From c4d36363d2428ce38d19083817697e6255593ac2 Mon Sep 17 00:00:00 2001 From: "mcgreer%netscape.com" Date: Fri, 2 Feb 2001 15:24:29 +0000 Subject: [PATCH] get pk12util working with shared libs. Change ciphersuites to be disabled by default to allow user control. Export a couple more functions to allow ciphersuite preferences. --- security/nss/cmd/pk12util/manifest.mn | 2 +- security/nss/cmd/pk12util/pk12util.c | 23 +++++++++++++++++------ security/nss/lib/pkcs12/p12plcy.c | 12 ++++++------ security/nss/lib/smime/smime.def | 3 +++ 4 files changed, 27 insertions(+), 13 deletions(-) diff --git a/security/nss/cmd/pk12util/manifest.mn b/security/nss/cmd/pk12util/manifest.mn index 5989b5515abb..a15daef6b5fb 100644 --- a/security/nss/cmd/pk12util/manifest.mn +++ b/security/nss/cmd/pk12util/manifest.mn @@ -48,4 +48,4 @@ REQUIRES = dbm seccmd PROGRAM = pk12util -USE_STATIC_LIBS = 1 +# USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index d3da694016ad..1e3f1b0032ff 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -335,10 +335,8 @@ p12u_ucs2_ascii_conversion_function(PRBool toUnicode, } } /* Perform the conversion. */ - ret = sec_port_ucs2_utf8_conversion_function(toUnicode, - dup->data, dup->len, - outBuf, maxOutBufLen, - outBufLen); + ret = PORT_UCS2_UTF8Conversion(toUnicode, dup->data, dup->len, + outBuf, maxOutBufLen, outBufLen); if (dup) SECITEM_ZfreeItem(dup, PR_TRUE); /* If converting ASCII to Unicode, swap bytes before returning @@ -780,6 +778,18 @@ loser: return; } +static void +p12u_EnableAllCiphers() +{ + SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1); + SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1); + SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1); + SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1); + SEC_PKCS12EnableCipher(PKCS12_DES_56, 1); + SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1); + SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1); +} + static PRUintn P12U_Init(char *dir) { @@ -795,8 +805,9 @@ P12U_Init(char *dir) /* setup unicode callback functions */ PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function); - PORT_SetUCS4_UTF8ConversionFunction(sec_port_ucs4_utf8_conversion_function); - PORT_SetUCS2_UTF8ConversionFunction(sec_port_ucs2_utf8_conversion_function); + /* use the defaults for UCS4-UTF8 and UCS2-UTF8 */ + + p12u_EnableAllCiphers(); return 0; } diff --git a/security/nss/lib/pkcs12/p12plcy.c b/security/nss/lib/pkcs12/p12plcy.c index 32124f1fafff..e9616ade052d 100644 --- a/security/nss/lib/pkcs12/p12plcy.c +++ b/security/nss/lib/pkcs12/p12plcy.c @@ -48,12 +48,12 @@ typedef struct pkcs12SuiteMapStr { } pkcs12SuiteMap; static pkcs12SuiteMap pkcs12SuiteMaps[] = { - { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_TRUE, PR_FALSE}, - { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_TRUE, PR_FALSE}, - { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_TRUE, PR_FALSE}, - { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_TRUE, PR_FALSE}, - { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_TRUE, PR_FALSE}, - { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_TRUE, PR_TRUE }, + { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE}, + { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE}, + { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE}, + { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE}, + { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE}, + { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE}, { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE}, { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE} }; diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index 74ad5a7346e5..f1c0f293dad1 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -155,6 +155,7 @@ SEC_PKCS12AddPasswordIntegrity; SEC_PKCS12CreateExportContext; SEC_PKCS12CreatePasswordPrivSafe; SEC_PKCS12CreateUnencryptedSafe; +SEC_PKCS12EnableCipher; SEC_PKCS12Encode; SEC_PKCS12DecoderImportBags; SEC_PKCS12DecoderFinish; @@ -163,6 +164,8 @@ SEC_PKCS12DecoderUpdate; SEC_PKCS12DecoderValidateBags; SEC_PKCS12DecoderVerify; SEC_PKCS12DestroyExportContext; +SEC_PKCS12IsEncryptionAllowed; +SEC_PKCS12SetPreferredCipher; ;+ local: ;+ *; ;+};