diff -up ./nss/cmd/modutil/pk11.c.ecc-lists ./nss/cmd/modutil/pk11.c
--- ./nss/cmd/modutil/pk11.c.ecc-lists 2013-11-09 09:23:30.000000000 -0800
+++ ./nss/cmd/modutil/pk11.c 2013-12-20 10:29:01.540726233 -0800
@@ -7,12 +7,9 @@
*/
#include "modutil.h"
-/* #include "secmodti.h" */
+#include "secmodi.h"
#include "pk11func.h"
-static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
-static int pk11_DefaultArraySize = 0;
-
/*************************************************************************
*
* F i p s M o d e
@@ -110,32 +107,11 @@ ChkFipsMode(char *arg)
typedef struct {
const char *name;
- const unsigned long mask;
+ unsigned long mask;
} MaskString;
-static const MaskString mechanismStrings[] = {
- {"RSA", PUBLIC_MECH_RSA_FLAG},
- {"DSA", PUBLIC_MECH_DSA_FLAG},
- {"RC2", PUBLIC_MECH_RC2_FLAG},
- {"RC4", PUBLIC_MECH_RC4_FLAG},
- {"RC5", PUBLIC_MECH_RC5_FLAG},
- {"DES", PUBLIC_MECH_DES_FLAG},
- {"DH", PUBLIC_MECH_DH_FLAG},
- {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG},
- {"SHA1", PUBLIC_MECH_SHA1_FLAG},
- {"MD5", PUBLIC_MECH_MD5_FLAG},
- {"MD2", PUBLIC_MECH_MD2_FLAG},
- {"SSL", PUBLIC_MECH_SSL_FLAG},
- {"TLS", PUBLIC_MECH_TLS_FLAG},
- {"AES", PUBLIC_MECH_AES_FLAG},
- {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG},
- {"SHA256", PUBLIC_MECH_SHA256_FLAG},
- {"SHA512", PUBLIC_MECH_SHA512_FLAG},
- {"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
- {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG}
-};
-static const int numMechanismStrings =
- sizeof(mechanismStrings) / sizeof(mechanismStrings[0]);
+static MaskString *mechanismStrings = NULL;
+static int numMechanismStrings = 0;
static const MaskString cipherStrings[] = {
{"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
@@ -143,10 +119,83 @@ static const MaskString cipherStrings[]
static const int numCipherStrings =
sizeof(cipherStrings) / sizeof(cipherStrings[0]);
+static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
+static int pk11_DefaultArraySize = 0;
+
+
/* Maximum length of a colon-separated list of all the strings in an
* array. */
#define MAX_STRING_LIST_LEN 240 /* or less */
+/*
+** The same as SECMOD_InternaltoPubMechFlags
+** from nss/lib/pk11wrap/pk11util.c wich is a
+** private export and not visible to us
+*/
+static unsigned long
+InternaltoPubMechFlags(unsigned long internalFlags)
+{
+ unsigned long publicFlags = internalFlags;
+
+ if (internalFlags & SECMOD_RANDOM_FLAG) {
+ publicFlags &= ~SECMOD_RANDOM_FLAG;
+ publicFlags |= PUBLIC_MECH_RANDOM_FLAG;
+ }
+ return publicFlags;
+}
+
+
+Error
+loadMechanismList(void)
+{
+ int i;
+
+ if (pk11_DefaultArray == NULL) {
+ pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
+ if (pk11_DefaultArray == NULL) {
+ /* should assert. This shouldn't happen */
+ return UNSPECIFIED_ERR;
+ }
+ }
+ if (mechanismStrings != NULL) {
+ PR_Free(mechanismStrings);
+ }
+
+ /* build the mechanismStrings array */
+ mechanismStrings = PR_Malloc( pk11_DefaultArraySize*sizeof(MaskString) );
+ if (mechanismStrings == NULL) {
+ return OUT_OF_MEM_ERR;
+ }
+ numMechanismStrings = pk11_DefaultArraySize;
+ for (i = 0; i < numMechanismStrings; i++) {
+ char *name = pk11_DefaultArray[i].name;
+ unsigned long flag = pk11_DefaultArray[i].flag;
+ /* map new name to old */
+ switch (flag) {
+ case SECMOD_FORTEZZA_FLAG:
+ name = "FORTEZZA";
+ break;
+ case SECMOD_SHA1_FLAG:
+ name = "SHA1";
+ break;
+ case SECMOD_CAMELLIA_FLAG:
+ name = "CAMELLIA";
+ break;
+ case SECMOD_RANDOM_FLAG:
+ name = "RANDOM";
+ break;
+ case SECMOD_FRIENDLY_FLAG:
+ name = "FRIENDLY";
+ break;
+ default:
+ break;
+ }
+ mechanismStrings[i].name = name;
+ mechanismStrings[i].mask = InternaltoPubMechFlags(flag);
+ }
+ return SUCCESS;
+}
+
/************************************************************************
*
* g e t F l a g s F r o m S t r i n g
@@ -244,6 +293,12 @@ AddModule(char *moduleName, char *libFil
unsigned long ciphers;
unsigned long mechanisms;
SECStatus status;
+ Error rv;
+
+ rv = loadMechanismList();
+ if (rv != SUCCESS) {
+ return rv;
+ }
mechanisms =
getFlagsFromString(mechanismString, mechanismStrings,
@@ -493,6 +548,11 @@ ListModule(char *moduleName)
return SUCCESS;
}
+ rv = loadMechanismList();
+ if (rv != SUCCESS) {
+ return rv;
+ }
+
module = SECMOD_FindModule(moduleName);
if(!module) {
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
@@ -811,19 +871,18 @@ SetDefaultModule(char *moduleName, char
SECMODModule *module = NULL;
PK11SlotInfo *slot;
int s, i;
- unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
- numMechanismStrings);
+ unsigned long mechFlags;
PRBool found = PR_FALSE;
- Error errcode = UNSPECIFIED_ERR;
+ Error errcode;
- if (pk11_DefaultArray == NULL) {
- pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
- if (pk11_DefaultArray == NULL) {
- /* should assert. This shouldn't happen */
- goto loser;
- }
+ errcode = loadMechanismList();
+ if (errcode != SUCCESS) {
+ return errcode;
}
+ errcode = UNSPECIFIED_ERR;
+ mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
+ numMechanismStrings);
mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
module = SECMOD_FindModule(moduleName);
@@ -889,20 +948,17 @@ UnsetDefaultModule(char *moduleName, cha
SECMODModule * module = NULL;
PK11SlotInfo *slot;
int s, i;
- unsigned long mechFlags = getFlagsFromString(mechanisms,
- mechanismStrings, numMechanismStrings);
+ unsigned long mechFlags;
PRBool found = PR_FALSE;
Error rv;
- if (pk11_DefaultArray == NULL) {
- pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
- if (pk11_DefaultArray == NULL) {
- /* should assert. This shouldn't happen */
- rv = UNSPECIFIED_ERR;
- goto loser;
- }
+ rv = loadMechanismList();
+ if (rv != SUCCESS) {
+ return rv;
}
+ mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
+ numMechanismStrings);
mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
module = SECMOD_FindModule(moduleName);
diff -up ./nss/lib/pk11wrap/pk11slot.c.ecc-lists ./nss/lib/pk11wrap/pk11slot.c
--- ./nss/lib/pk11wrap/pk11slot.c.ecc-lists 2013-11-09 09:23:30.000000000 -0800
+++ ./nss/lib/pk11wrap/pk11slot.c 2013-12-20 10:29:55.756109883 -0800
@@ -32,6 +32,7 @@
PK11DefaultArrayEntry PK11_DefaultArray[] = {
{ "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
{ "DSA", SECMOD_DSA_FLAG, CKM_DSA },
+ { "ECC", SECMOD_ECC_FLAG, CKM_ECDSA },
{ "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
{ "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
diff -up ./nss/lib/pk11wrap/secmod.h.ecc-lists ./nss/lib/pk11wrap/secmod.h
--- ./nss/lib/pk11wrap/secmod.h.ecc-lists 2013-11-09 09:23:30.000000000 -0800
+++ ./nss/lib/pk11wrap/secmod.h 2013-12-20 10:26:20.881585723 -0800
@@ -28,6 +28,7 @@
#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul
#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul
#define PUBLIC_MECH_SEED_FLAG 0x00020000ul
+#define PUBLIC_MECH_ECC_FLAG 0x00040000ul
#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul