diff options
| author | cvs2hg <devnull@localhost> | 2002-08-30 03:44:25 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2002-08-30 03:44:25 +0000 |
| commit | eb8b91fe8fc75047c030538cb98b5a95a0067471 (patch) | |
| tree | 1ace5c04d94cf276b62b6e70481e57f5aa2a0fdc | |
| parent | b61d7b8835bb670d5c6451b6c5ecec6e16e5b56c (diff) | |
| download | nss-hg-eb8b91fe8fc75047c030538cb98b5a95a0067471.tar.gz | |
fixup commit for tag 'ROGC_20020830_FREEZE'ROGC_20020830_FREEZE
46 files changed, 1674 insertions, 3012 deletions
diff --git a/dbm/makefile.win b/dbm/makefile.win new file mode 100644 index 000000000..27470574e --- /dev/null +++ b/dbm/makefile.win @@ -0,0 +1,38 @@ +# The contents of this file are subject to the Netscape Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/NPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1998 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): + +DEPTH=.. + +#//------------------------------------------------------------------------ +#// +#// Specify any "command" targets. (ie. DIRS, INSTALL_FILES, ...) +#// (these must come before the common makefiles are included) +#// +#// DIRS - There are subdirectories to process +#// +#//------------------------------------------------------------------------ +DIRS = include src + +#//------------------------------------------------------------------------ +#// +#// Include the common makefile rules +#// +#//------------------------------------------------------------------------ +include <$(DEPTH)\config\rules.mak> + diff --git a/dbm/src/hash.c b/dbm/src/hash.c index d984c5f30..82d6dba37 100644 --- a/dbm/src/hash.c +++ b/dbm/src/hash.c @@ -566,11 +566,9 @@ hdestroy(HTAB *hashp) #endif free(hashp->filename); } - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if (hashp->tmp_key) - free(hashp->tmp_key); + free(hashp); + if (save_errno) { errno = save_errno; return (DBM_ERROR); @@ -902,7 +900,7 @@ hash_access( n = *bp++; ndx = 1; off = hashp->BSIZE; - } else if (bp[1] < REAL_KEY) { + } else if (bp[1] < REAL_KEY) { if ((ndx = __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) goto found; diff --git a/security/coreconf/AIX5.1.mk b/security/coreconf/AIX5.1.mk deleted file mode 100644 index daa999ba7..000000000 --- a/security/coreconf/AIX5.1.mk +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX5.1 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -ifeq ($(USE_64), 1) -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - OS_CFLAGS += -DAIX_64BIT - OBJECT_MODE=64 - export OBJECT_MODE -endif -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -MKSHLIB = $(LD) $(DSO_LDOPTS) -lsvld -L/usr/lpp/xlC/lib -lc -lm - -OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm -ifdef MAPFILE -DSO_LDOPTS += -bexport:$(MAPFILE) -else -DSO_LDOPTS += -bexpall -endif diff --git a/security/coreconf/Darwin.mk b/security/coreconf/Darwin.mk index 59f5af8fd..6c2b93c9d 100644 --- a/security/coreconf/Darwin.mk +++ b/security/coreconf/Darwin.mk @@ -70,7 +70,5 @@ DSO_LDOPTS = -dynamiclib -compatibility_version 1 -current_version 1 -install_na MKSHLIB = $(CC) -arch $(CPU_ARCH) $(DSO_LDOPTS) DLL_SUFFIX = dylib -PROCESS_MAP_FILE = grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ - sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,_,' > $@ G++INCLUDES = -I/usr/include/g++ diff --git a/security/coreconf/HP-UXB.11.20.mk b/security/coreconf/HP-UXB.11.20.mk deleted file mode 100644 index a638736c5..000000000 --- a/security/coreconf/HP-UXB.11.20.mk +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 2002 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 10.30 and 11.x, the default implementation strategy is -# pthreads. Classic nspr and pthreads-user are also available. -# - -ifeq ($(OS_RELEASE),B.11.20) -OS_CFLAGS += -DHPUX10 -DEFAULT_IMPL_STRATEGY = _PTH -endif - -# -# To use the true pthread (kernel thread) library on 10.30 and -# 11.x, we should define _POSIX_C_SOURCE to be 199506L. -# The _REENTRANT macro is deprecated. -# - -ifdef USE_PTHREADS - OS_CFLAGS += -D_POSIX_C_SOURCE=199506L -endif - -# -# Config stuff for HP-UXB.11.x. -# -include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk diff --git a/security/coreconf/HP-UXB.11.mk b/security/coreconf/HP-UXB.11.mk index 5b489014f..08463214d 100644 --- a/security/coreconf/HP-UXB.11.mk +++ b/security/coreconf/HP-UXB.11.mk @@ -41,22 +41,14 @@ endif ifndef NS_USE_GCC CCC = /opt/aCC/bin/aCC -ext ifeq ($(USE_64), 1) - ifeq ($(OS_TEST), ia64) - OS_CFLAGS += -Aa +e +p +DD64 - else - OS_CFLAGS += -Aa +e +DA2.0W +DS2.0 +DChpux - endif + OS_CFLAGS += -Aa +e +DA2.0W +DS2.0 +DChpux # Next line replaced by generic name handling in arch.mk # COMPILER_TAG = _64 else - ifeq ($(OS_TEST), ia64) - OS_CFLAGS += -Aa +e +p +DD32 + ifdef USE_HYBRID + OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 else - ifdef USE_HYBRID - OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 - else - OS_CFLAGS += +DAportable +DS2.0 - endif + OS_CFLAGS += +DAportable +DS2.0 endif endif else diff --git a/security/coreconf/OpenBSD.mk b/security/coreconf/OpenBSD.mk deleted file mode 100644 index 14fa73489..000000000 --- a/security/coreconf/OpenBSD.mk +++ /dev/null @@ -1,62 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for OpenBSD -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = gcc -CC = gcc -CCC = g++ -RANLIB = ranlib - -CPU_ARCH := $(shell uname -p) -ifeq ($(CPU_ARCH),i386) -OS_REL_CFLAGS = -Di386 -CPU_ARCH = x86 -endif - -DLL_SUFFIX = so.1.0 - -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DOPENBSD - -OS_LIBS = - -ARCH = openbsd - -DSO_CFLAGS = -fPIC -DPIC -DSO_LDOPTS = -shared -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) -DSO_LDFLAGS = - -MKSHLIB = $(CC) $(DSO_LDOPTS) - diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk index 01b633be8..7ad0d1e16 100644 --- a/security/coreconf/config.mk +++ b/security/coreconf/config.mk @@ -58,7 +58,7 @@ endif # one for each OS release. # ####################################################################### -TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD +TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET))) include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk diff --git a/security/coreconf/jdk.mk b/security/coreconf/jdk.mk index 7e069914e..9e0151023 100644 --- a/security/coreconf/jdk.mk +++ b/security/coreconf/jdk.mk @@ -118,7 +118,7 @@ ifeq ($(OS_ARCH), WINNT) endif # set [Sun Solaris] platforms -ifeq ($(OS_ARCH), SunOS) +ifeq ($(OS_TARGET), SunOS) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -139,11 +139,7 @@ ifeq ($(OS_ARCH), SunOS) INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) # (3) specify "linker" information -ifeq ($(USE_64), 1) - JAVA_CPU = $(shell uname -p)v9 -else JAVA_CPU = $(shell uname -p) -endif ifeq ($(JDK_VERSION), 1.1) JAVA_LIBDIR = lib/$(JAVA_CPU) @@ -157,11 +153,7 @@ endif JAVA_CLIBS = -lthread ifneq ($(JDK_VERSION), 1.1) -ifeq ($(USE_64), 1) - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server -else JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -endif JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) JAVA_LIBS += -ljvm -ljava else @@ -176,7 +168,7 @@ endif endif # set [Hewlett Packard HP-UX] platforms -ifeq ($(OS_ARCH), HP-UX) +ifeq ($(OS_TARGET), HP-UX) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -215,7 +207,7 @@ ifeq ($(OS_ARCH), HP-UX) endif # set [Redhat Linux] platforms -ifeq ($(OS_ARCH), Linux) +ifeq ($(OS_TARGET), Linux) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -242,11 +234,8 @@ ifeq ($(OS_ARCH), Linux) JAVA_CLIBS = - ifeq ($(JDK_VERSION), 1.4) - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server -ljvm - else - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - endif + JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi + JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava JAVA_LIBS += $(JAVA_CLIBS) @@ -257,7 +246,7 @@ ifeq ($(OS_ARCH), Linux) endif # set [IBM AIX] platforms -ifeq ($(OS_ARCH), AIX) +ifeq ($(OS_TARGET), AIX) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -296,7 +285,7 @@ ifeq ($(OS_ARCH), AIX) endif # set [Digital UNIX] platforms -ifeq ($(OS_ARCH), OSF1) +ifeq ($(OS_TARGET), OSF1) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -335,7 +324,7 @@ ifeq ($(OS_ARCH), OSF1) endif # set [Silicon Graphics IRIX] platforms -ifeq ($(OS_ARCH), IRIX) +ifeq ($(OS_TARGET), IRIX) JAVA_CLASSES = $(JAVA_HOME)/lib/dev.jar:$(JAVA_HOME)/lib/rt.jar ifeq ($(JRE_HOME),) @@ -407,9 +396,6 @@ ifeq ($(JDK_CLASSPATH_OPT),) JDK_CLASSPATH_OPT = -classpath $(JDK_CLASSPATH) endif -ifeq ($(USE_64), 1) - JDK_USE_64 = -d64 -endif endif @@ -451,7 +437,6 @@ ifeq ($(JAVA),) JAVA_FLAGS += $(JDK_DEBUG_OPT) JAVA_FLAGS += $(JDK_CLASSPATH_OPT) JAVA_FLAGS += $(JDK_JIT_OPT) - JAVA_FLAGS += $(JDK_USE_64) JAVA = $(JAVA_PROG) $(JAVA_FLAGS) endif @@ -466,7 +451,6 @@ ifeq ($(JAVAC),) JAVAC_FLAGS += $(JDK_DEBUG_OPT) JAVAC_FLAGS += $(JDK_CLASSPATH_OPT) JAVAC_FLAGS += $(JDK_CLASS_REPOSITORY_OPT) - JAVAC_FLAGS += $(JDK_USE_64) JAVAC = $(JAVAC_PROG) $(JAVAC_FLAGS) endif diff --git a/security/coreconf/nsinstall/pathsub.c b/security/coreconf/nsinstall/pathsub.c index 9266b48c7..d13c541d0 100644 --- a/security/coreconf/nsinstall/pathsub.c +++ b/security/coreconf/nsinstall/pathsub.c @@ -69,7 +69,7 @@ fail(char *format, ...) va_start(ap, format); vfprintf(stderr, format, ap); va_end(ap); - if (error) { + if (error) #ifdef USE_REENTRANT_LIBC R_STRERROR_R(errno); @@ -77,8 +77,7 @@ fail(char *format, ...) #else fprintf(stderr, ": %s", strerror(errno)); #endif - } - + putc('\n', stderr); abort(); exit(1); diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk index c53c1ffc5..76043627a 100644 --- a/security/coreconf/rules.mk +++ b/security/coreconf/rules.mk @@ -364,11 +364,6 @@ endif ifeq ($(OS_TARGET),OpenVMS) @echo "`translate $@`" > $(@:$(DLL_SUFFIX)=vms) endif -ifeq ($(OS_TARGET),Darwin) -ifdef MAPFILE - nmedit -s $(MAPFILE) $@ -endif -endif endif endif diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index 34cd6d899..000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index 753364931..000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index ba4dd8ddf..000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 886fedd98..000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn deleted file mode 100644 index 11f4f4237..000000000 --- a/security/dbm/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = .. - -MODULE = dbm - -IMPORTS = nspr20/v4.1.2 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 8fce98394..000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index 370fd75d6..000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,63 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index 001a48c5c..000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> - -#include <dirent.h> -#include <errno.h> - -/*#ifndef __EMX__ -#include <libx.h> -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include <os2.h> - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell looses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in <ffbuf> */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac8..000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include <sys/param.h> -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include <stdio.h> -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include <param.h> -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 80f2abfd0..000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - nsres.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index fe132e19c..000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/cmd/modutil/README.TXT b/security/nss/cmd/modutil/README.TXT new file mode 100644 index 000000000..279e3ebe6 --- /dev/null +++ b/security/nss/cmd/modutil/README.TXT @@ -0,0 +1,7 @@ + CRYPTOGRAPHIC MODULE UTILITY (modutil)
+ VERSION 1.0
+ ===============================================
+
+The file specification.html documentats the software.
+
+The file pk11jar.html documents the PKCS #11 JAR format.
diff --git a/security/nss/cmd/signtool/README.TXT b/security/nss/cmd/signtool/README.TXT new file mode 100644 index 000000000..db79ec992 --- /dev/null +++ b/security/nss/cmd/signtool/README.TXT @@ -0,0 +1,119 @@ + Signing Tool (signtool)
+ 1.3 Release Notes
+ ========================================
+
+Documentation is provided online at mozilla.org
+
+Problems or questions not covered by the online documentation can be
+discussed in the DevEdge Security Newsgroup.
+
+=== New Features in 1.3
+=======================
+
+The security library components have been upgraded to utilize NSS_2_7_1_RTM.
+This means that the maximum RSA keysize now supported should be 4096 bits.
+
+=== Zigbert 0.6 Support
+=======================
+This program was previously named Zigbert. The last version of zigbert
+was Zigbert 0.6. Because all the functionality of Zigbert is maintained in
+signtool 1.2, Zigbert is no longer supported. If you have problems
+using Zigbert, please upgrade to signtool 1.2.
+
+=== New Features in 1.2
+=======================
+
+Certificate Generation Improvements
+-----------------------------------
+Two new options have been added to control generation of self-signed object
+signing certificates with the -G option. The -s option takes the size (in bits)
+of the generated RSA private key. The -t option takes the name of the PKCS #11
+token on which to generate the keypair and install the certificate. Both
+options are optional. By default, the private key is 1024 bits and is generated
+on the internal software token.
+
+
+=== New Features in 1.1
+=======================
+
+File I/O
+--------
+Signtool can now read its options from a command file specified with the -f
+option on the command line. The format for the file is described in the
+documentation.
+Error messages and informational output can be redirected to an output file
+by supplying the "--outfile" option on the command line or the "outfile="
+option in the command file.
+
+New Options
+-----------
+"--norecurse" tells Signtool not to recurse into subdirectories when signing
+directories or parsing HTML with the -J option.
+"--leavearc" tells Signtool not to delete the temporary .arc directories
+produced by the -J option. This can aid debugging.
+"--verbosity" tells Signtool how much information to display. 0 is the
+default. -1 suppresses most messages, except for errors.
+
+=== Bug Fixes in 1.1
+====================
+
+-J option revamped
+------------------
+The -J option, which parses HTML files, extracts Java and Javascript code,
+and stores them in signed JAR files, has been re-implemented. Several bugs
+have been fixed:
+- CODEBASE attribute is no longer ignored
+- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
+ just filenames ("x.class").
+- LINK tags are handled correctly
+- various HTML parsing bugs fixed
+- error messages are more informative
+
+No Password on Key Database
+---------------------------
+If you had not yet set a Communicator password (which locks key3.db, the
+key database), signtool would fail with a cryptic error message whenever it
+attempted to verify the password. Now this condition is detected at the
+beginning of the program, and a more informative message is displayed.
+
+-x and -e Options
+-----------------
+Previously, only one of each of these options could be specified on the command
+line. Now arbitrarily many can be specified. For example, to sign only files
+with .class or .js extensions, the arguments "-eclass -ejs" could both be
+specified. To exclude the directories "subdir1" and "subdir2" from signing,
+the arguments "-x subdir1 -x subdir2" could both be specified.
+
+New Features in 1.0
+===================
+
+Creation of JAR files
+----------------------
+The -Z option causes signtool to output a JAR file formed by storing the
+signed archive in ZIP format. This eliminates the need to use a separate ZIP
+utility. The -c option specifies the compression level of the resulting
+JAR file.
+
+Generation of Object-Signing Certificates and Keys
+--------------------------------------------------
+The -G option will create a new, self-signed object-signing certificate
+which can be used for testing purposes. The generated certificate and
+associated public and private keys will be installed in the cert7.db and
+key3.db files in the directory specified with the -d option (unless the key
+is generated on an external token using the -t option). On Unix systems,
+if no directory is specified, the user's Netscape directory (~/.netscape)
+will be used. In addition, the certificate is output in X509 format to the
+files x509.raw and x509.cacert in the current directory. x509.cacert can
+be published on a web page and imported into browsers that visit that page.
+
+Extraction and Signing of JavaScript from HTML
+----------------------------------------------
+The -J option activates the same functionality provided by the signpages
+Perl script. It will parse a directory of html files, creating archives
+of the JavaScript called from the HTML. These archives are then signed and
+made into JAR files.
+
+Enhanced Smart Card Support
+---------------------------
+Certificates that reside on smart cards are displayed when using the -L and
+-l options.
diff --git a/security/nss/cmd/tests/Makefile b/security/nss/cmd/tests/Makefile deleted file mode 100644 index da66e20df..000000000 --- a/security/nss/cmd/tests/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk diff --git a/security/nss/cmd/tests/manifest.mn b/security/nss/cmd/tests/manifest.mn deleted file mode 100644 index 528cc7678..000000000 --- a/security/nss/cmd/tests/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = security - -CSRCS = vercrt.c \ - vercrtfps.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAMS = $(CSRCS:.c=) - -TARGETS = $(PROGRAMS) - -NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/vfyserv/Makefile b/security/nss/cmd/vfyserv/Makefile deleted file mode 100644 index 8a0332d89..000000000 --- a/security/nss/cmd/vfyserv/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/vfyserv/makefile.win b/security/nss/cmd/vfyserv/makefile.win deleted file mode 100644 index 6cf6c12cf..000000000 --- a/security/nss/cmd/vfyserv/makefile.win +++ /dev/null @@ -1,130 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -VERBOSE = 1 -include <manifest.mn> - -#cannot define PROGRAM in manifest compatibly with NT and UNIX -PROGRAM = tstclnt -PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe -include <$(DEPTH)\config\config.mak> - -# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ -# rules.mak will append C_OBJS onto OBJS. -# OBJS = $(CSRCS:.c=.obj) - -# include files are looked for in $LINCS and $INCS. -# $LINCS is in manifest.mnw, computed from REQUIRES= -INCS = $(INCS) \ - -I$(DEPTH)/security/lib/cert \ - -I../include \ - $(NULL) - -IGNORE_ME = \ - -I$(DEPTH)/security/lib/key \ - -I$(DEPTH)/security/lib/util \ - $(NULL) - - -WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg - -# these files are the content of libdbm -DBM_LIB = \ - $(WINFE)/DB.obj \ - $(WINFE)/HASH.obj \ - $(WINFE)/H_BIGKEY.obj \ - $(WINFE)/H_PAGE.obj \ - $(WINFE)/H_LOG2.obj \ - $(WINFE)/H_FUNC.obj \ - $(WINFE)/HASH_BUF.obj \ - $(NULL) - -MOZ_LIBS = \ - $(WINFE)/ALLXPSTR.obj \ - $(WINFE)/XP_ERROR.obj \ - $(WINFE)/XPASSERT.obj \ - $(WINFE)/XP_REG.obj \ - $(WINFE)/XP_TRACE.obj \ - $(DBM_LIB) \ - $(WINFE)/XP_STR.obj \ - $(WINFE)/MKTEMP.obj \ - $(NULL) - -SEC_LIBS = \ - $(DIST)/lib/cert$(MOZ_BITS).lib \ - $(DIST)/lib/crypto$(MOZ_BITS).lib \ - $(DIST)/lib/hash$(MOZ_BITS).lib \ - $(DIST)/lib/key$(MOZ_BITS).lib \ - $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ - $(DIST)/lib/secmod$(MOZ_BITS).lib \ - $(DIST)/lib/secutl$(MOZ_BITS).lib \ - $(DIST)/lib/ssl$(MOZ_BITS).lib \ - $(NULL) - -LLFLAGS = $(LLFLAGS) \ - ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ - $(SEC_LIBS) \ - $(MOZ_LIBS) \ - $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ - $(LIBNSPR) \ - $(NULL) - - -include <$(DEPTH)\config\rules.mak> - -INSTALL = $(MAKE_INSTALL) - -objs: $(OBJS) - -$(PROGRAM):: - $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) - -programs: $(PROGRAM) - -install:: $(TARGETS) - $(INSTALL) $(TARGETS) $(DIST)/bin - - -symbols: - @echo "CSRCS = $(CSRCS)" - @echo "INCS = $(INCS)" - @echo "OBJS = $(OBJS)" - @echo "LIBRARY = $(LIBRARY)" - @echo "PROGRAM = $(PROGRAM)" - @echo "TARGETS = $(TARGETS)" - @echo "DIST = $(DIST)" - @echo "VERSION_NUMBER = $(VERSION_NUMBER)" - @echo "WINFE = $(WINFE)" - @echo "DBM_LIB = $(DBM_LIB)" - @echo "INSTALL = $(INSTALL)" - diff --git a/security/nss/cmd/vfyserv/manifest.mn b/security/nss/cmd/vfyserv/manifest.mn deleted file mode 100644 index b2c85fadb..000000000 --- a/security/nss/cmd/vfyserv/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = security - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -# DIRS = - -CSRCS = vfyserv.c vfyutil.c -DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" - -PROGRAM = vfyserv - diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c deleted file mode 100644 index ea4116ca9..000000000 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ /dev/null @@ -1,450 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/**************************************************************************** - * SSL client program that tests a server for proper operation of SSL2, * - * SSL3, and TLS. Test propder certificate installation. * - * * - * This code was modified from the SSLSample code also kept in the NSS * - * directory. * - ****************************************************************************/ - -#include <stdio.h> -#include <string.h> - -#if defined(XP_UNIX) -#include <unistd.h> -#endif - -#include "prerror.h" - -#include "pk11func.h" -#include "secmod.h" -#include "secitem.h" - - -#include <stdlib.h> -#include <errno.h> -#include <fcntl.h> -#include <stdarg.h> - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" - -#include "vfyserv.h" - -#define RD_BUF_SIZE (60 * 1024) - -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -GlobalThreadMgr threadMGR; -char *certNickname = NULL; -char *hostName = NULL; -char *password = NULL; -unsigned short port = 0; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-p port] [-c connections] [-C cipher(s)] hostname\n", - progName); - exit(1); -} - -PRFileDesc * -setupSSLSocket(PRNetAddr *addr) -{ - PRFileDesc *tcpSocket; - PRFileDesc *sslSocket; - PRSocketOptionData socketOption; - PRStatus prStatus; - SECStatus secStatus; - - - tcpSocket = PR_NewTCPSocket(); - if (tcpSocket == NULL) { - errWarn("PR_NewTCPSocket"); - } - - /* Make the socket blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(tcpSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption"); - goto loser; - } - - - /* Import the socket into the SSL layer. */ - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (!sslSocket) { - errWarn("SSL_ImportFD"); - goto loser; - } - - /* Set configuration options. */ - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT"); - goto loser; - } - - /* Set SSL callback routines. */ - secStatus = SSL_GetClientAuthDataHook(sslSocket, - (SSLGetClientAuthData)myGetClientAuthData, - (void *)certNickname); - if (secStatus != SECSuccess) { - errWarn("SSL_GetClientAuthDataHook"); - goto loser; - } - - secStatus = SSL_AuthCertificateHook(sslSocket, - (SSLAuthCertificate)myAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - (SSLHandshakeCallback)myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - - -const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" }; - -SECStatus -handle_connection(PRFileDesc *sslSocket, int connection) -{ - int countRead = 0; - PRInt32 numBytes; - char *readBuffer; - - readBuffer = PORT_Alloc(RD_BUF_SIZE); - if (!readBuffer) { - exitErr("PORT_Alloc"); - } - - /* compose the http request here. */ - - numBytes = PR_Write(sslSocket, requestString, strlen(requestString)); - if (numBytes <= 0) { - errWarn("PR_Write"); - PR_Free(readBuffer); - readBuffer = NULL; - return SECFailure; - } - - /* read until EOF */ - while (PR_TRUE) { - numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE); - if (numBytes == 0) { - break; /* EOF */ - } - if (numBytes < 0) { - errWarn("PR_Read"); - break; - } - countRead += numBytes; - } - - printSecurityInfo(stderr, sslSocket); - - PR_Free(readBuffer); - readBuffer = NULL; - - /* Caller closes the socket. */ - - fprintf(stderr, - "***** Connection %d read %d bytes total.\n", - connection, countRead); - - return SECSuccess; /* success */ -} - -#define BYTE(n,i) (((i)>>((n)*8))&0xff) - -/* one copy of this function is launched in a separate thread for each -** connection to be made. -*/ -SECStatus -do_connects(void *a, int connection) -{ - PRNetAddr *addr = (PRNetAddr *)a; - PRFileDesc *sslSocket; - PRHostEnt hostEntry; - char buffer[PR_NETDB_BUF_SIZE]; - PRStatus prStatus; - PRIntn hostenum; - PRInt32 ip; - SECStatus secStatus; - - /* Set up SSL secure socket. */ - sslSocket = setupSSLSocket(addr); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - return SECFailure; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_SetPKCS11PinArg"); - return secStatus; - } - - secStatus = SSL_SetURL(sslSocket, hostName); - if (secStatus != SECSuccess) { - errWarn("SSL_SetURL"); - return secStatus; - } - - /* Prepare and setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry); - if (prStatus != PR_SUCCESS) { - errWarn("PR_GetHostByName"); - return SECFailure; - } - - hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr); - if (hostenum == -1) { - errWarn("PR_EnumerateHostEnt"); - return SECFailure; - } - - ip = PR_ntohl(addr->inet.ip); - fprintf(stderr, - "Connecting to host %s (addr %d.%d.%d.%d) on port %d\n", - hostName, BYTE(3,ip), BYTE(2,ip), BYTE(1,ip), - BYTE(0,ip), PR_ntohs(addr->inet.port)); - - prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Connect"); - return SECFailure; - } - - /* Established SSL connection, ready to send data. */ -#if 0 - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return secStatus; - } -#endif - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - prStatus = PR_Close(sslSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - return secStatus; - } - - secStatus = handle_connection(sslSocket, connection); - if (secStatus != SECSuccess) { - /* error already printed out in handle_connection */ - /* errWarn("handle_connection"); */ - return secStatus; - } - - PR_Close(sslSocket); - return SECSuccess; -} - -void -client_main(unsigned short port, - int connections, - const char * hostName) -{ - int i; - SECStatus secStatus; - PRStatus prStatus; - PRInt32 rv; - PRNetAddr addr; - PRHostEnt hostEntry; - char buffer[256]; - - /* Setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry); - if (prStatus != PR_SUCCESS) { - exitErr("PR_GetHostByName"); - } - - rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr); - if (rv < 0) { - exitErr("PR_EnumerateHostEnt"); - } - - secStatus = launch_thread(&threadMGR, do_connects, &addr, 1); - if (secStatus != SECSuccess) { - exitErr("launch_thread"); - } - - if (connections > 1) { - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(&threadMGR); - /* Start up the connections */ - for (i = 2; i <= connections; ++i) { - secStatus = launch_thread(&threadMGR, do_connects, &addr, i); - if (secStatus != SECSuccess) { - errWarn("launch_thread"); - } - } - } - - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); -} - -int -main(int argc, char **argv) -{ - char * certDir = NULL; - char * progName = NULL; - int connections = 1; - char * cipherString = NULL; - SECStatus secStatus; - PLOptState * optstate; - PLOptStatus status; - - /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PL_strdup(argv[0]); - - hostName = NULL; - optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 'C' : cipherString = PL_strdup(optstate->value); break; - case 'c' : connections = PORT_Atoi(optstate->value); break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'p' : port = PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case '\0': hostName = PL_strdup(optstate->value); break; - default : Usage(progName); - } - } - - if (port == 0) { - port = 443; - } - - if (port == 0 || hostName == NULL) - Usage(progName); - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - if (certDir) { - secStatus = NSS_Init(certDir); - } else { - secStatus = NSS_NoDB_Init(NULL); - - /* load the builtins */ - SECMOD_AddNewModule("Builtins", - DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); - } - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* All cipher suites except RSA_NULL_MD5 are enabled by - * Domestic Policy. */ - NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SSL_CipherPrefSetDefault(cipher, PR_TRUE); - } - } - } - - client_main(port, connections, hostName); - - NSS_Shutdown(); - PR_Cleanup(); - return 0; -} - diff --git a/security/nss/cmd/vfyserv/vfyserv.h b/security/nss/cmd/vfyserv/vfyserv.h deleted file mode 100644 index e23b5e779..000000000 --- a/security/nss/cmd/vfyserv/vfyserv.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#ifndef SSLSAMPLE_H -#define SSLSAMPLE_H - -/* Generic header files */ - -#include <stdio.h> -#include <string.h> - -/* NSPR header files */ - -#include "nspr.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secrng.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -/* -#include "sslerror.h" -*/ - -#define BUFFER_SIZE 10240 - -/* Declare SSL cipher suites. */ - -extern int cipherSuites[]; -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -/* Data buffer read from a socket. */ -typedef struct DataBufferStr { - char data[BUFFER_SIZE]; - int index; - int remaining; - int dataStart; - int dataEnd; -} DataBuffer; - -/* SSL callback routines. */ - -char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg); - -SECStatus myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer); - -SECStatus myBadCertHandler(void *arg, PRFileDesc *socket); - -SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg); - -SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* Disable all v2/v3 SSL ciphers. */ - -void disableAllSSLCiphers(void); - - -/* Error and information utilities. */ - -void errWarn(char *function); - -void exitErr(char *function); - -void printSecurityInfo(FILE *outfile, PRFileDesc *fd); - -void printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertUsage certUsage, void *pinArg); - -/* Some simple thread management routines. */ - -#define MAX_THREADS 32 - -typedef SECStatus startFn(void *a, int b); - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - PRFileDesc *a; - int b; - int rv; - startFn *startFunc; - PRThread *prThread; - PRBool inUse; - runState running; -} perThread; - -typedef struct GlobalThreadMgrStr { - PRLock *threadLock; - PRCondVar *threadStartQ; - PRCondVar *threadEndQ; - perThread threads[MAX_THREADS]; - int index; - int numUsed; - int numRunning; -} GlobalThreadMgr; - -void thread_wrapper(void * arg); - -SECStatus launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, void *a, int b); - -SECStatus reap_threads(GlobalThreadMgr *threadMGR); - -void destroy_thread_data(GlobalThreadMgr *threadMGR); - -/* Management of locked variables. */ - -struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void lockedVars_Init(lockedVars *lv); - -void lockedVars_Destroy(lockedVars *lv); - -void lockedVars_WaitForDone(lockedVars *lv); - -int lockedVars_AddToCount(lockedVars *lv, int addend); - -/* Buffer stuff. */ - -static const char stopCmd[] = { "GET /stop " }; -static const char defaultHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: SSL sample server\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -#endif diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c deleted file mode 100644 index db60ec13e..000000000 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ /dev/null @@ -1,700 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "vfyserv.h" -#include "secerr.h" -#include "sslerr.h" -#include "nspr.h" -#include "secutil.h" - -/* Declare SSL cipher suites. */ - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ - 0 -}; - -int ssl3CipherSuites[] = { - SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */ - SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - 0 -}; - -/************************************************************************** -** -** SSL callback routines. -** -**************************************************************************/ - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - - return passwd; -} - -/* Function: SECStatus myAuthCertificate() - * - * Purpose: This function is our custom certificate authentication handler. - * - * Note: This implementation is essentially the same as the default - * SSL_AuthCertificate(). - */ -SECStatus -myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer) -{ - - SECCertUsage certUsage; - CERTCertificate * cert; - void * pinArg; - char * hostName; - SECStatus secStatus; - - if (!arg || !socket) { - errWarn("myAuthCertificate"); - return SECFailure; - } - - /* Define how the cert is being used based upon the isServer flag. */ - - certUsage = isServer ? certUsageSSLClient : certUsageSSLServer; - - cert = SSL_PeerCertificate(socket); - - pinArg = SSL_RevealPinArg(socket); - - secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg, - cert, - checksig, - certUsage, - pinArg); - - /* If this is a server, we're finished. */ - if (isServer || secStatus != SECSuccess) { - printCertProblems(stderr, (CERTCertDBHandle *)arg, cert, - checksig, certUsage, pinArg); - CERT_DestroyCertificate(cert); - return secStatus; - } - - /* Certificate is OK. Since this is the client side of an SSL - * connection, we need to verify that the name field in the cert - * matches the desired hostname. This is our defense against - * man-in-the-middle attacks. - */ - - /* SSL_RevealURL returns a hostName, not an URL. */ - hostName = SSL_RevealURL(socket); - - if (hostName && hostName[0]) { - secStatus = CERT_VerifyCertName(cert, hostName); - } else { - PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0); - secStatus = SECFailure; - } - - if (hostName) - PR_Free(hostName); - - CERT_DestroyCertificate(cert); - return secStatus; -} - -/* Function: SECStatus myBadCertHandler() - * - * Purpose: This callback is called when the incoming certificate is not - * valid. We define a certain set of parameters that still cause the - * certificate to be "valid" for this session, and return SECSuccess to cause - * the server to continue processing the request when any of these conditions - * are met. Otherwise, SECFailure is return and the server rejects the - * request. - */ -SECStatus -myBadCertHandler(void *arg, PRFileDesc *socket) -{ - - SECStatus secStatus = SECFailure; - PRErrorCode err; - - /* log invalid cert here */ - - if (!arg) { - return secStatus; - } - - *(PRErrorCode *)arg = err = PORT_GetError(); - - /* If any of the cases in the switch are met, then we will proceed */ - /* with the processing of the request anyway. Otherwise, the default */ - /* case will be reached and we will reject the request. */ - - switch (err) { - case SEC_ERROR_INVALID_AVA: - case SEC_ERROR_INVALID_TIME: - case SEC_ERROR_BAD_SIGNATURE: - case SEC_ERROR_EXPIRED_CERTIFICATE: - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_CERT: - case SEC_ERROR_CERT_VALID: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CRL_EXPIRED: - case SEC_ERROR_CRL_BAD_SIGNATURE: - case SEC_ERROR_EXTENSION_VALUE_INVALID: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_CERT_USAGES_INVALID: - case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: - secStatus = SECSuccess; - break; - default: - secStatus = SECFailure; - break; - } - - fprintf(stderr, "Bad certificate: %d, %s\n", err, SECU_Strerror(err)); - - return secStatus; -} - -/* Function: SECStatus ownGetClientAuthData() - * - * Purpose: This callback is used by SSL to pull client certificate - * information upon server request. - */ -SECStatus -myGetClientAuthData(void *arg, - PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - - CERTCertificate * cert; - SECKEYPrivateKey * privKey; - char * chosenNickName = (char *)arg; - void * proto_win = NULL; - SECStatus secStatus = SECFailure; - - proto_win = SSL_RevealPinArg(socket); - - if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); - if (cert) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - secStatus = SECSuccess; - } else { - CERT_DestroyCertificate(cert); - } - } - } else { /* no nickname given, automatically find the right cert */ - CERTCertNicknames *names; - int i; - - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), - SEC_CERT_NICKNAMES_USER, proto_win); - - if (names != NULL) { - for(i = 0; i < names->numnicknames; i++ ) { - - cert = PK11_FindCertFromNickname(names->nicknames[i], - proto_win); - if (!cert) { - continue; - } - - /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) - != secCertTimeValid ) { - CERT_DestroyCertificate(cert); - continue; - } - - secStatus = NSS_CmpCertChainWCANames(cert, caNames); - if (secStatus == SECSuccess) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - break; - } - secStatus = SECFailure; - break; - } - CERT_FreeNicknames(names); - } /* for loop */ - } - } - - if (secStatus == SECSuccess) { - *pRetCert = cert; - *pRetKey = privKey; - } - - return secStatus; -} - -/* Function: SECStatus myHandshakeCallback() - * - * Purpose: Called by SSL to inform application that the handshake is - * complete. This function is mostly used on the server side of an SSL - * connection, although it is provided for a client as well. - * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake - * is used to initiate a handshake. - * - * A typical scenario would be: - * - * 1. Server accepts an SSL connection from the client without client auth. - * 2. Client sends a request. - * 3. Server determines that to service request it needs to authenticate the - * client and initiates another handshake requesting client auth. - * 4. While handshake is in progress, server can do other work or spin waiting - * for the handshake to complete. - * 5. Server is notified that handshake has been successfully completed by - * the custom handshake callback function and it can service the client's - * request. - * - * Note: This function is not implemented in this sample, as we are using - * blocking sockets. - */ -SECStatus -myHandshakeCallback(PRFileDesc *socket, void *arg) -{ - fprintf(stderr,"Handshake Complete: SERVER CONFIGURED CORRECTLY\n"); - return SECSuccess; -} - - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - fprintf(stderr, - "SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SECU_Strerror(errorNumber); - - fprintf(stderr, "Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -void -printSecurityInfo(FILE *outfile, PRFileDesc *fd) -{ - char * cp; /* bulk cipher name */ - char * ip; /* cert issuer DN */ - char * sp; /* cert subject DN */ - int op; /* High, Low, Off */ - int kp0; /* total key bits */ - int kp1; /* secret key bits */ - int result; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - - if (!outfile) { - outfile = stdout; - } - - result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp); - if (result != SECSuccess) - return; - fprintf(outfile, - " bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" - " subject DN:\n %s\n" - " issuer DN:\n %s\n", cp, kp1, kp0, op, sp, ip); - PR_Free(cp); - PR_Free(ip); - PR_Free(sp); - - fprintf(outfile, - " %ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, - ssl3stats->hch_sid_cache_not_ok); - -} - - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ - -void -thread_wrapper(void * arg) -{ - GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg; - perThread *slot = &threadMGR->threads[threadMGR->index]; - - /* wait for parent to finish launching us before proceeding. */ - PR_Lock(threadMGR->threadLock); - PR_Unlock(threadMGR->threadLock); - - slot->rv = (* slot->startFunc)(slot->a, slot->b); - - PR_Lock(threadMGR->threadLock); - slot->running = rs_zombie; - - /* notify the thread exit handler. */ - PR_NotifyCondVar(threadMGR->threadEndQ); - - PR_Unlock(threadMGR->threadLock); -} - -SECStatus -launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, - void *a, - int b) -{ - perThread *slot; - int i; - - if (!threadMGR->threadStartQ) { - threadMGR->threadLock = PR_NewLock(); - threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock); - threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock); - } - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning >= MAX_THREADS) { - PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_idle) - break; - } - if (i >= threadMGR->numUsed) { - if (i >= MAX_THREADS) { - /* something's really wrong here. */ - PORT_Assert(i < MAX_THREADS); - PR_Unlock(threadMGR->threadLock); - return SECFailure; - } - ++(threadMGR->numUsed); - PORT_Assert(threadMGR->numUsed == i + 1); - slot = &threadMGR->threads[i]; - } - - slot->a = a; - slot->b = b; - slot->startFunc = startFunc; - - threadMGR->index = i; - - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, threadMGR, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, 0); - - if (slot->prThread == NULL) { - PR_Unlock(threadMGR->threadLock); - printf("Failed to launch thread!\n"); - return SECFailure; - } - - slot->inUse = 1; - slot->running = 1; - ++(threadMGR->numRunning); - PR_Unlock(threadMGR->threadLock); - - return SECSuccess; -} - -SECStatus -reap_threads(GlobalThreadMgr *threadMGR) -{ - perThread * slot; - int i; - - if (!threadMGR->threadLock) - return 0; - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning > 0) { - PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT); - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_zombie) { - /* Handle cleanup of thread here. */ - - /* Now make sure the thread has ended OK. */ - PR_JoinThread(slot->prThread); - slot->running = rs_idle; - --threadMGR->numRunning; - - /* notify the thread launcher. */ - PR_NotifyCondVar(threadMGR->threadStartQ); - } - } - } - - /* Safety Sam sez: make sure count is right. */ - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running != rs_idle) { - fprintf(stderr, "Thread in slot %d is in state %d!\n", - i, slot->running); - } - } - PR_Unlock(threadMGR->threadLock); - return 0; -} - -void -destroy_thread_data(GlobalThreadMgr *threadMGR) -{ - PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads)); - - if (threadMGR->threadEndQ) { - PR_DestroyCondVar(threadMGR->threadEndQ); - threadMGR->threadEndQ = NULL; - } - if (threadMGR->threadStartQ) { - PR_DestroyCondVar(threadMGR->threadStartQ); - threadMGR->threadStartQ = NULL; - } - if (threadMGR->threadLock) { - PR_DestroyLock(threadMGR->threadLock); - threadMGR->threadLock = NULL; - } -} - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PR_NewLock(); - lv->condVar = PR_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PR_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PR_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PR_Lock(lv->lock); - while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PR_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PR_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); - } - PR_Unlock(lv->lock); - return rv; -} - -static char * -bestCertName(CERTCertificate *cert) { - if (cert->nickname) { - return cert->nickname; - } - if (cert->emailAddr) { - return cert->emailAddr; - } - return cert->subjectName; -} - -void -printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertUsage certUsage, void *pinArg) -{ - CERTVerifyLog log; - CERTVerifyLogNode *node = NULL; - unsigned int depth = (unsigned int)-1; - unsigned int flags = 0; - char *errstr = NULL; - - log.arena = PORT_NewArena(512); - log.head = log.tail = NULL; - log.count = 0; - CERT_VerifyCert(handle, cert, checksig, certUsage, - PR_Now(), pinArg, &log); - - if (log.count > 0) { - fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n"); - for (node = log.head; node; node = node->next) { - if (depth != node->depth) { - depth = node->depth; - fprintf(outfile,"CERT %d. %s %s:\n", depth, - bestCertName(node->cert), - depth ? "[Certificate Authority]": ""); - } - fprintf(outfile," ERROR %d: %s\n", node->error, - SECU_Strerror(node->error)); - errstr = NULL; - switch (node->error) { - case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; - switch (flags) { - case KU_DIGITAL_SIGNATURE: - errstr = "Cert cannot sign."; - break; - case KU_KEY_ENCIPHERMENT: - errstr = "Cert cannot encrypt."; - break; - case KU_KEY_CERT_SIGN: - errstr = "Cert cannot sign other certs."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; - switch (flags) { - case NS_CERT_TYPE_SSL_CLIENT: - case NS_CERT_TYPE_SSL_SERVER: - errstr = "Cert cannot be used for SSL."; - break; - case NS_CERT_TYPE_SSL_CA: - errstr = "Cert cannot be used as an SSL CA."; - break; - case NS_CERT_TYPE_EMAIL: - errstr = "Cert cannot be used for SMIME."; - break; - case NS_CERT_TYPE_EMAIL_CA: - errstr = "Cert cannot be used as an SMIME CA."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING: - errstr = "Cert cannot be used for object signing."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING_CA: - errstr = "Cert cannot be used as an object signing CA."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_ISSUER: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - errstr = node->cert->issuerName; - break; - default: - break; - } - if (errstr) { - fprintf(stderr," %s\n",errstr); - } - CERT_DestroyCertificate(node->cert); - } - } - return ; -} diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index a9570cdd1..0b303eb97 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -1016,6 +1016,7 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, unsigned int caCertType; unsigned int requiredCAKeyUsage; unsigned int requiredFlags; + CERTCertificate *issuerCert; if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE, @@ -1100,6 +1101,18 @@ CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert, if ( ( flags & requiredFlags ) == requiredFlags || certUsage == certUsageStatusResponder ) { /* we found a trusted one, so return */ + /* Check the special case of certUsageStatusResponder */ + if(certUsage == certUsageStatusResponder) { + issuerCert = CERT_FindCertIssuer(cert, t, certUsage); + if (issuerCert) { + if(SEC_CheckCRL(handle, cert, issuerCert, t, wincx) != SECSuccess) { + PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); + CERT_DestroyCertificate(issuerCert); + goto loser; + } + CERT_DestroyCertificate(issuerCert); + } + } rv = rvFinal; goto done; } diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c index d8cf1be00..0d6d7e738 100644 --- a/security/nss/lib/ckfw/builtins/certdata.c +++ b/security/nss/lib/ckfw/builtins/certdata.c @@ -390,73 +390,73 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_112 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_113 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_114 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_115 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_116 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_117 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_118 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_119 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_120 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_121 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_122 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_123 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_124 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_125 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_126 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_127 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_128 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_129 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_130 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_131 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_132 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_133 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_134 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE }; static const CK_ATTRIBUTE_TYPE nss_builtins_types_135 [] = { - CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING }; #ifdef DEBUG static const NSSItem nss_builtins_items_0 [] = { @@ -7025,6 +7025,18 @@ static const NSSItem nss_builtins_items_113 [] = { , (PRUint32)20 }, { (void *)"\347\172\334\261\037\156\006\037\164\154\131\026\047\303\113\300" , (PRUint32)16 }, + { (void *)"\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123" +"\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124" +"\151\155\145\040\127\141\162\156\145\162\040\111\156\143\056\061" +"\034\060\032\006\003\125\004\013\023\023\101\155\145\162\151\143" +"\141\040\117\156\154\151\156\145\040\111\156\143\056\061\067\060" +"\065\006\003\125\004\003\023\056\101\117\114\040\124\151\155\145" +"\040\127\141\162\156\145\162\040\122\157\157\164\040\103\145\162" +"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157" +"\162\151\164\171\040\061" +, (PRUint32)134 }, + { (void *)"\001" +, (PRUint32)1 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7167,6 +7179,18 @@ static const NSSItem nss_builtins_items_115 [] = { , (PRUint32)20 }, { (void *)"\001\132\231\303\326\117\251\113\074\073\261\243\253\047\114\277" , (PRUint32)16 }, + { (void *)"\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123" +"\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124" +"\151\155\145\040\127\141\162\156\145\162\040\111\156\143\056\061" +"\034\060\032\006\003\125\004\013\023\023\101\155\145\162\151\143" +"\141\040\117\156\154\151\156\145\040\111\156\143\056\061\067\060" +"\065\006\003\125\004\003\023\056\101\117\114\040\124\151\155\145" +"\040\127\141\162\156\145\162\040\122\157\157\164\040\103\145\162" +"\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157" +"\162\151\164\171\040\062" +, (PRUint32)134 }, + { (void *)"\001" +, (PRUint32)1 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7297,6 +7321,16 @@ static const NSSItem nss_builtins_items_117 [] = { , (PRUint32)20 }, { (void *)"\201\065\271\373\373\022\312\030\151\066\353\256\151\170\241\361" , (PRUint32)16 }, + { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" +"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" +"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" +"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" +"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055" +"\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155" +"\145\156\164\141\164\151\157\156" +, (PRUint32)104 }, + { (void *)"\074\265\075\106" +, (PRUint32)4 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7442,6 +7476,16 @@ static const NSSItem nss_builtins_items_119 [] = { , (PRUint32)20 }, { (void *)"\175\206\220\217\133\361\362\100\300\367\075\142\265\244\251\073" , (PRUint32)16 }, + { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124" +"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" +"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" +"\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145" +"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" +"\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155" +"\145\156\164\141\164\151\157\156" +, (PRUint32)104 }, + { (void *)"\074\265\117\100" +, (PRUint32)4 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7572,6 +7616,16 @@ static const NSSItem nss_builtins_items_121 [] = { , (PRUint32)20 }, { (void *)"\206\102\005\011\274\247\235\354\035\363\056\016\272\330\035\320" , (PRUint32)16 }, + { (void *)"\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124" +"\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023" +"\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040" +"\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145" +"\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040" +"\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141" +"\164\151\157\156" +, (PRUint32)100 }, + { (void *)"\073\131\307\173\315\133\127\236\275\067\122\254\166\264\252\032" +, (PRUint32)16 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7664,6 +7718,13 @@ static const NSSItem nss_builtins_items_123 [] = { , (PRUint32)20 }, { (void *)"\167\015\031\261\041\375\000\102\234\076\014\245\335\013\002\216" , (PRUint32)16 }, + { (void *)"\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101" +"\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060" +"\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165" +"\162\151\164\171\040\062\060\064\070\040\126\063" +, (PRUint32)60 }, + { (void *)"\012\001\001\001\000\000\002\174\000\000\000\012\000\000\000\002" +, (PRUint32)16 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7739,6 +7800,13 @@ static const NSSItem nss_builtins_items_125 [] = { , (PRUint32)20 }, { (void *)"\072\345\120\260\071\276\307\106\066\063\241\376\202\076\215\224" , (PRUint32)16 }, + { (void *)"\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101" +"\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060" +"\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165" +"\162\151\164\171\040\061\060\062\064\040\126\063" +, (PRUint32)60 }, + { (void *)"\012\001\001\001\000\000\002\174\000\000\000\013\000\000\000\002" +, (PRUint32)16 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7832,6 +7900,14 @@ static const NSSItem nss_builtins_items_127 [] = { , (PRUint32)20 }, { (void *)"\367\165\253\051\373\121\116\267\167\136\377\005\074\231\216\365" , (PRUint32)16 }, + { (void *)"\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061" +"\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165" +"\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003" +"\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141" +"\154\040\103\101" +, (PRUint32)68 }, + { (void *)"\002\064\126" +, (PRUint32)3 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -7954,6 +8030,20 @@ static const NSSItem nss_builtins_items_129 [] = { , (PRUint32)20 }, { (void *)"\277\140\131\243\133\272\366\247\166\102\332\157\032\173\120\317" , (PRUint32)16 }, + { (void *)"\060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123" +"\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060" +"\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153" +"\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023" +"\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116" +"\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023" +"\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162" +"\164\162\165\163\164\056\143\157\155\061\053\060\051\006\003\125" +"\004\003\023\042\125\124\116\055\125\123\105\122\106\151\162\163" +"\164\055\116\145\164\167\157\162\153\040\101\160\160\154\151\143" +"\141\164\151\157\156\163" +, (PRUint32)166 }, + { (void *)"\104\276\014\213\120\000\044\264\021\323\066\060\113\300\063\167" +, (PRUint32)16 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -8056,6 +8146,16 @@ static const NSSItem nss_builtins_items_131 [] = { , (PRUint32)20 }, { (void *)"\024\361\010\255\235\372\144\342\211\347\034\317\250\255\175\136" , (PRUint32)16 }, + { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061" +"\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143" +"\141\040\117\156\154\151\156\145\040\111\156\143\056\061\066\060" +"\064\006\003\125\004\003\023\055\101\155\145\162\151\143\141\040" +"\117\156\154\151\156\145\040\122\157\157\164\040\103\145\162\164" +"\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162" +"\151\164\171\040\061" +, (PRUint32)101 }, + { (void *)"\001" +, (PRUint32)1 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -8190,6 +8290,16 @@ static const NSSItem nss_builtins_items_133 [] = { , (PRUint32)20 }, { (void *)"\326\355\074\312\342\146\017\257\020\103\015\167\233\004\011\277" , (PRUint32)16 }, + { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061" +"\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143" +"\141\040\117\156\154\151\156\145\040\111\156\143\056\061\066\060" +"\064\006\003\125\004\003\023\055\101\155\145\162\151\143\141\040" +"\117\156\154\151\156\145\040\122\157\157\164\040\103\145\162\164" +"\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162" +"\151\164\171\040\062" +, (PRUint32)101 }, + { (void *)"\001" +, (PRUint32)1 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -8292,6 +8402,16 @@ static const NSSItem nss_builtins_items_135 [] = { , (PRUint32)20 }, { (void *)"\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002" , (PRUint32)16 }, + { (void *)"\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061" +"\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057" +"\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156" +"\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166" +"\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061" +"\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145" +"\103\157\155\155\145\162\143\145\040\122\157\157\164" +, (PRUint32)109 }, + { (void *)"\023\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142" +, (PRUint32)16 }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) } @@ -8414,29 +8534,29 @@ nss_builtins_data[] = { { 11, nss_builtins_types_110, nss_builtins_items_110, {NULL} }, { 12, nss_builtins_types_111, nss_builtins_items_111, {NULL} }, { 11, nss_builtins_types_112, nss_builtins_items_112, {NULL} }, - { 10, nss_builtins_types_113, nss_builtins_items_113, {NULL} }, + { 12, nss_builtins_types_113, nss_builtins_items_113, {NULL} }, { 11, nss_builtins_types_114, nss_builtins_items_114, {NULL} }, - { 10, nss_builtins_types_115, nss_builtins_items_115, {NULL} }, + { 12, nss_builtins_types_115, nss_builtins_items_115, {NULL} }, { 11, nss_builtins_types_116, nss_builtins_items_116, {NULL} }, - { 10, nss_builtins_types_117, nss_builtins_items_117, {NULL} }, + { 12, nss_builtins_types_117, nss_builtins_items_117, {NULL} }, { 11, nss_builtins_types_118, nss_builtins_items_118, {NULL} }, - { 10, nss_builtins_types_119, nss_builtins_items_119, {NULL} }, + { 12, nss_builtins_types_119, nss_builtins_items_119, {NULL} }, { 11, nss_builtins_types_120, nss_builtins_items_120, {NULL} }, - { 10, nss_builtins_types_121, nss_builtins_items_121, {NULL} }, + { 12, nss_builtins_types_121, nss_builtins_items_121, {NULL} }, { 11, nss_builtins_types_122, nss_builtins_items_122, {NULL} }, - { 10, nss_builtins_types_123, nss_builtins_items_123, {NULL} }, + { 12, nss_builtins_types_123, nss_builtins_items_123, {NULL} }, { 11, nss_builtins_types_124, nss_builtins_items_124, {NULL} }, - { 10, nss_builtins_types_125, nss_builtins_items_125, {NULL} }, + { 12, nss_builtins_types_125, nss_builtins_items_125, {NULL} }, { 11, nss_builtins_types_126, nss_builtins_items_126, {NULL} }, - { 10, nss_builtins_types_127, nss_builtins_items_127, {NULL} }, + { 12, nss_builtins_types_127, nss_builtins_items_127, {NULL} }, { 11, nss_builtins_types_128, nss_builtins_items_128, {NULL} }, - { 10, nss_builtins_types_129, nss_builtins_items_129, {NULL} }, + { 12, nss_builtins_types_129, nss_builtins_items_129, {NULL} }, { 11, nss_builtins_types_130, nss_builtins_items_130, {NULL} }, - { 10, nss_builtins_types_131, nss_builtins_items_131, {NULL} }, + { 12, nss_builtins_types_131, nss_builtins_items_131, {NULL} }, { 11, nss_builtins_types_132, nss_builtins_items_132, {NULL} }, - { 10, nss_builtins_types_133, nss_builtins_items_133, {NULL} }, + { 12, nss_builtins_types_133, nss_builtins_items_133, {NULL} }, { 11, nss_builtins_types_134, nss_builtins_items_134, {NULL} }, - { 10, nss_builtins_types_135, nss_builtins_items_135, {NULL} } + { 12, nss_builtins_types_135, nss_builtins_items_135, {NULL} } }; PR_IMPLEMENT_DATA(const PRUint32) #ifdef DEBUG diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index e69eafbf2..d45fb2d92 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -7204,6 +7204,20 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \347\172\334\261\037\156\006\037\164\154\131\026\047\303\113\300 END +CKA_ISSUER MULTILINE_OCTAL +\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124 +\151\155\145\040\127\141\162\156\145\162\040\111\156\143\056\061 +\034\060\032\006\003\125\004\013\023\023\101\155\145\162\151\143 +\141\040\117\156\154\151\156\145\040\111\156\143\056\061\067\060 +\065\006\003\125\004\003\023\056\101\117\114\040\124\151\155\145 +\040\127\141\162\156\145\162\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\001 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -7354,6 +7368,20 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \001\132\231\303\326\117\251\113\074\073\261\243\253\047\114\277 END +CKA_ISSUER MULTILINE_OCTAL +\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124 +\151\155\145\040\127\141\162\156\145\162\040\111\156\143\056\061 +\034\060\032\006\003\125\004\013\023\023\101\155\145\162\151\143 +\141\040\117\156\154\151\156\145\040\111\156\143\056\061\067\060 +\065\006\003\125\004\003\023\056\101\117\114\040\124\151\155\145 +\040\127\141\162\156\145\162\040\122\157\157\164\040\103\145\162 +\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157 +\162\151\164\171\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\001 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -7492,6 +7520,18 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \201\065\271\373\373\022\312\030\151\066\353\256\151\170\241\361 END +CKA_ISSUER MULTILINE_OCTAL +\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 +\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 +\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 +\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 +\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\055 +\102\141\154\164\151\155\157\162\145\040\111\155\160\154\145\155 +\145\156\164\141\164\151\157\156 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\074\265\075\106 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -7645,6 +7685,18 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \175\206\220\217\133\361\362\100\300\367\075\142\265\244\251\073 END +CKA_ISSUER MULTILINE_OCTAL +\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124 +\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 +\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 +\103\101\163\061\063\060\061\006\003\125\004\003\023\052\142\145 +\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 +\055\040\105\156\164\162\165\163\164\040\111\155\160\154\145\155 +\145\156\164\141\164\151\157\156 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\074\265\117\100 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -7783,6 +7835,18 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \206\102\005\011\274\247\235\354\035\363\056\016\272\330\035\320 END +CKA_ISSUER MULTILINE_OCTAL +\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124 +\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023 +\022\142\145\124\122\125\123\124\145\144\040\122\157\157\164\040 +\103\101\163\061\057\060\055\006\003\125\004\003\023\046\142\145 +\124\122\125\123\124\145\144\040\122\157\157\164\040\103\101\040 +\055\040\122\123\101\040\111\155\160\154\145\155\145\156\164\141 +\164\151\157\156 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\073\131\307\173\315\133\127\236\275\067\122\254\166\264\252\032 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -7883,6 +7947,15 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \167\015\031\261\041\375\000\102\234\076\014\245\335\013\002\216 END +CKA_ISSUER MULTILINE_OCTAL +\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101 +\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060 +\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165 +\162\151\164\171\040\062\060\064\070\040\126\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\012\001\001\001\000\000\002\174\000\000\000\012\000\000\000\002 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -7966,6 +8039,15 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \072\345\120\260\071\276\307\106\066\063\241\376\202\076\215\224 END +CKA_ISSUER MULTILINE_OCTAL +\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101 +\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060 +\033\006\003\125\004\013\023\024\122\123\101\040\123\145\143\165 +\162\151\164\171\040\061\060\062\064\040\126\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\012\001\001\001\000\000\002\174\000\000\000\013\000\000\000\002 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -8067,6 +8149,16 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \367\165\253\051\373\121\116\267\167\136\377\005\074\231\216\365 END +CKA_ISSUER MULTILINE_OCTAL +\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165 +\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003 +\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141 +\154\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\064\126 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -8197,6 +8289,22 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \277\140\131\243\133\272\366\247\166\102\332\157\032\173\120\317 END +CKA_ISSUER MULTILINE_OCTAL +\060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 +\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 +\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 +\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 +\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 +\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 +\164\162\165\163\164\056\143\157\155\061\053\060\051\006\003\125 +\004\003\023\042\125\124\116\055\125\123\105\122\106\151\162\163 +\164\055\116\145\164\167\157\162\153\040\101\160\160\154\151\143 +\141\164\151\157\156\163 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\104\276\014\213\120\000\044\264\021\323\066\060\113\300\063\167 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -8307,6 +8415,18 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \024\361\010\255\235\372\144\342\211\347\034\317\250\255\175\136 END +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143 +\141\040\117\156\154\151\156\145\040\111\156\143\056\061\066\060 +\064\006\003\125\004\003\023\055\101\155\145\162\151\143\141\040 +\117\156\154\151\156\145\040\122\157\157\164\040\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 +\151\164\171\040\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\001 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -8449,6 +8569,18 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \326\355\074\312\342\146\017\257\020\103\015\167\233\004\011\277 END +CKA_ISSUER MULTILINE_OCTAL +\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143 +\141\040\117\156\154\151\156\145\040\111\156\143\056\061\066\060 +\064\006\003\125\004\003\023\055\101\155\145\162\151\143\141\040 +\117\156\154\151\156\145\040\122\157\157\164\040\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 +\151\164\171\040\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\001 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR @@ -8559,6 +8691,18 @@ END CKA_CERT_MD5_HASH MULTILINE_OCTAL \374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002 END +CKA_ISSUER MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 +\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 +\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 +\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 +\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 +\103\157\155\155\145\162\143\145\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\023\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142 +END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR diff --git a/security/nss/lib/ckfw/builtins/constants.c b/security/nss/lib/ckfw/builtins/constants.c index 727930f2d..d58fbbbc9 100644 --- a/security/nss/lib/ckfw/builtins/constants.c +++ b/security/nss/lib/ckfw/builtins/constants.c @@ -59,7 +59,7 @@ NSS_IMPLEMENT_DATA const NSSUTF8 * nss_builtins_LibraryDescription = (NSSUTF8 *) "NSS Builtin Object Cryptoki Module"; NSS_IMPLEMENT_DATA const CK_VERSION -nss_builtins_LibraryVersion = { 1, 1 }; +nss_builtins_LibraryVersion = { 1, 2 }; NSS_IMPLEMENT_DATA const NSSUTF8 * nss_builtins_SlotDescription = (NSSUTF8 *) ""; diff --git a/security/nss/lib/ckfw/instance.c b/security/nss/lib/ckfw/instance.c index 42b8b11ab..c2ced26fe 100644 --- a/security/nss/lib/ckfw/instance.c +++ b/security/nss/lib/ckfw/instance.c @@ -1092,7 +1092,7 @@ nssCKFWInstance_GetLibraryVersion fwInstance->mdInstance, fwInstance); } else { fwInstance->libraryVersion.major = 0; - fwInstance->libraryVersion.minor = 1; + fwInstance->libraryVersion.minor = 3; } rv = fwInstance->libraryVersion; diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index 26c4b58e4..19099df33 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -552,6 +552,7 @@ nssCryptokiTrust_GetAttributes ( nssCryptokiObject *trustObject, nssSession *sessionOpt, + NSSItem *sha1_hash, nssTrustLevel *serverAuth, nssTrustLevel *clientAuth, nssTrustLevel *codeSigning, @@ -564,7 +565,7 @@ nssCryptokiTrust_GetAttributes CK_BBOOL isToken; CK_TRUST saTrust, caTrust, epTrust, csTrust; CK_ATTRIBUTE_PTR attr; - CK_ATTRIBUTE trust_template[5]; + CK_ATTRIBUTE trust_template[6]; CK_ULONG trust_size; /* Use the trust object to find the trust settings */ @@ -574,6 +575,7 @@ nssCryptokiTrust_GetAttributes NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash); NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL, diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h index ef2853336..fc6e2091d 100644 --- a/security/nss/lib/dev/dev.h +++ b/security/nss/lib/dev/dev.h @@ -741,6 +741,7 @@ nssCryptokiTrust_GetAttributes ( nssCryptokiObject *trustObject, nssSession *sessionOpt, + NSSItem *sha1_hash, nssTrustLevel *serverAuth, nssTrustLevel *clientAuth, nssTrustLevel *codeSigning, diff --git a/security/nss/lib/dev/devobject.c b/security/nss/lib/dev/devobject.c new file mode 100644 index 000000000..7818cac93 --- /dev/null +++ b/security/nss/lib/dev/devobject.c @@ -0,0 +1,1139 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +#ifndef DEV_H +#include "dev.h" +#endif /* DEV_H */ + +#ifndef DEVM_H +#include "devm.h" +#endif /* DEVM_H */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#ifndef CKHELPER_H +#include "ckhelper.h" +#endif /* CKHELPER_H */ + +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* XXX */ +#ifndef PKI_H +#include "pki.h" +#endif /* PKI_H */ + +/* XXX */ +#ifndef NSSPKI_H +#include "nsspki.h" +#endif /* NSSPKI_H */ + +#ifdef NSS_3_4_CODE +#include "pkim.h" /* for cert decoding */ +#include "pk11func.h" /* for PK11_HasRootCerts */ +#include "pki3hack.h" /* for STAN_ForceCERTCertificateUpdate */ +#endif + +/* The number of object handles to grab during each call to C_FindObjects */ +#define OBJECT_STACK_SIZE 16 + +NSS_IMPLEMENT PRStatus +nssToken_DeleteStoredObject +( + nssCryptokiInstance *instance +) +{ + CK_RV ckrv; + PRStatus nssrv; + PRBool createdSession = PR_FALSE; + NSSToken *token = instance->token; + void *epv = token->epv; + nssSession *session = NULL; + if (nssCKObject_IsAttributeTrue(instance->handle, CKA_TOKEN, + token->defaultSession, + token->slot, &nssrv)) { + if (nssSession_IsReadWrite(token->defaultSession)) { + session = token->defaultSession; + } else { + session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } + if (session == NULL) { + return PR_FAILURE; + } + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle); + nssSession_ExitMonitor(session); + if (createdSession) { + nssSession_Destroy(session); + } + if (ckrv != CKR_OK) { + return PR_FAILURE; + } + return PR_SUCCESS; +} + +static CK_OBJECT_HANDLE +import_object +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize +) +{ + nssSession *session = NULL; + PRBool createdSession = PR_FALSE; + void *epv = tok->epv; + CK_OBJECT_HANDLE object; + CK_RV ckrv; + if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) { + if (sessionOpt) { + if (!nssSession_IsReadWrite(sessionOpt)) { + return CK_INVALID_HANDLE; + } else { + session = sessionOpt; + } + } else if (nssSession_IsReadWrite(tok->defaultSession)) { + session = tok->defaultSession; + } else { + session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } else { + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + } + if (session == NULL) { + return CK_INVALID_HANDLE; + } + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_CreateObject(session->handle, + objectTemplate, otsize, + &object); + nssSession_ExitMonitor(session); + if (createdSession) { + nssSession_Destroy(session); + } + if (ckrv != CKR_OK) { + return CK_INVALID_HANDLE; + } + return object; +} + +static CK_OBJECT_HANDLE +find_object_by_template +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR cktemplate, + CK_ULONG ctsize +) +{ + CK_SESSION_HANDLE hSession; + CK_OBJECT_HANDLE rvObject = CK_INVALID_HANDLE; + CK_ULONG count = 0; + CK_RV ckrv; + void *epv = tok->epv; + nssSession *session; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + hSession = session->handle; + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_FindObjectsInit(hSession, cktemplate, ctsize); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + return CK_INVALID_HANDLE; + } + ckrv = CKAPI(epv)->C_FindObjects(hSession, &rvObject, 1, &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + return CK_INVALID_HANDLE; + } + ckrv = CKAPI(epv)->C_FindObjectsFinal(hSession); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + return CK_INVALID_HANDLE; + } + return rvObject; +} + +static PRStatus +traverse_objects_by_template +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG otsize, + PRStatus (*callback)(NSSToken *t, nssSession *session, + CK_OBJECT_HANDLE h, void *arg), + void *arg +) +{ + NSSSlot *slot; + PRStatus cbrv; + PRUint32 i; + CK_RV ckrv; + CK_ULONG count; + CK_OBJECT_HANDLE *objectStack; + CK_OBJECT_HANDLE startOS[OBJECT_STACK_SIZE]; + CK_SESSION_HANDLE hSession; + NSSArena *objectArena = NULL; + nssSession *session; + nssList *objectList = NULL; + int objectStackSize = OBJECT_STACK_SIZE; + void *epv = tok->epv; + slot = tok->slot; + objectStack = startOS; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + hSession = session->handle; + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_FindObjectsInit(hSession, obj_template, otsize); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + while (PR_TRUE) { + ckrv = CKAPI(epv)->C_FindObjects(hSession, objectStack, + objectStackSize, &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + if (count == objectStackSize) { + if (!objectList) { + objectArena = NSSArena_Create(); + objectList = nssList_Create(objectArena, PR_FALSE); + } + nssList_Add(objectList, objectStack); + objectStackSize = objectStackSize * 2; + objectStack = nss_ZNEWARRAY(objectArena, CK_OBJECT_HANDLE, + objectStackSize); + if (objectStack == NULL) { + count =0; + break; + /* return what we can */ + } + } else { + break; + } + } + ckrv = CKAPI(epv)->C_FindObjectsFinal(hSession); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + goto loser; + } + if (objectList) { + nssListIterator *objects; + CK_OBJECT_HANDLE *localStack; + objects = nssList_CreateIterator(objectList); + objectStackSize = OBJECT_STACK_SIZE; + for (localStack = (CK_OBJECT_HANDLE *)nssListIterator_Start(objects); + localStack != NULL; + localStack = (CK_OBJECT_HANDLE *)nssListIterator_Next(objects)) { + for (i=0; i< objectStackSize; i++) { + cbrv = (*callback)(tok, session, localStack[i], arg); + } + objectStackSize = objectStackSize * 2; + } + nssListIterator_Finish(objects); + nssListIterator_Destroy(objects); + } + for (i=0; i<count; i++) { + cbrv = (*callback)(tok, session, objectStack[i], arg); + } + if (objectArena) + NSSArena_Destroy(objectArena); + return PR_SUCCESS; +loser: + if (objectArena) + NSSArena_Destroy(objectArena); + return PR_FAILURE; +} + +static nssCryptokiInstance * +create_cryptoki_instance +( + NSSArena *arena, + NSSToken *t, + CK_OBJECT_HANDLE h, + PRBool isTokenObject +) +{ + PRStatus nssrv; + nssCryptokiInstance *instance; + CK_ATTRIBUTE cert_template = { CKA_LABEL, NULL, 0 }; + nssrv = nssCKObject_GetAttributes(h, &cert_template, 1, + arena, t->defaultSession, t->slot); + if (nssrv != PR_SUCCESS) { + /* a failure here indicates a device error */ + return NULL; + } + instance = nss_ZNEW(arena, nssCryptokiInstance); + if (!instance) { + return NULL; + } + instance->handle = h; + instance->token = t; + instance->isTokenObject = isTokenObject; + NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template, instance->label); + return instance; +} + +#ifdef NSS_3_4_CODE +/* exposing this for the smart card cache code */ +NSS_IMPLEMENT nssCryptokiInstance * +nssCryptokiInstance_Create +( + NSSArena *arena, + NSSToken *t, + CK_OBJECT_HANDLE h, + PRBool isTokenObject +) +{ + return create_cryptoki_instance(arena, t, h, isTokenObject); +} +#endif + +static NSSCertificateType +nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) +{ + CK_CERTIFICATE_TYPE ckCertType; + if (!attrib->pValue) { + /* default to PKIX */ + return NSSCertificateType_PKIX; + } + ckCertType = *((CK_ULONG *)attrib->pValue); + switch (ckCertType) { + case CKC_X_509: + return NSSCertificateType_PKIX; + default: + break; + } + return NSSCertificateType_Unknown; +} + +/* Create a certificate from an object handle. */ +static NSSCertificate * +get_token_cert +( + NSSToken *token, + nssSession *sessionOpt, + CK_OBJECT_HANDLE handle +) +{ + NSSCertificate *rvCert; + NSSArena *arena; + nssSession *session; + PRStatus nssrv; + CK_ULONG template_size; + CK_ATTRIBUTE cert_template[] = { + { CKA_CERTIFICATE_TYPE, NULL, 0 }, + { CKA_ID, NULL, 0 }, + { CKA_VALUE, NULL, 0 }, + { CKA_ISSUER, NULL, 0 }, + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_SUBJECT, NULL, 0 }, + { CKA_NETSCAPE_EMAIL, NULL, 0 } + }; + template_size = sizeof(cert_template) / sizeof(cert_template[0]); + session = (sessionOpt) ? sessionOpt : token->defaultSession; + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + rvCert = nss_ZNEW(arena, NSSCertificate); + if (!rvCert) { + NSSArena_Destroy(arena); + return NULL; + } + nssrv = nssPKIObject_Initialize(&rvCert->object, arena, + token->trustDomain, NULL); + if (nssrv != PR_SUCCESS) { + goto loser; + } + nssrv = nssCKObject_GetAttributes(handle, + cert_template, template_size, + arena, session, token->slot); + if (nssrv != PR_SUCCESS) { + goto loser; + } + rvCert->type = nss_cert_type_from_ck_attrib(&cert_template[0]); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[1], &rvCert->id); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[2], &rvCert->encoding); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[3], &rvCert->issuer); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[4], &rvCert->serial); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[5], &rvCert->subject); + NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[6], rvCert->email); + /* XXX this would be better accomplished by dividing attributes to + * retrieve into "required" and "optional" + */ + if (rvCert->encoding.size == 0 || + rvCert->issuer.size == 0 || + rvCert->serial.size == 0 || + rvCert->subject.size == 0) + { + /* received a bum object from the token */ + goto loser; + } +#ifdef NSS_3_4_CODE + /* nss 3.4 database doesn't associate email address with cert */ + if (!rvCert->email) { + nssDecodedCert *dc; + NSSASCII7 *email; + dc = nssCertificate_GetDecoding(rvCert); + if (dc) { + email = dc->getEmailAddress(dc); + if (email) + rvCert->email = nssUTF8_Duplicate(email, arena); + } else { + goto loser; + } + } + /* nss 3.4 must deal with tokens that do not follow the PKCS#11 + * standard and return decoded serial numbers. The easiest way to + * work around this is just to grab the serial # from the full encoding + */ + if (PR_TRUE) { + nssDecodedCert *dc; + dc = nssCertificate_GetDecoding(rvCert); + if (dc) { + PRStatus sn_stat; + sn_stat = dc->getDERSerialNumber(dc, &rvCert->serial, arena); + if (sn_stat != PR_SUCCESS) { + goto loser; + } + } else { + goto loser; + } + } +#endif + return rvCert; +loser: + nssPKIObject_Destroy(&rvCert->object); + return (NSSCertificate *)NULL; +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportCertificate +( + NSSToken *tok, + nssSession *sessionOpt, + NSSCertificate *cert, + NSSUTF8 *nickname, + PRBool asTokenObject +) +{ + nssCryptokiInstance *instance; + CK_CERTIFICATE_TYPE cert_type = CKC_X_509; + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_tmpl[9]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); + if (asTokenObject) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE, cert_type); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, &cert->id); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, &cert->encoding); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &cert->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, &cert->subject); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, &cert->serial); + NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); + /* Import the certificate onto the token */ + handle = import_object(tok, sessionOpt, cert_tmpl, ctsize); + if (handle == CK_INVALID_HANDLE) { + return PR_FAILURE; + } + instance = create_cryptoki_instance(cert->object.arena, + tok, handle, asTokenObject); + if (!instance) { + /* XXX destroy object */ + return PR_FAILURE; + } + nssList_Add(cert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(cert->object.instances); + cert->object.instances = nssList_CreateIterator(cert->object.instanceList); + return PR_SUCCESS; +} + +static PRBool +compare_cert_by_encoding(void *a, void *b) +{ + NSSCertificate *c1 = (NSSCertificate *)a; + NSSCertificate *c2 = (NSSCertificate *)b; + return (nssItem_Equal(&c1->encoding, &c2->encoding, NULL)); +} + +static PRStatus +retrieve_cert(NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h, void *arg) +{ + PRStatus nssrv; + PRBool found, inCache; + nssTokenCertSearch *search = (nssTokenCertSearch *)arg; + NSSCertificate *cert = NULL; + nssListIterator *instances; + nssCryptokiInstance *ci; + CK_ATTRIBUTE derValue = { CKA_VALUE, NULL, 0 }; + inCache = PR_FALSE; + if (search->cached) { + NSSCertificate csi; /* a fake cert for indexing */ + nssrv = nssCKObject_GetAttributes(h, &derValue, 1, + NULL, session, t->slot); + NSS_CK_ATTRIBUTE_TO_ITEM(&derValue, &csi.encoding); + cert = (NSSCertificate *)nssList_Get(search->cached, &csi); + nss_ZFreeIf(csi.encoding.data); + } + found = PR_FALSE; + if (cert) { + inCache = PR_TRUE; + nssCertificate_AddRef(cert); + instances = cert->object.instances; + for (ci = (nssCryptokiInstance *)nssListIterator_Start(instances); + ci != (nssCryptokiInstance *)NULL; + ci = (nssCryptokiInstance *)nssListIterator_Next(instances)) + { + /* The builtins token will not return the same handle for objects + * during the lifetime of the token. Thus, assuming the found + * object is the same as the cached object if there is already an + * instance for the token. + */ + if (ci->token == t) { + found = PR_TRUE; + break; + } + } + nssListIterator_Finish(instances); + } else { + cert = get_token_cert(t, session, h); + if (!cert) return PR_FAILURE; + } + if (!found) { + PRBool isTokenObject; + /* XXX this is incorrect if the search is over both types */ + isTokenObject = (search->searchType == nssTokenSearchType_TokenOnly) ? + PR_TRUE : PR_FALSE; + ci = create_cryptoki_instance(cert->object.arena, t, h, isTokenObject); + if (!ci) { + NSSCertificate_Destroy(cert); + return PR_FAILURE; + } + nssList_Add(cert->object.instanceList, ci); + /* XXX Fix this! */ + nssListIterator_Destroy(cert->object.instances); + cert->object.instances = nssList_CreateIterator(cert->object.instanceList); + /* The cert was already discovered. If it was made into a + * CERTCertificate, we need to update it here, because we have found + * another instance of it. This new instance may cause the slot + * and nickname fields of the cert to change. + */ + if (cert->decoding && inCache) { + (void)STAN_ForceCERTCertificateUpdate(cert); + } + } + if (!inCache) { + nssrv = (*search->callback)(cert, search->cbarg); + } else { + nssrv = PR_SUCCESS; /* cached entries already handled */ + } +#ifdef NSS_3_4_CODE + CERT_DestroyCertificate(STAN_GetCERTCertificate(cert)); +#else + NSSCertificate_Destroy(cert); +#endif + + return nssrv; +} + +/* traverse all certificates - this should only happen if the token + * has been marked as "traversable" + */ +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificates +( + NSSToken *token, + nssSession *sessionOpt, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[2]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + nssrv = traverse_objects_by_template(token, sessionOpt, + cert_template, ctsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesBySubject +( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE subj_template[3]; + CK_ULONG stsize; + NSS_CK_TEMPLATE_START(subj_template, attr, stsize); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); + NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + subj_template, stsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesByNickname +( + NSSToken *token, + nssSession *sessionOpt, + NSSUTF8 *name, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE nick_template[3]; + CK_ULONG ntsize; + NSS_CK_TEMPLATE_START(nick_template, attr, ntsize); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + nick_template, ntsize, + retrieve_cert, search); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + * im - this is not needed by the current softoken. However, I'm + * leaving it in until I have surveyed more tokens to see if it needed. + * well, its needed by the builtin token... + */ + nick_template[0].ulValueLen++; + nssrv = traverse_objects_by_template(token, sessionOpt, + nick_template, ntsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesByEmail +( + NSSToken *token, + nssSession *sessionOpt, + NSSASCII7 *email, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE email_template[3]; + CK_ULONG etsize; + NSS_CK_TEMPLATE_START(email_template, attr, etsize); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + email_template, etsize, + retrieve_cert, search); + if (nssrv != PR_SUCCESS) { + return nssrv; + } +#if 0 + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + */ + email_tmpl[0].ulValueLen--; + nssrv = traverse_objects_by_template(token, sessionOpt, + email_tmpl, etsize, + retrieve_cert, search); +#endif + return nssrv; +} + +/* XXX these next two need to create instances as needed */ + +NSS_IMPLEMENT NSSCertificate * +nssToken_FindCertificateByIssuerAndSerialNumber +( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *issuer, + NSSDER *serial, + nssTokenSearchType searchType +) +{ + NSSCertificate *rvCert = NULL; + nssSession *session; + PRStatus nssrv; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[4]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + /* Set the unique id */ + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + /* get the object handle */ + object = find_object_by_template(token, sessionOpt, cert_template, ctsize); + if (object == CK_INVALID_HANDLE) { + return NULL; + } + session = (sessionOpt) ? sessionOpt : token->defaultSession; + rvCert = get_token_cert(token, sessionOpt, object); + if (rvCert) { + PRBool isTokenObject; + nssCryptokiInstance *instance; + isTokenObject = nssCKObject_IsAttributeTrue(object, CKA_TOKEN, + session, token->slot, + &nssrv); + instance = create_cryptoki_instance(rvCert->object.arena, + token, object, isTokenObject); + if (!instance) { + NSSCertificate_Destroy(rvCert); + return NULL; + } + nssList_Add(rvCert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(rvCert->object.instances); + rvCert->object.instances = nssList_CreateIterator(rvCert->object.instanceList); + } + return rvCert; +} + +NSS_IMPLEMENT NSSCertificate * +nssToken_FindCertificateByEncodedCertificate +( + NSSToken *token, + nssSession *sessionOpt, + NSSBER *encodedCertificate, + nssTokenSearchType searchType +) +{ + NSSCertificate *rvCert = NULL; + nssSession *session; + PRStatus nssrv; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[3]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + /* get the object handle */ + object = find_object_by_template(token, sessionOpt, cert_template, ctsize); + if (object == CK_INVALID_HANDLE) { + return NULL; + } + session = (sessionOpt) ? sessionOpt : token->defaultSession; + rvCert = get_token_cert(token, sessionOpt, object); + if (rvCert) { + PRBool isTokenObject; + nssCryptokiInstance *instance; + isTokenObject = nssCKObject_IsAttributeTrue(object, CKA_TOKEN, + session, token->slot, + &nssrv); + instance = create_cryptoki_instance(rvCert->object.arena, + token, object, isTokenObject); + if (!instance) { + NSSCertificate_Destroy(rvCert); + return NULL; + } + nssList_Add(rvCert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(rvCert->object.instances); + rvCert->object.instances = nssList_CreateIterator(rvCert->object.instanceList); + } + return rvCert; +} + +static void +sha1_hash(NSSItem *input, NSSItem *output) +{ + NSSAlgorithmAndParameters *ap; + NSSToken *token = STAN_GetDefaultCryptoToken(); + ap = NSSAlgorithmAndParameters_CreateSHA1Digest(NULL); + (void)nssToken_Digest(token, NULL, ap, input, output, NULL); +#ifdef NSS_3_4_CODE + PK11_FreeSlot(token->pk11slot); +#endif + nss_ZFreeIf(ap); +} + +static void +md5_hash(NSSItem *input, NSSItem *output) +{ + NSSAlgorithmAndParameters *ap; + NSSToken *token = STAN_GetDefaultCryptoToken(); + ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL); + (void)nssToken_Digest(token, NULL, ap, input, output, NULL); +#ifdef NSS_3_4_CODE + PK11_FreeSlot(token->pk11slot); +#endif + nss_ZFreeIf(ap); +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportTrust +( + NSSToken *tok, + nssSession *sessionOpt, + NSSTrust *trust, + PRBool asTokenObject +) +{ + CK_OBJECT_HANDLE handle; + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE trust_tmpl[10]; + CK_ULONG tsize; + PRUint8 sha1[20]; /* this is cheating... */ + PRUint8 md5[16]; + NSSItem sha1_result, md5_result; + NSSCertificate *c = trust->certificate; + sha1_result.data = sha1; sha1_result.size = sizeof sha1; + md5_result.data = md5; md5_result.size = sizeof md5; + sha1_hash(&c->encoding, &sha1_result); + md5_hash(&c->encoding, &md5_result); + NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize); + if (asTokenObject) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &c->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, &c->serial); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result); + /* now set the trust values */ + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, trust->serverAuth); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, trust->clientAuth); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, trust->codeSigning); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, + trust->emailProtection); + NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize); + /* import the trust object onto the token */ + handle = import_object(tok, NULL, trust_tmpl, tsize); + if (handle != CK_INVALID_HANDLE) { + nssCryptokiInstance *instance; + instance = create_cryptoki_instance(trust->object.arena, + tok, handle, asTokenObject); + if (!instance) { + return PR_FAILURE; + } + nssList_Add(trust->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(trust->object.instances); + trust->object.instances = nssList_CreateIterator(trust->object.instanceList); + tok->hasNoTrust = PR_FALSE; + return PR_SUCCESS; + } + return PR_FAILURE; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetTrustCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + CK_OBJECT_HANDLE obj; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + obj = find_object_by_template(token, session, + tobj_template, tobj_size); + token->hasNoTrust = PR_FALSE; + if (obj == CK_INVALID_HANDLE) { + token->hasNoTrust = PR_TRUE; + } + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetCrlCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_CRL; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + CK_OBJECT_HANDLE obj; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + obj = find_object_by_template(token, session, + tobj_template, tobj_size); + token->hasNoCrls = PR_TRUE; + if (obj == CK_INVALID_HANDLE) { + token->hasNoCrls = PR_TRUE; + } + return PR_SUCCESS; +} + +static CK_OBJECT_HANDLE +get_cert_trust_handle +( + NSSToken *token, + nssSession *session, + NSSCertificate *c, + nssTokenSearchType searchType +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[5]; + CK_ULONG tobj_size; + PRUint8 sha1[20]; /* this is cheating... */ + NSSItem sha1_result; + + if (token->hasNoTrust) { + return CK_INVALID_HANDLE; + } + sha1_result.data = sha1; sha1_result.size = sizeof sha1; + sha1_hash(&c->encoding, &sha1_result); + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); +#ifdef NSS_3_4_CODE + if (!PK11_HasRootCerts(token->pk11slot)) { +#endif + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &c->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , &c->serial); +#ifdef NSS_3_4_CODE + } + /* + * we need to arrange for the built-in token to lose the bottom 2 + * attributes so that old built-in tokens will continue to work. + */ +#endif + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + return find_object_by_template(token, session, + tobj_template, tobj_size); +} + +NSS_IMPLEMENT NSSTrust * +nssToken_FindTrustForCert +( + NSSToken *token, + nssSession *sessionOpt, + NSSCertificate *c, + nssTokenSearchType searchType +) +{ + PRStatus nssrv; + NSSTrust *rvTrust; + nssSession *session; + NSSArena *arena; + nssCryptokiInstance *instance; + PRBool isTokenObject; + CK_BBOOL isToken; + CK_TRUST saTrust, caTrust, epTrust, csTrust; + CK_OBJECT_HANDLE tobjID; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE trust_template[5]; + CK_ULONG trust_size; + session = (sessionOpt) ? sessionOpt : token->defaultSession; + tobjID = get_cert_trust_handle(token, session, c, searchType); + if (tobjID == CK_INVALID_HANDLE) { + return NULL; + } + /* Then use the trust object to find the trust settings */ + NSS_CK_TEMPLATE_START(trust_template, attr, trust_size); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); + NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); + nssrv = nssCKObject_GetAttributes(tobjID, + trust_template, trust_size, + NULL, session, token->slot); + if (nssrv != PR_SUCCESS) { + return NULL; + } + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + rvTrust = nss_ZNEW(arena, NSSTrust); + if (!rvTrust) { + nssArena_Destroy(arena); + return NULL; + } + nssrv = nssPKIObject_Initialize(&rvTrust->object, arena, + token->trustDomain, NULL); + if (nssrv != PR_SUCCESS) { + goto loser; + } + isTokenObject = (isToken == CK_TRUE) ? PR_TRUE : PR_FALSE; + instance = create_cryptoki_instance(arena, token, tobjID, isTokenObject); + if (!instance) { + goto loser; + } + rvTrust->serverAuth = saTrust; + rvTrust->clientAuth = caTrust; + rvTrust->emailProtection = epTrust; + rvTrust->codeSigning = csTrust; + return rvTrust; +loser: + nssPKIObject_Destroy(&rvTrust->object); + return (NSSTrust *)NULL; +} + +NSS_IMPLEMENT PRBool +nssToken_HasCrls +( + NSSToken *tok +) +{ + return !tok->hasNoCrls; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetHasCrls +( + NSSToken *tok +) +{ + tok->hasNoCrls = PR_FALSE; + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRBool +nssToken_IsPresent +( + NSSToken *token +) +{ + return nssSlot_IsTokenPresent(token->slot); +} + diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 54d122cc1..2fc5f7c39 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -2115,6 +2115,11 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, pwarg); if (cert) { + if ((cert->trust == NULL) || + ((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) { + CERT_DestroyCertificate(cert); + continue; + } ri->slot = PK11_ReferenceSlot(slot); *rlIndex = i; return cert; @@ -2182,6 +2187,11 @@ pk11_FindCertObjectByRecipient(PK11SlotInfo *slot, cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN, pwarg); if (cert) { + if ((cert->trust == NULL) || + ((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) { + CERT_DestroyCertificate(cert); + continue; + } *rip = ri; return cert; } diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index c4ef4fb3f..4761948f1 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -53,6 +53,8 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #ifdef NSS_3_4_CODE #include "pki3hack.h" +#include "pk11func.h" +#include "hasht.h" #endif #ifndef BASE_H @@ -950,15 +952,20 @@ nssCertificateList_AddReferences NSS_IMPLEMENT NSSTrust * nssTrust_Create ( - nssPKIObject *object + nssPKIObject *object, + NSSItem *certData ) { PRStatus status; PRUint32 i; PRUint32 lastTrustOrder, myTrustOrder; + unsigned char sha1_hashcmp[SHA1_LENGTH]; + unsigned char sha1_hashin[SHA1_LENGTH]; + NSSItem sha1_hash; NSSTrust *rvt; nssCryptokiObject *instance; nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection; + SECStatus rv; /* Should be stan flavor */ lastTrustOrder = 1<<16; /* just make it big */ PR_ASSERT(object->instances != NULL && object->numInstances > 0); rvt = nss_ZNEW(object->arena, NSSTrust); @@ -966,12 +973,21 @@ nssTrust_Create return (NSSTrust *)NULL; } rvt->object = *object; + + /* should be stan flavor of Hashbuf */ + rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size); + if (rv != SECSuccess) { + return (NSSTrust *)NULL; + } + sha1_hash.data = sha1_hashin; + sha1_hash.size = sizeof (sha1_hashin); /* trust has to peek into the base object members */ PZ_Lock(object->lock); for (i=0; i<object->numInstances; i++) { instance = object->instances[i]; myTrustOrder = nssToken_GetTrustOrder(instance->token); status = nssCryptokiTrust_GetAttributes(instance, NULL, + &sha1_hash, &serverAuth, &clientAuth, &codeSigning, @@ -980,6 +996,10 @@ nssTrust_Create PZ_Unlock(object->lock); return (NSSTrust *)NULL; } + if (PORT_Memcmp(sha1_hashin,sha1_hashcmp,SHA1_LENGTH) != 0) { + PZ_Unlock(object->lock); + return (NSSTrust *)NULL; + } if (rvt->serverAuth == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { diff --git a/security/nss/lib/pki/pkim.h b/security/nss/lib/pki/pkim.h index 170a4d938..c1fe3e146 100644 --- a/security/nss/lib/pki/pkim.h +++ b/security/nss/lib/pki/pkim.h @@ -247,7 +247,8 @@ nssDecodedCert_Destroy NSS_EXTERN NSSTrust * nssTrust_Create ( - nssPKIObject *object + nssPKIObject *object, + NSSCertificate *nssCert ); NSS_EXTERN NSSCRL * diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index c5e3dc337..15542c568 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -1261,7 +1261,7 @@ nssTrustDomain_FindTrustForCertificate } } if (pkio) { - rvt = nssTrust_Create(pkio); + rvt = nssTrust_Create(pkio, &c->encoding); if (!rvt) { goto loser; } diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 7088fa416..4ef1183a6 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -969,7 +969,6 @@ static PK11Attribute * pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) { certDBEntryRevocation *crl; - char *url; switch (type) { case CKA_PRIVATE: @@ -987,7 +986,7 @@ pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) crl = pk11_getCrl(object); switch (type) { case CKA_NETSCAPE_URL: - if (url == NULL) { + if (crl->url == NULL) { return (PK11Attribute *) &pk11_StaticNullAttr; } return pk11_NewTokenAttribute(type, crl->url, diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index 32c47ed89..a2673b20a 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -38,6 +38,7 @@ #include "secerr.h" #include "secasn1.h" /* for SEC_ASN1GetSubtemplate */ +#include "secitem.h" /* * simple definite-length ASN.1 decoder @@ -886,7 +887,17 @@ SECStatus SEC_QuickDERDecodeItem(PRArenaPool* arena, void* dest, rv = SECFailure; } + /* temporarily copy the item until bug a new patch for 160805 is made */ + if (SECSuccess != SECITEM_CopyItem(arena, &newsrc, src)) + { + rv = SECFailure; + } +#if 0 + /* + we don't really want to copy the item. + */ newsrc = *src; +#endif if (SECSuccess == rv) { |