[Swan-dev] nss: Set NSS_PKCS11_2_0_COMPAT to ensure using the compat interface for now.

Paul Wouters paul at nohats.ca
Tue May 12 02:40:15 UTC 2020


On Mon, 11 May 2020, Andrew Cagney wrote:

> Can I suggest:
> - moving the #define to lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
> before any includes - since that is the only file that uses
> CK_GCM_PARAMS

I initially had put it there, but then I thought that lswfips.h was
a better location since that the central point into nss for our code.

I don't care very much where it lives.

> - try pointing the AES_GCM code at
> lib/libswan/ike_alg_encrypt_nss_aead_ops.c; it might just drop in ...

I think this is a new API? From Bob:

 	The new interface is called PK11_AEADOp, and it uses the normal
 	PK11_CreateContext PK11_XXXOp, PK11_XXXOp, PK11_Finalize() logic.

I don't think we have anything using those yet.

Paul


More information about the Swan-dev mailing list