Add code to 1) accept either type of encoding on input (both NSS and softoken).
2) output the correct encoding unless the environment variable NSS_USE_DECODED_CKA_EC_POINT is set.
r= nelson
git-svn-id: svn://10.0.0.236/trunk@256778 18797224-902f-48f8-a5cc-f745e15eee43
The problem only happens if we try to import a key into a token which then fails
to import. The basic issue was a hack in the pkcs 7 code to support PKCS 12, A
special structure was used to replace the SymKey structure, and the code 'knew'
the special structure existed before it dealt with the symkey. The fix addes a
new capability to symkeys, where applications can attach application specific
data to the key structure. PKCS 12 uses this to attache the PBE information
for CMS. (part 1 of 3)
This patch also improves the key's reuse of sessions, so sessions are not thrashed
when SSL is used with them.
r=wtc
git-svn-id: svn://10.0.0.236/trunk@181498 18797224-902f-48f8-a5cc-f745e15eee43
attribute with no exceptions. renamed PK11_ATTR_READONLY as
PK11_ATTR_UNMODIFIABLE. In pk11_OpFlagsToAttributes, backed out a change
I made before. Made pk11_AttrFlagsToAttributes table-driven. In
pk11_loadPrivKeyWithFlags, fixed the bug (always loading the public key as
a token object). Other code cleanups. r=relyea,nelsonb.
Modified files: pk11akey.c pk11obj.c pk11pub.h pk11skey.c secmodt.h
git-svn-id: svn://10.0.0.236/trunk@179808 18797224-902f-48f8-a5cc-f745e15eee43
Modified PK11_TokenKeyGenWithFlags to take a PK11AttrFlags parameter.
PK11AttrFlags controls the values of commonly used PKCS #11 object
attributes that have Boolean values. r=relyea,nelsonb.
Modified Files:
nss/nss.def pk11wrap/pk11akey.c pk11wrap/pk11obj.c
pk11wrap/pk11pub.h pk11wrap/pk11skey.c pk11wrap/secmodi.h
pk11wrap/secmodt.h
git-svn-id: svn://10.0.0.236/trunk@179557 18797224-902f-48f8-a5cc-f745e15eee43
"legacy free" and move the code that set the CKF_ENCRYPT flag by default
and the Fortezza hack code to PK11_TokenKeyGen. r=relyea.
git-svn-id: svn://10.0.0.236/trunk@176419 18797224-902f-48f8-a5cc-f745e15eee43
PORT_ZAlloc. PK11_CreateSymKey should set the data.type member. r=jpierre
git-svn-id: svn://10.0.0.236/trunk@170790 18797224-902f-48f8-a5cc-f745e15eee43
bug 246130. The new factor is:
pk11akey.c - asymetric keys constructed from pk11cert.c and pk11skey.c
pk11auth.c - authentication/password management factored from pk11slot.c
pk11cert.c - cert code with private key, crls and trust factored out.
pk11ctx.c -- pkcs11 context code, factored out of pk11skey.c
new pk11func.h -- for backward compatibility.
pk11mech.c - mechanism mapping code, factored mostly from pk11slot.c
pk11nobj.c - netscape objects (crls and trust), factored mostly from pk11cert.c
pk11obj.c - generic object support, factored from pk11skey.c pk11slot.c and
pk11cert.c
pk11priv.h -- private functions factored from pk11func.h
pk11pub.h -- public functions factored from pk11func.h
pk11skey.c - now only symetric key ops; private, public key ops, generic ops
and crypto contexs have been factored out.
pk11slot.c - still slot operations. Authentication, generic object ops,
mechanism mapping has been factored out.
This patch should only have refactoring, no new functions or other changes.
git-svn-id: svn://10.0.0.236/trunk@159504 18797224-902f-48f8-a5cc-f745e15eee43
Add support for unprotected private keys without requiring authentication.
Add support to access application specific PKCS #11 objects through NSS.
git-svn-id: svn://10.0.0.236/trunk@158274 18797224-902f-48f8-a5cc-f745e15eee43
this function from the nss3 shared library.
Modified Files: seckey.c pk11skey.c nss.def
git-svn-id: svn://10.0.0.236/trunk@150647 18797224-902f-48f8-a5cc-f745e15eee43
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
git-svn-id: svn://10.0.0.236/trunk@148060 18797224-902f-48f8-a5cc-f745e15eee43
SECKEYEncryptedPrivateKeyInfo except that it identifies the private
key by a private key pointer, rather than by a certificate. Bug 207033.
git-svn-id: svn://10.0.0.236/trunk@147656 18797224-902f-48f8-a5cc-f745e15eee43
The fix restores some old code that was removed as part of our
performance work (Bugzilla bug 145322). Thus, there may be a
slight performance hit, but obviously, we need to have correct
code first.
This is a part of the code I really don't like. To summarize,
there was a hack put in a long time ago to make sure that the
PKCS#11 session in which the SSL keys are generated was never
closed until the last key was deleted. This only worked by chance,
and if any part of the code was changed (as was the case here), this
unstable equilibrium would be lost. As with all hacks, it wasn't
really documented, so the problem escaped our notice. As a result of
putting the hack back in, we're going back to the horribly wasteful
operation of opening 4 sessions and immediately closing them. I intend
to have a proper solution in a later release.
git-svn-id: svn://10.0.0.236/trunk@145927 18797224-902f-48f8-a5cc-f745e15eee43
