This allows reading the "config=" value from the pkcs11.txt.
---
lib/nss/nss.def | 1 +
lib/pk11wrap/pk11pars.c | 23 ++++++++++++++++++++---
lib/pk11wrap/secmod.h | 3 +++
lib/util/nssutil.def | 6 ++++++
lib/util/utilpars.c | 49 +++++++++++++++++++++++++++++++++++++++++++++----
lib/util/utilpars.h | 4 ++++
6 files changed, 79 insertions(+), 7 deletions(-)
diff --git a/lib/nss/nss.def b/lib/nss/nss.def
index 70eee9d..3e6b12c 100644
--- a/lib/nss/nss.def
+++ b/lib/nss/nss.def
@@ -1057,6 +1057,7 @@ SECMOD_InternaltoPubMechFlags;
;+ global:
NSS_OptionGet;
NSS_OptionSet;
+SECMOD_CreateModuleEx;
;+ local:
;+ *;
;+};
diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c
index 314062b..40ac790 100644
--- a/lib/pk11wrap/pk11pars.c
+++ b/lib/pk11wrap/pk11pars.c
@@ -134,6 +134,17 @@ SECMODModule *
SECMOD_CreateModule(const char *library, const char *moduleName,
const char *parameters, const char *nss)
{
+ return SECMOD_CreateModuleEx(library, moduleName, parameters, nss, NULL);
+}
+
+/*
+ * for 3.4 we continue to use the old SECMODModule structure
+ */
+SECMODModule *
+SECMOD_CreateModuleEx(const char *library, const char *moduleName,
+ const char *parameters, const char *nss,
+ const char *config)
+{
SECMODModule *mod = secmod_NewModule();
char *slotParams,*ciphers;
/* pk11pars.h still does not have const char * interfaces */
@@ -148,6 +159,9 @@ SECMOD_CreateModule(const char *library, const char
*moduleName,
if (parameters) {
mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters);
}
+ if (config) {
+ /* XXX: Apply configuration */
+ }
mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc);
mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc);
mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc);
@@ -977,6 +991,7 @@ SECMODModule *
SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
{
char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL;
+ char *config = NULL;
SECStatus status;
SECMODModule *module = NULL;
SECMODModule *oldModule = NULL;
@@ -985,17 +1000,19 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent,
PRBool recurse)
/* initialize the underlying module structures */
SECMOD_Init();
- status = NSSUTIL_ArgParseModuleSpec(modulespec, &library, &moduleName,
- ¶meters, &nss);
+ status = NSSUTIL_ArgParseModuleSpecEx(modulespec, &library, &moduleName,
+ ¶meters, &nss,
+ &config);
if (status != SECSuccess) {
goto loser;
}
- module = SECMOD_CreateModule(library, moduleName, parameters, nss);
+ module = SECMOD_CreateModuleEx(library, moduleName, parameters, nss,
config);
if (library) PORT_Free(library);
if (moduleName) PORT_Free(moduleName);
if (parameters) PORT_Free(parameters);
if (nss) PORT_Free(nss);
+ if (config) PORT_Free(config);
if (!module) {
goto loser;
}
diff --git a/lib/pk11wrap/secmod.h b/lib/pk11wrap/secmod.h
index 9cc4cfb..c194d9a 100644
--- a/lib/pk11wrap/secmod.h
+++ b/lib/pk11wrap/secmod.h
@@ -64,6 +64,9 @@ SECStatus SECMOD_UnloadUserModule(SECMODModule *mod);
SECMODModule * SECMOD_CreateModule(const char *lib, const char *name,
const char *param, const char *nss);
+SECMODModule * SECMOD_CreateModuleEx(const char *lib, const char *name,
+ const char *param, const char *nss,
+ const char *config);
/*
* After a fork(), PKCS #11 says we need to call C_Initialize again in
* the child before we can use the module. This function causes this
diff --git a/lib/util/nssutil.def b/lib/util/nssutil.def
index 86a0ad7..4679793 100644
--- a/lib/util/nssutil.def
+++ b/lib/util/nssutil.def
@@ -271,3 +271,9 @@ SECITEM_ZfreeArray;
;+ local:
;+ *;
;+};
+;+NSSUTIL_3.16 { # NSS Utilities 3.16 release
+;+ global:
+NSSUTIL_ArgParseModuleSpecEx;
+;+ local:
+;+ *;
+;+};
diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c
index d2cd3e0..278f9c4 100644
--- a/lib/util/utilpars.c
+++ b/lib/util/utilpars.c
@@ -767,6 +767,31 @@ NSSUTIL_MkSlotString(unsigned long slotID, unsigned long
defaultFlags,
* and NSS specifi parameters.
*/
SECStatus
+NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod,
+ char **parameters, char **nss,
+ char **config)
+{
+ int next;
+ modulespec = NSSUTIL_ArgStrip(modulespec);
+
+ *lib = *mod = *parameters = *nss = *config = 0;
+
+ while (*modulespec) {
+ NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;)
+ NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;)
+ NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;)
+ NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;)
+ NSSUTIL_HANDLE_STRING_ARG(modulespec,*config,"config=",;)
+ NSSUTIL_HANDLE_FINAL_ARG(modulespec)
+ }
+ return SECSuccess;
+}
+
+/************************************************************************
+ * Parse Full module specs into: library, commonName, module parameters,
+ * and NSS specifi parameters.
+ */
+SECStatus
NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod,
char **parameters, char **nss)
{
@@ -788,11 +813,12 @@ NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib,
char **mod,
/************************************************************************
* make a new module spec from it's components */
char *
-NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters,
- char *NSS)
+NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters,
+ char *NSS,
+ char *config)
{
char *moduleSpec;
- char *lib,*name,*param,*nss;
+ char *lib,*name,*param,*nss,*conf;
/*
* now the final spec
@@ -801,7 +827,13 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char
*parameters,
name = nssutil_formatPair("name",commonName,'\"');
param = nssutil_formatPair("parameters",parameters,'\"');
nss = nssutil_formatPair("NSS",NSS,'\"');
- moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
+ if (config) {
+ conf = nssutil_formatPair("config",config,'\"');
+ moduleSpec = PR_smprintf("%s %s %s %s %s", lib,name,param,nss,conf);
+ nssutil_freePair(conf);
+ } else {
+ moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
+ }
nssutil_freePair(lib);
nssutil_freePair(name);
nssutil_freePair(param);
@@ -809,6 +841,15 @@ NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char
*parameters,
return (moduleSpec);
}
+/************************************************************************
+ * make a new module spec from it's components */
+char *
+NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters,
+ char *NSS)
+{
+ return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL);
+}
+
#define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA"
/******************************************************************************
diff --git a/lib/util/utilpars.h b/lib/util/utilpars.h
index e01ba14..7562bb6 100644
--- a/lib/util/utilpars.h
+++ b/lib/util/utilpars.h
@@ -39,8 +39,12 @@ char * NSSUTIL_MkSlotString(unsigned long slotID, unsigned
long defaultFlags,
PRBool hasRootCerts, PRBool hasRootTrust);
SECStatus NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod,
char **parameters, char **nss);
+SECStatus NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char
**mod,
+ char **parameters, char **nss, char
**config);
char *NSSUTIL_MkModuleSpec(char *dllName, char *commonName,
char *parameters, char *NSS);
+char *NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName,
+ char *parameters, char *NSS, char *config);
void NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,char *cipherList);
char * NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly,
--
1.9.0
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
