modutil doesn't support AES, SHA256 or SHA512 as mechanisms



13 years ago
13 years ago


(Reporter: rmdugal, Assigned: nelson)



Firefox Tracking Flags

(Not tracked)



(1 attachment)



13 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Build Identifier: 

modutil doesn't support configuring AES as a default mechanism.
ie. modutil -dbdir foodir -add foo.dll -mechanisms AES

Reproducible: Always

NNTP-Posting-Date: Thu, 09 Feb 2006 14:33:29 -0600
Date: Thu, 09 Feb 2006 12:33:30 -0800
From: Nelson B <>
Organization: Spam haters R US
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050521
MIME-Version: 1.0
Subject: Re: pkcs11 default provider
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Message-ID: <>
Lines: 27
X-Trace: sv3-MQArLe44vEQc3qspnkP7bMIMSaTLU9ACWW5MPxCLyNYJDcEDoZrRsZOvlBS2w9jLfhqwqff/AfpVNSe!SC3SYjtqDnkuTK6aEDbCeO0UWF1I49aCK1pjhcsRIwmXEuNxCOyEYaDZJa2EtQIndq5ny/ILgTNI!cMmSD2EYWHk=
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.32

robert dugal wrote:
> I want to configure Firefox 1.5 to use my own PKCS11 provider as the
> default for all algorithms supported by my provider.  I cannot appear to
> do this from the "Device Manager" dialog as that dialog has no way to
> set specify which algorithms should default to my library. The NSS
> utility modutil has the ability to install the p11 provider and
> configure which algorithms are default. Unfortunately modutil is not
> distributed with Firefox. When I got the v1.5 source tarball modutil
> source is there but I cannot get it to build. I tried several different
> binary releases NSS (3.9, 3.10,3.11) but in all cases modutil only
> allows specifying some algorithms as the default mechanisms. AES is not
> one of these so the internal NSS provider always ends up being the default.

You found a bug!  AES wasn't added to modutil when it was added to
everything else in NSS.  Please file a bug about this in, product NSS, component tools.  And CC me in the
bug report.  (Remove NO and SPAM from my email  address to get the real one)
Nelson B


13 years ago
Ever confirmed: true

Comment 1

13 years ago
Taking bug
Assignee: wtchang → nelson
OS: Windows XP → All
Hardware: PC → All
Summary: modutil doesn't support AES as a mechanism → modutil doesn't support AES, SHA256 or SHA512 as mechanisms
Target Milestone: --- → 3.11

Comment 2

13 years ago
Created attachment 211471 [details] [diff] [review]
patch v1

I found that the table of PUBLIC_MECH_XXX_FLAG values in secmod.h 
parallels the table of private SECMOD_XXX_FLAG values in secmodt.h.
There is a 1-to-1 correspondence of names with equal values. 
I found that AES, SHA256 and SHA512 had been added to secmodt.h, 
but not to scemod.h.  

This patch fixes that, and uses the new PUBLIC values in modutil.

Robert, Please try this patch and see if it solves the problem.
Attachment #211471 - Flags: review?(rrelyea)


13 years ago
Target Milestone: 3.11 → 3.11.1
Version: unspecified → 3.11

Comment 3

13 years ago
Robert, Are you willing to test this patch for me? 
Priority: -- → P3

Comment 4

13 years ago
Comment on attachment 211471 [details] [diff] [review]
patch v1

Robert Dugal wrote:

>I tested your patch and it works.

Thanks, Robert.
Attachment #211471 - Attachment description: untested patch v1 → patch v1
Attachment #211471 - Flags: review?(julien.pierre.bugs)

Comment 5

13 years ago
Comment on attachment 211471 [details] [diff] [review]
patch v1

The patch looks fine. However, I can't help but wonder why we have two copies of the same flag values - one in secmod.h, the other in secmodt.h . One should really be a #define to the other, instead of duplicating the values. This is a pre-existing problem and independent of the AES/SHA256/SHA512 issue.
Attachment #211471 - Flags: review?(julien.pierre.bugs) → review+


13 years ago
Attachment #211471 - Flags: review?(rrelyea) → review+

Comment 6

13 years ago
I belive there was some renumbering that happened sometime in the past. There's a function that maps the public numbers to the private numbers.

The only number that appears to be different is the RANDOM flag.


Comment 7

13 years ago
Checkin comment:

Bug 326690. Enable modutil to configure default slots for the 
AES, SHA256 or SHA512 mechanisms.  r=rrelyea,julien.pierre

On trunk:
Checking in lib/pk11wrap/secmod.h; new revision: 1.22; previous revision: 1.21
Checking in cmd/modutil/modutil.c; new revision: 1.25; previous revision: 1.24
Checking in cmd/modutil/pk11.c;    new revision: 1.22; previous revision: 1.21

lib/pk11wrap/secmod.h; new revision:; previous revision: 1.21
cmd/modutil/modutil.c; new revision:;  previous revision: 1.24
cmd/modutil/pk11.c;    new revision:; previous revision: 1.21
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.