Closed Bug 419523 Opened 16 years ago Closed 16 years ago

Export Cert_NewTempCertificate.

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(4 files)

Proposed patch
10.14 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Supplemental patch
829 bytes, patch
rrelyea
: review+
Details | Diff | Splinter Review
JSS patch
962 bytes, patch
glenbeasley
: review+
Details | Diff | Splinter Review
PSM patch
730 bytes, patch
KaiE
: review+
Details | Diff | Splinter Review 
We should export Cert_NewTempCertificate from nss.def, and remove it
from nssrenam.h.

For backward compatibility, we need to continue to export the
__CERT_NewTempCertificate symbol.
Attached patch Proposed patchSplinter Review 
1. Add CERT_NewTempCertificate to the export list in nss.def.

2. Make CERT_NewTempCertificate the primary function and have
__CERT_NewTempCertificate call it, rather than the other way around.

3. Remove the renaming of CERT_NewTempCertificate from nssrenam.h.
Also remove the renaming of four other functions that are already
exported (for JSS).

3. Remove inclusions of "nssrenam.h" that are no longer needed.
Attachment #305909 - Flags: review?(rrelyea)
Comment on attachment 305909 [details] [diff] [review]
Proposed patch

r+ rrelyea
Attachment #305909 - Flags: review?(rrelyea) → review+
Comment on attachment 305909 [details] [diff] [review]
Proposed patch

I checked in the patch on the NSS trunk for NSS 3.12.
This patch finishes the job for NSS.  It makes PK11_GetKeyData
rather than __PK11_GetKeyData the primary function.
Attachment #308342 - Flags: review?(rrelyea)
Attached patch JSS patchSplinter Review 
Remove manual declarations of three PBE functions.  They are
declared in secpkcs5.h, which this JSS file already includes.
Attachment #308343 - Flags: review?(glen.beasley)
Attached patch PSM patchSplinter Review 
This PSM patch must be checked in after we update the
NSS tag in mozilla/client.mk.

CERT_NewTempCertificate is just officially exported.  So
no need to use the __CERT_NewTempCertificate symbol now.
Attachment #308346 - Flags: review?(kengert)
(In reply to comment #4)

> This patch finishes the job for NSS.  It makes PK11_GetKeyData
> rather than __PK11_GetKeyData the primary function.

Wan-Teh, what is "the job"?  
What does this change for PK11_GetKeyData have to do with the subject 
of this bug?  
Have we decided (somewhere, not recorded in this bug) that we wish to 
make PK11_GetKeyData also now be a supported public function?

By the "job", I meant not only the subject of this bug but also related problems
I found while working on the bug.

PK11_GetKeyData is already exported in nss.def.  It was exported in NSS 3.3
to make JSS work.
Assignee: nobody → wtc
Comment on attachment 308343 [details] [diff] [review]
JSS patch

agreed these manual declarations should not be duplicated in PK11KeyGenerator.c when they are declared in secpkcs5.h
Attachment #308343 - Flags: review?(glen.beasley) → review+
I'd certainly want to make sure appropriate caveats are included with PK11_GetKeyData when we export it. 

The function does not always work, and is guaranteed to fail on FIPS tokens. Users of this function should do some soul searching as to why they need it (it is not good hygene). Usually it means the application is trying to get it's hands to directly into crypto.

Wan-Teh is there actually callers (other than JSS) that use this function? It this point I would prefer to keep it private unless there is a massive need for it to be public.

bob
Comment on attachment 308342 [details] [diff] [review]
Supplemental patch

I'm going to r- pending a demonstrated need for this function.

bob
Attachment #308342 - Flags: review?(rrelyea) → review-
Comment on attachment 308346 [details] [diff] [review]
PSM patch

r=kengert
Attachment #308346 - Flags: review?(kengert) → review+
Comment on attachment 308342 [details] [diff] [review]
Supplemental patch

Bob, we already export both __PK11_GetKeyData and
PK11_GetKeyData in nss.def.  The purpose of this
patch is not to export PK11_GetKeyData.  It is to
reverse which one is defined in terms of the other.

Outside NSS, PK11_GetKeyData is only used by JSS,
without renaming:
http://lxr.mozilla.org/security/ident?i=PK11_GetKeyData
Comment on attachment 308342 [details] [diff] [review]
Supplemental patch

r+ after wtc's explanation.

bob
Attachment #308342 - Flags: review- → review+
I checked in the (NSS) supplemental patch (attachment 308342 [details] [diff] [review])
on the NSS trunk for NSS 3.12.

Checking in pk11skey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v  <--  pk11skey.c
new revision: 1.111; previous revision: 1.110
done
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: