Merge branch 'f15' into f14
This commit is contained in:
commit
ded5f79f77
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,4 @@
|
||||
nss-3.12.9-stripped.tar.bz2
|
||||
nss-3.12.10-stripped.tar.bz2
|
||||
nss-pem-20101125.tar.bz2
|
||||
blank-cert8.db
|
||||
blank-key3.db
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,196 +0,0 @@
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11load.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11load.c,v
|
||||
retrieving revision 1.30
|
||||
retrieving revision 1.30.2.2
|
||||
diff -u -p -r1.30 -r1.30.2.2
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11load.c 30 Apr 2010 07:22:54 -0000 1.30
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11load.c 27 Jan 2011 01:35:46 -0000 1.30.2.2
|
||||
@@ -178,8 +178,8 @@ secmod_handleReload(SECMODModule *oldMod
|
||||
char *oldModuleSpec;
|
||||
|
||||
if (secmod_IsInternalKeySlot(newModule)) {
|
||||
- pk11_SetInternalKeySlot(slot);
|
||||
- }
|
||||
+ pk11_SetInternalKeySlotIfFirst(slot);
|
||||
+ }
|
||||
newID = slot->slotID;
|
||||
PK11_FreeSlot(slot);
|
||||
for (thisChild=children, thisID=ids; thisChild && *thisChild;
|
||||
@@ -550,6 +550,11 @@ secmod_LoadPKCS11Module(SECMODModule *mo
|
||||
/* look down the slot info table */
|
||||
PK11_LoadSlotList(mod->slots[i],mod->slotInfo,mod->slotInfoCount);
|
||||
SECMOD_SetRootCerts(mod->slots[i],mod);
|
||||
+ /* explicitly mark the internal slot as such if IsInternalKeySlot()
|
||||
+ * is set */
|
||||
+ if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
|
||||
+ pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
|
||||
+ }
|
||||
}
|
||||
mod->slotCount = slotCount;
|
||||
mod->slotInfoCount = 0;
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11priv.h,v
|
||||
retrieving revision 1.13
|
||||
retrieving revision 1.13.2.2
|
||||
diff -u -p -r1.13 -r1.13.2.2
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Oct 2009 23:04:46 -0000 1.13
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 27 Jan 2011 01:35:46 -0000 1.13.2.2
|
||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
||||
+void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
||||
|
||||
/*********************************************************************
|
||||
* Mechanism Mapping functions
|
||||
Index: ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v
|
||||
retrieving revision 1.101
|
||||
retrieving revision 1.101.2.3
|
||||
diff -u -p -r1.101 -r1.101.2.3
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 3 Apr 2010 18:27:31 -0000 1.101
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 27 Jan 2011 01:35:46 -0000 1.101.2.3
|
||||
@@ -1349,7 +1349,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
|
||||
* times as tokens are removed and re-inserted.
|
||||
*/
|
||||
void
|
||||
-PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot)
|
||||
+PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
|
||||
{
|
||||
SECStatus rv;
|
||||
char *tmp;
|
||||
@@ -1726,6 +1726,12 @@ PK11_NeedUserInit(PK11SlotInfo *slot)
|
||||
}
|
||||
|
||||
static PK11SlotInfo *pk11InternalKeySlot = NULL;
|
||||
+
|
||||
+/*
|
||||
+ * Set a new default internal keyslot. If one has already been set, clear it.
|
||||
+ * Passing NULL falls back to the NSS normally selected default internal key
|
||||
+ * slot.
|
||||
+ */
|
||||
void
|
||||
pk11_SetInternalKeySlot(PK11SlotInfo *slot)
|
||||
{
|
||||
@@ -1735,6 +1741,20 @@ pk11_SetInternalKeySlot(PK11SlotInfo *sl
|
||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Set a new default internal keyslot if the normal key slot has not already
|
||||
+ * been overridden. Subsequent calls to this function will be ignored unless
|
||||
+ * pk11_SetInternalKeySlot is used to clear the current default.
|
||||
+ */
|
||||
+void
|
||||
+pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
|
||||
+{
|
||||
+ if (pk11InternalKeySlot) {
|
||||
+ return;
|
||||
+ }
|
||||
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
+}
|
||||
+
|
||||
|
||||
/* get the internal key slot. FIPS has only one slot for both key slots and
|
||||
* default slots */
|
||||
Index: ./mozilla/security/nss/lib/sysinit/nsssysinit.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/lib/sysinit/nsssysinit.c,v
|
||||
retrieving revision 1.2
|
||||
retrieving revision 1.2.2.2
|
||||
diff -u -p -r1.2 -r1.2.2.2
|
||||
--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c 6 Feb 2010 04:56:37 -0000 1.2
|
||||
+++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c 26 Jan 2011 00:52:31 -0000 1.2.2.2
|
||||
@@ -221,16 +221,16 @@ getFIPSMode(void)
|
||||
* 2 for the key slot, and
|
||||
* 3 for the crypto operations slot fips
|
||||
*/
|
||||
-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
|
||||
+#define CIPHER_ORDER_FLAGS "cipherOrder=100"
|
||||
#define SLOT_FLAGS \
|
||||
"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
|
||||
" askpw=any timeout=30 ]"
|
||||
|
||||
static const char *nssDefaultFlags =
|
||||
- ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
||||
|
||||
static const char *nssDefaultFIPSFlags =
|
||||
- ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
+ CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
||||
|
||||
/*
|
||||
* This function builds the list of databases and modules to load, and sets
|
||||
@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
|
||||
"library= "
|
||||
"module=\"NSS User database\" "
|
||||
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
|
||||
- "NSS=\"%sflags=internal%s\"",
|
||||
+ "NSS=\"trustOrder=75 %sflags=internal%s\"",
|
||||
userdb, stripped_parameters, nssflags,
|
||||
isFIPS ? ",FIPS" : "");
|
||||
|
||||
@@ -284,30 +284,6 @@ get_list(char *filename, char *stripped_
|
||||
userdb, stripped_parameters);
|
||||
}
|
||||
|
||||
-#if 0
|
||||
- /* This doesn't actually work. If we register
|
||||
- both this and the sysdb (in either order)
|
||||
- then only one of them actually shows up */
|
||||
-
|
||||
- /* Using a NULL filename as a Boolean flag to
|
||||
- * prevent registering both an application-defined
|
||||
- * db and the system db. rhbz #546211.
|
||||
- */
|
||||
- PORT_Assert(filename);
|
||||
- if (sysdb && PL_CompareStrings(filename, sysdb))
|
||||
- filename = NULL;
|
||||
- else if (userdb && PL_CompareStrings(filename, userdb))
|
||||
- filename = NULL;
|
||||
-
|
||||
- if (filename && !userIsRoot()) {
|
||||
- module_list[next++] = PR_smprintf(
|
||||
- "library= "
|
||||
- "module=\"NSS database\" "
|
||||
- "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
|
||||
- "NSS=\"%sflags=internal\"",filename, filename, nssflags);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
/* now the system database (always read only unless it's root) */
|
||||
if (sysdb) {
|
||||
const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
|
||||
@@ -315,7 +291,7 @@ get_list(char *filename, char *stripped_
|
||||
"library= "
|
||||
"module=\"NSS system database\" "
|
||||
"parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
|
||||
- "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
+ "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
|
||||
}
|
||||
|
||||
/* that was the last module */
|
||||
@@ -372,9 +348,9 @@ overlapstrcpy(char *target, char *src)
|
||||
|
||||
/* determine what options the user was trying to open this database with */
|
||||
/* filename is the directory pointed to by configdir= */
|
||||
-/* stripped is the rest of the paramters with configdir= stripped out */
|
||||
+/* stripped is the rest of the parameters with configdir= stripped out */
|
||||
static SECStatus
|
||||
-parse_paramters(char *parameters, char **filename, char **stripped)
|
||||
+parse_parameters(char *parameters, char **filename, char **stripped)
|
||||
{
|
||||
char *sourcePrev;
|
||||
char *sourceCurr;
|
||||
@@ -423,7 +399,7 @@ NSS_ReturnModuleSpecData(unsigned long f
|
||||
char **retString = NULL;
|
||||
SECStatus rv;
|
||||
|
||||
- rv = parse_paramters(parameters, &filename, &stripped);
|
||||
+ rv = parse_parameters(parameters, &filename, &stripped);
|
||||
if (rv != SECSuccess) {
|
||||
/* use defaults */
|
||||
filename = getSystemDB();
|
@ -1,18 +1,9 @@
|
||||
Index: mozilla/security/nss/cmd/selfserv/selfserv.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
|
||||
retrieving revision 1.94
|
||||
diff -p -u -8 -r1.94 selfserv.c
|
||||
--- mozilla/security/nss/cmd/selfserv/selfserv.c 3 Apr 2010 18:27:27 -0000 1.94
|
||||
+++ mozilla/security/nss/cmd/selfserv/selfserv.c 24 Feb 2011 02:28:02 -0000
|
||||
@@ -1487,21 +1487,21 @@ PRFileDesc *
|
||||
getBoundListenSocket(unsigned short port)
|
||||
{
|
||||
PRFileDesc * listen_sock;
|
||||
int listenQueueDepth = 5 + (2 * maxThreads);
|
||||
PRStatus prStatus;
|
||||
PRNetAddr addr;
|
||||
diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
|
||||
--- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 2011-04-27 15:24:07.922128850 -0700
|
||||
+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c 2011-04-27 15:27:11.053271675 -0700
|
||||
@@ -1493,14 +1493,14 @@ getBoundListenSocket(unsigned short port
|
||||
PRSocketOptionData opt;
|
||||
PRUint16 socketDomain = PR_AF_INET;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
@ -21,13 +12,11 @@ diff -p -u -8 -r1.94 selfserv.c
|
||||
+ errExit("PR_SetNetAddr");
|
||||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
if (PR_GetEnv("NSS_USE_SDP")) {
|
||||
socketDomain = PR_AF_INET_SDP;
|
||||
}
|
||||
- listen_sock = PR_OpenTCPSocket(socketDomain);
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
errExit("PR_NewTCPSocket");
|
||||
errExit("PR_OpenTCPSocket error");
|
||||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
opt.value.non_blocking = PR_FALSE;
|
||||
prStatus = PR_SetSocketOption(listen_sock, &opt);
|
||||
if (prStatus < 0) {
|
||||
|
62
nss.spec
62
nss.spec
@ -1,12 +1,12 @@
|
||||
%global nspr_version 4.8.7
|
||||
%global nss_util_version 3.12.9
|
||||
%global nss_softokn_version 3.12.9
|
||||
%global nspr_version 4.8.8
|
||||
%global nss_util_version 3.12.10
|
||||
%global nss_softokn_version 3.12.10
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.12.9
|
||||
Release: 10%{?dist}
|
||||
Version: 3.12.10
|
||||
Release: 1%{?dist}
|
||||
License: MPLv1.1 or GPLv2+ or LGPLv2+
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Group: System Environment/Libraries
|
||||
@ -43,8 +43,6 @@ Patch3: renegotiate-transitional.patch
|
||||
Patch6: nss-enable-pem.patch
|
||||
Patch7: nsspem-642433.patch
|
||||
Patch8: 0001-Bug-695011-PEM-logging.patch
|
||||
Patch11: honor-user-trust-preferences.patch
|
||||
Patch15: swap-internal-key-slot.patch
|
||||
Patch16: nss-539183.patch
|
||||
|
||||
%description
|
||||
@ -119,8 +117,6 @@ low level services.
|
||||
%patch6 -p0 -b .libpem
|
||||
%patch7 -p0 -b .642433
|
||||
%patch8 -p1 -b .695011
|
||||
%patch11 -p1 -b .643134
|
||||
%patch15 -p1 -b .jss
|
||||
%patch16 -p0 -b .539183
|
||||
|
||||
|
||||
@ -515,27 +511,51 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Apr 11 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-10
|
||||
* Fri May 06 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-1
|
||||
- Update to NSS_3_12_10_RTM
|
||||
|
||||
* Wed Apr 27 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.10-0.1.beta1
|
||||
- Update to NSS_3_12_10_BETA1
|
||||
|
||||
* Mon Apr 11 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-15
|
||||
- Implement PEM logging using NSPR's own (#695011)
|
||||
- Update the expired PayPalEE test certificate to one good until April 1, 2013
|
||||
|
||||
* Wed Mar 25 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-9
|
||||
|
||||
* Wed Mar 25 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-14
|
||||
- Update to NSS_3.12.9_WITH_CKBI_1_82_RTM
|
||||
|
||||
* Wed Feb 24 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-8
|
||||
* Wed Feb 24 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-13
|
||||
- Short-term fix for ssl test suites hangs on ipv6 type connections (#539183)
|
||||
|
||||
* Fri Feb 18 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-7
|
||||
* Fri Feb 18 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-12
|
||||
- Add a missing requires for pkcs11-devel (#675196)
|
||||
|
||||
* Tue Feb 15 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-11
|
||||
- Run the test suites in the check section (#677809)
|
||||
|
||||
* Thu Feb 10 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-10
|
||||
- Fix cms headers to not use c++ reserved words (#676036)
|
||||
- Reenabling Bug 499444 patches
|
||||
- Fix to swap internal key slot on fips mode switches
|
||||
|
||||
* Tue Feb 08 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-9
|
||||
- Revert patches for 499444 until all c++ reserved words are found and extirpated
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.12.9-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Tue Feb 08 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-7
|
||||
- Fix cms header to not use c++ reserved word (#676036)
|
||||
- Reenable patches for bug 499444
|
||||
|
||||
* Tue Feb 08 2011 Christopher Aillon <caillon@redhat.com> - 3.12.9-6
|
||||
- Revert patches for 499444 as they use a C++ reserved word and
|
||||
cause compilation of Firefox to fail
|
||||
|
||||
* Fri Feb 04 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-5
|
||||
- Fix the earlier infinite recursion patch (#499444)
|
||||
- Remove a header that now nss-softokn-freebl-devel ships
|
||||
|
||||
* Thu Feb 10 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-6
|
||||
- Fix to swap internal key slot on fips mode switches, related to #633043
|
||||
|
||||
* Mon Feb 07 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-5
|
||||
- Remove a header that now nss-softokn-freebl-devel ships, related to #675196
|
||||
- Backing out earlier patch until further testing from upstream for 3.12.10
|
||||
|
||||
* Tue Feb 01 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.9-4
|
||||
- Fix infinite recursion when encoding NSS enveloped/digested data (#499444)
|
||||
|
||||
|
2
sources
2
sources
@ -1,4 +1,4 @@
|
||||
240c8d61d9c9091e486318e889bc1f2f nss-3.12.9-stripped.tar.bz2
|
||||
4f4b65c7fc3a97945aa50a64a39ef9b5 nss-3.12.10-stripped.tar.bz2
|
||||
e63cddf74c07f0d818d1052ecc6fbb1f nss-pem-20101125.tar.bz2
|
||||
a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
||||
9315689bbd9f28ceebd47894f99fccbd blank-key3.db
|
||||
|
@ -1,97 +0,0 @@
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11pars.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11pars.c.jss 2011-02-11 07:45:38.324083242 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11pars.c 2011-02-11 07:48:14.514166538 -0800
|
||||
@@ -258,6 +258,19 @@ secmod_IsInternalKeySlot(SECMODModule *m
|
||||
return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
|
||||
}
|
||||
|
||||
+void
|
||||
+secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val)
|
||||
+{
|
||||
+ char flags = (char) mod->internal;
|
||||
+
|
||||
+ if (val) {
|
||||
+ flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
|
||||
+ } else {
|
||||
+ flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT;
|
||||
+ }
|
||||
+ mod->internal = flags;
|
||||
+}
|
||||
+
|
||||
/* forward declarations */
|
||||
static int secmod_escapeSize(const char *string, char quote);
|
||||
static char *secmod_addEscape(const char *string, char quote);
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss ./mozilla/security/nss/lib/pk11wrap/pk11priv.h
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11priv.h.jss 2011-02-11 07:47:45.037226877 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11priv.h 2011-02-11 07:48:28.854164207 -0800
|
||||
@@ -115,6 +115,7 @@ void PK11_InitSlot(SECMODModule *mod,CK_
|
||||
PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
|
||||
SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
|
||||
+PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot);
|
||||
void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
|
||||
|
||||
/*********************************************************************
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11slot.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11slot.c.jss 2011-02-11 07:41:11.258746774 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11slot.c 2011-02-11 07:48:51.291595867 -0800
|
||||
@@ -1755,6 +1755,18 @@ pk11_SetInternalKeySlotIfFirst(PK11SlotI
|
||||
pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Swap out a default internal keyslot. Caller owns the Slot Reference
|
||||
+ */
|
||||
+PK11SlotInfo *
|
||||
+pk11_SwapInternalKeySlot(PK11SlotInfo *slot)
|
||||
+{
|
||||
+ PK11SlotInfo *swap = pk11InternalKeySlot;
|
||||
+
|
||||
+ pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
|
||||
+ return swap;
|
||||
+}
|
||||
+
|
||||
|
||||
/* get the internal key slot. FIPS has only one slot for both key slots and
|
||||
* default slots */
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss ./mozilla/security/nss/lib/pk11wrap/pk11util.c
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/pk11util.c.jss 2011-02-11 07:40:23.748066635 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/pk11util.c 2011-02-11 07:49:19.674611909 -0800
|
||||
@@ -483,13 +483,25 @@ SECMOD_DeleteInternalModule(const char *
|
||||
NULL, SECMOD_FIPS_FLAGS);
|
||||
}
|
||||
if (newModule) {
|
||||
+ PK11SlotInfo *slot;
|
||||
newModule->libraryParams =
|
||||
PORT_ArenaStrdup(newModule->arena,mlp->module->libraryParams);
|
||||
+ /* if an explicit internal key slot has been set, reset it */
|
||||
+ slot = pk11_SwapInternalKeySlot(NULL);
|
||||
+ if (slot) {
|
||||
+ secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
|
||||
+ }
|
||||
rv = SECMOD_AddModule(newModule);
|
||||
if (rv != SECSuccess) {
|
||||
+ /* load failed, restore the internal key slot */
|
||||
+ pk11_SetInternalKeySlot(slot);
|
||||
SECMOD_DestroyModule(newModule);
|
||||
newModule = NULL;
|
||||
}
|
||||
+ /* free the old explicit internal key slot, we now have a new one */
|
||||
+ if (slot) {
|
||||
+ PK11_FreeSlot(slot);
|
||||
+ }
|
||||
}
|
||||
if (newModule == NULL) {
|
||||
SECMODModuleList *last = NULL,*mlp2;
|
||||
diff -up ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss ./mozilla/security/nss/lib/pk11wrap/secmodi.h
|
||||
--- ./mozilla/security/nss/lib/pk11wrap/secmodi.h.jss 2011-02-11 07:39:04.685590962 -0800
|
||||
+++ ./mozilla/security/nss/lib/pk11wrap/secmodi.h 2011-02-11 07:49:28.120021571 -0800
|
||||
@@ -90,6 +90,8 @@ SECStatus secmod_LoadPKCS11Module(SECMOD
|
||||
SECStatus SECMOD_UnloadModule(SECMODModule *);
|
||||
void SECMOD_SetInternalModule(SECMODModule *);
|
||||
PRBool secmod_IsInternalKeySlot(SECMODModule *);
|
||||
+void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val);
|
||||
+
|
||||
|
||||
/* tools for checking if we are loading the same database twice */
|
||||
typedef struct SECMODConfigListStr SECMODConfigList;
|
Loading…
Reference in New Issue
Block a user