get pk12util working with shared libs. Change ciphersuites to

be disabled by default to allow user control. Export a couple more functions to allow ciphersuite preferences.
2001-02-02 15:24:29 +00:00 · 2001-02-02 15:24:29 +00:00 · c4d36363d2
--- a/security/nss/cmd/pk12util/manifest.mn
+++ b/security/nss/cmd/pk12util/manifest.mn
@ -48,4 +48,4 @@ REQUIRES = dbm seccmd

 PROGRAM = pk12util

-USE_STATIC_LIBS = 1
+# USE_STATIC_LIBS = 1
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@ -335,10 +335,8 @@ p12u_ucs2_ascii_conversion_function(PRBool	   toUnicode,
 	}
    }
    /* Perform the conversion. */
-    ret = sec_port_ucs2_utf8_conversion_function(toUnicode,
-						 dup->data, dup->len,
-						 outBuf, maxOutBufLen,
-						 outBufLen);
+    ret = PORT_UCS2_UTF8Conversion(toUnicode, dup->data, dup->len,
+                                   outBuf, maxOutBufLen, outBufLen);
    if (dup)
 	SECITEM_ZfreeItem(dup, PR_TRUE);
    /* If converting ASCII to Unicode, swap bytes before returning
@ -780,6 +778,18 @@ loser:
    return;
 }

+static void
+p12u_EnableAllCiphers()
+{
+    SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+    SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+    SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+}
+
 static PRUintn
 P12U_Init(char *dir)
 {
@ -795,8 +805,9 @@ P12U_Init(char *dir)

    /* setup unicode callback functions */
    PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function);
-    PORT_SetUCS4_UTF8ConversionFunction(sec_port_ucs4_utf8_conversion_function);
-    PORT_SetUCS2_UTF8ConversionFunction(sec_port_ucs2_utf8_conversion_function);
+    /* use the defaults for UCS4-UTF8 and UCS2-UTF8 */
+
+    p12u_EnableAllCiphers();

    return 0;
 }
--- a/security/nss/lib/pkcs12/p12plcy.c
+++ b/security/nss/lib/pkcs12/p12plcy.c
@ -48,12 +48,12 @@ typedef struct pkcs12SuiteMapStr {
 } pkcs12SuiteMap;

 static pkcs12SuiteMap pkcs12SuiteMaps[] = {
-    { SEC_OID_RC4,		40,	PKCS12_RC4_40,		PR_TRUE, 	PR_FALSE},
-    { SEC_OID_RC4,	       128,	PKCS12_RC4_128,		PR_TRUE, 	PR_FALSE},
-    { SEC_OID_RC2_CBC,		40,	PKCS12_RC2_CBC_40,	PR_TRUE, 	PR_FALSE},
-    { SEC_OID_RC2_CBC,	       128,	PKCS12_RC2_CBC_128,	PR_TRUE, 	PR_FALSE},
-    { SEC_OID_DES_CBC,		64,	PKCS12_DES_56,		PR_TRUE, 	PR_FALSE},
-    { SEC_OID_DES_EDE3_CBC,    192,	PKCS12_DES_EDE3_168,	PR_TRUE, 	PR_TRUE },
+    { SEC_OID_RC4,		40,	PKCS12_RC4_40,		PR_FALSE,	PR_FALSE},
+    { SEC_OID_RC4,	       128,	PKCS12_RC4_128,		PR_FALSE,	PR_FALSE},
+    { SEC_OID_RC2_CBC,		40,	PKCS12_RC2_CBC_40,	PR_FALSE,	PR_TRUE},
+    { SEC_OID_RC2_CBC,	       128,	PKCS12_RC2_CBC_128,	PR_FALSE,	PR_FALSE},
+    { SEC_OID_DES_CBC,		64,	PKCS12_DES_56,		PR_FALSE,	PR_FALSE},
+    { SEC_OID_DES_EDE3_CBC,    192,	PKCS12_DES_EDE3_168,	PR_FALSE,	PR_FALSE},
    { SEC_OID_UNKNOWN,		 0,	PKCS12_NULL,		PR_FALSE,	PR_FALSE},
    { SEC_OID_UNKNOWN,		 0,	0L,			PR_FALSE,	PR_FALSE}
 };
--- a/security/nss/lib/smime/smime.def
+++ b/security/nss/lib/smime/smime.def
@ -155,6 +155,7 @@ SEC_PKCS12AddPasswordIntegrity;
 SEC_PKCS12CreateExportContext;
 SEC_PKCS12CreatePasswordPrivSafe;
 SEC_PKCS12CreateUnencryptedSafe;
+SEC_PKCS12EnableCipher;
 SEC_PKCS12Encode;
 SEC_PKCS12DecoderImportBags;
 SEC_PKCS12DecoderFinish;
@ -163,6 +164,8 @@ SEC_PKCS12DecoderUpdate;
 SEC_PKCS12DecoderValidateBags;
 SEC_PKCS12DecoderVerify;
 SEC_PKCS12DestroyExportContext;
+SEC_PKCS12IsEncryptionAllowed;
+SEC_PKCS12SetPreferredCipher;
 ;+    local:
 ;+        *;
 ;+};