summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcvs2hg <devnull@localhost>2001-08-30 21:14:30 +0000
committercvs2hg <devnull@localhost>2001-08-30 21:14:30 +0000
commit6a923669b9f5e85a0831ca73ff975b009eabb7a9 (patch)
tree03a7b89069c3695ea7ce25a77aa002019fd536e9
parentf158b67a35737c6dddd00c56918597721d1a5128 (diff)
downloadnss-hg-6a923669b9f5e85a0831ca73ff975b009eabb7a9.tar.gz
fixup commit for branch 'MOZILLA_0_9_4_BRANCH'MOZILLA_0_9_4_BASE
-rw-r--r--dbm/tests/Makefile.in4
-rwxr-xr-xsecurity/coreconf/OpenVMS.mk2
-rw-r--r--security/coreconf/tree.mk12
-rw-r--r--security/dbm/Makefile80
-rw-r--r--security/dbm/include/Makefile86
-rw-r--r--security/dbm/include/manifest.mn57
-rw-r--r--security/dbm/manifest.mn46
-rw-r--r--security/dbm/src/Makefile85
-rw-r--r--security/dbm/src/config.mk66
-rw-r--r--security/dbm/src/manifest.mn57
-rw-r--r--security/dbm/tests/Makefile125
-rw-r--r--security/nss/cmd/signtool/list.c19
-rw-r--r--security/nss/cmd/signtool/sign.c2
-rw-r--r--security/nss/cmd/signtool/verify.c13
-rw-r--r--security/nss/cmd/tstclnt/tstclnt.c2
-rw-r--r--security/nss/lib/certdb/pcertdb.c7
-rw-r--r--security/nss/lib/certhigh/ocsp.c10
-rw-r--r--security/nss/lib/ckfw/builtins/certdata.c558
-rw-r--r--security/nss/lib/ckfw/builtins/certdata.txt358
-rw-r--r--security/nss/lib/crmf/asn1cmn.c3
-rw-r--r--security/nss/lib/crmf/crmftmpl.c19
-rw-r--r--security/nss/lib/freebl/mpi/mpprime.c6
-rw-r--r--security/nss/lib/nss/nss.def28
-rw-r--r--security/nss/lib/nss/nss.h4
-rw-r--r--security/nss/lib/pk11wrap/pk11func.h11
-rw-r--r--security/nss/lib/pk11wrap/pk11skey.c52
-rw-r--r--security/nss/lib/pk11wrap/pk11slot.c3
-rw-r--r--security/nss/lib/pk11wrap/pk11util.c8
-rw-r--r--security/nss/lib/pkcs12/p12d.c50
-rw-r--r--security/nss/lib/pkcs12/p12e.c36
-rw-r--r--security/nss/lib/smime/cmsrecinfo.c3
-rw-r--r--security/nss/lib/softoken/pkcs11.c15
-rw-r--r--security/nss/lib/softoken/pkcs11c.c96
-rw-r--r--security/nss/lib/softoken/pkcs11t.h3
-rw-r--r--security/nss/lib/softoken/pkcs11u.c11
-rw-r--r--security/nss/lib/ssl/manifest.mn1
-rw-r--r--security/nss/lib/ssl/ssl.def10
-rw-r--r--security/nss/lib/ssl/ssl.h16
-rw-r--r--security/nss/lib/ssl/ssl3con.c3
-rw-r--r--security/nss/lib/ssl/sslcon.c4
-rw-r--r--security/nss/lib/ssl/sslimpl.h11
-rw-r--r--security/nss/lib/ssl/sslnonce.c15
-rw-r--r--security/nss/lib/ssl/sslsecur.c8
-rw-r--r--security/nss/lib/ssl/sslsnce.c2113
-rw-r--r--security/nss/lib/util/mac_rand.c41
-rw-r--r--security/nss/lib/util/secasn1e.c52
-rw-r--r--security/nss/lib/util/secasn1t.h7
-rw-r--r--security/nss/macbuild/LoadableRoots.mcpbin59099 -> 49971 bytes
-rw-r--r--security/nss/macbuild/NSSckfw.mcpbin44740 -> 41514 bytes
-rw-r--r--security/nss/manifest.mn2
-rw-r--r--security/nss/tests/ssl/sslauth.txt4
51 files changed, 2180 insertions, 2044 deletions
diff --git a/dbm/tests/Makefile.in b/dbm/tests/Makefile.in
index 97d20213e..7ec5caabf 100644
--- a/dbm/tests/Makefile.in
+++ b/dbm/tests/Makefile.in
@@ -33,11 +33,7 @@ CSRCS = lots.c
EXTRA_DSO_LIBS = mozdbm_s
-ifeq ($(MOZ_OS2_TOOLS),VACPP)
-LIBS = $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX)
-else
LIBS = $(EXTRA_DSO_LIBS)
-endif
include $(topsrcdir)/config/rules.mk
diff --git a/security/coreconf/OpenVMS.mk b/security/coreconf/OpenVMS.mk
index f387eeaa9..6fbf93226 100755
--- a/security/coreconf/OpenVMS.mk
+++ b/security/coreconf/OpenVMS.mk
@@ -53,4 +53,4 @@ endif
XCFLAGS += $(OPTIMIZER)
# The command to build a shared library in POSIX on OpenVMS.
-MKSHLIB = vmsld_psm $(OPTIMIZER)
+MKSHLIB = vmsld_psm OBJDIR=$(OBJDIR) $(OPTIMIZER)
diff --git a/security/coreconf/tree.mk b/security/coreconf/tree.mk
index ae391b7ef..fdcb8ee0e 100644
--- a/security/coreconf/tree.mk
+++ b/security/coreconf/tree.mk
@@ -53,10 +53,10 @@ ifndef RELEASE_TREE
ifdef USE_SHIPS
RELEASE_TREE = $(NTBUILD_SHIP)
else
- RELEASE_TREE = //blds-sca15a/components
+ RELEASE_TREE = //redbuild/components
endif
else
- RELEASE_TREE = //blds-sca15a/components
+ RELEASE_TREE = //redbuild/components
endif
endif
@@ -65,10 +65,10 @@ ifndef RELEASE_TREE
ifdef USE_SHIPS
RELEASE_TREE = $(NTBUILD_SHIP)
else
- RELEASE_TREE = //blds-sca15a/components
+ RELEASE_TREE = //redbuild/components
endif
else
- RELEASE_TREE = //blds-sca15a/components
+ RELEASE_TREE = //redbuild/components
endif
endif
ifeq ($(OS_TARGET), WIN16)
@@ -76,10 +76,10 @@ ifndef RELEASE_TREE
ifdef USE_SHIPS
RELEASE_TREE = $(NTBUILD_SHIP)
else
- RELEASE_TREE = //blds-sca15a/components
+ RELEASE_TREE = //redbuild/components
endif
else
- RELEASE_TREE = //blds-sca15a/components
+ RELEASE_TREE = //redbuild/components
endif
endif
endif
diff --git a/security/dbm/Makefile b/security/dbm/Makefile
deleted file mode 100644
index 34cd6d899..000000000
--- a/security/dbm/Makefile
+++ /dev/null
@@ -1,80 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-coreconf_hack:
- cd ../coreconf; gmake
- gmake import
-
-RelEng_bld: coreconf_hack
- gmake
diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile
deleted file mode 100644
index 4d34d8832..000000000
--- a/security/dbm/include/Makefile
+++ /dev/null
@@ -1,86 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-DBM_SRCS = $(EXPORTS) $(PRIVATE_EXPORTS) watcomfx.h
-
-export:: $(DBM_SRCS)
-
-libs:: $(DBM_SRCS)
-
-program:: $(DBM_SRCS)
-
-private_export:: $(DBM_SRCS)
-
-echo::
- echo "$(DBM_SRCS)"
diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn
deleted file mode 100644
index 886fedd98..000000000
--- a/security/dbm/include/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH = $(CORE_DEPTH)/../dbm/include
-
-MODULE = dbm
-
-EXPORTS = nsres.h \
- cdefs.h \
- mcom_db.h \
- ncompat.h \
- winfile.h \
- $(NULL)
-
-PRIVATE_EXPORTS = hsearch.h \
- page.h \
- extern.h \
- ndbm.h \
- queue.h \
- hash.h \
- mpool.h \
- search.h \
- $(NULL)
-
diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn
deleted file mode 100644
index 4cfffae43..000000000
--- a/security/dbm/manifest.mn
+++ /dev/null
@@ -1,46 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ..
-
-MODULE = dbm
-
-#IMPORTS = nspr20/v3.5
-IMPORTS = nspr20/v4.0
-
-RELEASE = dbm
-
-DIRS = include \
- src \
- $(NULL)
diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile
deleted file mode 100644
index b41b41671..000000000
--- a/security/dbm/src/Makefile
+++ /dev/null
@@ -1,85 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-DBM_SRCS = $(CSRCS)
-
-export:: $(DBM_SRCS)
-
-libs:: $(DBM_SRCS)
-
-program:: $(DBM_SRCS)
-
-private_export:: $(DBM_SRCS)
-
-echo::
- echo "$(DBM_SRCS)"
diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk
deleted file mode 100644
index f6863d966..000000000
--- a/security/dbm/src/config.mk
+++ /dev/null
@@ -1,66 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) -DNSPR20=1
-
-INCLUDES += -I../include
-INCLUDES += -I$(CORE_DEPTH)/../dbm/include
-
-#
-# Currently, override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PURE_LIBRARY =
-PROGRAM =
-
-ifdef SHARED_LIBRARY
- ifeq ($(OS_ARCH),WINNT)
- ifneq ($(OS_TARGET),WIN16)
- DLLBASE=/BASE:0x30000000
- RES=$(OBJDIR)/dbm.res
- RESNAME=../include/dbm.rc
- endif
- endif
- ifeq ($(DLL_SUFFIX),dll)
- DEFINES += -D_DLL
- endif
-endif
-
-ifeq ($(OS_ARCH),AIX)
- OS_LIBS += -lc_r
-endif
diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn
deleted file mode 100644
index 4b64ffb4b..000000000
--- a/security/dbm/src/manifest.mn
+++ /dev/null
@@ -1,57 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-CORE_DEPTH = ../..
-
-VPATH = $(CORE_DEPTH)/../dbm/src
-
-MODULE = dbm
-
-CSRCS = db.c \
- h_bigkey.c \
- h_func.c \
- h_log2.c \
- h_page.c \
- hash.c \
- hash_buf.c \
- hsearch.c \
- memmove.c \
- mktemp.c \
- ndbm.c \
-# snprintf.c \
- strerror.c \
- nsres.c \
- $(NULL)
-
-LIBRARY_NAME = dbm
diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile
deleted file mode 100644
index c095d87c7..000000000
--- a/security/dbm/tests/Makefile
+++ /dev/null
@@ -1,125 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-DEPTH = ../..
-CORE_DEPTH = ../..
-
-VPATH = $(CORE_DEPTH)/../dbm/tests
-
-MODULE = dbm
-
-CSRCS = lots.c
-
-PROGRAM = lots
-
-include $(DEPTH)/coreconf/config.mk
-
-ifeq ($(OS_ARCH),WINNT)
-DEFINES += -DSTDARG -DSTDC_HEADERS
-LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
-else
-LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
-endif
-
-ifeq ($(OS_ARCH),AIX)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),BSD_386)
-CFLAGS += -g -I../../../include -DXP_UNIX -g -DBSDI -DHAVE_STRERROR -D__386BSD__ -DDEBUG -DMEMMOVE -D__DBINTERFACE_PRIVATE
-endif
-
-ifeq ($(OS_ARCH),FreeBSD)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),HP-UX)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),IRIX)
-CFLAGS += -g -I../../../include -DDEBUG -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),OSF1)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),Linux)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),NCR)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),SCO_SV)
-CFLAGS += -DSTDARG
-endif
-
-ifeq ($(OS_ARCH),SunOS)
-CFLAGS += -g -I../../../include -D_sun_
-endif
-
-ifeq ($(OS_ARCH),UNIXWARE)
-CFLAGS += -DSTDARG
-endif
-
-INCLUDES += -I../include
-INCLUDES += -I$(CORE_DEPTH)/../dbm/include
-
-LDFLAGS = $(LDOPTS) $(LIBDBM)
-
-include $(DEPTH)/coreconf/rules.mk
-
-lots.pure: lots
- purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
-
-crash: crash.o $(MYLIBS)
- $(CC) -o crash $(CFLAGS) $^
-
-crash.pure: crash.o $(MYLIBS)
- purify $(CC) -o crash.pure $(CFLAGS) $^
-
-
-
-DBM_SRCS = $(CSRCS)
-
-export:: $(DBM_SRCS)
-
-libs:: $(DBM_SRCS)
-
-program:: $(DBM_SRCS)
-
-private_export:: $(DBM_SRCS)
-
diff --git a/security/nss/cmd/signtool/list.c b/security/nss/cmd/signtool/list.c
index b21090c2e..83ae4d6a3 100644
--- a/security/nss/cmd/signtool/list.c
+++ b/security/nss/cmd/signtool/list.c
@@ -46,6 +46,7 @@ static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k,
int
ListCerts(char *key, int list_certs)
{
+ int failed = 0;
SECStatus rv;
char *ugly_list;
CERTCertDBHandle *db;
@@ -85,9 +86,19 @@ ListCerts(char *key, int list_certs)
rv = PK11_TraverseSlotCerts(cert_trav_callback, (void*)&list_certs,
NULL /*wincx*/);
+ if (rv) {
+ PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
+ return -1;
+ }
+
/* Traverse Internal DB */
rv = SEC_TraversePermCerts(db, cert_trav_callback, (void*)&list_certs);
+ if (rv) {
+ PR_fprintf(outputFD, "**Traverse of internal DB failed**\n");
+ return -1;
+ }
+
if (num_trav_certs == 0) {
PR_fprintf(outputFD,
"You don't appear to have any object signing certificates.\n");
@@ -99,10 +110,6 @@ ListCerts(char *key, int list_certs)
PR_fprintf(outputFD, "---------------------------------------\n");
}
- if (rv) {
- return -1;
- }
-
if (list_certs == 1) {
PR_fprintf(outputFD,
"For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
@@ -141,6 +148,7 @@ ListCerts(char *key, int list_certs)
certUsageObjectSigner, PR_Now(), NULL, &errlog);
if (rv != SECSuccess) {
+ failed = 1;
if(errlog.count > 0) {
PR_fprintf(outputFD,
"**Certificate validation failed for the "
@@ -155,6 +163,7 @@ ListCerts(char *key, int list_certs)
} else {
+ failed = 1;
PR_fprintf(outputFD,
"The certificate with nickname \"%s\" was NOT FOUND\n",
key);
@@ -165,7 +174,7 @@ ListCerts(char *key, int list_certs)
PORT_FreeArena(errlog.arena, PR_FALSE);
}
- if (rv != SECSuccess) {
+ if (failed) {
return -1;
}
return 0;
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
index 7a974d2db..b46c2f16a 100644
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -168,6 +168,8 @@ sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
(PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
if(!infop) {
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+ errorCount++;
retval = -1;
goto finish;
}
diff --git a/security/nss/cmd/signtool/verify.c b/security/nss/cmd/signtool/verify.c
index 6b2da2c90..fd80ef737 100644
--- a/security/nss/cmd/signtool/verify.c
+++ b/security/nss/cmd/signtool/verify.c
@@ -74,6 +74,7 @@ VerifyJar(char *filename)
if (status < 0 || jar->valid < 0)
{
+ failed = 1;
PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
if (status < 0)
{
@@ -93,7 +94,7 @@ VerifyJar(char *filename)
/* corrupt files should not have their contents listed */
if (status == JAR_ERR_CORRUPT)
- return status;
+ return -1;
}
PR_fprintf(outputFD,
"entries shown below will have their digests checked only.\n");
@@ -140,6 +141,7 @@ VerifyJar(char *filename)
if (status < 0 || jar->valid < 0)
{
+ failed = 1;
PR_fprintf(outputFD,
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
give_help (status);
@@ -147,10 +149,8 @@ VerifyJar(char *filename)
JAR_destroy (jar);
- if (status < 0)
- return status;
- if (jar->valid < 0 || failed)
- return ERRX;
+ if (failed)
+ return -1;
return 0;
}
@@ -355,7 +355,10 @@ JarWho(char *filename)
PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
}
else
+ {
PR_fprintf(outputFD, "no certificate could be found\n");
+ retval = -1;
+ }
prev = cert;
}
diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
index 1f2096a1b..5817c39ef 100644
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -633,7 +633,7 @@ int main(int argc, char **argv)
if (err != PR_WOULD_BLOCK_ERROR) {
SECU_PrintError(progName,
"write to SSL socket failed");
- error=2;
+ error=254;
goto done;
}
cc = 0;
diff --git a/security/nss/lib/certdb/pcertdb.c b/security/nss/lib/certdb/pcertdb.c
index 20ce6f02a..f6601d4cb 100644
--- a/security/nss/lib/certdb/pcertdb.c
+++ b/security/nss/lib/certdb/pcertdb.c
@@ -7198,6 +7198,13 @@ CERT_SaveImportedCert(CERTCertificate *cert, SECCertUsage usage,
}
}
break;
+ case certUsageAnyCA:
+ trust.sslFlags = CERTDB_VALID_CA;
+ break;
+ case certUsageSSLCA:
+ trust.sslFlags = CERTDB_VALID_CA |
+ CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA;
+ break;
default: /* XXX added to quiet warnings; no other cases needed? */
break;
}
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
index 5eb340b28..758141075 100644
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -3704,6 +3704,12 @@ CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
* used const to convey that it does not modify the name. Maybe someday.
*/
cert = CERT_FindCertByNickname(handle, (char *) name);
+ if (cert == NULL) {
+ /*
+ * look for the cert on an external token.
+ */
+ cert = PK11_FindCertFromNickname(name, NULL);
+ }
if (cert == NULL)
return SECFailure;
@@ -3831,6 +3837,10 @@ CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle)
*/
cert = CERT_FindCertByNickname(handle,
statusContext->defaultResponderNickname);
+ if (cert == NULL) {
+ cert = PK11_FindCertFromNickname(statusContext->defaultResponderNickname,
+ NULL);
+ }
/*
* We should never have trouble finding the cert, because its
* existence should have been proven by SetOCSPDefaultResponder.
diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c
index 435350fa8..5e3c848ab 100644
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -598,7 +598,7 @@ static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
- { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)178 }
+ { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)179 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@@ -3513,150 +3513,6 @@ static const NSSItem nss_builtins_items_60 [] = {
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"E-Certify Internet ID", (PRUint32)22 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103"
-"\154\151\145\156\164"
-, (PRUint32)101 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103"
-"\154\151\145\156\164"
-, (PRUint32)101 },
- { (void *)"\002"
-, (PRUint32)1 },
- { (void *)"\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\002"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
-"\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022"
-"\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151"
-"\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101"
-"\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060\044"
-"\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171"
-"\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103\154"
-"\151\145\156\164\060\036\027\015\071\070\061\060\061\066\061\063"
-"\063\064\060\070\132\027\015\060\063\061\060\061\066\061\063\063"
-"\064\060\070\132\060\143\061\013\060\011\006\003\125\004\006\023"
-"\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055"
-"\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013"
-"\023\017\122\123\101\040\107\157\154\144\040\103\154\151\145\156"
-"\164\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145"
-"\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157"
-"\154\144\040\103\154\151\145\156\164\060\134\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002"
-"\101\000\160\011\304\365\211\211\115\310\243\362\300\037\344\175"
-"\360\374\172\310\202\314\146\011\305\051\323\135\010\324\351\350"
-"\377\137\031\300\373\334\252\217\060\014\076\332\205\167\117\170"
-"\300\317\075\126\311\263\365\203\226\110\356\220\237\254\016\002"
-"\316\071\002\003\001\000\001\243\023\060\021\060\017\006\003\125"
-"\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011"
-"\052\206\110\206\367\015\001\001\004\005\000\003\101\000\035\222"
-"\327\114\344\014\326\373\112\075\351\341\302\037\000\367\121\374"
-"\361\076\370\312\304\361\043\210\217\320\116\177\247\214\173\177"
-"\004\102\133\367\046\132\264\343\121\162\110\045\125\317\157\360"
-"\377\003\313\301\331\031\000\364\370\371\364\273\030\126"
-, (PRUint32)462 }
-};
-static const NSSItem nss_builtins_items_61 [] = {
- { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"E-Certify Internet ID", (PRUint32)22 },
- { (void *)"\077\065\017\377\111\047\260\141\105\312\101\073\101\244\215\235"
-"\044\315\125\035"
-, (PRUint32)20 },
- { (void *)"\374\012\336\152\227\076\143\333\122\302\131\003\010\060\141\042"
-, (PRUint32)16 },
- { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_62 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"E-Certify Commerce ID", (PRUint32)22 },
- { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
- { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123"
-"\145\162\166\145\162"
-, (PRUint32)101 },
- { (void *)"0", (PRUint32)2 },
- { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061"
-"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
-"\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123"
-"\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060"
-"\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146"
-"\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123"
-"\145\162\166\145\162"
-, (PRUint32)101 },
- { (void *)"\001"
-, (PRUint32)1 },
- { (void *)"\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\001"
-"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
-"\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022"
-"\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151"
-"\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101"
-"\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060\044"
-"\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171"
-"\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123\145"
-"\162\166\145\162\060\036\027\015\071\070\061\060\061\066\061\063"
-"\063\067\065\063\132\027\015\060\063\061\060\061\066\061\063\063"
-"\067\065\063\132\060\143\061\013\060\011\006\003\125\004\006\023"
-"\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055"
-"\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013"
-"\023\017\122\123\101\040\107\157\154\144\040\123\145\162\166\145"
-"\162\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145"
-"\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157"
-"\154\144\040\123\145\162\166\145\162\060\134\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002"
-"\101\000\315\125\017\167\022\376\363\200\326\211\001\035\131\356"
-"\000\262\165\116\246\223\055\136\374\036\004\155\215\115\261\333"
-"\137\262\053\124\365\301\013\252\016\156\104\220\317\003\215\047"
-"\010\063\336\073\050\245\326\122\171\067\310\136\221\312\211\002"
-"\111\027\002\003\001\000\001\243\023\060\021\060\017\006\003\125"
-"\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011"
-"\052\206\110\206\367\015\001\001\004\005\000\003\101\000\164\365"
-"\045\172\071\347\203\020\377\011\173\160\316\054\326\166\341\117"
-"\174\064\172\210\005\060\362\007\213\021\244\071\215\164\173\246"
-"\373\172\346\340\006\055\316\160\161\033\230\104\112\023\274\365"
-"\267\026\213\174\211\264\022\023\032\344\321\016\163\052"
-, (PRUint32)462 }
-};
-static const NSSItem nss_builtins_items_63 [] = {
- { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)"E-Certify Commerce ID", (PRUint32)22 },
- { (void *)"\077\025\014\145\325\170\211\025\237\031\377\341\041\331\311\115"
-"\150\032\031\205"
-, (PRUint32)20 },
- { (void *)"\265\302\221\035\163\344\353\371\326\123\300\004\343\077\243\215"
-, (PRUint32)16 },
- { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
- { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_64 [] = {
- { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
- { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
- { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"Verisign Class 1 Public Primary Certification Authority", (PRUint32)56 },
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
{ (void *)"\060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
@@ -3718,7 +3574,7 @@ static const NSSItem nss_builtins_items_64 [] = {
"\224"
, (PRUint32)577 }
};
-static const NSSItem nss_builtins_items_65 [] = {
+static const NSSItem nss_builtins_items_61 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3733,7 +3589,7 @@ static const NSSItem nss_builtins_items_65 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_66 [] = {
+static const NSSItem nss_builtins_items_62 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3797,7 +3653,7 @@ static const NSSItem nss_builtins_items_66 [] = {
"\360\210\321\345\170\215\245\052\117\366\227\015\027\167\312\330"
, (PRUint32)576 }
};
-static const NSSItem nss_builtins_items_67 [] = {
+static const NSSItem nss_builtins_items_63 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3812,7 +3668,7 @@ static const NSSItem nss_builtins_items_67 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_68 [] = {
+static const NSSItem nss_builtins_items_64 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3876,7 +3732,7 @@ static const NSSItem nss_builtins_items_68 [] = {
"\300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144"
, (PRUint32)576 }
};
-static const NSSItem nss_builtins_items_69 [] = {
+static const NSSItem nss_builtins_items_65 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3891,7 +3747,7 @@ static const NSSItem nss_builtins_items_69 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_70 [] = {
+static const NSSItem nss_builtins_items_66 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3980,7 +3836,7 @@ static const NSSItem nss_builtins_items_70 [] = {
"\017\061\134\350\362\331"
, (PRUint32)774 }
};
-static const NSSItem nss_builtins_items_71 [] = {
+static const NSSItem nss_builtins_items_67 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -3995,7 +3851,7 @@ static const NSSItem nss_builtins_items_71 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_72 [] = {
+static const NSSItem nss_builtins_items_68 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4085,7 +3941,7 @@ static const NSSItem nss_builtins_items_72 [] = {
"\214\022\173\305\104\264\256"
, (PRUint32)775 }
};
-static const NSSItem nss_builtins_items_73 [] = {
+static const NSSItem nss_builtins_items_69 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4100,7 +3956,7 @@ static const NSSItem nss_builtins_items_73 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_74 [] = {
+static const NSSItem nss_builtins_items_70 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4189,7 +4045,7 @@ static const NSSItem nss_builtins_items_74 [] = {
"\240\235\235\151\221\375"
, (PRUint32)774 }
};
-static const NSSItem nss_builtins_items_75 [] = {
+static const NSSItem nss_builtins_items_71 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4204,7 +4060,7 @@ static const NSSItem nss_builtins_items_75 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_76 [] = {
+static const NSSItem nss_builtins_items_72 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4293,7 +4149,7 @@ static const NSSItem nss_builtins_items_76 [] = {
"\117\312\200\221\266\051"
, (PRUint32)774 }
};
-static const NSSItem nss_builtins_items_77 [] = {
+static const NSSItem nss_builtins_items_73 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4308,7 +4164,7 @@ static const NSSItem nss_builtins_items_77 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_78 [] = {
+static const NSSItem nss_builtins_items_74 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4390,7 +4246,7 @@ static const NSSItem nss_builtins_items_78 [] = {
"\054\166\021\204\106\212\170\243\343"
, (PRUint32)889 }
};
-static const NSSItem nss_builtins_items_79 [] = {
+static const NSSItem nss_builtins_items_75 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4405,7 +4261,7 @@ static const NSSItem nss_builtins_items_79 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_80 [] = {
+static const NSSItem nss_builtins_items_76 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4491,7 +4347,7 @@ static const NSSItem nss_builtins_items_80 [] = {
"\362\255"
, (PRUint32)930 }
};
-static const NSSItem nss_builtins_items_81 [] = {
+static const NSSItem nss_builtins_items_77 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4506,7 +4362,7 @@ static const NSSItem nss_builtins_items_81 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_82 [] = {
+static const NSSItem nss_builtins_items_78 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4592,7 +4448,7 @@ static const NSSItem nss_builtins_items_82 [] = {
"\352\143\336\137\124\261\372\363\321\105\313\305\144\264\163\041"
, (PRUint32)944 }
};
-static const NSSItem nss_builtins_items_83 [] = {
+static const NSSItem nss_builtins_items_79 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4607,7 +4463,7 @@ static const NSSItem nss_builtins_items_83 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_84 [] = {
+static const NSSItem nss_builtins_items_80 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4693,7 +4549,7 @@ static const NSSItem nss_builtins_items_84 [] = {
"\205\014\033\205\276\046\256\253\246\231\274\042\361\163\337\102"
, (PRUint32)944 }
};
-static const NSSItem nss_builtins_items_85 [] = {
+static const NSSItem nss_builtins_items_81 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4708,7 +4564,7 @@ static const NSSItem nss_builtins_items_85 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_86 [] = {
+static const NSSItem nss_builtins_items_82 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4794,7 +4650,7 @@ static const NSSItem nss_builtins_items_86 [] = {
"\230\166\371\024\114\167\207\202\311\334\176\135\064\325\066\165"
, (PRUint32)944 }
};
-static const NSSItem nss_builtins_items_87 [] = {
+static const NSSItem nss_builtins_items_83 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4809,7 +4665,7 @@ static const NSSItem nss_builtins_items_87 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_88 [] = {
+static const NSSItem nss_builtins_items_84 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4894,7 +4750,7 @@ static const NSSItem nss_builtins_items_88 [] = {
"\161\202\053\231\317\072\267\365\055\162\310"
, (PRUint32)747 }
};
-static const NSSItem nss_builtins_items_89 [] = {
+static const NSSItem nss_builtins_items_85 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4909,7 +4765,7 @@ static const NSSItem nss_builtins_items_89 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_90 [] = {
+static const NSSItem nss_builtins_items_86 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -4994,7 +4850,7 @@ static const NSSItem nss_builtins_items_90 [] = {
"\276\355\164\114\274\133\325\142\037\103\335"
, (PRUint32)747 }
};
-static const NSSItem nss_builtins_items_91 [] = {
+static const NSSItem nss_builtins_items_87 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5009,7 +4865,7 @@ static const NSSItem nss_builtins_items_91 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_92 [] = {
+static const NSSItem nss_builtins_items_88 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5094,7 +4950,7 @@ static const NSSItem nss_builtins_items_92 [] = {
"\040\017\105\176\153\242\177\243\214\025\356"
, (PRUint32)747 }
};
-static const NSSItem nss_builtins_items_93 [] = {
+static const NSSItem nss_builtins_items_89 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5109,7 +4965,7 @@ static const NSSItem nss_builtins_items_93 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_94 [] = {
+static const NSSItem nss_builtins_items_90 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5410,7 +5266,7 @@ static const NSSItem nss_builtins_items_94 [] = {
"\136\311\046\001\231\247"
, (PRUint32)4390 }
};
-static const NSSItem nss_builtins_items_95 [] = {
+static const NSSItem nss_builtins_items_91 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5425,7 +5281,7 @@ static const NSSItem nss_builtins_items_95 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_96 [] = {
+static const NSSItem nss_builtins_items_92 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5532,7 +5388,7 @@ static const NSSItem nss_builtins_items_96 [] = {
"\113\336\006\226\161\054\362\333\266\037\244\357\077\356"
, (PRUint32)1054 }
};
-static const NSSItem nss_builtins_items_97 [] = {
+static const NSSItem nss_builtins_items_93 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5547,7 +5403,7 @@ static const NSSItem nss_builtins_items_97 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_98 [] = {
+static const NSSItem nss_builtins_items_94 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5653,7 +5509,7 @@ static const NSSItem nss_builtins_items_98 [] = {
"\311\130\020\371\252\357\132\266\317\113\113\337\052"
, (PRUint32)1053 }
};
-static const NSSItem nss_builtins_items_99 [] = {
+static const NSSItem nss_builtins_items_95 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5668,7 +5524,7 @@ static const NSSItem nss_builtins_items_99 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_100 [] = {
+static const NSSItem nss_builtins_items_96 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5775,7 +5631,7 @@ static const NSSItem nss_builtins_items_100 [] = {
"\153\271\012\172\116\117\113\204\356\113\361\175\335\021"
, (PRUint32)1054 }
};
-static const NSSItem nss_builtins_items_101 [] = {
+static const NSSItem nss_builtins_items_97 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5790,7 +5646,7 @@ static const NSSItem nss_builtins_items_101 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_102 [] = {
+static const NSSItem nss_builtins_items_98 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5897,7 +5753,7 @@ static const NSSItem nss_builtins_items_102 [] = {
"\367\146\103\363\236\203\076\040\252\303\065\140\221\316"
, (PRUint32)1054 }
};
-static const NSSItem nss_builtins_items_103 [] = {
+static const NSSItem nss_builtins_items_99 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -5912,7 +5768,7 @@ static const NSSItem nss_builtins_items_103 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_104 [] = {
+static const NSSItem nss_builtins_items_100 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6030,7 +5886,7 @@ static const NSSItem nss_builtins_items_104 [] = {
"\155\055\105\013\367\012\223\352\355\006\371\262"
, (PRUint32)1244 }
};
-static const NSSItem nss_builtins_items_105 [] = {
+static const NSSItem nss_builtins_items_101 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6045,7 +5901,7 @@ static const NSSItem nss_builtins_items_105 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_106 [] = {
+static const NSSItem nss_builtins_items_102 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6165,7 +6021,7 @@ static const NSSItem nss_builtins_items_106 [] = {
"\354"
, (PRUint32)1265 }
};
-static const NSSItem nss_builtins_items_107 [] = {
+static const NSSItem nss_builtins_items_103 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6180,7 +6036,7 @@ static const NSSItem nss_builtins_items_107 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_108 [] = {
+static const NSSItem nss_builtins_items_104 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6288,7 +6144,7 @@ static const NSSItem nss_builtins_items_108 [] = {
"\275\114\105\236\141\272\277\204\201\222\003\321\322\151\174\305"
, (PRUint32)1120 }
};
-static const NSSItem nss_builtins_items_109 [] = {
+static const NSSItem nss_builtins_items_105 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6303,7 +6159,7 @@ static const NSSItem nss_builtins_items_109 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_110 [] = {
+static const NSSItem nss_builtins_items_106 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6394,7 +6250,7 @@ static const NSSItem nss_builtins_items_110 [] = {
"\246\167\067\270\125\074\255\376\145\260\142\351"
, (PRUint32)844 }
};
-static const NSSItem nss_builtins_items_111 [] = {
+static const NSSItem nss_builtins_items_107 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6409,7 +6265,7 @@ static const NSSItem nss_builtins_items_111 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_112 [] = {
+static const NSSItem nss_builtins_items_108 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6496,7 +6352,7 @@ static const NSSItem nss_builtins_items_112 [] = {
"\306\003\256\254\343\277\267\300\252\052"
, (PRUint32)938 }
};
-static const NSSItem nss_builtins_items_113 [] = {
+static const NSSItem nss_builtins_items_109 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6511,7 +6367,7 @@ static const NSSItem nss_builtins_items_113 [] = {
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_114 [] = {
+static const NSSItem nss_builtins_items_110 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6593,7 +6449,7 @@ static const NSSItem nss_builtins_items_114 [] = {
"\347\201\035\031\303\044\102\352\143\071\251"
, (PRUint32)891 }
};
-static const NSSItem nss_builtins_items_115 [] = {
+static const NSSItem nss_builtins_items_111 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6608,7 +6464,7 @@ static const NSSItem nss_builtins_items_115 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_116 [] = {
+static const NSSItem nss_builtins_items_112 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6677,7 +6533,7 @@ static const NSSItem nss_builtins_items_116 [] = {
"\365"
, (PRUint32)641 }
};
-static const NSSItem nss_builtins_items_117 [] = {
+static const NSSItem nss_builtins_items_113 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6692,7 +6548,7 @@ static const NSSItem nss_builtins_items_117 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_118 [] = {
+static const NSSItem nss_builtins_items_114 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6760,7 +6616,7 @@ static const NSSItem nss_builtins_items_118 [] = {
"\126\224\251\125"
, (PRUint32)660 }
};
-static const NSSItem nss_builtins_items_119 [] = {
+static const NSSItem nss_builtins_items_115 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6775,7 +6631,7 @@ static const NSSItem nss_builtins_items_119 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_120 [] = {
+static const NSSItem nss_builtins_items_116 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6842,7 +6698,7 @@ static const NSSItem nss_builtins_items_120 [] = {
"\132\052\202\262\067\171"
, (PRUint32)646 }
};
-static const NSSItem nss_builtins_items_121 [] = {
+static const NSSItem nss_builtins_items_117 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6857,7 +6713,7 @@ static const NSSItem nss_builtins_items_121 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_122 [] = {
+static const NSSItem nss_builtins_items_118 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6932,7 +6788,7 @@ static const NSSItem nss_builtins_items_122 [] = {
"\221\060\352\315"
, (PRUint32)804 }
};
-static const NSSItem nss_builtins_items_123 [] = {
+static const NSSItem nss_builtins_items_119 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -6947,7 +6803,7 @@ static const NSSItem nss_builtins_items_123 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_124 [] = {
+static const NSSItem nss_builtins_items_120 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7025,7 +6881,7 @@ static const NSSItem nss_builtins_items_124 [] = {
"\177\056\101\307\142\110\327\161\105\073\170\222"
, (PRUint32)860 }
};
-static const NSSItem nss_builtins_items_125 [] = {
+static const NSSItem nss_builtins_items_121 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7040,7 +6896,7 @@ static const NSSItem nss_builtins_items_125 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_126 [] = {
+static const NSSItem nss_builtins_items_122 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7125,7 +6981,7 @@ static const NSSItem nss_builtins_items_126 [] = {
"\265\314\255\006"
, (PRUint32)900 }
};
-static const NSSItem nss_builtins_items_127 [] = {
+static const NSSItem nss_builtins_items_123 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7140,7 +6996,7 @@ static const NSSItem nss_builtins_items_127 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_128 [] = {
+static const NSSItem nss_builtins_items_124 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7225,7 +7081,7 @@ static const NSSItem nss_builtins_items_128 [] = {
"\113\211\106\166"
, (PRUint32)900 }
};
-static const NSSItem nss_builtins_items_129 [] = {
+static const NSSItem nss_builtins_items_125 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7240,7 +7096,7 @@ static const NSSItem nss_builtins_items_129 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_130 [] = {
+static const NSSItem nss_builtins_items_126 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7308,7 +7164,7 @@ static const NSSItem nss_builtins_items_130 [] = {
"\375\345\026\014\364\253\027\110\176\255\353\200\300\125\201"
, (PRUint32)639 }
};
-static const NSSItem nss_builtins_items_131 [] = {
+static const NSSItem nss_builtins_items_127 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7323,7 +7179,7 @@ static const NSSItem nss_builtins_items_131 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_132 [] = {
+static const NSSItem nss_builtins_items_128 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7391,7 +7247,7 @@ static const NSSItem nss_builtins_items_132 [] = {
"\153\301\221\235\013\364\077\232\021\174\224\026\147\266\230"
, (PRUint32)639 }
};
-static const NSSItem nss_builtins_items_133 [] = {
+static const NSSItem nss_builtins_items_129 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7406,7 +7262,7 @@ static const NSSItem nss_builtins_items_133 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_134 [] = {
+static const NSSItem nss_builtins_items_130 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7515,7 +7371,7 @@ static const NSSItem nss_builtins_items_134 [] = {
"\043\020\077\041\020\131\267\344\100\335\046\014\043\366\252\256"
, (PRUint32)1328 }
};
-static const NSSItem nss_builtins_items_135 [] = {
+static const NSSItem nss_builtins_items_131 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7530,7 +7386,7 @@ static const NSSItem nss_builtins_items_135 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_136 [] = {
+static const NSSItem nss_builtins_items_132 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7607,7 +7463,7 @@ static const NSSItem nss_builtins_items_136 [] = {
"\074\351\033\046\033\234\144"
, (PRUint32)871 }
};
-static const NSSItem nss_builtins_items_137 [] = {
+static const NSSItem nss_builtins_items_133 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7622,7 +7478,7 @@ static const NSSItem nss_builtins_items_137 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_138 [] = {
+static const NSSItem nss_builtins_items_134 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7685,7 +7541,7 @@ static const NSSItem nss_builtins_items_138 [] = {
"\165\112\364\010\054\365\334\146\317\303\070\176"
, (PRUint32)620 }
};
-static const NSSItem nss_builtins_items_139 [] = {
+static const NSSItem nss_builtins_items_135 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7700,7 +7556,7 @@ static const NSSItem nss_builtins_items_139 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_140 [] = {
+static const NSSItem nss_builtins_items_136 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7771,7 +7627,7 @@ static const NSSItem nss_builtins_items_140 [] = {
"\055\335\051"
, (PRUint32)771 }
};
-static const NSSItem nss_builtins_items_141 [] = {
+static const NSSItem nss_builtins_items_137 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7786,7 +7642,7 @@ static const NSSItem nss_builtins_items_141 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_142 [] = {
+static const NSSItem nss_builtins_items_138 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7843,7 +7699,7 @@ static const NSSItem nss_builtins_items_142 [] = {
"\041\040\224\150\052\332\214\276"
, (PRUint32)520 }
};
-static const NSSItem nss_builtins_items_143 [] = {
+static const NSSItem nss_builtins_items_139 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7858,7 +7714,7 @@ static const NSSItem nss_builtins_items_143 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_144 [] = {
+static const NSSItem nss_builtins_items_140 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7955,7 +7811,7 @@ static const NSSItem nss_builtins_items_144 [] = {
"\302\215\302\155\354\334\023\323\106\305\171\174"
, (PRUint32)1020 }
};
-static const NSSItem nss_builtins_items_145 [] = {
+static const NSSItem nss_builtins_items_141 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -7970,7 +7826,7 @@ static const NSSItem nss_builtins_items_145 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_146 [] = {
+static const NSSItem nss_builtins_items_142 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8069,7 +7925,7 @@ static const NSSItem nss_builtins_items_146 [] = {
"\345"
, (PRUint32)993 }
};
-static const NSSItem nss_builtins_items_147 [] = {
+static const NSSItem nss_builtins_items_143 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8084,7 +7940,7 @@ static const NSSItem nss_builtins_items_147 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_148 [] = {
+static const NSSItem nss_builtins_items_144 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8183,7 +8039,7 @@ static const NSSItem nss_builtins_items_148 [] = {
"\300"
, (PRUint32)993 }
};
-static const NSSItem nss_builtins_items_149 [] = {
+static const NSSItem nss_builtins_items_145 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8198,7 +8054,7 @@ static const NSSItem nss_builtins_items_149 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_150 [] = {
+static const NSSItem nss_builtins_items_146 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8329,7 +8185,7 @@ static const NSSItem nss_builtins_items_150 [] = {
"\347"
, (PRUint32)1505 }
};
-static const NSSItem nss_builtins_items_151 [] = {
+static const NSSItem nss_builtins_items_147 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8344,7 +8200,7 @@ static const NSSItem nss_builtins_items_151 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_152 [] = {
+static const NSSItem nss_builtins_items_148 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8443,7 +8299,7 @@ static const NSSItem nss_builtins_items_152 [] = {
"\203"
, (PRUint32)993 }
};
-static const NSSItem nss_builtins_items_153 [] = {
+static const NSSItem nss_builtins_items_149 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8458,7 +8314,7 @@ static const NSSItem nss_builtins_items_153 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_154 [] = {
+static const NSSItem nss_builtins_items_150 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8559,7 +8415,7 @@ static const NSSItem nss_builtins_items_154 [] = {
"\226\126\160\040\066\300\357\331\152\326\260\147\343"
, (PRUint32)1005 }
};
-static const NSSItem nss_builtins_items_155 [] = {
+static const NSSItem nss_builtins_items_151 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8574,7 +8430,7 @@ static const NSSItem nss_builtins_items_155 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_156 [] = {
+static const NSSItem nss_builtins_items_152 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8656,7 +8512,7 @@ static const NSSItem nss_builtins_items_156 [] = {
"\273\373\017\154\134\072\310\335\255\216\012\227\035\217"
, (PRUint32)862 }
};
-static const NSSItem nss_builtins_items_157 [] = {
+static const NSSItem nss_builtins_items_153 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8671,7 +8527,7 @@ static const NSSItem nss_builtins_items_157 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_158 [] = {
+static const NSSItem nss_builtins_items_154 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8835,7 +8691,7 @@ static const NSSItem nss_builtins_items_158 [] = {
"\145\315\351"
, (PRUint32)2163 }
};
-static const NSSItem nss_builtins_items_159 [] = {
+static const NSSItem nss_builtins_items_155 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8850,7 +8706,7 @@ static const NSSItem nss_builtins_items_159 [] = {
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_160 [] = {
+static const NSSItem nss_builtins_items_156 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8944,7 +8800,7 @@ static const NSSItem nss_builtins_items_160 [] = {
"\065\341\035\026\034\320\274\053\216\326\161\331"
, (PRUint32)1052 }
};
-static const NSSItem nss_builtins_items_161 [] = {
+static const NSSItem nss_builtins_items_157 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -8959,7 +8815,7 @@ static const NSSItem nss_builtins_items_161 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_162 [] = {
+static const NSSItem nss_builtins_items_158 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9057,7 +8913,7 @@ static const NSSItem nss_builtins_items_162 [] = {
"\027\132\173\320\274\307\217\116\206\004"
, (PRUint32)1082 }
};
-static const NSSItem nss_builtins_items_163 [] = {
+static const NSSItem nss_builtins_items_159 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9072,7 +8928,7 @@ static const NSSItem nss_builtins_items_163 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_164 [] = {
+static const NSSItem nss_builtins_items_160 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9166,7 +9022,7 @@ static const NSSItem nss_builtins_items_164 [] = {
"\116\072\063\014\053\263\055\220\006"
, (PRUint32)1049 }
};
-static const NSSItem nss_builtins_items_165 [] = {
+static const NSSItem nss_builtins_items_161 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9181,7 +9037,7 @@ static const NSSItem nss_builtins_items_165 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_166 [] = {
+static const NSSItem nss_builtins_items_162 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9276,7 +9132,7 @@ static const NSSItem nss_builtins_items_166 [] = {
"\306\241"
, (PRUint32)1058 }
};
-static const NSSItem nss_builtins_items_167 [] = {
+static const NSSItem nss_builtins_items_163 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9291,7 +9147,7 @@ static const NSSItem nss_builtins_items_167 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_168 [] = {
+static const NSSItem nss_builtins_items_164 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9382,7 +9238,7 @@ static const NSSItem nss_builtins_items_168 [] = {
"\051\303"
, (PRUint32)930 }
};
-static const NSSItem nss_builtins_items_169 [] = {
+static const NSSItem nss_builtins_items_165 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9397,7 +9253,7 @@ static const NSSItem nss_builtins_items_169 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_170 [] = {
+static const NSSItem nss_builtins_items_166 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9488,7 +9344,7 @@ static const NSSItem nss_builtins_items_170 [] = {
"\064\215"
, (PRUint32)930 }
};
-static const NSSItem nss_builtins_items_171 [] = {
+static const NSSItem nss_builtins_items_167 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9503,7 +9359,7 @@ static const NSSItem nss_builtins_items_171 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_172 [] = {
+static const NSSItem nss_builtins_items_168 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9594,7 +9450,7 @@ static const NSSItem nss_builtins_items_172 [] = {
"\116\101\325\226\343\116"
, (PRUint32)934 }
};
-static const NSSItem nss_builtins_items_173 [] = {
+static const NSSItem nss_builtins_items_169 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9609,7 +9465,7 @@ static const NSSItem nss_builtins_items_173 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_174 [] = {
+static const NSSItem nss_builtins_items_170 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9701,7 +9557,7 @@ static const NSSItem nss_builtins_items_174 [] = {
"\316\324\357"
, (PRUint32)931 }
};
-static const NSSItem nss_builtins_items_175 [] = {
+static const NSSItem nss_builtins_items_171 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9716,7 +9572,7 @@ static const NSSItem nss_builtins_items_175 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_176 [] = {
+static const NSSItem nss_builtins_items_172 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9816,7 +9672,7 @@ static const NSSItem nss_builtins_items_176 [] = {
"\024"
, (PRUint32)977 }
};
-static const NSSItem nss_builtins_items_177 [] = {
+static const NSSItem nss_builtins_items_173 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9831,7 +9687,7 @@ static const NSSItem nss_builtins_items_177 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
-static const NSSItem nss_builtins_items_178 [] = {
+static const NSSItem nss_builtins_items_174 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9906,7 +9762,7 @@ static const NSSItem nss_builtins_items_178 [] = {
"\011\254\211\111\323"
, (PRUint32)677 }
};
-static const NSSItem nss_builtins_items_179 [] = {
+static const NSSItem nss_builtins_items_175 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
@@ -9921,6 +9777,188 @@ static const NSSItem nss_builtins_items_179 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
};
+static const NSSItem nss_builtins_items_176 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"E-Certify CA", (PRUint32)13 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+, (PRUint32)78 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+, (PRUint32)78 },
+ { (void *)"\001\115\105\234"
+, (PRUint32)4 },
+ { (void *)"\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001"
+"\115\105\234\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143"
+"\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145"
+"\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011"
+"\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125"
+"\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+"\060\036\027\015\071\071\060\071\062\070\061\066\064\070\062\071"
+"\132\027\015\060\064\060\071\062\070\061\066\064\070\062\071\132"
+"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101\060\202"
+"\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005"
+"\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\272"
+"\233\246\161\200\125\164\111\051\125\166\033\307\066\225\060\054"
+"\062\011\121\356\060\244\153\150\207\107\330\050\012\027\177\157"
+"\250\232\040\266\253\001\322\256\240\105\106\065\002\002\374\332"
+"\340\040\162\012\063\015\223\160\270\004\220\111\371\150\070\273"
+"\015\021\156\071\135\130\172\306\043\146\351\273\027\062\046\350"
+"\354\022\150\207\051\314\271\345\117\314\210\033\355\225\161\241"
+"\123\042\056\355\203\134\376\062\127\114\122\123\070\341\025\155"
+"\000\125\111\207\044\313\344\026\110\270\231\345\332\172\337\243"
+"\205\230\164\302\371\253\153\111\315\377\102\315\270\055\264\200"
+"\313\114\172\065\374\220\277\115\323\000\355\317\214\377\117\071"
+"\373\172\170\360\016\015\111\177\123\076\024\233\046\250\252\311"
+"\273\341\321\033\335\034\060\257\001\346\233\046\006\144\274\357"
+"\130\114\132\105\225\120\304\054\076\164\130\351\074\257\373\303"
+"\253\122\004\332\044\362\261\304\366\133\323\110\340\301\204\060"
+"\174\321\165\077\344\123\163\135\211\330\356\100\117\011\227\227"
+"\205\143\215\325\240\256\206\203\153\333\124\150\136\350\113\002"
+"\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004"
+"\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110"
+"\206\367\015\001\001\005\005\000\003\202\001\001\000\163\076\031"
+"\174\330\126\321\305\377\012\235\347\266\315\227\363\247\341\101"
+"\310\176\202\065\377\233\226\322\013\357\161\362\020\345\104\313"
+"\222\350\016\132\346\076\304\364\225\151\002\274\013\126\200\271"
+"\161\027\143\036\101\111\052\065\352\034\325\144\253\111\355\013"
+"\076\213\124\241\115\050\150\352\275\267\201\077\065\171\202\367"
+"\064\274\171\210\045\236\200\347\317\250\025\257\362\341\025\053"
+"\007\121\340\324\215\112\112\003\300\042\053\271\150\112\200\303"
+"\250\205\010\325\247\052\275\313\247\143\175\243\260\312\126\140"
+"\154\105\341\312\277\024\122\012\302\305\145\354\241\075\037\100"
+"\371\120\132\344\064\012\157\302\164\254\174\314\047\352\343\207"
+"\245\123\310\336\174\076\135\102\122\132\353\005\150\246\030\062"
+"\140\040\170\153\160\024\140\041\202\011\075\036\126\300\025\141"
+"\000\121\145\262\061\022\371\306\112\006\274\137\364\071\037\166"
+"\232\211\170\351\066\202\332\265\157\213\177\211\265\114\367\145"
+"\030\134\201\363\356\120\326\335\354\151\110\237\053\265\336\076"
+"\275\372\274\154\153\147\123\233\261\223\271\221\106"
+, (PRUint32)829 }
+};
+static const NSSItem nss_builtins_items_177 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"E-Certify CA", (PRUint32)13 },
+ { (void *)"\133\330\153\206\375\275\330\206\371\233\310\120\106\350\052\112"
+"\211\152\317\357"
+, (PRUint32)20 },
+ { (void *)"\256\065\177\222\227\106\174\217\023\051\341\333\236\102\145\152"
+, (PRUint32)16 },
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
+static const NSSItem nss_builtins_items_178 [] = {
+ { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"E-Certify RA", (PRUint32)13 },
+ { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+ { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\122\101"
+, (PRUint32)78 },
+ { (void *)"0", (PRUint32)2 },
+ { (void *)"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+, (PRUint32)78 },
+ { (void *)"\001\117\353\020"
+, (PRUint32)4 },
+ { (void *)"\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001"
+"\117\353\020\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143"
+"\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145"
+"\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011"
+"\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125"
+"\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101"
+"\060\036\027\015\071\071\060\071\063\060\061\066\065\070\065\067"
+"\132\027\015\060\064\060\071\062\067\061\066\065\070\065\067\132"
+"\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061"
+"\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164"
+"\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104"
+"\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003"
+"\023\014\105\055\103\145\162\164\151\146\171\040\122\101\060\202"
+"\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005"
+"\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334"
+"\260\267\045\373\356\014\272\330\243\162\104\017\052\243\343\110"
+"\004\321\364\060\164\006\010\016\137\067\307\066\267\202\232\045"
+"\113\254\153\111\231\000\033\027\362\360\337\027\027\351\355\040"
+"\152\024\153\375\311\314\017\346\014\153\206\345\365\244\372\333"
+"\005\052\000\310\015\352\252\145\100\066\312\363\345\165\071\216"
+"\334\146\333\104\034\236\303\213\103\070\313\274\360\232\311\331"
+"\312\067\023\312\122\301\055\351\107\040\345\314\044\170\340\346"
+"\033\114\270\322\124\202\155\016\271\041\140\357\174\264\000\373"
+"\122\304\057\012\367\004\116\204\057\337\030\254\143\006\040\335"
+"\332\261\201\301\341\255\177\030\210\167\363\353\370\255\317\172"
+"\020\120\126\171\236\124\317\336\034\233\327\102\224\341\317\325"
+"\154\365\136\075\315\345\147\023\073\232\315\072\142\204\371\141"
+"\036\155\325\130\216\331\371\255\052\076\226\361\355\252\177\020"
+"\356\366\000\205\074\261\005\013\064\321\134\142\340\215\022\256"
+"\275\114\124\300\342\274\144\161\140\145\206\306\331\204\253\130"
+"\140\152\061\156\175\117\261\210\242\376\024\114\072\214\373\002"
+"\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004"
+"\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370"
+"\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110"
+"\206\367\015\001\001\005\005\000\003\202\001\001\000\255\030\200"
+"\317\060\274\073\350\362\002\025\127\075\350\114\143\346\356\062"
+"\243\177\345\001\360\047\271\052\331\301\250\236\043\036\107\231"
+"\327\056\104\113\024\313\320\275\046\144\003\362\006\217\237\327"
+"\110\250\161\153\026\064\305\076\265\171\230\263\346\340\320\070"
+"\021\231\244\021\173\343\071\245\015\077\235\325\322\305\172\057"
+"\352\104\024\315\020\116\240\064\263\153\211\137\360\256\237\315"
+"\123\325\176\172\120\045\000\041\244\155\351\310\161\000\373\255"
+"\064\027\110\042\356\247\050\154\206\162\333\371\233\206\104\170"
+"\136\005\351\150\064\060\241\025\145\301\251\332\236\135\236\043"
+"\106\116\052\346\116\263\114\237\314\106\010\230\034\074\103\237"
+"\264\316\240\140\357\044\316\116\037\350\302\251\162\273\057\332"
+"\102\006\041\360\232\345\170\107\054\010\164\120\150\140\375\205"
+"\302\373\257\112\222\361\204\235\000\152\310\126\041\216\157\301"
+"\061\313\121\354\166\165\172\337\001\016\162\150\241\362\046\216"
+"\331\270\306\243\144\122\372\155\373\112\075\132\135\270\124\224"
+"\355\125\150\145\235\077\122\114\106\222\026\013\276"
+, (PRUint32)829 }
+};
+static const NSSItem nss_builtins_items_179 [] = {
+ { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+ { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+ { (void *)"E-Certify RA", (PRUint32)13 },
+ { (void *)"\217\051\011\013\006\302\070\314\160\305\251\355\227\147\210\315"
+"\066\332\335\131"
+, (PRUint32)20 },
+ { (void *)"\245\273\012\243\320\307\124\025\130\336\153\122\020\121\272\050"
+, (PRUint32)16 },
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+ { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
+};
PR_IMPLEMENT_DATA(const builtinsInternalObject)
nss_builtins_data[] = {
diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt
index ee7273197..b4f78d59d 100644
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -3230,166 +3230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
#
-# Certificate "E-Certify Internet ID"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Internet ID"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103
-\154\151\145\156\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103
-\154\151\145\156\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\002
-\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
-\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022
-\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151
-\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101
-\040\107\157\154\144\040\103\154\151\145\156\164\061\046\060\044
-\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171
-\040\122\123\101\040\065\061\062\040\107\157\154\144\040\103\154
-\151\145\156\164\060\036\027\015\071\070\061\060\061\066\061\063
-\063\064\060\070\132\027\015\060\063\061\060\061\066\061\063\063
-\064\060\070\132\060\143\061\013\060\011\006\003\125\004\006\023
-\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055
-\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013
-\023\017\122\123\101\040\107\157\154\144\040\103\154\151\145\156
-\164\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145
-\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157
-\154\144\040\103\154\151\145\156\164\060\134\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002
-\101\000\160\011\304\365\211\211\115\310\243\362\300\037\344\175
-\360\374\172\310\202\314\146\011\305\051\323\135\010\324\351\350
-\377\137\031\300\373\334\252\217\060\014\076\332\205\167\117\170
-\300\317\075\126\311\263\365\203\226\110\356\220\237\254\016\002
-\316\071\002\003\001\000\001\243\023\060\021\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
-\052\206\110\206\367\015\001\001\004\005\000\003\101\000\035\222
-\327\114\344\014\326\373\112\075\351\341\302\037\000\367\121\374
-\361\076\370\312\304\361\043\210\217\320\116\177\247\214\173\177
-\004\102\133\367\046\132\264\343\121\162\110\045\125\317\157\360
-\377\003\313\301\331\031\000\364\370\371\364\273\030\126
-END
-
-# Trust for Certificate "E-Certify Internet ID"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Internet ID"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\077\065\017\377\111\047\260\141\105\312\101\073\101\244\215\235
-\044\315\125\035
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\374\012\336\152\227\076\143\333\122\302\131\003\010\060\141\042
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
-
-#
-# Certificate "E-Certify Commerce ID"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Commerce ID"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123
-\145\162\166\145\162
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061
-\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
-\151\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123
-\101\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060
-\044\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146
-\171\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123
-\145\162\166\145\162
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\001\312\060\202\001\164\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
-\143\061\013\060\011\006\003\125\004\006\023\002\103\101\061\022
-\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164\151
-\146\171\061\030\060\026\006\003\125\004\013\023\017\122\123\101
-\040\107\157\154\144\040\123\145\162\166\145\162\061\046\060\044
-\006\003\125\004\003\023\035\105\055\103\145\162\164\151\146\171
-\040\122\123\101\040\065\061\062\040\107\157\154\144\040\123\145
-\162\166\145\162\060\036\027\015\071\070\061\060\061\066\061\063
-\063\067\065\063\132\027\015\060\063\061\060\061\066\061\063\063
-\067\065\063\132\060\143\061\013\060\011\006\003\125\004\006\023
-\002\103\101\061\022\060\020\006\003\125\004\012\023\011\105\055
-\103\145\162\164\151\146\171\061\030\060\026\006\003\125\004\013
-\023\017\122\123\101\040\107\157\154\144\040\123\145\162\166\145
-\162\061\046\060\044\006\003\125\004\003\023\035\105\055\103\145
-\162\164\151\146\171\040\122\123\101\040\065\061\062\040\107\157
-\154\144\040\123\145\162\166\145\162\060\134\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\113\000\060\110\002
-\101\000\315\125\017\167\022\376\363\200\326\211\001\035\131\356
-\000\262\165\116\246\223\055\136\374\036\004\155\215\115\261\333
-\137\262\053\124\365\301\013\252\016\156\104\220\317\003\215\047
-\010\063\336\073\050\245\326\122\171\067\310\136\221\312\211\002
-\111\027\002\003\001\000\001\243\023\060\021\060\017\006\003\125
-\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
-\052\206\110\206\367\015\001\001\004\005\000\003\101\000\164\365
-\045\172\071\347\203\020\377\011\173\160\316\054\326\166\341\117
-\174\064\172\210\005\060\362\007\213\021\244\071\215\164\173\246
-\373\172\346\340\006\055\316\160\161\033\230\104\112\023\274\365
-\267\026\213\174\211\264\022\023\032\344\321\016\163\052
-END
-
-# Trust for Certificate "E-Certify Commerce ID"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Certify Commerce ID"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\077\025\014\145\325\170\211\025\237\031\377\341\041\331\311\115
-\150\032\031\205
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\265\302\221\035\163\344\353\371\326\123\300\004\343\077\243\215
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
-
-#
# Certificate "Verisign Class 1 Public Primary Certification Authority"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
@@ -10121,3 +9961,201 @@ END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "E-Certify CA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\001\115\105\234
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001
+\115\105\234\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143
+\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145
+\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011
+\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125
+\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+\060\036\027\015\071\071\060\071\062\070\061\066\064\070\062\071
+\132\027\015\060\064\060\071\062\070\061\066\064\070\062\071\132
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\272
+\233\246\161\200\125\164\111\051\125\166\033\307\066\225\060\054
+\062\011\121\356\060\244\153\150\207\107\330\050\012\027\177\157
+\250\232\040\266\253\001\322\256\240\105\106\065\002\002\374\332
+\340\040\162\012\063\015\223\160\270\004\220\111\371\150\070\273
+\015\021\156\071\135\130\172\306\043\146\351\273\027\062\046\350
+\354\022\150\207\051\314\271\345\117\314\210\033\355\225\161\241
+\123\042\056\355\203\134\376\062\127\114\122\123\070\341\025\155
+\000\125\111\207\044\313\344\026\110\270\231\345\332\172\337\243
+\205\230\164\302\371\253\153\111\315\377\102\315\270\055\264\200
+\313\114\172\065\374\220\277\115\323\000\355\317\214\377\117\071
+\373\172\170\360\016\015\111\177\123\076\024\233\046\250\252\311
+\273\341\321\033\335\034\060\257\001\346\233\046\006\144\274\357
+\130\114\132\105\225\120\304\054\076\164\130\351\074\257\373\303
+\253\122\004\332\044\362\261\304\366\133\323\110\340\301\204\060
+\174\321\165\077\344\123\163\135\211\330\356\100\117\011\227\227
+\205\143\215\325\240\256\206\203\153\333\124\150\136\350\113\002
+\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004
+\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\163\076\031
+\174\330\126\321\305\377\012\235\347\266\315\227\363\247\341\101
+\310\176\202\065\377\233\226\322\013\357\161\362\020\345\104\313
+\222\350\016\132\346\076\304\364\225\151\002\274\013\126\200\271
+\161\027\143\036\101\111\052\065\352\034\325\144\253\111\355\013
+\076\213\124\241\115\050\150\352\275\267\201\077\065\171\202\367
+\064\274\171\210\045\236\200\347\317\250\025\257\362\341\025\053
+\007\121\340\324\215\112\112\003\300\042\053\271\150\112\200\303
+\250\205\010\325\247\052\275\313\247\143\175\243\260\312\126\140
+\154\105\341\312\277\024\122\012\302\305\145\354\241\075\037\100
+\371\120\132\344\064\012\157\302\164\254\174\314\047\352\343\207
+\245\123\310\336\174\076\135\102\122\132\353\005\150\246\030\062
+\140\040\170\153\160\024\140\041\202\011\075\036\126\300\025\141
+\000\121\145\262\061\022\371\306\112\006\274\137\364\071\037\166
+\232\211\170\351\066\202\332\265\157\213\177\211\265\114\367\145
+\030\134\201\363\356\120\326\335\354\151\110\237\053\265\336\076
+\275\372\274\154\153\147\123\233\261\223\271\221\106
+END
+
+# Trust for Certificate "E-Certify CA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\133\330\153\206\375\275\330\206\371\233\310\120\106\350\052\112
+\211\152\317\357
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\256\065\177\222\227\106\174\217\023\051\341\333\236\102\145\152
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+
+#
+# Certificate "E-Certify RA"
+#
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify RA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\122\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\001\117\353\020
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\071\060\202\002\041\240\003\002\001\002\002\004\001
+\117\353\020\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\114\061\013\060\011\006\003\125\004\006\023\002\143
+\141\061\022\060\020\006\003\125\004\012\023\011\105\055\103\145
+\162\164\151\146\171\061\022\060\020\006\003\125\004\013\023\011
+\111\104\040\103\145\156\164\145\162\061\025\060\023\006\003\125
+\004\003\023\014\105\055\103\145\162\164\151\146\171\040\103\101
+\060\036\027\015\071\071\060\071\063\060\061\066\065\070\065\067
+\132\027\015\060\064\060\071\062\067\061\066\065\070\065\067\132
+\060\114\061\013\060\011\006\003\125\004\006\023\002\143\141\061
+\022\060\020\006\003\125\004\012\023\011\105\055\103\145\162\164
+\151\146\171\061\022\060\020\006\003\125\004\013\023\011\111\104
+\040\103\145\156\164\145\162\061\025\060\023\006\003\125\004\003
+\023\014\105\055\103\145\162\164\151\146\171\040\122\101\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334
+\260\267\045\373\356\014\272\330\243\162\104\017\052\243\343\110
+\004\321\364\060\164\006\010\016\137\067\307\066\267\202\232\045
+\113\254\153\111\231\000\033\027\362\360\337\027\027\351\355\040
+\152\024\153\375\311\314\017\346\014\153\206\345\365\244\372\333
+\005\052\000\310\015\352\252\145\100\066\312\363\345\165\071\216
+\334\146\333\104\034\236\303\213\103\070\313\274\360\232\311\331
+\312\067\023\312\122\301\055\351\107\040\345\314\044\170\340\346
+\033\114\270\322\124\202\155\016\271\041\140\357\174\264\000\373
+\122\304\057\012\367\004\116\204\057\337\030\254\143\006\040\335
+\332\261\201\301\341\255\177\030\210\167\363\353\370\255\317\172
+\020\120\126\171\236\124\317\336\034\233\327\102\224\341\317\325
+\154\365\136\075\315\345\147\023\073\232\315\072\142\204\371\141
+\036\155\325\130\216\331\371\255\052\076\226\361\355\252\177\020
+\356\366\000\205\074\261\005\013\064\321\134\142\340\215\022\256
+\275\114\124\300\342\274\144\161\140\145\206\306\331\204\253\130
+\140\152\061\156\175\117\261\210\242\376\024\114\072\214\373\002
+\003\001\000\001\243\043\060\041\060\014\006\003\125\035\023\004
+\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\255\030\200
+\317\060\274\073\350\362\002\025\127\075\350\114\143\346\356\062
+\243\177\345\001\360\047\271\052\331\301\250\236\043\036\107\231
+\327\056\104\113\024\313\320\275\046\144\003\362\006\217\237\327
+\110\250\161\153\026\064\305\076\265\171\230\263\346\340\320\070
+\021\231\244\021\173\343\071\245\015\077\235\325\322\305\172\057
+\352\104\024\315\020\116\240\064\263\153\211\137\360\256\237\315
+\123\325\176\172\120\045\000\041\244\155\351\310\161\000\373\255
+\064\027\110\042\356\247\050\154\206\162\333\371\233\206\104\170
+\136\005\351\150\064\060\241\025\145\301\251\332\236\135\236\043
+\106\116\052\346\116\263\114\237\314\106\010\230\034\074\103\237
+\264\316\240\140\357\044\316\116\037\350\302\251\162\273\057\332
+\102\006\041\360\232\345\170\107\054\010\164\120\150\140\375\205
+\302\373\257\112\222\361\204\235\000\152\310\126\041\216\157\301
+\061\313\121\354\166\165\172\337\001\016\162\150\241\362\046\216
+\331\270\306\243\144\122\372\155\373\112\075\132\135\270\124\224
+\355\125\150\145\235\077\122\114\106\222\026\013\276
+END
+
+# Trust for Certificate "E-Certify RA"
+CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Certify RA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\217\051\011\013\006\302\070\314\160\305\251\355\227\147\210\315
+\066\332\335\131
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\245\273\012\243\320\307\124\025\130\336\153\122\020\121\272\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
diff --git a/security/nss/lib/crmf/asn1cmn.c b/security/nss/lib/crmf/asn1cmn.c
index 7299bbdc6..0cb0c3c41 100644
--- a/security/nss/lib/crmf/asn1cmn.c
+++ b/security/nss/lib/crmf/asn1cmn.c
@@ -62,7 +62,8 @@ const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
offsetof(CMMFCertifiedKeyPair, privateKey),
CRMFEncryptedValueTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 1,
offsetof (CMMFCertifiedKeyPair, derPublicationInfo),
SEC_ASN1_SUB(SEC_AnyTemplate) },
{ 0 }
diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c
index 8cbc9895e..7dffb6e80 100644
--- a/security/nss/lib/crmf/crmftmpl.c
+++ b/security/nss/lib/crmf/crmftmpl.c
@@ -73,11 +73,11 @@ static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = {
static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFOptionalValidity) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0,
offsetof (CRMFOptionalValidity, notBefore),
SEC_ASN1_SUB(SEC_UTCTimeTemplate) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
offsetof (CRMFOptionalValidity, notAfter),
SEC_ASN1_SUB(SEC_UTCTimeTemplate) },
@@ -113,10 +113,12 @@ static const SEC_ASN1Template CRMFCertTemplateTemplate[] = {
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 6,
offsetof (CRMFCertTemplate, publicKey),
CERT_SubjectPublicKeyInfoTemplate },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 7,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_XTRN | 7,
offsetof (CRMFCertTemplate, issuerUID),
SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 8,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_XTRN | 8,
offsetof (CRMFCertTemplate, subjectUID),
SEC_ASN1_SUB(SEC_BitStringTemplate) },
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
@@ -184,7 +186,8 @@ const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
/* This template will need to add POPOSigningKeyInput eventually, maybe*/
static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 0,
offsetof(CRMFPOPOSigningKey, derInput),
SEC_ASN1_SUB(SEC_AnyTemplate) },
{ SEC_ASN1_POINTER | SEC_ASN1_XTRN,
@@ -250,14 +253,16 @@ const SEC_ASN1Template CRMFEncryptedValueTemplate[] = {
SEC_ASN1_XTRN | 1,
offsetof (CRMFEncryptedValue, symmAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 2,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_XTRN | 2,
offsetof(CRMFEncryptedValue, encSymmKey),
SEC_ASN1_SUB(SEC_BitStringTemplate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
SEC_ASN1_XTRN | 3,
offsetof(CRMFEncryptedValue, keyAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 4,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 4,
offsetof(CRMFEncryptedValue, valueHint),
SEC_ASN1_SUB(SEC_OctetStringTemplate) },
{ SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) },
diff --git a/security/nss/lib/freebl/mpi/mpprime.c b/security/nss/lib/freebl/mpi/mpprime.c
index 3cdf88aa6..76a64a083 100644
--- a/security/nss/lib/freebl/mpi/mpprime.c
+++ b/security/nss/lib/freebl/mpi/mpprime.c
@@ -480,11 +480,11 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
}
/* start sieveing with prime value of 3. */
MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1,
- sieve, sizeof sieve) );
+ sieve, SIEVE_SIZE) );
#ifdef DEBUG_SIEVE
res = 0;
- for (i = 0; i < sizeof sieve; ++i) {
+ for (i = 0; i < SIEVE_SIZE; ++i) {
if (!sieve[i])
++res;
}
@@ -495,7 +495,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
#endif
res = MP_NO;
- for(i = 0; i < sizeof sieve; ++i) {
+ for(i = 0; i < SIEVE_SIZE; ++i) {
if (sieve[i]) /* this number is composite */
continue;
MP_CHECKOK( mp_add_d(start, 2 * i, &trial) );
diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def
index 53f87d641..cc0c1095e 100644
--- a/security/nss/lib/nss/nss.def
+++ b/security/nss/lib/nss/nss.def
@@ -309,6 +309,8 @@ PK11_ImportEncryptedPrivateKeyInfo;
PK11_ImportPrivateKeyInfo;
PK11_MapPBEMechanismToCryptoMechanism;
PK11_PBEKeyGen;
+PK11_CreatePBEParams;
+PK11_DestroyPBEParams;
PK11_ParamFromAlgid;
PK11_ParamToAlgid;
PK11_TraverseCertsForNicknameInSlot;
@@ -459,8 +461,12 @@ CERT_CreateName;
;+};
;+NSS_3.3 { # NSS 3.3. release
;+ global:
-SECKEY_CreateDHPrivateKey;
CERT_CheckCertUsage;
+CERT_FindCertIssuer;
+PK11_GetModule;
+SECKEY_CreateDHPrivateKey;
+SECKEY_GetPublicKeyType;
+SECMOD_AddNewModule;
;+#
;+# The following symbols are exported only to make JSS work.
;+# These are still private!!!
@@ -481,6 +487,7 @@ PK11_CheckSSOPassword;
PK11_CopySymKeyForSigning;
PK11_DeleteTokenCertAndKey;
PK11_DEREncodePublicKey;
+PK11_ExtractKeyValue;
PK11_FindCertsFromNickname;
PK11_FindKeyByKeyID;
PK11_GetIVLength;
@@ -488,12 +495,16 @@ PK11_GetKeyData;
PK11_GetKeyType;
PK11_GetLowLevelKeyIDForCert;
PK11_GetLowLevelKeyIDForPrivateKey;
+PK11_GetSlotPWValues;
PK11_ImportCertForKey;
PK11_ImportDERCertForKey;
PK11_ImportDERPrivateKeyInfo;
+PK11_ImportSymKey;
PK11_IsLoggedIn;
PK11_KeyForDERCertExists;
PK11_KeyForCertExists;
+PK11_ListPrivateKeysInSlot;
+PK11_ListCertsInSlot;
PK11_Logout;
PK11_NeedPWInit;
PK11_MakeIDFromPubKey;
@@ -510,15 +521,13 @@ PK11_PQG_NewVerify;
PK11_PQG_ParamGen;
PK11_PQG_ParamGenSeedLen;
PK11_PQG_VerifyParams;
+PK11_ReferenceSlot;
PK11_SeedRandom;
PK11_UnwrapPrivKey;
PK11_VerifyRecover;
PK11_WrapPrivKey;
-PK11_ReferenceSlot;
-PK11_GetSlotPWValues;
-PK11_ImportSymKey;
-PK11_ExtractKeyValue;
SEC_CertNicknameConflict;
+SEC_PKCS5GetIV;
SECMOD_DeleteInternalModule;
SECMOD_DestroyModule;
SECMOD_GetDefaultModuleList;
@@ -527,18 +536,15 @@ SECMOD_GetInternalModule;
SECMOD_GetReadLock;
SECMOD_ReferenceModule;
SECMOD_ReleaseReadLock;
-SECKEY_GetPrivateKeyType;
+SECKEY_AddPrivateKeyToListTail;
SECKEY_EncodeDERSubjectPublicKeyInfo;
SECKEY_ExtractPublicKey;
+SECKEY_DestroyPrivateKeyList;
+SECKEY_GetPrivateKeyType;
SECKEY_HashPassword;
SECKEY_ImportDERPublicKey;
SECKEY_NewPrivateKeyList;
-SECKEY_DestroyPrivateKeyList;
SECKEY_RemovePrivateKeyListNode;
-SECKEY_AddPrivateKeyToListTail;
-SEC_PKCS5GetIV;
-PK11_ListPrivateKeysInSlot;
-PK11_ListCertsInSlot;
VFY_EndWithSignature;
;+ local:
;+ *;
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index 51d4ae895..a5d5a5199 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -49,11 +49,11 @@ SEC_BEGIN_PROTOS
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>] [<Beta>]"
*/
-#define NSS_VERSION "3.3 Beta"
+#define NSS_VERSION "3.3"
#define NSS_VMAJOR 3
#define NSS_VMINOR 3
#define NSS_VPATCH 0
-#define NSS_BETA PR_TRUE
+#define NSS_BETA PR_FALSE
/*
diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h
index f3411681c..67fb9edc2 100644
--- a/security/nss/lib/pk11wrap/pk11func.h
+++ b/security/nss/lib/pk11wrap/pk11func.h
@@ -455,6 +455,17 @@ void PK11_SetFortezzaHack(PK11SymKey *symKey) ;
/**********************************************************************
* PBE functions
**********************************************************************/
+
+/* This function creates PBE parameters from the given inputs. The result
+ * can be used to create a password integrity key for PKCS#12, by sending
+ * the return value to PK11_KeyGen along with the appropriate mechanism.
+ */
+SECItem *
+PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations);
+
+/* free params created above (can be called after keygen is done */
+void PK11_DestroyPBEParams(SECItem *params);
+
SECAlgorithmID *
PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
PK11SymKey *
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index 618dce8dd..607deeba8 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -1207,7 +1207,7 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
int keySize, SECItem *keyid, PRBool isToken, void *wincx)
{
PK11SymKey *symKey;
- CK_ATTRIBUTE genTemplate[4];
+ CK_ATTRIBUTE genTemplate[5];
CK_ATTRIBUTE *attrs = genTemplate;
int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
CK_SESSION_HANDLE session;
@@ -1216,6 +1216,7 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
PRBool weird = PR_FALSE; /* hack for fortezza */
CK_BBOOL ckfalse = CK_FALSE;
CK_BBOOL cktrue = CK_TRUE;
+ CK_ULONG ck_key_size; /* only used for variable-length keys */
if ((keySize == -1) && (type == CKM_SKIPJACK_CBC64)) {
weird = PR_TRUE;
@@ -1227,9 +1228,9 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
? CKA_ENCRYPT : CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL)); attrs++;
if (keySize != 0) {
- CK_ULONG key_size = keySize; /* Convert to PK11 type */
+ ck_key_size = keySize; /* Convert to PK11 type */
- PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
+ PK11_SETATTRS(attrs, CKA_VALUE_LEN, &ck_key_size, sizeof(ck_key_size));
attrs++;
}
@@ -1242,6 +1243,8 @@ PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue)); attrs++;
}
+ PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(cktrue)); attrs++;
+
count = attrs - genTemplate;
PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
@@ -4052,6 +4055,49 @@ PK11_DigestFinal(PK11Context *context,unsigned char *data,
*
****************************************************************************/
+static void
+pk11_destroy_ck_pbe_params(CK_PBE_PARAMS *pbe_params)
+{
+ if (pbe_params) {
+ if (pbe_params->pPassword)
+ PORT_ZFree(pbe_params->pPassword, PR_FALSE);
+ if (pbe_params->pSalt)
+ PORT_ZFree(pbe_params->pSalt, PR_FALSE);
+ PORT_ZFree(pbe_params, PR_TRUE);
+ }
+}
+
+SECItem *
+PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations)
+{
+ CK_PBE_PARAMS *pbe_params = NULL;
+ SECItem *paramRV = NULL;
+ pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(sizeof(CK_PBE_PARAMS));
+ pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwd->len);
+ if (pbe_params->pPassword != NULL) {
+ PORT_Memcpy(pbe_params->pPassword, pwd->data, pwd->len);
+ pbe_params->ulPasswordLen = pwd->len;
+ } else goto loser;
+ pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(salt->len);
+ if (pbe_params->pSalt != NULL) {
+ PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len);
+ pbe_params->ulSaltLen = salt->len;
+ } else goto loser;
+ pbe_params->ulIteration = (CK_ULONG)iterations;
+ paramRV = SECITEM_AllocItem(NULL, NULL, sizeof(CK_PBE_PARAMS));
+ paramRV->data = (unsigned char *)pbe_params;
+ return paramRV;
+loser:
+ pk11_destroy_ck_pbe_params(pbe_params);
+ return NULL;
+}
+
+void
+PK11_DestroyPBEParams(SECItem *params)
+{
+ pk11_destroy_ck_pbe_params((CK_PBE_PARAMS *)params->data);
+}
+
SECAlgorithmID *
PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt)
{
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index 315c86585..bccb38ac0 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -2829,6 +2829,9 @@ PK11_GetKeyGen(CK_MECHANISM_TYPE type)
return CKM_GENERIC_SECRET_KEY_GEN;
case CKM_PBE_MD2_DES_CBC:
case CKM_PBE_MD5_DES_CBC:
+ case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+ case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+ case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
index 121aaa2a7..a8ee8eeba 100644
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -76,7 +76,7 @@ static PRBool secmod_ModuleHasRoots(SECMODModule *module)
*/
static char *dllnames[]= {
-#if defined(XP_WIN32)
+#if defined(XP_WIN32) || defined(XP_OS2)
"nssckbi.dll",
"roots.dll",
"netckbi.dll",
@@ -232,6 +232,12 @@ SECMOD_GetInternalModule(void) {
void
SECMOD_SetInternalModule( SECMODModule *mod) {
internalModule = SECMOD_ReferenceModule(mod);
+ modules = SECMOD_NewModuleListElement();
+ modules->module = SECMOD_ReferenceModule(mod);
+ modules->next = NULL;
+ if (!moduleLock) {
+ moduleLock = SECMOD_NewListLock();
+ }
}
/*
diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c
index 9abae13c8..076e722ec 100644
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -1152,14 +1152,16 @@ static SECStatus
sec_pkcs12_decoder_verify_mac(SEC_PKCS12DecoderContext *p12dcx)
{
SECStatus rv = SECFailure;
- PBEBitGenContext *pbeCtxt = NULL;
- SECItem *hmacKey = NULL, hmacRes;
+ SECItem hmacRes;
unsigned char buf[IN_BUF_LEN];
unsigned int bufLen;
int iteration;
PK11Context *pk11cx;
- SECOidTag algtag;
SECItem ignore = {0};
+ PK11SymKey *symKey;
+ SECItem *params;
+ SECOidTag algtag;
+ CK_MECHANISM_TYPE integrityMech;
if(!p12dcx || p12dcx->error) {
return SECFailure;
@@ -1171,28 +1173,28 @@ sec_pkcs12_decoder_verify_mac(SEC_PKCS12DecoderContext *p12dcx)
} else {
iteration = 1;
}
- pbeCtxt = PBE_CreateContext(SECOID_GetAlgorithmTag(
- &p12dcx->macData.safeMac.digestAlgorithm),
- pbeBitGenIntegrityKey, p12dcx->pwitem,
- &p12dcx->macData.macSalt, 160, iteration);
- if(!pbeCtxt) {
- return SECFailure;
- }
- hmacKey = PBE_GenerateBits(pbeCtxt);
- PBE_DestroyContext(pbeCtxt);
- pbeCtxt = NULL;
- if(!hmacKey) {
- return SECFailure;
+
+ params = PK11_CreatePBEParams(&p12dcx->macData.macSalt, p12dcx->pwitem,
+ iteration);
+
+ algtag = SECOID_GetAlgorithmTag(&p12dcx->macData.safeMac.digestAlgorithm);
+ switch (algtag) {
+ case SEC_OID_SHA1:
+ integrityMech = CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN; break;
+ case SEC_OID_MD5:
+ integrityMech = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN; break;
+ case SEC_OID_MD2:
+ integrityMech = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN; break;
+ default:
+ goto loser;
}
+ symKey = PK11_KeyGen(NULL, integrityMech, params, 20, NULL);
+ PK11_DestroyPBEParams(params);
+ if (!symKey) goto loser;
/* init hmac */
- algtag = SECOID_GetAlgorithmTag(&p12dcx->macData.safeMac.digestAlgorithm);
- pk11cx = PK11_CreateContextByRawKey(NULL,
- sec_pkcs12_algtag_to_mech(algtag),
- PK11_OriginDerive, CKA_SIGN,
- hmacKey, &ignore, NULL);
- SECITEM_ZfreeItem(hmacKey, PR_TRUE);
- hmacKey = NULL;
+ pk11cx = PK11_CreateContextBySymKey(sec_pkcs12_algtag_to_mech(algtag),
+ CKA_SIGN, symKey, &ignore);
if(!pk11cx) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
@@ -1247,10 +1249,6 @@ loser:
PK11_DestroyContext(pk11cx, PR_TRUE);
}
- if(hmacKey) {
- SECITEM_ZfreeItem(hmacKey, PR_TRUE);
- }
-
return rv;
}
diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c
index 4e6d76ebf..22ff31104 100644
--- a/security/nss/lib/pkcs12/p12e.c
+++ b/security/nss/lib/pkcs12/p12e.c
@@ -1660,9 +1660,11 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
/* init password pased integrity mode */
if(p12exp->integrityEnabled) {
- SECItem pwd = {siBuffer,NULL, 0}, *key;
+ SECItem pwd = {siBuffer,NULL, 0};
SECItem *salt = sec_pkcs12_generate_salt();
- PBEBitGenContext *pbeCtxt = NULL;
+ PK11SymKey *symKey;
+ SECItem *params;
+ CK_MECHANISM_TYPE integrityMech;
/* zero out macData and set values */
PORT_Memset(&p12enc->mac, 0, sizeof(sec_PKCS12MacData));
@@ -1676,7 +1678,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
}
- SECITEM_ZfreeItem(salt, PR_TRUE);
/* generate HMAC key */
if(!sec_pkcs12_convert_item_to_unicode(NULL, &pwd,
@@ -1684,25 +1685,32 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
PR_TRUE, PR_TRUE)) {
goto loser;
}
- pbeCtxt = PBE_CreateContext(p12exp->integrityInfo.pwdInfo.algorithm,
- pbeBitGenIntegrityKey, &pwd,
- &(p12enc->mac.macSalt), 160, 1);
+
+ params = PK11_CreatePBEParams(salt, &pwd, 1);
+ SECITEM_ZfreeItem(salt, PR_TRUE);
SECITEM_ZfreeItem(&pwd, PR_FALSE);
- if(!pbeCtxt) {
+
+ switch (p12exp->integrityInfo.pwdInfo.algorithm) {
+ case SEC_OID_SHA1:
+ integrityMech = CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN; break;
+ case SEC_OID_MD5:
+ integrityMech = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN; break;
+ case SEC_OID_MD2:
+ integrityMech = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN; break;
+ default:
goto loser;
}
- key = PBE_GenerateBits(pbeCtxt);
- PBE_DestroyContext(pbeCtxt);
- if(!key) {
+
+ symKey = PK11_KeyGen(NULL, integrityMech, params, 20, NULL);
+ PK11_DestroyPBEParams(params);
+ if(!symKey) {
goto loser;
}
/* initialize hmac */
- p12enc->hmacCx = PK11_CreateContextByRawKey(NULL,
+ p12enc->hmacCx = PK11_CreateContextBySymKey(
sec_pkcs12_algtag_to_mech(p12exp->integrityInfo.pwdInfo.algorithm),
- PK11_OriginDerive, CKA_SIGN,
- key, &ignore, NULL);
- SECITEM_ZfreeItem(key, PR_TRUE);
+ CKA_SIGN, symKey, &ignore);
if(!p12enc->hmacCx) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c
index 3edbab415..8fe5d9887 100644
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ b/security/nss/lib/smime/cmsrecinfo.c
@@ -361,7 +361,8 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
SECItem *enckey;
int error;
- ri->cert = cert; /* mark the recipientInfo so we can find it later */
+ ri->cert = CERT_DupCertificate(cert);
+ /* mark the recipientInfo so we can find it later */
switch (ri->recipientInfoType) {
case NSSCMSRecipientInfoID_KeyTrans:
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index e0a73fa2b..f336ff38d 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -406,6 +406,9 @@ static struct mechanismList mechanisms[] = {
{CKM_PBE_SHA1_RC2_128_CBC, {128,128, CKF_GENERATE}, PR_TRUE},
{CKM_PBE_SHA1_RC4_40, {40,40, CKF_GENERATE}, PR_TRUE},
{CKM_PBE_SHA1_RC4_128, {128,128, CKF_GENERATE}, PR_TRUE},
+ {CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, {1,32, CKF_GENERATE}, PR_TRUE},
+ {CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, {1,32, CKF_GENERATE}, PR_TRUE},
+ {CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, {1,32, CKF_GENERATE}, PR_TRUE},
};
static CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]);
/* load up our token database */
@@ -2108,6 +2111,18 @@ pk11_GetPrivKey(PK11Object *object,CK_KEY_TYPE key_type)
priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&pubKey,
(SECKEYGetPasswordKey) pk11_givePass,
object->slot);
+ if (!priv && pubKey.data[0] == 0) {
+ /* Because of legacy code issues, sometimes the public key has
+ * a '0' prepended to it, forcing it to be unsigned. The database
+ * may not store that '0', so remove it and try again.
+ */
+ SECItem tmpPubKey;
+ tmpPubKey.data = pubKey.data + 1;
+ tmpPubKey.len = pubKey.len - 1;
+ priv=SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(),&tmpPubKey,
+ (SECKEYGetPasswordKey) pk11_givePass,
+ object->slot);
+ }
if (pubKey.data) PORT_Free(pubKey.data);
/* don't 'cache' DB private keys */
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 8979b6dac..46c554617 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -1999,32 +1999,34 @@ pk11_HashSign(PK11HashSignInfo *info,unsigned char *sig,unsigned int *sigLen,
}
static SECStatus
-nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen,
+ void *dataBuf, unsigned int dataLen)
{
SECItem signature, digest;
+ SECKEYLowPublicKey *key = (SECKEYLowPublicKey *)ctx;
- signature.data = pSignature;
- signature.len = ulSignatureLen;
- digest.data = pData;
- digest.len = ulDataLen;
- return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest);
+ signature.data = (unsigned char *)sigBuf;
+ signature.len = sigLen;
+ digest.data = (unsigned char *)dataBuf;
+ digest.len = dataLen;
+ return DSA_VerifyDigest(&(key->u.dsa), &signature, &digest);
}
static SECStatus
-nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature,
- CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen,
- CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
+ unsigned int *sigLen, unsigned int maxSigLen,
+ void *dataBuf, unsigned int dataLen)
{
SECItem signature = { 0 }, digest;
SECStatus rv;
-
- (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen);
- digest.data = pData;
- digest.len = ulDataLen;
- rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest);
- *ulSignatureLen = signature.len;
- PORT_Memcpy(pSignature, signature.data, signature.len);
+ SECKEYLowPrivateKey *key = (SECKEYLowPrivateKey *)ctx;
+
+ (void)SECITEM_AllocItem(NULL, &signature, maxSigLen);
+ digest.data = (unsigned char *)dataBuf;
+ digest.len = dataLen;
+ rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
+ *sigLen = signature.len;
+ PORT_Memcpy(sigBuf, signature.data, signature.len);
SECITEM_FreeItem(&signature, PR_FALSE);
return rv;
}
@@ -2171,11 +2173,11 @@ finish_rsa:
crv = CKR_HOST_MEMORY;
break;
}
- context->cipherInfo = &(privKey->u.dsa);
+ context->cipherInfo = privKey;
context->update = (PK11Cipher) nsc_DSA_Sign_Stub;
- context->destroy = pk11_Null;
+ context->destroy = (privKey == key->objectInfo) ?
+ (PK11Destroy) pk11_Null:(PK11Destroy)pk11_FreePrivKey;
- if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey);
break;
case CKM_MD2_HMAC_GENERAL:
crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
@@ -2577,7 +2579,7 @@ finish_rsa:
crv = CKR_HOST_MEMORY;
break;
}
- context->cipherInfo = &(pubKey->u.dsa);
+ context->cipherInfo = pubKey;
context->verify = (PK11Verify) nsc_DSA_Verify_Stub;
context->destroy = pk11_Null;
break;
@@ -2830,6 +2832,40 @@ CK_RV NSC_GenerateRandom(CK_SESSION_HANDLE hSession,
**************************** Key Functions: ************************
*/
+CK_RV
+pk11_pbe_hmac_key_gen(CK_MECHANISM_PTR pMechanism, char *buf,
+ unsigned long *len, PRBool faultyPBE3DES)
+{
+ PBEBitGenContext *pbeCx;
+ SECItem pwd, salt, *key;
+ SECOidTag hashAlg;
+ unsigned long keylenbits;
+ CK_PBE_PARAMS *pbe_params = NULL;
+ pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
+ pwd.data = (unsigned char *)pbe_params->pPassword;
+ pwd.len = (unsigned int)pbe_params->ulPasswordLen;
+ salt.data = (unsigned char *)pbe_params->pSalt;
+ salt.len = (unsigned int)pbe_params->ulSaltLen;
+ switch (pMechanism->mechanism) {
+ case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+ hashAlg = SEC_OID_SHA1; keylenbits = 160; break;
+ case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+ hashAlg = SEC_OID_MD5; keylenbits = 128; break;
+ case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+ hashAlg = SEC_OID_MD2; keylenbits = 128; break;
+ default:
+ return CKR_MECHANISM_INVALID;
+ }
+ pbeCx = PBE_CreateContext(hashAlg, pbeBitGenIntegrityKey, &pwd,
+ &salt, keylenbits, pbe_params->ulIteration);
+ key = PBE_GenerateBits(pbeCx);
+ PORT_Memcpy(buf, key->data, key->len);
+ *len = key->len;
+ PBE_DestroyContext(pbeCx);
+ SECITEM_ZfreeItem(key, PR_TRUE);
+ return CKR_OK;
+}
+
/*
* generate a password based encryption key. This code uses
* PKCS5 to do the work. Note that it calls PBE_PK11ParamToAlgid, which is
@@ -3032,14 +3068,14 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
PK11Session *session;
PRBool checkWeak = PR_FALSE;
CK_ULONG key_length = 0;
- CK_KEY_TYPE key_type;
+ CK_KEY_TYPE key_type = -1;
CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
CK_RV crv = CKR_OK;
CK_BBOOL cktrue = CK_TRUE;
int i;
PK11Slot *slot = pk11_SlotFromSessionHandle(hSession);
char buf[MAX_KEY_LEN];
- enum {pk11_pbe, pk11_ssl, pk11_bulk} key_gen_type;
+ enum {pk11_pbe, pk11_pbe_hmac, pk11_ssl, pk11_bulk} key_gen_type;
SECOidTag algtag = SEC_OID_UNKNOWN;
SSL3RSAPreMasterSecret *rsa_pms;
CK_VERSION *version;
@@ -3104,6 +3140,12 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
break;
case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
faultyPBE3DES = PR_TRUE;
+ case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+ case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+ case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+ key_gen_type = pk11_pbe_hmac;
+ key_type = CKK_GENERIC_SECRET;
+ break;
case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
@@ -3136,10 +3178,18 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
if (crv != CKR_OK) { pk11_FreeObject(key); return crv; }
+ /* if there was no error,
+ * key_type *MUST* be set in the switch statement above */
+ PORT_Assert( key_type != -1 );
+
/*
* now to the actual key gen.
*/
switch (key_gen_type) {
+ case pk11_pbe_hmac:
+ crv = pk11_pbe_hmac_key_gen(pMechanism, buf, &key_length,
+ faultyPBE3DES);
+ break;
case pk11_pbe:
crv = pk11_pbe_key_gen(algtag, pMechanism, buf, &key_length,
faultyPBE3DES);
diff --git a/security/nss/lib/softoken/pkcs11t.h b/security/nss/lib/softoken/pkcs11t.h
index c626036c8..6cb3e74c4 100644
--- a/security/nss/lib/softoken/pkcs11t.h
+++ b/security/nss/lib/softoken/pkcs11t.h
@@ -1112,6 +1112,9 @@ typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006L
#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007L
#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008L
+#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009L
+#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aL
+#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bL
#define CKM_TLS_MASTER_KEY_DERIVE 0x80000371L
#define CKM_TLS_KEY_AND_MAC_DERIVE 0x80000372L
#define CKM_TLS_PRF_GENERAL 0x80000373L
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index d6da65fed..e9dd6f7b3 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -749,6 +749,17 @@ pk11_DestroyObject(PK11Object *object)
crv=pk11_Attribute2SecItem(NULL,&pubKey,object,CKA_NETSCAPE_DB);
if (crv != CKR_OK) break;
rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &pubKey);
+ if (rv != SECSuccess && pubKey.data[0] == 0) {
+ /* Because of legacy code issues, sometimes the public key
+ * has a '0' prepended to it, forcing it to be unsigned.
+ * The database may not store that '0', so remove it and
+ * try again.
+ */
+ SECItem tmpPubKey;
+ tmpPubKey.data = pubKey.data + 1;
+ tmpPubKey.len = pubKey.len - 1;
+ rv = SECKEY_DeleteKey(SECKEY_GetDefaultKeyDB(), &tmpPubKey);
+ }
if (rv != SECSuccess) crv= CKR_DEVICE_ERROR;
break;
case PK11_TOKEN_TYPE_CERT:
diff --git a/security/nss/lib/ssl/manifest.mn b/security/nss/lib/ssl/manifest.mn
index 038cff4d5..e76c516f1 100644
--- a/security/nss/lib/ssl/manifest.mn
+++ b/security/nss/lib/ssl/manifest.mn
@@ -60,7 +60,6 @@ CSRCS = \
sslenum.c \
sslerr.c \
sslgathr.c \
- sslmutex.c \
sslnonce.c \
sslreveal.c \
sslsecur.c \
diff --git a/security/nss/lib/ssl/ssl.def b/security/nss/lib/ssl/ssl.def
index 5c8712f69..0fee478ba 100644
--- a/security/nss/lib/ssl/ssl.def
+++ b/security/nss/lib/ssl/ssl.def
@@ -105,13 +105,3 @@ NSSSSL_VersionCheck;
;+ local:
;+*;
;+};
-;+NSS_3.3 { # NSS 3.3 release
-;+ global:
-;+# We have not yet decided whether these functions will be exported
-;-# in the final 3.3 release, so please treat them as exported private
-;-# functions for now.
-SSL_GetMaxServerCacheLocks;
-SSL_SetMaxServerCacheLocks;
-;+ local:
-;+*;
-;+};
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h
index 34a73c4e7..f1cab73eb 100644
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@@ -51,6 +51,8 @@
#define SSL_IMPORT extern
#endif
+SEC_BEGIN_PROTOS
+
/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
@@ -77,9 +79,6 @@ typedef struct SSL3StatisticsStr {
long hch_sid_cache_not_ok;
} SSL3Statistics;
-SEC_BEGIN_PROTOS
-
-
/*
** Imports fd into SSL, returning a new socket. Copies SSL configuration
** from model.
@@ -299,17 +298,6 @@ SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int maxCacheEntries,
PRUint32 ssl3_timeout,
const char * directory);
-/* Get and set the configured maximum number of mutexes used for the
-** server's store of SSL sessions. This value is used by the server
-** session ID cache initialization functions shown above. Note that on
-** some platforms, these mutexes are actually implemented with POSIX
-** semaphores, or with unnamed pipes. The default value varies by platform.
-** An attempt to set a too-low maximum will return an error and the
-** configured value will not be changed.
-*/
-SSL_IMPORT PRUint32 SSL_GetMaxServerCacheLocks(void);
-SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
-
/* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
* SSL_InheritMPServerSIDCache when envString is NULL.
*/
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index be252d7d6..9aca09ac2 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -2605,7 +2605,8 @@ ssl3_SendClientHello(sslSocket *ss)
!PK11_IsPresent(slot) ||
sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) ||
sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) ||
- sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) ) {
+ sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) ||
+ !PK11_IsLoggedIn(slot, NULL)) {
sidOK = PR_FALSE;
}
if (slot) {
diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c
index 181b03e59..1f0cd8efd 100644
--- a/security/nss/lib/ssl/sslcon.c
+++ b/security/nss/lib/ssl/sslcon.c
@@ -2531,7 +2531,7 @@ ssl2_HandleMessage(sslSocket *ss)
goto bad_peer;
}
- if (gs->recordLen - 1 != SSL2_SESSIONID_BYTES) {
+ if (gs->recordLen - 1 != SSL_SESSIONID_BYTES) {
SSL_DBG(("%d: SSL[%d]: bad server-finished message, len=%d",
SSL_GETPID(), ss->fd, gs->recordLen));
goto bad_peer;
@@ -3549,7 +3549,7 @@ ssl2_HandleClientHelloMessage(sslSocket *ss)
/* Invent a session-id */
ci->sid = sid;
- PK11_GenerateRandom(sid->u.ssl2.sessionID+2, SSL2_SESSIONID_BYTES-2);
+ PK11_GenerateRandom(sid->u.ssl2.sessionID+2, SSL_SESSIONID_BYTES-2);
pid = SSL_GETPID();
sid->u.ssl2.sessionID[0] = MSB(pid);
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index c4e68a4c9..98beb5097 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -113,7 +113,7 @@ typedef enum { SSLAppOpRead = 0,
#define SSL_MIN_MASTER_KEY_BYTES 5
#define SSL_MAX_MASTER_KEY_BYTES 64
-#define SSL2_SESSIONID_BYTES 16
+#define SSL_SESSIONID_BYTES 16
#define SSL3_SESSIONID_BYTES 32
#define SSL_MIN_CHALLENGE_BYTES 16
@@ -208,7 +208,7 @@ struct sslBufferStr {
** SSL3 cipher suite policy and preference struct.
*/
typedef struct {
-#if !defined(_WIN32)
+#ifdef AIX
unsigned int cipher_suite : 16;
unsigned int policy : 8;
unsigned int enabled : 1;
@@ -711,7 +711,7 @@ struct sslSessionIDStr {
union {
struct {
/* the V2 code depends upon the size of sessionID. */
- unsigned char sessionID[SSL2_SESSIONID_BYTES];
+ unsigned char sessionID[SSL_SESSIONID_BYTES];
/* Stuff used to recreate key and read/write cipher objects */
SECItem masterKey;
@@ -1247,11 +1247,8 @@ void ssl_Trace(const char *format, ...);
SEC_END_PROTOS
-#if defined(XP_UNIX)
+#ifdef XP_UNIX
#define SSL_GETPID() getpid()
-#elif defined(WIN32)
-/* #define SSL_GETPID() GetCurrentProcessId() */
-#define SSL_GETPID() _getpid()
#else
#define SSL_GETPID() 0
#endif
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
index 4a32012e1..79e6c24c8 100644
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -44,9 +44,7 @@
#include "sslproto.h"
#include "nssilock.h"
#include "nsslocks.h"
-#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS)
-#include <time.h>
-#endif
+
PRUint32 ssl_sid_timeout = 100;
PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */
@@ -339,19 +337,14 @@ SSL_ClearSessionCache(void)
PRUint32
ssl_Time(void)
{
- PRUint32 myTime;
-#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS)
- myTime = time(NULL); /* accurate until the year 2038. */
-#else
- /* portable, but possibly slower */
PRTime now;
PRInt64 ll;
+ PRUint32 time;
now = PR_Now();
LL_I2L(ll, 1000000L);
LL_DIV(now, now, ll);
- LL_L2UI(myTime, now);
-#endif
- return myTime;
+ LL_L2UI(time, now);
+ return time;
}
diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c
index 306838a41..676f7ebf4 100644
--- a/security/nss/lib/ssl/sslsecur.c
+++ b/security/nss/lib/ssl/sslsecur.c
@@ -935,12 +935,6 @@ ssl_SecureClose(sslSocket *ss)
!ss->recvdCloseNotify &&
(ss->ssl3 != NULL)) {
- /* We don't want the final alert to be Nagle delayed. */
- if (!ss->delayDisabled) {
- ssl_EnableNagleDelay(ss, PR_FALSE);
- ss->delayDisabled = 1;
- }
-
(void) SSL3_SendAlert(ss, alert_warning, close_notify);
}
rv = ssl_DefClose(ss);
@@ -1239,7 +1233,7 @@ SSL_GetSessionID(PRFileDesc *fd)
sid = ss->sec->ci.sid;
item = (SECItem *)PORT_Alloc(sizeof(SECItem));
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
- item->len = SSL2_SESSIONID_BYTES;
+ item->len = SSL_SESSIONID_BYTES;
item->data = (unsigned char*)PORT_Alloc(item->len);
PORT_Memcpy(item->data, sid->u.ssl2.sessionID, item->len);
} else {
diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c
index 9100d740b..28a2f3812 100644
--- a/security/nss/lib/ssl/sslsnce.c
+++ b/security/nss/lib/ssl/sslsnce.c
@@ -43,33 +43,42 @@
* All processes that are part of the same conceptual server (serving on
* the same address and port) MUST share a common SSL session cache.
* This code makes the content of the shared cache accessible to all
- * processes on the same "server". This code works on Unix and Win32 only.
+ * processes on the same "server". This code works on Unix and Win32 only,
+ * and is platform specific.
*
- * We use NSPR anonymous shared memory and move data to & from shared memory.
- * We must do explicit locking of the records for all reads and writes.
- * The set of Cache entries are divided up into "sets" of 128 entries.
- * Each set is protected by a lock. There may be one or more sets protected
- * by each lock. That is, locks to sets are 1:N.
- * There is one lock for the entire cert cache.
- * There is one lock for the set of wrapped sym wrap keys.
+ * Unix: Multiple processes share a single (inherited) FD for a disk
+ * file all share one single file position. If one lseeks, the position for
+ * all processes is changed. Since the set of platforms we support do not
+ * all share portable lseek-and-read or lseek-and-write functions, a global
+ * lock must be used to make the lseek call and the subsequent read or write
+ * call be one atomic operation. It is no longer necessary for cache element
+ * sizes to be a power of 2, or a multiple of a sector size.
*
- * The anonymous shared memory is laid out as if it were declared like this:
+ * For Win32, where (a) disk I/O is not atomic, and (b) we use memory-mapped
+ * files and move data to & from memory instead of calling read or write,
+ * we must do explicit locking of the records for all reads and writes.
+ * We have just one lock, for the entire file, using an NT semaphore.
+ * We avoid blocking on "local threads" since it's bad to block on a local
+ * thread - If NSPR offered portable semaphores, it would handle this itself.
*
- * struct {
- * cacheDescriptor desc;
- * sidCacheLock sidCacheLocks[ numSIDCacheLocks];
- * sidCacheLock keyCacheLock;
- * sidCacheLock certCacheLock;
- * sidCacheSet sidCacheSets[ numSIDCacheSets ];
- * sidCacheEntry sidCacheData[ numSIDCacheEntries];
- * certCacheEntry certCacheData[numCertCacheEntries];
- * SSLWrappedSymWrappingKey keyCacheData[kt_kea_size][SSL_NUM_WRAP_MECHS];
- * } sharedMemCacheData;
+ * Since this file has to do lots of platform specific I/O, the system
+ * dependent error codes need to be mapped back into NSPR error codes.
+ * Since NSPR's error mapping functions are private, the code is necessarily
+ * duplicated in libSSL.
+ *
+ * Note, now that NSPR provides portable anonymous shared memory, for all
+ * platforms except Mac, the implementation below should be replaced with
+ * one that uses anonymous shared memory ASAP. This will eliminate most
+ * platform dependent code in this file, and improve performance big time.
+ *
+ * Now that NSPR offers portable cross-process locking (semaphores) on Unix
+ * and Win32, semaphores should be used here for all platforms.
*/
#include "nssrenam.h"
#include "seccomon.h"
#if defined(XP_UNIX) || defined(XP_WIN32)
+#ifndef NADA_VERISON
#include "cert.h"
#include "ssl.h"
@@ -86,10 +95,12 @@
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
-#include <signal.h>
#include "unix_err.h"
#else /* XP_WIN32 */
+#ifdef MC_HTTPD
+#include <ereport.h>
+#endif /* MC_HTTPD */
#include <wtypes.h>
#include "win32err.h"
#endif /* XP_WIN32 */
@@ -99,297 +110,615 @@
#include "nspr.h"
#include "nsslocks.h"
-#include "sslmutex.h"
+
+static PZLock *cacheLock;
+
+/*
+** The server session-id cache uses a simple flat cache. The cache is
+** sized during initialization. We hash the ip-address + session-id value
+** into an index into the cache and do the lookup. No buckets, nothing
+** fancy.
+*/
+
+static PRBool isMultiProcess = PR_FALSE;
+
+static PRUint32 numSIDCacheEntries = 10000;
+static PRUint32 sidCacheFileSize;
+static PRUint32 sidCacheWrapOffset;
+
+static PRUint32 numCertCacheEntries = 250;
+static PRUint32 certCacheFileSize;
+
+#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
+
/*
-** Format of a cache entry in the shared memory.
+** Format of a cache entry.
*/
-struct sidCacheEntryStr {
-/* 16 */ PRIPv6Addr addr; /* client's IP address */
-/* 4 */ PRUint32 time; /* expiration time of this entry */
-/* 2 */ PRUint16 version;
-/* 1 */ PRUint8 valid;
-/* 1 */ PRUint8 sessionIDLength;
-/* 32 */ PRUint8 sessionID[SSL3_SESSIONID_BYTES];
-/* 56 - common header total */
+typedef struct SIDCacheEntryStr SIDCacheEntry;
+struct SIDCacheEntryStr {
+ PRIPv6Addr addr;
+ PRUint32 time;
union {
struct {
-/* 64 */ PRUint8 masterKey[SSL_MAX_MASTER_KEY_BYTES];
-/* 32 */ PRUint8 cipherArg[SSL_MAX_CYPHER_ARG_BYTES];
+ /* This is gross. We have to have version and valid in both arms
+ * of the union for alignment reasons. This probably won't work
+ * on a 64-bit machine. XXXX
+ */
+/* 2 */ uint16 version;
+/* 1 */ unsigned char valid;
+/* 1 */ unsigned char cipherType;
+
+/* 16 */ unsigned char sessionID[SSL_SESSIONID_BYTES];
+/* 64 */ unsigned char masterKey[SSL_MAX_MASTER_KEY_BYTES];
+/* 32 */ unsigned char cipherArg[SSL_MAX_CYPHER_ARG_BYTES];
-/* 1 */ PRUint8 cipherType;
-/* 1 */ PRUint8 masterKeyLen;
-/* 1 */ PRUint8 keyBits;
-/* 1 */ PRUint8 secretKeyBits;
-/* 1 */ PRUint8 cipherArgLen;
-/*101 */} ssl2;
+/* 1 */ unsigned char masterKeyLen;
+/* 1 */ unsigned char keyBits;
+
+/* 1 */ unsigned char secretKeyBits;
+/* 1 */ unsigned char cipherArgLen;
+/*120 */} ssl2;
struct {
-/* 2 */ ssl3CipherSuite cipherSuite;
-/* 2 */ PRUint16 compression; /* SSL3CompressionMethod */
+/* 2 */ uint16 version;
+/* 1 */ unsigned char valid;
+/* 1 */ uint8 sessionIDLength;
-/*122 */ ssl3SidKeys keys; /* keys and ivs, wrapped as needed. */
-/* 1 */ PRUint8 hasFortezza;
-/* 1 */ PRUint8 resumable;
+/* 32 */ unsigned char sessionID[SSL3_SESSIONID_BYTES];
-/* 4 */ PRUint32 masterWrapMech;
-/* 4 */ SSL3KEAType exchKeyType;
-/* 4 */ PRInt32 certIndex;
-/*140 */} ssl3;
-#if defined(LINUX)
+/* 2 */ ssl3CipherSuite cipherSuite;
+/* 2 */ uint16 compression; /* SSL3CompressionMethod */
+
+/*122 */ ssl3SidKeys keys; /* keys and ivs, wrapped as needed. */
+/* 4 */ PRUint32 masterWrapMech;
+/* 4 */ SSL3KEAType exchKeyType;
+
+/* 2 */ int16 certIndex;
+/* 1 */ uint8 hasFortezza;
+/* 1 */ uint8 resumable;
+ } ssl3;
+ /* We can't make this struct fit in 128 bytes
+ * so, force the struct size up to the next power of two.
+ */
struct {
- PRUint8 filler[144];
- } forceSize;
-#endif
+ unsigned char filler[256 - sizeof(PRIPv6Addr) - sizeof(PRUint32)];
+ } force256;
} u;
};
-typedef struct sidCacheEntryStr sidCacheEntry;
+typedef struct CertCacheEntryStr CertCacheEntry;
+
/* The length of this struct is supposed to be a power of 2, e.g. 4KB */
-struct certCacheEntryStr {
- PRUint16 certLength; /* 2 */
- PRUint16 sessionIDLength; /* 2 */
- PRUint8 sessionID[SSL3_SESSIONID_BYTES]; /* 32 */
- PRUint8 cert[SSL_MAX_CACHED_CERT_LEN]; /* 4060 */
+struct CertCacheEntryStr {
+ uint16 certLength; /* 2 */
+ uint16 sessionIDLength; /* 2 */
+ unsigned char sessionID[SSL3_SESSIONID_BYTES]; /* 32 */
+ unsigned char cert[SSL_MAX_CACHED_CERT_LEN]; /* 4060 */
}; /* total 4096 */
-typedef struct certCacheEntryStr certCacheEntry;
-struct sidCacheLockStr {
- PRUint32 timeStamp;
- sslMutex mutex;
- sslPID pid;
-};
-typedef struct sidCacheLockStr sidCacheLock;
-
-struct sidCacheSetStr {
- PRIntn next;
-};
-typedef struct sidCacheSetStr sidCacheSet;
-struct cacheDescStr {
+static void IOError(int rv, char *type);
+static PRUint32 Offset(const PRIPv6Addr *addr, unsigned char *s, unsigned nl);
+static void Invalidate(SIDCacheEntry *sce);
+/************************************************************************/
- PRUint32 sharedMemSize;
+static const char envVarName[] = { SSL_ENV_VAR_NAME };
- PRUint32 numSIDCacheLocks;
- PRUint32 numSIDCacheSets;
- PRUint32 numSIDCacheSetsPerLock;
+#ifdef _WIN32
- PRUint32 numSIDCacheEntries;
- PRUint32 sidCacheSize;
+struct winInheritanceStr {
+ PRUint32 numSIDCacheEntries;
+ PRUint32 sidCacheFileSize;
+ PRUint32 sidCacheWrapOffset;
+ PRUint32 numCertCacheEntries;
+ PRUint32 certCacheFileSize;
+
+ DWORD parentProcessID;
+ HANDLE parentProcessHandle;
+ HANDLE SIDCacheFDMAP;
+ HANDLE certCacheFDMAP;
+ HANDLE svrCacheSem;
+};
+typedef struct winInheritanceStr winInheritance;
- PRUint32 numCertCacheEntries;
- PRUint32 certCacheSize;
+static HANDLE svrCacheSem = INVALID_HANDLE_VALUE;
- PRUint32 numKeyCacheEntries;
- PRUint32 keyCacheSize;
+static char * SIDCacheData = NULL;
+static HANDLE SIDCacheFD = INVALID_HANDLE_VALUE;
+static HANDLE SIDCacheFDMAP = INVALID_HANDLE_VALUE;
- PRUint32 ssl2Timeout;
- PRUint32 ssl3Timeout;
+static char * certCacheData = NULL;
+static HANDLE certCacheFD = INVALID_HANDLE_VALUE;
+static HANDLE certCacheFDMAP = INVALID_HANDLE_VALUE;
- /* These values are volatile, and are accessed through sharedCache-> */
- PRUint32 nextCertCacheEntry; /* certCacheLock protects */
- PRBool stopPolling;
+static PRUint32 myPid;
- /* The private copies of these values are pointers into shared mem */
- /* The copies of these values in shared memory are merely offsets */
- sidCacheLock * sidCacheLocks;
- sidCacheLock * keyCacheLock;
- sidCacheLock * certCacheLock;
- sidCacheSet * sidCacheSets;
- sidCacheEntry * sidCacheData;
- certCacheEntry * certCacheData;
- SSLWrappedSymWrappingKey * keyCacheData;
+/* The presence of the TRUE element in this struct makes the semaphore
+ * inheritable. The NULL means use process's default security descriptor.
+ */
+static SECURITY_ATTRIBUTES semaphoreAttributes =
+ { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
- /* Only the private copies of these pointers are valid */
- char * sharedMem;
- struct cacheDescStr * sharedCache; /* shared copy of this struct */
- PRFileMap * cacheMemMap;
- PRThread * poller;
-};
-typedef struct cacheDescStr cacheDesc;
+static SECURITY_ATTRIBUTES sidCacheFDMapAttributes =
+ { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
-static cacheDesc globalCache;
+static SECURITY_ATTRIBUTES certCacheFDMapAttributes =
+ { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
-static const char envVarName[] = { SSL_ENV_VAR_NAME };
+#define DEFAULT_CACHE_DIRECTORY "\\temp"
-static PRBool isMultiProcess = PR_FALSE;
+static SECStatus
+createServerCacheSemaphore(void)
+{
+ PR_ASSERT(svrCacheSem == INVALID_HANDLE_VALUE);
+
+ /* inheritable, starts signalled, 1 signal max, no file name. */
+ svrCacheSem = CreateSemaphore(&semaphoreAttributes, 1, 1, NULL);
+ if (svrCacheSem == NULL) {
+ svrCacheSem = INVALID_HANDLE_VALUE;
+ /* We could get the error code, but what could be do with it ? */
+ nss_MD_win32_map_default_error(GetLastError());
+ return SECFailure;
+ }
+ return SECSuccess;
+}
+static SECStatus
+_getServerCacheSemaphore(void)
+{
+ DWORD event;
+ DWORD lastError;
+ SECStatus rv;
-#define DEF_SID_CACHE_ENTRIES 10000
-#define DEF_CERT_CACHE_ENTRIES 250
-#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
-#define DEF_KEY_CACHE_ENTRIES 250
+ PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
+ if (svrCacheSem == INVALID_HANDLE_VALUE &&
+ SECSuccess != createServerCacheSemaphore()) {
+ return SECFailure; /* what else ? */
+ }
+ event = WaitForSingleObject(svrCacheSem, INFINITE);
+ switch (event) {
+ case WAIT_OBJECT_0:
+ case WAIT_ABANDONED:
+ rv = SECSuccess;
+ break;
+
+ case WAIT_TIMEOUT:
+ case WAIT_IO_COMPLETION:
+ default: /* should never happen. nothing we can do. */
+ PR_ASSERT(("WaitForSingleObject returned invalid value.", 0));
+ /* fall thru */
+
+ case WAIT_FAILED: /* failure returns this */
+ rv = SECFailure;
+ lastError = GetLastError(); /* for debugging */
+ nss_MD_win32_map_default_error(lastError);
+ break;
+ }
+ return rv;
+}
-#define SID_CACHE_ENTRIES_PER_SET 128
-#define SID_ALIGNMENT 16
+static void
+_doGetServerCacheSemaphore(void * arg)
+{
+ SECStatus * rv = (SECStatus *)arg;
+ *rv = _getServerCacheSemaphore();
+}
-#define DEF_SSL2_TIMEOUT 100 /* seconds */
-#define MAX_SSL2_TIMEOUT 100 /* seconds */
-#define MIN_SSL2_TIMEOUT 5 /* seconds */
+static SECStatus
+getServerCacheSemaphore(void)
+{
+ PRThread * selectThread;
+ PRThread * me = PR_GetCurrentThread();
+ PRThreadScope scope = PR_GetThreadScope(me);
+ SECStatus rv = SECFailure;
-#define DEF_SSL3_TIMEOUT 86400L /* 24 hours */
-#define MAX_SSL3_TIMEOUT 86400L /* 24 hours */
-#define MIN_SSL3_TIMEOUT 5 /* seconds */
+ if (scope == PR_GLOBAL_THREAD) {
+ rv = _getServerCacheSemaphore();
+ } else {
+ selectThread = PR_CreateThread(PR_USER_THREAD,
+ _doGetServerCacheSemaphore, &rv,
+ PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD, 0);
+ if (selectThread != NULL) {
+ /* rv will be set by _doGetServerCacheSemaphore() */
+ PR_JoinThread(selectThread);
+ }
+ }
+ return rv;
+}
-#if defined(AIX) || defined(LINUX)
-#define MAX_SID_CACHE_LOCKS 8 /* two FDs per lock */
-#elif defined(OSF1)
-#define MAX_SID_CACHE_LOCKS 16 /* one FD per lock */
-#else
-#define MAX_SID_CACHE_LOCKS 256
-#endif
+static SECStatus
+releaseServerCacheSemaphore(void)
+{
+ BOOL success = FALSE;
-#define SID_HOWMANY(val, size) (((val) + ((size) - 1)) / (size))
-#define SID_ROUNDUP(val, size) ((size) * SID_HOWMANY((val), (size)))
+ PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
+ if (svrCacheSem != INVALID_HANDLE_VALUE) {
+ /* Add 1, don't want previous value. */
+ success = ReleaseSemaphore(svrCacheSem, 1, NULL);
+ }
+ if (!success) {
+ nss_MD_win32_map_default_error(GetLastError());
+ return SECFailure;
+ }
+ return SECSuccess;
+}
+static void
+destroyServerCacheSemaphore(void)
+{
+ PR_ASSERT(svrCacheSem != INVALID_HANDLE_VALUE);
+ if (svrCacheSem != INVALID_HANDLE_VALUE) {
+ CloseHandle(svrCacheSem);
+ /* ignore error */
+ svrCacheSem = INVALID_HANDLE_VALUE;
+ }
+}
-static sslPID myPid;
-static PRUint32 ssl_max_sid_cache_locks = MAX_SID_CACHE_LOCKS;
+#define GET_SERVER_CACHE_READ_LOCK(fd, offset, size) \
+ if (isMultiProcess) getServerCacheSemaphore();
-/* forward static function declarations */
-static void IOError(int rv, char *type);
-static PRUint32 SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl);
-static SECStatus LaunchLockPoller(cacheDesc *cache);
+#define GET_SERVER_CACHE_WRITE_LOCK(fd, offset, size) \
+ if (isMultiProcess) getServerCacheSemaphore();
+#define RELEASE_SERVER_CACHE_LOCK(fd, offset, size) \
+ if (isMultiProcess) releaseServerCacheSemaphore();
+#endif /* _win32 */
+/************************************************************************/
-struct inheritanceStr {
- PRUint32 sharedMemSize;
- PRUint16 fmStrLen;
-};
+#ifdef XP_UNIX
+static int SIDCacheFD = -1;
+static int certCacheFD = -1;
-typedef struct inheritanceStr inheritance;
+static pid_t myPid;
-#ifdef _WIN32
+struct unixInheritanceStr {
+ PRUint32 numSIDCacheEntries;
+ PRUint32 sidCacheFileSize;
+ PRUint32 sidCacheWrapOffset;
+ PRUint32 numCertCacheEntries;
+ PRUint32 certCacheFileSize;
-#define DEFAULT_CACHE_DIRECTORY "\\temp"
+ PRInt32 SIDCacheFD;
+ PRInt32 certCacheFD;
+};
-#endif /* _win32 */
+typedef struct unixInheritanceStr unixInheritance;
-#ifdef XP_UNIX
#define DEFAULT_CACHE_DIRECTORY "/tmp"
-#endif /* XP_UNIX */
-
-
-/************************************************************************/
-
+#ifdef TRACE
static void
-IOError(int rv, char *type)
+fcntlFailed(struct flock *lock)
{
-#ifdef XP_UNIX
- syslog(LOG_ALERT,
- "SSL: %s error with session-id cache, pid=%d, rv=%d, error='%m'",
- type, myPid, rv);
-#else /* XP_WIN32 */
- /* wish win32 had something like syslog() */
-#endif /* XP_UNIX */
+ fprintf(stderr,
+ "fcntl failed, errno = %d, PR_GetError = %d, lock.l_type = %d\n",
+ errno, PR_GetError(), lock->l_type);
+ fflush(stderr);
+}
+#define FCNTL_FAILED(lock) fcntlFailed(lock)
+#else
+#define FCNTL_FAILED(lock)
+#endif
+
+/* NOTES: Because there are no atomic seek-and-read and seek-and-write
+** functions that are supported on all our UNIX platforms, we need
+** to prevent all simultaeous seek-and-read operations. For that reason,
+** we use mutually exclusive (write) locks for read and write operations,
+** and use them all at the same offset (zero).
+*/
+static SECStatus
+_getServerCacheLock(int fd, short type, PRUint32 offset, PRUint32 size)
+{
+ int result;
+ struct flock lock;
+
+ memset(&lock, 0, sizeof lock);
+ lock.l_type = /* type */ F_WRLCK;
+ lock.l_whence = SEEK_SET; /* absolute file offsets. */
+ lock.l_start = 0;
+ lock.l_len = 128;
+
+#ifdef TRACE
+ if (ssl_trace) {
+ fprintf(stderr, "%d: %s lock, offset %8x, size %4d\n", myPid,
+ (type == F_RDLCK) ? "read " : "write", offset, size);
+ fflush(stderr);
+ }
+#endif
+ result = fcntl(fd, F_SETLKW, &lock);
+ if (result == -1) {
+ nss_MD_unix_map_default_error(errno);
+ FCNTL_FAILED(&lock);
+ return SECFailure;
+ }
+#ifdef TRACE
+ if (ssl_trace) {
+ fprintf(stderr, "%d: got lock, offset %8x, size %4d\n",
+ myPid, offset, size);
+ fflush(stderr);
+ }
+#endif
+ return SECSuccess;
}
-static PRUint32
-LockSidCacheLock(sidCacheLock *lock, PRUint32 now)
+typedef struct sslLockArgsStr {
+ PRUint32 offset;
+ PRUint32 size;
+ PRErrorCode err;
+ SECStatus rv;
+ int fd;
+ short type;
+} sslLockArgs;
+
+static void
+_doGetServerCacheLock(void * arg)
{
- SECStatus rv = sslMutex_Lock(&lock->mutex);
- if (rv != SECSuccess)
- return 0;
- if (!now)
- now = ssl_Time();
- lock->timeStamp = now;
- lock->pid = myPid;
- return now;
+ sslLockArgs * args = (sslLockArgs *)arg;
+ args->rv = _getServerCacheLock(args->fd, args->type, args->offset,
+ args->size );
+ if (args->rv != SECSuccess) {
+ args->err = PR_GetError();
+ }
}
static SECStatus
-UnlockSidCacheLock(sidCacheLock *lock)
+getServerCacheLock(int fd, short type, PRUint32 offset, PRUint32 size)
{
- SECStatus rv;
+ PRThread * selectThread;
+ PRThread * me = PR_GetCurrentThread();
+ PRThreadScope scope = PR_GetThreadScope(me);
+ SECStatus rv = SECFailure;
- lock->pid = 0;
- rv = sslMutex_Unlock(&lock->mutex);
+ if (scope == PR_GLOBAL_THREAD) {
+ rv = _getServerCacheLock(fd, type, offset, size);
+ } else {
+ /* Ib some platforms, one thread cannot read local/automatic
+ ** variables from another thread's stack. So, get this space
+ ** from the heap, not the stack.
+ */
+ sslLockArgs * args = PORT_New(sslLockArgs);
+
+ if (!args)
+ return rv;
+
+ args->offset = offset;
+ args->size = size;
+ args->rv = SECFailure;
+ args->fd = fd;
+ args->type = type;
+ selectThread = PR_CreateThread(PR_USER_THREAD,
+ _doGetServerCacheLock, args,
+ PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_JOINABLE_THREAD, 0);
+ if (selectThread != NULL) {
+ /* rv will be set by _doGetServerCacheLock() */
+ PR_JoinThread(selectThread);
+ rv = args->rv;
+ if (rv != SECSuccess) {
+ PORT_SetError(args->err);
+ }
+ }
+ PORT_Free(args);
+ }
return rv;
}
-/* returns the value of ssl_Time on success, zero on failure. */
-static PRUint32
-LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now)
+static SECStatus
+releaseServerCacheLock(int fd, PRUint32 offset, PRUint32 size)
{
- PRUint32 lockNum = set % cache->numSIDCacheLocks;
- sidCacheLock * lock = cache->sidCacheLocks + lockNum;
-
- return LockSidCacheLock(lock, now);
+ int result;
+ struct flock lock;
+
+ memset(&lock, 0, sizeof lock);
+ lock.l_type = F_UNLCK;
+ lock.l_whence = SEEK_SET; /* absolute file offsets. */
+ lock.l_start = 0;
+ lock.l_len = 128;
+
+#ifdef TRACE
+ if (ssl_trace) {
+ fprintf(stderr, "%d: unlock, offset %8x, size %4d\n",
+ myPid, offset, size);
+ fflush(stderr);
+ }
+#endif
+ result = fcntl(fd, F_SETLK, &lock);
+ if (result == -1) {
+ nss_MD_unix_map_default_error(errno);
+ FCNTL_FAILED(&lock);
+ return SECFailure;
+ }
+ return SECSuccess;
}
-static SECStatus
-UnlockSet(cacheDesc *cache, PRUint32 set)
+
+/* these defines take the arguments needed to do record locking,
+ * however the present implementation does only file locking.
+ */
+
+#define GET_SERVER_CACHE_READ_LOCK( fd, offset, size) \
+ if (isMultiProcess) getServerCacheLock(fd, F_RDLCK, offset, size);
+
+#define GET_SERVER_CACHE_WRITE_LOCK(fd, offset, size) \
+ if (isMultiProcess) getServerCacheLock(fd, F_WRLCK, offset, size);
+
+#define RELEASE_SERVER_CACHE_LOCK( fd, offset, size) \
+ if (isMultiProcess) releaseServerCacheLock(fd, offset, size);
+
+/*
+** Zero a file out to nb bytes
+*/
+static SECStatus
+ZeroFile(int fd, int nb)
{
- PRUint32 lockNum = set % cache->numSIDCacheLocks;
- sidCacheLock * lock = cache->sidCacheLocks + lockNum;
+ off_t off;
+ int amount, rv;
+ char buf[16384];
+
+ PORT_Memset(buf, 0, sizeof(buf));
+ off = lseek(fd, 0, SEEK_SET);
+ if (off != 0) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_FILE_SEEK_ERROR);
+ return SECFailure;
+ }
- return UnlockSidCacheLock(lock);
+ while (nb > 0) {
+ amount = (nb > sizeof buf) ? sizeof buf : nb;
+ rv = write(fd, buf, amount);
+ if (rv <= 0) {
+ if (!rv)
+ PORT_SetError(PR_IO_ERROR);
+ else
+ nss_MD_unix_map_write_error(errno);
+ IOError(rv, "zero-write");
+ return SECFailure;
+ }
+ nb -= rv;
+ }
+ return SECSuccess;
}
-/************************************************************************/
+#endif /* XP_UNIX */
+
+/************************************************************************/
-/* Put a certificate in the cache. Update the cert index in the sce.
+/*
+** Reconstitute a cert from the cache
+** This is only called from ConvertToSID().
+** Caller must hold the cache lock before calling this.
*/
-static PRUint32
-CacheCert(cacheDesc * cache, CERTCertificate *cert, sidCacheEntry *sce)
+static CERTCertificate *
+GetCertFromCache(SIDCacheEntry *sce, CERTCertDBHandle *dbHandle)
{
- PRUint32 now;
- certCacheEntry cce;
+ CERTCertificate *cert;
+ PRUint32 offset;
+ int rv;
+#ifdef XP_UNIX
+ off_t off;
+#endif
+ SECItem derCert;
+ CertCacheEntry cce;
- if ((cert->derCert.len > SSL_MAX_CACHED_CERT_LEN) ||
- (cert->derCert.len <= 0) ||
- (cert->derCert.data == NULL)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return 0;
+ offset = (PRUint32)sce->u.ssl3.certIndex * sizeof(CertCacheEntry);
+ GET_SERVER_CACHE_READ_LOCK(certCacheFD, offset, sizeof(CertCacheEntry));
+#ifdef XP_UNIX
+ off = lseek(certCacheFD, offset, SEEK_SET);
+ rv = -1;
+ if (off != offset) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_FILE_SEEK_ERROR);
+ } else {
+ rv = read(certCacheFD, &cce, sizeof(CertCacheEntry));
+ if (rv != sizeof(CertCacheEntry)) {
+ if (rv == -1)
+ nss_MD_unix_map_read_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ }
}
+#else /* XP_WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(&cce, &certCacheData[offset], sizeof(CertCacheEntry));
+ rv = sizeof cce;
+#endif /* XP_WIN32 */
+ RELEASE_SERVER_CACHE_LOCK(certCacheFD, offset, sizeof(CertCacheEntry))
- cce.sessionIDLength = sce->sessionIDLength;
- PORT_Memcpy(cce.sessionID, sce->sessionID, cce.sessionIDLength);
+ if (rv != sizeof(CertCacheEntry)) {
+ IOError(rv, "read"); /* error set above */
+ return NULL;
+ }
- cce.certLength = cert->derCert.len;
- PORT_Memcpy(cce.cert, cert->derCert.data, cce.certLength);
+ /* See if the session ID matches with that in the sce cache. */
+ if((cce.sessionIDLength != sce->u.ssl3.sessionIDLength) ||
+ PORT_Memcmp(cce.sessionID, sce->u.ssl3.sessionID, cce.sessionIDLength)) {
+ /* this is a cache miss, not an error */
+ PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+ return NULL;
+ }
+
+ derCert.len = cce.certLength;
+ derCert.data = cce.cert;
- /* get lock on cert cache */
- now = LockSidCacheLock(cache->certCacheLock, 0);
- if (now) {
+ cert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
+ PR_FALSE, PR_TRUE);
- /* Find where to place the next cert cache entry. */
- cacheDesc * sharedCache = cache->sharedCache;
- PRUint32 ndx = sharedCache->nextCertCacheEntry;
+ return cert;
+}
- /* write the entry */
- cache->certCacheData[ndx] = cce;
+/* Put a certificate in the cache. We assume that the certIndex in
+** sid is valid.
+*/
+static void
+CacheCert(CERTCertificate *cert, SIDCacheEntry *sce)
+{
+ PRUint32 offset;
+ CertCacheEntry cce;
+#ifdef XP_UNIX
+ off_t off;
+ int rv;
+#endif
- /* remember where we put it. */
- sce->u.ssl3.certIndex = ndx;
+ offset = (PRUint32)sce->u.ssl3.certIndex * sizeof(CertCacheEntry);
+ if (cert->derCert.len > SSL_MAX_CACHED_CERT_LEN)
+ return;
+
+ cce.sessionIDLength = sce->u.ssl3.sessionIDLength;
+ PORT_Memcpy(cce.sessionID, sce->u.ssl3.sessionID, cce.sessionIDLength);
- /* update the "next" cache entry index */
- sharedCache->nextCertCacheEntry =
- (ndx + 1) % cache->numCertCacheEntries;
+ cce.certLength = cert->derCert.len;
+ PORT_Memcpy(cce.cert, cert->derCert.data, cce.certLength);
- UnlockSidCacheLock(cache->certCacheLock);
+ GET_SERVER_CACHE_WRITE_LOCK(certCacheFD, offset, sizeof cce);
+#ifdef XP_UNIX
+ off = lseek(certCacheFD, offset, SEEK_SET);
+ if (off != offset) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_FILE_SEEK_ERROR);
+ } else {
+ rv = write(certCacheFD, &cce, sizeof cce);
+ if (rv != sizeof(CertCacheEntry)) {
+ if (rv == -1)
+ nss_MD_unix_map_write_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "cert-write");
+ Invalidate(sce);
+ }
}
- return now;
+#else /* WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(&certCacheData[offset], &cce, sizeof cce);
+#endif /* XP_UNIX */
+ RELEASE_SERVER_CACHE_LOCK(certCacheFD, offset, sizeof cce);
+ return;
}
/*
** Convert memory based SID to file based one
*/
static void
-ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
+ConvertFromSID(SIDCacheEntry *to, sslSessionID *from)
{
- to->valid = 1;
- to->version = from->version;
- to->addr = from->addr;
- to->time = from->time;
+ to->u.ssl2.valid = 1;
+ to->u.ssl2.version = from->version;
+ to->addr = from->addr;
+ to->time = from->time;
if (from->version < SSL_LIBRARY_VERSION_3_0) {
if ((from->u.ssl2.masterKey.len > SSL_MAX_MASTER_KEY_BYTES) ||
@@ -397,7 +726,7 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
SSL_DBG(("%d: SSL: masterKeyLen=%d cipherArgLen=%d",
myPid, from->u.ssl2.masterKey.len,
from->u.ssl2.cipherArg.len));
- to->valid = 0;
+ to->u.ssl2.valid = 0;
return;
}
@@ -406,8 +735,8 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->u.ssl2.cipherArgLen = from->u.ssl2.cipherArg.len;
to->u.ssl2.keyBits = from->u.ssl2.keyBits;
to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
- to->sessionIDLength = SSL2_SESSIONID_BYTES;
- PORT_Memcpy(to->sessionID, from->u.ssl2.sessionID, SSL2_SESSIONID_BYTES);
+ PORT_Memcpy(to->u.ssl2.sessionID, from->u.ssl2.sessionID,
+ sizeof(to->u.ssl2.sessionID));
PORT_Memcpy(to->u.ssl2.masterKey, from->u.ssl2.masterKey.data,
from->u.ssl2.masterKey.len);
PORT_Memcpy(to->u.ssl2.cipherArg, from->u.ssl2.cipherArg.data,
@@ -421,12 +750,13 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
SSL_TRC(8, ("%d: SSL: ConvertSID: masterKeyLen=%d cipherArgLen=%d "
"time=%d addr=0x%08x%08x%08x%08x cipherType=%d", myPid,
to->u.ssl2.masterKeyLen, to->u.ssl2.cipherArgLen,
- to->time, to->addr.pr_s6_addr32[0],
+ to->time, to->addr.pr_s6_addr32[0],
to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
to->addr.pr_s6_addr32[3], to->u.ssl2.cipherType));
} else {
/* This is an SSL v3 session */
+ to->u.ssl3.sessionIDLength = from->u.ssl3.sessionIDLength;
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
to->u.ssl3.compression = (uint16)from->u.ssl3.compression;
to->u.ssl3.resumable = from->u.ssl3.resumable;
@@ -434,14 +764,12 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
- to->sessionIDLength = from->u.ssl3.sessionIDLength;
- to->u.ssl3.certIndex = -1;
- PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
- to->sessionIDLength);
+ PORT_Memcpy(to->u.ssl3.sessionID,
+ from->u.ssl3.sessionID,
+ from->u.ssl3.sessionIDLength);
- SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
- "cipherSuite=%d",
+ SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x cipherSuite=%d",
myPid, to->time, to->addr.pr_s6_addr32[0],
to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite));
@@ -454,11 +782,10 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
** Caller must hold cache lock when calling this.
*/
static sslSessionID *
-ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
- CERTCertDBHandle * dbHandle)
+ConvertToSID(SIDCacheEntry *from, CERTCertDBHandle * dbHandle)
{
sslSessionID *to;
- uint16 version = from->version;
+ uint16 version = from->u.ssl2.version;
to = (sslSessionID*) PORT_ZAlloc(sizeof(sslSessionID));
if (!to) {
@@ -473,13 +800,13 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
goto loser;
}
if (from->u.ssl2.cipherArgLen) {
- to->u.ssl2.cipherArg.data =
- (unsigned char*)PORT_Alloc(from->u.ssl2.cipherArgLen);
+ to->u.ssl2.cipherArg.data = (unsigned char*)
+ PORT_Alloc(from->u.ssl2.cipherArgLen);
if (!to->u.ssl2.cipherArg.data) {
goto loser;
}
PORT_Memcpy(to->u.ssl2.cipherArg.data, from->u.ssl2.cipherArg,
- from->u.ssl2.cipherArgLen);
+ from->u.ssl2.cipherArgLen);
}
to->u.ssl2.cipherType = from->u.ssl2.cipherType;
@@ -487,22 +814,22 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl2.cipherArg.len = from->u.ssl2.cipherArgLen;
to->u.ssl2.keyBits = from->u.ssl2.keyBits;
to->u.ssl2.secretKeyBits = from->u.ssl2.secretKeyBits;
-/* to->sessionIDLength = SSL2_SESSIONID_BYTES; */
- PORT_Memcpy(to->u.ssl2.sessionID, from->sessionID, SSL2_SESSIONID_BYTES);
+ PORT_Memcpy(to->u.ssl2.sessionID, from->u.ssl2.sessionID,
+ sizeof from->u.ssl2.sessionID);
PORT_Memcpy(to->u.ssl2.masterKey.data, from->u.ssl2.masterKey,
- from->u.ssl2.masterKeyLen);
+ from->u.ssl2.masterKeyLen);
SSL_TRC(8, ("%d: SSL: ConvertToSID: masterKeyLen=%d cipherArgLen=%d "
"time=%d addr=0x%08x%08x%08x%08x cipherType=%d",
myPid, to->u.ssl2.masterKey.len,
- to->u.ssl2.cipherArg.len, to->time,
+ to->u.ssl2.cipherArg.len, to->time,
to->addr.pr_s6_addr32[0], to->addr.pr_s6_addr32[1],
- to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
+ to->addr.pr_s6_addr32[2], to->addr.pr_s6_addr32[3],
to->u.ssl2.cipherType));
} else {
/* This is an SSL v3 session */
- to->u.ssl3.sessionIDLength = from->sessionIDLength;
+ to->u.ssl3.sessionIDLength = from->u.ssl3.sessionIDLength;
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
to->u.ssl3.compression = (SSL3CompressionMethod)from->u.ssl3.compression;
to->u.ssl3.resumable = from->u.ssl3.resumable;
@@ -511,7 +838,9 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
- PORT_Memcpy(to->u.ssl3.sessionID, from->sessionID, from->sessionIDLength);
+ PORT_Memcpy(to->u.ssl3.sessionID,
+ from->u.ssl3.sessionID,
+ from->u.ssl3.sessionIDLength);
/* the portions of the SID that are only restored on the client
* are set to invalid values on the server.
@@ -534,21 +863,15 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl3.clientWriteSaveLen = 0;
- if (from->u.ssl3.certIndex != -1 && pcce) {
- SECItem derCert;
-
- derCert.len = pcce->certLength;
- derCert.data = pcce->cert;
-
- to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
- PR_FALSE, PR_TRUE);
+ if (from->u.ssl3.certIndex != -1) {
+ to->peerCert = GetCertFromCache(from, dbHandle);
if (to->peerCert == NULL)
goto loser;
}
}
- to->version = from->version;
- to->time = from->time; /* XXX ??? is expiration time */
+ to->version = from->u.ssl2.version;
+ to->time = from->time;
to->cached = in_server_cache;
to->addr = from->addr;
to->references = 1;
@@ -556,6 +879,7 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
return to;
loser:
+ Invalidate(from);
if (to) {
if (version < SSL_LIBRARY_VERSION_3_0) {
if (to->u.ssl2.masterKey.data)
@@ -569,82 +893,210 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
}
+/* Invalidate a SID cache entry.
+ * Called from CacheCert, ConvertToSid, and ServerSessionIDUncache.
+ */
+static void
+Invalidate(SIDCacheEntry *sce)
+{
+ PRUint32 offset;
+#ifdef XP_UNIX
+ off_t off;
+ int rv;
+#endif
+
+ if (sce == NULL) return;
+
+ if (sce->u.ssl2.version < SSL_LIBRARY_VERSION_3_0) {
+ offset = Offset(&sce->addr, sce->u.ssl2.sessionID,
+ sizeof sce->u.ssl2.sessionID);
+ } else {
+ offset = Offset(&sce->addr, sce->u.ssl3.sessionID,
+ sce->u.ssl3.sessionIDLength);
+ }
+
+ sce->u.ssl2.valid = 0;
+ SSL_TRC(7, ("%d: SSL: uncaching session-id at offset %ld",
+ myPid, offset));
+
+ GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *sce);
+
+#ifdef XP_UNIX
+ off = lseek(SIDCacheFD, offset, SEEK_SET);
+ if (off != offset) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_FILE_SEEK_ERROR);
+ } else {
+ rv = write(SIDCacheFD, sce, sizeof *sce);
+ if (rv != sizeof *sce) {
+ if (rv == -1)
+ nss_MD_unix_map_write_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "invalidate-write");
+ }
+ }
+#else /* WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(&SIDCacheData[offset], sce, sizeof *sce);
+#endif /* XP_UNIX */
+
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
+}
+
+
+static void
+IOError(int rv, char *type)
+{
+#ifdef XP_UNIX
+ syslog(LOG_ALERT,
+ "SSL: %s error with session-id cache, pid=%d, rv=%d, error='%m'",
+ type, myPid, rv);
+#else /* XP_WIN32 */
+#ifdef MC_HTTPD
+ ereport(LOG_FAILURE, "%s error with session-id cache rv=%d\n",type, rv);
+#endif /* MC_HTTPD */
+#endif /* XP_UNIX */
+}
+
+static void
+lock_cache(void)
+{
+ PZ_Lock(cacheLock);
+}
+
+static void
+unlock_cache(void)
+{
+ PZ_Unlock(cacheLock);
+}
/*
** Perform some mumbo jumbo on the ip-address and the session-id value to
** compute a hash value.
*/
static PRUint32
-SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl)
+Offset(const PRIPv6Addr *addr, unsigned char *s, unsigned nl)
{
PRUint32 rv;
- PRUint32 x[8];
-
- memset(x, 0, sizeof x);
- if (nl > sizeof x)
- nl = sizeof x;
- memcpy(x, s, nl);
- rv = (addr->pr_s6_addr32[0] ^ addr->pr_s6_addr32[1] ^
- addr->pr_s6_addr32[2] ^ addr->pr_s6_addr32[3] ^
- x[0] ^ x[1] ^ x[2] ^ x[3] ^ x[4] ^ x[5] ^ x[6] ^ x[7])
- % cache->numSIDCacheSets;
- return rv;
+ rv = addr->pr_s6_addr32[3] ^ (((PRUint32)s[0] << 24) | ((PRUint32)s[1] << 16)
+ | (s[2] << 8) | s[nl-1]);
+ return (rv % numSIDCacheEntries) * sizeof(SIDCacheEntry);
}
/*
** Look something up in the cache. This will invalidate old entries
-** in the process. Caller has locked the cache set!
+** in the process. Caller has locked the cache!
** Returns PR_TRUE if found a valid match. PR_FALSE otherwise.
*/
-static sidCacheEntry *
-FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now,
- const PRIPv6Addr *addr, unsigned char *sessionID,
- unsigned sessionIDLength)
+static PRBool
+FindSID(const PRIPv6Addr *addr, unsigned char *sessionID,
+ unsigned sessionIDLength, SIDCacheEntry *sce)
{
- PRUint32 ndx = cache->sidCacheSets[setNum].next;
- int i;
-
- sidCacheEntry * set = cache->sidCacheData +
- (setNum * SID_CACHE_ENTRIES_PER_SET);
-
- for (i = SID_CACHE_ENTRIES_PER_SET; i > 0; --i) {
- sidCacheEntry * sce;
-
- ndx = (ndx - 1) % SID_CACHE_ENTRIES_PER_SET;
- sce = set + ndx;
-
- if (!sce->valid)
- continue;
-
- if (now > sce->time) {
- /* SessionID has timed out. Invalidate the entry. */
- SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x "
- "time+=%x",
- myPid, sce->addr.pr_s6_addr32[0],
- sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2],
- sce->addr.pr_s6_addr32[3], now,
- sce->time + ssl_sid_timeout));
- sce->valid = 0;
- continue;
- }
+ PRUint32 offset;
+ PRUint32 now;
+ int rv;
+#ifdef XP_UNIX
+ off_t off;
+#endif
- /*
- ** Next, examine specific session-id/addr data to see if the cache
- ** entry matches our addr+session-id value
- */
- if (sessionIDLength == sce->sessionIDLength &&
- !memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) &&
- !memcmp(sce->sessionID, sessionID, sessionIDLength)) {
- /* Found it */
- return sce;
+ /* Read in cache entry after hashing ip address and session-id value */
+ offset = Offset(addr, sessionID, sessionIDLength);
+ now = ssl_Time();
+ GET_SERVER_CACHE_READ_LOCK(SIDCacheFD, offset, sizeof *sce);
+#ifdef XP_UNIX
+ off = lseek(SIDCacheFD, offset, SEEK_SET);
+ rv = -1;
+ if (off != offset) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_FILE_SEEK_ERROR);
+ } else {
+ rv = read(SIDCacheFD, sce, sizeof *sce);
+ if (rv != sizeof *sce) {
+ if (rv == -1)
+ nss_MD_unix_map_read_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ }
+ }
+#else /* XP_WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(sce, &SIDCacheData[offset], sizeof *sce);
+ rv = sizeof *sce;
+#endif /* XP_WIN32 */
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
+
+ if (rv != sizeof *sce) {
+ IOError(rv, "server sid cache read");
+ return PR_FALSE;
+ }
+
+ if (!sce->u.ssl2.valid) {
+ /* Entry is not valid */
+ PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+ return PR_FALSE;
+ }
+
+ if (((sce->u.ssl2.version < SSL_LIBRARY_VERSION_3_0) &&
+ (now > sce->time + ssl_sid_timeout)) ||
+ ((sce->u.ssl2.version >= SSL_LIBRARY_VERSION_3_0) &&
+ (now > sce->time + ssl3_sid_timeout))) {
+ /* SessionID has timed out. Invalidate the entry. */
+ SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x time+=%x",
+ myPid, sce->addr.pr_s6_addr32[0],
+ sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2],
+ sce->addr.pr_s6_addr32[3], now,
+ sce->time + ssl_sid_timeout));
+ sce->u.ssl2.valid = 0;
+
+ GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *sce);
+#ifdef XP_UNIX
+ off = lseek(SIDCacheFD, offset, SEEK_SET);
+ rv = -1;
+ if (off != offset) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ } else {
+ rv = write(SIDCacheFD, sce, sizeof *sce);
+ if (rv != sizeof *sce) {
+ if (rv == -1)
+ nss_MD_unix_map_write_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "timeout-write");
+ }
}
+#else /* WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(&SIDCacheData[offset], sce, sizeof *sce);
+ rv = sizeof *sce;
+#endif /* XP_UNIX */
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *sce);
+ if (rv == sizeof *sce)
+ PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+ return PR_FALSE;
}
+ /*
+ ** Finally, examine specific session-id/addr data to see if the cache
+ ** entry matches our addr+session-id value
+ */
+ if (!memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) &&
+ (PORT_Memcmp(sce->u.ssl2.sessionID, sessionID, sessionIDLength) == 0)) {
+ /* Found it */
+ return PR_TRUE;
+ }
PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
- return NULL;
+ return PR_FALSE;
}
/************************************************************************/
@@ -654,82 +1106,40 @@ FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now,
* pointer ssl_sid_lookup.
*/
static sslSessionID *
-ServerSessionIDLookup(const PRIPv6Addr *addr,
+ServerSessionIDLookup( const PRIPv6Addr *addr,
unsigned char *sessionID,
unsigned int sessionIDLength,
CERTCertDBHandle * dbHandle)
{
- sslSessionID * sid = 0;
- sidCacheEntry * psce;
- certCacheEntry *pcce = 0;
- cacheDesc * cache = &globalCache;
- PRUint32 now;
- PRUint32 set;
- PRInt32 cndx;
- sidCacheEntry sce;
- certCacheEntry cce;
-
- set = SIDindex(cache, addr, sessionID, sessionIDLength);
- now = LockSet(cache, set, 0);
- if (!now)
- return NULL;
-
- psce = FindSID(cache, set, now, addr, sessionID, sessionIDLength);
- if (psce) {
- if (psce->version >= SSL_LIBRARY_VERSION_3_0 &&
- (cndx = psce->u.ssl3.certIndex) != -1) {
-
- PRUint32 gotLock = LockSidCacheLock(cache->certCacheLock, now);
- if (gotLock) {
- pcce = &cache->certCacheData[cndx];
-
- /* See if the cert's session ID matches the sce cache. */
- if ((pcce->sessionIDLength == psce->sessionIDLength) &&
- !PORT_Memcmp(pcce->sessionID, psce->sessionID,
- pcce->sessionIDLength)) {
- cce = *pcce;
- } else {
- /* The cert doesen't match the SID cache entry,
- ** so invalidate the SID cache entry.
- */
- psce->valid = 0;
- psce = 0;
- pcce = 0;
- }
- UnlockSidCacheLock(cache->certCacheLock);
- } else {
- /* what the ??. Didn't get the cert cache lock.
- ** Don't invalidate the SID cache entry, but don't find it.
- */
- PORT_Assert(!("Didn't get cert Cache Lock!"));
- psce = 0;
- pcce = 0;
- }
- }
- if (psce) {
- sce = *psce; /* grab a copy while holding the lock */
- }
- }
- UnlockSet(cache, set);
- if (psce) {
- /* sce conains a copy of the cache entry.
- ** Convert file format to internal format
- */
- sid = ConvertToSID(&sce, pcce ? &cce : 0, dbHandle);
+ SIDCacheEntry sce;
+ sslSessionID *sid;
+
+ sid = 0;
+ lock_cache();
+ if (FindSID(addr, sessionID, sessionIDLength, &sce)) {
+ /* Found it. Convert file format to internal format */
+ sid = ConvertToSID(&sce, dbHandle);
}
+ unlock_cache();
return sid;
}
/*
-** Place a sid into the cache, if it isn't already there.
+** Place an sid into the cache, if it isn't already there. Note that if
+** some other server process has replaced a session-id cache entry that has
+** the same cache index as this sid, then all is ok. Somebody has to lose
+** when this condition occurs, so it might as well be this sid.
*/
static void
ServerSessionIDCache(sslSessionID *sid)
{
- sidCacheEntry sce;
- PRUint32 now = 0;
- uint16 version = sid->version;
- cacheDesc * cache = &globalCache;
+ SIDCacheEntry sce;
+ PRUint32 offset;
+#ifdef XP_UNIX
+ off_t off;
+ int rv;
+#endif
+ uint16 version = sid->version;
if ((version >= SSL_LIBRARY_VERSION_3_0) &&
(sid->u.ssl3.sessionIDLength == 0)) {
@@ -737,346 +1147,384 @@ ServerSessionIDCache(sslSessionID *sid)
}
if (sid->cached == never_cached || sid->cached == invalid_cache) {
- PRUint32 set;
+ lock_cache();
+ sid->time = ssl_Time();
if (version < SSL_LIBRARY_VERSION_3_0) {
- sid->time = ssl_Time() + ssl_sid_timeout;
SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
- "cipher=%d", myPid, sid->cached,
+ "cipher=%d", myPid, sid->cached,
sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
sid->time, sid->u.ssl2.cipherType));
PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
- SSL2_SESSIONID_BYTES));
+ sizeof(sid->u.ssl2.sessionID)));
PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
sid->u.ssl2.cipherArg.len));
+ /* Write out new cache entry */
+ offset = Offset(&sid->addr, sid->u.ssl2.sessionID,
+ sizeof(sid->u.ssl2.sessionID));
} else {
- sid->time = ssl_Time() + ssl3_sid_timeout;
SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
- "cipherSuite=%d", myPid, sid->cached,
+ "cipherSuite=%d", myPid, sid->cached,
sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
sid->time, sid->u.ssl3.cipherSuite));
PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
sid->u.ssl3.sessionIDLength));
+
+ offset = Offset(&sid->addr, sid->u.ssl3.sessionID,
+ sid->u.ssl3.sessionIDLength);
+
}
ConvertFromSID(&sce, sid);
+ if (version >= SSL_LIBRARY_VERSION_3_0) {
+ if (sid->peerCert == NULL) {
+ sce.u.ssl3.certIndex = -1;
+ } else {
+ sce.u.ssl3.certIndex = (int16)
+ ((offset / sizeof(SIDCacheEntry)) % numCertCacheEntries);
+ }
+ }
+
+ GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof sce);
+#ifdef XP_UNIX
+ off = lseek(SIDCacheFD, offset, SEEK_SET);
+ if (off != offset) {
+ if (off == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ } else {
+ rv = write(SIDCacheFD, &sce, sizeof sce);
+ if (rv != sizeof(sce)) {
+ if (rv == -1)
+ nss_MD_unix_map_write_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "update-write");
+ }
+ }
+#else /* WIN32 */
+ CopyMemory(&SIDCacheData[offset], &sce, sizeof sce);
+#endif /* XP_UNIX */
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof sce);
if ((version >= SSL_LIBRARY_VERSION_3_0) &&
(sid->peerCert != NULL)) {
- now = CacheCert(cache, sid->peerCert, &sce);
+ CacheCert(sid->peerCert, &sce);
}
- set = SIDindex(cache, &sce.addr, sce.sessionID, sce.sessionIDLength);
- now = LockSet(cache, set, now);
- if (now) {
- PRUint32 next = cache->sidCacheSets[set].next;
- PRUint32 ndx = set * SID_CACHE_ENTRIES_PER_SET + next;
-
- /* Write out new cache entry */
- cache->sidCacheData[ndx] = sce;
-
- cache->sidCacheSets[set].next =
- (next + 1) % SID_CACHE_ENTRIES_PER_SET;
-
- UnlockSet(cache, set);
- sid->cached = in_server_cache;
- }
+ sid->cached = in_server_cache;
+ unlock_cache();
}
}
-/*
-** Although this is static, it is called from ssl via global function pointer
-** ssl_sid_uncache. This invalidates the referenced cache entry.
-*/
static void
ServerSessionIDUncache(sslSessionID *sid)
{
- cacheDesc * cache = &globalCache;
- PRUint8 * sessionID;
- unsigned int sessionIDLength;
- PRErrorCode err;
- PRUint32 set;
- PRUint32 now;
- sidCacheEntry *psce;
-
- if (sid == NULL)
- return;
+ SIDCacheEntry sce;
+ PRErrorCode err;
+ int rv;
+
+ if (sid == NULL) return;
/* Uncaching a SID should never change the error code.
** So save it here and restore it before exiting.
*/
err = PR_GetError();
-
+ lock_cache();
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
- sessionID = sid->u.ssl2.sessionID;
- sessionIDLength = SSL2_SESSIONID_BYTES;
SSL_TRC(8, ("%d: SSL: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
- "cipher=%d", myPid, sid->cached,
+ "cipher=%d", myPid, sid->cached,
sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
sid->time, sid->u.ssl2.cipherType));
- PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
+ PRINT_BUF(8, (0, "sessionID:", sid->u.ssl2.sessionID,
+ sizeof(sid->u.ssl2.sessionID)));
PRINT_BUF(8, (0, "masterKey:", sid->u.ssl2.masterKey.data,
sid->u.ssl2.masterKey.len));
PRINT_BUF(8, (0, "cipherArg:", sid->u.ssl2.cipherArg.data,
sid->u.ssl2.cipherArg.len));
+ rv = FindSID(&sid->addr, sid->u.ssl2.sessionID,
+ sizeof(sid->u.ssl2.sessionID), &sce);
} else {
- sessionID = sid->u.ssl3.sessionID;
- sessionIDLength = sid->u.ssl3.sessionIDLength;
SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
- "cipherSuite=%d", myPid, sid->cached,
+ "cipherSuite=%d", myPid, sid->cached,
sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
- sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+ sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
sid->time, sid->u.ssl3.cipherSuite));
- PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
- }
- set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength);
- now = LockSet(cache, set, 0);
- if (now) {
- psce = FindSID(cache, set, now, &sid->addr, sessionID, sessionIDLength);
- if (psce) {
- psce->valid = 0;
- }
- UnlockSet(cache, set);
+ PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
+ sid->u.ssl3.sessionIDLength));
+ rv = FindSID(&sid->addr, sid->u.ssl3.sessionID,
+ sid->u.ssl3.sessionIDLength, &sce);
+ }
+
+ if (rv) {
+ Invalidate(&sce);
}
sid->cached = invalid_cache;
+ unlock_cache();
PORT_SetError(err);
}
static SECStatus
-InitCache(cacheDesc *cache, int maxCacheEntries, PRUint32 ssl2_timeout,
- PRUint32 ssl3_timeout, const char *directory)
+InitSessionIDCache(int maxCacheEntries, PRUint32 timeout,
+ PRUint32 ssl3_timeout, const char *directory)
{
- ptrdiff_t ptr;
- sidCacheLock *pLock;
- char * sharedMem;
- PRFileMap * cacheMemMap;
- char * cfn = NULL; /* cache file name */
- int locks_initialized = 0;
- int locks_to_initialize = 0;
- PRUint32 init_time;
-
- if (cache->sharedMem) {
+ char *cfn;
+#ifdef XP_UNIX
+ int rv;
+ if (SIDCacheFD >= 0) {
/* Already done */
return SECSuccess;
}
-
- cache->numSIDCacheEntries = maxCacheEntries ? maxCacheEntries
- : DEF_SID_CACHE_ENTRIES;
- cache->numSIDCacheSets =
- SID_HOWMANY(cache->numSIDCacheEntries, SID_CACHE_ENTRIES_PER_SET);
-
- cache->numSIDCacheEntries =
- cache->numSIDCacheSets * SID_CACHE_ENTRIES_PER_SET;
-
- cache->numSIDCacheLocks =
- PR_MIN(cache->numSIDCacheSets, ssl_max_sid_cache_locks);
-
- cache->numSIDCacheSetsPerLock =
- SID_HOWMANY(cache->numSIDCacheSets, cache->numSIDCacheLocks);
-
- /* compute size of shared memory, and offsets of all pointers */
- ptr = 0;
- cache->sharedMem = (char *)ptr;
- ptr += SID_ROUNDUP(sizeof(cacheDesc), SID_ALIGNMENT);
-
- cache->sidCacheLocks = (sidCacheLock *)ptr;
- cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks;
- cache->certCacheLock = cache->keyCacheLock + 1;
- ptr = (ptrdiff_t)(cache->certCacheLock + 1);
- ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
- cache->sidCacheSets = (sidCacheSet *)ptr;
- ptr = (ptrdiff_t)(cache->sidCacheSets + cache->numSIDCacheSets);
- ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
- cache->sidCacheData = (sidCacheEntry *)ptr;
- ptr = (ptrdiff_t)(cache->sidCacheData + cache->numSIDCacheEntries);
- ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
- cache->certCacheData = (certCacheEntry *)ptr;
- cache->sidCacheSize =
- (char *)cache->certCacheData - (char *)cache->sidCacheData;
-
- /* This is really a poor way to computer this! */
- cache->numCertCacheEntries = cache->sidCacheSize / sizeof(certCacheEntry);
- if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
- cache->numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
- ptr = (ptrdiff_t)(cache->certCacheData + cache->numCertCacheEntries);
- ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
- cache->keyCacheData = (SSLWrappedSymWrappingKey *)ptr;
- cache->certCacheSize =
- (char *)cache->keyCacheData - (char *)cache->certCacheData;
-
- cache->numKeyCacheEntries = kt_kea_size * SSL_NUM_WRAP_MECHS;
- ptr = (ptrdiff_t)(cache->keyCacheData + cache->numKeyCacheEntries);
- ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
-
- cache->sharedMemSize = ptr;
-
- cache->keyCacheSize = (char *)ptr - (char *)cache->keyCacheData;
-
- if (ssl2_timeout) {
- if (ssl2_timeout > MAX_SSL2_TIMEOUT) {
- ssl2_timeout = MAX_SSL2_TIMEOUT;
- }
- if (ssl2_timeout < MIN_SSL2_TIMEOUT) {
- ssl2_timeout = MIN_SSL2_TIMEOUT;
+#else /* WIN32 */
+ if(SIDCacheFDMAP != INVALID_HANDLE_VALUE) {
+ /* Already done */
+ return SECSuccess;
}
- cache->ssl2Timeout = ssl2_timeout;
- } else {
- cache->ssl2Timeout = DEF_SSL2_TIMEOUT;
- }
+#endif /* XP_UNIX */
- if (ssl3_timeout) {
- if (ssl3_timeout > MAX_SSL3_TIMEOUT) {
- ssl3_timeout = MAX_SSL3_TIMEOUT;
- }
- if (ssl3_timeout < MIN_SSL3_TIMEOUT) {
- ssl3_timeout = MIN_SSL3_TIMEOUT;
- }
- cache->ssl3Timeout = ssl3_timeout;
- } else {
- cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
+
+ if (maxCacheEntries) {
+ numSIDCacheEntries = maxCacheEntries;
}
+ sidCacheWrapOffset = numSIDCacheEntries * sizeof(SIDCacheEntry);
+ sidCacheFileSize = sidCacheWrapOffset +
+ (kt_kea_size * SSL_NUM_WRAP_MECHS * sizeof(SSLWrappedSymWrappingKey));
/* Create file names */
+ cfn = (char*) PORT_Alloc(PORT_Strlen(directory) + 100);
+ if (!cfn) {
+ return SECFailure;
+ }
#ifdef XP_UNIX
- /* there's some confusion here about whether PR_OpenAnonFileMap wants
- ** a directory name or a file name for its first argument.
- cfn = PR_smprintf("%s/.sslsvrcache.%d", directory, myPid);
- */
- cfn = PR_smprintf("%s", directory);
+ sprintf(cfn, "%s/.sslsidc.%d", directory, getpid());
#else /* XP_WIN32 */
- cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid,
- GetCurrentThreadId());
+ sprintf(cfn, "%s\\ssl.sidc.%d.%d", directory,
+ GetCurrentProcessId(), GetCurrentThreadId());
#endif /* XP_WIN32 */
- if (!cfn) {
+
+ /* Create session-id cache file */
+#ifdef XP_UNIX
+ do {
+ (void) unlink(cfn);
+ SIDCacheFD = open(cfn, O_EXCL|O_CREAT|O_RDWR, 0600);
+ } while (SIDCacheFD < 0 && errno == EEXIST);
+ if (SIDCacheFD < 0) {
+ nss_MD_unix_map_open_error(errno);
+ IOError(SIDCacheFD, "create");
goto loser;
}
-
- /* Create cache */
- cacheMemMap = PR_OpenAnonFileMap(cfn, cache->sharedMemSize,
- PR_PROT_READWRITE);
- PR_smprintf_free(cfn);
- if(! cacheMemMap) {
+ rv = unlink(cfn);
+ if (rv < 0) {
+ nss_MD_unix_map_unlink_error(errno);
+ IOError(rv, "unlink");
goto loser;
}
- sharedMem = PR_MemMap(cacheMemMap, 0, cache->sharedMemSize);
- if (! sharedMem) {
+#else /* WIN32 */
+ SIDCacheFDMAP =
+ CreateFileMapping(INVALID_HANDLE_VALUE, /* allocate in swap file */
+ &sidCacheFDMapAttributes, /* inheritable. */
+ PAGE_READWRITE,
+ 0, /* size, high word. */
+ sidCacheFileSize, /* size, low word. */
+ NULL); /* no map name in FS */
+ if(! SIDCacheFDMAP) {
+ nss_MD_win32_map_default_error(GetLastError());
goto loser;
}
+ SIDCacheData = (char *)MapViewOfFile(SIDCacheFDMAP,
+ FILE_MAP_ALL_ACCESS, /* R/W */
+ 0, 0, /* offset */
+ sidCacheFileSize); /* size */
+ if (! SIDCacheData) {
+ nss_MD_win32_map_default_error(GetLastError());
+ goto loser;
+ }
+#endif /* XP_UNIX */
- /* Initialize shared memory. This may not be necessary on all platforms */
- memset(sharedMem, 0, cache->sharedMemSize);
-
- /* Copy cache descriptor header into shared memory */
- memcpy(sharedMem, cache, sizeof *cache);
+ if (!cacheLock)
+ nss_InitLock(&cacheLock, nssILockCache);
+ if (!cacheLock) {
+ SET_ERROR_CODE
+ goto loser;
+ }
+#ifdef _WIN32
+ if (isMultiProcess && (SECSuccess != createServerCacheSemaphore())) {
+ SET_ERROR_CODE
+ goto loser;
+ }
+#endif
- /* save private copies of these values */
- cache->cacheMemMap = cacheMemMap;
- cache->sharedMem = sharedMem;
- cache->sharedCache = (cacheDesc *)sharedMem;
+ if (timeout) {
+ if (timeout > 100) {
+ timeout = 100;
+ }
+ if (timeout < 5) {
+ timeout = 5;
+ }
+ ssl_sid_timeout = timeout;
+ }
- /* Fix pointers in our private copy of cache descriptor to point to
- ** spaces in shared memory
- */
- ptr = (ptrdiff_t)cache->sharedMem;
- *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheData) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
-
- /* initialize the locks */
- init_time = ssl_Time();
- pLock = cache->sidCacheLocks;
- for (locks_to_initialize = cache->numSIDCacheLocks + 2;
- locks_initialized < locks_to_initialize;
- ++locks_initialized, ++pLock ) {
-
- SECStatus err = sslMutex_Init(&pLock->mutex, isMultiProcess);
- if (err)
- goto loser;
- pLock->timeStamp = init_time;
- pLock->pid = 0;
+ if (ssl3_timeout) {
+ if (ssl3_timeout > 86400L) {
+ ssl3_timeout = 86400L;
+ }
+ if (ssl3_timeout < 5) {
+ ssl3_timeout = 5;
+ }
+ ssl3_sid_timeout = ssl3_timeout;
}
+ GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, 0, sidCacheFileSize);
+#ifdef XP_UNIX
+ /* Initialize the files */
+ if (ZeroFile(SIDCacheFD, sidCacheFileSize)) {
+ /* Bummer */
+ close(SIDCacheFD);
+ SIDCacheFD = -1;
+ goto loser;
+ }
+#else /* XP_WIN32 */
+ ZeroMemory(SIDCacheData, sidCacheFileSize);
+#endif /* XP_UNIX */
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, 0, sidCacheFileSize);
+ PORT_Free(cfn);
return SECSuccess;
-loser:
- if (cache->cacheMemMap) {
- if (cache->sharedMem) {
- if (locks_initialized > 0) {
- pLock = cache->sidCacheLocks;
- for (; locks_initialized > 0; --locks_initialized, ++pLock ) {
- sslMutex_Destroy(&pLock->mutex);
- }
- }
- PR_MemUnmap(cache->sharedMem, cache->sharedMemSize);
- cache->sharedMem = NULL;
- }
- PR_CloseFileMap(cache->cacheMemMap);
- cache->cacheMemMap = NULL;
+ loser:
+#ifdef _WIN32
+ if (svrCacheSem)
+ destroyServerCacheSemaphore();
+#endif
+ if (cacheLock) {
+ PZ_DestroyLock(cacheLock);
+ cacheLock = NULL;
}
+ PORT_Free(cfn);
return SECFailure;
}
-PRUint32
-SSL_GetMaxServerCacheLocks(void)
+static SECStatus
+InitCertCache(const char *directory)
{
- return ssl_max_sid_cache_locks + 2;
- /* The extra two are the cert cache lock and the key cache lock. */
-}
+ char *cfn;
+#ifdef XP_UNIX
+ int rv;
+ if (certCacheFD >= 0) {
+ /* Already done */
+ return SECSuccess;
+ }
+#else /* WIN32 */
+ if(certCacheFDMAP != INVALID_HANDLE_VALUE) {
+ /* Already done */
+ return SECSuccess;
+ }
+#endif /* XP_UNIX */
-SECStatus
-SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
-{
- /* Minimum is 1 sid cache lock, 1 cert cache lock and 1 key cache lock.
- ** We'd like to test for a maximum value, but not all platforms' header
- ** files provide a symbol or function or other means of determining
- ** the maximum, other than trial and error.
- */
- if (maxLocks < 3) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ numCertCacheEntries = sidCacheFileSize / sizeof(CertCacheEntry);
+ if (numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
+ numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
+ certCacheFileSize = numCertCacheEntries * sizeof(CertCacheEntry);
+
+ /* Create file names */
+ cfn = (char*) PORT_Alloc(PORT_Strlen(directory) + 100);
+ if (!cfn) {
return SECFailure;
}
- ssl_max_sid_cache_locks = maxLocks - 2;
- /* The extra two are the cert cache lock and the key cache lock. */
+#ifdef XP_UNIX
+ sprintf(cfn, "%s/.sslcertc.%d", directory, getpid());
+#else /* XP_WIN32 */
+ sprintf(cfn, "%s\\ssl.certc.%d.%d", directory,
+ GetCurrentProcessId(), GetCurrentThreadId());
+#endif /* XP_WIN32 */
+
+ /* Create certificate cache file */
+#ifdef XP_UNIX
+ do {
+ (void) unlink(cfn);
+ certCacheFD = open(cfn, O_EXCL|O_CREAT|O_RDWR, 0600);
+ } while (certCacheFD < 0 && errno == EEXIST);
+ if (certCacheFD < 0) {
+ nss_MD_unix_map_open_error(errno);
+ IOError(certCacheFD, "create");
+ goto loser;
+ }
+ rv = unlink(cfn);
+ if (rv < 0) {
+ nss_MD_unix_map_unlink_error(errno);
+ IOError(rv, "unlink");
+ goto loser;
+ }
+#else /* WIN32 */
+ certCacheFDMAP =
+ CreateFileMapping(INVALID_HANDLE_VALUE, /* allocate in swap file */
+ &certCacheFDMapAttributes, /* inheritable. */
+ PAGE_READWRITE,
+ 0, /* size, high word. */
+ certCacheFileSize, /* size, low word. */
+ NULL); /* no map name in FS */
+ if (! certCacheFDMAP) {
+ nss_MD_win32_map_default_error(GetLastError());
+ goto loser;
+ }
+ certCacheData = (char *) MapViewOfFile(certCacheFDMAP,
+ FILE_MAP_ALL_ACCESS, /* R/W */
+ 0, 0, /* offset */
+ certCacheFileSize); /* size */
+ if (! certCacheData) {
+ nss_MD_win32_map_default_error(GetLastError());
+ goto loser;
+ }
+#endif /* XP_UNIX */
+
+/* GET_SERVER_CACHE_WRITE_LOCK(certCacheFD, 0, certCacheFileSize); */
+#ifdef XP_UNIX
+ /* Initialize the files */
+ if (ZeroFile(certCacheFD, certCacheFileSize)) {
+ /* Bummer */
+ close(certCacheFD);
+ certCacheFD = -1;
+ goto loser;
+ }
+#else /* XP_WIN32 */
+ ZeroMemory(certCacheData, certCacheFileSize);
+#endif /* XP_UNIX */
+/* RELEASE_SERVER_CACHE_LOCK(certCacheFD, 0, certCacheFileSize); */
+ PORT_Free(cfn);
return SECSuccess;
+
+ loser:
+ PORT_Free(cfn);
+ return SECFailure;
}
SECStatus
-SSL_ConfigServerSessionIDCacheInstance( cacheDesc *cache,
- int maxCacheEntries,
- PRUint32 ssl2_timeout,
+SSL_ConfigServerSessionIDCache( int maxCacheEntries,
+ PRUint32 timeout,
PRUint32 ssl3_timeout,
const char * directory)
{
SECStatus rv;
-#if defined(DEBUG_nelsonb)
- printf("sizeof(sidCacheEntry) == %u\n", sizeof(sidCacheEntry));
-#endif
-#if !(defined(SOLARIS) && defined(i386))
- PORT_Assert(sizeof(sidCacheEntry) % 8 == 0);
-#endif
- PORT_Assert(sizeof(certCacheEntry) == 4096);
+ PORT_Assert(sizeof(SIDCacheEntry) == 256);
+ PORT_Assert(sizeof(CertCacheEntry) == 4096);
myPid = SSL_GETPID();
if (!directory) {
directory = DEFAULT_CACHE_DIRECTORY;
}
- rv = InitCache(cache, maxCacheEntries, ssl2_timeout, ssl3_timeout,
- directory);
+ rv = InitSessionIDCache(maxCacheEntries, timeout, ssl3_timeout, directory);
+ if (rv) {
+ SET_ERROR_CODE
+ return SECFailure;
+ }
+ rv = InitCertCache(directory);
if (rv) {
SET_ERROR_CODE
return SECFailure;
@@ -1088,93 +1536,87 @@ SSL_ConfigServerSessionIDCacheInstance( cacheDesc *cache,
return SECSuccess;
}
-SECStatus
-SSL_ConfigServerSessionIDCache( int maxCacheEntries,
- PRUint32 ssl2_timeout,
- PRUint32 ssl3_timeout,
- const char * directory)
-{
- return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
- maxCacheEntries, ssl2_timeout, ssl3_timeout, directory);
-}
-
/* Use this function, instead of SSL_ConfigServerSessionIDCache,
* if the cache will be shared by multiple processes.
*/
SECStatus
SSL_ConfigMPServerSIDCache( int maxCacheEntries,
- PRUint32 ssl2_timeout,
+ PRUint32 timeout,
PRUint32 ssl3_timeout,
const char * directory)
{
char * envValue;
- char * inhValue;
- cacheDesc * cache = &globalCache;
- PRUint32 fmStrLen;
SECStatus result;
- PRStatus prStatus;
SECStatus putEnvFailed;
- inheritance inherit;
- char fmString[PR_FILEMAP_STRING_BUFSIZE];
isMultiProcess = PR_TRUE;
- result = SSL_ConfigServerSessionIDCacheInstance(cache, maxCacheEntries,
- ssl2_timeout, ssl3_timeout, directory);
- if (result != SECSuccess)
- return result;
-
- prStatus = PR_ExportFileMapAsString(cache->cacheMemMap,
- sizeof fmString, fmString);
- if ((prStatus != PR_SUCCESS) || !(fmStrLen = strlen(fmString))) {
- SET_ERROR_CODE
- return SECFailure;
- }
-
- inherit.sharedMemSize = cache->sharedMemSize;
- inherit.fmStrLen = fmStrLen;
-
- inhValue = BTOA_DataToAscii((unsigned char *)&inherit, sizeof inherit);
- if (!inhValue || !strlen(inhValue)) {
- SET_ERROR_CODE
- return SECFailure;
- }
- envValue = PR_smprintf("%s,%s", inhValue, fmString);
- if (!envValue || !strlen(envValue)) {
- SET_ERROR_CODE
- return SECFailure;
+ result = SSL_ConfigServerSessionIDCache(maxCacheEntries, timeout,
+ ssl3_timeout, directory);
+ if (result == SECSuccess) {
+#ifdef _WIN32
+ winInheritance winherit;
+
+ winherit.numSIDCacheEntries = numSIDCacheEntries;
+ winherit.sidCacheFileSize = sidCacheFileSize;
+ winherit.sidCacheWrapOffset = sidCacheWrapOffset;
+ winherit.numCertCacheEntries = numCertCacheEntries;
+ winherit.certCacheFileSize = certCacheFileSize;
+ winherit.SIDCacheFDMAP = SIDCacheFDMAP;
+ winherit.certCacheFDMAP = certCacheFDMAP;
+ winherit.svrCacheSem = svrCacheSem;
+ winherit.parentProcessID = GetCurrentProcessId();
+ winherit.parentProcessHandle =
+ OpenProcess(PROCESS_DUP_HANDLE, TRUE, winherit.parentProcessID);
+ if (winherit.parentProcessHandle == NULL) {
+ SET_ERROR_CODE
+ return SECFailure;
+ }
+ envValue = BTOA_DataToAscii((unsigned char *)&winherit,
+ sizeof winherit);
+ if (!envValue) {
+ SET_ERROR_CODE
+ return SECFailure;
+ }
+#else
+ unixInheritance uinherit;
+
+ uinherit.numSIDCacheEntries = numSIDCacheEntries;
+ uinherit.sidCacheFileSize = sidCacheFileSize;
+ uinherit.sidCacheWrapOffset = sidCacheWrapOffset;
+ uinherit.numCertCacheEntries = numCertCacheEntries;
+ uinherit.certCacheFileSize = certCacheFileSize;
+ uinherit.SIDCacheFD = SIDCacheFD;
+ uinherit.certCacheFD = certCacheFD;
+
+ envValue = BTOA_DataToAscii((unsigned char *)&uinherit,
+ sizeof uinherit);
+ if (!envValue) {
+ SET_ERROR_CODE
+ return SECFailure;
+ }
+#endif
}
- PORT_Free(inhValue);
-
putEnvFailed = (SECStatus)NSS_PutEnv(envVarName, envValue);
- PR_smprintf_free(envValue);
+ PORT_Free(envValue);
if (putEnvFailed) {
SET_ERROR_CODE
result = SECFailure;
}
-
-#if !defined(WIN32)
- /* Launch thread to poll cache for expired locks */
- LaunchLockPoller(cache);
-#endif
return result;
}
SECStatus
-SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
+SSL_InheritMPServerSIDCache(const char * envString)
{
unsigned char * decoString = NULL;
- char * fmString = NULL;
unsigned int decoLen;
- ptrdiff_t ptr;
- inheritance inherit;
- cacheDesc my;
+#ifdef _WIN32
+ winInheritance inherit;
+#else
+ unixInheritance inherit;
+#endif
myPid = SSL_GETPID();
-
- /* If this child was created by fork(), and not by exec() on unix,
- ** then isMultiProcess will already be set.
- ** If not, we'll set it below.
- */
if (isMultiProcess)
return SECSuccess; /* already done. */
@@ -1189,18 +1631,11 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
return SECFailure;
}
}
- envString = PORT_Strdup(envString);
- if (!envString)
- return SECFailure;
- fmString = strchr(envString, ',');
- if (!fmString)
- goto loser;
- *fmString++ = 0;
decoString = ATOB_AsciiToData(envString, &decoLen);
if (!decoString) {
SET_ERROR_CODE
- goto loser;
+ return SECFailure;
}
if (decoLen != sizeof inherit) {
SET_ERROR_CODE
@@ -1208,178 +1643,152 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
}
PORT_Memcpy(&inherit, decoString, sizeof inherit);
+ PORT_Free(decoString);
- if (strlen(fmString) != inherit.fmStrLen ) {
- goto loser;
- }
+ numSIDCacheEntries = inherit.numSIDCacheEntries;
+ sidCacheFileSize = inherit.sidCacheFileSize;
+ sidCacheWrapOffset = inherit.sidCacheWrapOffset;
+ numCertCacheEntries = inherit.numCertCacheEntries;
+ certCacheFileSize = inherit.certCacheFileSize;
- memset(&my, 0, sizeof my);
- my.sharedMemSize = inherit.sharedMemSize;
+#ifdef _WIN32
+ SIDCacheFDMAP = inherit.SIDCacheFDMAP;
+ certCacheFDMAP = inherit.certCacheFDMAP;
+ svrCacheSem = inherit.svrCacheSem;
+
+#if 0
+ /* call DuplicateHandle ?? */
+ inherit.parentProcessID;
+ inherit.parentProcessHandle;
+#endif
- /* Create cache */
- my.cacheMemMap = PR_ImportFileMapFromString(fmString);
- if(! my.cacheMemMap) {
- goto loser;
+ if(!SIDCacheFDMAP) {
+ SET_ERROR_CODE
+ goto loser;
}
- my.sharedMem = PR_MemMap(my.cacheMemMap, 0, my.sharedMemSize);
- if (! my.sharedMem) {
- goto loser;
+ SIDCacheData = (char *)MapViewOfFile(SIDCacheFDMAP,
+ FILE_MAP_ALL_ACCESS, /* R/W */
+ 0, 0, /* offset */
+ sidCacheFileSize); /* size */
+ if(!SIDCacheData) {
+ nss_MD_win32_map_default_error(GetLastError());
+ goto loser;
}
- my.sharedCache = (cacheDesc *)my.sharedMem;
- if (my.sharedCache->sharedMemSize != my.sharedMemSize) {
- SET_ERROR_CODE
+ if(!certCacheFDMAP) {
+ SET_ERROR_CODE
+ goto loser;
+ }
+ certCacheData = (char *) MapViewOfFile(certCacheFDMAP,
+ FILE_MAP_ALL_ACCESS, /* R/W */
+ 0, 0, /* offset */
+ certCacheFileSize); /* size */
+ if(!certCacheData) {
+ nss_MD_win32_map_default_error(GetLastError());
goto loser;
}
- memcpy(cache, my.sharedCache, sizeof *cache);
- cache->cacheMemMap = my.cacheMemMap;
- cache->sharedMem = my.sharedMem;
- cache->sharedCache = my.sharedCache;
-
- /* Fix pointers in our private copy of cache descriptor to point to
- ** spaces in shared memory
- */
- ptr = (ptrdiff_t)cache->sharedMem;
- *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheData) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
+#else /* must be unix */
+ SIDCacheFD = inherit.SIDCacheFD;
+ certCacheFD = inherit.certCacheFD;
+ if (SIDCacheFD < 0 || certCacheFD < 0) {
+ SET_ERROR_CODE
+ goto loser;
+ }
+#endif
- PORT_Free(decoString);
+ if (!cacheLock) {
+ nss_InitLock(&cacheLock, nssILockCache);
+ if (!cacheLock)
+ goto loser;
+ }
isMultiProcess = PR_TRUE;
return SECSuccess;
loser:
if (decoString)
PORT_Free(decoString);
+#if _WIN32
+ if (SIDCacheFDMAP) {
+ CloseHandle(SIDCacheFDMAP);
+ SIDCacheFDMAP = NULL;
+ }
+ if (certCacheFDMAP) {
+ CloseHandle(certCacheFDMAP);
+ certCacheFDMAP = NULL;
+ }
+#else
+ if (SIDCacheFD >= 0) {
+ close(SIDCacheFD);
+ SIDCacheFD = -1;
+ }
+ if (certCacheFD >= 0) {
+ close(certCacheFD);
+ certCacheFD = -1;
+ }
+#endif
return SECFailure;
}
-SECStatus
-SSL_InheritMPServerSIDCache(const char * envString)
-{
- return SSL_InheritMPServerSIDCacheInstance(&globalCache, envString);
-}
-
-#if !defined(WIN32)
-
-#define SID_LOCK_EXPIRATION_TIMEOUT 30 /* seconds */
-
-static void
-LockPoller(void * arg)
-{
- cacheDesc * cache = (cacheDesc *)arg;
- cacheDesc * sharedCache = cache->sharedCache;
- sidCacheLock * pLock;
- const char * timeoutString;
- PRIntervalTime timeout;
- PRUint32 now;
- PRUint32 then;
- int locks_polled = 0;
- int locks_to_poll = cache->numSIDCacheLocks + 2;
- PRUint32 expiration = SID_LOCK_EXPIRATION_TIMEOUT;
-
- timeoutString = getenv("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
- if (timeoutString) {
- long newTime = strtol(timeoutString, 0, 0);
- if (newTime == 0)
- return; /* application doesn't want this function */
- if (newTime > 0)
- expiration = (PRUint32)newTime;
- /* if error (newTime < 0) ignore it and use default */
- }
-
- timeout = PR_SecondsToInterval(expiration);
- while(!sharedCache->stopPolling) {
- PR_Sleep(timeout);
- if (sharedCache->stopPolling)
- break;
-
- now = ssl_Time();
- then = now - expiration;
- for (pLock = cache->sidCacheLocks, locks_polled = 0;
- locks_to_poll > locks_polled && !sharedCache->stopPolling;
- ++locks_polled, ++pLock ) {
- pid_t pid;
-
- if (pLock->timeStamp < then &&
- pLock->timeStamp != 0 &&
- (pid = pLock->pid) != 0) {
-
- /* maybe we should try the lock? */
- int result = kill(pid, 0);
- if (result < 0 && errno == ESRCH) {
- SECStatus rv;
- /* No process exists by that pid any more.
- ** Treat this mutex as abandoned.
- */
- pLock->timeStamp = now;
- pLock->pid = 0;
- rv = sslMutex_Unlock(&pLock->mutex);
- if (rv != SECSuccess) {
- /* Now what? */
- }
- }
- }
- } /* end of loop over locks */
- } /* end of entire polling loop */
-}
-
-/* Launch thread to poll cache for expired locks */
-static SECStatus
-LaunchLockPoller(cacheDesc *cache)
-{
- PRThread * pollerThread;
-
- pollerThread =
- PR_CreateThread(PR_USER_THREAD, LockPoller, cache, PR_PRIORITY_NORMAL,
- PR_GLOBAL_THREAD, PR_UNJOINABLE_THREAD, 0);
- if (!pollerThread) {
- return SECFailure;
- }
- cache->poller = pollerThread;
- return SECSuccess;
-}
-#endif
-
/************************************************************************
* Code dealing with shared wrapped symmetric wrapping keys below *
************************************************************************/
-/* If now is zero, it implies that the lock is not held, and must be
-** aquired here.
-*/
+
static PRBool
-getSvrWrappingKey(PRInt32 symWrapMechIndex,
+getWrappingKey(PRInt32 symWrapMechIndex,
SSL3KEAType exchKeyType,
SSLWrappedSymWrappingKey *wswk,
- cacheDesc * cache,
- PRUint32 lockTime)
+ PRBool grabSharedLock)
{
- PRUint32 ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex;
- SSLWrappedSymWrappingKey * pwswk = cache->keyCacheData + ndx;
- PRUint32 now = 0;
- PRBool rv = PR_FALSE;
-
- if (!lockTime) {
- lockTime = now = LockSidCacheLock(cache->keyCacheLock, now);
- if (!lockTime) {
- return rv;
+ PRUint32 offset = sidCacheWrapOffset +
+ ((exchKeyType * SSL_NUM_WRAP_MECHS + symWrapMechIndex) *
+ sizeof(SSLWrappedSymWrappingKey));
+ PRBool rv = PR_TRUE;
+#ifdef XP_UNIX
+ off_t lrv;
+ ssize_t rrv;
+#endif
+
+ if (grabSharedLock) {
+ GET_SERVER_CACHE_READ_LOCK(SIDCacheFD, offset, sizeof *wswk);
+ }
+
+#ifdef XP_UNIX
+ lrv = lseek(SIDCacheFD, offset, SEEK_SET);
+ if (lrv != offset) {
+ if (lrv == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "wrapping-read");
+ rv = PR_FALSE;
+ } else {
+ rrv = read(SIDCacheFD, wswk, sizeof *wswk);
+ if (rrv != sizeof *wswk) {
+ if (rrv == -1)
+ nss_MD_unix_map_read_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "wrapping-read");
+ rv = PR_FALSE;
}
}
- if (pwswk->exchKeyType == exchKeyType &&
- pwswk->symWrapMechIndex == symWrapMechIndex &&
- pwswk->wrappedSymKeyLen != 0) {
- *wswk = *pwswk;
- rv = PR_TRUE;
+#else /* XP_WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(wswk, &SIDCacheData[offset], sizeof *wswk);
+#endif /* XP_WIN32 */
+ if (grabSharedLock) {
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *wswk);
}
- if (now) {
- UnlockSidCacheLock(cache->keyCacheLock);
+ if (rv) {
+ if (wswk->exchKeyType != exchKeyType ||
+ wswk->symWrapMechIndex != symWrapMechIndex ||
+ wswk->wrappedSymKeyLen == 0) {
+ memset(wswk, 0, sizeof *wswk);
+ rv = PR_FALSE;
+ }
}
return rv;
}
@@ -1391,16 +1800,17 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
{
PRBool rv;
+ lock_cache();
+
PORT_Assert( (unsigned)exchKeyType < kt_kea_size);
PORT_Assert( (unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS);
if ((unsigned)exchKeyType < kt_kea_size &&
(unsigned)symWrapMechIndex < SSL_NUM_WRAP_MECHS) {
- rv = getSvrWrappingKey(symWrapMechIndex, exchKeyType, wswk,
- &globalCache, 0);
+ rv = getWrappingKey(symWrapMechIndex, exchKeyType, wswk, PR_TRUE);
} else {
rv = PR_FALSE;
}
-
+ unlock_cache();
return rv;
}
@@ -1410,19 +1820,17 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
* the disk entry, and returns false.
* Otherwise, it overwrites the caller's wswk with the value obtained from
* the disk, and returns PR_TRUE.
- * This is all done while holding the locks/mutexes necessary to make
+ * This is all done while holding the locks/semaphores necessary to make
* the operation atomic.
*/
PRBool
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
{
- cacheDesc * cache = &globalCache;
- PRBool rv = PR_FALSE;
+ PRBool rv;
SSL3KEAType exchKeyType = wswk->exchKeyType;
/* type of keys used to wrap SymWrapKey*/
PRInt32 symWrapMechIndex = wswk->symWrapMechIndex;
- PRUint32 ndx;
- PRUint32 now = 0;
+ PRUint32 offset;
SSLWrappedSymWrappingKey myWswk;
PORT_Assert( (unsigned)exchKeyType < kt_kea_size);
@@ -1433,26 +1841,57 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
if ((unsigned)symWrapMechIndex >= SSL_NUM_WRAP_MECHS)
return 0;
- ndx = (exchKeyType * SSL_NUM_WRAP_MECHS) + symWrapMechIndex;
+ offset = sidCacheWrapOffset +
+ ((exchKeyType * SSL_NUM_WRAP_MECHS + symWrapMechIndex) *
+ sizeof(SSLWrappedSymWrappingKey));
PORT_Memset(&myWswk, 0, sizeof myWswk); /* eliminate UMRs. */
+ lock_cache();
+ GET_SERVER_CACHE_WRITE_LOCK(SIDCacheFD, offset, sizeof *wswk);
- now = LockSidCacheLock(cache->keyCacheLock, now);
- if (now) {
- rv = getSvrWrappingKey(wswk->symWrapMechIndex, wswk->exchKeyType,
- &myWswk, cache, now);
- if (rv) {
- /* we found it on disk, copy it out to the caller. */
- PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
+ rv = getWrappingKey(wswk->symWrapMechIndex, wswk->exchKeyType, &myWswk,
+ PR_FALSE);
+ if (rv) {
+ /* we found it on disk, copy it out to the caller. */
+ PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
+ } else {
+ /* Wasn't on disk, and we're still holding the lock, so write it. */
+
+#ifdef XP_UNIX
+ off_t lrv;
+ ssize_t rrv;
+
+ lrv = lseek(SIDCacheFD, offset, SEEK_SET);
+ if (lrv != offset) {
+ if (lrv == -1)
+ nss_MD_unix_map_lseek_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "wrapping-read");
+ rv = PR_FALSE;
} else {
- /* Wasn't on disk, and we're still holding the lock, so write it. */
- cache->keyCacheData[ndx] = *wswk;
+ rrv = write(SIDCacheFD, wswk, sizeof *wswk);
+ if (rrv != sizeof *wswk) {
+ if (rrv == -1)
+ nss_MD_unix_map_read_error(errno);
+ else
+ PORT_SetError(PR_IO_ERROR);
+ IOError(rv, "wrapping-read");
+ rv = PR_FALSE;
+ }
}
- UnlockSidCacheLock(cache->keyCacheLock);
+#else /* XP_WIN32 */
+ /* Use memory mapped I/O and just memcpy() the data */
+ CopyMemory(&SIDCacheData[offset], wswk, sizeof *wswk);
+#endif /* XP_WIN32 */
}
+ RELEASE_SERVER_CACHE_LOCK(SIDCacheFD, offset, sizeof *wswk);
+ unlock_cache();
return rv;
}
-#else /* MAC version or other platform */
+
+#endif /* NADA_VERISON */
+#else
#include "seccomon.h"
#include "cert.h"
@@ -1461,28 +1900,28 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
SECStatus
SSL_ConfigServerSessionIDCache( int maxCacheEntries,
- PRUint32 ssl2_timeout,
+ PRUint32 timeout,
PRUint32 ssl3_timeout,
const char * directory)
{
- PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigServerSessionIDCache)");
+ PR_ASSERT(!"SSL servers are not supported on the platform. (SSL_ConfigServerSessionIDCache)");
return SECFailure;
}
SECStatus
SSL_ConfigMPServerSIDCache( int maxCacheEntries,
- PRUint32 ssl2_timeout,
+ PRUint32 timeout,
PRUint32 ssl3_timeout,
const char * directory)
{
- PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigMPServerSIDCache)");
+ PR_ASSERT(!"SSL servers are not supported on the platform. (SSL_ConfigMPServerSIDCache)");
return SECFailure;
}
SECStatus
SSL_InheritMPServerSIDCache(const char * envString)
{
- PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_InheritMPServerSIDCache)");
+ PR_ASSERT(!"SSL servers are not supported on the platform. (SSL_InheritMPServerSIDCache)");
return SECFailure;
}
@@ -1492,7 +1931,7 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
SSLWrappedSymWrappingKey *wswk)
{
PRBool rv = PR_FALSE;
- PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_GetWrappingKey)");
+ PR_ASSERT(!"SSL servers are not supported on the platform. (ssl_GetWrappingKey)");
return rv;
}
@@ -1502,14 +1941,14 @@ ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
* the disk entry, and returns false.
* Otherwise, it overwrites the caller's wswk with the value obtained from
* the disk, and returns PR_TRUE.
- * This is all done while holding the locks/mutexes necessary to make
+ * This is all done while holding the locks/semaphores necessary to make
* the operation atomic.
*/
PRBool
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
{
PRBool rv = PR_FALSE;
- PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_SetWrappingKey)");
+ PR_ASSERT(!"SSL servers are not supported on the platform. (ssl_SetWrappingKey)");
return rv;
}
diff --git a/security/nss/lib/util/mac_rand.c b/security/nss/lib/util/mac_rand.c
index c8596a9f0..6198f3407 100644
--- a/security/nss/lib/util/mac_rand.c
+++ b/security/nss/lib/util/mac_rand.c
@@ -44,6 +44,7 @@
#include <PPCToolbox.h>
#include <Processes.h>
#include <LowMem.h>
+#include <Scrap.h>
/* Static prototypes */
static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen);
@@ -73,8 +74,9 @@ static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
size_t RNG_GetNoise(void *buf, size_t maxbytes)
{
- uint32 c = TickCount();
- return CopyLowBits(buf, maxbytes, &c, sizeof(c));
+ UnsignedWide microTickCount;
+ Microseconds(&microTickCount);
+ return CopyLowBits(buf, maxbytes, &microTickCount, sizeof(microTickCount));
}
void RNG_FileForRNG(char *filename)
@@ -125,6 +127,7 @@ void RNG_SystemInfoForRNG()
ReadLocation(&loc);
RNG_RandomUpdate( &loc, sizeof(loc));
}
+#if !TARGET_CARBON
/* User name */
{
unsigned long userRef;
@@ -133,6 +136,7 @@ void RNG_SystemInfoForRNG()
RNG_RandomUpdate( &userRef, sizeof(userRef));
RNG_RandomUpdate( userName, sizeof(userName));
}
+#endif
/* Mouse location */
{
Point mouseLoc;
@@ -155,11 +159,13 @@ void RNG_SystemInfoForRNG()
UInt8 volume = LMGetSdVolume();
RNG_RandomUpdate( &volume, sizeof(volume));
}
+#if !TARGET_CARBON
/* Current directory */
{
SInt32 dir = LMGetCurDirStore();
RNG_RandomUpdate( &dir, sizeof(dir));
}
+#endif
/* Process information about all the processes in the machine */
{
ProcessSerialNumber process;
@@ -179,17 +185,21 @@ void RNG_SystemInfoForRNG()
}
}
+#if !TARGET_CARBON
/* Heap */
{
THz zone = LMGetTheZone();
RNG_RandomUpdate( &zone, sizeof(zone));
}
+#endif
/* Screen */
{
- GDHandle h = LMGetMainDevice(); /* GDHandle is **GDevice */
+ GDHandle h = GetMainDevice(); /* GDHandle is **GDevice */
RNG_RandomUpdate( *h, sizeof(GDevice));
}
+
+#if !TARGET_CARBON
/* Scrap size */
{
SInt32 scrapSize = LMGetScrapSize();
@@ -200,6 +210,29 @@ void RNG_SystemInfoForRNG()
SInt16 scrapCount = LMGetScrapCount();
RNG_RandomUpdate( &scrapCount, sizeof(scrapCount));
}
+#else
+ {
+ ScrapRef scrap;
+ if (GetCurrentScrap(&scrap) == noErr) {
+ UInt32 flavorCount;
+ if (GetScrapFlavorCount(scrap, &flavorCount) == noErr) {
+ ScrapFlavorInfo* flavorInfo = (ScrapFlavorInfo*) malloc(flavorCount * sizeof(ScrapFlavorInfo));
+ if (flavorInfo != NULL) {
+ if (GetScrapFlavorInfoList(scrap, &flavorCount, flavorInfo) == noErr) {
+ UInt32 i;
+ RNG_RandomUpdate(&flavorCount, sizeof(flavorCount));
+ for (i = 0; i < flavorCount; ++i) {
+ Size flavorSize;
+ if (GetScrapFlavorSize(scrap, flavorInfo[i].flavorType, &flavorSize) == noErr)
+ RNG_RandomUpdate(&flavorSize, sizeof(flavorSize));
+ }
+ }
+ free(flavorInfo);
+ }
+ }
+ }
+ }
+#endif
/* File stuff, last modified, etc. */
{
HParamBlockRec pb;
@@ -211,6 +244,7 @@ void RNG_SystemInfoForRNG()
PBHGetVolParmsSync(&pb);
RNG_RandomUpdate( &volInfo, sizeof(volInfo));
}
+#if !TARGET_CARBON
/* Event queue */
{
EvQElPtr eventQ;
@@ -219,6 +253,7 @@ void RNG_SystemInfoForRNG()
eventQ = (EvQElPtr)eventQ->qLink)
RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord));
}
+#endif
FE_ReadScreen();
RNG_FileForRNG(NULL);
}
diff --git a/security/nss/lib/util/secasn1e.c b/security/nss/lib/util/secasn1e.c
index bc1be4e47..8520a2afe 100644
--- a/security/nss/lib/util/secasn1e.c
+++ b/security/nss/lib/util/secasn1e.c
@@ -83,7 +83,8 @@ typedef struct sec_asn1e_state_struct {
indefinite, /* need end-of-contents */
is_string, /* encoding a simple string or an ANY */
may_stream, /* when streaming, do indefinite encoding */
- optional; /* omit field if it has no contents */
+ optional, /* omit field if it has no contents */
+ ignore_stream; /* ignore streaming value of sub-template */
} sec_asn1e_state;
/*
@@ -184,7 +185,7 @@ sec_asn1e_notify_after (SEC_ASN1EncoderContext *cx, void *src, int depth)
static sec_asn1e_state *
sec_asn1e_init_state_based_on_template (sec_asn1e_state *state)
{
- PRBool explicit, is_string, may_stream, optional, universal;
+ PRBool explicit, is_string, may_stream, optional, universal, ignore_stream;
unsigned char tag_modifiers;
unsigned long encode_kind, under_kind;
unsigned long tag_number;
@@ -206,6 +207,9 @@ sec_asn1e_init_state_based_on_template (sec_asn1e_state *state)
may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE;
encode_kind &= ~SEC_ASN1_MAY_STREAM;
+ ignore_stream = (encode_kind & SEC_ASN1_NO_STREAM) ? PR_TRUE : PR_FALSE;
+ encode_kind &= ~SEC_ASN1_NO_STREAM;
+
/* Just clear this to get it out of the way; we do not need it here */
encode_kind &= ~SEC_ASN1_DYNAMIC;
@@ -290,7 +294,8 @@ sec_asn1e_init_state_based_on_template (sec_asn1e_state *state)
under_kind = state->theTemplate->kind;
if (under_kind & SEC_ASN1_MAY_STREAM) {
- may_stream = PR_TRUE;
+ if (!ignore_stream)
+ may_stream = PR_TRUE;
under_kind &= ~SEC_ASN1_MAY_STREAM;
}
} else {
@@ -363,6 +368,7 @@ sec_asn1e_init_state_based_on_template (sec_asn1e_state *state)
state->may_stream = may_stream;
state->is_string = is_string;
state->optional = optional;
+ state->ignore_stream = ignore_stream;
sec_asn1e_scrub_state (state);
@@ -473,12 +479,27 @@ sec_asn1e_which_choice
static unsigned long
sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
- PRBool *noheaderp)
+ PRBool ignoresubstream, PRBool *noheaderp)
{
unsigned long encode_kind, underlying_kind;
PRBool explicit, optional, universal, may_stream;
unsigned long len;
+ /*
+ * This function currently calculates the length in all cases
+ * except the following: when writing out the contents of a
+ * template that belongs to a state where it was a sub-template
+ * with the SEC_ASN1_MAY_STREAM bit set and it's parent had the
+ * optional bit set. The information that the parent is optional
+ * and that we should return the length of 0 when that length is
+ * present since that means the optional field is no longer present.
+ * So we add the ignoresubstream flag which is passed in when
+ * writing the contents, but for all recursive calls to
+ * sec_asn1e_contents_length, we pass PR_FALSE, because this
+ * function correctly calculates the length for children templates
+ * from that point on. Confused yet? At least you didn't have
+ * to figure it out. ;) -javi
+ */
encode_kind = theTemplate->kind;
universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
@@ -497,6 +518,7 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
/* Just clear this to get it out of the way; we do not need it here */
encode_kind &= ~SEC_ASN1_DYNAMIC;
+ encode_kind &= ~SEC_ASN1_NO_STREAM;
if( encode_kind & SEC_ASN1_CHOICE ) {
void *src2;
@@ -509,7 +531,8 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
src2 = (void *)((char *)src + theTemplate[indx].offset);
- return sec_asn1e_contents_length(&theTemplate[indx], src2, noheaderp);
+ return sec_asn1e_contents_length(&theTemplate[indx], src2,
+ PR_FALSE, noheaderp);
}
if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || !universal) {
@@ -544,7 +567,8 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
src = (char *)src + theTemplate->offset;
if (explicit) {
- len = sec_asn1e_contents_length (theTemplate, src, noheaderp);
+ len = sec_asn1e_contents_length (theTemplate, src, PR_FALSE,
+ noheaderp);
if (len == 0 && optional) {
*noheaderp = PR_TRUE;
} else if (*noheaderp) {
@@ -593,7 +617,8 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
}
src2 = (void *)((char *)src - theTemplate->offset + theTemplate[indx].offset);
- len = sec_asn1e_contents_length(&theTemplate[indx], src2, noheaderp);
+ len = sec_asn1e_contents_length(&theTemplate[indx], src2, PR_FALSE,
+ noheaderp);
} else
switch (underlying_kind) {
@@ -615,7 +640,8 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
for (; *group != NULL; group++) {
sub_src = (char *)(*group) + tmpt->offset;
- sub_len = sec_asn1e_contents_length (tmpt, sub_src, noheaderp);
+ sub_len = sec_asn1e_contents_length (tmpt, sub_src, PR_FALSE,
+ noheaderp);
len += sub_len;
/*
* XXX The 1 below is the presumed length of the identifier;
@@ -637,7 +663,8 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
len = 0;
for (tmpt = theTemplate + 1; tmpt->kind; tmpt++) {
sub_src = (char *)src + tmpt->offset;
- sub_len = sec_asn1e_contents_length (tmpt, sub_src, noheaderp);
+ sub_len = sec_asn1e_contents_length (tmpt, sub_src, PR_FALSE,
+ noheaderp);
len += sub_len;
/*
* XXX The 1 below is the presumed length of the identifier;
@@ -659,7 +686,7 @@ sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src,
default:
len = ((SECItem *)src)->len;
- if (may_stream && len == 0)
+ if (may_stream && len == 0 && !ignoresubstream)
len = 1; /* if we're streaming, we may have a secitem w/len 0 as placeholder */
break;
}
@@ -691,7 +718,6 @@ sec_asn1e_write_header (sec_asn1e_state *state)
}
if( state->underlying_kind & SEC_ASN1_CHOICE ) {
- void *src2;
int indx = sec_asn1e_which_choice(state->src, state->theTemplate);
if( 0 == indx ) {
/* XXX set an error? "choice not found" */
@@ -719,7 +745,9 @@ sec_asn1e_write_header (sec_asn1e_state *state)
* walk the data structure to calculate the entire contents length.
*/
contents_length = sec_asn1e_contents_length (state->theTemplate,
- state->src, &noheader);
+ state->src,
+ state->ignore_stream,
+ &noheader);
/*
* We might be told explicitly not to put out a header.
* But it can also be the case, via a pushed subtemplate, that
diff --git a/security/nss/lib/util/secasn1t.h b/security/nss/lib/util/secasn1t.h
index 45f0eba60..cb56a0bd7 100644
--- a/security/nss/lib/util/secasn1t.h
+++ b/security/nss/lib/util/secasn1t.h
@@ -178,6 +178,13 @@ typedef struct sec_ASN1Template_struct {
#define SEC_ASN1_SKIP_REST 0x80000 /* skip all following fields;
only for decoding */
#define SEC_ASN1_CHOICE 0x100000 /* pick one from a template */
+#define SEC_ASN1_NO_STREAM 0X200000 /* This entry will not stream
+ even if the sub-template says
+ streaming is possible. Helps
+ to solve ambiguities with potential
+ streaming entries that are
+ optional */
+
/* Shorthand/Aliases */
#define SEC_ASN1_SEQUENCE_OF (SEC_ASN1_GROUP | SEC_ASN1_SEQUENCE)
diff --git a/security/nss/macbuild/LoadableRoots.mcp b/security/nss/macbuild/LoadableRoots.mcp
index 962d99198..f9f6852d3 100644
--- a/security/nss/macbuild/LoadableRoots.mcp
+++ b/security/nss/macbuild/LoadableRoots.mcp
Binary files differ
diff --git a/security/nss/macbuild/NSSckfw.mcp b/security/nss/macbuild/NSSckfw.mcp
index cbcaefa23..6624f2319 100644
--- a/security/nss/macbuild/NSSckfw.mcp
+++ b/security/nss/macbuild/NSSckfw.mcp
Binary files differ
diff --git a/security/nss/manifest.mn b/security/nss/manifest.mn
index 0b3a2a329..fd91496cf 100644
--- a/security/nss/manifest.mn
+++ b/security/nss/manifest.mn
@@ -33,7 +33,7 @@
CORE_DEPTH = ..
DEPTH = ..
-IMPORTS = nspr20/v4.1.1 \
+IMPORTS = nspr20/v4.1.2 \
dbm/DBM_1_55_RTM \
$(NULL)
diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt
index f4e088391..8e4a9c585 100644
--- a/security/nss/tests/ssl/sslauth.txt
+++ b/security/nss/tests/ssl/sslauth.txt
@@ -10,12 +10,12 @@
0 -r -w_nss_-n_TestUser TLS Request don't require client auth (client auth)
0 -r_-r -w_nss TLS Require client auth (client does not provide auth)
# this one should fail
- 2 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
+ 254 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
0 -r_-r -w_nss_-n_TestUser_ TLS Require client auth (client auth)
0 -r -T_-w_nss SSL3 Request don't require client auth (client does not provide auth)
0 -r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
0 -r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
0 -r_-r -T_-w_nss SSL3 Require client auth (client does not provide auth)
# this one should fail
- 2 -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
+ 254 -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
0 -r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth (client auth)