diff options
| author | cvs2hg <devnull@localhost> | 2003-03-17 23:58:20 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2003-03-17 23:58:20 +0000 |
| commit | b8c2d5a84982cc90d659bbde2f192438c343036a (patch) | |
| tree | 5cadb90f51a367b4fd7990191ab12f530b7c56dc | |
| parent | 0d6277e29895f70f6ab0c16734175be6e4560d75 (diff) | |
| download | nss-hg-b8c2d5a84982cc90d659bbde2f192438c343036a.tar.gz | |
fixup commit for branch 'PHOTON_GECKO_STATIC_BUILD_BRANCH'
103 files changed, 2382 insertions, 3208 deletions
diff --git a/dbm/src/nsres.c b/dbm/src/nsres.c index 4b4dae4a2..e383d58e5 100644 --- a/dbm/src/nsres.c +++ b/dbm/src/nsres.c @@ -79,7 +79,8 @@ NSRESHANDLE NSResCreateTable(const char *filename, NSRESTHREADINFO *threadinfo) flag = O_RDWR | O_CREAT; - hres = (RESHANDLE) calloc ( 1, sizeof(struct RESDATABASE) ); + hres = (RESHANDLE) malloc ( sizeof(struct RESDATABASE) ); + memset(hres, 0, sizeof(struct RESDATABASE)); if (threadinfo && threadinfo->lock && threadinfo->fn_lock && threadinfo->fn_unlock) @@ -110,7 +111,8 @@ NSRESHANDLE NSResOpenTable(const char *filename, NSRESTHREADINFO *threadinfo) flag = O_RDONLY; /* only open database for reading */ - hres = (RESHANDLE) calloc ( 1, sizeof(struct RESDATABASE) ); + hres = (RESHANDLE) malloc ( sizeof(struct RESDATABASE) ); + memset(hres, 0, sizeof(struct RESDATABASE)); if (threadinfo && threadinfo->lock && threadinfo->fn_lock && threadinfo->fn_unlock) diff --git a/security/coreconf/Darwin.mk b/security/coreconf/Darwin.mk index 59f5af8fd..d58e5c760 100644 --- a/security/coreconf/Darwin.mk +++ b/security/coreconf/Darwin.mk @@ -35,6 +35,8 @@ include $(CORE_DEPTH)/coreconf/UNIX.mk +DEFAULT_COMPILER = cc + CC = cc CCC = c++ RANLIB = ranlib diff --git a/security/coreconf/OS2.mk b/security/coreconf/OS2.mk index 4b80a7f81..00f028d8e 100644 --- a/security/coreconf/OS2.mk +++ b/security/coreconf/OS2.mk @@ -86,10 +86,16 @@ DSO_LDOPTS = -Zomf -Zdll -Zmt -Zcrtdll -Zlinker /NOO SHLIB_LDSTARTFILE = SHLIB_LDENDFILE = ifdef MAPFILE -# Add LD options to restrict exported symbols to those in the map file +MKSHLIB += $(MAPFILE) endif -# Change PROCESS to put the mapfile in the correct format for this platform -PROCESS_MAP_FILE = copy $(LIBRARY_NAME).def $@ +PROCESS_MAP_FILE = \ + echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \ + echo PROTMODE >> $@; \ + echo CODE LOADONCALL MOVEABLE DISCARDABLE >> $@; \ + echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \ + echo EXPORTS >> $@; \ + grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ + sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@ endif #NO_SHARED_LIB @@ -147,6 +153,17 @@ DSO_LDOPTS = # DLL_SUFFIX = .dll SHLIB_LDSTARTFILE = SHLIB_LDENDFILE = +ifdef MAPFILE +MKSHLIB += $(MAPFILE) +endif +PROCESS_MAP_FILE = \ + echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \ + echo PROTMODE >> $@; \ + echo CODE LOADONCALL MOVEABLE DISCARDABLE >> $@; \ + echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \ + echo EXPORTS >> $@; \ + grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ + sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@ endif #NO_SHARED_LIB OS_CFLAGS = /Q /qlibansi /Gd /Gm /Su4 /Mp /Tl- @@ -159,20 +176,22 @@ MOZ_COMPONENT_NSPR_LIBS=-L$(DIST)/lib $(NSPR_LIBS) NSPR_INCLUDE_DIR = +DLLFLAGS = /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map) +EXEFLAGS = -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE +LDFLAGS = /FREE /NOE /LINENUMBERS /nologo + ifdef BUILD_OPT -OPTIMIZER = -Oi -G5 +OPTIMIZER = /O+ /Gl+ /G5 /qarch=pentium DEFINES += -UDEBUG -U_DEBUG -DNDEBUG -DLLFLAGS = /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map) -EXEFLAGS = -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE OBJDIR_TAG = _OPT -LDFLAGS = /FREE /NODEBUG /NOE /LINENUMBERS /nologo +LDFLAGS += /NODEBUG /OPTFUNC /EXEPACK:2 /PACKCODE /PACKDATA else OS_CFLAGS += /Ti+ DEFINES += -DDEBUG -D_DEBUG -DDEBUGPRINTS #HCT Need += to avoid overidding manifest.mn -DLLFLAGS = /DEBUG /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map) -EXEFLAGS = -DEBUG -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE +DLLFLAGS += /DE +EXEFLAGS += /DE OBJDIR_TAG = _DBG -LDFLAGS = /FREE /DE /NOE /LINENUMBERS /nologo +LDFLAGS += /DE endif # BUILD_OPT endif # XP_OS2_VACPP diff --git a/security/dbm/manifest.mn b/security/coreconf/platform.mk index 11f4f4237..a4826d315 100644 --- a/security/dbm/manifest.mn +++ b/security/coreconf/platform.mk @@ -1,4 +1,3 @@ -#! gmake # # The contents of this file are subject to the Mozilla Public # License Version 1.1 (the "License"); you may not use this file @@ -32,14 +31,8 @@ # GPL. # -CORE_DEPTH = .. +####################################################################### +# Master "Core Components" <platform> tag # +####################################################################### -MODULE = dbm - -IMPORTS = nspr20/v4.1.2 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) +PLATFORM = $(OBJDIR_NAME) diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk index 84fc90eb5..aca7eaa6b 100644 --- a/security/coreconf/rules.mk +++ b/security/coreconf/rules.mk @@ -312,7 +312,7 @@ endif ifeq ($(OS_TARGET),OS2) $(IMPORT_LIBRARY): $(SHARED_LIBRARY) rm -f $@ - $(IMPLIB) $@ $(patsubst %.lib,%.dll.def,$@) + $(IMPLIB) $@ $(SHARED_LIBRARY) $(RANLIB) $@ endif @@ -339,25 +339,8 @@ else ifeq (,$(filter-out WIN%,$(OS_TARGET))) $(LINK_DLL) -MAP $(DLLBASE) $(subst /,\\,$(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES)) else -ifeq ($(OS_TARGET),OS2) - @cmd /C "echo LIBRARY $(notdir $(basename $(SHARED_LIBRARY))) INITINSTANCE TERMINSTANCE >$@.def" - @cmd /C "echo PROTMODE >>$@.def" - @cmd /C "echo CODE LOADONCALL MOVEABLE DISCARDABLE >>$@.def" - @cmd /C "echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >>$@.def" - @cmd /C "echo EXPORTS >>$@.def" - $(FILTER) $(OBJS) >>$@.def -ifdef SUB_SHLOBJS - @echo Number of words in OBJ list = $(words $(SUB_SHLOBJS)) - @echo If above number is over 100, need to reedit coreconf/rules.mk - -$(FILTER) $(wordlist 1,20,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 21,40,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 41,60,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 61,80,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 81,100,$(SUB_SHLOBJS)) >>$@.def -endif -endif #OS2 ifdef XP_OS2_VACPP - $(MKSHLIB) $(DLLFLAGS) $(LDFLAGS) $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $@.def + $(MKSHLIB) $(DLLFLAGS) $(LDFLAGS) $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) else $(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) endif diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index 34cd6d899..000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index 753364931..000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index ba4dd8ddf..000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 886fedd98..000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 8fce98394..000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index 370fd75d6..000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,63 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index 001a48c5c..000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> - -#include <dirent.h> -#include <errno.h> - -/*#ifndef __EMX__ -#include <libx.h> -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include <os2.h> - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell looses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in <ffbuf> */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac8..000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include <sys/param.h> -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include <stdio.h> -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include <param.h> -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 80f2abfd0..000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - nsres.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index fe132e19c..000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index b3000b257..dfb511986 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -1256,123 +1256,6 @@ finish: } SECStatus -SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA256Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA256_NewContext(); - SHA256_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA256_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA256_Flatten(cx, cxbytes); - cx_cpy = SHA256_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName); - goto finish; - } - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA256_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA256_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA384Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA384_NewContext(); - SHA384_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA384_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA384_Flatten(cx, cxbytes); - cx_cpy = SHA384_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName); - goto finish; - } - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA384_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA384_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA512Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA512_NewContext(); - SHA512_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA512_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA512_Flatten(cx, cxbytes); - cx_cpy = SHA512_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName); - goto finish; - } - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA512_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA512_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, int keysize, int exponent) { @@ -1488,29 +1371,8 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; break; case bltestSHA256: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA256_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart - : SHA256_HashBuf; - return SECSuccess; - break; case bltestSHA384: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA384_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart - : SHA384_HashBuf; - return SECSuccess; - break; case bltestSHA512: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA512_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart - : SHA512_HashBuf; - return SECSuccess; - break; default: return SECFailure; } diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext0 b/security/nss/cmd/bltest/tests/sha256/ciphertext0 deleted file mode 100644 index 07e2ff14f..000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0= diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext1 b/security/nss/cmd/bltest/tests/sha256/ciphertext1 deleted file mode 100644 index 2ab6e1da5..000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE= diff --git a/security/nss/cmd/bltest/tests/sha256/numtests b/security/nss/cmd/bltest/tests/sha256/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/sha256/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext0 b/security/nss/cmd/bltest/tests/sha256/plaintext0 deleted file mode 100644 index 8baef1b4a..000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext1 b/security/nss/cmd/bltest/tests/sha256/plaintext1 deleted file mode 100644 index afb5dce5d..000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext0 b/security/nss/cmd/bltest/tests/sha384/ciphertext0 deleted file mode 100644 index c94f91e22..000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext1 b/security/nss/cmd/bltest/tests/sha384/ciphertext1 deleted file mode 100644 index 833f06d84..000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5 diff --git a/security/nss/cmd/bltest/tests/sha384/numtests b/security/nss/cmd/bltest/tests/sha384/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/sha384/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext0 b/security/nss/cmd/bltest/tests/sha384/plaintext0 deleted file mode 100644 index 8baef1b4a..000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext1 b/security/nss/cmd/bltest/tests/sha384/plaintext1 deleted file mode 100644 index 94fcc2b29..000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext0 b/security/nss/cmd/bltest/tests/sha512/ciphertext0 deleted file mode 100644 index 8b626e237..000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext0 +++ /dev/null @@ -1,2 +0,0 @@ -3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9 -RU1EI2Q86A4qmslPpUyknw== diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext1 b/security/nss/cmd/bltest/tests/sha512/ciphertext1 deleted file mode 100644 index c02d1752d..000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext1 +++ /dev/null @@ -1,2 +0,0 @@ -jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6 -x9Mp7rbdJlReluVbh0vpCQ== diff --git a/security/nss/cmd/bltest/tests/sha512/numtests b/security/nss/cmd/bltest/tests/sha512/numtests deleted file mode 100644 index 0cfbf0888..000000000 --- a/security/nss/cmd/bltest/tests/sha512/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext0 b/security/nss/cmd/bltest/tests/sha512/plaintext0 deleted file mode 100644 index 8baef1b4a..000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext1 b/security/nss/cmd/bltest/tests/sha512/plaintext1 deleted file mode 100644 index 94fcc2b29..000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index a32d2fd65..d231c46c2 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -243,9 +243,8 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii) } while (0); if (!rv) { - rv = CERT_VerifySignedDataWithPubKeyInfo(&signedData, - &certReq->subjectPublicKeyInfo, - NULL /* wincx */); + rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, + &certReq->subjectPublicKeyInfo, NULL /* wincx */); } if (rv) { diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c index 5ed69bc18..6dbb6edff 100644 --- a/security/nss/cmd/smimetools/cmsutil.c +++ b/security/nss/cmd/smimetools/cmsutil.c @@ -115,7 +115,6 @@ Usage(char *progName) fprintf(stderr, " -G include a signing time attribute\n"); fprintf(stderr, " -P include a SMIMECapabilities attribute\n"); fprintf(stderr, " -Y nick include a EncryptionKeyPreference attribute with cert\n"); - fprintf(stderr, " (use \"NONE\" to omit)\n"); fprintf(stderr, " -E create a CMS enveloped message (NYI)\n"); fprintf(stderr, " -r id,... create envelope for these recipients,\n"); fprintf(stderr, " where id can be a certificate nickname or email address\n"); @@ -417,7 +416,7 @@ signed_data(struct signOptionsStr *signOptions) } if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle, signOptions->nickname, - signOptions->options->certUsage, + certUsageEmailSigner, PR_FALSE, NULL)) == NULL) { SECU_PrintError(progName, @@ -493,7 +492,35 @@ signed_data(struct signOptionsStr *signOptions) } } - if (!signOptions->encryptionKeyPreferenceNick) { + if (signOptions->encryptionKeyPreferenceNick) { + /* get the cert, add it to the message */ + if ((ekpcert = CERT_FindUserCertByUsage( + signOptions->options->certHandle, + signOptions->encryptionKeyPreferenceNick, + certUsageEmailRecipient, PR_FALSE, NULL)) + == NULL) { + SECU_PrintError(progName, + "the corresponding cert for key \"%s\" does not exist", + signOptions->encryptionKeyPreferenceNick); + goto loser; + } + if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, + signOptions->options->certHandle) + != SECSuccess) { + fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n"); + goto loser; + } + if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert, + signOptions->options->certHandle) + != SECSuccess) { + fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n"); + goto loser; + } + if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) { + fprintf(stderr, "ERROR: cannot add encryption certificate.\n"); + goto loser; + } + } else { /* check signing cert for fitness as encryption cert */ SECStatus FitForEncrypt = CERT_CheckCertUsage(cert, certUsageEmailRecipient); @@ -548,36 +575,6 @@ signed_data(struct signOptionsStr *signOptions) goto loser; } } - } else if (PL_strcmp(signOptions->encryptionKeyPreferenceNick, "NONE") == 0) { - /* No action */ - } else { - /* get the cert, add it to the message */ - if ((ekpcert = CERT_FindUserCertByUsage( - signOptions->options->certHandle, - signOptions->encryptionKeyPreferenceNick, - certUsageEmailRecipient, PR_FALSE, NULL)) - == NULL) { - SECU_PrintError(progName, - "the corresponding cert for key \"%s\" does not exist", - signOptions->encryptionKeyPreferenceNick); - goto loser; - } - if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert, - signOptions->options->certHandle) - != SECSuccess) { - fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n"); - goto loser; - } - if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) { - fprintf(stderr, "ERROR: cannot add encryption certificate.\n"); - goto loser; - } } if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) { @@ -962,6 +959,17 @@ loser: typedef enum { UNKNOWN, DECODE, SIGN, ENCRYPT, ENVELOPE, CERTSONLY } Mode; +#if 0 +void +parse_message_for_recipients(PRFileDesc *inFile, + struct envelopeOptionsStr *envelopeOptions) +{ + SECItem filedata; + SECStatus rv; + rv = SECU_FileToItem(&filedata, inFile); +} +#endif + int main(int argc, char **argv) { @@ -1019,7 +1027,7 @@ main(int argc, char **argv) * Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, - "CDSEOnN:TGPY:vh:p:i:c:d:e:o:s:u:r:"); + "CDSEOnN:TGPYv:h:p:i:c:d:e:o:s:u:r:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -1162,6 +1170,13 @@ main(int argc, char **argv) break; case 'o': +#if 0 + if (mode == DECODE) { + outFile = fopen(optstate->value, "w"); + } else { + outFile = fopen(optstate->value, "wb"); + } +#endif outFile = fopen(optstate->value, "wb"); if (outFile == NULL) { fprintf(stderr, "%s: unable to open \"%s\" for writing\n", @@ -1176,6 +1191,9 @@ main(int argc, char **argv) Usage(progName); exit(1); } +#if 0 + fprintf(stderr, "recipient = %s\n", optstate->value); +#endif envelopeOptions.recipients = ptrarray; str = (char *)optstate->value; do { @@ -1242,6 +1260,7 @@ main(int argc, char **argv) } #if defined(_WIN32) + /*if (outFile == stdout && mode != DECODE) {*/ if (outFile == stdout) { /* If we're going to write binary data to stdout, we must put stdout ** into O_BINARY mode or else outgoing \n's will become \r\n's. @@ -1337,6 +1356,10 @@ main(int argc, char **argv) break; case ENVELOPE: envelopeOptions.options = &options; +#if 0 + if (!envelopeOptions.recipients) + parse_message_for_recipients(myIn, &envelopeOptions); +#endif cmsg = enveloped_data(&envelopeOptions); if (!cmsg) { SECU_PrintError(progName, "problem enveloping"); diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 461ba0641..869272fae 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -1144,6 +1144,7 @@ main(int argc, char **argv) (certsTested != connections); exitVal = ( exitVal || failed_already ); + SSL_ClearSessionCache(); NSS_Shutdown(); PR_Cleanup(); return exitVal; diff --git a/security/nss/cmd/vfychain/Makefile b/security/nss/cmd/vfychain/Makefile deleted file mode 100644 index 8a0332d89..000000000 --- a/security/nss/cmd/vfychain/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/vfychain/manifest.mn b/security/nss/cmd/vfychain/manifest.mn deleted file mode 100644 index 1cdcc4de8..000000000 --- a/security/nss/cmd/vfychain/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd - -# DIRS = - -CSRCS = vfychain.c -DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" - -PROGRAM = vfychain - diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c deleted file mode 100644 index 831e198dc..000000000 --- a/security/nss/cmd/vfychain/vfychain.c +++ /dev/null @@ -1,435 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/**************************************************************************** - * Read in a cert chain from one or more files, and verify the chain for - * some usage. - * * - * This code was modified from other code also kept in the NSS directory. - ****************************************************************************/ - -#include <stdio.h> -#include <string.h> - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "prerror.h" - -#include "nssrenam.h" -#include "pk11func.h" -#include "seccomon.h" -#include "secutil.h" -#include "secmod.h" -#include "secitem.h" -#include "cert.h" - - -/* #include <stdlib.h> */ -/* #include <errno.h> */ -/* #include <fcntl.h> */ -/* #include <stdarg.h> */ - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "nss.h" - -/* #include "vfyutil.h" */ - -#define RD_BUF_SIZE (60 * 1024) - -int verbose; - -char *password = NULL; - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - return passwd; -} - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-d dbdir] certfile [certfile ...]\n", - progName); - exit(1); -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SECU_Strerror(errorNumber); - - fprintf(stderr, "Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -static char * -bestCertName(CERTCertificate *cert) { - if (cert->nickname) { - return cert->nickname; - } - if (cert->emailAddr) { - return cert->emailAddr; - } - return cert->subjectName; -} - -void -printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertUsage certUsage, void *pinArg) -{ - CERTVerifyLog log; - CERTVerifyLogNode *node = NULL; - unsigned int depth = (unsigned int)-1; - unsigned int flags = 0; - char * errstr = NULL; - PRErrorCode err = PORT_GetError(); - - log.arena = PORT_NewArena(512); - log.head = log.tail = NULL; - log.count = 0; - CERT_VerifyCert(handle, cert, checksig, certUsage, - PR_Now(), pinArg, &log); - - if (log.count > 0) { - fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n"); - for (node = log.head; node; node = node->next) { - if (depth != node->depth) { - depth = node->depth; - fprintf(outfile,"CERT %d. %s %s:\n", depth, - bestCertName(node->cert), - depth ? "[Certificate Authority]": ""); - if (verbose) { - const char * emailAddr; - emailAddr = CERT_GetFirstEmailAddress(node->cert); - if (emailAddr) { - fprintf(outfile,"Email Address(es): "); - do { - fprintf(outfile, "%s\n", emailAddr); - emailAddr = CERT_GetNextEmailAddress(node->cert, - emailAddr); - } while (emailAddr); - } - } - } - fprintf(outfile," ERROR %d: %s\n", node->error, - SECU_Strerror(node->error)); - errstr = NULL; - switch (node->error) { - case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; - switch (flags) { - case KU_DIGITAL_SIGNATURE: - errstr = "Cert cannot sign."; - break; - case KU_KEY_ENCIPHERMENT: - errstr = "Cert cannot encrypt."; - break; - case KU_KEY_CERT_SIGN: - errstr = "Cert cannot sign other certs."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; - switch (flags) { - case NS_CERT_TYPE_SSL_CLIENT: - case NS_CERT_TYPE_SSL_SERVER: - errstr = "Cert cannot be used for SSL."; - break; - case NS_CERT_TYPE_SSL_CA: - errstr = "Cert cannot be used as an SSL CA."; - break; - case NS_CERT_TYPE_EMAIL: - errstr = "Cert cannot be used for SMIME."; - break; - case NS_CERT_TYPE_EMAIL_CA: - errstr = "Cert cannot be used as an SMIME CA."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING: - errstr = "Cert cannot be used for object signing."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING_CA: - errstr = "Cert cannot be used as an object signing CA."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_ISSUER: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - errstr = node->cert->issuerName; - break; - default: - break; - } - if (errstr) { - fprintf(stderr," %s\n",errstr); - } - CERT_DestroyCertificate(node->cert); - } - } - PORT_SetError(err); /* restore original error code */ -} - -typedef struct certMemStr { - struct certMemStr * next; - CERTCertificate * cert; -} certMem; - -certMem * theCerts; - -void -rememberCert(CERTCertificate * cert) -{ - certMem * newCertMem = PORT_ZNew(certMem); - if (newCertMem) { - newCertMem->next = theCerts; - newCertMem->cert = cert; - theCerts = newCertMem; - } -} - -void -forgetCerts(void) -{ - certMem * oldCertMem; - while (oldCertMem = theCerts) { - theCerts = oldCertMem->next; - CERT_DestroyCertificate(oldCertMem->cert); - PORT_Free(oldCertMem); - } - theCerts = NULL; -} - - -CERTCertificate * -readCertFile(const char * fileName, PRBool isAscii) -{ - unsigned char * pb; - CERTCertificate * cert = NULL; - CERTCertDBHandle *defaultDB = NULL; - PRFileDesc* fd; - PRInt32 cc = -1; - PRInt32 total; - PRInt32 remaining; - SECItem item; - static unsigned char certBuf[RD_BUF_SIZE]; - - fd = PR_Open(fileName, PR_RDONLY, 0777); - if (!fd) { - PRIntn err = PR_GetError(); - fprintf(stderr, "open of %s failed, %d = %s\n", - fileName, err, SECU_Strerror(err)); - return cert; - } - /* read until EOF or buffer is full */ - pb = certBuf; - while (0 < (remaining = (sizeof certBuf) - (pb - certBuf))) { - cc = PR_Read(fd, pb, remaining); - if (cc == 0) - break; - if (cc < 0) { - PRIntn err = PR_GetError(); - fprintf(stderr, "read of %s failed, %d = %s\n", - fileName, err, SECU_Strerror(err)); - break; - } - /* cc > 0 */ - pb += cc; - } - PR_Close(fd); - if (cc < 0) - return cert; - if (!remaining || cc > 0) { /* file was too big. */ - fprintf(stderr, "cert file %s was too big.\n"); - return cert; - } - total = pb - certBuf; - if (!total) { /* file was empty */ - fprintf(stderr, "cert file %s was empty.\n"); - return cert; - } - if (isAscii) { - /* convert from Base64 to binary here ... someday */ - } - item.type = siBuffer; - item.data = certBuf; - item.len = total; - defaultDB = CERT_GetDefaultCertDB(); - cert = CERT_NewTempCertificate(defaultDB, &item, - NULL /* nickname */, - PR_FALSE /* isPerm */, - PR_TRUE /* copyDER */); - if (!cert) { - PRIntn err = PR_GetError(); - fprintf(stderr, "couldn't import %s, %d = %s\n", - fileName, err, SECU_Strerror(err)); - } - return cert; -} - -int -main(int argc, char *argv[], char *envp[]) -{ - char * certDir = NULL; - char * progName = NULL; - char * cipherString = NULL; - CERTCertificate * cert; - CERTCertificate * firstCert = NULL; - CERTCertDBHandle * defaultDB = NULL; - PRBool isAscii = PR_FALSE; - SECStatus secStatus; - SECCertUsage certUsage = certUsageSSLServer; - PLOptState * optstate; - PLOptStatus status; - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PL_strdup(argv[0]); - - optstate = PL_CreateOptState(argc, argv, "ad:ru:w:v"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 0 : /* positional parameter */ goto breakout; - case 'a' : isAscii = PR_TRUE; break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'r' : isAscii = PR_FALSE; break; - case 'u' : certUsage = (SECCertUsage)PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case 'v' : verbose++; break; - default : Usage(progName); break; - } - } -breakout: - if (status != PL_OPT_OK) - Usage(progName); - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - if (certDir) { - secStatus = NSS_Init(certDir); - } else { - secStatus = NSS_NoDB_Init(NULL); - - /* load the builtins */ - SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); - } - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - - while (status == PL_OPT_OK) { - switch(optstate->option) { - default : Usage(progName); break; - case 'a' : isAscii = PR_TRUE; break; - case 'r' : isAscii = PR_FALSE; break; - case 0 : /* positional parameter */ - cert = readCertFile(optstate->value, isAscii); - if (!cert) - goto punt; - rememberCert(cert); - if (!firstCert) - firstCert = cert; - break; - } - status = PL_GetNextOpt(optstate); - } - if (status == PL_OPT_BAD || !firstCert) - Usage(progName); - - /* NOW, verify the cert chain. */ - defaultDB = CERT_GetDefaultCertDB(); - secStatus = CERT_VerifyCert(defaultDB, firstCert, - PR_TRUE /* check sig */, - certUsage, - PR_Now(), - NULL, /* wincx */ - NULL); /* error log */ - - if (secStatus != SECSuccess) { - PRIntn err = PR_GetError(); - fprintf(stderr, "Chain is bad, %d = %s\n", err, SECU_Strerror(err)); - printCertProblems(stderr, defaultDB, firstCert, - PR_TRUE, certUsage, NULL); - } else { - fprintf(stderr, "Chain is good!\n"); - } - -punt: - forgetCerts(); - NSS_Shutdown(); - PR_Cleanup(); - return 0; -} diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c index 0e2c26f90..6e0f59d04 100644 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ b/security/nss/cmd/vfyserv/vfyutil.c @@ -50,19 +50,32 @@ int ssl2CipherSuites[] = { }; int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ + SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ + SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ + SSL_RSA_WITH_RC4_128_MD5, /* c */ + SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + SSL_RSA_WITH_DES_CBC_SHA, /* e */ + SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ + SSL_RSA_WITH_NULL_MD5, /* i */ + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ + SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ + SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ + TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ + TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ + SSL_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/lib/base/errorval.c b/security/nss/lib/base/errorval.c index 7a5892d92..88e406c84 100644 --- a/security/nss/lib/base/errorval.c +++ b/security/nss/lib/base/errorval.c @@ -88,4 +88,6 @@ const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE = 32; const NSSError NSS_ERROR_HASH_COLLISION = 33; const NSSError NSS_ERROR_DEVICE_ERROR = 34; const NSSError NSS_ERROR_INVALID_CERTIFICATE = 35; +const NSSError NSS_ERROR_BUSY = 36; +const NSSError NSS_ERROR_ALREADY_INITIALIZED = 37; diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index da8c53777..61cb9f7a9 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -478,6 +478,9 @@ CERT_FindCertByKeyID (CERTCertDBHandle *handle, SECItem *name, SECItem *keyID); extern CERTCertificate * CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN); +extern CERTCertificate * +CERT_FindCertBySubjectKeyID (CERTCertDBHandle *handle, SECItem *subjKeyID); + /* ** Find a certificate in the database by a nickname ** "nickname" is the ascii string nickname to look for @@ -569,9 +572,9 @@ extern SECStatus CERT_VerifySignedData(CERTSignedData *sd, ** verify the signature of a signed data object with the given DER publickey */ extern SECStatus -CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd, - CERTSubjectPublicKeyInfo *pubKeyInfo, - void *wincx); +CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd, + CERTSubjectPublicKeyInfo *pubKeyInfo, + void *wincx); /* ** verify the signature of a signed data object with a SECKEYPublicKey. @@ -922,7 +925,7 @@ extern SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert, /* Return the decoded value of the subjectKeyID extension. The caller should ** free up the storage allocated in retItem->data. */ -extern SECStatus CERT_FindSubjectKeyIDExten (CERTCertificate *cert, +extern SECStatus CERT_FindSubjectKeyIDExtension (CERTCertificate *cert, SECItem *retItem); /* diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 8bfe1a58c..4362630cc 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -670,7 +670,7 @@ cert_GetKeyID(CERTCertificate *cert) cert->subjectKeyID.len = 0; /* see of the cert has a key identifier extension */ - rv = CERT_FindSubjectKeyIDExten(cert, &tmpitem); + rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem); if ( rv == SECSuccess ) { cert->subjectKeyID.data = (unsigned char*) PORT_ArenaAlloc(cert->arena, tmpitem.len); if ( cert->subjectKeyID.data != NULL ) { @@ -747,7 +747,7 @@ cert_IsRootCert(CERTCertificate *cert) /* authority key identifier is present */ if (cert->authKeyID->keyID.len > 0) { /* the keyIdentifier field is set, look for subjectKeyID */ - rv = CERT_FindSubjectKeyIDExten(cert, &tmpitem); + rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem); if (rv == SECSuccess) { PRBool match; /* also present, they MUST match for it to be a root */ @@ -2737,3 +2737,159 @@ CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *statusConfig) PORT_Assert(handle->statusConfig == NULL); handle->statusConfig = statusConfig; } + +/* + * Code for dealing with subjKeyID to cert mappings. + */ + +static PLHashTable *gSubjKeyIDHash = NULL; +static PRLock *gSubjKeyIDLock = NULL; + +static void *cert_AllocTable(void *pool, PRSize size) +{ + return PORT_Alloc(size); +} + +static void cert_FreeTable(void *pool, void *item) +{ + PORT_Free(item); +} + +static PLHashEntry* cert_AllocEntry(void *pool, const void *key) +{ + return PORT_New(PLHashEntry); +} + +static void cert_FreeEntry(void *pool, PLHashEntry *he, PRUintn flag) +{ + SECITEM_FreeItem((SECItem*)(he->value), PR_TRUE); + if (flag == HT_FREE_ENTRY) { + SECITEM_FreeItem((SECItem*)(he->key), PR_TRUE); + PORT_Free(he); + } +} + +static PLHashAllocOps cert_AllocOps = { + cert_AllocTable, cert_FreeTable, cert_AllocEntry, cert_FreeEntry +}; + +SECStatus +cert_CreateSubjectKeyIDHashTable(void) +{ + gSubjKeyIDHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, + SECITEM_HashCompare, + &cert_AllocOps, NULL); + if (!gSubjKeyIDHash) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } + gSubjKeyIDLock = PR_NewLock(); + if (!gSubjKeyIDLock) { + PL_HashTableDestroy(gSubjKeyIDHash); + gSubjKeyIDHash = NULL; + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } + return SECSuccess; + +} + +SECStatus +cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert) +{ + SECItem *newKeyID, *oldVal, *newVal; + SECStatus rv = SECFailure; + + if (!gSubjKeyIDLock) { + /* If one is created, then both are there. So only check for one. */ + return SECFailure; + } + + newVal = SECITEM_DupItem(&cert->derCert); + if (!newVal) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + goto done; + } + newKeyID = SECITEM_DupItem(subjKeyID); + if (!newKeyID) { + SECITEM_FreeItem(newVal, PR_TRUE); + PORT_SetError(SEC_ERROR_NO_MEMORY); + goto done; + } + + PR_Lock(gSubjKeyIDLock); + /* The hash table implementation does not free up the memory + * associated with the key of an already existing entry if we add a + * duplicate, so we would wind up leaking the previously allocated + * key if we don't remove before adding. + */ + oldVal = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID); + if (oldVal) { + PL_HashTableRemove(gSubjKeyIDHash, subjKeyID); + } + + rv = (PL_HashTableAdd(gSubjKeyIDHash, newKeyID, newVal)) ? SECSuccess : + SECFailure; + PR_Unlock(gSubjKeyIDLock); +done: + return rv; +} + +SECStatus +cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID) +{ + SECStatus rv; + if (!gSubjKeyIDLock) + return SECFailure; + + PR_Lock(gSubjKeyIDLock); + rv = (PL_HashTableRemove(gSubjKeyIDHash, subjKeyID)) ? SECSuccess : + SECFailure; + PR_Unlock(gSubjKeyIDLock); + return rv; +} + +SECStatus +cert_DestroySubjectKeyIDHashTable(void) +{ + if (gSubjKeyIDHash) { + PR_Lock(gSubjKeyIDLock); + PL_HashTableDestroy(gSubjKeyIDHash); + gSubjKeyIDHash = NULL; + PR_Unlock(gSubjKeyIDLock); + PR_DestroyLock(gSubjKeyIDLock); + gSubjKeyIDLock = NULL; + } + return SECSuccess; +} + +SECItem* +cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID) +{ + SECItem *val; + + if (!gSubjKeyIDLock) + return NULL; + + PR_Lock(gSubjKeyIDLock); + val = (SECItem*)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID); + if (val) { + val = SECITEM_DupItem(val); + } + PR_Unlock(gSubjKeyIDLock); + return val; +} + +CERTCertificate* +CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle, SECItem *subjKeyID) +{ + CERTCertificate *cert = NULL; + SECItem *derCert; + + derCert = cert_FindDERCertBySubjectKeyID(subjKeyID); + if (derCert) { + cert = CERT_FindCertByDERCert(handle, derCert); + SECITEM_FreeItem(derCert, PR_TRUE); + } + return cert; +} diff --git a/security/nss/lib/certdb/certi.h b/security/nss/lib/certdb/certi.h index 00e575c25..d22acab3d 100644 --- a/security/nss/lib/certdb/certi.h +++ b/security/nss/lib/certdb/certi.h @@ -188,5 +188,26 @@ SECStatus ShutdownCRLCache(void); */ extern char * cert_GetCertificateEmailAddresses(CERTCertificate *cert); +/* + * These functions are used to map subjectKeyID extension values to certs. + */ +SECStatus +cert_CreateSubjectKeyIDHashTable(void); + +SECStatus +cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert); + +/* + * Call this function to remove an entry from the mapping table. + */ +SECStatus +cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID); + +SECStatus +cert_DestroySubjectKeyIDHashTable(void); + +SECItem* +cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID); + #endif /* _CERTI_H_ */ diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c index 9b5979364..e50c66279 100644 --- a/security/nss/lib/certdb/certv3.c +++ b/security/nss/lib/certdb/certv3.c @@ -291,7 +291,7 @@ CERT_FindKeyUsageExtension(CERTCertificate *cert, SECItem *retItem) * get the value of the X.509 v3 Key Usage Extension */ SECStatus -CERT_FindSubjectKeyIDExten(CERTCertificate *cert, SECItem *retItem) +CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem) { SECItem encodedValue; diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 20d45401f..2aaad95e8 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -122,9 +122,9 @@ CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd, * verify the signature of a signed data object with the given DER publickey */ SECStatus -CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd, - CERTSubjectPublicKeyInfo *pubKeyInfo, - void *wincx) +CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd, + CERTSubjectPublicKeyInfo *pubKeyInfo, + void *wincx) { SECKEYPublicKey *pubKey; SECStatus rv = SECFailure; diff --git a/security/nss/lib/ckfw/nssck.api b/security/nss/lib/ckfw/nssck.api index 15a2cc935..4cbe5e8cc 100644 --- a/security/nss/lib/ckfw/nssck.api +++ b/security/nss/lib/ckfw/nssck.api @@ -1874,7 +1874,7 @@ __ADJOIN(MODULE_NAME,C_GetFunctionList) } /* This one is always present */ -#ifdef WIN32 +#if defined(WIN32) || defined(XP_OS2_VACPP) CK_RV _declspec(dllexport) #else CK_RV CK_ENTRY diff --git a/security/nss/lib/crmf/respcmn.c b/security/nss/lib/crmf/respcmn.c index 871ece3ec..c4e1ba9cc 100644 --- a/security/nss/lib/crmf/respcmn.c +++ b/security/nss/lib/crmf/respcmn.c @@ -81,24 +81,17 @@ CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent) PORT_Assert(inCertRepContent != NULL); if (inCertRepContent != NULL && inCertRepContent->poolp != NULL) { - if (!inCertRepContent->isDecoded) { - if (inCertRepContent->response != NULL) { - for (i=0; inCertRepContent->response[i] != NULL; i++) { - certKeyPair = inCertRepContent->response[i]->certifiedKeyPair; - if (certKeyPair != NULL && - certKeyPair->certOrEncCert.choice == cmmfCertificate && - certKeyPair->certOrEncCert.cert.certificate != NULL) { - CERT_DestroyCertificate - (certKeyPair->certOrEncCert.cert.certificate); - } - } - } - if (inCertRepContent->caPubs != NULL) { - for (i=0; inCertRepContent->caPubs[i] != NULL; i++) { - CERT_DestroyCertificate(inCertRepContent->caPubs[i]); - } - } - } + if (inCertRepContent->response != NULL) { + for (i=0; inCertRepContent->response[i] != NULL; i++) { + certKeyPair = inCertRepContent->response[i]->certifiedKeyPair; + if (certKeyPair != NULL && + certKeyPair->certOrEncCert.choice == cmmfCertificate && + certKeyPair->certOrEncCert.cert.certificate != NULL) { + CERT_DestroyCertificate + (certKeyPair->certOrEncCert.cert.certificate); + } + } + } PORT_FreeArena(inCertRepContent->poolp, PR_TRUE); } return SECSuccess; diff --git a/security/nss/lib/cryptohi/hasht.h b/security/nss/lib/cryptohi/hasht.h index 852ee706e..143e37486 100644 --- a/security/nss/lib/cryptohi/hasht.h +++ b/security/nss/lib/cryptohi/hasht.h @@ -47,13 +47,10 @@ typedef struct HASHContextStr HASHContext; * NOTE the order must match the definition of SECHashObjects[]! */ typedef enum { - HASH_AlgNULL = 0, - HASH_AlgMD2 = 1, - HASH_AlgMD5 = 2, - HASH_AlgSHA1 = 3, - HASH_AlgSHA256 = 4, - HASH_AlgSHA384 = 5, - HASH_AlgSHA512 = 6, + HASH_AlgNULL = 0, + HASH_AlgMD2 = 1, + HASH_AlgMD5 = 2, + HASH_AlgSHA1 = 3, HASH_AlgTOTAL } HASH_HashType; @@ -63,10 +60,6 @@ typedef enum { #define MD2_LENGTH 16 #define MD5_LENGTH 16 #define SHA1_LENGTH 20 -#define SHA256_LENGTH 32 -#define SHA384_LENGTH 48 -#define SHA512_LENGTH 64 -#define HASH_LENGTH_MAX SHA512_LENGTH /* * Structure to hold hash computation info and routines diff --git a/security/nss/lib/cryptohi/sechash.c b/security/nss/lib/cryptohi/sechash.c index 715f840cf..36ee1efd2 100644 --- a/security/nss/lib/cryptohi/sechash.c +++ b/security/nss/lib/cryptohi/sechash.c @@ -87,21 +87,6 @@ sha1_NewContext(void) { return (void *) PK11_CreateDigestContext(SEC_OID_SHA1); } -static void * -sha256_NewContext(void) { - return (void *) PK11_CreateDigestContext(SEC_OID_SHA256); -} - -static void * -sha384_NewContext(void) { - return (void *) PK11_CreateDigestContext(SEC_OID_SHA384); -} - -static void * -sha512_NewContext(void) { - return (void *) PK11_CreateDigestContext(SEC_OID_SHA512); -} - const SECHashObject SECHashObjects[] = { { 0, (void * (*)(void)) null_hash_new_context, @@ -139,33 +124,6 @@ const SECHashObject SECHashObjects[] = { (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) PK11_DigestFinal }, - { SHA256_LENGTH, - (void * (*)(void)) sha256_NewContext, - (void * (*)(void *)) PK11_CloneContext, - (void (*)(void *, PRBool)) PK11_DestroyContext, - (void (*)(void *)) PK11_DigestBegin, - (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp, - (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) - PK11_DigestFinal - }, - { SHA384_LENGTH, - (void * (*)(void)) sha384_NewContext, - (void * (*)(void *)) PK11_CloneContext, - (void (*)(void *, PRBool)) PK11_DestroyContext, - (void (*)(void *)) PK11_DigestBegin, - (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp, - (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) - PK11_DigestFinal - }, - { SHA512_LENGTH, - (void * (*)(void)) sha512_NewContext, - (void * (*)(void *)) PK11_CloneContext, - (void (*)(void *, PRBool)) PK11_DestroyContext, - (void (*)(void *)) PK11_DigestBegin, - (void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp, - (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) - PK11_DigestFinal - }, }; const SECHashObject * diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index efc05d1fa..46624d362 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -393,7 +393,7 @@ find_objects PRStatus *statusOpt ) { - CK_RV ckrv; + CK_RV ckrv = CKR_OK; CK_ULONG count; CK_OBJECT_HANDLE *objectHandles; CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE]; @@ -415,6 +415,7 @@ find_objects objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize); } if (!objectHandles) { + ckrv = CKR_HOST_MEMORY; goto loser; } nssSession_EnterMonitor(session); /* ==== session lock === */ @@ -459,6 +460,7 @@ find_objects } if (!objectHandles) { nssSession_ExitMonitor(session); + ckrv = CKR_HOST_MEMORY; goto loser; } } @@ -483,7 +485,23 @@ loser: if (objectHandles && objectHandles != staticObjects) { nss_ZFreeIf(objectHandles); } - if (statusOpt) *statusOpt = PR_FAILURE; + /* + * These errors should be treated the same as if the objects just weren't + * found.. + */ + if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || + (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) || + (ckrv == CKR_DATA_INVALID) || + (ckrv == CKR_DATA_LEN_RANGE) || + (ckrv == CKR_FUNCTION_NOT_SUPPORTED) || + (ckrv == CKR_TEMPLATE_INCOMPLETE) || + (ckrv == CKR_TEMPLATE_INCONSISTENT)) { + + nss_SetError(NSS_ERROR_NOT_FOUND); + if (statusOpt) *statusOpt = PR_SUCCESS; + } else { + if (statusOpt) *statusOpt = PR_FAILURE; + } return (nssCryptokiObject **)NULL; } diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 121eff791..f14da297d 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -707,58 +707,6 @@ extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space); */ extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg); -/******************************************/ - -extern SHA256Context *SHA256_NewContext(void); -extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit); -extern void SHA256_Begin(SHA256Context *cx); -extern void SHA256_Update(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA256_End(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); -extern SECStatus SHA256_Hash(unsigned char *dest, const char *src); -extern void SHA256_TraceState(SHA256Context *cx); -extern unsigned int SHA256_FlattenSize(SHA256Context *cx); -extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space); -extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg); - -/******************************************/ - -extern SHA512Context *SHA512_NewContext(void); -extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit); -extern void SHA512_Begin(SHA512Context *cx); -extern void SHA512_Update(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA512_End(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); -extern SECStatus SHA512_Hash(unsigned char *dest, const char *src); -extern void SHA512_TraceState(SHA512Context *cx); -extern unsigned int SHA512_FlattenSize(SHA512Context *cx); -extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space); -extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg); - -/******************************************/ - -extern SHA384Context *SHA384_NewContext(void); -extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit); -extern void SHA384_Begin(SHA384Context *cx); -extern void SHA384_Update(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA384_End(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src, - uint32 src_length); -extern SECStatus SHA384_Hash(unsigned char *dest, const char *src); -extern void SHA384_TraceState(SHA384Context *cx); -extern unsigned int SHA384_FlattenSize(SHA384Context *cx); -extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space); -extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg); - -/******************************************/ /* ** Pseudo Random Number Generation. FIPS compliance desirable. */ diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 9327c2a10..ef97116e3 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -113,53 +113,9 @@ static const struct FREEBLVectorStr vector = { PQG_ParamGen, PQG_ParamGenSeedLen, PQG_VerifyParams, - - /* End of Version 3.001. */ - RSA_PrivateKeyOpDoubleChecked, RSA_PrivateKeyCheck, BL_Cleanup, - - /* End of Version 3.002. */ - - SHA256_NewContext, - SHA256_DestroyContext, - SHA256_Begin, - SHA256_Update, - SHA256_End, - SHA256_HashBuf, - SHA256_Hash, - SHA256_TraceState, - SHA256_FlattenSize, - SHA256_Flatten, - SHA256_Resurrect, - - SHA512_NewContext, - SHA512_DestroyContext, - SHA512_Begin, - SHA512_Update, - SHA512_End, - SHA512_HashBuf, - SHA512_Hash, - SHA512_TraceState, - SHA512_FlattenSize, - SHA512_Flatten, - SHA512_Resurrect, - - SHA384_NewContext, - SHA384_DestroyContext, - SHA384_Begin, - SHA384_Update, - SHA384_End, - SHA384_HashBuf, - SHA384_Hash, - SHA384_TraceState, - SHA384_FlattenSize, - SHA384_Flatten, - SHA384_Resurrect, - - /* End of Version 3.003. */ - }; diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 489b66f1a..2bab1fe42 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -959,278 +959,3 @@ BL_Cleanup(void) (vector->p_BL_Cleanup)(); } -/* ============== New for 3.003 =============================== */ - -SECStatus -SHA256_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA256_Hash)(dest, src); -} - -SECStatus -SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA256_HashBuf)(dest, src, src_length); -} - -SHA256Context * -SHA256_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA256_NewContext)(); -} - -void -SHA256_DestroyContext(SHA256Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_DestroyContext)(cx, freeit); -} - -void -SHA256_Begin(SHA256Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_Begin)(cx); -} - -void -SHA256_Update(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_Update)(cx, input, inputLen); -} - -void -SHA256_End(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA256_TraceState(SHA256Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA256_TraceState)(cx); -} - -unsigned int -SHA256_FlattenSize(SHA256Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA256_FlattenSize)(cx); -} - -SECStatus -SHA256_Flatten(SHA256Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA256_Flatten)(cx, space); -} - -SHA256Context * -SHA256_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA256_Resurrect)(space, arg); -} - -SECStatus -SHA512_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA512_Hash)(dest, src); -} - -SECStatus -SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA512_HashBuf)(dest, src, src_length); -} - -SHA512Context * -SHA512_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA512_NewContext)(); -} - -void -SHA512_DestroyContext(SHA512Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_DestroyContext)(cx, freeit); -} - -void -SHA512_Begin(SHA512Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_Begin)(cx); -} - -void -SHA512_Update(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_Update)(cx, input, inputLen); -} - -void -SHA512_End(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA512_TraceState(SHA512Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA512_TraceState)(cx); -} - -unsigned int -SHA512_FlattenSize(SHA512Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA512_FlattenSize)(cx); -} - -SECStatus -SHA512_Flatten(SHA512Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA512_Flatten)(cx, space); -} - -SHA512Context * -SHA512_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA512_Resurrect)(space, arg); -} - - -SECStatus -SHA384_Hash(unsigned char *dest, const char *src) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA384_Hash)(dest, src); -} - -SECStatus -SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA384_HashBuf)(dest, src, src_length); -} - -SHA384Context * -SHA384_NewContext(void) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA384_NewContext)(); -} - -void -SHA384_DestroyContext(SHA384Context *cx, PRBool freeit) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_DestroyContext)(cx, freeit); -} - -void -SHA384_Begin(SHA384Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_Begin)(cx); -} - -void -SHA384_Update(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_Update)(cx, input, inputLen); -} - -void -SHA384_End(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen); -} - -void -SHA384_TraceState(SHA384Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return ; - (vector->p_SHA384_TraceState)(cx); -} - -unsigned int -SHA384_FlattenSize(SHA384Context *cx) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return 0; - return (vector->p_SHA384_FlattenSize)(cx); -} - -SECStatus -SHA384_Flatten(SHA384Context *cx,unsigned char *space) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return SECFailure; - return (vector->p_SHA384_Flatten)(cx, space); -} - -SHA384Context * -SHA384_Resurrect(unsigned char *space, void *arg) -{ - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_SHA384_Resurrect)(space, arg); -} - - - diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index 634fb7865..be2cc0906 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -40,7 +40,7 @@ #include "blapi.h" -#define FREEBL_VERSION 0x0303 +#define FREEBL_VERSION 0x0302 struct FREEBLVectorStr { @@ -265,53 +265,6 @@ struct FREEBLVectorStr { /* Version 3.002 came to here */ - SHA256Context *(* p_SHA256_NewContext)(void); - void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit); - void (* p_SHA256_Begin)(SHA256Context *cx); - void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen); - void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src); - void (* p_SHA256_TraceState)(SHA256Context *cx); - unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx); - SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space); - SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg); - - SHA512Context *(* p_SHA512_NewContext)(void); - void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit); - void (* p_SHA512_Begin)(SHA512Context *cx); - void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen); - void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src); - void (* p_SHA512_TraceState)(SHA512Context *cx); - unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx); - SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space); - SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg); - - SHA384Context *(* p_SHA384_NewContext)(void); - void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit); - void (* p_SHA384_Begin)(SHA384Context *cx); - void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen); - void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src, - uint32 src_length); - SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src); - void (* p_SHA384_TraceState)(SHA384Context *cx); - unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx); - SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space); - SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg); - - /* Version 3.003 came to here */ - }; typedef struct FREEBLVectorStr FREEBLVector; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index d8c0d97fb..50b48d289 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -81,7 +81,6 @@ CSRCS = \ sha_fast.c \ md2.c \ md5.c \ - sha512.c \ alg2268.c \ arcfour.c \ arcfive.c \ diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 499335e5f..3d7264c30 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -717,11 +717,21 @@ SECKEY_CopyPublicKey; ;+NSS_3.7 { # NSS 3.7 release ;+ global: CERT_CRLCacheRefreshIssuer; +CERT_DestroyOCSPResponse; CERT_EncodeAltNameExtension; +CERT_FindCertBySubjectKeyID; +CERT_FindSubjectKeyIDExtension; CERT_GetFirstEmailAddress; CERT_GetNextEmailAddress; -CERT_VerifySignedDataWithPubKeyInfo; CERT_VerifySignedDataWithPublicKey; +CERT_VerifySignedDataWithPublicKeyInfo; +PK11_WaitForTokenEvent; +;+ local: +;+ *; +;+}; +;+NSS_3.7.1 { # NSS 3.7.1 release +;+ global: +PK11_TokenRefresh; ;+ local: ;+ *; ;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index dbe04620b..c260d9a7e 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -49,11 +49,11 @@ SEC_BEGIN_PROTOS * The format of the version string should be * "<major version>.<minor version>[.<patch level>] [<Beta>]" */ -#define NSS_VERSION "3.7 Beta" +#define NSS_VERSION "3.7.3" #define NSS_VMAJOR 3 #define NSS_VMINOR 7 -#define NSS_VPATCH 0 -#define NSS_BETA PR_TRUE +#define NSS_VPATCH 3 +#define NSS_BETA PR_FALSE /* diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index 3d8b2d4c2..c2f72091a 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -49,9 +49,12 @@ #include "nss.h" #include "secrng.h" #include "pk11func.h" +#include "secerr.h" +#include "nssbase.h" #include "pki3hack.h" #include "certi.h" +#include "secmodi.h" /* * On Windows nss3.dll needs to export the symbol 'mktemp' to be @@ -463,8 +466,9 @@ loser: } if (rv == SECSuccess) { - /* can this function fail?? */ - STAN_LoadDefaultNSS3TrustDomain(); + if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) { + return SECFailure; + } CERT_SetDefaultCertDB((CERTCertDBHandle *) STAN_GetDefaultTrustDomain()); #ifndef XP_MAC @@ -476,6 +480,8 @@ loser: } #endif pk11sdr_Init(); + cert_CreateSubjectKeyIDHashTable(); + SECMOD_InitCallOnce(); nss_IsInitted = PR_TRUE; } return rv; @@ -537,16 +543,27 @@ NSS_NoDB_Init(const char * configdir) PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE); } +extern const NSSError NSS_ERROR_BUSY; + SECStatus NSS_Shutdown(void) { SECStatus rv; + PRStatus status; ShutdownCRLCache(); SECOID_Shutdown(); - STAN_Shutdown(); + status = STAN_Shutdown(); + cert_DestroySubjectKeyIDHashTable(); + SECMOD_CleanupCallOnce(); rv = SECMOD_Shutdown(); pk11sdr_Shutdown(); + if (status == PR_FAILURE) { + if (NSS_GetError() == NSS_ERROR_BUSY) { + PORT_SetError(SEC_ERROR_BUSY); + } + rv = SECFailure; + } nss_IsInitted = PR_FALSE; return rv; } diff --git a/security/nss/lib/pk11wrap/debug_module.c b/security/nss/lib/pk11wrap/debug_module.c index 34cd54384..e2b204f65 100644 --- a/security/nss/lib/pk11wrap/debug_module.c +++ b/security/nss/lib/pk11wrap/debug_module.c @@ -270,232 +270,97 @@ static void print_mechanism(CK_MECHANISM_PTR m) PR_LOG(modlog, 4, (" mechanism = 0x%p", m->mechanism)); } -struct nssdbg_prof_str { - PRUint32 time; - PRUint32 calls; - char *function; -}; - -#define NSSDBG_DEFINE(func) { 0, 0, #func } - -struct nssdbg_prof_str nssdbg_prof_data[] = { -#define FUNC_C_INITIALIZE 0 - NSSDBG_DEFINE(C_Initialize), -#define FUNC_C_FINALIZE 1 - NSSDBG_DEFINE(C_Finalize), -#define FUNC_C_GETINFO 2 - NSSDBG_DEFINE(C_GetInfo), -#define FUNC_C_GETFUNCITONLIST 3 - NSSDBG_DEFINE(C_GetFunctionList), -#define FUNC_C_GETSLOTLIST 4 - NSSDBG_DEFINE(C_GetSlotList), -#define FUNC_C_GETSLOTINFO 5 - NSSDBG_DEFINE(C_GetSlotInfo), -#define FUNC_C_GETTOKENINFO 6 - NSSDBG_DEFINE(C_GetTokenInfo), -#define FUNC_C_GETMECHANISMLIST 7 - NSSDBG_DEFINE(C_GetMechanismList), -#define FUNC_C_GETMECHANISMINFO 8 - NSSDBG_DEFINE(C_GetMechanismInfo), -#define FUNC_C_INITTOKEN 9 - NSSDBG_DEFINE(C_InitToken), -#define FUNC_C_INITPIN 10 - NSSDBG_DEFINE(C_InitPIN), -#define FUNC_C_SETPIN 11 - NSSDBG_DEFINE(C_SetPIN), -#define FUNC_C_OPENSESSION 12 - NSSDBG_DEFINE(C_OpenSession), -#define FUNC_C_CLOSESESSION 13 - NSSDBG_DEFINE(C_CloseSession), -#define FUNC_C_CLOSEALLSESSIONS 14 - NSSDBG_DEFINE(C_CloseAllSessions), -#define FUNC_C_GETSESSIONINFO 15 - NSSDBG_DEFINE(C_GetSessionInfo), -#define FUNC_C_GETOPERATIONSTATE 16 - NSSDBG_DEFINE(C_GetOperationState), -#define FUNC_C_SETOPERATIONSTATE 17 - NSSDBG_DEFINE(C_SetOperationState), -#define FUNC_C_LOGIN 18 - NSSDBG_DEFINE(C_Login), -#define FUNC_C_LOGOUT 19 - NSSDBG_DEFINE(C_Logout), -#define FUNC_C_CREATEOBJECT 20 - NSSDBG_DEFINE(C_CreateObject), -#define FUNC_C_COPYOBJECT 21 - NSSDBG_DEFINE(C_CopyObject), -#define FUNC_C_DESTROYOBJECT 22 - NSSDBG_DEFINE(C_DestroyObject), -#define FUNC_C_GETOBJECTSIZE 23 - NSSDBG_DEFINE(C_GetObjectSize), -#define FUNC_C_GETATTRIBUTEVALUE 24 - NSSDBG_DEFINE(C_GetAttributeValue), -#define FUNC_C_SETATTRIBUTEVALUE 25 - NSSDBG_DEFINE(C_SetAttributeValue), -#define FUNC_C_FINDOBJECTSINIT 26 - NSSDBG_DEFINE(C_FindObjectsInit), -#define FUNC_C_FINDOBJECTS 27 - NSSDBG_DEFINE(C_FindObjects), -#define FUNC_C_FINDOBJECTSFINAL 28 - NSSDBG_DEFINE(C_FindObjectsFinal), -#define FUNC_C_ENCRYPTINIT 29 - NSSDBG_DEFINE(C_EncryptInit), -#define FUNC_C_ENCRYPT 30 - NSSDBG_DEFINE(C_Encrypt), -#define FUNC_C_ENCRYPTUPDATE 31 - NSSDBG_DEFINE(C_EncryptUpdate), -#define FUNC_C_ENCRYPTFINAL 32 - NSSDBG_DEFINE(C_EncryptFinal), -#define FUNC_C_DECRYPTINIT 33 - NSSDBG_DEFINE(C_DecryptInit), -#define FUNC_C_DECRYPT 34 - NSSDBG_DEFINE(C_Decrypt), -#define FUNC_C_DECRYPTUPDATE 35 - NSSDBG_DEFINE(C_DecryptUpdate), -#define FUNC_C_DECRYPTFINAL 36 - NSSDBG_DEFINE(C_DecryptFinal), -#define FUNC_C_DIGESTINIT 37 - NSSDBG_DEFINE(C_DigestInit), -#define FUNC_C_DIGEST 38 - NSSDBG_DEFINE(C_Digest), -#define FUNC_C_DIGESTUPDATE 39 - NSSDBG_DEFINE(C_DigestUpdate), -#define FUNC_C_DIGESTKEY 40 - NSSDBG_DEFINE(C_DigestKey), -#define FUNC_C_DIGESTFINAL 41 - NSSDBG_DEFINE(C_DigestFinal), -#define FUNC_C_SIGNINIT 42 - NSSDBG_DEFINE(C_SignInit), -#define FUNC_C_SIGN 43 - NSSDBG_DEFINE(C_Sign), -#define FUNC_C_SIGNUPDATE 44 - NSSDBG_DEFINE(C_SignUpdate), -#define FUNC_C_SIGNFINAL 45 - NSSDBG_DEFINE(C_SignFinal), -#define FUNC_C_SIGNRECOVERINIT 46 - NSSDBG_DEFINE(C_SignRecoverInit), -#define FUNC_C_SIGNRECOVER 47 - NSSDBG_DEFINE(C_SignRecover), -#define FUNC_C_VERIFYINIT 48 - NSSDBG_DEFINE(C_VerifyInit), -#define FUNC_C_VERIFY 49 - NSSDBG_DEFINE(C_Verify), -#define FUNC_C_VERIFYUPDATE 50 - NSSDBG_DEFINE(C_VerifyUpdate), -#define FUNC_C_VERIFYFINAL 51 - NSSDBG_DEFINE(C_VerifyFinal), -#define FUNC_C_VERIFYRECOVERINIT 52 - NSSDBG_DEFINE(C_VerifyRecoverInit), -#define FUNC_C_VERIFYRECOVER 53 - NSSDBG_DEFINE(C_VerifyRecover), -#define FUNC_C_DIGESTENCRYPTUPDATE 54 - NSSDBG_DEFINE(C_DigestEncryptUpdate), -#define FUNC_C_DECRYPTDIGESTUPDATE 55 - NSSDBG_DEFINE(C_DecryptDigestUpdate), -#define FUNC_C_SIGNENCRYPTUPDATE 56 - NSSDBG_DEFINE(C_SignEncryptUpdate), -#define FUNC_C_DECRYPTVERIFYUPDATE 57 - NSSDBG_DEFINE(C_DecryptVerifyUpdate), -#define FUNC_C_GENERATEKEY 58 - NSSDBG_DEFINE(C_GenerateKey), -#define FUNC_C_GENERATEKEYPAIR 59 - NSSDBG_DEFINE(C_GenerateKeyPair), -#define FUNC_C_WRAPKEY 60 - NSSDBG_DEFINE(C_WrapKey), -#define FUNC_C_UNWRAPKEY 61 - NSSDBG_DEFINE(C_UnWrapKey), -#define FUNC_C_DERIVEKEY 62 - NSSDBG_DEFINE(C_DeriveKey), -#define FUNC_C_SEEDRANDOM 63 - NSSDBG_DEFINE(C_SeedRandom), -#define FUNC_C_GENERATERANDOM 64 - NSSDBG_DEFINE(C_GenerateRandom), -#define FUNC_C_GETFUNCTIONSTATUS 65 - NSSDBG_DEFINE(C_GetFunctionStatus), -#define FUNC_C_CANCELFUNCTION 66 - NSSDBG_DEFINE(C_CancelFunction), -#define FUNC_C_WAITFORSLOTEVENT 67 - NSSDBG_DEFINE(C_WaitForSlotEvent) -}; - -int nssdbg_prof_size = sizeof(nssdbg_prof_data)/sizeof(nssdbg_prof_data[0]); - - -static void nssdbg_finish_time(PRInt32 fun_number, PRIntervalTime start) +#define MAX_UINT32 0xffffffff + +static void nssdbg_finish_time(PRInt32 *counter, PRIntervalTime start) { PRIntervalTime ival; PRIntervalTime end = PR_IntervalNow(); - ival = end-start; - /* sigh, lie to PRAtomic add and say we are using signed values */ - PR_AtomicAdd((PRInt32 *)&nssdbg_prof_data[fun_number].time, (PRInt32)ival); -} - -static void nssdbg_start_time(PRInt32 fun_number, PRIntervalTime *start) -{ - PR_AtomicIncrement((PRInt32 *)&nssdbg_prof_data[fun_number].calls); - *start = PR_IntervalNow(); + if (end >= start) { + ival = PR_IntervalToMilliseconds(end-start); + } else { + /* the interval timer rolled over. presume it only tripped once */ + ival = PR_IntervalToMilliseconds(MAX_UINT32-start) + + PR_IntervalToMilliseconds(end); + } + PR_AtomicAdd(counter, ival); } +static PRInt32 counter_C_Initialize = 0; +static PRInt32 calls_C_Initialize = 0; CK_RV NSSDBGC_Initialize( CK_VOID_PTR pInitArgs ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Initialize); PR_LOG(modlog, 1, ("C_Initialize")); PR_LOG(modlog, 3, (" pInitArgs = 0x%p", pInitArgs)); - nssdbg_start_time(FUNC_C_INITIALIZE,&start); + start = PR_IntervalNow(); rv = module_functions->C_Initialize(pInitArgs); - nssdbg_finish_time(FUNC_C_INITIALIZE,start); + nssdbg_finish_time(&counter_C_Initialize,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Finalize = 0; +static PRInt32 calls_C_Finalize = 0; CK_RV NSSDBGC_Finalize( CK_VOID_PTR pReserved ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Finalize); PR_LOG(modlog, 1, ("C_Finalize")); PR_LOG(modlog, 3, (" pReserved = 0x%p", pReserved)); - nssdbg_start_time(FUNC_C_FINALIZE,&start); + start = PR_IntervalNow(); rv = module_functions->C_Finalize(pReserved); - nssdbg_finish_time(FUNC_C_FINALIZE,start); + nssdbg_finish_time(&counter_C_Finalize,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetInfo = 0; +static PRInt32 calls_C_GetInfo = 0; CK_RV NSSDBGC_GetInfo( CK_INFO_PTR pInfo ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetInfo); PR_LOG(modlog, 1, ("C_GetInfo")); PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); - nssdbg_start_time(FUNC_C_GETINFO,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetInfo(pInfo); - nssdbg_finish_time(FUNC_C_GETINFO,start); + nssdbg_finish_time(&counter_C_GetInfo,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetFunctionList = 0; +static PRInt32 calls_C_GetFunctionList = 0; CK_RV NSSDBGC_GetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppFunctionList ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetFunctionList); PR_LOG(modlog, 1, ("C_GetFunctionList")); PR_LOG(modlog, 3, (" ppFunctionList = 0x%p", ppFunctionList)); - nssdbg_start_time(FUNC_C_GETFUNCITONLIST,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetFunctionList(ppFunctionList); - nssdbg_finish_time(FUNC_C_GETFUNCITONLIST,start); + nssdbg_finish_time(&counter_C_GetFunctionList,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetSlotList = 0; +static PRInt32 calls_C_GetSlotList = 0; CK_RV NSSDBGC_GetSlotList( CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, @@ -505,15 +370,16 @@ CK_RV NSSDBGC_GetSlotList( CK_RV rv; PRIntervalTime start; CK_ULONG i; + PR_AtomicIncrement(&calls_C_GetSlotList); PR_LOG(modlog, 1, ("C_GetSlotList")); PR_LOG(modlog, 3, (" tokenPresent = 0x%x", tokenPresent)); PR_LOG(modlog, 3, (" pSlotList = 0x%p", pSlotList)); PR_LOG(modlog, 3, (" pulCount = 0x%p", pulCount)); - nssdbg_start_time(FUNC_C_GETSLOTLIST,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetSlotList(tokenPresent, pSlotList, pulCount); - nssdbg_finish_time(FUNC_C_GETSLOTLIST,start); + nssdbg_finish_time(&counter_C_GetSlotList,start); PR_LOG(modlog, 4, (" *pulCount = 0x%x", *pulCount)); if (pSlotList) { for (i=0; i<*pulCount; i++) { @@ -524,6 +390,8 @@ CK_RV NSSDBGC_GetSlotList( return rv; } +static PRInt32 counter_C_GetSlotInfo = 0; +static PRInt32 calls_C_GetSlotInfo = 0; CK_RV NSSDBGC_GetSlotInfo( CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo @@ -531,17 +399,20 @@ CK_RV NSSDBGC_GetSlotInfo( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetSlotInfo); PR_LOG(modlog, 1, ("C_GetSlotInfo")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); - nssdbg_start_time(FUNC_C_GETSLOTINFO,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetSlotInfo(slotID, pInfo); - nssdbg_finish_time(FUNC_C_GETSLOTINFO,start); + nssdbg_finish_time(&counter_C_GetSlotInfo,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetTokenInfo = 0; +static PRInt32 calls_C_GetTokenInfo = 0; CK_RV NSSDBGC_GetTokenInfo( CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo @@ -549,17 +420,20 @@ CK_RV NSSDBGC_GetTokenInfo( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetTokenInfo); PR_LOG(modlog, 1, ("C_GetTokenInfo")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); - nssdbg_start_time(FUNC_C_GETTOKENINFO,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetTokenInfo(slotID, pInfo); - nssdbg_finish_time(FUNC_C_GETTOKENINFO,start); + nssdbg_finish_time(&counter_C_GetTokenInfo,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetMechanismList = 0; +static PRInt32 calls_C_GetMechanismList = 0; CK_RV NSSDBGC_GetMechanismList( CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, @@ -568,20 +442,23 @@ CK_RV NSSDBGC_GetMechanismList( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetMechanismList); PR_LOG(modlog, 1, ("C_GetMechanismList")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); PR_LOG(modlog, 3, (" pMechanismList = 0x%p", pMechanismList)); PR_LOG(modlog, 3, (" pulCount = 0x%p", pulCount)); - nssdbg_start_time(FUNC_C_GETMECHANISMLIST,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetMechanismList(slotID, pMechanismList, pulCount); - nssdbg_finish_time(FUNC_C_GETMECHANISMLIST,start); + nssdbg_finish_time(&counter_C_GetMechanismList,start); PR_LOG(modlog, 4, (" *pulCount = 0x%x", *pulCount)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetMechanismInfo = 0; +static PRInt32 calls_C_GetMechanismInfo = 0; CK_RV NSSDBGC_GetMechanismInfo( CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, @@ -590,19 +467,22 @@ CK_RV NSSDBGC_GetMechanismInfo( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetMechanismInfo); PR_LOG(modlog, 1, ("C_GetMechanismInfo")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); PR_LOG(modlog, 3, (" type = 0x%x", type)); PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); - nssdbg_start_time(FUNC_C_GETMECHANISMINFO,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetMechanismInfo(slotID, type, pInfo); - nssdbg_finish_time(FUNC_C_GETMECHANISMINFO,start); + nssdbg_finish_time(&counter_C_GetMechanismInfo,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_InitToken = 0; +static PRInt32 calls_C_InitToken = 0; CK_RV NSSDBGC_InitToken( CK_SLOT_ID slotID, CK_CHAR_PTR pPin, @@ -612,21 +492,24 @@ CK_RV NSSDBGC_InitToken( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_InitToken); PR_LOG(modlog, 1, ("C_InitToken")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); PR_LOG(modlog, 3, (" pPin = 0x%p", pPin)); PR_LOG(modlog, 3, (" ulPinLen = %d", ulPinLen)); PR_LOG(modlog, 3, (" pLabel = 0x%p", pLabel)); - nssdbg_start_time(FUNC_C_INITTOKEN,&start); + start = PR_IntervalNow(); rv = module_functions->C_InitToken(slotID, pPin, ulPinLen, pLabel); - nssdbg_finish_time(FUNC_C_INITTOKEN,start); + nssdbg_finish_time(&counter_C_InitToken,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_InitPIN = 0; +static PRInt32 calls_C_InitPIN = 0; CK_RV NSSDBGC_InitPIN( CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, @@ -635,19 +518,22 @@ CK_RV NSSDBGC_InitPIN( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_InitPIN); PR_LOG(modlog, 1, ("C_InitPIN")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPin = 0x%p", pPin)); PR_LOG(modlog, 3, (" ulPinLen = %d", ulPinLen)); - nssdbg_start_time(FUNC_C_INITPIN,&start); + start = PR_IntervalNow(); rv = module_functions->C_InitPIN(hSession, pPin, ulPinLen); - nssdbg_finish_time(FUNC_C_INITPIN,start); + nssdbg_finish_time(&counter_C_InitPIN,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SetPIN = 0; +static PRInt32 calls_C_SetPIN = 0; CK_RV NSSDBGC_SetPIN( CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, @@ -658,25 +544,28 @@ CK_RV NSSDBGC_SetPIN( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SetPIN); PR_LOG(modlog, 1, ("C_SetPIN")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pOldPin = 0x%p", pOldPin)); PR_LOG(modlog, 3, (" ulOldLen = %d", ulOldLen)); PR_LOG(modlog, 3, (" pNewPin = 0x%p", pNewPin)); PR_LOG(modlog, 3, (" ulNewLen = %d", ulNewLen)); - nssdbg_start_time(FUNC_C_SETPIN,&start); + start = PR_IntervalNow(); rv = module_functions->C_SetPIN(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen); - nssdbg_finish_time(FUNC_C_SETPIN,start); + nssdbg_finish_time(&counter_C_SetPIN,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } -static PRUint32 numOpenSessions = 0; -static PRUint32 maxOpenSessions = 0; +static PRInt32 counter_C_OpenSession = 0; +static PRInt32 calls_C_OpenSession = 0; +static PRInt32 numOpenSessions = 0; +static PRInt32 maxOpenSessions = 0; CK_RV NSSDBGC_OpenSession( CK_SLOT_ID slotID, CK_FLAGS flags, @@ -687,7 +576,8 @@ CK_RV NSSDBGC_OpenSession( { CK_RV rv; PRIntervalTime start; - PR_AtomicIncrement((PRInt32 *)&numOpenSessions); + PR_AtomicIncrement(&calls_C_OpenSession); + PR_AtomicIncrement(&numOpenSessions); maxOpenSessions = PR_MAX(numOpenSessions, maxOpenSessions); PR_LOG(modlog, 1, ("C_OpenSession")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); @@ -695,49 +585,57 @@ CK_RV NSSDBGC_OpenSession( PR_LOG(modlog, 3, (" pApplication = 0x%p", pApplication)); PR_LOG(modlog, 3, (" Notify = 0x%x", Notify)); PR_LOG(modlog, 3, (" phSession = 0x%p", phSession)); - nssdbg_start_time(FUNC_C_OPENSESSION,&start); + start = PR_IntervalNow(); rv = module_functions->C_OpenSession(slotID, flags, pApplication, Notify, phSession); - nssdbg_finish_time(FUNC_C_OPENSESSION,start); + nssdbg_finish_time(&counter_C_OpenSession,start); PR_LOG(modlog, 4, (" *phSession = 0x%x", *phSession)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_CloseSession = 0; +static PRInt32 calls_C_CloseSession = 0; CK_RV NSSDBGC_CloseSession( CK_SESSION_HANDLE hSession ) { CK_RV rv; PRIntervalTime start; - PR_AtomicDecrement((PRInt32 *)&numOpenSessions); + PR_AtomicIncrement(&calls_C_CloseSession); + PR_AtomicDecrement(&numOpenSessions); PR_LOG(modlog, 1, ("C_CloseSession")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - nssdbg_start_time(FUNC_C_CLOSESESSION,&start); + start = PR_IntervalNow(); rv = module_functions->C_CloseSession(hSession); - nssdbg_finish_time(FUNC_C_CLOSESESSION,start); + nssdbg_finish_time(&counter_C_CloseSession,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_CloseAllSessions = 0; +static PRInt32 calls_C_CloseAllSessions = 0; CK_RV NSSDBGC_CloseAllSessions( CK_SLOT_ID slotID ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_CloseAllSessions); PR_LOG(modlog, 1, ("C_CloseAllSessions")); PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); - nssdbg_start_time(FUNC_C_CLOSEALLSESSIONS,&start); + start = PR_IntervalNow(); rv = module_functions->C_CloseAllSessions(slotID); - nssdbg_finish_time(FUNC_C_CLOSEALLSESSIONS,start); + nssdbg_finish_time(&counter_C_CloseAllSessions,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetSessionInfo = 0; +static PRInt32 calls_C_GetSessionInfo = 0; CK_RV NSSDBGC_GetSessionInfo( CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo @@ -745,17 +643,20 @@ CK_RV NSSDBGC_GetSessionInfo( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetSessionInfo); PR_LOG(modlog, 1, ("C_GetSessionInfo")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); - nssdbg_start_time(FUNC_C_GETSESSIONINFO,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetSessionInfo(hSession, pInfo); - nssdbg_finish_time(FUNC_C_GETSESSIONINFO,start); + nssdbg_finish_time(&counter_C_GetSessionInfo,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetOperationState = 0; +static PRInt32 calls_C_GetOperationState = 0; CK_RV NSSDBGC_GetOperationState( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, @@ -764,20 +665,23 @@ CK_RV NSSDBGC_GetOperationState( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetOperationState); PR_LOG(modlog, 1, ("C_GetOperationState")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pOperationState = 0x%p", pOperationState)); PR_LOG(modlog, 3, (" pulOperationStateLen = 0x%p", pulOperationStateLen)); - nssdbg_start_time(FUNC_C_GETOPERATIONSTATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetOperationState(hSession, pOperationState, pulOperationStateLen); - nssdbg_finish_time(FUNC_C_GETOPERATIONSTATE,start); + nssdbg_finish_time(&counter_C_GetOperationState,start); PR_LOG(modlog, 4, (" *pulOperationStateLen = 0x%x", *pulOperationStateLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SetOperationState = 0; +static PRInt32 calls_C_SetOperationState = 0; CK_RV NSSDBGC_SetOperationState( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, @@ -788,23 +692,26 @@ CK_RV NSSDBGC_SetOperationState( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SetOperationState); PR_LOG(modlog, 1, ("C_SetOperationState")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pOperationState = 0x%p", pOperationState)); PR_LOG(modlog, 3, (" ulOperationStateLen = %d", ulOperationStateLen)); PR_LOG(modlog, 3, (" hEncryptionKey = 0x%x", hEncryptionKey)); PR_LOG(modlog, 3, (" hAuthenticationKey = 0x%x", hAuthenticationKey)); - nssdbg_start_time(FUNC_C_SETOPERATIONSTATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_SetOperationState(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey); - nssdbg_finish_time(FUNC_C_SETOPERATIONSTATE,start); + nssdbg_finish_time(&counter_C_SetOperationState,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Login = 0; +static PRInt32 calls_C_Login = 0; CK_RV NSSDBGC_Login( CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, @@ -814,36 +721,42 @@ CK_RV NSSDBGC_Login( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Login); PR_LOG(modlog, 1, ("C_Login")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" userType = 0x%x", userType)); PR_LOG(modlog, 3, (" pPin = 0x%p", pPin)); PR_LOG(modlog, 3, (" ulPinLen = %d", ulPinLen)); - nssdbg_start_time(FUNC_C_LOGIN,&start); + start = PR_IntervalNow(); rv = module_functions->C_Login(hSession, userType, pPin, ulPinLen); - nssdbg_finish_time(FUNC_C_LOGIN,start); + nssdbg_finish_time(&counter_C_Login,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Logout = 0; +static PRInt32 calls_C_Logout = 0; CK_RV NSSDBGC_Logout( CK_SESSION_HANDLE hSession ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Logout); PR_LOG(modlog, 1, ("C_Logout")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - nssdbg_start_time(FUNC_C_LOGOUT,&start); + start = PR_IntervalNow(); rv = module_functions->C_Logout(hSession); - nssdbg_finish_time(FUNC_C_LOGOUT,start); + nssdbg_finish_time(&counter_C_Logout,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_CreateObject = 0; +static PRInt32 calls_C_CreateObject = 0; CK_RV NSSDBGC_CreateObject( CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, @@ -853,23 +766,26 @@ CK_RV NSSDBGC_CreateObject( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_CreateObject); PR_LOG(modlog, 1, ("C_CreateObject")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); PR_LOG(modlog, 3, (" phObject = 0x%p", phObject)); print_template(pTemplate, ulCount); - nssdbg_start_time(FUNC_C_CREATEOBJECT,&start); + start = PR_IntervalNow(); rv = module_functions->C_CreateObject(hSession, pTemplate, ulCount, phObject); - nssdbg_finish_time(FUNC_C_CREATEOBJECT,start); + nssdbg_finish_time(&counter_C_CreateObject,start); PR_LOG(modlog, 4, (" *phObject = 0x%x", *phObject)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_CopyObject = 0; +static PRInt32 calls_C_CopyObject = 0; CK_RV NSSDBGC_CopyObject( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, @@ -880,6 +796,7 @@ CK_RV NSSDBGC_CopyObject( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_CopyObject); PR_LOG(modlog, 1, ("C_CopyObject")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); @@ -887,18 +804,20 @@ CK_RV NSSDBGC_CopyObject( PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); PR_LOG(modlog, 3, (" phNewObject = 0x%p", phNewObject)); print_template(pTemplate, ulCount); - nssdbg_start_time(FUNC_C_COPYOBJECT,&start); + start = PR_IntervalNow(); rv = module_functions->C_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject); - nssdbg_finish_time(FUNC_C_COPYOBJECT,start); + nssdbg_finish_time(&counter_C_CopyObject,start); PR_LOG(modlog, 4, (" *phNewObject = 0x%x", *phNewObject)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DestroyObject = 0; +static PRInt32 calls_C_DestroyObject = 0; CK_RV NSSDBGC_DestroyObject( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject @@ -906,17 +825,20 @@ CK_RV NSSDBGC_DestroyObject( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DestroyObject); PR_LOG(modlog, 1, ("C_DestroyObject")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); - nssdbg_start_time(FUNC_C_DESTROYOBJECT,&start); + start = PR_IntervalNow(); rv = module_functions->C_DestroyObject(hSession, hObject); - nssdbg_finish_time(FUNC_C_DESTROYOBJECT,start); + nssdbg_finish_time(&counter_C_DestroyObject,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetObjectSize = 0; +static PRInt32 calls_C_GetObjectSize = 0; CK_RV NSSDBGC_GetObjectSize( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, @@ -925,20 +847,23 @@ CK_RV NSSDBGC_GetObjectSize( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetObjectSize); PR_LOG(modlog, 1, ("C_GetObjectSize")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); PR_LOG(modlog, 3, (" pulSize = 0x%p", pulSize)); - nssdbg_start_time(FUNC_C_GETOBJECTSIZE,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetObjectSize(hSession, hObject, pulSize); - nssdbg_finish_time(FUNC_C_GETOBJECTSIZE,start); + nssdbg_finish_time(&counter_C_GetObjectSize,start); PR_LOG(modlog, 4, (" *pulSize = 0x%x", *pulSize)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetAttributeValue = 0; +static PRInt32 calls_C_GetAttributeValue = 0; CK_RV NSSDBGC_GetAttributeValue( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, @@ -948,22 +873,25 @@ CK_RV NSSDBGC_GetAttributeValue( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetAttributeValue); PR_LOG(modlog, 1, ("C_GetAttributeValue")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); - nssdbg_start_time(FUNC_C_GETATTRIBUTEVALUE,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetAttributeValue(hSession, hObject, pTemplate, ulCount); - nssdbg_finish_time(FUNC_C_GETATTRIBUTEVALUE,start); + nssdbg_finish_time(&counter_C_GetAttributeValue,start); print_template(pTemplate, ulCount); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SetAttributeValue = 0; +static PRInt32 calls_C_SetAttributeValue = 0; CK_RV NSSDBGC_SetAttributeValue( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, @@ -973,22 +901,25 @@ CK_RV NSSDBGC_SetAttributeValue( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SetAttributeValue); PR_LOG(modlog, 1, ("C_SetAttributeValue")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); print_template(pTemplate, ulCount); - nssdbg_start_time(FUNC_C_SETATTRIBUTEVALUE,&start); + start = PR_IntervalNow(); rv = module_functions->C_SetAttributeValue(hSession, hObject, pTemplate, ulCount); - nssdbg_finish_time(FUNC_C_SETATTRIBUTEVALUE,start); + nssdbg_finish_time(&counter_C_SetAttributeValue,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_FindObjectsInit = 0; +static PRInt32 calls_C_FindObjectsInit = 0; CK_RV NSSDBGC_FindObjectsInit( CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, @@ -997,20 +928,23 @@ CK_RV NSSDBGC_FindObjectsInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_FindObjectsInit); PR_LOG(modlog, 1, ("C_FindObjectsInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); print_template(pTemplate, ulCount); - nssdbg_start_time(FUNC_C_FINDOBJECTSINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_FindObjectsInit(hSession, pTemplate, ulCount); - nssdbg_finish_time(FUNC_C_FINDOBJECTSINIT,start); + nssdbg_finish_time(&counter_C_FindObjectsInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_FindObjects = 0; +static PRInt32 calls_C_FindObjects = 0; CK_RV NSSDBGC_FindObjects( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, @@ -1021,17 +955,18 @@ CK_RV NSSDBGC_FindObjects( CK_RV rv; CK_ULONG i; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_FindObjects); PR_LOG(modlog, 1, ("C_FindObjects")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" phObject = 0x%p", phObject)); PR_LOG(modlog, 3, (" ulMaxObjectCount = %d", ulMaxObjectCount)); PR_LOG(modlog, 3, (" pulObjectCount = 0x%p", pulObjectCount)); - nssdbg_start_time(FUNC_C_FINDOBJECTS,&start); + start = PR_IntervalNow(); rv = module_functions->C_FindObjects(hSession, phObject, ulMaxObjectCount, pulObjectCount); - nssdbg_finish_time(FUNC_C_FINDOBJECTS,start); + nssdbg_finish_time(&counter_C_FindObjects,start); PR_LOG(modlog, 4, (" *pulObjectCount = 0x%x", *pulObjectCount)); for (i=0; i<*pulObjectCount; i++) { PR_LOG(modlog, 4, (" phObject[%d] = 0x%x", i, phObject[i])); @@ -1040,21 +975,26 @@ CK_RV NSSDBGC_FindObjects( return rv; } +static PRInt32 counter_C_FindObjectsFinal = 0; +static PRInt32 calls_C_FindObjectsFinal = 0; CK_RV NSSDBGC_FindObjectsFinal( CK_SESSION_HANDLE hSession ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_FindObjectsFinal); PR_LOG(modlog, 1, ("C_FindObjectsFinal")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - nssdbg_start_time(FUNC_C_FINDOBJECTSFINAL,&start); + start = PR_IntervalNow(); rv = module_functions->C_FindObjectsFinal(hSession); - nssdbg_finish_time(FUNC_C_FINDOBJECTSFINAL,start); + nssdbg_finish_time(&counter_C_FindObjectsFinal,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_EncryptInit = 0; +static PRInt32 calls_C_EncryptInit = 0; CK_RV NSSDBGC_EncryptInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1063,20 +1003,23 @@ CK_RV NSSDBGC_EncryptInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_EncryptInit); PR_LOG(modlog, 1, ("C_EncryptInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_ENCRYPTINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_EncryptInit(hSession, pMechanism, hKey); - nssdbg_finish_time(FUNC_C_ENCRYPTINIT,start); + nssdbg_finish_time(&counter_C_EncryptInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Encrypt = 0; +static PRInt32 calls_C_Encrypt = 0; CK_RV NSSDBGC_Encrypt( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, @@ -1087,24 +1030,27 @@ CK_RV NSSDBGC_Encrypt( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Encrypt); PR_LOG(modlog, 1, ("C_Encrypt")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); PR_LOG(modlog, 3, (" pEncryptedData = 0x%p", pEncryptedData)); PR_LOG(modlog, 3, (" pulEncryptedDataLen = 0x%p", pulEncryptedDataLen)); - nssdbg_start_time(FUNC_C_ENCRYPT,&start); + start = PR_IntervalNow(); rv = module_functions->C_Encrypt(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); - nssdbg_finish_time(FUNC_C_ENCRYPT,start); + nssdbg_finish_time(&counter_C_Encrypt,start); PR_LOG(modlog, 4, (" *pulEncryptedDataLen = 0x%x", *pulEncryptedDataLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_EncryptUpdate = 0; +static PRInt32 calls_C_EncryptUpdate = 0; CK_RV NSSDBGC_EncryptUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, @@ -1115,24 +1061,27 @@ CK_RV NSSDBGC_EncryptUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_EncryptUpdate); PR_LOG(modlog, 1, ("C_EncryptUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); PR_LOG(modlog, 3, (" pulEncryptedPartLen = 0x%p", pulEncryptedPartLen)); - nssdbg_start_time(FUNC_C_ENCRYPTUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_EncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - nssdbg_finish_time(FUNC_C_ENCRYPTUPDATE,start); + nssdbg_finish_time(&counter_C_EncryptUpdate,start); PR_LOG(modlog, 4, (" *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_EncryptFinal = 0; +static PRInt32 calls_C_EncryptFinal = 0; CK_RV NSSDBGC_EncryptFinal( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, @@ -1141,20 +1090,23 @@ CK_RV NSSDBGC_EncryptFinal( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_EncryptFinal); PR_LOG(modlog, 1, ("C_EncryptFinal")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pLastEncryptedPart = 0x%p", pLastEncryptedPart)); PR_LOG(modlog, 3, (" pulLastEncryptedPartLen = 0x%p", pulLastEncryptedPartLen)); - nssdbg_start_time(FUNC_C_ENCRYPTFINAL,&start); + start = PR_IntervalNow(); rv = module_functions->C_EncryptFinal(hSession, pLastEncryptedPart, pulLastEncryptedPartLen); - nssdbg_finish_time(FUNC_C_ENCRYPTFINAL,start); + nssdbg_finish_time(&counter_C_EncryptFinal,start); PR_LOG(modlog, 4, (" *pulLastEncryptedPartLen = 0x%x", *pulLastEncryptedPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DecryptInit = 0; +static PRInt32 calls_C_DecryptInit = 0; CK_RV NSSDBGC_DecryptInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1163,20 +1115,23 @@ CK_RV NSSDBGC_DecryptInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DecryptInit); PR_LOG(modlog, 1, ("C_DecryptInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_DECRYPTINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_DecryptInit(hSession, pMechanism, hKey); - nssdbg_finish_time(FUNC_C_DECRYPTINIT,start); + nssdbg_finish_time(&counter_C_DecryptInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Decrypt = 0; +static PRInt32 calls_C_Decrypt = 0; CK_RV NSSDBGC_Decrypt( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, @@ -1187,24 +1142,27 @@ CK_RV NSSDBGC_Decrypt( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Decrypt); PR_LOG(modlog, 1, ("C_Decrypt")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pEncryptedData = 0x%p", pEncryptedData)); PR_LOG(modlog, 3, (" ulEncryptedDataLen = %d", ulEncryptedDataLen)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" pulDataLen = 0x%p", pulDataLen)); - nssdbg_start_time(FUNC_C_DECRYPT,&start); + start = PR_IntervalNow(); rv = module_functions->C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); - nssdbg_finish_time(FUNC_C_DECRYPT,start); + nssdbg_finish_time(&counter_C_Decrypt,start); PR_LOG(modlog, 4, (" *pulDataLen = 0x%x", *pulDataLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DecryptUpdate = 0; +static PRInt32 calls_C_DecryptUpdate = 0; CK_RV NSSDBGC_DecryptUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, @@ -1215,24 +1173,27 @@ CK_RV NSSDBGC_DecryptUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DecryptUpdate); PR_LOG(modlog, 1, ("C_DecryptUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); PR_LOG(modlog, 3, (" ulEncryptedPartLen = %d", ulEncryptedPartLen)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" pulPartLen = 0x%p", pulPartLen)); - nssdbg_start_time(FUNC_C_DECRYPTUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_DecryptUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - nssdbg_finish_time(FUNC_C_DECRYPTUPDATE,start); + nssdbg_finish_time(&counter_C_DecryptUpdate,start); PR_LOG(modlog, 4, (" *pulPartLen = 0x%x", *pulPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DecryptFinal = 0; +static PRInt32 calls_C_DecryptFinal = 0; CK_RV NSSDBGC_DecryptFinal( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, @@ -1241,20 +1202,23 @@ CK_RV NSSDBGC_DecryptFinal( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DecryptFinal); PR_LOG(modlog, 1, ("C_DecryptFinal")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pLastPart = 0x%p", pLastPart)); PR_LOG(modlog, 3, (" pulLastPartLen = 0x%p", pulLastPartLen)); - nssdbg_start_time(FUNC_C_DECRYPTFINAL,&start); + start = PR_IntervalNow(); rv = module_functions->C_DecryptFinal(hSession, pLastPart, pulLastPartLen); - nssdbg_finish_time(FUNC_C_DECRYPTFINAL,start); + nssdbg_finish_time(&counter_C_DecryptFinal,start); PR_LOG(modlog, 4, (" *pulLastPartLen = 0x%x", *pulLastPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DigestInit = 0; +static PRInt32 calls_C_DigestInit = 0; CK_RV NSSDBGC_DigestInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism @@ -1262,18 +1226,21 @@ CK_RV NSSDBGC_DigestInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DigestInit); PR_LOG(modlog, 1, ("C_DigestInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_DIGESTINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_DigestInit(hSession, pMechanism); - nssdbg_finish_time(FUNC_C_DIGESTINIT,start); + nssdbg_finish_time(&counter_C_DigestInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Digest = 0; +static PRInt32 calls_C_Digest = 0; CK_RV NSSDBGC_Digest( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, @@ -1284,24 +1251,27 @@ CK_RV NSSDBGC_Digest( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Digest); PR_LOG(modlog, 1, ("C_Digest")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); PR_LOG(modlog, 3, (" pDigest = 0x%p", pDigest)); PR_LOG(modlog, 3, (" pulDigestLen = 0x%p", pulDigestLen)); - nssdbg_start_time(FUNC_C_DIGEST,&start); + start = PR_IntervalNow(); rv = module_functions->C_Digest(hSession, pData, ulDataLen, pDigest, pulDigestLen); - nssdbg_finish_time(FUNC_C_DIGEST,start); + nssdbg_finish_time(&counter_C_Digest,start); PR_LOG(modlog, 4, (" *pulDigestLen = 0x%x", *pulDigestLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DigestUpdate = 0; +static PRInt32 calls_C_DigestUpdate = 0; CK_RV NSSDBGC_DigestUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, @@ -1310,19 +1280,22 @@ CK_RV NSSDBGC_DigestUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DigestUpdate); PR_LOG(modlog, 1, ("C_DigestUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); - nssdbg_start_time(FUNC_C_DIGESTUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_DigestUpdate(hSession, pPart, ulPartLen); - nssdbg_finish_time(FUNC_C_DIGESTUPDATE,start); + nssdbg_finish_time(&counter_C_DigestUpdate,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DigestKey = 0; +static PRInt32 calls_C_DigestKey = 0; CK_RV NSSDBGC_DigestKey( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey @@ -1330,16 +1303,20 @@ CK_RV NSSDBGC_DigestKey( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DigestKey); PR_LOG(modlog, 1, ("C_DigestKey")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - nssdbg_start_time(FUNC_C_DIGESTKEY,&start); + PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + start = PR_IntervalNow(); rv = module_functions->C_DigestKey(hSession, hKey); - nssdbg_finish_time(FUNC_C_DIGESTKEY,start); + nssdbg_finish_time(&counter_C_DigestKey,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DigestFinal = 0; +static PRInt32 calls_C_DigestFinal = 0; CK_RV NSSDBGC_DigestFinal( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, @@ -1348,20 +1325,23 @@ CK_RV NSSDBGC_DigestFinal( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DigestFinal); PR_LOG(modlog, 1, ("C_DigestFinal")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pDigest = 0x%p", pDigest)); PR_LOG(modlog, 3, (" pulDigestLen = 0x%p", pulDigestLen)); - nssdbg_start_time(FUNC_C_DIGESTFINAL,&start); + start = PR_IntervalNow(); rv = module_functions->C_DigestFinal(hSession, pDigest, pulDigestLen); - nssdbg_finish_time(FUNC_C_DIGESTFINAL,start); + nssdbg_finish_time(&counter_C_DigestFinal,start); PR_LOG(modlog, 4, (" *pulDigestLen = 0x%x", *pulDigestLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SignInit = 0; +static PRInt32 calls_C_SignInit = 0; CK_RV NSSDBGC_SignInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1370,20 +1350,23 @@ CK_RV NSSDBGC_SignInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SignInit); PR_LOG(modlog, 1, ("C_SignInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_SIGNINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_SignInit(hSession, pMechanism, hKey); - nssdbg_finish_time(FUNC_C_SIGNINIT,start); + nssdbg_finish_time(&counter_C_SignInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Sign = 0; +static PRInt32 calls_C_Sign = 0; CK_RV NSSDBGC_Sign( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, @@ -1394,24 +1377,27 @@ CK_RV NSSDBGC_Sign( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Sign); PR_LOG(modlog, 1, ("C_Sign")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); PR_LOG(modlog, 3, (" pulSignatureLen = 0x%p", pulSignatureLen)); - nssdbg_start_time(FUNC_C_SIGN,&start); + start = PR_IntervalNow(); rv = module_functions->C_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen); - nssdbg_finish_time(FUNC_C_SIGN,start); + nssdbg_finish_time(&counter_C_Sign,start); PR_LOG(modlog, 4, (" *pulSignatureLen = 0x%x", *pulSignatureLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SignUpdate = 0; +static PRInt32 calls_C_SignUpdate = 0; CK_RV NSSDBGC_SignUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, @@ -1420,19 +1406,22 @@ CK_RV NSSDBGC_SignUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SignUpdate); PR_LOG(modlog, 1, ("C_SignUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); - nssdbg_start_time(FUNC_C_SIGNUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_SignUpdate(hSession, pPart, ulPartLen); - nssdbg_finish_time(FUNC_C_SIGNUPDATE,start); + nssdbg_finish_time(&counter_C_SignUpdate,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SignFinal = 0; +static PRInt32 calls_C_SignFinal = 0; CK_RV NSSDBGC_SignFinal( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, @@ -1441,20 +1430,23 @@ CK_RV NSSDBGC_SignFinal( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SignFinal); PR_LOG(modlog, 1, ("C_SignFinal")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); PR_LOG(modlog, 3, (" pulSignatureLen = 0x%p", pulSignatureLen)); - nssdbg_start_time(FUNC_C_SIGNFINAL,&start); + start = PR_IntervalNow(); rv = module_functions->C_SignFinal(hSession, pSignature, pulSignatureLen); - nssdbg_finish_time(FUNC_C_SIGNFINAL,start); + nssdbg_finish_time(&counter_C_SignFinal,start); PR_LOG(modlog, 4, (" *pulSignatureLen = 0x%x", *pulSignatureLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SignRecoverInit = 0; +static PRInt32 calls_C_SignRecoverInit = 0; CK_RV NSSDBGC_SignRecoverInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1463,20 +1455,23 @@ CK_RV NSSDBGC_SignRecoverInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SignRecoverInit); PR_LOG(modlog, 1, ("C_SignRecoverInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_SIGNRECOVERINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_SignRecoverInit(hSession, pMechanism, hKey); - nssdbg_finish_time(FUNC_C_SIGNRECOVERINIT,start); + nssdbg_finish_time(&counter_C_SignRecoverInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SignRecover = 0; +static PRInt32 calls_C_SignRecover = 0; CK_RV NSSDBGC_SignRecover( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, @@ -1487,24 +1482,27 @@ CK_RV NSSDBGC_SignRecover( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SignRecover); PR_LOG(modlog, 1, ("C_SignRecover")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); PR_LOG(modlog, 3, (" pulSignatureLen = 0x%p", pulSignatureLen)); - nssdbg_start_time(FUNC_C_SIGNRECOVER,&start); + start = PR_IntervalNow(); rv = module_functions->C_SignRecover(hSession, pData, ulDataLen, pSignature, pulSignatureLen); - nssdbg_finish_time(FUNC_C_SIGNRECOVER,start); + nssdbg_finish_time(&counter_C_SignRecover,start); PR_LOG(modlog, 4, (" *pulSignatureLen = 0x%x", *pulSignatureLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_VerifyInit = 0; +static PRInt32 calls_C_VerifyInit = 0; CK_RV NSSDBGC_VerifyInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1513,20 +1511,23 @@ CK_RV NSSDBGC_VerifyInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_VerifyInit); PR_LOG(modlog, 1, ("C_VerifyInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_VERIFYINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_VerifyInit(hSession, pMechanism, hKey); - nssdbg_finish_time(FUNC_C_VERIFYINIT,start); + nssdbg_finish_time(&counter_C_VerifyInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_Verify = 0; +static PRInt32 calls_C_Verify = 0; CK_RV NSSDBGC_Verify( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, @@ -1537,23 +1538,26 @@ CK_RV NSSDBGC_Verify( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_Verify); PR_LOG(modlog, 1, ("C_Verify")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); PR_LOG(modlog, 3, (" ulSignatureLen = %d", ulSignatureLen)); - nssdbg_start_time(FUNC_C_VERIFY,&start); + start = PR_IntervalNow(); rv = module_functions->C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen); - nssdbg_finish_time(FUNC_C_VERIFY,start); + nssdbg_finish_time(&counter_C_Verify,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_VerifyUpdate = 0; +static PRInt32 calls_C_VerifyUpdate = 0; CK_RV NSSDBGC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, @@ -1562,19 +1566,22 @@ CK_RV NSSDBGC_VerifyUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_VerifyUpdate); PR_LOG(modlog, 1, ("C_VerifyUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); - nssdbg_start_time(FUNC_C_VERIFYUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_VerifyUpdate(hSession, pPart, ulPartLen); - nssdbg_finish_time(FUNC_C_VERIFYUPDATE,start); + nssdbg_finish_time(&counter_C_VerifyUpdate,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_VerifyFinal = 0; +static PRInt32 calls_C_VerifyFinal = 0; CK_RV NSSDBGC_VerifyFinal( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, @@ -1583,19 +1590,22 @@ CK_RV NSSDBGC_VerifyFinal( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_VerifyFinal); PR_LOG(modlog, 1, ("C_VerifyFinal")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); PR_LOG(modlog, 3, (" ulSignatureLen = %d", ulSignatureLen)); - nssdbg_start_time(FUNC_C_VERIFYFINAL,&start); + start = PR_IntervalNow(); rv = module_functions->C_VerifyFinal(hSession, pSignature, ulSignatureLen); - nssdbg_finish_time(FUNC_C_VERIFYFINAL,start); + nssdbg_finish_time(&counter_C_VerifyFinal,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_VerifyRecoverInit = 0; +static PRInt32 calls_C_VerifyRecoverInit = 0; CK_RV NSSDBGC_VerifyRecoverInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1604,20 +1614,23 @@ CK_RV NSSDBGC_VerifyRecoverInit( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_VerifyRecoverInit); PR_LOG(modlog, 1, ("C_VerifyRecoverInit")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_VERIFYRECOVERINIT,&start); + start = PR_IntervalNow(); rv = module_functions->C_VerifyRecoverInit(hSession, pMechanism, hKey); - nssdbg_finish_time(FUNC_C_VERIFYRECOVERINIT,start); + nssdbg_finish_time(&counter_C_VerifyRecoverInit,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_VerifyRecover = 0; +static PRInt32 calls_C_VerifyRecover = 0; CK_RV NSSDBGC_VerifyRecover( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, @@ -1628,24 +1641,27 @@ CK_RV NSSDBGC_VerifyRecover( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_VerifyRecover); PR_LOG(modlog, 1, ("C_VerifyRecover")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); PR_LOG(modlog, 3, (" ulSignatureLen = %d", ulSignatureLen)); PR_LOG(modlog, 3, (" pData = 0x%p", pData)); PR_LOG(modlog, 3, (" pulDataLen = 0x%p", pulDataLen)); - nssdbg_start_time(FUNC_C_VERIFYRECOVER,&start); + start = PR_IntervalNow(); rv = module_functions->C_VerifyRecover(hSession, pSignature, ulSignatureLen, pData, pulDataLen); - nssdbg_finish_time(FUNC_C_VERIFYRECOVER,start); + nssdbg_finish_time(&counter_C_VerifyRecover,start); PR_LOG(modlog, 4, (" *pulDataLen = 0x%x", *pulDataLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DigestEncryptUpdate = 0; +static PRInt32 calls_C_DigestEncryptUpdate = 0; CK_RV NSSDBGC_DigestEncryptUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, @@ -1656,24 +1672,27 @@ CK_RV NSSDBGC_DigestEncryptUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DigestEncryptUpdate); PR_LOG(modlog, 1, ("C_DigestEncryptUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); PR_LOG(modlog, 3, (" pulEncryptedPartLen = 0x%p", pulEncryptedPartLen)); - nssdbg_start_time(FUNC_C_DIGESTENCRYPTUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - nssdbg_finish_time(FUNC_C_DIGESTENCRYPTUPDATE,start); + nssdbg_finish_time(&counter_C_DigestEncryptUpdate,start); PR_LOG(modlog, 4, (" *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DecryptDigestUpdate = 0; +static PRInt32 calls_C_DecryptDigestUpdate = 0; CK_RV NSSDBGC_DecryptDigestUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, @@ -1684,24 +1703,27 @@ CK_RV NSSDBGC_DecryptDigestUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DecryptDigestUpdate); PR_LOG(modlog, 1, ("C_DecryptDigestUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); PR_LOG(modlog, 3, (" ulEncryptedPartLen = %d", ulEncryptedPartLen)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" pulPartLen = 0x%p", pulPartLen)); - nssdbg_start_time(FUNC_C_DECRYPTDIGESTUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_DecryptDigestUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - nssdbg_finish_time(FUNC_C_DECRYPTDIGESTUPDATE,start); + nssdbg_finish_time(&counter_C_DecryptDigestUpdate,start); PR_LOG(modlog, 4, (" *pulPartLen = 0x%x", *pulPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SignEncryptUpdate = 0; +static PRInt32 calls_C_SignEncryptUpdate = 0; CK_RV NSSDBGC_SignEncryptUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, @@ -1712,24 +1734,27 @@ CK_RV NSSDBGC_SignEncryptUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SignEncryptUpdate); PR_LOG(modlog, 1, ("C_SignEncryptUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); PR_LOG(modlog, 3, (" pulEncryptedPartLen = 0x%p", pulEncryptedPartLen)); - nssdbg_start_time(FUNC_C_SIGNENCRYPTUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); - nssdbg_finish_time(FUNC_C_SIGNENCRYPTUPDATE,start); + nssdbg_finish_time(&counter_C_SignEncryptUpdate,start); PR_LOG(modlog, 4, (" *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DecryptVerifyUpdate = 0; +static PRInt32 calls_C_DecryptVerifyUpdate = 0; CK_RV NSSDBGC_DecryptVerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, @@ -1740,24 +1765,27 @@ CK_RV NSSDBGC_DecryptVerifyUpdate( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DecryptVerifyUpdate); PR_LOG(modlog, 1, ("C_DecryptVerifyUpdate")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); PR_LOG(modlog, 3, (" ulEncryptedPartLen = %d", ulEncryptedPartLen)); PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); PR_LOG(modlog, 3, (" pulPartLen = 0x%p", pulPartLen)); - nssdbg_start_time(FUNC_C_DECRYPTVERIFYUPDATE,&start); + start = PR_IntervalNow(); rv = module_functions->C_DecryptVerifyUpdate(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); - nssdbg_finish_time(FUNC_C_DECRYPTVERIFYUPDATE,start); + nssdbg_finish_time(&counter_C_DecryptVerifyUpdate,start); PR_LOG(modlog, 4, (" *pulPartLen = 0x%x", *pulPartLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GenerateKey = 0; +static PRInt32 calls_C_GenerateKey = 0; CK_RV NSSDBGC_GenerateKey( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1768,6 +1796,7 @@ CK_RV NSSDBGC_GenerateKey( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GenerateKey); PR_LOG(modlog, 1, ("C_GenerateKey")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); @@ -1776,18 +1805,20 @@ CK_RV NSSDBGC_GenerateKey( PR_LOG(modlog, 3, (" phKey = 0x%p", phKey)); print_template(pTemplate, ulCount); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_GENERATEKEY,&start); + start = PR_IntervalNow(); rv = module_functions->C_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey); - nssdbg_finish_time(FUNC_C_GENERATEKEY,start); + nssdbg_finish_time(&counter_C_GenerateKey,start); PR_LOG(modlog, 4, (" *phKey = 0x%x", *phKey)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GenerateKeyPair = 0; +static PRInt32 calls_C_GenerateKeyPair = 0; CK_RV NSSDBGC_GenerateKeyPair( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1801,6 +1832,7 @@ CK_RV NSSDBGC_GenerateKeyPair( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GenerateKeyPair); PR_LOG(modlog, 1, ("C_GenerateKeyPair")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); @@ -1813,7 +1845,7 @@ CK_RV NSSDBGC_GenerateKeyPair( print_template(pPublicKeyTemplate, ulPublicKeyAttributeCount); print_template(pPrivateKeyTemplate, ulPrivateKeyAttributeCount); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_GENERATEKEYPAIR,&start); + start = PR_IntervalNow(); rv = module_functions->C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, @@ -1822,13 +1854,15 @@ CK_RV NSSDBGC_GenerateKeyPair( ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); - nssdbg_finish_time(FUNC_C_GENERATEKEYPAIR,start); + nssdbg_finish_time(&counter_C_GenerateKeyPair,start); PR_LOG(modlog, 4, (" *phPublicKey = 0x%x", *phPublicKey)); PR_LOG(modlog, 4, (" *phPrivateKey = 0x%x", *phPrivateKey)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_WrapKey = 0; +static PRInt32 calls_C_WrapKey = 0; CK_RV NSSDBGC_WrapKey( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1840,6 +1874,7 @@ CK_RV NSSDBGC_WrapKey( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_WrapKey); PR_LOG(modlog, 1, ("C_WrapKey")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); @@ -1848,19 +1883,21 @@ CK_RV NSSDBGC_WrapKey( PR_LOG(modlog, 3, (" pWrappedKey = 0x%p", pWrappedKey)); PR_LOG(modlog, 3, (" pulWrappedKeyLen = 0x%p", pulWrappedKeyLen)); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_WRAPKEY,&start); + start = PR_IntervalNow(); rv = module_functions->C_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen); - nssdbg_finish_time(FUNC_C_WRAPKEY,start); + nssdbg_finish_time(&counter_C_WrapKey,start); PR_LOG(modlog, 4, (" *pulWrappedKeyLen = 0x%x", *pulWrappedKeyLen)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_UnwrapKey = 0; +static PRInt32 calls_C_UnwrapKey = 0; CK_RV NSSDBGC_UnwrapKey( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1874,6 +1911,7 @@ CK_RV NSSDBGC_UnwrapKey( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_UnwrapKey); PR_LOG(modlog, 1, ("C_UnwrapKey")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); @@ -1885,7 +1923,7 @@ CK_RV NSSDBGC_UnwrapKey( PR_LOG(modlog, 3, (" phKey = 0x%p", phKey)); print_template(pTemplate, ulAttributeCount); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_UNWRAPKEY,&start); + start = PR_IntervalNow(); rv = module_functions->C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, @@ -1894,12 +1932,14 @@ CK_RV NSSDBGC_UnwrapKey( pTemplate, ulAttributeCount, phKey); - nssdbg_finish_time(FUNC_C_UNWRAPKEY,start); + nssdbg_finish_time(&counter_C_UnwrapKey,start); PR_LOG(modlog, 4, (" *phKey = 0x%x", *phKey)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_DeriveKey = 0; +static PRInt32 calls_C_DeriveKey = 0; CK_RV NSSDBGC_DeriveKey( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, @@ -1911,6 +1951,7 @@ CK_RV NSSDBGC_DeriveKey( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_DeriveKey); PR_LOG(modlog, 1, ("C_DeriveKey")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); @@ -1920,19 +1961,21 @@ CK_RV NSSDBGC_DeriveKey( PR_LOG(modlog, 3, (" phKey = 0x%p", phKey)); print_template(pTemplate, ulAttributeCount); print_mechanism(pMechanism); - nssdbg_start_time(FUNC_C_DERIVEKEY,&start); + start = PR_IntervalNow(); rv = module_functions->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey); - nssdbg_finish_time(FUNC_C_DERIVEKEY,start); + nssdbg_finish_time(&counter_C_DeriveKey,start); PR_LOG(modlog, 4, (" *phKey = 0x%x", *phKey)); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_SeedRandom = 0; +static PRInt32 calls_C_SeedRandom = 0; CK_RV NSSDBGC_SeedRandom( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, @@ -1941,19 +1984,22 @@ CK_RV NSSDBGC_SeedRandom( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_SeedRandom); PR_LOG(modlog, 1, ("C_SeedRandom")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" pSeed = 0x%p", pSeed)); PR_LOG(modlog, 3, (" ulSeedLen = %d", ulSeedLen)); - nssdbg_start_time(FUNC_C_SEEDRANDOM,&start); + start = PR_IntervalNow(); rv = module_functions->C_SeedRandom(hSession, pSeed, ulSeedLen); - nssdbg_finish_time(FUNC_C_SEEDRANDOM,start); + nssdbg_finish_time(&counter_C_SeedRandom,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GenerateRandom = 0; +static PRInt32 calls_C_GenerateRandom = 0; CK_RV NSSDBGC_GenerateRandom( CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData, @@ -1962,49 +2008,58 @@ CK_RV NSSDBGC_GenerateRandom( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GenerateRandom); PR_LOG(modlog, 1, ("C_GenerateRandom")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); PR_LOG(modlog, 3, (" RandomData = 0x%p", RandomData)); PR_LOG(modlog, 3, (" ulRandomLen = %d", ulRandomLen)); - nssdbg_start_time(FUNC_C_GENERATERANDOM,&start); + start = PR_IntervalNow(); rv = module_functions->C_GenerateRandom(hSession, RandomData, ulRandomLen); - nssdbg_finish_time(FUNC_C_GENERATERANDOM,start); + nssdbg_finish_time(&counter_C_GenerateRandom,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_GetFunctionStatus = 0; +static PRInt32 calls_C_GetFunctionStatus = 0; CK_RV NSSDBGC_GetFunctionStatus( CK_SESSION_HANDLE hSession ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_GetFunctionStatus); PR_LOG(modlog, 1, ("C_GetFunctionStatus")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - nssdbg_start_time(FUNC_C_GETFUNCTIONSTATUS,&start); + start = PR_IntervalNow(); rv = module_functions->C_GetFunctionStatus(hSession); - nssdbg_finish_time(FUNC_C_GETFUNCTIONSTATUS,start); + nssdbg_finish_time(&counter_C_GetFunctionStatus,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_CancelFunction = 0; +static PRInt32 calls_C_CancelFunction = 0; CK_RV NSSDBGC_CancelFunction( CK_SESSION_HANDLE hSession ) { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_CancelFunction); PR_LOG(modlog, 1, ("C_CancelFunction")); PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - nssdbg_start_time(FUNC_C_CANCELFUNCTION,&start); + start = PR_IntervalNow(); rv = module_functions->C_CancelFunction(hSession); - nssdbg_finish_time(FUNC_C_CANCELFUNCTION,start); + nssdbg_finish_time(&counter_C_CancelFunction,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } +static PRInt32 counter_C_WaitForSlotEvent = 0; +static PRInt32 calls_C_WaitForSlotEvent = 0; CK_RV NSSDBGC_WaitForSlotEvent( CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, @@ -2013,15 +2068,16 @@ CK_RV NSSDBGC_WaitForSlotEvent( { CK_RV rv; PRIntervalTime start; + PR_AtomicIncrement(&calls_C_WaitForSlotEvent); PR_LOG(modlog, 1, ("C_WaitForSlotEvent")); PR_LOG(modlog, 3, (" flags = 0x%x", flags)); PR_LOG(modlog, 3, (" pSlot = 0x%p", pSlot)); PR_LOG(modlog, 3, (" pRserved = 0x%p", pRserved)); - nssdbg_start_time(FUNC_C_WAITFORSLOTEVENT,&start); + start = PR_IntervalNow(); rv = module_functions->C_WaitForSlotEvent(flags, pSlot, pRserved); - nssdbg_finish_time(FUNC_C_WAITFORSLOTEVENT,start); + nssdbg_finish_time(&counter_C_WaitForSlotEvent,start); PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); return rv; } @@ -2103,63 +2159,15 @@ CK_FUNCTION_LIST_PTR nss_InsertDeviceLog( return &debug_functions; } -/* - * scale the time factor up accordingly. - * This routine tries to keep at least 2 significant figures on output. - * If the time is 0, then indicate that with a 'z' for units. - * If the time is greater than 10 minutes, output the time in minutes. - * If the time is less than 10 minutes but greater than 10 seconds output - * the time in second. - * If the time is less than 10 seconds but greater than 10 milliseconds - * output * the time in millisecond. - * If the time is less than 10 milliseconds but greater than 0 ticks output - * the time in microsecond. - * - */ -static PRUint32 getPrintTime(PRIntervalTime time ,char **type) -{ - PRUint32 prTime; - - /* detect a programming error by outputting 'bu' to the output stream - * rather than crashing */ - *type = "bug"; - if (time == 0) { - *type = "z"; - return 0; - } - - prTime = PR_IntervalToSeconds(time); - - if (prTime >= 600) { - *type="m"; - return prTime/60; - } - if (prTime >= 10) { - *type="s"; - return prTime; - } - prTime = PR_IntervalToMilliseconds(time); - if (prTime >= 10) { - *type="ms"; - return prTime; - } - *type = "us"; - return PR_IntervalToMicroseconds(time); -} - static void print_final_statistics(void) { int total_calls = 0; - PRIntervalTime total_time = 0; - PRUint32 pr_total_time; - char *type; + PRInt32 total_time = 0; char *fname; FILE *outfile = NULL; - int i; fname = PR_GetEnv("NSS_OUTPUT_FILE"); if (fname) { - /* need to add an optional process id to the filename */ outfile = fopen(fname,"w+"); } if (!outfile) { @@ -2167,40 +2175,692 @@ static void print_final_statistics(void) } - fprintf(outfile,"%-25s %10s %12s %12s %10s\n", "Function", "# Calls", - "Time", "Avg.", "% Time"); - fprintf(outfile,"\n"); - for (i=0; i < nssdbg_prof_size; i++) { - total_calls += nssdbg_prof_data[i].calls; - total_time += nssdbg_prof_data[i].time; - } - for (i=0; i < nssdbg_prof_size; i++) { - PRIntervalTime time = nssdbg_prof_data[i].time; - PRUint32 usTime = PR_IntervalToMicroseconds(time); - PRUint32 prTime = 0; - PRUint32 calls = nssdbg_prof_data[i].calls; - /* don't print out functions that weren't even called */ - if (calls == 0) { - continue; - } - - prTime = getPrintTime(time,&type); - - fprintf(outfile,"%-25s %10d %10d%2s ", nssdbg_prof_data[i].function, - calls, prTime, type); - /* for now always output the average in microseconds */ - fprintf(outfile,"%10.2f%2s", (float)usTime / (float)calls, "us" ); - fprintf(outfile,"%10.2f%%", ((float)time / (float)total_time) * 100); - fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10s %11s %10s %10s\n", "Function", "# Calls", "Time (ms)", "Avg. (ms)", "% Time"); + fprintf(outfile,"\n"); + total_calls += calls_C_CancelFunction; + total_time += counter_C_CancelFunction; + total_calls += calls_C_CloseAllSessions; + total_time += counter_C_CloseAllSessions; + total_calls += calls_C_CloseSession; + total_time += counter_C_CloseSession; + total_calls += calls_C_CopyObject; + total_time += counter_C_CopyObject; + total_calls += calls_C_CreateObject; + total_time += counter_C_CreateObject; + total_calls += calls_C_Decrypt; + total_time += counter_C_Decrypt; + total_calls += calls_C_DecryptDigestUpdate; + total_time += counter_C_DecryptDigestUpdate; + total_calls += calls_C_DecryptFinal; + total_time += counter_C_DecryptFinal; + total_calls += calls_C_DecryptInit; + total_time += counter_C_DecryptInit; + total_calls += calls_C_DecryptUpdate; + total_time += counter_C_DecryptUpdate; + total_calls += calls_C_DecryptVerifyUpdate; + total_time += counter_C_DecryptVerifyUpdate; + total_calls += calls_C_DeriveKey; + total_time += counter_C_DeriveKey; + total_calls += calls_C_DestroyObject; + total_time += counter_C_DestroyObject; + total_calls += calls_C_Digest; + total_time += counter_C_Digest; + total_calls += calls_C_DigestEncryptUpdate; + total_time += counter_C_DigestEncryptUpdate; + total_calls += calls_C_DigestFinal; + total_time += counter_C_DigestFinal; + total_calls += calls_C_DigestInit; + total_time += counter_C_DigestInit; + total_calls += calls_C_DigestKey; + total_time += counter_C_DigestKey; + total_calls += calls_C_DigestUpdate; + total_time += counter_C_DigestUpdate; + total_calls += calls_C_Encrypt; + total_time += counter_C_Encrypt; + total_calls += calls_C_EncryptFinal; + total_time += counter_C_EncryptFinal; + total_calls += calls_C_EncryptInit; + total_time += counter_C_EncryptInit; + total_calls += calls_C_EncryptUpdate; + total_time += counter_C_EncryptUpdate; + total_calls += calls_C_Finalize; + total_time += counter_C_Finalize; + total_calls += calls_C_FindObjects; + total_time += counter_C_FindObjects; + total_calls += calls_C_FindObjectsFinal; + total_time += counter_C_FindObjectsFinal; + total_calls += calls_C_FindObjectsInit; + total_time += counter_C_FindObjectsInit; + total_calls += calls_C_GenerateKey; + total_time += counter_C_GenerateKey; + total_calls += calls_C_GenerateKeyPair; + total_time += counter_C_GenerateKeyPair; + total_calls += calls_C_GenerateRandom; + total_time += counter_C_GenerateRandom; + total_calls += calls_C_GetAttributeValue; + total_time += counter_C_GetAttributeValue; + total_calls += calls_C_GetFunctionList; + total_time += counter_C_GetFunctionList; + total_calls += calls_C_GetFunctionStatus; + total_time += counter_C_GetFunctionStatus; + total_calls += calls_C_GetInfo; + total_time += counter_C_GetInfo; + total_calls += calls_C_GetMechanismInfo; + total_time += counter_C_GetMechanismInfo; + total_calls += calls_C_GetMechanismList; + total_time += counter_C_GetMechanismList; + total_calls += calls_C_GetObjectSize; + total_time += counter_C_GetObjectSize; + total_calls += calls_C_GetOperationState; + total_time += counter_C_GetOperationState; + total_calls += calls_C_GetSessionInfo; + total_time += counter_C_GetSessionInfo; + total_calls += calls_C_GetSlotInfo; + total_time += counter_C_GetSlotInfo; + total_calls += calls_C_GetSlotList; + total_time += counter_C_GetSlotList; + total_calls += calls_C_GetTokenInfo; + total_time += counter_C_GetTokenInfo; + total_calls += calls_C_InitPIN; + total_time += counter_C_InitPIN; + total_calls += calls_C_InitToken; + total_time += counter_C_InitToken; + total_calls += calls_C_Initialize; + total_time += counter_C_Initialize; + total_calls += calls_C_Login; + total_time += counter_C_Login; + total_calls += calls_C_Logout; + total_time += counter_C_Logout; + total_calls += calls_C_OpenSession; + total_time += counter_C_OpenSession; + total_calls += calls_C_SeedRandom; + total_time += counter_C_SeedRandom; + total_calls += calls_C_SetAttributeValue; + total_time += counter_C_SetAttributeValue; + total_calls += calls_C_SetOperationState; + total_time += counter_C_SetOperationState; + total_calls += calls_C_SetPIN; + total_time += counter_C_SetPIN; + total_calls += calls_C_Sign; + total_time += counter_C_Sign; + total_calls += calls_C_SignEncryptUpdate; + total_time += counter_C_SignEncryptUpdate; + total_calls += calls_C_SignFinal; + total_time += counter_C_SignFinal; + total_calls += calls_C_SignInit; + total_time += counter_C_SignInit; + total_calls += calls_C_SignRecover; + total_time += counter_C_SignRecover; + total_calls += calls_C_SignRecoverInit; + total_time += counter_C_SignRecoverInit; + total_calls += calls_C_SignUpdate; + total_time += counter_C_SignUpdate; + total_calls += calls_C_UnwrapKey; + total_time += counter_C_UnwrapKey; + total_calls += calls_C_Verify; + total_time += counter_C_Verify; + total_calls += calls_C_VerifyFinal; + total_time += counter_C_VerifyFinal; + total_calls += calls_C_VerifyInit; + total_time += counter_C_VerifyInit; + total_calls += calls_C_VerifyRecover; + total_time += counter_C_VerifyRecover; + total_calls += calls_C_VerifyRecoverInit; + total_time += counter_C_VerifyRecoverInit; + total_calls += calls_C_VerifyUpdate; + total_time += counter_C_VerifyUpdate; + total_calls += calls_C_WaitForSlotEvent; + total_time += counter_C_WaitForSlotEvent; + total_calls += calls_C_WrapKey; + total_time += counter_C_WrapKey; + fprintf(outfile,"%-25s %10d %10d ", "C_CancelFunction", calls_C_CancelFunction, counter_C_CancelFunction); + if (calls_C_CancelFunction > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_CancelFunction / (float)calls_C_CancelFunction); + } else { + fprintf(outfile,"%10.2f", 0.0); } + fprintf(outfile,"%10.2f", (float)counter_C_CancelFunction / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_CloseAllSessions", calls_C_CloseAllSessions, counter_C_CloseAllSessions); + if (calls_C_CloseAllSessions > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_CloseAllSessions / (float)calls_C_CloseAllSessions); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_CloseAllSessions / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_CloseSession", calls_C_CloseSession, counter_C_CloseSession); + if (calls_C_CloseSession > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_CloseSession / (float)calls_C_CloseSession); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_CloseSession / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_CopyObject", calls_C_CopyObject, counter_C_CopyObject); + if (calls_C_CopyObject > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_CopyObject / (float)calls_C_CopyObject); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_CopyObject / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_CreateObject", calls_C_CreateObject, counter_C_CreateObject); + if (calls_C_CreateObject > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_CreateObject / (float)calls_C_CreateObject); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_CreateObject / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Decrypt", calls_C_Decrypt, counter_C_Decrypt); + if (calls_C_Decrypt > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Decrypt / (float)calls_C_Decrypt); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Decrypt / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DecryptDigestUpdate", calls_C_DecryptDigestUpdate, counter_C_DecryptDigestUpdate); + if (calls_C_DecryptDigestUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DecryptDigestUpdate / (float)calls_C_DecryptDigestUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DecryptDigestUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DecryptFinal", calls_C_DecryptFinal, counter_C_DecryptFinal); + if (calls_C_DecryptFinal > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DecryptFinal / (float)calls_C_DecryptFinal); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DecryptFinal / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DecryptInit", calls_C_DecryptInit, counter_C_DecryptInit); + if (calls_C_DecryptInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DecryptInit / (float)calls_C_DecryptInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DecryptInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DecryptUpdate", calls_C_DecryptUpdate, counter_C_DecryptUpdate); + if (calls_C_DecryptUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DecryptUpdate / (float)calls_C_DecryptUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DecryptUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DecryptVerifyUpdate", calls_C_DecryptVerifyUpdate, counter_C_DecryptVerifyUpdate); + if (calls_C_DecryptVerifyUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DecryptVerifyUpdate / (float)calls_C_DecryptVerifyUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DecryptVerifyUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DeriveKey", calls_C_DeriveKey, counter_C_DeriveKey); + if (calls_C_DeriveKey > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DeriveKey / (float)calls_C_DeriveKey); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DeriveKey / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DestroyObject", calls_C_DestroyObject, counter_C_DestroyObject); + if (calls_C_DestroyObject > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DestroyObject / (float)calls_C_DestroyObject); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DestroyObject / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Digest", calls_C_Digest, counter_C_Digest); + if (calls_C_Digest > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Digest / (float)calls_C_Digest); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Digest / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DigestEncryptUpdate", calls_C_DigestEncryptUpdate, counter_C_DigestEncryptUpdate); + if (calls_C_DigestEncryptUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DigestEncryptUpdate / (float)calls_C_DigestEncryptUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DigestEncryptUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DigestFinal", calls_C_DigestFinal, counter_C_DigestFinal); + if (calls_C_DigestFinal > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DigestFinal / (float)calls_C_DigestFinal); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DigestFinal / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DigestInit", calls_C_DigestInit, counter_C_DigestInit); + if (calls_C_DigestInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DigestInit / (float)calls_C_DigestInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DigestInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DigestKey", calls_C_DigestKey, counter_C_DigestKey); + if (calls_C_DigestKey > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DigestKey / (float)calls_C_DigestKey); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DigestKey / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_DigestUpdate", calls_C_DigestUpdate, counter_C_DigestUpdate); + if (calls_C_DigestUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_DigestUpdate / (float)calls_C_DigestUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_DigestUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Encrypt", calls_C_Encrypt, counter_C_Encrypt); + if (calls_C_Encrypt > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Encrypt / (float)calls_C_Encrypt); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Encrypt / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_EncryptFinal", calls_C_EncryptFinal, counter_C_EncryptFinal); + if (calls_C_EncryptFinal > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_EncryptFinal / (float)calls_C_EncryptFinal); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_EncryptFinal / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_EncryptInit", calls_C_EncryptInit, counter_C_EncryptInit); + if (calls_C_EncryptInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_EncryptInit / (float)calls_C_EncryptInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_EncryptInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_EncryptUpdate", calls_C_EncryptUpdate, counter_C_EncryptUpdate); + if (calls_C_EncryptUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_EncryptUpdate / (float)calls_C_EncryptUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_EncryptUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Finalize", calls_C_Finalize, counter_C_Finalize); + if (calls_C_Finalize > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Finalize / (float)calls_C_Finalize); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Finalize / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_FindObjects", calls_C_FindObjects, counter_C_FindObjects); + if (calls_C_FindObjects > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_FindObjects / (float)calls_C_FindObjects); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_FindObjects / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_FindObjectsFinal", calls_C_FindObjectsFinal, counter_C_FindObjectsFinal); + if (calls_C_FindObjectsFinal > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_FindObjectsFinal / (float)calls_C_FindObjectsFinal); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_FindObjectsFinal / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_FindObjectsInit", calls_C_FindObjectsInit, counter_C_FindObjectsInit); + if (calls_C_FindObjectsInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_FindObjectsInit / (float)calls_C_FindObjectsInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_FindObjectsInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GenerateKey", calls_C_GenerateKey, counter_C_GenerateKey); + if (calls_C_GenerateKey > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GenerateKey / (float)calls_C_GenerateKey); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GenerateKey / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GenerateKeyPair", calls_C_GenerateKeyPair, counter_C_GenerateKeyPair); + if (calls_C_GenerateKeyPair > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GenerateKeyPair / (float)calls_C_GenerateKeyPair); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GenerateKeyPair / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GenerateRandom", calls_C_GenerateRandom, counter_C_GenerateRandom); + if (calls_C_GenerateRandom > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GenerateRandom / (float)calls_C_GenerateRandom); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GenerateRandom / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetAttributeValue", calls_C_GetAttributeValue, counter_C_GetAttributeValue); + if (calls_C_GetAttributeValue > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetAttributeValue / (float)calls_C_GetAttributeValue); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetAttributeValue / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetFunctionList", calls_C_GetFunctionList, counter_C_GetFunctionList); + if (calls_C_GetFunctionList > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetFunctionList / (float)calls_C_GetFunctionList); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetFunctionList / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetFunctionStatus", calls_C_GetFunctionStatus, counter_C_GetFunctionStatus); + if (calls_C_GetFunctionStatus > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetFunctionStatus / (float)calls_C_GetFunctionStatus); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetFunctionStatus / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetInfo", calls_C_GetInfo, counter_C_GetInfo); + if (calls_C_GetInfo > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetInfo / (float)calls_C_GetInfo); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetInfo / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetMechanismInfo", calls_C_GetMechanismInfo, counter_C_GetMechanismInfo); + if (calls_C_GetMechanismInfo > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetMechanismInfo / (float)calls_C_GetMechanismInfo); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetMechanismInfo / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetMechanismList", calls_C_GetMechanismList, counter_C_GetMechanismList); + if (calls_C_GetMechanismList > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetMechanismList / (float)calls_C_GetMechanismList); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetMechanismList / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetObjectSize", calls_C_GetObjectSize, counter_C_GetObjectSize); + if (calls_C_GetObjectSize > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetObjectSize / (float)calls_C_GetObjectSize); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetObjectSize / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetOperationState", calls_C_GetOperationState, counter_C_GetOperationState); + if (calls_C_GetOperationState > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetOperationState / (float)calls_C_GetOperationState); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetOperationState / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetSessionInfo", calls_C_GetSessionInfo, counter_C_GetSessionInfo); + if (calls_C_GetSessionInfo > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetSessionInfo / (float)calls_C_GetSessionInfo); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetSessionInfo / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetSlotInfo", calls_C_GetSlotInfo, counter_C_GetSlotInfo); + if (calls_C_GetSlotInfo > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetSlotInfo / (float)calls_C_GetSlotInfo); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetSlotInfo / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetSlotList", calls_C_GetSlotList, counter_C_GetSlotList); + if (calls_C_GetSlotList > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetSlotList / (float)calls_C_GetSlotList); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetSlotList / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_GetTokenInfo", calls_C_GetTokenInfo, counter_C_GetTokenInfo); + if (calls_C_GetTokenInfo > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_GetTokenInfo / (float)calls_C_GetTokenInfo); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_GetTokenInfo / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_InitPIN", calls_C_InitPIN, counter_C_InitPIN); + if (calls_C_InitPIN > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_InitPIN / (float)calls_C_InitPIN); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_InitPIN / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_InitToken", calls_C_InitToken, counter_C_InitToken); + if (calls_C_InitToken > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_InitToken / (float)calls_C_InitToken); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_InitToken / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Initialize", calls_C_Initialize, counter_C_Initialize); + if (calls_C_Initialize > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Initialize / (float)calls_C_Initialize); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Initialize / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Login", calls_C_Login, counter_C_Login); + if (calls_C_Login > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Login / (float)calls_C_Login); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Login / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Logout", calls_C_Logout, counter_C_Logout); + if (calls_C_Logout > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Logout / (float)calls_C_Logout); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Logout / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_OpenSession", calls_C_OpenSession, counter_C_OpenSession); + if (calls_C_OpenSession > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_OpenSession / (float)calls_C_OpenSession); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_OpenSession / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SeedRandom", calls_C_SeedRandom, counter_C_SeedRandom); + if (calls_C_SeedRandom > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SeedRandom / (float)calls_C_SeedRandom); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SeedRandom / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SetAttributeValue", calls_C_SetAttributeValue, counter_C_SetAttributeValue); + if (calls_C_SetAttributeValue > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SetAttributeValue / (float)calls_C_SetAttributeValue); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SetAttributeValue / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SetOperationState", calls_C_SetOperationState, counter_C_SetOperationState); + if (calls_C_SetOperationState > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SetOperationState / (float)calls_C_SetOperationState); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SetOperationState / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SetPIN", calls_C_SetPIN, counter_C_SetPIN); + if (calls_C_SetPIN > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SetPIN / (float)calls_C_SetPIN); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SetPIN / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Sign", calls_C_Sign, counter_C_Sign); + if (calls_C_Sign > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Sign / (float)calls_C_Sign); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Sign / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SignEncryptUpdate", calls_C_SignEncryptUpdate, counter_C_SignEncryptUpdate); + if (calls_C_SignEncryptUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SignEncryptUpdate / (float)calls_C_SignEncryptUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SignEncryptUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SignFinal", calls_C_SignFinal, counter_C_SignFinal); + if (calls_C_SignFinal > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SignFinal / (float)calls_C_SignFinal); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SignFinal / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SignInit", calls_C_SignInit, counter_C_SignInit); + if (calls_C_SignInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SignInit / (float)calls_C_SignInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SignInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SignRecover", calls_C_SignRecover, counter_C_SignRecover); + if (calls_C_SignRecover > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SignRecover / (float)calls_C_SignRecover); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SignRecover / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SignRecoverInit", calls_C_SignRecoverInit, counter_C_SignRecoverInit); + if (calls_C_SignRecoverInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SignRecoverInit / (float)calls_C_SignRecoverInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SignRecoverInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_SignUpdate", calls_C_SignUpdate, counter_C_SignUpdate); + if (calls_C_SignUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_SignUpdate / (float)calls_C_SignUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_SignUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_UnwrapKey", calls_C_UnwrapKey, counter_C_UnwrapKey); + if (calls_C_UnwrapKey > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_UnwrapKey / (float)calls_C_UnwrapKey); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_UnwrapKey / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_Verify", calls_C_Verify, counter_C_Verify); + if (calls_C_Verify > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_Verify / (float)calls_C_Verify); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_Verify / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_VerifyFinal", calls_C_VerifyFinal, counter_C_VerifyFinal); + if (calls_C_VerifyFinal > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_VerifyFinal / (float)calls_C_VerifyFinal); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_VerifyFinal / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_VerifyInit", calls_C_VerifyInit, counter_C_VerifyInit); + if (calls_C_VerifyInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_VerifyInit / (float)calls_C_VerifyInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_VerifyInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_VerifyRecover", calls_C_VerifyRecover, counter_C_VerifyRecover); + if (calls_C_VerifyRecover > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_VerifyRecover / (float)calls_C_VerifyRecover); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_VerifyRecover / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_VerifyRecoverInit", calls_C_VerifyRecoverInit, counter_C_VerifyRecoverInit); + if (calls_C_VerifyRecoverInit > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_VerifyRecoverInit / (float)calls_C_VerifyRecoverInit); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_VerifyRecoverInit / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_VerifyUpdate", calls_C_VerifyUpdate, counter_C_VerifyUpdate); + if (calls_C_VerifyUpdate > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_VerifyUpdate / (float)calls_C_VerifyUpdate); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_VerifyUpdate / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_WaitForSlotEvent", calls_C_WaitForSlotEvent, counter_C_WaitForSlotEvent); + if (calls_C_WaitForSlotEvent > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_WaitForSlotEvent / (float)calls_C_WaitForSlotEvent); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_WaitForSlotEvent / (float)total_time * 100); + fprintf(outfile,"\n"); + fprintf(outfile,"%-25s %10d %10d ", "C_WrapKey", calls_C_WrapKey, counter_C_WrapKey); + if (calls_C_WrapKey > 0) { + fprintf(outfile,"%10.2f", (float)counter_C_WrapKey / (float)calls_C_WrapKey); + } else { + fprintf(outfile,"%10.2f", 0.0); + } + fprintf(outfile,"%10.2f", (float)counter_C_WrapKey / (float)total_time * 100); + fprintf(outfile,"\n"); fprintf(outfile,"\n"); - pr_total_time = getPrintTime(total_time,&type); - - fprintf(outfile,"%25s %10d %10d%2s\n", "Totals", total_calls, - pr_total_time, type); - fprintf(outfile,"\n\nMaximum number of concurrent open sessions: %d\n\n", - maxOpenSessions); + fprintf(outfile,"%25s %10d %10d\n", "Totals", total_calls, total_time); + fprintf(outfile,"\n\nMaximum number of concurrent open sessions: %d\n\n", maxOpenSessions); fflush (outfile); if (outfile != stdout) { fclose(outfile); diff --git a/security/nss/lib/pk11wrap/manifest.mn b/security/nss/lib/pk11wrap/manifest.mn index 49d7f3b6e..d4abd9917 100644 --- a/security/nss/lib/pk11wrap/manifest.mn +++ b/security/nss/lib/pk11wrap/manifest.mn @@ -42,6 +42,8 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ + secmodi.h \ + secmodti.h \ pk11init.h \ dev3hack.h \ $(NULL) diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index abc8e55df..ae4164da6 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -43,6 +43,7 @@ #include "pkcs11.h" #include "pk11func.h" #include "cert.h" +#include "certi.h" #include "secitem.h" #include "key.h" #include "hasht.h" @@ -2153,11 +2154,16 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien for (i=0; (ri = recipientlist[i]) != NULL; i++) { CERTCertificate *cert = NULL; - /* XXXXX fixme - not yet implemented! */ - if (ri->kind == RLSubjKeyID) - continue; - cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, - pwarg); + if (ri->kind == RLSubjKeyID) { + SECItem *derCert = cert_FindDERCertBySubjectKeyID(ri->id.subjectKeyID); + if (derCert) { + cert = PK11_FindCertFromDERCertItem(slot, derCert, pwarg); + SECITEM_FreeItem(derCert, PR_TRUE); + } + } else { + cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, + pwarg); + } if (cert) { /* this isn't our cert */ if ((cert->trust == NULL) || @@ -2169,7 +2175,6 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien *rlIndex = i; return cert; } - } *rlIndex = -1; return NULL; @@ -2335,6 +2340,34 @@ loser: return NULL; } +static SECMODCallOnceType keyIDHashCallOnce; + +static SECStatus PR_CALLBACK +pk11_keyIDHash_populate(void *wincx) +{ + CERTCertList *certList; + CERTCertListNode *node = NULL; + SECItem subjKeyID = {siBuffer, NULL, 0}; + + certList = PK11_ListCerts(PK11CertListUser, wincx); + if (!certList) { + return SECFailure; + } + + for (node = CERT_LIST_HEAD(certList); + !CERT_LIST_END(node, certList); + node = CERT_LIST_NEXT(node)) { + if (CERT_FindSubjectKeyIDExtension(node->cert, + &subjKeyID) == SECSuccess && + subjKeyID.data != NULL) { + cert_AddSubjectKeyIDMapping(&subjKeyID, node->cert); + SECITEM_FreeItem(&subjKeyID, PR_FALSE); + } + } + CERT_DestroyCertList(certList); + return SECSuccess; +} + /* * This is the new version of the above function for NSS SMIME code * this stuff should REALLY be in the SMIME code, but some things in here are not public @@ -2345,8 +2378,13 @@ PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist, void *win { CERTCertificate *cert; NSSCMSRecipient *rl; + SECStatus srv; int rlIndex; + srv = SECMOD_CallOnce(&keyIDHashCallOnce, pk11_keyIDHash_populate, wincx); + if (srv != SECSuccess) + return -1; + cert = pk11_AllFindCertObjectByRecipientNew(recipientlist, wincx, &rlIndex); if (!cert) { return -1; @@ -2888,43 +2926,21 @@ CERTCertificate * PK11_FindCertFromDERCert(PK11SlotInfo *slot, CERTCertificate *cert, void *wincx) { -#ifdef NSS_CLASSIC - CK_OBJECT_CLASS certClass = CKO_CERTIFICATE; - CK_ATTRIBUTE theTemplate[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_CLASS, NULL, 0 } - }; - /* if you change the array, change the variable below as well */ - int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); - CK_OBJECT_HANDLE certh; - CK_ATTRIBUTE *attrs = theTemplate; - SECStatus rv; - - PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data, - cert->derCert.len); attrs++; - PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass)); + return PK11_FindCertFromDERCertItem(slot, &cert->derCert, wincx); +} - /* - * issue the find - */ - if ( !PK11_IsFriendly(slot)) { - rv = PK11_Authenticate(slot, PR_TRUE, wincx); - if (rv != SECSuccess) return NULL; - } +CERTCertificate * +PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, SECItem *inDerCert, + void *wincx) - certh = pk11_getcerthandle(slot,cert,theTemplate,tsize); - if (certh == CK_INVALID_HANDLE) { - return NULL; - } - return PK11_MakeCertFromHandle(slot, certh, NULL); -#else +{ CERTCertificate *rvCert = NULL; NSSCertificate *c; NSSDER derCert; NSSToken *tok; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); tok = PK11Slot_GetNSSToken(slot); - NSSITEM_FROM_SECITEM(&derCert, &cert->derCert); + NSSITEM_FROM_SECITEM(&derCert, inDerCert); if (!PK11_IsFriendly(slot)) { if (PK11_Authenticate(slot, PR_TRUE, wincx) != SECSuccess) { PK11_FreeSlot(slot); @@ -2954,7 +2970,6 @@ PK11_FindCertFromDERCert(PK11SlotInfo *slot, CERTCertificate *cert, rvCert = STAN_GetCERTCertificate(c); } return rvCert; -#endif } /* mcgreer 3.4 -- nobody uses this, ignoring */ @@ -4137,3 +4152,54 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url, } return (crl); } + +/* + * This code takes the NSPR CallOnce functionality and modifies it so + * that we can pass an argument to our function + */ +static struct { + PRLock *ml; + PRCondVar *cv; +} mod_init; + +void SECMOD_InitCallOnce(void) { + mod_init.ml = PR_NewLock(); + PORT_Assert(NULL != mod_init.ml); + mod_init.cv = PR_NewCondVar(mod_init.ml); + PORT_Assert(NULL != mod_init.cv); +} + +void SECMOD_CleanupCallOnce() +{ + if (mod_init.ml) { + PR_DestroyLock(mod_init.ml); + mod_init.ml = NULL; + } + if (mod_init.cv) { + PR_DestroyCondVar(mod_init.cv); + mod_init.cv = NULL; + } +} + +SECStatus SECMOD_CallOnce(SECMODCallOnceType *once, + SECMODCallOnceFN func, + void *arg) +{ + + if (!once->initialized) { + if (PR_AtomicSet(&once->inProgress, 1) == 0) { + once->status = (PRStatus)(*func)(arg); + PR_Lock(mod_init.ml); + once->initialized = 1; + PR_NotifyAllCondVar(mod_init.cv); + PR_Unlock(mod_init.ml); + } else { + PR_Lock(mod_init.ml); + while (!once->initialized) { + PR_WaitCondVar(mod_init.cv, PR_INTERVAL_NO_TIMEOUT); + } + PR_Unlock(mod_init.ml); + } + } + return once->status; +} diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h index 0a450659c..f80d99bda 100644 --- a/security/nss/lib/pk11wrap/pk11func.h +++ b/security/nss/lib/pk11wrap/pk11func.h @@ -66,7 +66,6 @@ PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list, * Generic Slot Management ************************************************************/ PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot); -PK11SlotInfo *PK11_FindSlotByID(SECMODModuleID modID,CK_SLOT_ID slotID); void PK11_FreeSlot(PK11SlotInfo *slot); SECStatus PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object); SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object); @@ -131,6 +130,7 @@ SECStatus pk11_CheckVerifyTest(PK11SlotInfo *slot); SECStatus PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts); SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx); void PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot); +SECStatus PK11_TokenRefresh(PK11SlotInfo *slot); /****************************************************************** @@ -461,6 +461,8 @@ SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert, void *arg); CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot, CERTCertificate *cert, void *wincx); +CERTCertificate *PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, + SECItem *derCert, void *wincx); CERTCertificate *PK11_FindCertFromDERSubjectAndNickname( PK11SlotInfo *slot, CERTCertificate *cert, char *nickname, diff --git a/security/nss/lib/pk11wrap/pk11init.h b/security/nss/lib/pk11wrap/pk11init.h index d62ee88e0..d16fe6174 100644 --- a/security/nss/lib/pk11wrap/pk11init.h +++ b/security/nss/lib/pk11wrap/pk11init.h @@ -58,7 +58,5 @@ struct PK11PreSlotInfoStr { #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1) #define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module" #define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3) -extern void PK11SDR_Init(void); -extern void PK11SDR_Shutdown(void); #endif /* _PK11_INIT_H_ 1 */ diff --git a/security/nss/lib/pk11wrap/pk11sdr.c b/security/nss/lib/pk11wrap/pk11sdr.c index faea0d39b..f615e2ae1 100644 --- a/security/nss/lib/pk11wrap/pk11sdr.c +++ b/security/nss/lib/pk11wrap/pk11sdr.c @@ -41,7 +41,6 @@ #include "pkcs11.h" #include "pk11func.h" #include "pk11sdr.h" -#include "pk11init.h" /* * Data structure and template for encoding the result of an SDR operation diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 2a7e86dcd..f4291f10a 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -949,40 +949,42 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, unsigned int PK11_GetKeyLength(PK11SymKey *key) { - if (key->size != 0) return key->size ; + CK_KEY_TYPE keyType; + + if (key->size != 0) return key->size; + + /* First try to figure out the key length from its type */ + keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE); + switch (keyType) { + case CKK_DES: key->size = 8; break; + case CKK_DES2: key->size = 16; break; + case CKK_DES3: key->size = 24; break; + case CKK_SKIPJACK: key->size = 10; break; + case CKK_BATON: key->size = 20; break; + case CKK_JUNIPER: key->size = 20; break; + case CKK_GENERIC_SECRET: + if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN) { + key->size=48; + } + break; + default: break; + } + if( key->size != 0 ) return key->size; + if (key->data.data == NULL) { PK11_ExtractKeyValue(key); } - /* key is probably secret. Look up it's type and length */ + /* key is probably secret. Look up its length */ /* this is new PKCS #11 version 2.0 functionality. */ if (key->size == 0) { CK_ULONG keyLength; keyLength = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_VALUE_LEN); - /* doesn't have a length field, check the known PKCS #11 key types, - * which don't have this field */ - if (keyLength == CK_UNAVAILABLE_INFORMATION) { - CK_KEY_TYPE keyType; - keyType = PK11_ReadULongAttribute(key->slot,key->objectID,CKA_KEY_TYPE); - switch (keyType) { - case CKK_DES: key->size = 8; break; - case CKK_DES2: key->size = 16; break; - case CKK_DES3: key->size = 24; break; - case CKK_SKIPJACK: key->size = 10; break; - case CKK_BATON: key->size = 20; break; - case CKK_JUNIPER: key->size = 20; break; - case CKK_GENERIC_SECRET: - if (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN) { - key->size=48; - } - break; - default: break; - } - } else { + if (keyLength != CK_UNAVAILABLE_INFORMATION) { key->size = (unsigned int)keyLength; } } - + return key->size; } @@ -1375,6 +1377,7 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param, if (isToken) { PK11_Authenticate(symKey->slot,PR_TRUE,wincx); session = PK11_GetRWSession(symKey->slot); /* Should always be original slot */ + symKey->owner = PR_FALSE; } else { session = symKey->session; pk11_EnterKeyMonitor(symKey); @@ -4123,6 +4126,9 @@ finalize: } if (crv != CKR_OK) { + if (buffer != stackBuf) { + PORT_Free(buffer); + } if (crv == CKR_OPERATION_NOT_INITIALIZED) { /* if there's no operation, it is finalized */ return SECSuccess; @@ -4132,13 +4138,20 @@ finalize: } /* try to finalize the session with a buffer */ - if (buffer == NULL && count > 0) { - if (count < sizeof stackBuf) { + if (buffer == NULL) { + if (count <= sizeof stackBuf) { buffer = stackBuf; - goto finalize; } else { - return SECFailure; + buffer = PORT_Alloc(count); + if (buffer == NULL) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } } + goto finalize; + } + if (buffer != stackBuf) { + PORT_Free(buffer); } return SECSuccess; } diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index c87e9400b..56fe6ac49 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -1849,6 +1849,45 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) return SECSuccess; } +/* + * initialize a new token + * unlike initialize slot, this can be called multiple times in the lifetime + * of NSS. It reads the information associated with a card or token, + * that is not going to change unless the card or token changes. + */ +SECStatus +PK11_TokenRefresh(PK11SlotInfo *slot) +{ + CK_TOKEN_INFO tokenInfo; + CK_RV crv; + SECStatus rv; + + /* set the slot flags to the current token values */ + if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo); + if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + if (crv != CKR_OK) { + PORT_SetError(PK11_MapError(crv)); + return SECFailure; + } + + slot->flags = tokenInfo.flags; + slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ? + PR_TRUE : PR_FALSE); + slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ? + PR_TRUE : PR_FALSE); + slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE); + slot->protectedAuthPath = + ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + ? PR_TRUE : PR_FALSE); + /* on some platforms Active Card incorrectly sets the + * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */ + if (slot->isActiveCard) { + slot->protectedAuthPath = PR_FALSE; + } + return SECSuccess; +} + static PRBool pk11_isRootSlot(PK11SlotInfo *slot) { @@ -4639,7 +4678,7 @@ PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event, if (timeout == PR_INTERVAL_NO_WAIT) { return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved; } - if (timeout == PR_INTERVAL_NO_TIMEOUT ) { + if (timeout != PR_INTERVAL_NO_TIMEOUT ) { interval = PR_IntervalNow(); if (!first_time_set) { first_time = interval; diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h index 050f7de4f..8541b1b6f 100644 --- a/security/nss/lib/pk11wrap/secmodi.h +++ b/security/nss/lib/pk11wrap/secmodi.h @@ -107,6 +107,26 @@ SECStatus PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session, SECStatus pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech); SECStatus PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param, PRArenaPool *arena, SECAlgorithmID *algId); + +extern void pk11sdr_Init(void); +extern void pk11sdr_Shutdown(void); + +typedef struct SECMODCallOnceType { + PRIntn initialized; + PRInt32 inProgress; + SECStatus status; +} SECMODCallOnceType; + +typedef SECStatus (PR_CALLBACK *SECMODCallOnceFN)(void *arg); + +extern void SECMOD_InitCallOnce(); + +extern SECStatus SECMOD_CallOnce(SECMODCallOnceType *once, + SECMODCallOnceFN func, + void *arg); + +extern void SECMOD_CleanupCallOnce(); + SEC_END_PROTOS #endif diff --git a/security/nss/lib/pki/cryptocontext.c b/security/nss/lib/pki/cryptocontext.c index e8ea8cf73..f1cac0d87 100644 --- a/security/nss/lib/pki/cryptocontext.c +++ b/security/nss/lib/pki/cryptocontext.c @@ -89,11 +89,15 @@ NSSCryptoContext_Destroy ( NSSCryptoContext *cc ) { + PRStatus status = PR_SUCCESS; if (cc->certStore) { - nssCertificateStore_Destroy(cc->certStore); + status = nssCertificateStore_Destroy(cc->certStore); + if (status == PR_FAILURE) { + return status; + } } nssArena_Destroy(cc->arena); - return PR_SUCCESS; + return status; } NSS_IMPLEMENT PRStatus diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 1d06b7f34..ae096667d 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -87,6 +87,8 @@ STAN_GetDefaultCryptoContext() return g_default_crypto_context; } +extern const NSSError NSS_ERROR_ALREADY_INITIALIZED; + NSS_IMPLEMENT PRStatus STAN_LoadDefaultNSS3TrustDomain ( void @@ -98,6 +100,11 @@ STAN_LoadDefaultNSS3TrustDomain ( SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock(); int i; + if (g_default_trust_domain || g_default_crypto_context) { + /* Stan is already initialized or a previous shutdown failed. */ + nss_SetError(NSS_ERROR_ALREADY_INITIALIZED); + return PR_FAILURE; + } td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); if (!td) { return PR_FAILURE; @@ -160,15 +167,25 @@ STAN_RemoveModuleFromDefaultTrustDomain ( return SECSuccess; } -NSS_IMPLEMENT void +NSS_IMPLEMENT PRStatus STAN_Shutdown() { + PRStatus status = PR_SUCCESS; if (g_default_trust_domain) { - NSSTrustDomain_Destroy(g_default_trust_domain); + if (NSSTrustDomain_Destroy(g_default_trust_domain) == PR_SUCCESS) { + g_default_trust_domain = NULL; + } else { + status = PR_FAILURE; + } } if (g_default_crypto_context) { - NSSCryptoContext_Destroy(g_default_crypto_context); + if (NSSCryptoContext_Destroy(g_default_crypto_context) == PR_SUCCESS) { + g_default_crypto_context = NULL; + } else { + status = PR_FAILURE; + } } + return status; } /* this function should not be a hack; it will be needed in 4.0 (rename) */ @@ -248,7 +265,7 @@ nss3certificate_matchIdentifier(nssDecodedCert *dc, void *id) /* keyIdentifier */ if (authKeyID->keyID.len > 0) { - if (CERT_FindSubjectKeyIDExten(c, &skid) == SECSuccess) { + if (CERT_FindSubjectKeyIDExtension(c, &skid) == SECSuccess) { PRBool skiEqual; skiEqual = SECITEM_ItemsAreEqual(&authKeyID->keyID, &skid); PORT_Free(skid.data); diff --git a/security/nss/lib/pki/pki3hack.h b/security/nss/lib/pki/pki3hack.h index 7343b52f2..da68269c3 100644 --- a/security/nss/lib/pki/pki3hack.h +++ b/security/nss/lib/pki/pki3hack.h @@ -72,7 +72,7 @@ STAN_LoadDefaultNSS3TrustDomain void ); -NSS_EXTERN void +NSS_EXTERN PRStatus STAN_Shutdown(); NSS_EXTERN SECStatus diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 6f76699e5..545f3fe25 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -720,7 +720,8 @@ find_object_in_collection ( static pkiObjectCollectionNode * add_object_instance ( nssPKIObjectCollection *collection, - nssCryptokiObject *instance + nssCryptokiObject *instance, + PRBool *foundIt ) { PRUint32 i; @@ -734,12 +735,14 @@ add_object_instance ( * for unique identifier is done. Here, a match means this exact object * instance is already in the collection, and we have nothing to do. */ + *foundIt = PR_FALSE; node = find_instance_in_collection(collection, instance); if (node) { /* The collection is assumed to take over the instance. Since we * are not using it, it must be destroyed. */ nssCryptokiObject_Destroy(instance); + *foundIt = PR_TRUE; return node; } mark = nssArena_Mark(collection->arena); @@ -798,13 +801,14 @@ nssPKIObjectCollection_AddInstances ( { PRStatus status = PR_SUCCESS; PRUint32 i = 0; + PRBool foundIt; pkiObjectCollectionNode *node; if (instances) { for (; *instances; instances++, i++) { if (numInstances > 0 && i == numInstances) { break; } - node = add_object_instance(collection, *instances); + node = add_object_instance(collection, *instances, &foundIt); if (node == NULL) { goto loser; } @@ -917,7 +921,8 @@ nssPKIObjectCollection_AddInstanceAsObject ( ) { pkiObjectCollectionNode *node; - node = add_object_instance(collection, instance); + PRBool foundIt; + node = add_object_instance(collection, instance, &foundIt); if (node == NULL) { return PR_FAILURE; } @@ -931,11 +936,14 @@ nssPKIObjectCollection_AddInstanceAsObject ( node->haveObject = PR_TRUE; } #ifdef NSS_3_4_CODE - else { + else if (!foundIt) { /* The instance was added to a pre-existing node. This * function is *only* being used for certificates, and having * multiple instances of certs in 3.X requires updating the * CERTCertificate. + * But only do it if it was a new instance!!! If the same instance + * is encountered, we set *foundIt to true. Detect that here and + * ignore it. */ STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object); } diff --git a/security/nss/lib/pki/pkistore.c b/security/nss/lib/pki/pkistore.c index 9d843312c..08250db63 100644 --- a/security/nss/lib/pki/pkistore.c +++ b/security/nss/lib/pki/pkistore.c @@ -160,11 +160,17 @@ loser: return NULL; } -NSS_IMPLEMENT void +extern const NSSError NSS_ERROR_BUSY; + +NSS_IMPLEMENT PRStatus nssCertificateStore_Destroy ( nssCertificateStore *store ) { + if (nssHash_Count(store->issuer_and_serial) > 0) { + nss_SetError(NSS_ERROR_BUSY); + return PR_FAILURE; + } PZ_DestroyLock(store->lock); nssHash_Destroy(store->issuer_and_serial); nssHash_Destroy(store->subject); @@ -173,6 +179,7 @@ nssCertificateStore_Destroy ( } else { nss_ZFreeIf(store); } + return PR_SUCCESS; } static PRStatus diff --git a/security/nss/lib/pki/pkistore.h b/security/nss/lib/pki/pkistore.h index 175298891..0fd9e679d 100644 --- a/security/nss/lib/pki/pkistore.h +++ b/security/nss/lib/pki/pkistore.h @@ -72,7 +72,7 @@ nssCertificateStore_Create NSSArena *arenaOpt ); -NSS_EXTERN void +NSS_EXTERN PRStatus nssCertificateStore_Destroy ( nssCertificateStore *store diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 8f88899e1..1f1d3fa97 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -234,12 +234,20 @@ loser: * clean shutdown, it is necessary for there to be no certs in the cache. */ +extern const NSSError NSS_ERROR_INTERNAL_ERROR; +extern const NSSError NSS_ERROR_BUSY; + NSS_IMPLEMENT PRStatus nssTrustDomain_DestroyCache ( NSSTrustDomain *td ) { if (!td->cache) { + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + return PR_FAILURE; + } + if (nssHash_Count(td->cache->issuerAndSN) > 0) { + nss_SetError(NSS_ERROR_BUSY); return PR_FAILURE; } PZ_DestroyLock(td->cache->lock); diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index d26e4ec76..a023ce3f8 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -116,6 +116,7 @@ NSSTrustDomain_Destroy ( NSSTrustDomain *td ) { + PRStatus status = PR_SUCCESS; if (--td->refCount == 0) { /* Destroy each token in the list of tokens */ if (td->tokens) { @@ -123,11 +124,14 @@ NSSTrustDomain_Destroy ( nssList_Clear(td->tokenList, token_destructor); nssList_Destroy(td->tokenList); } - nssTrustDomain_DestroyCache(td); + status = nssTrustDomain_DestroyCache(td); + if (status == PR_FAILURE) { + return status; + } /* Destroy the trust domain */ nssArena_Destroy(td->arena); } - return PR_SUCCESS; + return status; } /* XXX uses tokens until slot list is in place */ diff --git a/security/nss/lib/pki1/config.mk b/security/nss/lib/pki1/config.mk index d4162dee3..4d255c57b 100644 --- a/security/nss/lib/pki1/config.mk +++ b/security/nss/lib/pki1/config.mk @@ -41,7 +41,7 @@ endif # are specifed as dependencies within rules.mk. # -TARGETS = +TARGETS = $(LIBRARY) SHARED_LIBRARY = IMPORT_LIBRARY = PROGRAM = diff --git a/security/nss/lib/pki1/manifest.mn b/security/nss/lib/pki1/manifest.mn index 23f9cfc52..2a70cf4fa 100644 --- a/security/nss/lib/pki1/manifest.mn +++ b/security/nss/lib/pki1/manifest.mn @@ -48,8 +48,7 @@ EXPORTS = \ MODULE = nss -CSRCS = $(NULL) -xCSRCS = \ +CSRCS = \ atav.c \ genname.c \ gnseq.c \ @@ -62,4 +61,4 @@ xCSRCS = \ REQUIRES = nspr -#LIBRARY_NAME = pki1 +LIBRARY_NAME = pki1 diff --git a/security/nss/lib/smime/cms.h b/security/nss/lib/smime/cms.h index 7035a3265..e5ce768c4 100644 --- a/security/nss/lib/smime/cms.h +++ b/security/nss/lib/smime/cms.h @@ -859,6 +859,15 @@ NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd); extern NSSCMSRecipientInfo * NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert); +extern NSSCMSRecipientInfo * +NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, + SECItem *subjKeyID, + SECKEYPublicKey *pubKey); + +extern NSSCMSRecipientInfo * +NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg, + CERTCertificate *cert); + extern void NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri); diff --git a/security/nss/lib/smime/cmsencdata.c b/security/nss/lib/smime/cmsencdata.c index fdfa0a2b9..99e591b88 100644 --- a/security/nss/lib/smime/cmsencdata.c +++ b/security/nss/lib/smime/cmsencdata.c @@ -161,6 +161,7 @@ NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd) /* store the bulk key in the contentInfo so that the encoder can find it */ NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey); + PK11_FreeSymKey(bulkkey); return SECSuccess; } diff --git a/security/nss/lib/smime/cmslocal.h b/security/nss/lib/smime/cmslocal.h index e7f15c4e1..962871804 100644 --- a/security/nss/lib/smime/cmslocal.h +++ b/security/nss/lib/smime/cmslocal.h @@ -161,8 +161,14 @@ NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output, * according to PKCS#1 and RFC2633 (S/MIME) */ extern SECStatus -NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key, - SECItem *encKey); +NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, + PK11SymKey *key, + SECItem *encKey); + +extern SECStatus +NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp, + SECKEYPublicKey *publickey, + PK11SymKey *bulkkey, SECItem *encKey); /* * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key diff --git a/security/nss/lib/smime/cmspubkey.c b/security/nss/lib/smime/cmspubkey.c index 3e06da556..1cf0336e4 100644 --- a/security/nss/lib/smime/cmspubkey.c +++ b/security/nss/lib/smime/cmspubkey.c @@ -56,29 +56,43 @@ * according to PKCS#1 and RFC2633 (S/MIME) */ SECStatus -NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *bulkkey, - SECItem *encKey) +NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, + PK11SymKey *bulkkey, + SECItem *encKey) { - SECOidTag certalgtag; /* the certificate's encryption algorithm */ - SECOidTag encalgtag; /* the algorithm used for key exchange/agreement */ SECStatus rv; SECKEYPublicKey *publickey; + + publickey = CERT_ExtractPublicKey(cert); + if (publickey == NULL) + return SECFailure; + + rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, publickey, bulkkey, encKey); + SECKEY_DestroyPublicKey(publickey); + return rv; +} + +SECStatus +NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp, + SECKEYPublicKey *publickey, + PK11SymKey *bulkkey, SECItem *encKey) +{ + SECStatus rv; int data_len; + KeyType keyType; void *mark = NULL; - /* sanity check */ - certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); - PORT_Assert(certalgtag == SEC_OID_PKCS1_RSA_ENCRYPTION); - encalgtag = SEC_OID_PKCS1_RSA_ENCRYPTION; - publickey = CERT_ExtractPublicKey(cert); - if (publickey == NULL) - goto loser; - mark = PORT_ArenaMark(poolp); if (!mark) goto loser; + /* sanity check */ + keyType = SECKEY_GetPublicKeyType(publickey); + PORT_Assert(keyType == rsaKey); + if (keyType != rsaKey) { + goto loser; + } /* allocate memory for the encrypted key */ data_len = SECKEY_PublicKeyStrength(publickey); /* block size (assumed to be > keylen) */ encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, data_len); @@ -90,7 +104,6 @@ NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, PK11Sym rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION), publickey, bulkkey, encKey); - SECKEY_DestroyPublicKey(publickey); if (rv != SECSuccess) goto loser; diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index dfe05a07a..fd1491219 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -47,14 +47,24 @@ #include "pk11func.h" #include "secerr.h" -/* - * NSS_CMSRecipientInfo_Create - create a recipientinfo - * - * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys - * the certificate is supposed to have been verified by the caller - */ +PRBool +nss_cmsrecipientinfo_usessubjectkeyid(NSSCMSRecipientInfo *ri) +{ + if (ri->recipientInfoType == NSSCMSRecipientInfoID_KeyTrans) { + NSSCMSRecipientIdentifier *rid; + rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier; + if (rid->identifierType == NSSCMSRecipientID_SubjectKeyID) { + return PR_TRUE; + } + } + return PR_FALSE; +} + + NSSCMSRecipientInfo * -NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert) +nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg, NSSCMSRecipientIDSelector type, + CERTCertificate *cert, SECKEYPublicKey *pubKey, + SECItem *subjKeyID) { NSSCMSRecipientInfo *ri; void *mark; @@ -65,6 +75,8 @@ NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert) unsigned long version; SECItem *dummy; PLArenaPool *poolp; + CERTSubjectPublicKeyInfo *spki, *freeSpki = NULL; + NSSCMSRecipientIdentifier *rid; poolp = cmsg->poolp; @@ -75,26 +87,64 @@ NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert) goto loser; ri->cmsg = cmsg; - ri->cert = CERT_DupCertificate(cert); - if (ri->cert == NULL) - goto loser; + if (type == NSSCMSRecipientID_IssuerSN) { + ri->cert = CERT_DupCertificate(cert); + if (ri->cert == NULL) + goto loser; + spki = &(cert->subjectPublicKeyInfo); + } else { + PORT_Assert(pubKey); + spki = freeSpki = SECKEY_CreateSubjectPublicKeyInfo(pubKey); + } - certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); + certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); + rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier; switch (certalgtag) { case SEC_OID_PKCS1_RSA_ENCRYPTION: ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans; - /* hardcoded issuerSN choice for now */ - ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType = NSSCMSRecipientID_IssuerSN; - ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert); - if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) { + rid->identifierType = type; + if (type == NSSCMSRecipientID_IssuerSN) { + rid->id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert); + if (rid->id.issuerAndSN == NULL) { + break; + } + } else if (type == NSSCMSRecipientID_SubjectKeyID){ + NSSCMSKeyTransRecipientInfoEx *riExtra; + + rid->id.subjectKeyID = PORT_ArenaNew(poolp, SECItem); + if (rid->id.subjectKeyID == NULL) { + rv = SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + break; + } + SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID); + if (rid->id.subjectKeyID->data == NULL) { + rv = SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + break; + } + riExtra = &ri->ri.keyTransRecipientInfoEx; + riExtra->version = 0; + riExtra->pubKey = SECKEY_CopyPublicKey(pubKey); + if (riExtra->pubKey == NULL) { + rv = SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + break; + } + } else { + PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; - break; } break; case SEC_OID_MISSI_KEA_DSS_OLD: case SEC_OID_MISSI_KEA_DSS: case SEC_OID_MISSI_KEA: + PORT_Assert(type != NSSCMSRecipientID_SubjectKeyID); + if (type == NSSCMSRecipientID_SubjectKeyID) { + rv = SECFailure; + break; + } /* backward compatibility - this is not really a keytrans operation */ ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans; /* hardcoded issuerSN choice for now */ @@ -106,6 +156,11 @@ NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert) } break; case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */ + PORT_Assert(type != NSSCMSRecipientID_SubjectKeyID); + if (type == NSSCMSRecipientID_SubjectKeyID) { + rv = SECFailure; + break; + } /* a key agreement op */ ri->recipientInfoType = NSSCMSRecipientInfoID_KeyAgree; @@ -184,13 +239,70 @@ NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert) } PORT_ArenaUnmark (poolp, mark); + if (freeSpki) + SECKEY_DestroySubjectPublicKeyInfo(freeSpki); return ri; loser: + if (freeSpki) + SECKEY_DestroySubjectPublicKeyInfo(freeSpki); PORT_ArenaRelease (poolp, mark); return NULL; } +/* + * NSS_CMSRecipientInfo_Create - create a recipientinfo + * + * we currently do not create KeyAgreement recipientinfos with multiple + * recipientEncryptedKeys the certificate is supposed to have been + * verified by the caller + */ +NSSCMSRecipientInfo * +NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert) +{ + return nss_cmsrecipientinfo_create(cmsg, NSSCMSRecipientID_IssuerSN, cert, + NULL, NULL); +} + +NSSCMSRecipientInfo * +NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, + SECItem *subjKeyID, + SECKEYPublicKey *pubKey) +{ + return nss_cmsrecipientinfo_create(cmsg, NSSCMSRecipientID_SubjectKeyID, + NULL, pubKey, subjKeyID); +} + +NSSCMSRecipientInfo * +NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg, + CERTCertificate *cert) +{ + SECKEYPublicKey *pubKey = NULL; + SECItem subjKeyID = {siBuffer, NULL, 0}; + NSSCMSRecipientInfo *retVal = NULL; + + if (!cmsg || !cert) { + return NULL; + } + pubKey = CERT_ExtractPublicKey(cert); + if (!pubKey) { + goto done; + } + if (CERT_FindSubjectKeyIDExtension(cert, &subjKeyID) != SECSuccess || + subjKeyID.data == NULL) { + goto done; + } + retVal = NSS_CMSRecipientInfo_CreateWithSubjKeyID(cmsg, &subjKeyID, pubKey); +done: + if (pubKey) + SECKEY_DestroyPublicKey(pubKey); + + if (subjKeyID.data) + SECITEM_FreeItem(&subjKeyID, PR_FALSE); + + return retVal; +} + void NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri) { @@ -198,6 +310,14 @@ NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri) /* issuerAndSN was allocated on the pool, so no need to destroy it */ if (ri->cert != NULL) CERT_DestroyCertificate(ri->cert); + + if (nss_cmsrecipientinfo_usessubjectkeyid(ri)) { + NSSCMSKeyTransRecipientInfoEx *extra; + extra = &ri->ri.keyTransRecipientInfoEx; + if (extra->pubKey) + SECKEY_DestroyPublicKey(extra->pubKey); + } + /* recipientInfo structure itself was allocated on the pool, so no need to destroy it */ /* we're done. */ } @@ -275,7 +395,8 @@ NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri) } SECStatus -NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, SECOidTag bulkalgtag) +NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, + SECOidTag bulkalgtag) { CERTCertificate *cert; SECOidTag certalgtag; @@ -283,24 +404,49 @@ NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, S SECItem *params = NULL; NSSCMSRecipientEncryptedKey *rek; NSSCMSOriginatorIdentifierOrKey *oiok; + CERTSubjectPublicKeyInfo *spki, *freeSpki = NULL; PLArenaPool *poolp; + NSSCMSKeyTransRecipientInfoEx *extra; + PRBool usesSubjKeyID; poolp = ri->cmsg->poolp; cert = ri->cert; - PORT_Assert (cert != NULL); - if (cert == NULL) + usesSubjKeyID = nss_cmsrecipientinfo_usessubjectkeyid(ri); + if (cert) { + spki = &cert->subjectPublicKeyInfo; + certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm)); + } else if (usesSubjKeyID) { + extra = &ri->ri.keyTransRecipientInfoEx; + /* sanity check */ + PORT_Assert(extra->pubKey); + if (!extra->pubKey) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + spki = freeSpki = SECKEY_CreateSubjectPublicKeyInfo(extra->pubKey); + certalgtag = SECOID_GetAlgorithmTag(&spki->algorithm); + } else { + PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; + } /* XXX set ri->recipientInfoType to the proper value here */ /* or should we look if it's been set already ? */ - certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm)); + certalgtag = SECOID_GetAlgorithmTag(&spki->algorithm); switch (certalgtag) { case SEC_OID_PKCS1_RSA_ENCRYPTION: /* wrap the symkey */ - if (NSS_CMSUtil_EncryptSymKey_RSA(poolp, cert, bulkkey, &ri->ri.keyTransRecipientInfo.encKey) != SECSuccess) { - rv = SECFailure; - break; + if (cert) { + rv = NSS_CMSUtil_EncryptSymKey_RSA(poolp, cert, bulkkey, + &ri->ri.keyTransRecipientInfo.encKey); + if (rv != SECSuccess) + break; + } else if (usesSubjKeyID) { + rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, extra->pubKey, + bulkkey, &ri->ri.keyTransRecipientInfo.encKey); + if (rv != SECSuccess) + break; } rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, NULL); @@ -353,6 +499,9 @@ NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, S rv = SECFailure; break; } + if (freeSpki) + SECKEY_DestroySubjectPublicKeyInfo(freeSpki); + return rv; } diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index 03a37cda1..82c32be9f 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -460,20 +460,100 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb, SECCertUsage certusage, PRBool keepcerts) { int certcount; + CERTCertificate **certArray = NULL; + CERTCertList *certList = NULL; + CERTCertListNode *node; SECStatus rv; + SECItem **rawArray; int i; + PRTime now; certcount = NSS_CMSArray_Count((void **)sigd->rawCerts); - rv = CERT_ImportCerts(certdb, certusage, certcount, sigd->rawCerts, NULL, - keepcerts, PR_FALSE, NULL); + /* get the certs in the temp DB */ + rv = CERT_ImportCerts(certdb, certusage, certcount, sigd->rawCerts, + &certArray, PR_FALSE, PR_FALSE, NULL); + if (rv != SECSuccess) { + goto loser; + } + + if (!keepcerts) { + goto done; + } + + /* build a CertList for filtering */ + certList = CERT_NewCertList(); + if (certList == NULL) { + rv = SECFailure; + goto loser; + } + for (i=0; i < certcount; i++) { + CERTCertificate *cert = CERT_DupCertificate(certArray[i]); + CERT_AddCertToListTail(certList,cert); + } + + /* filter out the certs we don't want */ + rv = CERT_FilterCertListByUsage(certList,certusage, PR_FALSE); + if (rv != SECSuccess) { + goto loser; + } + + /* go down the remaining list of certs and verify that they have + * valid chains, then import them. + */ + now = PR_Now(); + for (node = CERT_LIST_HEAD(certList) ; !CERT_LIST_END(node,certList); + node= CERT_LIST_NEXT(node)) { + CERTCertificateList *certChain; + + if (CERT_VerifyCert(certdb, node->cert, + PR_TRUE, certusage, now, NULL, NULL) != SECSuccess) { + continue; + } + + certChain = CERT_CertChainFromCert(node->cert, certusage, PR_FALSE); + if (!certChain) { + continue; + } + + /* + * CertChain returns an array of SECItems, import expects an array of + * SECItem pointers. Create the SECItem Pointers from the array of + * SECItems. + */ + rawArray = (SECItem **)PORT_Alloc(certChain->len*sizeof (SECItem *)); + if (!rawArray) { + CERT_DestroyCertificateList(certChain); + continue; + } + for (i=0; i < certChain->len; i++) { + rawArray[i] = &certChain->certs[i]; + } + (void )CERT_ImportCerts(certdb, certusage, certChain->len, + rawArray, NULL, keepcerts, PR_FALSE, NULL); + PORT_Free(rawArray); + CERT_DestroyCertificateList(certChain); + } + + rv = SECSuccess; /* XXX CRL handling */ +done: if (sigd->signerInfos != NULL) { /* fill in all signerinfo's certs */ for (i = 0; sigd->signerInfos[i] != NULL; i++) - (void)NSS_CMSSignerInfo_GetSigningCertificate(sigd->signerInfos[i], certdb); + (void)NSS_CMSSignerInfo_GetSigningCertificate( + sigd->signerInfos[i], certdb); + } + +loser: + /* now free everything */ + if (certArray) { + CERT_DestroyCertArray(certArray,certcount); + } + if (certList) { + CERT_DestroyCertList(certList); } return rv; @@ -531,6 +611,7 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, SECStatus rv = SECSuccess; int i; int count; + PRTime now; if (!sigd || !certdb || !sigd->rawCerts) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -538,6 +619,7 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, } count = NSS_CMSArray_Count((void**)sigd->rawCerts); + now = PR_Now(); for (i=0; i < count; i++) { if (sigd->certs && sigd->certs[i]) { cert = CERT_DupCertificate(sigd->certs[i]); @@ -548,7 +630,7 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, break; } } - rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, PR_Now(), + rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, now, NULL, NULL); CERT_DestroyCertificate(cert); } diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c index a9c46d07e..bbc6f630b 100644 --- a/security/nss/lib/smime/cmssiginfo.c +++ b/security/nss/lib/smime/cmssiginfo.c @@ -566,6 +566,7 @@ CERTCertificate * NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb) { CERTCertificate *cert; + NSSCMSSignerIdentifier *sid; if (signerinfo->cert != NULL) return signerinfo->cert; @@ -580,16 +581,13 @@ NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDB * we leave this function -- we let the clean-up of the entire * cinfo structure later do the destroy of this cert. */ - switch (signerinfo->signerIdentifier.identifierType) { + sid = &signerinfo->signerIdentifier; + switch (sid->identifierType) { case NSSCMSSignerID_IssuerSN: - cert = CERT_FindCertByIssuerAndSN(certdb, signerinfo->signerIdentifier.id.issuerAndSN); + cert = CERT_FindCertByIssuerAndSN(certdb, sid->id.issuerAndSN); break; case NSSCMSSignerID_SubjectKeyID: -#if 0 /* not yet implemented */ - cert = CERT_FindCertBySubjectKeyID(certdb, signerinfo->signerIdentifier.id.subjectKeyID); -#else - cert = NULL; -#endif + cert = CERT_FindCertBySubjectKeyID(certdb, sid->id.subjectKeyID); break; default: cert = NULL; diff --git a/security/nss/lib/smime/cmst.h b/security/nss/lib/smime/cmst.h index 105ade583..2fa63a3b8 100644 --- a/security/nss/lib/smime/cmst.h +++ b/security/nss/lib/smime/cmst.h @@ -303,6 +303,18 @@ struct NSSCMSKeyTransRecipientInfoStr { }; typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo; +/* + * View comments before NSSCMSRecipientInfoStr for purpose of this + * structure. + */ +struct NSSCMSKeyTransRecipientInfoExStr { + NSSCMSKeyTransRecipientInfo recipientInfo; + int version; + SECKEYPublicKey *pubKey; +}; + +typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx; + #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */ #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */ @@ -399,12 +411,35 @@ typedef enum { NSSCMSRecipientInfoID_KEK = 2 } NSSCMSRecipientInfoIDSelector; +/* + * In order to preserve backwards binary compatibility when implementing + * creation of Recipient Info's that uses subjectKeyID in the + * keyTransRecipientInfo we need to stash a public key pointer in this + * structure somewhere. We figured out that NSSCMSKeyTransRecipientInfo + * is the smallest member of the ri union. We're in luck since that's + * the very structure that would need to use the public key. So we created + * a new structure NSSCMSKeyTransRecipientInfoEx which has a member + * NSSCMSKeyTransRecipientInfo as the first member followed by a version + * and a public key pointer. This way we can keep backwards compatibility + * without changing the size of this structure. + * + * BTW, size of structure: + * NSSCMSKeyTransRecipientInfo: 9 ints, 4 pointers + * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers + * NSSCMSKEKRecipientInfo: 10 ints, 7 pointers + * + * The new structure: + * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) + + * 1 int, 1 pointer + */ + struct NSSCMSRecipientInfoStr { NSSCMSRecipientInfoIDSelector recipientInfoType; union { NSSCMSKeyTransRecipientInfo keyTransRecipientInfo; NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo; NSSCMSKEKRecipientInfo kekRecipientInfo; + NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx; } ri; /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer to message */ diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index dde59aaad..c80e7e73a 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -216,3 +216,17 @@ NSS_CMSSignerInfo_CreateWithSubjKeyID; ;+ local: ;+ *; ;+}; +;+NSS_3.7 { # NSS 3.7 release +;+ global: +NSS_CMSRecipientInfo_CreateWithSubjKeyID; +NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert; +;+ local: +;+ *; +;+}; +;+NSS_3.7.2 { # NSS 3.7.2 release +;+ global: +NSS_CMSRecipientInfo_WrapBulkKey; +NSS_CMSRecipientInfo_UnwrapBulkKey; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/softoken/alghmac.c b/security/nss/lib/softoken/alghmac.c index fb22fbd9c..a975f3f5a 100644 --- a/security/nss/lib/softoken/alghmac.c +++ b/security/nss/lib/softoken/alghmac.c @@ -62,7 +62,7 @@ HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret, { HMACContext *cx; unsigned int i; - unsigned char hashed_secret[HASH_LENGTH_MAX]; + unsigned char hashed_secret[SHA1_LENGTH]; /* required by FIPS 198 Section 3 */ if (isFIPS && secret_len < hash_obj->length/2) { diff --git a/security/nss/lib/softoken/dbmshim.c b/security/nss/lib/softoken/dbmshim.c index 935780dbf..9cc33a575 100644 --- a/security/nss/lib/softoken/dbmshim.c +++ b/security/nss/lib/softoken/dbmshim.c @@ -53,31 +53,16 @@ #include "pkcs11i.h" -/* - * Blob block: - * Byte 0 CERTDB Version -+ -+ - * Byte 1 certDBEntryTypeBlob | BLOB_HEAD_LEN | - * Byte 2 flags (always '0'); | | - * Byte 3 reserved (always '0'); -+ | - * Byte 4 LSB length | <--BLOB_LENGTH_START | BLOB_BUF_LEN - * Byte 5 . | | - * Byte 6 . | BLOB_LENGTH_LEN | - * Byte 7 MSB length | | - * Byte 8 blob_filename -+ -+ <-- BLOB_NAME_START | - * Byte 9 . | BLOB_NAME_LEN | - * . . | | - * Byte 37 . -+ -+ - */ #define DBS_BLOCK_SIZE (16*1024) /* 16 k */ #define DBS_MAX_ENTRY_SIZE (DBS_BLOCK_SIZE - (2048)) /* 14 k */ #define DBS_CACHE_SIZE DBS_BLOCK_SIZE*8 #define ROUNDDIV(x,y) (x+(y-1))/y #define BLOB_HEAD_LEN 4 -#define BLOB_LENGTH_START BLOB_HEAD_LEN -#define BLOB_LENGTH_LEN 4 -#define BLOB_NAME_START BLOB_LENGTH_START+BLOB_LENGTH_LEN -#define BLOB_NAME_LEN 1+ROUNDDIV(SHA1_LENGTH,3)*4+1 -#define BLOB_BUF_LEN BLOB_HEAD_LEN+BLOB_LENGTH_LEN+BLOB_NAME_LEN +#define BLOB_NAMELENGTH_START BLOB_HEAD_LEN +#define BLOB_NAMELENGTH_LEN 4 +#define BLOB_NAME_START BLOB_NAMELENGTH_START+BLOB_NAMELENGTH_LEN +#define BLOB_NAME_LEN 1+ROUNDDIV(SHA1_LENGTH*4,3)+2 +#define BLOB_BUF_LEN BLOB_HEAD_LEN+BLOB_NAMELENGTH_LEN+BLOB_NAME_LEN /* a Shim data structure. This data structure has a db built into it. */ typedef struct DBSStr DBS; @@ -128,10 +113,10 @@ dbs_getBlobSize(DBT *blobData) { unsigned char *addr = (unsigned char *)blobData->data; - return (PRUint32)(addr[BLOB_LENGTH_START+3] << 24) | - (addr[BLOB_LENGTH_START+2] << 16) | - (addr[BLOB_LENGTH_START+1] << 8) | - addr[BLOB_LENGTH_START]; + return (PRUint32)(addr[BLOB_NAMELENGTH_START+3] << 24) | + (addr[BLOB_NAMELENGTH_START+2] << 16) | + (addr[BLOB_NAMELENGTH_START+1] << 8) | + addr[BLOB_NAMELENGTH_START]; } @@ -166,16 +151,16 @@ dbs_mkBlob(DBS *dbsp,const DBT *key, const DBT *data, DBT *blobData) b[1] = (char) certDBEntryTypeBlob; /* type */ b[2] = 0; /* flags */ b[3] = 0; /* reserved */ - b[BLOB_LENGTH_START] = length & 0xff; - b[BLOB_LENGTH_START+1] = (length >> 8) & 0xff; - b[BLOB_LENGTH_START+2] = (length >> 16) & 0xff; - b[BLOB_LENGTH_START+3] = (length >> 24) & 0xff; + b[BLOB_NAMELENGTH_START] = length & 0xff; + b[BLOB_NAMELENGTH_START+1] = (length >> 8) & 0xff; + b[BLOB_NAMELENGTH_START+2] = (length >> 16) & 0xff; + b[BLOB_NAMELENGTH_START+3] = (length >> 24) & 0xff; sha1Item.data = sha1_data; sha1Item.len = SHA1_LENGTH; SHA1_HashBuf(sha1_data,key->data,key->size); b[BLOB_NAME_START]='b'; /* Make sure we start with a alpha */ + PORT_Memset(&b[BLOB_NAME_START+1],0, BLOB_NAME_LEN-1); NSSBase64_EncodeItem(NULL,&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1,&sha1Item); - b[BLOB_BUF_LEN-1] = 0; dbs_replaceSlash(&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1); blobData->data = b; blobData->size = BLOB_BUF_LEN; diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c index 877ead2b5..da2380a1a 100644 --- a/security/nss/lib/softoken/keydb.c +++ b/security/nss/lib/softoken/keydb.c @@ -493,6 +493,28 @@ GetKeyDBGlobalSalt(NSSLOWKEYDBHandle *handle) } static SECStatus +StoreKeyDBGlobalSalt(NSSLOWKEYDBHandle *handle) +{ + DBT saltKey; + DBT saltData; + int status; + + saltKey.data = SALT_STRING; + saltKey.size = sizeof(SALT_STRING) - 1; + + saltData.data = (void *)handle->global_salt->data; + saltData.size = handle->global_salt->len; + + /* put global salt into the database now */ + status = (* handle->db->put)( handle->db, &saltKey, &saltData, 0); + if ( status ) { + return(SECFailure); + } + + return(SECSuccess); +} + +static SECStatus makeGlobalVersion(NSSLOWKEYDBHandle *handle) { unsigned char version; @@ -2496,20 +2518,22 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) goto done; } - rv = makeGlobalSalt(handle); + if (handle->global_salt) { + rv = StoreKeyDBGlobalSalt(handle); + } else { + rv = makeGlobalSalt(handle); + if ( rv == SECSuccess ) { + handle->global_salt = GetKeyDBGlobalSalt(handle); + } + } if ( rv != SECSuccess ) { errors++; - goto done; } - if (handle->global_salt) { - SECITEM_FreeItem(handle->global_salt,PR_TRUE); - } - handle->global_salt = GetKeyDBGlobalSalt(handle); - done: /* sync the database */ ret = (* handle->db->sync)(handle->db, 0); + db_InitComplete(handle->db); return (errors == 0 ? SECSuccess : SECFailure); } diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index 59600f70f..e61f9f831 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -61,7 +61,16 @@ /* forward declaration */ NSSLOWCERTCertificate * nsslowcert_FindCertByDERCertNoLocking(NSSLOWCERTCertDBHandle *handle, SECItem *derCert); - +static SECStatus +nsslowcert_UpdateSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, + char *emailAddr, SECItem *derSubject, SECItem *emailProfile, + SECItem *profileTime); +static SECStatus +nsslowcert_UpdatePermCert(NSSLOWCERTCertDBHandle *dbhandle, + NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust); +static SECStatus +nsslowcert_UpdateCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, + SECItem *crlKey, char *url, PRBool isKRL); static NSSLOWCERTCertificate *certListHead = NULL; static NSSLOWCERTTrust *trustListHead = NULL; @@ -2367,6 +2376,7 @@ DecodeDBSubjectEntry(certDBEntrySubject *entry, SECItem *dbentry, if ((eaddrlen == 0) && (tmpbuf+1 < end)) { /* read in the additional email addresses */ entry->nemailAddrs = tmpbuf[0] << 8 | tmpbuf[1]; + tmpbuf += 2; entry->emailAddrs = (char **) PORT_ArenaAlloc(arena, entry->nemailAddrs * sizeof(char *)); if (entry->emailAddrs == NULL) { @@ -3492,7 +3502,7 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) cert = nsslowcert_DecodeDERCertificate(&certEntry.derCert, certEntry.nickname); if (cert) { - nsslowcert_AddPermCert(handle, cert, certEntry.nickname, + nsslowcert_UpdatePermCert(handle, cert, certEntry.nickname, &certEntry.trust); nsslowcert_DestroyCertificate(cert); } @@ -3517,7 +3527,7 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) if (rv != SECSuccess) { break; } - nsslowcert_AddCrl(handle, &crlEntry.derCrl, &dbKey, + nsslowcert_UpdateCrl(handle, &crlEntry.derCrl, &dbKey, crlEntry.url, isKRL); /* free data allocated by the decode */ PORT_FreeArena(crlEntry.common.arena, PR_FALSE); @@ -3531,7 +3541,7 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); /* decode entry */ - nsslowcert_SaveSMimeProfile(handle, smimeEntry.emailAddr, + nsslowcert_UpdateSMimeProfile(handle, smimeEntry.emailAddr, &smimeEntry.subjectName, &smimeEntry.smimeOptions, &smimeEntry.optionsDate); PORT_FreeArena(smimeEntry.common.arena, PR_FALSE); @@ -4496,8 +4506,8 @@ done: } -SECStatus -nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, +static SECStatus +nsslowcert_UpdatePermCert(NSSLOWCERTCertDBHandle *dbhandle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust) { char *oldnn; @@ -4505,13 +4515,6 @@ nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, PRBool conflict; SECStatus ret; SECStatus rv; - - nsslowcert_LockDB(dbhandle); - rv = db_BeginTransaction(dbhandle->permCertDB); - if (rv != SECSuccess) { - nsslowcert_UnlockDB(dbhandle); - return SECFailure; - } PORT_Assert(!cert->dbEntry); @@ -4542,6 +4545,28 @@ nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, ret = SECSuccess; done: + return(ret); +} + +SECStatus +nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, + NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust) +{ + char *oldnn; + certDBEntryCert *entry; + PRBool conflict; + SECStatus ret; + SECStatus rv; + + nsslowcert_LockDB(dbhandle); + rv = db_BeginTransaction(dbhandle->permCertDB); + if (rv != SECSuccess) { + nsslowcert_UnlockDB(dbhandle); + return SECFailure; + } + + ret = nsslowcert_UpdatePermCert(dbhandle, cert, nickname, trust); + db_FinishTransaction(dbhandle->permCertDB, ret != SECSuccess); nsslowcert_UnlockDB(dbhandle); return(ret); @@ -5065,18 +5090,14 @@ loser: /* * replace the existing URL in the data base with a new one */ -SECStatus -nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, +static SECStatus +nsslowcert_UpdateCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, SECItem *crlKey, char *url, PRBool isKRL) { SECStatus rv = SECFailure; certDBEntryRevocation *entry = NULL; certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation : certDBEntryTypeRevocation; - rv = db_BeginTransaction(handle->permCertDB); - if (rv != SECSuccess) { - return SECFailure; - } DeleteDBCrlEntry(handle, crlKey, crlType); /* Write the new entry into the data base */ @@ -5090,6 +5111,21 @@ done: if (entry) { DestroyDBEntry((certDBEntry *)entry); } + return rv; +} + +SECStatus +nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, + SECItem *crlKey, char *url, PRBool isKRL) +{ + SECStatus rv; + + rv = db_BeginTransaction(handle->permCertDB); + if (rv != SECSuccess) { + return SECFailure; + } + rv = nsslowcert_UpdateCrl(handle, derCrl, crlKey, url, isKRL); + db_FinishTransaction(handle->permCertDB, rv != SECSuccess); return rv; } @@ -5131,17 +5167,14 @@ nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust) * email profile from an S/MIME message should be saved. It can deal with * the case when there is no profile. */ -SECStatus -nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, - SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime) +static SECStatus +nsslowcert_UpdateSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, + char *emailAddr, SECItem *derSubject, SECItem *emailProfile, + SECItem *profileTime) { certDBEntrySMime *entry = NULL; SECStatus rv = SECFailure;; - rv = db_BeginTransaction(dbhandle->permCertDB); - if (rv != SECSuccess) { - return SECFailure; - } /* find our existing entry */ entry = nsslowcert_ReadDBSMimeEntry(dbhandle, emailAddr); @@ -5191,6 +5224,24 @@ loser: if ( entry ) { DestroyDBEntry((certDBEntry *)entry); } + return(rv); +} + +SECStatus +nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, + SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime) +{ + certDBEntrySMime *entry = NULL; + SECStatus rv = SECFailure;; + + rv = db_BeginTransaction(dbhandle->permCertDB); + if (rv != SECSuccess) { + return SECFailure; + } + + rv = nsslowcert_UpdateSMimeProfile(dbhandle, emailAddr, + derSubject, emailProfile, profileTime); + db_FinishTransaction(dbhandle->permCertDB, rv != SECSuccess); return(rv); } diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index 6f6583c80..5a4906984 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -451,6 +451,7 @@ secmod_EncodeData(DBT *data, char * module) pk11_argSetNewCipherFlags(&ssl[0], ciphers); SECMOD_PUTLONG(encoded->ssl,ssl[0]); SECMOD_PUTLONG(&encoded->ssl[4],ssl[1]); + if (ciphers) PORT_Free(ciphers); offset = (unsigned short) &(((secmodData *)0)->names[0]); SECMOD_PUTSHORT(encoded->nameStart,offset); @@ -496,6 +497,7 @@ loser: if (dllName) PORT_Free(dllName); if (param) PORT_Free(param); if (slotInfo) PORT_Free(slotInfo); + if (nss) PORT_Free(nss); return rv; } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index a2d1c6ad3..aeb728d8e 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -974,7 +974,6 @@ pk11_handleCrlObject(PK11Session *session,PK11Object *object) return CKR_OK; } -NSSLOWKEYPublicKey * pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key); /* * check the consistancy and initialize a Public Key Object */ @@ -1042,7 +1041,10 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, crv = pk11_defaultAttribute(object,CKA_DERIVE,&derive,sizeof(CK_BBOOL)); if (crv != CKR_OK) return crv; - object->objectInfo = pk11_GetPubKey(object,key_type); + object->objectInfo = pk11_GetPubKey(object,key_type, &crv); + if (object->objectInfo == NULL) { + return crv; + } object->infoFree = (PK11Free) nsslowkey_DestroyPublicKey; if (pk11_isTrue(object,CKA_TOKEN)) { @@ -1081,7 +1083,9 @@ pk11_handlePublicKeyObject(PK11Session *session, PK11Object *object, return CKR_OK; } -static NSSLOWKEYPrivateKey * pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key); +static NSSLOWKEYPrivateKey * +pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key, CK_RV *rvp); + /* * check the consistancy and initialize a Private Key Object */ @@ -1192,8 +1196,8 @@ pk11_handlePrivateKeyObject(PK11Session *session,PK11Object *object,CK_KEY_TYPE return CKR_TOKEN_WRITE_PROTECTED; } - privKey=pk11_mkPrivKey(object,key_type); - if (privKey == NULL) return CKR_HOST_MEMORY; + privKey=pk11_mkPrivKey(object,key_type,&crv); + if (privKey == NULL) return crv; label = pk11_getString(object,CKA_LABEL); crv = pk11_Attribute2SSecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB); @@ -1225,8 +1229,8 @@ fail: nsslowkey_DestroyPrivateKey(privKey); if (rv != SECSuccess) return CKR_DEVICE_ERROR; } else { - object->objectInfo = pk11_mkPrivKey(object,key_type); - if (object->objectInfo == NULL) return CKR_HOST_MEMORY; + object->objectInfo = pk11_mkPrivKey(object,key_type,&crv); + if (object->objectInfo == NULL) return crv; object->infoFree = (PK11Free) nsslowkey_DestroyPrivateKey; /* now NULL out the sensitive attributes */ if (pk11_isTrue(object,CKA_SENSITIVE)) { @@ -1701,13 +1705,15 @@ pk11_handleObject(PK11Object *object, PK11Session *session) * ******************** Public Key Utilities *************************** */ /* Generate a low public key structure from an object */ -NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type) +NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type, + CK_RV *crvp) { NSSLOWKEYPublicKey *pubKey; PLArenaPool *arena; CK_RV crv; if (object->objclass != CKO_PUBLIC_KEY) { + *crvp = CKR_KEY_TYPE_INCONSISTENT; return NULL; } @@ -1717,16 +1723,21 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type) /* If we already have a key, use it */ if (object->objectInfo) { + *crvp = CKR_OK; return (NSSLOWKEYPublicKey *)object->objectInfo; } /* allocate the structure */ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) return NULL; + if (arena == NULL) { + *crvp = CKR_HOST_MEMORY; + return NULL; + } pubKey = (NSSLOWKEYPublicKey *) PORT_ArenaAlloc(arena,sizeof(NSSLOWKEYPublicKey)); if (pubKey == NULL) { + *crvp = CKR_HOST_MEMORY; PORT_FreeArena(arena,PR_FALSE); return NULL; } @@ -1764,13 +1775,14 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type) crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dh.base, object,CKA_BASE); if (crv != CKR_OK) break; - crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dsa.publicValue, + crv = pk11_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, object,CKA_VALUE); break; default: crv = CKR_KEY_TYPE_INCONSISTENT; break; } + *crvp = crv; if (crv != CKR_OK) { PORT_FreeArena(arena,PR_FALSE); return NULL; @@ -1783,7 +1795,7 @@ NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object,CK_KEY_TYPE key_type) /* make a private key from a verified object */ static NSSLOWKEYPrivateKey * -pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type) +pk11_mkPrivKey(PK11Object *object, CK_KEY_TYPE key_type, CK_RV *crvp) { NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena; @@ -1792,12 +1804,16 @@ pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type) PORT_Assert(!pk11_isToken(object->handle)); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) return NULL; + if (arena == NULL) { + *crvp = CKR_HOST_MEMORY; + return NULL; + } privKey = (NSSLOWKEYPrivateKey *) PORT_ArenaZAlloc(arena,sizeof(NSSLOWKEYPrivateKey)); if (privKey == NULL) { PORT_FreeArena(arena,PR_FALSE); + *crvp = CKR_HOST_MEMORY; return NULL; } @@ -1872,6 +1888,7 @@ pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type) crv = CKR_KEY_TYPE_INCONSISTENT; break; } + *crvp = crv; if (crv != CKR_OK) { PORT_FreeArena(arena,PR_FALSE); return NULL; @@ -1882,14 +1899,16 @@ pk11_mkPrivKey(PK11Object *object,CK_KEY_TYPE key_type) /* Generate a low private key structure from an object */ NSSLOWKEYPrivateKey * -pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type) +pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type, CK_RV *crvp) { NSSLOWKEYPrivateKey *priv = NULL; if (object->objclass != CKO_PRIVATE_KEY) { + *crvp = CKR_KEY_TYPE_INCONSISTENT; return NULL; } if (object->objectInfo) { + *crvp = CKR_OK; return (NSSLOWKEYPrivateKey *)object->objectInfo; } @@ -1901,8 +1920,9 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type) PORT_Assert(object->slot->keyDB); priv = nsslowkey_FindKeyByPublicKey(object->slot->keyDB, &to->dbKey, object->slot->password); + *crvp = priv ? CKR_OK : CKR_DEVICE_ERROR; } else { - priv = pk11_mkPrivKey(object, key_type); + priv = pk11_mkPrivKey(object, key_type, crvp); } object->objectInfo = priv; object->infoFree = (PK11Free) nsslowkey_DestroyPrivateKey; @@ -2225,19 +2245,25 @@ PK11Slot * pk11_NewSlotFromID(CK_SLOT_ID slotID, int moduleIndex) static SECStatus pk11_set_user(NSSLOWCERTCertificate *cert, SECItem *dummy, void *arg) { - NSSLOWKEYDBHandle *keydb = (NSSLOWKEYDBHandle *)arg; + PK11Slot *slot = (PK11Slot *)arg; + NSSLOWCERTCertTrust trust = *cert->trust; - if (nsslowkey_KeyForCertExists(keydb,cert)) { - cert->trust->sslFlags |= CERTDB_USER; - cert->trust->emailFlags |= CERTDB_USER; - cert->trust->objectSigningFlags |= CERTDB_USER; + if (nsslowkey_KeyForCertExists(slot->keyDB,cert)) { + trust.sslFlags |= CERTDB_USER; + trust.emailFlags |= CERTDB_USER; + trust.objectSigningFlags |= CERTDB_USER; } else { - cert->trust->sslFlags &= ~CERTDB_USER; - cert->trust->emailFlags &= ~CERTDB_USER; - cert->trust->objectSigningFlags &= ~CERTDB_USER; + trust.sslFlags &= ~CERTDB_USER; + trust.emailFlags &= ~CERTDB_USER; + trust.objectSigningFlags &= ~CERTDB_USER; + } + + if (PORT_Memcmp(&trust,cert->trust, sizeof (trust)) != 0) { + nsslowcert_ChangeCertTrust(slot->certDB,cert, &trust); } /* should check for email address and make sure we have an s/mime profile */ + return SECSuccess; } static void @@ -2246,7 +2272,7 @@ pk11_DBVerify(PK11Slot *slot) /* walk through all the certs and check to see if there are any * user certs, and make sure there are s/mime profiles for all certs with * email addresses */ - nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot->keyDB); + nsslowcert_TraversePermCerts(slot->certDB,pk11_set_user,slot); return; } @@ -2732,6 +2758,29 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) #define CKF_THREAD_SAFE 0x8000 /* for now */ +/* + * check the current state of the 'needLogin' flag in case the database has + * been changed underneath us. + */ +static PRBool +pk11_checkNeedLogin(PK11Slot *slot) +{ + if (slot->password) { + if (nsslowkey_CheckKeyDBPassword(slot->keyDB,slot->password) + == SECSuccess) { + return slot->needLogin; + } else { + SECITEM_FreeItem(slot->password, PR_TRUE); + slot->password = NULL; + slot->isLoggedIn = PR_FALSE; + } + } + slot->needLogin = + (PRBool)!pk11_hasNullPassword(slot->keyDB,&slot->password); + return (slot->needLogin); +} + + /* NSC_GetTokenInfo obtains information about a particular token in * the system. */ CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) @@ -2774,7 +2823,7 @@ CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) */ if (nsslowkey_HasKeyDBPassword(handle) == SECFailure) { pInfo->flags = CKF_THREAD_SAFE | CKF_LOGIN_REQUIRED; - } else if (!slot->needLogin) { + } else if (!pk11_checkNeedLogin(slot)) { pInfo->flags = CKF_THREAD_SAFE | CKF_USER_PIN_INITIALIZED; } else { pInfo->flags = CKF_THREAD_SAFE | @@ -2795,8 +2844,6 @@ CK_RV NSC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) return CKR_OK; } - - /* NSC_GetMechanismList obtains a list of mechanism types * supported by a token. */ CK_RV NSC_GetMechanismList(CK_SLOT_ID slotID, @@ -3253,6 +3300,7 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, PK11Slot *slot; PK11Session *session; NSSLOWKEYDBHandle *handle; + CK_FLAGS sessionFlags; SECItem *pin; char pinStr[PK11_MAX_PIN+1]; @@ -3262,10 +3310,10 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, /* make sure the session is valid */ session = pk11_SessionFromHandle(hSession); - if (session == NULL) { - if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - } + if (session == NULL) return CKR_SESSION_HANDLE_INVALID; + sessionFlags = session->info.flags; pk11_FreeSession(session); + session = NULL; /* can't log into the Netscape Slot */ if (slot->slotID == NETSCAPE_SLOT_ID) @@ -3293,7 +3341,7 @@ CK_RV NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, if (nsslowkey_HasKeyDBPassword(handle) == SECFailure) { /* allow SSO's to log in only if there is not password on the * key database */ - if (((userType == CKU_SO) && (session->info.flags & CKF_RW_SESSION)) + if (((userType == CKU_SO) && (sessionFlags & CKF_RW_SESSION)) /* fips always needs to authenticate, even if there isn't a db */ || (slot->slotID == FIPS_SLOT_ID)) { /* should this be a fixed password? */ @@ -3348,9 +3396,9 @@ CK_RV NSC_Logout(CK_SESSION_HANDLE hSession) SECItem *pw = NULL; session = pk11_SessionFromHandle(hSession); - if (session == NULL) { - if (session == NULL) return CKR_SESSION_HANDLE_INVALID; - } + if (session == NULL) return CKR_SESSION_HANDLE_INVALID; + pk11_FreeSession(session); + session = NULL; if (!slot->isLoggedIn) return CKR_USER_NOT_LOGGED_IN; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 731c03d6a..dce0c2619 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -494,10 +494,9 @@ pk11_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->multi = PR_FALSE; context->cipherInfo = isEncrypt ? - (void *)pk11_GetPubKey(key,CKK_RSA) : - (void *)pk11_GetPrivKey(key,CKK_RSA); + (void *)pk11_GetPubKey(key,CKK_RSA,&crv) : + (void *)pk11_GetPrivKey(key,CKK_RSA,&crv); if (context->cipherInfo == NULL) { - crv = CKR_HOST_MEMORY; break; } if (isEncrypt) { @@ -755,7 +754,7 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, return CKR_OK; } /* encrypt the current padded data */ - rv = (*context->update)(context->cipherInfo, pEncryptedPart, + rv = (*context->update)(context->cipherInfo,pEncryptedPart, &padoutlen, context->blockSize, context->padBuf, context->blockSize); if (rv != SECSuccess) return CKR_DEVICE_ERROR; @@ -1896,10 +1895,9 @@ finish_rsa: break; } context->multi = PR_FALSE; - privKey = pk11_GetPrivKey(key,CKK_RSA); + privKey = pk11_GetPrivKey(key,CKK_RSA,&crv); if (privKey == NULL) { if (info) PORT_Free(info); - crv = CKR_HOST_MEMORY; break; } /* OK, info is allocated only if we're doing hash and sign mechanism. @@ -1927,9 +1925,8 @@ finish_rsa: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - privKey = pk11_GetPrivKey(key,CKK_DSA); + privKey = pk11_GetPrivKey(key,CKK_DSA,&crv); if (privKey == NULL) { - crv = CKR_HOST_MEMORY; break; } context->cipherInfo = privKey; @@ -2320,9 +2317,8 @@ finish_rsa: crv = CKR_KEY_TYPE_INCONSISTENT; break; } - pubKey = pk11_GetPubKey(key,CKK_RSA); + pubKey = pk11_GetPubKey(key,CKK_RSA,&crv); if (pubKey == NULL) { - crv = CKR_HOST_MEMORY; break; } if (info) { @@ -2345,9 +2341,8 @@ finish_rsa: break; } context->multi = PR_FALSE; - pubKey = pk11_GetPubKey(key,CKK_DSA); + pubKey = pk11_GetPubKey(key,CKK_DSA,&crv); if (pubKey == NULL) { - crv = CKR_HOST_MEMORY; break; } context->cipherInfo = pubKey; @@ -2519,9 +2514,8 @@ CK_RV NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession, break; } context->multi = PR_FALSE; - pubKey = pk11_GetPubKey(key,CKK_RSA); + pubKey = pk11_GetPubKey(key,CKK_RSA,&crv); if (pubKey == NULL) { - crv = CKR_HOST_MEMORY; break; } context->cipherInfo = pubKey; @@ -3311,6 +3305,7 @@ dsagn_done: pk11_DeleteAttributeType(privateKey,CKA_PRIME); pk11_DeleteAttributeType(privateKey,CKA_BASE); pk11_DeleteAttributeType(privateKey,CKA_VALUE); + pk11_DeleteAttributeType(privateKey,CKA_NETSCAPE_DB); key_type = CKK_DH; /* extract the necessary parameters and copy them to private keys */ @@ -3345,6 +3340,10 @@ dsagn_done: pk11_item_expand(&dhPriv->publicValue)); if (crv != CKR_OK) goto dhgn_done; + crv = pk11_AddAttributeType(privateKey,CKA_NETSCAPE_DB, + pk11_item_expand(&dhPriv->publicValue)); + if (crv != CKR_OK) goto dhgn_done; + crv=pk11_AddAttributeType(privateKey, CKA_VALUE, pk11_item_expand(&dhPriv->privateValue)); @@ -3439,7 +3438,7 @@ dhgn_done: return CKR_OK; } -static SECItem *pk11_PackagePrivateKey(PK11Object *key) +static SECItem *pk11_PackagePrivateKey(PK11Object *key, CK_RV *crvp) { NSSLOWKEYPrivateKey *lk = NULL; NSSLOWKEYPrivateKeyInfo *pki = NULL; @@ -3451,15 +3450,17 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key) SECItem *encodedKey = NULL; if(!key) { + *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */ return NULL; } attribute = pk11_FindAttribute(key, CKA_KEY_TYPE); if(!attribute) { + *crvp = CKR_KEY_TYPE_INCONSISTENT; return NULL; } - lk = pk11_GetPrivKey(key, *(CK_KEY_TYPE *)attribute->attrib.pValue); + lk = pk11_GetPrivKey(key, *(CK_KEY_TYPE *)attribute->attrib.pValue, crvp); pk11_FreeAttribute(attribute); if(!lk) { return NULL; @@ -3468,12 +3469,14 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key) arena = PORT_NewArena(2048); /* XXX different size? */ if(!arena) { rv = SECFailure; + *crvp = CKR_HOST_MEMORY; goto loser; } pki = (NSSLOWKEYPrivateKeyInfo*)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPrivateKeyInfo)); if(!pki) { + *crvp = CKR_HOST_MEMORY; rv = SECFailure; goto loser; } @@ -3503,12 +3506,15 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key) } if(!dummy || ((lk->keyType == NSSLOWKEYDSAKey) && !param)) { + *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ + rv = SECFailure; goto loser; } rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm, (SECItem*)param); if(rv != SECSuccess) { + *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ rv = SECFailure; goto loser; } @@ -3516,12 +3522,14 @@ static SECItem *pk11_PackagePrivateKey(PK11Object *key) dummy = SEC_ASN1EncodeInteger(arena, &pki->version, NSSLOWKEY_PRIVATE_KEY_INFO_VERSION); if(!dummy) { + *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */ rv = SECFailure; goto loser; } encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki, nsslowkey_PrivateKeyInfoTemplate); + *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; loser: if(arena) { @@ -3610,10 +3618,9 @@ CK_RV NSC_WrapKey(CK_SESSION_HANDLE hSession, case CKO_PRIVATE_KEY: { - SECItem *bpki = pk11_PackagePrivateKey(key); + SECItem *bpki = pk11_PackagePrivateKey(key, &crv); if(!bpki) { - crv = CKR_KEY_TYPE_INCONSISTENT; break; } diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index ae92816b3..695cd0f25 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -297,8 +297,8 @@ typedef enum { #define PK11_MAX_BLOCK_SIZE 16 -/* currently SHA512 is the biggest hash length */ -#define PK11_MAX_MAC_LENGTH 64 +/* currently SHA1 is the biggest hash length */ +#define PK11_MAX_MAC_LENGTH 20 #define PK11_INVALID_MAC_SIZE 0xffffffff struct PK11SessionContextStr { @@ -602,9 +602,9 @@ extern void pk11_FreeContext(PK11SessionContext *context); extern void pk11_CleanupFreeLists(void); extern NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object, - CK_KEY_TYPE key_type); + CK_KEY_TYPE key_type, CK_RV *crvp); extern NSSLOWKEYPrivateKey *pk11_GetPrivKey(PK11Object *object, - CK_KEY_TYPE key_type); + CK_KEY_TYPE key_type, CK_RV *crvp); extern void pk11_FormatDESKey(unsigned char *key, int length); extern PRBool pk11_CheckDESKey(unsigned char *key); extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); diff --git a/security/nss/lib/softoken/pkcs11n.h b/security/nss/lib/softoken/pkcs11n.h index 5c6624bb5..c2b57acab 100644 --- a/security/nss/lib/softoken/pkcs11n.h +++ b/security/nss/lib/softoken/pkcs11n.h @@ -165,16 +165,6 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #define CKM_TLS_PRF_GENERAL 0x80000373L -/* These new SHAxxx mechanisms will be defined as vendor-defined until -** they are given standard mechanism numbers. -*/ -#define CKM_SHA256 0x80000401L -#define CKM_SHA384 0x80000402L -#define CKM_SHA512 0x80000403L - -#define CKM_SHA256_RSA_PKCS 0x80000411L -#define CKM_SHA384_RSA_PKCS 0x80000412L -#define CKM_SHA512_RSA_PKCS 0x80000413L /* * Netscape-defined return values diff --git a/security/nss/lib/softoken/rawhash.c b/security/nss/lib/softoken/rawhash.c index b32d3f31a..9250bf62b 100644 --- a/security/nss/lib/softoken/rawhash.c +++ b/security/nss/lib/softoken/rawhash.c @@ -107,29 +107,5 @@ const SECHashObject SECRawHashObjects[] = { (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update, (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End }, - { SHA256_LENGTH, - (void * (*)(void)) SHA256_NewContext, - (void * (*)(void *)) null_hash_clone_context, - (void (*)(void *, PRBool)) SHA256_DestroyContext, - (void (*)(void *)) SHA256_Begin, - (void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update, - (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA256_End - }, - { SHA384_LENGTH, - (void * (*)(void)) SHA384_NewContext, - (void * (*)(void *)) null_hash_clone_context, - (void (*)(void *, PRBool)) SHA384_DestroyContext, - (void (*)(void *)) SHA384_Begin, - (void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update, - (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA384_End - }, - { SHA512_LENGTH, - (void * (*)(void)) SHA512_NewContext, - (void * (*)(void *)) null_hash_clone_context, - (void (*)(void *, PRBool)) SHA512_DestroyContext, - (void (*)(void *)) SHA512_Begin, - (void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update, - (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA512_End - }, }; diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 4bb873b03..82068cb56 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -1323,6 +1323,33 @@ ssl3_ComputeRecordMAC( return rv; } +static PRBool +ssl3_ClientAuthTokenPresent(sslSessionID *sid) { + PK11SlotInfo *slot = NULL; + PRBool isPresent = PR_TRUE; + + /* we only care if we are doing client auth */ + if (!sid || !sid->u.ssl3.clAuthValid) { + return PR_TRUE; + } + + /* get the slot */ + slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, + sid->u.ssl3.clAuthSlotID); + if (slot == NULL || + !PK11_IsPresent(slot) || + sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || + sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || + sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || + (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) { + isPresent = PR_FALSE; + } + if (slot) { + PK11_FreeSlot(slot); + } + return isPresent; +} + /* Process the plain text before sending it. * Returns the number of bytes of plaintext that were succesfully sent * plus the number of bytes of plaintext that were copied into the @@ -1367,6 +1394,12 @@ ssl3_SendRecord( sslSocket * ss, } } + /* check for Token Presence */ + if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) { + PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); + return SECFailure; + } + while (bytes > 0) { PRInt32 count; PRUint32 contentLen; @@ -2691,21 +2724,8 @@ ssl3_SendClientHello(sslSocket *ss) ** holds the private key still exists, is logged in, hasn't been ** removed, etc. */ - if (sidOK && sid->u.ssl3.clAuthValid) { - slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, - sid->u.ssl3.clAuthSlotID); - if (slot == NULL || - !PK11_IsPresent(slot) || - sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || - sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || - sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || - !PK11_IsLoggedIn(slot, NULL)) { - sidOK = PR_FALSE; - } - if (slot) { - PK11_FreeSlot(slot); - slot = NULL; - } + if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) { + sidOK = PR_FALSE; } if (!sidOK) { @@ -7393,9 +7413,10 @@ const ssl3BulkCipherDef *cipher_def; ssl3State * ssl3 = ss->ssl3; ssl3CipherSpec * crSpec; SECStatus rv; - unsigned int hashBytes; + unsigned int hashBytes = MAX_MAC_LENGTH + 1; unsigned int padding_length; PRBool isTLS; + PRBool padIsBad = PR_FALSE; SSL3ContentType rType; SSL3Opaque hash[MAX_MAC_LENGTH]; @@ -7412,6 +7433,12 @@ const ssl3BulkCipherDef *cipher_def; ssl3 = ss->ssl3; + /* check for Token Presence */ + if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) { + PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); + return SECFailure; + } + /* cText is NULL when we're called from ssl3_RestartHandshakeAfterXXX(). * This implies that databuf holds a previously deciphered SSL Handshake * message. @@ -7430,6 +7457,7 @@ const ssl3BulkCipherDef *cipher_def; SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); /* sslBuffer_Grow has set a memory error code. */ + /* Perhaps we should send an alert. (but we have no memory!) */ return SECFailure; } } @@ -7455,11 +7483,11 @@ const ssl3BulkCipherDef *cipher_def; PRINT_BUF(80, (ss, "cleartext:", databuf->buf, databuf->len)); if (rv != SECSuccess) { + int err = ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); ssl_ReleaseSpecReadLock(ss); - ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); - SSL3_SendAlert(ss, alert_fatal, - isTLS ? decryption_failed : bad_record_mac); - ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); + SSL3_SendAlert(ss, alert_fatal, + isTLS ? decryption_failed : bad_record_mac); + PORT_SetError(err); return SECFailure; } @@ -7467,48 +7495,45 @@ const ssl3BulkCipherDef *cipher_def; if (cipher_def->type == type_block) { padding_length = *(databuf->buf + databuf->len - 1); /* TLS permits padding to exceed the block size, up to 255 bytes. */ - if (padding_length + crSpec->mac_size >= databuf->len) - goto bad_pad; + if (padding_length + 1 + crSpec->mac_size > databuf->len) + padIsBad = PR_TRUE; /* if TLS, check value of first padding byte. */ - if (padding_length && isTLS && padding_length != - *(databuf->buf + databuf->len - 1 - padding_length)) - goto bad_pad; - databuf->len -= padding_length + 1; - if (databuf->len <= 0) { -bad_pad: - /* must not hold spec lock when calling SSL3_SendAlert. */ - ssl_ReleaseSpecReadLock(ss); - /* SSL3 & TLS must send bad_record_mac if padding check fails. */ - SSL3_SendAlert(ss, alert_fatal, bad_record_mac); - PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); - return SECFailure; - } + else if (padding_length && isTLS && + padding_length != + *(databuf->buf + databuf->len - (padding_length + 1))) + padIsBad = PR_TRUE; + else + databuf->len -= padding_length + 1; } - /* Check the MAC. */ - if (databuf->len < crSpec->mac_size) { - /* record is too short to have a valid mac. */ - goto bad_mac; - } - databuf->len -= crSpec->mac_size; + /* Remove the MAC. */ + if (databuf->len >= crSpec->mac_size) + databuf->len -= crSpec->mac_size; + else + padIsBad = PR_TRUE; /* really macIsBad */ + + /* compute the MAC */ rType = cText->type; rv = ssl3_ComputeRecordMAC( - crSpec, (ss->sec.isServer) ? crSpec->client.write_mac_context + crSpec, (ss->sec.isServer) ? crSpec->client.write_mac_context : crSpec->server.write_mac_context, rType, cText->version, crSpec->read_seq_num, databuf->buf, databuf->len, hash, &hashBytes); if (rv != SECSuccess) { + int err = ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); ssl_ReleaseSpecReadLock(ss); - ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); + SSL3_SendAlert(ss, alert_fatal, bad_record_mac); + PORT_SetError(err); return rv; } - if (hashBytes != (unsigned)crSpec->mac_size || + /* Check the MAC */ + if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || PORT_Memcmp(databuf->buf + databuf->len, hash, crSpec->mac_size) != 0) { -bad_mac: /* must not hold spec lock when calling SSL3_SendAlert. */ ssl_ReleaseSpecReadLock(ss); SSL3_SendAlert(ss, alert_fatal, bad_record_mac); + /* always log mac error, in case attacker can read server logs. */ PORT_SetError(SSL_ERROR_BAD_MAC_READ); SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index 525ed513b..7e139cae1 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -183,7 +183,8 @@ SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), -SEC_ERROR_REUSED_ISSUER_AND_SERIAL = (SEC_ERROR_BASE + 138) +SEC_ERROR_REUSED_ISSUER_AND_SERIAL = (SEC_ERROR_BASE + 138), +SEC_ERROR_BUSY = (SEC_ERROR_BASE + 139) } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 2ee8b08e6..179105488 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -50,7 +50,6 @@ #define NISTALGS USGOV, 3, 4 #define AES NISTALGS, 1 -#define SHAXXX NISTALGS, 2 /** ** The Netscape OID space is allocated by Terry Hayes. If you need @@ -180,9 +179,6 @@ CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 }; CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 }; CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 }; CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 }; -CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 }; -CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 }; -CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 }; CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 }; CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 }; @@ -418,10 +414,6 @@ CONST_OID aes256_OFB[] = { AES, 43 }; CONST_OID aes256_CFB[] = { AES, 44 }; #endif -CONST_OID sha256[] = { SHAXXX, 1 }; -CONST_OID sha384[] = { SHAXXX, 2 }; -CONST_OID sha512[] = { SHAXXX, 3 }; - #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } #ifndef SECOID_NO_STRINGS #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } @@ -1017,25 +1009,9 @@ const static SECOidData oids[] = { OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), - OD( ms_smimeEncryptionKeyPreference, - SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, + OD( ms_smimeEncryptionKeyPreference, SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, "Microsoft S/MIME Encryption Key Preference", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), - - OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION), - OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION), - OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION), - - OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, - "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS, - INVALID_CERT_EXTENSION ), - OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, - "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS, - INVALID_CERT_EXTENSION ), - OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, - "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS, - INVALID_CERT_EXTENSION ), - }; /* diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index 113959342..5c89cf7a9 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -296,14 +296,6 @@ typedef enum { SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190, - SEC_OID_SHA256 = 191, - SEC_OID_SHA384 = 192, - SEC_OID_SHA512 = 193, - - SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194, - SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195, - SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196, - SEC_OID_TOTAL } SECOidTag; diff --git a/security/nss/tests/cipher/cipher.txt b/security/nss/tests/cipher/cipher.txt index 29915cfc9..17707c7b9 100644 --- a/security/nss/tests/cipher/cipher.txt +++ b/security/nss/tests/cipher/cipher.txt @@ -30,6 +30,3 @@ 0 md2_-H MD2_Hash 0 md5_-H MD5_Hash 0 sha1_-H SHA1_Hash - 0 sha256_-H SHA256_Hash - 0 sha384_-H SHA384_Hash - 0 sha512_-H SHA512_Hash diff --git a/security/nss/tests/cmdtests/cmdtests.sh b/security/nss/tests/cmdtests/cmdtests.sh deleted file mode 100644 index 7342e2a1c..000000000 --- a/security/nss/tests/cmdtests/cmdtests.sh +++ /dev/null @@ -1,132 +0,0 @@ -#! /bin/sh -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# -######################################################################## -# -# mozilla/security/nss/cmd/tests/cmdtests.sh -# -# Script to run small tests to test specific crashes of NSS -# -# needs to work on all Unix and Windows platforms -# -# included from -# -------------- -# all.sh -# -# tests implemented: -# vercrt (verify encryption cert - bugzilla bug 119059) -# vercrtfps (verify encryption cert in fips mode - bugzilla bug 119214) -# test3 (CERT_FindUserCertByUsage called 2nd time - bug 118864) -# -# special strings -# --------------- -# -######################################################################## - -############################## cmdtests_init ########################### -# local shell function to initialize this script -######################################################################## -cmdtests_init() -{ - SCRIPTNAME=cmdtests.sh # sourced - $0 would point to all.sh - - if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for - CLEANUP="${SCRIPTNAME}" # cleaning this script will do it - fi - - if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then - cd ../common - . ./init.sh - fi - if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here - cd ../cert - . ./cert.sh - fi - SCRIPTNAME=cmdtests.sh - html_head "Tests in cmd/tests" - -# grep "SUCCESS: cmd/tests passed" $CERT_LOG_FILE >/dev/null || { -# Exit 15 "Fatal - cert.sh needs to pass first" -# } - - CMDTESTSDIR=${HOSTDIR}/cmd/tests - COPYDIR=${CMDTESTSDIR}/copydir - - R_CMDTESTSDIR=../cmd/tests - R_COPYDIR=../cmd/tests/copydir - P_R_COPYDIR=${R_COPYDIR} - - if [ -n "${MULTIACCESS_DBM}" ]; then - P_R_COPYDIR="multiaccess:Cmdtests.$version" - fi - - mkdir -p ${CMDTESTSDIR} - mkdir -p ${COPYDIR} - mkdir -p ${CMDTESTSDIR}/html - - cd ${CMDTESTSDIR} -} - -############################## ct_vercrt ################################## -# CERT_VerifyCert should not fail when verifying encryption cert -# Bugzilla Bug 119059 -######################################################################## -#ct_vercrt() -#{ - # echo "$SCRIPTNAME: Verify encryption certificate ----------------------" - # echo "vercrt" - # vercrt - # ret=$? - # html_msg $ret 0 "Verify encryption certificate (vercrt)" -# -#} - - -############################## cmdtests_cleanup ######################## -# local shell function to finish this script (no exit since it might be -# sourced) -######################################################################## -cmdtests_cleanup() -{ - html "</TABLE><BR>" - cd ${QADIR} - . common/cleanup.sh -} - -################## main ################################################# - -cmdtests_init - -#ct_vercrt -cmdtests_cleanup diff --git a/security/nss/tests/dbtests/dbtests.sh b/security/nss/tests/dbtests/dbtests.sh index 5ae5f6269..ae498f780 100755 --- a/security/nss/tests/dbtests/dbtests.sh +++ b/security/nss/tests/dbtests/dbtests.sh @@ -177,6 +177,15 @@ dbtest_main() cp -r ${CLIENTDIR}/* $RONLY_DIR chmod -w $RONLY_DIR $RONLY_DIR/* + # On Mac OS X 10.1, if we do a "chmod -w" on files in an + # NFS-mounted directory, it takes several seconds for the + # first open to see the files are readonly, but subsequent + # opens immediately see the files are readonly. As a + # workaround we open the files once first. (Bug 185074) + if [ "${OS_ARCH}" = "Darwin" ]; then + cat $RONLY_DIR/* > /dev/null + fi + dbtest -d $RONLY_DIR ret=$? if [ $ret -ne 46 ]; then diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 3f0d1b240..1d1cfebd9 100755 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -200,7 +200,7 @@ ssl_cov() p="" - cat ${SSLCOV} | while read tls param testname + while read tls param testname do p=`echo "$testname" | sed -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS @@ -226,7 +226,7 @@ ssl_cov() rm ${TMP}/$HOST.tmp.$$ 2>/dev/null html_msg $ret 0 "${testname}" fi - done + done < ${SSLCOV} kill_selfserv html "</TABLE><BR>" @@ -239,7 +239,7 @@ ssl_auth() { html_head "SSL Client Authentication $NORM_EXT" - cat ${SSLAUTH} | while read value sparam cparam testname + while read value sparam cparam testname do if [ $value != "#" ]; then cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` @@ -259,7 +259,7 @@ ssl_auth() "produced a returncode of $ret, expected is $value" kill_selfserv fi - done + done < ${SSLAUTH} html "</TABLE><BR>" } @@ -272,7 +272,7 @@ ssl_stress() { html_head "SSL Stress Test $NORM_EXT" - cat ${SSLSTRESS} | while read value sparam cparam testname + while read value sparam cparam testname do p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then @@ -299,7 +299,7 @@ ssl_stress() fi kill_selfserv fi - done + done < ${SSLSTRESS} html "</TABLE><BR>" } |