• Robert Relyea's avatar
    Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye · ba931199
    Robert Relyea authored
    https://phabricator.services.mozilla.com/D63241
    
    This patch implements the first phase: updating the headers.
    
    lib/util/pkcs11.h
    lib/util/pkcs11f.h
    lib/util/pkcs11t.h
    
    Were updated using the released OASIS PKCS #11 v3.0 header files.
    lib/util/pkcs11n.h was updated to finally deprecate all uses of CK?_NETSCAPE_?.
    
    A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the small
    semantic changes (including the removal of deprecated defines) between the
    NSS PKCS #11 v2 header file and the new PKCS #11 v3 are reverted in favor of
    the PKCS #11 v2 definitions. This include the removal of CK?_NETSCAPE_? in
    favor of CK?_NSS_?.
    
    One notable change was caused by an inconsistancy between the spec and the
    released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an extra field in
    the header that was not in the spec. OASIS considers the header file to be
    normative, so PKCS #11 v3.0 resolved the issue in favor of the header file
    definition. NSS had the spec definition, so now there are 2 defines for this
    structure:
    
    CK_NSS_GCM_PARAMS - the old nss define. Still used internally in freebl.
    CK_GCM_PARAMS_V3 - the new define.
    CK_GCM_PARAMS - no longer referenced in NSS itself. It's defined as
    CK_GCM_PARAMS_V3 if NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
    CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.
    
    Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
    CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
    CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.
    
    One other semantic difference between the 3.0 version of pkcs11f.h and the
    version here: In the oasis version of the header, you must define
    CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In our version you
    must define CK_PKCS11_3 to get the PCKS #11 v3 defines.
    
    Most of this patch is to handle changing the deprecated defines that have been
    removed in PCKS #11 v3 from NSS.
    
    Differential Revision: https://phabricator.services.mozilla.com/D63241
    ba931199
Name
Last commit
Last update
..
enctool.cc Loading commit data...
enctool.h Loading commit data...