Add a patch to make wolfPKCS11 the default in NSS

nss/README.md

@@ -20,6 +20,11 @@ test the PKCS11 layer to see which curves are supported.
 NSS assumes that it is using a two-slot PKCS11 backend for non-FIPS by default.
 This patch falls back to one slot if a second slot is not found.
 
+### nss-default.patch
+
+This makes wolfPCKS11 the default provider for NSS, even if it is not explicitly
+specified.
+
 ## Compiling
 
 ### NSS

nss/nss-default.patch

@@ -0,0 +1,28 @@
+diff --git a/lib/util/utilparst.h b/lib/util/utilparst.h
+index 5dda09028..39e4f55c9 100644
+--- a/lib/util/utilparst.h
++++ b/lib/util/utilparst.h
+@@ -37,7 +37,7 @@
+
+ /* default module configuration strings */
+ #define NSSUTIL_DEFAULT_INTERNAL_INIT1 \
+-    "library= name=\"NSS Internal PKCS #11 Module\" parameters="
++    "library=libwolfpkcs11.so.3.1.0 name=wolfPKCS11 parameters="
+ #define NSSUTIL_DEFAULT_INTERNAL_INIT2 \
+     " NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={"
+ #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \
+diff --git a/tests/common/init.sh b/tests/common/init.sh
+index cdf0a3c72..174a95bd0 100644
+--- a/tests/common/init.sh
++++ b/tests/common/init.sh
+@@ -342,8 +342,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+       outdir="$2"
+       OUTFILE="${outdir}/pkcs11.txt"
+       cat > "$OUTFILE" << ++EOF++
+-library=
+-name=NSS Internal PKCS #11 Module
++library=libwolfpkcs11.so.3.1.0
++name=wolfPKCS11
+ parameters=configdir='./client' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+ NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+ ++EOF++