Bug 326690. Enable modutil to configure default slots for the

AES, SHA256 or SHA512 mechanisms. r=rrelyea,julien.pierre
2006-02-28 05:16:00 +00:00 · 2006-02-28 05:16:00 +00:00 · 61b48c1f2f
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@ -749,7 +749,8 @@ usage()
 "---------------------------------------------------------------------------\n"
 "\n"
 "Mechanism lists are colon-separated.  The following mechanisms are recognized:\n"
-"RSA, DSA, RC2, RC4, RC5, DES, DH, SHA1, MD5, MD2, SSL, TLS, RANDOM, FRIENDLY\n"
+"RSA, DSA, DH, RC2, RC4, RC5, AES, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
+"SSL, TLS, RANDOM, and FRIENDLY\n"
 "\n"
 "Cipher lists are colon-separated.  The following ciphers are recognized:\n"
 "\n"
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@ -141,11 +141,11 @@ ChkFipsMode(char *arg)
 */

 typedef struct {
-    char *name;
-    unsigned long mask;
+    const char *name;
+    const unsigned long mask;
 } MaskString;

-static MaskString mechanismStrings[] = {
+static const MaskString mechanismStrings[] = {
    {"RSA", PUBLIC_MECH_RSA_FLAG},
    {"DSA", PUBLIC_MECH_DSA_FLAG},
    {"RC2", PUBLIC_MECH_RC2_FLAG},
@ -159,16 +159,19 @@ static MaskString mechanismStrings[] = {
    {"MD2", PUBLIC_MECH_MD2_FLAG},
    {"SSL", PUBLIC_MECH_SSL_FLAG},
    {"TLS", PUBLIC_MECH_TLS_FLAG},
+    {"AES", PUBLIC_MECH_AES_FLAG},
+    {"SHA256", PUBLIC_MECH_SHA256_FLAG},
+    {"SHA512", PUBLIC_MECH_SHA512_FLAG},
    {"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
    {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG}
 };
-static int numMechanismStrings =
+static const int numMechanismStrings =
    sizeof(mechanismStrings) / sizeof(mechanismStrings[0]);

-static MaskString cipherStrings[] = {
+static const MaskString cipherStrings[] = {
    {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
 };
-static int numCipherStrings =
+static const int numCipherStrings =
    sizeof(cipherStrings) / sizeof(cipherStrings[0]);

 /* Maximum length of a colon-separated list of all the strings in an 
@ -186,7 +189,7 @@ static int numCipherStrings =
 * elements is the number of elements in array.
 */
 static unsigned long
-getFlagsFromString(char *string, MaskString array[], int elements)
+getFlagsFromString(char *string, const MaskString array[], int elements)
 {
    unsigned long ret = 0;
    short i = 0;
@ -239,7 +242,7 @@ getFlagsFromString(char *string, MaskString array[], int elements)
 * if you need it permanently or you want to change it.
 */
 static char *
-getStringFromFlags(unsigned long flags, MaskString array[], int elements)
+getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
 {
    static char buf[MAX_STRING_LIST_LEN];
    int i;
--- a/security/nss/lib/pk11wrap/secmod.h
+++ b/security/nss/lib/pk11wrap/secmod.h
@ -55,6 +55,9 @@
 #define PUBLIC_MECH_MD2_FLAG         0x00000400ul
 #define PUBLIC_MECH_SSL_FLAG         0x00000800ul
 #define PUBLIC_MECH_TLS_FLAG         0x00001000ul
+#define PUBLIC_MECH_AES_FLAG         0x00002000ul
+#define PUBLIC_MECH_SHA256_FLAG      0x00004000ul
+#define PUBLIC_MECH_SHA512_FLAG      0x00008000ul

 #define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
 #define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
@ -62,7 +65,7 @@
 #define PUBLIC_DISABLE_FLAG          0x40000000ul

 /* warning: reserved means reserved */
-#define PUBLIC_MECH_RESERVED_FLAGS   0x87FFE000ul
+#define PUBLIC_MECH_RESERVED_FLAGS   0x87FF0000ul

 /* These cipher flags are visible to all other libraries, */
 /* But they must be converted before used in functions */