User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Build Identifier: modutil doesn't support configuring AES as a default mechanism. ie. modutil -dbdir foodir -add foo.dll -mechanisms AES Reproducible: Always Path: g2news1.google.com!news1.google.com!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail NNTP-Posting-Date: Thu, 09 Feb 2006 14:33:29 -0600 Date: Thu, 09 Feb 2006 12:33:30 -0800 From: Nelson B <NOnelsonS...@NObolyardSPAM.com> Organization: Spam haters R US User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050521 MIME-Version: 1.0 Newsgroups: mozilla.dev.tech.crypto Subject: Re: pkcs11 default provider References: <firstname.lastname@example.org> In-Reply-To: <email@example.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-ID: <-LWdneD0qpqEOnbenZ2dnUVZ_tadnZ2d@mozilla.org> Lines: 27 NNTP-Posting-Host: 184.108.40.206 X-Trace: sv3-MQArLe44vEQc3qspnkP7bMIMSaTLU9ACWW5MPxCLyNYJDcEDoZrRsZOvlBS2w9jLfhqwqff/AfpVNSe!SC3SYjtqDnkuTK6aEDbCeO0UWF1I49aCK1pjhcsRIwmXEuNxCOyEYaDZJa2EtQIndq5ny/ILgTNI!cMmSD2EYWHk= X-Complaints-To: firstname.lastname@example.org X-DMCA-Complaints-To: a...@mozilla.org X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.32 robert dugal wrote: > I want to configure Firefox 1.5 to use my own PKCS11 provider as the > default for all algorithms supported by my provider. I cannot appear to > do this from the "Device Manager" dialog as that dialog has no way to > set specify which algorithms should default to my library. The NSS > utility modutil has the ability to install the p11 provider and > configure which algorithms are default. Unfortunately modutil is not > distributed with Firefox. When I got the v1.5 source tarball modutil > source is there but I cannot get it to build. I tried several different > binary releases NSS (3.9, 3.10,3.11) but in all cases modutil only > allows specifying some algorithms as the default mechanisms. AES is not > one of these so the internal NSS provider always ends up being the default. You found a bug! AES wasn't added to modutil when it was added to everything else in NSS. Please file a bug about this in bugzilla.mozilla.org, product NSS, component tools. And CC me in the bug report. (Remove NO and SPAM from my email address to get the real one) <snipped> -- Nelson B
Assignee: wtchang → nelson
OS: Windows XP → All
Hardware: PC → All
Summary: modutil doesn't support AES as a mechanism → modutil doesn't support AES, SHA256 or SHA512 as mechanisms
Target Milestone: --- → 3.11
Created attachment 211471 [details] [diff] [review] patch v1 I found that the table of PUBLIC_MECH_XXX_FLAG values in secmod.h parallels the table of private SECMOD_XXX_FLAG values in secmodt.h. There is a 1-to-1 correspondence of names with equal values. I found that AES, SHA256 and SHA512 had been added to secmodt.h, but not to scemod.h. This patch fixes that, and uses the new PUBLIC values in modutil. Robert, Please try this patch and see if it solves the problem.
Attachment #211471 - Flags: review?(rrelyea)
Status: NEW → ASSIGNED
Target Milestone: 3.11 → 3.11.1
Version: unspecified → 3.11
Robert, Are you willing to test this patch for me?
Priority: -- → P3
Comment on attachment 211471 [details] [diff] [review] patch v1 Robert Dugal wrote: >I tested your patch and it works. > >thanks >rob Thanks, Robert.
Comment on attachment 211471 [details] [diff] [review] patch v1 The patch looks fine. However, I can't help but wonder why we have two copies of the same flag values - one in secmod.h, the other in secmodt.h . One should really be a #define to the other, instead of duplicating the values. This is a pre-existing problem and independent of the AES/SHA256/SHA512 issue.
Attachment #211471 - Flags: review?(julien.pierre.bugs) → review+
I belive there was some renumbering that happened sometime in the past. There's a function that maps the public numbers to the private numbers. The only number that appears to be different is the RANDOM flag. bob
Checkin comment: Bug 326690. Enable modutil to configure default slots for the AES, SHA256 or SHA512 mechanisms. r=rrelyea,julien.pierre On trunk: Checking in lib/pk11wrap/secmod.h; new revision: 1.22; previous revision: 1.21 Checking in cmd/modutil/modutil.c; new revision: 1.25; previous revision: 1.24 Checking in cmd/modutil/pk11.c; new revision: 1.22; previous revision: 1.21 On NSS_3_11_BRANCH: lib/pk11wrap/secmod.h; new revision: 220.127.116.11; previous revision: 1.21 cmd/modutil/modutil.c; new revision: 18.104.22.168; previous revision: 1.24 cmd/modutil/pk11.c; new revision: 22.214.171.124; previous revision: 1.21
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.