unix_rand.c, and win_rand.c. 2. Make secrng.h and pqgutil.h private.
3. Public header pk11pqg.h can't include private header pqgutil.h.
4. Many files don't need to include secrng.h. A few don't need to include
pqgutil.h. 5. Remove duplicate declarations of PQG_DestroyParams and
PQG_DestroyVerify from blapi.h.
now include blapit.h. It is necessary to make blapit.h because some
public headers and PSM use the types defined in it. r=relyea,nelsonb.
Modified Files: cryptohi.h lib/freebl/manifest.mn secrng.h pqgutil.h
1) 3.4 needs to bump the version numbers up by one on secmod.db from NSS 3.3
2) Need to add escapes to the configdirectory. (should add them to other parameters as well.
3) put exported files back into the correct headers.
4) Add _BEGIN/_END protos where appropriate.
from lib/util to lib/freebl, move the RNG header file there, too.
Eliminate secrngt.h, which has been empty (except for the license
boilerplate) for many releases.
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
from one token to another will no longer crash. Instead, it will fail
with the new error code SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY. Bug 97887.
In addition, DHE key pairs are now generated with CKA_SENSITIVE false.
The same values that the compiler would assign are assigned, with only
one exception (cmmfNoPKIStatus in cmmft.h). This is patch id=22555,
reviewed by Nelson Bolyard.
address of an external variable that comes from another DLL.
This is a fundamental difference between WIN32 DLLs and Unix DSOs.
So, for every SEC_ASN1Template inside of libnss3 that is referenced by
other templates outside of libnss3, a new "chooser" function was created
that returns the address of that template. For WIN32, the templates
outside of libnss3 access libnss3's templates by the chooser function
rather than by direct reference. Some simple macros allow Unix to
continue to use direct references, avoiding the extra function calls.
With these changes, all.sh (qa script) passes all tests on NT with DLLs.
Modified Files:
cmd/checkcert/checkcert.c cmd/lib/secutil.c lib/asn1/asn1t.h
lib/certdb/certdb.c lib/certdb/certt.h lib/certdb/crl.c
lib/certhigh/certreq.c lib/crmf/asn1cmn.c lib/crmf/crmfcont.c
lib/crmf/crmftmpl.c lib/cryptohi/secsign.c lib/nss/nss.def
lib/pkcs12/p12local.c lib/pkcs12/p12tmpl.c
lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7local.c
lib/smime/cmsasn1.c lib/smime/cmsattr.c lib/smime/cmspubkey.c
lib/smime/cmssigdata.c lib/smime/smimeutil.c
lib/softoken/keydb.c lib/softoken/keydbt.h lib/util/secalgid.c
lib/util/secasn1.h lib/util/secasn1d.c lib/util/secasn1t.h
lib/util/secasn1u.c lib/util/secdig.c lib/util/secdig.h
lib/util/secoid.h
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.
cryptohi.h, pk11func.h, secpkcs7.h, and cms.h. Some files now need to
include <errno.h>. They were including <errno.h> indirectly through
mcom_db.h.
Modified Files:
cmd/atob/atob.c cmd/btoa/btoa.c cmd/derdump/derdump.c
lib/cryptohi/cryptohi.h lib/pk11wrap/pk11func.h
lib/pkcs7/secpkcs7.h lib/smime/cms.h lib/ssl/sslsnce.c
Diffie-Hellman key parameters does not encompass all the optional
fields defined in RFC2459, section 7.3.2 (namely j and validationParams).
I added comments reminding us of the fact that PQGParams need to be
extended to hold these, and fixed the ASN1 prototype from its previous
totally broken status to one that decodes prime, subPrime and base
correctly, and skips the rest.
This avoids failure in public key extraction (which is part of verification)
with DH certs.
