80 lines
3.3 KiB
Diff
80 lines
3.3 KiB
Diff
|
# HG changeset patch
|
||
|
# User David Woodhouse <David.Woodhouse@intel.com>
|
||
|
# Date 1529655250 -7200
|
||
|
# Fri Jun 22 10:14:10 2018 +0200
|
||
|
# Node ID d99e54ca9b6df33025ee9a196b8b942428bbff91
|
||
|
# Parent 1a13c19d7fab53fd62786e05d6546a4abf66e48d
|
||
|
Bug 1296263 - Fix loading of PKCS#11 modules from system policy file, r=rrelyea
|
||
|
|
||
|
We currently load the policy file after calling
|
||
|
STAN_LoadDefaultNSS3TrustDomain(), which causes problems because any
|
||
|
tokens in the newly-added modules don't get initialised.
|
||
|
|
||
|
Move it up by a few lines and fix up the indentation while we're at it.
|
||
|
|
||
|
diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
|
||
|
--- a/lib/nss/nssinit.c
|
||
|
+++ b/lib/nss/nssinit.c
|
||
|
@@ -702,6 +702,30 @@ nss_Init(const char *configdir, const ch
|
||
|
if (SECOID_Init() != SECSuccess) {
|
||
|
goto loser;
|
||
|
}
|
||
|
+#ifdef POLICY_FILE
|
||
|
+ /* Load the system crypto policy file if it exists,
|
||
|
+ * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
||
|
+ * variable has been set to 1. */
|
||
|
+ ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
||
|
+ if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
||
|
+ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
||
|
+ SECMODModule *module = SECMOD_LoadModule(
|
||
|
+ "name=\"Policy File\" "
|
||
|
+ "parameters=\"configdir='sql:" POLICY_PATH "' "
|
||
|
+ "secmod='" POLICY_FILE "' "
|
||
|
+ "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
||
|
+ "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
||
|
+ parent, PR_TRUE);
|
||
|
+ if (module) {
|
||
|
+ PRBool isLoaded = module->loaded;
|
||
|
+ SECMOD_DestroyModule(module);
|
||
|
+ if (!isLoaded) {
|
||
|
+ goto loser;
|
||
|
+ }
|
||
|
+ }
|
||
|
+ }
|
||
|
+ }
|
||
|
+#endif
|
||
|
if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) {
|
||
|
goto loser;
|
||
|
}
|
||
|
@@ -730,30 +754,6 @@ nss_Init(const char *configdir, const ch
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
-#ifdef POLICY_FILE
|
||
|
- /* Load the system crypto policy file if it exists,
|
||
|
- * unless the NSS_IGNORE_SYSTEM_POLICY environment
|
||
|
- * variable has been set to 1. */
|
||
|
- ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
|
||
|
- if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
|
||
|
- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
||
|
- SECMODModule *module = SECMOD_LoadModule(
|
||
|
- "name=\"Policy File\" "
|
||
|
- "parameters=\"configdir='sql:" POLICY_PATH "' "
|
||
|
- "secmod='" POLICY_FILE "' "
|
||
|
- "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
||
|
- "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
||
|
- parent, PR_TRUE);
|
||
|
- if (module) {
|
||
|
- PRBool isLoaded = module->loaded;
|
||
|
- SECMOD_DestroyModule(module);
|
||
|
- if (!isLoaded) {
|
||
|
- goto loser;
|
||
|
- }
|
||
|
- }
|
||
|
- }
|
||
|
- }
|
||
|
-#endif
|
||
|
pk11sdr_Init();
|
||
|
cert_CreateSubjectKeyIDHashTable();
|
||
|
|