Export Cert_NewTempCertificate.

RESOLVED FIXED in 3.12

Status

NSS
Libraries
--
enhancement
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Wan-Teh Chang, Assigned: Wan-Teh Chang)

Tracking

unspecified
3.12

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(4 attachments)

(Assignee)

Description

9 years ago
We should export Cert_NewTempCertificate from nss.def, and remove it
from nssrenam.h.

For backward compatibility, we need to continue to export the
__CERT_NewTempCertificate symbol.
(Assignee)

Comment 1

9 years ago
Created attachment 305909 [details] [diff] [review]
Proposed patch

1. Add CERT_NewTempCertificate to the export list in nss.def.

2. Make CERT_NewTempCertificate the primary function and have
__CERT_NewTempCertificate call it, rather than the other way around.

3. Remove the renaming of CERT_NewTempCertificate from nssrenam.h.
Also remove the renaming of four other functions that are already
exported (for JSS).

3. Remove inclusions of "nssrenam.h" that are no longer needed.
Attachment #305909 - Flags: review?(rrelyea)

Comment 2

9 years ago
Comment on attachment 305909 [details] [diff] [review]
Proposed patch

r+ rrelyea
Attachment #305909 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 3

9 years ago
Comment on attachment 305909 [details] [diff] [review]
Proposed patch

I checked in the patch on the NSS trunk for NSS 3.12.
(Assignee)

Comment 4

9 years ago
Created attachment 308342 [details] [diff] [review]
Supplemental patch

This patch finishes the job for NSS.  It makes PK11_GetKeyData
rather than __PK11_GetKeyData the primary function.
Attachment #308342 - Flags: review?(rrelyea)
(Assignee)

Comment 5

9 years ago
Created attachment 308343 [details] [diff] [review]
JSS patch

Remove manual declarations of three PBE functions.  They are
declared in secpkcs5.h, which this JSS file already includes.
Attachment #308343 - Flags: review?(glen.beasley)
(Assignee)

Comment 6

9 years ago
Created attachment 308346 [details] [diff] [review]
PSM patch

This PSM patch must be checked in after we update the
NSS tag in mozilla/client.mk.

CERT_NewTempCertificate is just officially exported.  So
no need to use the __CERT_NewTempCertificate symbol now.
Attachment #308346 - Flags: review?(kengert)
(In reply to comment #4)

> This patch finishes the job for NSS.  It makes PK11_GetKeyData
> rather than __PK11_GetKeyData the primary function.

Wan-Teh, what is "the job"?  
What does this change for PK11_GetKeyData have to do with the subject 
of this bug?  
Have we decided (somewhere, not recorded in this bug) that we wish to 
make PK11_GetKeyData also now be a supported public function?
(Assignee)

Comment 8

9 years ago
By the "job", I meant not only the subject of this bug but also related problems
I found while working on the bug.

PK11_GetKeyData is already exported in nss.def.  It was exported in NSS 3.3
to make JSS work.
Assignee: nobody → wtc

Comment 9

9 years ago
Comment on attachment 308343 [details] [diff] [review]
JSS patch

agreed these manual declarations should not be duplicated in PK11KeyGenerator.c when they are declared in secpkcs5.h
Attachment #308343 - Flags: review?(glen.beasley) → review+

Comment 10

9 years ago
I'd certainly want to make sure appropriate caveats are included with PK11_GetKeyData when we export it. 

The function does not always work, and is guaranteed to fail on FIPS tokens. Users of this function should do some soul searching as to why they need it (it is not good hygene). Usually it means the application is trying to get it's hands to directly into crypto.

Wan-Teh is there actually callers (other than JSS) that use this function? It this point I would prefer to keep it private unless there is a massive need for it to be public.

bob

Comment 11

9 years ago
Comment on attachment 308342 [details] [diff] [review]
Supplemental patch

I'm going to r- pending a demonstrated need for this function.

bob
Attachment #308342 - Flags: review?(rrelyea) → review-

Comment 12

9 years ago
Comment on attachment 308346 [details] [diff] [review]
PSM patch

r=kengert
Attachment #308346 - Flags: review?(kengert) → review+
(Assignee)

Comment 13

9 years ago
Comment on attachment 308342 [details] [diff] [review]
Supplemental patch

Bob, we already export both __PK11_GetKeyData and
PK11_GetKeyData in nss.def.  The purpose of this
patch is not to export PK11_GetKeyData.  It is to
reverse which one is defined in terms of the other.

Outside NSS, PK11_GetKeyData is only used by JSS,
without renaming:
http://lxr.mozilla.org/security/ident?i=PK11_GetKeyData

Comment 14

9 years ago
Comment on attachment 308342 [details] [diff] [review]
Supplemental patch

r+ after wtc's explanation.

bob
Attachment #308342 - Flags: review- → review+
(Assignee)

Comment 15

9 years ago
I checked in the (NSS) supplemental patch (attachment 308342 [details] [diff] [review])
on the NSS trunk for NSS 3.12.

Checking in pk11skey.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11skey.c,v  <--  pk11skey.c
new revision: 1.111; previous revision: 1.110
done
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.