get pk12util working with shared libs. Change ciphersuites to

be disabled by default to allow user control.  Export a couple
more functions to allow ciphersuite preferences.

security/nss/cmd/pk12util/manifest.mn

@@ -48,4 +48,4 @@ REQUIRES = dbm seccmd
 
 PROGRAM = pk12util
 
-USE_STATIC_LIBS = 1
+# USE_STATIC_LIBS = 1

security/nss/cmd/pk12util/pk12util.c

@@ -335,10 +335,8 @@ p12u_ucs2_ascii_conversion_function(PRBool	   toUnicode,
 	}
     }
     /* Perform the conversion. */
-    ret = sec_port_ucs2_utf8_conversion_function(toUnicode,
-						 dup->data, dup->len,
-						 outBuf, maxOutBufLen,
-						 outBufLen);
+    ret = PORT_UCS2_UTF8Conversion(toUnicode, dup->data, dup->len,
+                                   outBuf, maxOutBufLen, outBufLen);
     if (dup)
 	SECITEM_ZfreeItem(dup, PR_TRUE);
     /* If converting ASCII to Unicode, swap bytes before returning
@@ -780,6 +778,18 @@ loser:
     return;
 }
 
+static void
+p12u_EnableAllCiphers()
+{
+    SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+    SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+    SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+}
+
 static PRUintn
 P12U_Init(char *dir)
 {
@@ -795,8 +805,9 @@ P12U_Init(char *dir)
 
     /* setup unicode callback functions */
     PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function);
-    PORT_SetUCS4_UTF8ConversionFunction(sec_port_ucs4_utf8_conversion_function);
-    PORT_SetUCS2_UTF8ConversionFunction(sec_port_ucs2_utf8_conversion_function);
+    /* use the defaults for UCS4-UTF8 and UCS2-UTF8 */
+
+    p12u_EnableAllCiphers();
 
     return 0;
 }

security/nss/lib/pkcs12/p12plcy.c

@@ -48,12 +48,12 @@ typedef struct pkcs12SuiteMapStr {
 } pkcs12SuiteMap;
 
 static pkcs12SuiteMap pkcs12SuiteMaps[] = {
-    { SEC_OID_RC4,		40,	PKCS12_RC4_40,		PR_TRUE, 	PR_FALSE},
-    { SEC_OID_RC4,	       128,	PKCS12_RC4_128,		PR_TRUE, 	PR_FALSE},
-    { SEC_OID_RC2_CBC,		40,	PKCS12_RC2_CBC_40,	PR_TRUE, 	PR_FALSE},
-    { SEC_OID_RC2_CBC,	       128,	PKCS12_RC2_CBC_128,	PR_TRUE, 	PR_FALSE},
-    { SEC_OID_DES_CBC,		64,	PKCS12_DES_56,		PR_TRUE, 	PR_FALSE},
-    { SEC_OID_DES_EDE3_CBC,    192,	PKCS12_DES_EDE3_168,	PR_TRUE, 	PR_TRUE },
+    { SEC_OID_RC4,		40,	PKCS12_RC4_40,		PR_FALSE,	PR_FALSE},
+    { SEC_OID_RC4,	       128,	PKCS12_RC4_128,		PR_FALSE,	PR_FALSE},
+    { SEC_OID_RC2_CBC,		40,	PKCS12_RC2_CBC_40,	PR_FALSE,	PR_TRUE},
+    { SEC_OID_RC2_CBC,	       128,	PKCS12_RC2_CBC_128,	PR_FALSE,	PR_FALSE},
+    { SEC_OID_DES_CBC,		64,	PKCS12_DES_56,		PR_FALSE,	PR_FALSE},
+    { SEC_OID_DES_EDE3_CBC,    192,	PKCS12_DES_EDE3_168,	PR_FALSE,	PR_FALSE},
     { SEC_OID_UNKNOWN,		 0,	PKCS12_NULL,		PR_FALSE,	PR_FALSE},
     { SEC_OID_UNKNOWN,		 0,	0L,			PR_FALSE,	PR_FALSE}
 };

security/nss/lib/smime/smime.def

@@ -155,6 +155,7 @@ SEC_PKCS12AddPasswordIntegrity;
 SEC_PKCS12CreateExportContext;
 SEC_PKCS12CreatePasswordPrivSafe;
 SEC_PKCS12CreateUnencryptedSafe;
+SEC_PKCS12EnableCipher;
 SEC_PKCS12Encode;
 SEC_PKCS12DecoderImportBags;
 SEC_PKCS12DecoderFinish;
@@ -163,6 +164,8 @@ SEC_PKCS12DecoderUpdate;
 SEC_PKCS12DecoderValidateBags;
 SEC_PKCS12DecoderVerify;
 SEC_PKCS12DestroyExportContext;
+SEC_PKCS12IsEncryptionAllowed;
+SEC_PKCS12SetPreferredCipher;
 ;+    local:
 ;+        *;
 ;+};