bug 246130. The new factor is:
pk11akey.c - asymetric keys constructed from pk11cert.c and pk11skey.c
pk11auth.c - authentication/password management factored from pk11slot.c
pk11cert.c - cert code with private key, crls and trust factored out.
pk11ctx.c -- pkcs11 context code, factored out of pk11skey.c
new pk11func.h -- for backward compatibility.
pk11mech.c - mechanism mapping code, factored mostly from pk11slot.c
pk11nobj.c - netscape objects (crls and trust), factored mostly from pk11cert.c
pk11obj.c - generic object support, factored from pk11skey.c pk11slot.c and
pk11cert.c
pk11priv.h -- private functions factored from pk11func.h
pk11pub.h -- public functions factored from pk11func.h
pk11skey.c - now only symetric key ops; private, public key ops, generic ops
and crypto contexs have been factored out.
pk11slot.c - still slot operations. Authentication, generic object ops,
mechanism mapping has been factored out.
This patch should only have refactoring, no new functions or other changes.
a) changes selfserv to test the return value from NSS_Shutdown.
b) changes SECMOD_Shutdown to set the error code SEC_ERROR_BUSY before
returning SECFailure.
c) Adds a new function SSL_ShutdownServerSessionIDCache to ssl.h.
d) Changes selfserv to call SSL_ShutdownServerSessionIDCache before calling
NSS_Shutdown.
Modified Files:
cmd/selfserv/selfserv.c lib/pk11wrap/pk11util.c
lib/ssl/ssl.def lib/ssl/ssl.h lib/ssl/ssl3con.c
lib/ssl/sslimpl.h lib/ssl/sslsnce.c
Debug builds can verify correct operation by setting NSS_STRICT_SHUTDOWN, which
will cause an assert if shutdown is called but not all the modules are freed (which
means a slot, key, or cert reference has been leaked).
1. Add SECMOD_LoadModule back to nss.def.
2. Back out the SECMOD_AddModule/AddModuleEx changes.
I also updated the comments and made some changes to emulate the
indentation and comment styles of the original code.
Modifies files: nss/nss.def pk11wrap/pk11pars.c pk11wrap/pk11util.c
* clean up compatibilty issues with PKCS#11 serial numbers. Need to search both encoded and decoded values, while making sure stan code only deals with DER value
1) Implicit declaration of function.
2) Possibly unitialized variables.
These warnings have indicated some real problems in the code, so many changes
are not just to silence the warnings, but to fix the problems. Others were
inocuous, but the warnings were silenced to reduce the noise.
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
2) Move private functions into private headers.
3) Sharpen the layer separation between NSS components, especially pkcs #12
and soft token.
4) Remove dead code.
2) Add code to create secmod.db on the fly again.
3) Fix uninitialized structures so that we can switch to the fips token.
The results of this checkin should allow the fips tests to pass again.
Benjamin Smedberg
hg@mozilla.com
relyea%netscape.com
nelsonb%netscape.com
julien.pierre.bugs%sun.com
wtchang%redhat.com
gerv%gerv.net
wtc%netscape.com
ian.mcgreer%sun.com
jpierre%netscape.com
nicolson%netscape.com
larryh%netscape.com