2010-01-13 06:13:28 +00:00
|
|
|
diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
|
2010-01-25 22:10:27 +00:00
|
|
|
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 2010-01-25 08:58:42.358325102 -0800
|
|
|
|
+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-01-25 09:07:20.028324059 -0800
|
2010-01-13 06:13:28 +00:00
|
|
|
@@ -36,6 +36,7 @@
|
|
|
|
#include "seccomon.h"
|
|
|
|
#include "prio.h"
|
|
|
|
#include "prprf.h"
|
|
|
|
+#include "plhash.h"
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The following provides a default example for operating systems to set up
|
|
|
|
@@ -212,6 +213,25 @@ getFIPSMode(void)
|
|
|
|
|
|
|
|
#define NSS_DEFAULT_FLAGS "flags=readonly"
|
|
|
|
|
|
|
|
+/* configuration flags according to
|
|
|
|
+ * https://developer.mozilla.org/en/PKCS11_Module_Specs
|
|
|
|
+ * As stated there the slotParams start with a slot name which is a slotID
|
|
|
|
+ * Slots 1 through 3 are reserved for the nss internal modules as follows:
|
|
|
|
+ * 1 for crypto operations slot non-fips,
|
|
|
|
+ * 2 for the key slot, and
|
|
|
|
+ * 3 for the crypto operations slot fips
|
|
|
|
+ */
|
|
|
|
+#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
|
|
|
|
+#define SLOT_FLAGS \
|
2010-01-25 22:10:27 +00:00
|
|
|
+ "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
|
|
|
|
+ " askpw=any timeout=30 ]"
|
2010-01-13 06:13:28 +00:00
|
|
|
+
|
|
|
|
+static const char *nssDefaultFlags =
|
|
|
|
+ ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
|
|
|
|
+
|
|
|
|
+static const char *nssDefaultFIPSFlags =
|
|
|
|
+ ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
|
|
|
|
+
|
|
|
|
/*
|
|
|
|
* This function builds the list of databases and modules to load, and sets
|
|
|
|
* their configuration. For the sample we have a fixed set.
|
|
|
|
@@ -226,13 +246,6 @@ getFIPSMode(void)
|
|
|
|
* the decision making process.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
-static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
|
|
|
|
-slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
|
|
|
|
-askpw=any timeout=30 ] } ";
|
|
|
|
-static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
|
|
|
|
-slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
|
|
|
|
-askpw=any timeout=30 ] } ";
|
|
|
|
-
|
|
|
|
static char **
|
|
|
|
get_list(char *filename, char *stripped_parameters)
|
|
|
|
{
|
2010-01-25 22:10:27 +00:00
|
|
|
@@ -250,11 +263,6 @@ get_list(char *filename, char *stripped_
|
2010-01-13 06:13:28 +00:00
|
|
|
sysdb = getSystemDB();
|
|
|
|
userdb = getUserDB();
|
|
|
|
|
|
|
|
- if (sysdb && !strcmp(filename, sysdb))
|
|
|
|
- filename = NULL;
|
|
|
|
- if (userdb && !strcmp(filename, userdb))
|
|
|
|
- filename = NULL;
|
2010-01-25 22:10:27 +00:00
|
|
|
-
|
2010-01-13 06:13:28 +00:00
|
|
|
/* Don't open root's user DB */
|
|
|
|
if (userdb != NULL && !userIsRoot()) {
|
2010-01-25 22:10:27 +00:00
|
|
|
/* return a list of databases to open. First the user Database */
|
|
|
|
@@ -276,16 +284,29 @@ get_list(char *filename, char *stripped_
|
|
|
|
userdb, stripped_parameters);
|
2010-01-13 06:13:28 +00:00
|
|
|
}
|
|
|
|
|
2010-01-25 22:10:27 +00:00
|
|
|
- if (filename && !userIsRoot() && 0
|
2010-01-13 06:13:28 +00:00
|
|
|
- /* This doesn't actually work. If we register
|
|
|
|
- both this and the sysdb (in either order)
|
|
|
|
- then only one of them actually shows up */) {
|
2010-01-25 22:10:27 +00:00
|
|
|
+#if 0
|
2010-01-13 06:13:28 +00:00
|
|
|
+ /* This doesn't actually work. If we register
|
2010-01-25 22:10:27 +00:00
|
|
|
+ both this and the sysdb (in either order)
|
|
|
|
+ then only one of them actually shows up */
|
|
|
|
+
|
|
|
|
+ /* Using a NULL filename as a Boolean flag to
|
|
|
|
+ * prevent registering both an application-defined
|
|
|
|
+ * db and the system db. rhbz #546211.
|
|
|
|
+ */
|
|
|
|
+ PORT_Assert(filename);
|
|
|
|
+ if (sysdb && PL_CompareStrings(filename, sysdb))
|
|
|
|
+ filename = NULL;
|
|
|
|
+ else if (userdb && PL_CompareStrings(filename, userdb))
|
|
|
|
+ filename = NULL;
|
|
|
|
+
|
|
|
|
+ if (filename && !userIsRoot()) {
|
|
|
|
module_list[next++] = PR_smprintf(
|
2010-01-13 06:13:28 +00:00
|
|
|
"library= "
|
|
|
|
"module=\"NSS database\" "
|
|
|
|
"parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
|
2010-01-25 22:10:27 +00:00
|
|
|
"NSS=\"%sflags=internal\"",filename, filename, nssflags);
|
|
|
|
}
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
/* now the system database (always read only unless it's root) */
|
|
|
|
if (sysdb) {
|