[Swan-dev] nss: Set NSS_PKCS11_2_0_COMPAT to ensure using the compat interface for now.

Andrew Cagney andrew.cagney at gmail.com
Thu May 14 18:27:17 UTC 2020


On Mon, 11 May 2020 at 22:40, Paul Wouters <paul at nohats.ca> wrote:
>
> On Mon, 11 May 2020, Andrew Cagney wrote:
>
> > Can I suggest:
> > - moving the #define to lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
> > before any includes - since that is the only file that uses
> > CK_GCM_PARAMS
>
> I initially had put it there, but then I thought that lswfips.h was
> a better location since that the central point into nss for our code.
>
> I don't care very much where it lives.
>
> > - try pointing the AES_GCM code at
> > lib/libswan/ike_alg_encrypt_nss_aead_ops.c; it might just drop in ...

Yea.

> I think this is a new API? From Bob:
>
>         The new interface is called PK11_AEADOp, and it uses the normal
>         PK11_CreateContext PK11_XXXOp, PK11_XXXOp, PK11_Finalize() logic.
>
> I don't think we have anything using those yet.

AH, yes, different ...


More information about the Swan-dev mailing list