry */
@@ -235,7 +245,7 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS system database\" "
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
- "NSS=\"flags=internal,critical\"",filename);
+ "NSS=\"%sflags=internal,critical\"",filename, nssDefaultFlags);
/* that was the last module */
module_list[next] = 0;