diff options
| author | cvs2hg <devnull@localhost> | 2004-07-27 23:53:11 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2004-07-27 23:53:11 +0000 |
| commit | ea47943a041a41133abefac11da9718538b4a1b6 (patch) | |
| tree | 2d9ea1d0477cdff3369aa056359391a8b1f46b2f | |
| parent | 91adfb9f606fd68c83f36ee109cf2375f9910222 (diff) | |
| download | nss-hg-XULRUNNER_20040804_BASE.tar.gz | |
fixup commit for branch 'XULRUNNER_20040804_BRANCH'XULRUNNER_20040804_BASEMOZILLA_1_8a3_RELEASE
102 files changed, 1670 insertions, 4700 deletions
diff --git a/dbm/include/mcom_db.h b/dbm/include/mcom_db.h index 97e74260e..dcae849f2 100644 --- a/dbm/include/mcom_db.h +++ b/dbm/include/mcom_db.h @@ -190,7 +190,7 @@ #define LITTLE_ENDIAN 1234 #endif -#if defined(_WINDOWS) +#if defined(_WINDOWS) || defined(XP_OS2_VACPP) #ifdef BYTE_ORDER #undef BYTE_ORDER #endif @@ -222,6 +222,14 @@ #define MAXPATHLEN 1024 #endif +#ifdef XP_OS2_VACPP +#include <os2.h> +#define MAXPATHLEN CCHMAXPATH +#define EPERM EINVAL +#define ENOTDIR EBADPOS +#define S_ISDIR(s) ((s) & S_IFDIR) +#endif + #define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ #ifndef STDERR_FILENO diff --git a/security/coreconf/AIX.mk b/security/coreconf/AIX.mk index ff0a36f2b..9b8f4c82f 100644 --- a/security/coreconf/AIX.mk +++ b/security/coreconf/AIX.mk @@ -65,16 +65,30 @@ CPU_ARCH = rs6000 RANLIB = ranlib OS_CFLAGS = -DAIX -DSYSV +OS_LIBS += -blibpath:/usr/lib:/lib -lc -lm + +DSO_LDOPTS = -brtl -bnortllib -bM:SRE -bnoentry +MKSHLIB = $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm AIX_WRAP = $(DIST)/lib/aixwrap.o AIX_TMP = $(OBJDIR)/_aix_tmp.o + ifdef MAPFILE -EXPORT_RULES = -bexport:$(MAPFILE) +DSO_LDOPTS += -bexport:$(MAPFILE) +else +DSO_LDOPTS += -bexpall endif + PROCESS_MAP_FILE = grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' > $@ ifdef BUILD_OPT - OPTIMIZER += -qmaxmem=-1 + OPTIMIZER += -qmaxmem=-1 +endif + +ifeq ($(USE_64), 1) + OS_CFLAGS += -DAIX_64BIT + OBJECT_MODE=64 + export OBJECT_MODE endif diff --git a/security/coreconf/AIX3.2.mk b/security/coreconf/AIX3.2.mk deleted file mode 100644 index c93a00eef..000000000 --- a/security/coreconf/AIX3.2.mk +++ /dev/null @@ -1,35 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX3.2.5 -# -include $(CORE_DEPTH)/coreconf/AIX.mk diff --git a/security/coreconf/AIX4.1.mk b/security/coreconf/AIX4.1.mk deleted file mode 100644 index 115ee8dc8..000000000 --- a/security/coreconf/AIX4.1.mk +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX4.1 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -AIX_LINK_OPTS += -bnso -berok -#AIX_LINK_OPTS += -bnso -berok -brename:.select,.wrap_select -brename:.poll,.wrap_poll -bI:/usr/lib/syscalls.exp - -# The AIX4.1 linker had a bug which always looked for a dynamic library -# with an extension of .a. AIX4.2 fixed this problem -DLL_SUFFIX = a - -OS_LIBS += -lsvld - -# override default value set in suffix.mk, for AIX 4.1 only -DYNAMIC_LIB_EXTENSION = _shr - -# override default value in ruleset.mk -ifdef LIBRARY_NAME - SHARED_LIBRARY = $(OBJDIR)/lib$(LIBRARY_NAME)$(LIBRARY_VERSION)_shr$(JDK_DEBUG_SUFFIX).a -endif - diff --git a/security/coreconf/AIX4.2.mk b/security/coreconf/AIX4.2.mk deleted file mode 100644 index 6975116b4..000000000 --- a/security/coreconf/AIX4.2.mk +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. - -# -# Config stuff for AIX4.2 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - -OS_CFLAGS += -DAIX4_2 -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -MKSHLIB = $(LD) $(DSO_LDOPTS) -L/usr/lpp/xlC/lib -lc -lm - -OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm -ifdef MAPFILE -DSO_LDOPTS += -bexport:$(MAPFILE) -else -DSO_LDOPTS += -bexpall -endif - - diff --git a/security/coreconf/AIX4.3.mk b/security/coreconf/AIX4.3.mk deleted file mode 100644 index c3788c15d..000000000 --- a/security/coreconf/AIX4.3.mk +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX4.3 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -ifeq ($(USE_64), 1) -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - OS_CFLAGS += -DAIX_64BIT - OBJECT_MODE=64 - export OBJECT_MODE -endif -OS_CFLAGS += -DAIX4_3 -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -MKSHLIB = $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm - -OS_LIBS += -blibpath:/usr/lib:/lib -lc -lm -ifdef MAPFILE -DSO_LDOPTS += -bexport:$(MAPFILE) -else -DSO_LDOPTS += -bexpall -endif diff --git a/security/coreconf/AIX5.1.mk b/security/coreconf/AIX5.1.mk deleted file mode 100644 index 1d88c32e5..000000000 --- a/security/coreconf/AIX5.1.mk +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX5.1 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -ifeq ($(USE_64), 1) -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - OS_CFLAGS += -DAIX_64BIT - OBJECT_MODE=64 - export OBJECT_MODE -endif -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -MKSHLIB = $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm - -OS_LIBS += -blibpath:/usr/lib:/lib -lc -lm -ifdef MAPFILE -DSO_LDOPTS += -bexport:$(MAPFILE) -else -DSO_LDOPTS += -bexpall -endif diff --git a/security/coreconf/AIX5.2.mk b/security/coreconf/AIX5.2.mk deleted file mode 100644 index 319569c52..000000000 --- a/security/coreconf/AIX5.2.mk +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX5.2 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -ifeq ($(USE_64), 1) -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - OS_CFLAGS += -DAIX_64BIT - OBJECT_MODE=64 - export OBJECT_MODE -endif -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -MKSHLIB = $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm - -OS_LIBS += -blibpath:/usr/lib:/lib -lc -lm -ifdef MAPFILE -DSO_LDOPTS += -bexport:$(MAPFILE) -else -DSO_LDOPTS += -bexpall -endif diff --git a/security/coreconf/Linux.mk b/security/coreconf/Linux.mk index 13f2f7715..6aab35b12 100644 --- a/security/coreconf/Linux.mk +++ b/security/coreconf/Linux.mk @@ -66,6 +66,10 @@ ifeq ($(OS_TEST),ia64) OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE CPU_ARCH = ia64 else +ifeq ($(OS_TEST),x86_64) + OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE + CPU_ARCH = x86_64 +else ifeq ($(OS_TEST),sparc) OS_REL_CFLAGS = -DLINUX1_2 -D_XOPEN_SOURCE CPU_ARCH = sparc @@ -112,6 +116,7 @@ endif endif endif endif +endif LIBC_TAG = _glibc diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk index 1bb3962f4..884915875 100644 --- a/security/coreconf/config.mk +++ b/security/coreconf/config.mk @@ -59,7 +59,7 @@ endif ####################################################################### TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \ - OpenVMS + OpenVMS AIX ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET))) include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk diff --git a/security/coreconf/nsinstall/Makefile b/security/coreconf/nsinstall/Makefile index 1bb7d728f..f8eb829de 100644 --- a/security/coreconf/nsinstall/Makefile +++ b/security/coreconf/nsinstall/Makefile @@ -52,6 +52,7 @@ ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET))) PROGRAM = else TARGETS = $(PROGRAM) $(PLSRCS:.pl=) +INSTALL = true endif ifdef NATIVE_CC diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk index ff380d472..1fc34a259 100644 --- a/security/coreconf/rules.mk +++ b/security/coreconf/rules.mk @@ -301,7 +301,7 @@ get_objs: $(LIBRARY): $(OBJS) @$(MAKE_OBJDIR) rm -f $@ -ifeq (,$(filter-out WIN%,$(OS_TARGET))) +ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) $(AR) $(subst /,\\,$(OBJS)) else $(AR) $(OBJS) diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index 34cd6d899..000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index 753364931..000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index ba4dd8ddf..000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 886fedd98..000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn deleted file mode 100644 index 11f4f4237..000000000 --- a/security/dbm/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = .. - -MODULE = dbm - -IMPORTS = nspr20/v4.1.2 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 8fce98394..000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index 370fd75d6..000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,63 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index 001a48c5c..000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> - -#include <dirent.h> -#include <errno.h> - -/*#ifndef __EMX__ -#include <libx.h> -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include <os2.h> - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell looses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in <ffbuf> */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac8..000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include <sys/param.h> -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include <stdio.h> -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include <param.h> -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 80f2abfd0..000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - nsres.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index fe132e19c..000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/cmd/certcgi/HOWTO.txt b/security/nss/cmd/certcgi/HOWTO.txt index f02ad32fd..6a6ae03c7 100644 --- a/security/nss/cmd/certcgi/HOWTO.txt +++ b/security/nss/cmd/certcgi/HOWTO.txt @@ -78,7 +78,7 @@ Instructions: - In some web page (e.g. your server's home page), provide an html link to $DOCROOT/certomatic/index.html. This is where users start to get their own certs from certomatic. -- give these files and directories appropriate permissions. +- Give these files and directories appropriate permissions. - Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin make sure that $CGIBIN/certomatic is writable by "nobody" @@ -87,7 +87,7 @@ Instructions: certutil -N -d $CGIBIN/certomatic -- when certutil prompts you for the password, enter the word foo +- When certutil prompts you for the password, enter the word foo because that is compiled into the certcgi program. - Create the new Root CA cert with this command @@ -99,7 +99,7 @@ Instructions: (adjust the -g, -m and -v parameters to taste. -s and -x must be as shown.) -- dump out the new root CA cert in base64 encoding: +- Dump out the new root CA cert in base64 encoding: certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \ $CGIBIN/certomatic/root.cacert @@ -156,7 +156,7 @@ Known bugs: they didn't all have to be called "Cert-O-Matic II", but that string is presently hard coded into certcgi.c. -2. the html files in this directory contain numerous extraneous <FORM> tags +2. The html files in this directory contain numerous extraneous <FORM> tags which appear to use the post method and have action URLS that are never actually used. burp.cgi and echoform.cgi are never actually used. This should be cleaned up. diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index e52f82a38..2fae170e1 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -2952,6 +2952,7 @@ secuCommandFlag certutil_options[] = } } + /* -A -E or -S Add the cert to the DB */ if (certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_AddCert].activated || certutil.commands[cmd_AddEmailCert].activated) { diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index d41dadde7..89d6676b8 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -144,6 +144,7 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele if (acrl) { SEC_DeletePermCRL(acrl); + SEC_DestroyCrl(acrl); } } crlNode = crlNode->next; @@ -177,6 +178,7 @@ static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type) return SECFailure; } rv = SEC_DeletePermCRL (crl); + SEC_DestroyCrl(crl); if (rv != SECSuccess) { SECU_PrintError (progName, "fail to delete the issuer %s's CRL from the perm database (reason: %s)", diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index c21e8f56e..cb6942b30 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -632,10 +632,10 @@ SECStatus SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) { SECStatus rv; - char *asc, *body, *trailer; if (ascii) { /* First convert ascii to binary */ SECItem filedata; + char *asc, *body; /* Read in ascii data */ rv = SECU_FileToItem(&filedata, inFile); @@ -647,8 +647,13 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) /* check for headers and trailers and remove them */ if ((body = strstr(asc, "-----BEGIN")) != NULL) { - body = PORT_Strchr(body, '\n') + 1; - trailer = strstr(body, "-----END"); + char *trailer = NULL; + asc = body; + body = PORT_Strchr(body, '\n'); + if (!body) + body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ + if (body) + trailer = strstr(++body, "-----END"); if (trailer != NULL) { *trailer = '\0'; } else { @@ -1505,7 +1510,7 @@ secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level) policyQualifiers = policyInfo->policyQualifiers; SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level); - while (*policyQualifiers != NULL) { + while (policyQualifiers != NULL && *policyQualifiers != NULL) { secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1); policyQualifiers++; } diff --git a/security/nss/cmd/pk11util/Makefile b/security/nss/cmd/pk11util/Makefile deleted file mode 100644 index 8650a607d..000000000 --- a/security/nss/cmd/pk11util/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/pk11util/manifest.mn b/security/nss/cmd/pk11util/manifest.mn deleted file mode 100644 index c2e6fa8b9..000000000 --- a/security/nss/cmd/pk11util/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = pk11util.c pk11table.c -#CSRCS = symkeytest.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd - -PROGRAM = pk11util -#PROGRAM = symkeytest - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/pk11util/pk11table.c b/security/nss/cmd/pk11util/pk11table.c deleted file mode 100644 index a77ab2c32..000000000 --- a/security/nss/cmd/pk11util/pk11table.c +++ /dev/null @@ -1,818 +0,0 @@ -#include <pkcs11.h> -#include "pk11util.h" - -const char *_valueString[] = { - "None", - "Variable", - "CK_ULONG", - "Data", - "UTF8", - "CK_INFO", - "CK_SLOT_INFO", - "CK_TOKEN_INFO", - "CK_SESSION_INFO", - "CK_ATTRIBUTE", - "CK_MECHANISM", - "CK_MECHANISM_INFO", - "CK_C_INITIALIZE_ARGS", - "CK_FUNCTION_LIST" -}; - -const char **valueString = &_valueString[0]; -const int valueCount = sizeof(_valueString)/sizeof(_valueString[0]); - -const char *_constTypeString[] = { - "None", - "Bool", - "InfoFlags", - "SlotFlags", - "TokenFlags", - "SessionFlags", - "MechanismFlags", - "InitializeFlags", - "Users", - "SessionState", - "Object", - "Hardware", - "KeyType", - "CertificateType", - "Attribute", - "Mechanism", - "Result", - "Trust" -}; - -const char **constTypeString = &_constTypeString[0]; -const int constTypeCount = sizeof(_constTypeString)/sizeof(_constTypeString[0]); - -#define mkEntry(x,t) { #x, x, Const##t, ConstNone } -#define mkEntry2(x,t,t2) { #x, x, Const##t, Const##t2 } - -const Constant _consts[] = { - mkEntry(CK_FALSE, Bool), - mkEntry(CK_TRUE, Bool), - - mkEntry(CKF_TOKEN_PRESENT, SlotFlags), - mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags), - mkEntry(CKF_HW_SLOT, SlotFlags), - - mkEntry(CKF_RNG, TokenFlags), - mkEntry(CKF_WRITE_PROTECTED, TokenFlags), - mkEntry(CKF_LOGIN_REQUIRED, TokenFlags), - mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags), - mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags), - mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags), - mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags), - mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags), - mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags), - mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags), - mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags), - mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags), - mkEntry(CKF_USER_PIN_LOCKED, TokenFlags), - mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags), - mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags), - mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags), - mkEntry(CKF_SO_PIN_LOCKED, TokenFlags), - mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags), - - mkEntry(CKF_RW_SESSION, SessionFlags), - mkEntry(CKF_SERIAL_SESSION, SessionFlags), - - mkEntry(CKF_HW, MechanismFlags), - mkEntry(CKF_ENCRYPT, MechanismFlags), - mkEntry(CKF_DECRYPT, MechanismFlags), - mkEntry(CKF_DIGEST, MechanismFlags), - mkEntry(CKF_SIGN, MechanismFlags), - mkEntry(CKF_SIGN_RECOVER, MechanismFlags), - mkEntry(CKF_VERIFY, MechanismFlags), - mkEntry(CKF_VERIFY_RECOVER, MechanismFlags), - mkEntry(CKF_GENERATE, MechanismFlags), - mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags), - mkEntry(CKF_WRAP, MechanismFlags), - mkEntry(CKF_UNWRAP, MechanismFlags), - mkEntry(CKF_DERIVE, MechanismFlags), - mkEntry(CKF_EC_FP, MechanismFlags), - mkEntry(CKF_EC_F_2M, MechanismFlags), - mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags), - mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags), - mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags), - mkEntry(CKF_EC_COMPRESS, MechanismFlags), - - mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags), - mkEntry(CKF_OS_LOCKING_OK, InitializeFlags), - - mkEntry(CKU_SO, Users), - mkEntry(CKU_USER, Users), - - mkEntry(CKS_RO_PUBLIC_SESSION, SessionState), - mkEntry(CKS_RO_USER_FUNCTIONS, SessionState), - mkEntry(CKS_RW_PUBLIC_SESSION, SessionState), - mkEntry(CKS_RW_USER_FUNCTIONS, SessionState), - mkEntry(CKS_RW_SO_FUNCTIONS, SessionState), - - mkEntry(CKO_DATA, Object), - mkEntry(CKO_CERTIFICATE, Object), - mkEntry(CKO_PUBLIC_KEY, Object), - mkEntry(CKO_PRIVATE_KEY, Object), - mkEntry(CKO_SECRET_KEY, Object), - mkEntry(CKO_HW_FEATURE, Object), - mkEntry(CKO_DOMAIN_PARAMETERS, Object), - mkEntry(CKO_KG_PARAMETERS, Object), - mkEntry(CKO_NETSCAPE_CRL, Object), - mkEntry(CKO_NETSCAPE_SMIME, Object), - mkEntry(CKO_NETSCAPE_TRUST, Object), - mkEntry(CKO_NETSCAPE_BUILTIN_ROOT_LIST, Object), - - mkEntry(CKH_MONOTONIC_COUNTER, Hardware), - mkEntry(CKH_CLOCK, Hardware), - - mkEntry(CKK_RSA, KeyType), - mkEntry(CKK_DSA, KeyType), - mkEntry(CKK_DH, KeyType), - mkEntry(CKK_ECDSA, KeyType), - mkEntry(CKK_EC, KeyType), - mkEntry(CKK_X9_42_DH, KeyType), - mkEntry(CKK_KEA, KeyType), - mkEntry(CKK_GENERIC_SECRET, KeyType), - mkEntry(CKK_RC2, KeyType), - mkEntry(CKK_RC4, KeyType), - mkEntry(CKK_DES, KeyType), - mkEntry(CKK_DES2, KeyType), - mkEntry(CKK_DES3, KeyType), - mkEntry(CKK_CAST, KeyType), - mkEntry(CKK_CAST3, KeyType), - mkEntry(CKK_CAST5, KeyType), - mkEntry(CKK_CAST128, KeyType), - mkEntry(CKK_RC5, KeyType), - mkEntry(CKK_IDEA, KeyType), - mkEntry(CKK_SKIPJACK, KeyType), - mkEntry(CKK_BATON, KeyType), - mkEntry(CKK_JUNIPER, KeyType), - mkEntry(CKK_CDMF, KeyType), - mkEntry(CKK_AES, KeyType), - mkEntry(CKK_NETSCAPE_PKCS8, KeyType), - - mkEntry(CKC_X_509, CertType), - mkEntry(CKC_X_509_ATTR_CERT, CertType), - - mkEntry2(CKA_CLASS, Attribute, Object), - mkEntry2(CKA_TOKEN, Attribute, Bool), - mkEntry2(CKA_PRIVATE, Attribute, Bool), - mkEntry2(CKA_LABEL, Attribute, None), - mkEntry2(CKA_APPLICATION, Attribute, None), - mkEntry2(CKA_VALUE, Attribute, None), - mkEntry2(CKA_OBJECT_ID, Attribute, None), - mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType), - mkEntry2(CKA_ISSUER, Attribute, None), - mkEntry2(CKA_SERIAL_NUMBER, Attribute, None), - mkEntry2(CKA_AC_ISSUER, Attribute, None), - mkEntry2(CKA_OWNER, Attribute, None), - mkEntry2(CKA_ATTR_TYPES, Attribute, None), - mkEntry2(CKA_TRUSTED, Attribute, Bool), - mkEntry2(CKA_KEY_TYPE, Attribute, KeyType), - mkEntry2(CKA_SUBJECT, Attribute, None), - mkEntry2(CKA_ID, Attribute, None), - mkEntry2(CKA_SENSITIVE, Attribute, Bool), - mkEntry2(CKA_ENCRYPT, Attribute, Bool), - mkEntry2(CKA_DECRYPT, Attribute, Bool), - mkEntry2(CKA_WRAP, Attribute, Bool), - mkEntry2(CKA_UNWRAP, Attribute, Bool), - mkEntry2(CKA_SIGN, Attribute, Bool), - mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool), - mkEntry2(CKA_VERIFY, Attribute, Bool), - mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool), - mkEntry2(CKA_DERIVE, Attribute, Bool), - mkEntry2(CKA_START_DATE, Attribute, None), - mkEntry2(CKA_END_DATE, Attribute, None), - mkEntry2(CKA_MODULUS, Attribute, None), - mkEntry2(CKA_MODULUS_BITS, Attribute, None), - mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None), - mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None), - mkEntry2(CKA_PRIME_1, Attribute, None), - mkEntry2(CKA_PRIME_2, Attribute, None), - mkEntry2(CKA_EXPONENT_1, Attribute, None), - mkEntry2(CKA_EXPONENT_2, Attribute, None), - mkEntry2(CKA_COEFFICIENT, Attribute, None), - mkEntry2(CKA_PRIME, Attribute, None), - mkEntry2(CKA_SUBPRIME, Attribute, None), - mkEntry2(CKA_BASE, Attribute, None), - mkEntry2(CKA_PRIME_BITS, Attribute, None), - mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None), - mkEntry2(CKA_VALUE_BITS, Attribute, None), - mkEntry2(CKA_VALUE_LEN, Attribute, None), - mkEntry2(CKA_EXTRACTABLE, Attribute, Bool), - mkEntry2(CKA_LOCAL, Attribute, Bool), - mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool), - mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool), - mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism), - mkEntry2(CKA_MODIFIABLE, Attribute, Bool), - mkEntry2(CKA_ECDSA_PARAMS, Attribute, None), - mkEntry2(CKA_EC_PARAMS, Attribute, None), - mkEntry2(CKA_EC_POINT, Attribute, None), - mkEntry2(CKA_SECONDARY_AUTH, Attribute, None), - mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None), - mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware), - mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool), - mkEntry2(CKA_HAS_RESET, Attribute, Bool), - mkEntry2(CKA_NETSCAPE_URL, Attribute, None), - mkEntry2(CKA_NETSCAPE_EMAIL, Attribute, None), - mkEntry2(CKA_NETSCAPE_SMIME_INFO, Attribute, None), - mkEntry2(CKA_NETSCAPE_SMIME_TIMESTAMP, Attribute, None), - mkEntry2(CKA_NETSCAPE_PKCS8_SALT, Attribute, None), - mkEntry2(CKA_NETSCAPE_PASSWORD_CHECK, Attribute, None), - mkEntry2(CKA_NETSCAPE_EXPIRES, Attribute, None), - mkEntry2(CKA_NETSCAPE_KRL, Attribute, None), - mkEntry2(CKA_NETSCAPE_PQG_COUNTER, Attribute, None), - mkEntry2(CKA_NETSCAPE_PQG_SEED, Attribute, None), - mkEntry2(CKA_NETSCAPE_PQG_H, Attribute, None), - mkEntry2(CKA_NETSCAPE_PQG_SEED_BITS, Attribute, None), - mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust), - mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust), - mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust), - mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust), - mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust), - mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust), - mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust), - mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust), - mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust), - mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust), - mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust), - mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust), - mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust), - mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust), - mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust), - mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None), - mkEntry2(CKA_CERT_MD5_HASH, Attribute, None), - mkEntry2(CKA_NETSCAPE_DB, Attribute, None), - mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust), - - mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_RSA_PKCS, Mechanism), - mkEntry(CKM_RSA_9796, Mechanism), - mkEntry(CKM_RSA_X_509, Mechanism), - mkEntry(CKM_MD2_RSA_PKCS, Mechanism), - mkEntry(CKM_MD5_RSA_PKCS, Mechanism), - mkEntry(CKM_SHA1_RSA_PKCS, Mechanism), - mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism), - mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism), - mkEntry(CKM_RSA_PKCS_OAEP, Mechanism), - mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_RSA_X9_31, Mechanism), - mkEntry(CKM_SHA1_RSA_X9_31, Mechanism), - mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_DSA, Mechanism), - mkEntry(CKM_DSA_SHA1, Mechanism), - mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_DH_PKCS_DERIVE, Mechanism), - mkEntry(CKM_X9_42_DH_PKCS_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_X9_42_DH_DERIVE, Mechanism), - mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism), - mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism), - mkEntry(CKM_SHA256_RSA_PKCS, Mechanism), - mkEntry(CKM_SHA384_RSA_PKCS, Mechanism), - mkEntry(CKM_SHA512_RSA_PKCS, Mechanism), - mkEntry(CKM_RC2_KEY_GEN, Mechanism), - mkEntry(CKM_RC2_ECB, Mechanism), - mkEntry(CKM_RC2_CBC, Mechanism), - mkEntry(CKM_RC2_MAC, Mechanism), - mkEntry(CKM_RC2_MAC_GENERAL, Mechanism), - mkEntry(CKM_RC2_CBC_PAD, Mechanism), - mkEntry(CKM_RC4_KEY_GEN, Mechanism), - mkEntry(CKM_RC4, Mechanism), - mkEntry(CKM_DES_KEY_GEN, Mechanism), - mkEntry(CKM_DES_ECB, Mechanism), - mkEntry(CKM_DES_CBC, Mechanism), - mkEntry(CKM_DES_MAC, Mechanism), - mkEntry(CKM_DES_MAC_GENERAL, Mechanism), - mkEntry(CKM_DES_CBC_PAD, Mechanism), - mkEntry(CKM_DES2_KEY_GEN, Mechanism), - mkEntry(CKM_DES3_KEY_GEN, Mechanism), - mkEntry(CKM_DES3_ECB, Mechanism), - mkEntry(CKM_DES3_CBC, Mechanism), - mkEntry(CKM_DES3_MAC, Mechanism), - mkEntry(CKM_DES3_MAC_GENERAL, Mechanism), - mkEntry(CKM_DES3_CBC_PAD, Mechanism), - mkEntry(CKM_CDMF_KEY_GEN, Mechanism), - mkEntry(CKM_CDMF_ECB, Mechanism), - mkEntry(CKM_CDMF_CBC, Mechanism), - mkEntry(CKM_CDMF_MAC, Mechanism), - mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism), - mkEntry(CKM_CDMF_CBC_PAD, Mechanism), - mkEntry(CKM_MD2, Mechanism), - mkEntry(CKM_MD2_HMAC, Mechanism), - mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism), - mkEntry(CKM_MD5, Mechanism), - mkEntry(CKM_MD5_HMAC, Mechanism), - mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA_1, Mechanism), - mkEntry(CKM_SHA_1_HMAC, Mechanism), - mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism), - mkEntry(CKM_RIPEMD128, Mechanism), - mkEntry(CKM_RIPEMD128_HMAC, Mechanism), - mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism), - mkEntry(CKM_RIPEMD160, Mechanism), - mkEntry(CKM_RIPEMD160_HMAC, Mechanism), - mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA256, Mechanism), - mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA256_HMAC, Mechanism), - mkEntry(CKM_SHA384, Mechanism), - mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA384_HMAC, Mechanism), - mkEntry(CKM_SHA512, Mechanism), - mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism), - mkEntry(CKM_SHA512_HMAC, Mechanism), - mkEntry(CKM_CAST_KEY_GEN, Mechanism), - mkEntry(CKM_CAST_ECB, Mechanism), - mkEntry(CKM_CAST_CBC, Mechanism), - mkEntry(CKM_CAST_MAC, Mechanism), - mkEntry(CKM_CAST_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST_CBC_PAD, Mechanism), - mkEntry(CKM_CAST3_KEY_GEN, Mechanism), - mkEntry(CKM_CAST3_ECB, Mechanism), - mkEntry(CKM_CAST3_CBC, Mechanism), - mkEntry(CKM_CAST3_MAC, Mechanism), - mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST3_CBC_PAD, Mechanism), - mkEntry(CKM_CAST5_KEY_GEN, Mechanism), - mkEntry(CKM_CAST128_KEY_GEN, Mechanism), - mkEntry(CKM_CAST5_ECB, Mechanism), - mkEntry(CKM_CAST128_ECB, Mechanism), - mkEntry(CKM_CAST5_CBC, Mechanism), - mkEntry(CKM_CAST128_CBC, Mechanism), - mkEntry(CKM_CAST5_MAC, Mechanism), - mkEntry(CKM_CAST128_MAC, Mechanism), - mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism), - mkEntry(CKM_CAST5_CBC_PAD, Mechanism), - mkEntry(CKM_CAST128_CBC_PAD, Mechanism), - mkEntry(CKM_RC5_KEY_GEN, Mechanism), - mkEntry(CKM_RC5_ECB, Mechanism), - mkEntry(CKM_RC5_CBC, Mechanism), - mkEntry(CKM_RC5_MAC, Mechanism), - mkEntry(CKM_RC5_MAC_GENERAL, Mechanism), - mkEntry(CKM_RC5_CBC_PAD, Mechanism), - mkEntry(CKM_IDEA_KEY_GEN, Mechanism), - mkEntry(CKM_IDEA_ECB, Mechanism), - mkEntry(CKM_IDEA_CBC, Mechanism), - mkEntry(CKM_IDEA_MAC, Mechanism), - mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism), - mkEntry(CKM_IDEA_CBC_PAD, Mechanism), - mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism), - mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism), - mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism), - mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism), - mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism), - mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism), - mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism), - mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism), - mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism), - mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism), - mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism), - mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism), - mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism), - mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism), - mkEntry(CKM_SSL3_MD5_MAC, Mechanism), - mkEntry(CKM_SSL3_SHA1_MAC, Mechanism), - mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism), - mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism), - mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism), - mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism), - mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism), - mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism), - mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism), - mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism), - mkEntry(CKM_PKCS5_PBKD2, Mechanism), - mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism), - mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism), - mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism), - mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism), - mkEntry(CKM_SKIPJACK_ECB64, Mechanism), - mkEntry(CKM_SKIPJACK_CBC64, Mechanism), - mkEntry(CKM_SKIPJACK_OFB64, Mechanism), - mkEntry(CKM_SKIPJACK_CFB64, Mechanism), - mkEntry(CKM_SKIPJACK_CFB32, Mechanism), - mkEntry(CKM_SKIPJACK_CFB16, Mechanism), - mkEntry(CKM_SKIPJACK_CFB8, Mechanism), - mkEntry(CKM_SKIPJACK_WRAP, Mechanism), - mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism), - mkEntry(CKM_SKIPJACK_RELAYX, Mechanism), - mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_KEA_KEY_DERIVE, Mechanism), - mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism), - mkEntry(CKM_BATON_KEY_GEN, Mechanism), - mkEntry(CKM_BATON_ECB128, Mechanism), - mkEntry(CKM_BATON_ECB96, Mechanism), - mkEntry(CKM_BATON_CBC128, Mechanism), - mkEntry(CKM_BATON_COUNTER, Mechanism), - mkEntry(CKM_BATON_SHUFFLE, Mechanism), - mkEntry(CKM_BATON_WRAP, Mechanism), - mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism), - mkEntry(CKM_ECDSA, Mechanism), - mkEntry(CKM_ECDSA_SHA1, Mechanism), - mkEntry(CKM_ECDH1_DERIVE, Mechanism), - mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism), - mkEntry(CKM_ECMQV_DERIVE, Mechanism), - mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism), - mkEntry(CKM_JUNIPER_ECB128, Mechanism), - mkEntry(CKM_JUNIPER_CBC128, Mechanism), - mkEntry(CKM_JUNIPER_COUNTER, Mechanism), - mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism), - mkEntry(CKM_JUNIPER_WRAP, Mechanism), - mkEntry(CKM_FASTHASH, Mechanism), - mkEntry(CKM_AES_KEY_GEN, Mechanism), - mkEntry(CKM_AES_ECB, Mechanism), - mkEntry(CKM_AES_CBC, Mechanism), - mkEntry(CKM_AES_MAC, Mechanism), - mkEntry(CKM_AES_MAC_GENERAL, Mechanism), - mkEntry(CKM_AES_CBC_PAD, Mechanism), - mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism), - mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism), - mkEntry(CKM_DH_X9_42_PARAMETER_GEN, Mechanism), - mkEntry(CKM_NETSCAPE_AES_KEY_WRAP, Mechanism), - mkEntry(CKM_NETSCAPE_AES_KEY_WRAP_PAD, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism), - mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism), - mkEntry(CKM_TLS_PRF_GENERAL, Mechanism), - - mkEntry(CKR_OK, Result), - mkEntry(CKR_CANCEL, Result), - mkEntry(CKR_HOST_MEMORY, Result), - mkEntry(CKR_SLOT_ID_INVALID, Result), - mkEntry(CKR_GENERAL_ERROR, Result), - mkEntry(CKR_FUNCTION_FAILED, Result), - mkEntry(CKR_ARGUMENTS_BAD, Result), - mkEntry(CKR_NO_EVENT, Result), - mkEntry(CKR_NEED_TO_CREATE_THREADS, Result), - mkEntry(CKR_CANT_LOCK, Result), - mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result), - mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result), - mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result), - mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result), - mkEntry(CKR_DATA_INVALID, Result), - mkEntry(CKR_DATA_LEN_RANGE, Result), - mkEntry(CKR_DEVICE_ERROR, Result), - mkEntry(CKR_DEVICE_MEMORY, Result), - mkEntry(CKR_DEVICE_REMOVED, Result), - mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result), - mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result), - mkEntry(CKR_FUNCTION_CANCELED, Result), - mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result), - mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result), - mkEntry(CKR_KEY_HANDLE_INVALID, Result), - mkEntry(CKR_KEY_SIZE_RANGE, Result), - mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result), - mkEntry(CKR_KEY_NOT_NEEDED, Result), - mkEntry(CKR_KEY_CHANGED, Result), - mkEntry(CKR_KEY_NEEDED, Result), - mkEntry(CKR_KEY_INDIGESTIBLE, Result), - mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result), - mkEntry(CKR_KEY_NOT_WRAPPABLE, Result), - mkEntry(CKR_KEY_UNEXTRACTABLE, Result), - mkEntry(CKR_KEY_PARAMS_INVALID, Result), - mkEntry(CKR_MECHANISM_INVALID, Result), - mkEntry(CKR_MECHANISM_PARAM_INVALID, Result), - mkEntry(CKR_OBJECT_HANDLE_INVALID, Result), - mkEntry(CKR_OPERATION_ACTIVE, Result), - mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result), - mkEntry(CKR_PIN_INCORRECT, Result), - mkEntry(CKR_PIN_INVALID, Result), - mkEntry(CKR_PIN_LEN_RANGE, Result), - mkEntry(CKR_PIN_EXPIRED, Result), - mkEntry(CKR_PIN_LOCKED, Result), - mkEntry(CKR_SESSION_CLOSED, Result), - mkEntry(CKR_SESSION_COUNT, Result), - mkEntry(CKR_SESSION_HANDLE_INVALID, Result), - mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result), - mkEntry(CKR_SESSION_READ_ONLY, Result), - mkEntry(CKR_SESSION_EXISTS, Result), - mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result), - mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result), - mkEntry(CKR_SIGNATURE_INVALID, Result), - mkEntry(CKR_SIGNATURE_LEN_RANGE, Result), - mkEntry(CKR_TEMPLATE_INCOMPLETE, Result), - mkEntry(CKR_TEMPLATE_INCONSISTENT, Result), - mkEntry(CKR_TOKEN_NOT_PRESENT, Result), - mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result), - mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result), - mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result), - mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result), - mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result), - mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result), - mkEntry(CKR_USER_NOT_LOGGED_IN, Result), - mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result), - mkEntry(CKR_USER_TYPE_INVALID, Result), - mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result), - mkEntry(CKR_USER_TOO_MANY_TYPES, Result), - mkEntry(CKR_WRAPPED_KEY_INVALID, Result), - mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result), - mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result), - mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result), - mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result), - mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result), - mkEntry(CKR_RANDOM_NO_RNG, Result), - mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result), - mkEntry(CKR_BUFFER_TOO_SMALL, Result), - mkEntry(CKR_SAVED_STATE_INVALID, Result), - mkEntry(CKR_INFORMATION_SENSITIVE, Result), - mkEntry(CKR_STATE_UNSAVEABLE, Result), - mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result), - mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result), - mkEntry(CKR_MUTEX_BAD, Result), - mkEntry(CKR_MUTEX_NOT_LOCKED, Result), - mkEntry(CKR_VENDOR_DEFINED, Result), - - mkEntry(CKT_NETSCAPE_TRUSTED, Trust), - mkEntry(CKT_NETSCAPE_TRUSTED_DELEGATOR, Trust), - mkEntry(CKT_NETSCAPE_UNTRUSTED, Trust), - mkEntry(CKT_NETSCAPE_MUST_VERIFY, Trust), - mkEntry(CKT_NETSCAPE_TRUST_UNKNOWN, Trust), - mkEntry(CKT_NETSCAPE_VALID, Trust), - mkEntry(CKT_NETSCAPE_VALID_DELEGATOR, Trust), -}; - -const Constant *consts = &_consts[0]; -const int constCount = sizeof(_consts)/sizeof(_consts[0]); - -const Commands _commands[] = { - {"C_Initialize", F_C_Initialize, - {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Finalize", F_C_Finalize, - {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetInfo", F_C_GetInfo, - {ArgInfo|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetFunctionList", F_C_GetFunctionList, - {ArgFunctionList|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetSlotList", F_C_GetSlotList, - {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetSlotInfo", F_C_GetSlotInfo, - {ArgULong, ArgSlotInfo|ArgOut, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetTokenInfo", F_C_GetTokenInfo, - {ArgULong, ArgTokenInfo|ArgOut, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetMechanismList", F_C_GetMechanismList, - {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetMechanismInfo", F_C_GetMechanismInfo, - {ArgULong, ArgULong, ArgMechanismInfo|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_InitToken", F_C_InitToken, - {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_InitPIN", F_C_InitPIN, - {ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SetPIN", F_C_SetPIN, - {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_OpenSession", F_C_OpenSession, - {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CloseSession", F_C_CloseSession, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CloseAllSessions", F_C_CloseAllSessions, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetSessionInfo", F_C_GetSessionInfo, - {ArgULong, ArgSessionInfo|ArgOut, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetOperationState", F_C_GetOperationState, - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SetOperationState", F_C_SetOperationState, - {ArgULong, ArgChar|ArgOut, ArgULong, ArgULong, ArgULong, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Login", F_C_Login, - {ArgULong, ArgULong, ArgVar, ArgULong, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Logout", F_C_Logout, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CreateObject", F_C_CreateObject, - {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CopyObject", F_C_CopyObject, - {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DestroyObject", F_C_DestroyObject, - {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetObjectSize", F_C_GetObjectSize, - {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetAttributeValue", F_C_GetAttributeValue, - {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SetAttributeValue", F_C_SetAttributeValue, - {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_FindObjectsInit", F_C_FindObjectsInit, - {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_FindObjectsFinal", F_C_FindObjectsFinal, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_FindObjects", F_C_FindObjects, - {ArgULong, ArgULong|ArgOut, ArgULong, ArgULong|ArgOut, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_EncryptInit", F_C_EncryptInit, - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_EncryptUpdate", F_C_EncryptUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_EncryptFinal", F_C_EncryptFinal, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Encrypt", F_C_Encrypt, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptInit", F_C_DecryptInit, - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptUpdate", F_C_DecryptUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptFinal", F_C_DecryptFinal, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Decrypt", F_C_Decrypt, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestInit", F_C_DigestInit, - {ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestUpdate", F_C_DigestUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestKey", F_C_DigestKey, - {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestFinal", F_C_DigestFinal, - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Digest", F_C_Digest, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignInit", F_C_SignInit, - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignUpdate", F_C_SignUpdate, - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignFinal", F_C_SignFinal, - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignRecoverInit", F_C_SignRecoverInit, - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignRecover", F_C_SignRecover, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Sign", F_C_Sign, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyInit", F_C_VerifyInit, - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyUpdate", F_C_VerifyUpdate, - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyFinal", F_C_VerifyFinal, - {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyRecoverInit", F_C_VerifyRecoverInit, - {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_VerifyRecover", F_C_VerifyRecover, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_Verify", F_C_Verify, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DigestEncryptUpdate", F_C_DigestEncryptUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptDigestUpdate", F_C_DecryptDigestUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SignEncryptUpdate", F_C_SignEncryptUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_DecryptVerifyUpdate", F_C_DecryptVerifyUpdate, - {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GenerateKeyPair", F_C_GenerateKeyPair, - {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong, - ArgAttribute|ArgArray, - ArgULong, ArgULong|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone }}, - {"C_GenerateKey", F_C_GenerateKey, - {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong, - ArgULong|ArgOut, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_WrapKey", F_C_WrapKey, - {ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong, - ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, ArgNone }}, - {"C_UnwrapKey", F_C_UnwrapKey, - {ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong, - ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone }}, - {"C_DeriveKey", F_C_DeriveKey, - {ArgULong, ArgMechanism, ArgULong, ArgAttribute|ArgArray, ArgULong, - ArgULong|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_SeedRandom", F_C_SeedRandom, - {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GenerateRandom", F_C_GenerateRandom, - {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_GetFunctionStatus", F_C_GetFunctionStatus, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_CancelFunction", F_C_CancelFunction, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"C_WaitForSlotEvent", F_C_WaitForSlotEvent, - {ArgULong, ArgULong|ArgArray, ArgVar, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewArray", F_NewArray, - {ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewTemplate", F_NewTemplate, - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"NewMechanism", F_NewMechanism, - {ArgMechanism|ArgOut, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"BuildTemplate", F_BuildTemplate, - {ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"SetTemplate", F_SetTemplate, - {ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Set", F_SetVar, - {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Print", F_Print, - {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Delete", F_Delete, - {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Load", F_Load, - {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Save", F_SaveVar, - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Restore", F_RestoreVar, - {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"List", F_List, - {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Unload", F_Unload, - {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Run", F_Run, - {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"System", F_System, - {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, - {"Quit", F_Quit, - {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, - ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, -}; - -const Commands *commands= &_commands[0]; -const int commandCount = sizeof(_commands) / sizeof(_commands[0]); - - diff --git a/security/nss/cmd/pk11util/pk11util.c b/security/nss/cmd/pk11util/pk11util.c deleted file mode 100644 index e77098202..000000000 --- a/security/nss/cmd/pk11util/pk11util.c +++ /dev/null @@ -1,1677 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL", in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - - -#include <stdio.h> -#include <string.h> - -#if defined(WIN32) -#undef __STDC__ -#include "fcntl.h" -#include "io.h" -#else -#include <unistd.h> -#include <sys/fcntl.h> -#endif - -#include "secutil.h" - - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pkcs11.h" - -#include "pk11util.h" - -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -CK_ULONG systemFlags; -#define FLAG_NEGATE 0x80000000 -#define FLAG_Verify 0x00000001 -#define FLAG_VerifyFile 0x00000002 - -int ArgSize(ArgType type); -char *constLookup(char *bp, CK_ULONG *value, ConstType *type); - -void printConst(CK_ULONG value, ConstType type, int newLine) -{ - int i; - - for (i=0; i < constCount; i++) { - if (consts[i].type == type && consts[i].value == value) { - printf("%s",consts[i].name); - break; - } - if (type == ConstNone && consts[i].value == value) { - printf("%s",consts[i].name); - break; - } - } - if (i == constCount) { - printf("Unknown %s (%lu:0x%lx)",constTypeString[type],value,value); - } - if (newLine) { - printf("\n"); - } -} - -ConstType getConstFromAttribute(CK_ATTRIBUTE_TYPE type) -{ - int i; - - for (i=0; i < constCount; i++) { - if (consts[i].type == ConstAttribute && consts[i].value == type) { - return consts[i].attrType; - } - } - return ConstNone; -} - -void printChars(char *name, CK_ULONG size) -{ - CK_ULONG i; - for (i=0; i < size; i++) { - if (name[i] == 0) { - break; - } - printf("%c",name[i]); - } - printf("\n"); -} - -#define DUMP_LEN 16 -void printDump(unsigned char *buf, int size) -{ - int i,j; - - for(i=0; i < size; i+= DUMP_LEN) { - printf(" "); - for (j=0; j< DUMP_LEN; j++) { - if (i+j < size) { - printf("%02x ",buf[i+j]); - } else { - printf(" "); - } - } - for (j=0; j< DUMP_LEN; j++) { - if (i+j < size) { - if (buf[i+j] < ' ' || buf[i+j] >= 0x7f) { - printf("."); - } else { - printf("%c",buf[i+j]); - } - } else { - printf(" "); - } - } - printf("\n"); - } -} - -/* - * free an argument structure - */ -void argFree(Value *arg) -{ - if (arg == NULL) return; - - arg->reference--; - if (arg->reference == 0) { - if (arg->type & ArgFile) { - free(arg->filename); - } - if (arg->data) { - if ((arg->type & ArgMask) == ArgAttribute) { - int i; - CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)arg->data; - - for (i=0; i < arg->arraySize; i++) { - free(template[i].pValue); - } - } - free(arg->data); - } - free (arg); - } -} - -/* - * free and argument list - */ -void parseFree(Value **ap) -{ - int i; - for (i=0 ; i < MAX_ARGS; i++) { - argFree(ap[i]); - } -} - -/* - * getEnd: how for to the end of this argmument list? - */ -int getEnd(char *bp) -{ - int count = 0; - - while (*bp) { - if (*bp == ' ' || *bp == '\t' || *bp == '\n') return count; - count++; - bp++; - } - return (count); -} - - -/* - * strip: return the first none white space character - */ -char *strip(char *bp) -{ - while (*bp && (*bp == ' ' || *bp == '\t' || *bp == '\n')) bp++; - return bp; -} - -/* - * read in the next argument into dp ... don't overflow - */ -char *readChars(char *bp, char *dp, int max ) -{ - int count = 0; - while (*bp) { - if (*bp == ' ' || *bp == '\t' || *bp == '\n' ) { - *dp = 0; - return bp; - } - *dp++ = *bp++; - if (++count == max) break; - } - while (*bp && (*bp != ' ' && *bp != '\t' && *bp != '\n')) bp++; - *dp = 0; - return (bp); -} - -/* - * look up a variable from the variable chain - */ -static Variable *varHead = NULL; -Value * varLookup(char *bp, char *vname, int max) { - Variable *current; - bp = readChars(bp, vname, max); - - for (current = varHead; current; current = current->next) { - if (PL_strcasecmp(current->vname, vname) == 0) { - return current->value; - } - } - return NULL; -} - -static CK_RV list(void) -{ - Variable *current; - - if (varHead) { - printf(" %10s\t%16s\t%8s\tSize\tElements\n","Name","Type","Const"); - } else { - printf(" no variables set\n"); - } - - for (current = varHead; current; current = current->next) { - printf(" %10s\t%16s\t%8s\t%d\t%d\n", current->vname, - valueString[current->value->type&ArgMask], - constTypeString[current->value->constType], - current->value->size, current->value->arraySize); - } - return CKR_OK; -} - -CK_RV printFlags(char *s, CK_ULONG flags, ConstType type) -{ - CK_ULONG i; - int needComma = 0; - - printf("%s",s); - for (i=1; i ; i=i << 1) { - if (flags & i) { - printf("%s",needComma?",":""); - printConst(i, type, 0); - needComma=1; - } - } - if (!needComma) { - printf("Empty"); - } - printf("\n"); - return CKR_OK; -} - -Value *NewValue(ArgType type, CK_ULONG arraySize) -{ - Value *value; - - value = (Value *)malloc(sizeof(Value)); - if (!value) return NULL; - value->size = ArgSize(type)*arraySize; - value->type = type; - value->filename = NULL; - value->constType = ConstNone; - value->data = (void *)malloc(value->size); - if (!value->data) { - free(value); - return NULL; - } - value->reference = 1; - value->arraySize = arraySize; - - memset(value->data, 0, value->size); - return value; -} - -/* - * add a new variable to the chain - */ -char *AddVariable(char *bp, Value **ptr) -{ - char vname[512]; - Variable *current; - int size; - - bp = readChars(bp,vname,sizeof(vname)); - - for (current = varHead; current; current = current->next) { - if (PL_strcasecmp(current->vname,vname) == 0) { - argFree(*ptr); - *ptr = current->value; - return bp; - } - } - - current = (Variable *)malloc(sizeof(Variable)); - size = strlen(vname); - current->vname = (char *)malloc(size+1); - strcpy(current->vname,vname); - current->value = *ptr; - (*ptr)->reference++; - - current->next = varHead; - varHead = current; - return bp; -} - -ArgType FindTypeByName(char *typeName) -{ - int i; - - for (i=0; i < valueCount; i++) { - if (PL_strcasecmp(typeName,valueString[i]) == 0) { - return (ArgType) i; - } - if (valueString[i][0] == 'C' && valueString[i][1] == 'K' && - valueString[i][2] == '_' && - (PL_strcasecmp(typeName,&valueString[i][3]) == 0)) { - return (ArgType) i; - } - } - return ArgNone; -} - -CK_RV ArrayVariable(char *bp, char *typeName, CK_ULONG count) -{ - ArgType type; - Value *value; /* new Value */ - - type = FindTypeByName(typeName); - if (type == ArgNone) { - fprintf(stderr,"Invalid type (%s)\n", typeName); - return CKR_FUNCTION_FAILED; - } - value = NewValue(type, count); - (void) AddVariable(bp, &value); - return CKR_OK; -} - -#define MAX_TEMPLATE 25 - -CK_RV ArrayTemplate(char *bp, char *attributes) -{ - char aname[512]; - CK_ULONG attributeTypes[MAX_TEMPLATE]; - CK_ATTRIBUTE *template; - Value *value; /* new Value */ - char *ap; - int i, count = 0; - - memcpy(aname,attributes,strlen(attributes)+1); - - for (ap = aname, count = 0; ap && *ap && count < MAX_TEMPLATE; count++) { - char *cur = ap; - ConstType type; - - ap = strchr(ap,','); - if (ap) { - *ap++ = 0; - } - - (void)constLookup(cur, &attributeTypes[count], &type); - if ((type != ConstAttribute) && (type != ConstNone)) { - printf("Unknown Attribute %s\n", cur); - return CKR_FUNCTION_FAILED; - } - } - - value = NewValue(ArgAttribute, count); - - template = (CK_ATTRIBUTE *)value->data; - for (i=0; i < count ; i++) { - template[i].type = attributeTypes[i]; - } - (void) AddVariable(bp, &value); - return CKR_OK; -} - -CK_RV BuildTemplate(Value *vp) -{ - CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data; - int i; - - for (i=0; i < vp->arraySize; i++) { - if (((signed long)template[i].ulValueLen) > 0) { - if (template[i].pValue) free(template[i].pValue); - template[i].pValue = malloc(template[i].ulValueLen); - } - } - return CKR_OK; -} - -CK_RV SetTemplate(Value *vp, CK_ULONG index, CK_ULONG value) -{ - CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data; - int isbool = 0; - CK_ULONG len; - ConstType attrType; - - if (index >= vp->arraySize) { - fprintf(stderr,"index (%lu) greater than array (%d)\n", - index, vp->arraySize); - return CKR_ARGUMENTS_BAD; - } - attrType = getConstFromAttribute(template[index].type); - - if (attrType == ConstNone) { - fprintf(stderr,"can't set index (%lu) because ", index); - printConst(template[index].type,ConstAttribute, 0); - printf(" is not a CK_BBOOL or CK_ULONG\n"); - return CKR_ARGUMENTS_BAD; - } - isbool = (attrType == ConstBool); - len = isbool ? sizeof (CK_BBOOL) : sizeof(CK_ULONG); - if ((template[index].ulValueLen != len) || (template[index].pValue)) { - free(template[index].pValue); - template[index].pValue = malloc(len); - template[index].ulValueLen = len; - } - if (isbool) { - *(CK_BBOOL *)template[index].pValue = (CK_BBOOL) value; - } else { - *(CK_ULONG *)template[index].pValue = (CK_ULONG) value; - } - return CKR_OK; - -} - -CK_RV NewMechanism(char *bp, CK_ULONG mechType) -{ - Value *value; /* new Value */ - CK_MECHANISM *mechanism; - - value = NewValue(ArgMechanism, 1); - mechanism = (CK_MECHANISM *)value->data; - mechanism->mechanism = mechType; - mechanism->pParameter = NULL; - mechanism->ulParameterLen = 0; - (void) AddVariable(bp, &value); - return CKR_OK; -} - -/* - * add a new variable to the chain - */ -CK_RV DeleteVariable(char *bp) -{ - char vname[512]; - Variable **current; - - bp = readChars(bp,vname,sizeof(vname)); - - for (current = &varHead; *current; current = &(*current)->next) { - if (PL_strcasecmp((*current)->vname,vname) == 0) { - argFree((*current)->value); - *current = (*current)->next; - } - } - return CKR_OK; -} - -/* - * convert an octal value to integer - */ -CK_ULONG otoi(char *o) -{ - CK_ULONG value = 0; - - while (*o) { - if ((*o >= '0') && (*o <= '7')) { - value = (value << 3) | (unsigned)(*o - '0'); - } else { - break; - } - } - return value; -} - -/* - * convert a hex value to integer - */ -CK_ULONG htoi(char *x) -{ - CK_ULONG value = 0; - - while (*x) { - if ((*x >= '0') && (*x <= '9')) { - value = (value << 4) | (unsigned)(*x - '0'); - } else if ((*x >= 'a') && (*x <= 'f')) { - value = (value << 4) | (unsigned)(*x - 'a'); - } else if ((*x >= 'A') && (*x <= 'F')) { - value = (value << 4) | (unsigned)(*x - 'A'); - } else { - break; - } - } - return value; -} - - -/* - * look up or decode a constant value - */ -char *constLookup(char *bp, CK_ULONG *value, ConstType *type) -{ - char vname[512]; - int i; - - bp = readChars(bp,vname,sizeof(vname)); - - for (i=0; i < constCount; i++) { - if ((PL_strcasecmp(consts[i].name,vname) == 0) || - PL_strcasecmp(consts[i].name+5,vname) == 0) { - *value = consts[i].value; - *type = consts[i].type; - return bp; - } - } - - *type = ConstNone; - if (vname[0] == '0' && vname[1] == 'X') { - *value = htoi(&vname[2]); - } else if (vname[0] == '0') { - *value = otoi(&vname[1]); - } else { - *value = atoi(vname); - } - return bp; -} - -int ArgSize(ArgType type) -{ - int size=0; - type &= ArgMask; - - switch (type) { - case ArgNone: - size = 0; - break; - case ArgULong: - size = sizeof(CK_ULONG); - break; - case ArgVar: - size = 1; /* get's changed later */ - break; - case ArgChar: - case ArgUTF8: - size = 1; - break; - case ArgInfo: - size = sizeof(CK_INFO); - break; - case ArgSlotInfo: - size = sizeof(CK_SLOT_INFO); - break; - case ArgTokenInfo: - size = sizeof(CK_TOKEN_INFO); - break; - case ArgSessionInfo: - size = sizeof(CK_SESSION_INFO); - break; - case ArgAttribute: - size = sizeof(CK_ATTRIBUTE); - break; - case ArgMechanism: - size = sizeof(CK_MECHANISM); - break; - case ArgMechanismInfo: - size = sizeof(CK_MECHANISM_INFO); - break; - case ArgInitializeArgs: - size = sizeof(CK_C_INITIALIZE_ARGS); - break; - case ArgFunctionList: - size = sizeof(CK_FUNCTION_LIST); - break; - default: - break; - } - - return (size); -} - -CK_RV -restore(char *filename,Value *ptr) -{ - int fd,size; - - fd = open(filename,O_RDONLY|O_BINARY); - if (fd < 0) { - perror(filename); - return CKR_FUNCTION_FAILED; - } - - size = read(fd,ptr->data,ptr->size); - if (systemFlags & FLAG_VerifyFile) { - printDump(ptr->data,ptr->size); - } - if (size < 0) { - perror(filename); - return CKR_FUNCTION_FAILED; - } else if (size != ptr->size) { - fprintf(stderr,"%s: only read %d bytes, needed to read %d bytes\n", - filename,size,ptr->size); - return CKR_FUNCTION_FAILED; - } - close(fd); - return CKR_OK; -} - -CK_RV -save(char *filename,Value *ptr) -{ - int fd,size; - - fd = open(filename,O_WRONLY|O_BINARY|O_CREAT,0666); - if (fd < 0) { - perror(filename); - return CKR_FUNCTION_FAILED; - } - - size = write(fd,ptr->data,ptr->size); - if (size < 0) { - perror(filename); - return CKR_FUNCTION_FAILED; - } else if (size != ptr->size) { - fprintf(stderr,"%s: only wrote %d bytes, need to write %d bytes\n", - filename,size,ptr->size); - return CKR_FUNCTION_FAILED; - } - close(fd); - return CKR_OK; -} - -CK_RV printArg(Value *ptr,int arg_number) -{ - ArgType type = ptr->type & ArgMask; - CK_INFO *info; - CK_SLOT_INFO *slotInfo; - CK_TOKEN_INFO *tokenInfo; - CK_SESSION_INFO *sessionInfo; - CK_ATTRIBUTE *attribute; - CK_MECHANISM *mechanism; - CK_MECHANISM_INFO *mechanismInfo; - CK_C_INITIALIZE_ARGS *initArgs; - CK_FUNCTION_LIST *functionList; - CK_RV ckrv = CKR_OK; - ConstType constType; - - if (arg_number) { - printf("Arg %d: \n",arg_number); - } - if (ptr->arraySize > 1) { - Value element; - int i; - int elementSize = ptr->size/ptr->arraySize; - char *dp = (char *)ptr->data; - - /* build a temporary Value to hold a single element */ - element.type = type; - element.constType = ptr->constType; - element.size = elementSize; - element.filename = ptr->filename; - element.reference = 1; - element.arraySize = 1; - for (i=0; i < ptr->arraySize; i++) { - printf(" -----[ %d ] -----\n", i); - element.data = (void *) &dp[i*elementSize]; - (void) printArg(&element, 0); - } - return ckrv; - } - if (ptr->data == NULL) { - printf(" NULL ptr to a %s\n", valueString[type]); - return ckrv; - } - switch (type) { - case ArgNone: - printf(" None\n"); - break; - case ArgULong: - printf(" %lu (0x%lx)\n", *((CK_ULONG *)ptr->data), - *((CK_ULONG *)ptr->data)); - if (ptr->constType != ConstNone) { - printf(" "); - printConst(*(CK_ULONG *)ptr->data,ptr->constType,1); - } - break; - case ArgVar: - printf(" Variable.....error\n"); - ckrv = CKR_ARGUMENTS_BAD; - break; - case ArgUTF8: - printf(" %s\n",(char *)ptr->data); - break; - case ArgChar: - printDump(ptr->data,ptr->size); - break; - case ArgInfo: -#define VERSION(x) (x).major, (x).minor - info = (CK_INFO *)ptr->data; - printf(" Cryptoki Version: %d.%02d\n", - VERSION(info->cryptokiVersion)); - printf(" Manufacturer ID: "); - printChars(info->manufacturerID,sizeof(info->manufacturerID)); - printFlags(" Flags: ", info->flags, ConstInfoFlags); - printf(" Library Description: "); - printChars(info->libraryDescription,sizeof(info->libraryDescription)); - printf(" Library Version: %d.%02d\n", - VERSION(info->libraryVersion)); - break; - case ArgSlotInfo: - slotInfo = (CK_SLOT_INFO *)ptr->data; - printf(" Slot Description: "); - printChars(slotInfo->slotDescription,sizeof(slotInfo->slotDescription)); - printf(" Manufacturer ID: "); - printChars(slotInfo->manufacturerID,sizeof(slotInfo->manufacturerID)); - printFlags(" Flags: ", slotInfo->flags, ConstSlotFlags); - printf(" Hardware Version: %d.%02d\n", - VERSION(slotInfo->hardwareVersion)); - printf(" Firmware Version: %d.%02d\n", - VERSION(slotInfo->firmwareVersion)); - break; - case ArgTokenInfo: - tokenInfo = (CK_TOKEN_INFO *)ptr->data; - printf(" Label: %s\n",tokenInfo->label); - printf(" Manufacturer ID: "); - printChars(tokenInfo->manufacturerID,sizeof(tokenInfo->manufacturerID)); - printf(" Model: "); - printChars(tokenInfo->model,sizeof(tokenInfo->model)); - printf(" Serial Number: "); - printChars(tokenInfo->serialNumber,sizeof(tokenInfo->serialNumber)); - printFlags(" Flags: ", tokenInfo->flags, ConstTokenFlags); - printf(" Max Session Count: %lu\n",tokenInfo->ulMaxSessionCount); - printf(" Session Count: %lu\n",tokenInfo->ulSessionCount); - printf(" RW Session Count: %lu\n",tokenInfo->ulMaxRwSessionCount); - printf(" Max Pin Length : %lu\n",tokenInfo->ulMaxPinLen); - printf(" Min Pin Length : %lu\n",tokenInfo->ulMinPinLen); - printf(" Total Public Memory: %lu\n", - tokenInfo->ulTotalPublicMemory); - printf(" Free Public Memory: %lu\n", - tokenInfo->ulFreePublicMemory); - printf(" Total Private Memory: %lu\n", - tokenInfo->ulTotalPrivateMemory); - printf(" Free Private Memory: %lu\n", - tokenInfo->ulFreePrivateMemory); - printf(" Hardware Version: %d.%02d\n", - VERSION(tokenInfo->hardwareVersion)); - printf(" Firmware Version: %d.%02d\n", - VERSION(tokenInfo->firmwareVersion)); - printf(" UTC Time: %s\n",tokenInfo->utcTime); - break; - case ArgSessionInfo: - sessionInfo = (CK_SESSION_INFO *)ptr->data; - printf(" SlotID: 0x%08lx\n", sessionInfo->slotID); - printf(" State: "); - printConst(sessionInfo->state, ConstSessionState, 1); - printFlags(" Flags: ", sessionInfo->flags, ConstSessionFlags); - printf(" Device error: %lu 0x%08lx\n",sessionInfo->ulDeviceError, - sessionInfo->ulDeviceError); - break; - case ArgAttribute: - attribute = (CK_ATTRIBUTE *)ptr->data; - printf(" Attribute Type: "); - printConst(attribute->type, ConstAttribute, 1); - printf(" Attribute Data: "); - if (attribute->pValue == NULL) { - printf("NULL\n"); - printf("Attribute Len: %lu\n",attribute->ulValueLen); - } else { - constType = getConstFromAttribute(attribute->type); - if (constType != ConstNone) { - CK_ULONG value = (constType == ConstBool) ? - *(CK_BBOOL *)attribute->pValue : - *(CK_ULONG *)attribute->pValue; - printConst(value, constType, 1); - } else { - printf("\n"); - printDump(attribute->pValue, attribute->ulValueLen); - } - } - break; - case ArgMechanism: - mechanism = (CK_MECHANISM *)ptr->data; - printf(" Mechanism Type: "); - printConst(mechanism->mechanism, ConstMechanism, 1); - printf(" Mechanism Data:\n"); - printDump(mechanism->pParameter, mechanism->ulParameterLen); - break; - case ArgMechanismInfo: - mechanismInfo = (CK_MECHANISM_INFO *)ptr->data; - printf(" Minimum Key Size: %ld\n",mechanismInfo->ulMinKeySize); - printf(" Maximum Key Size: %ld\n",mechanismInfo->ulMaxKeySize); - printFlags(" Flags: ", mechanismInfo->flags, ConstMechanismFlags); - break; - case ArgInitializeArgs: - initArgs = (CK_C_INITIALIZE_ARGS *)ptr->data; - printFlags(" Flags: ", initArgs->flags, ConstInitializeFlags); - case ArgFunctionList: - functionList = (CK_FUNCTION_LIST *)ptr->data; - printf(" Version: %d.%02d\n", VERSION(functionList->version)); -#ifdef notdef -#undef CK_NEED_ARG_LIST -#define CK_PKCS11_FUNCTION_INFO(func) \ - printf(" %s: 0x%08lx\n", #func, (unsigned long) functionList->func ); -#include "pkcs11f.h" -#undef CK_NEED_ARG_LIST -#undef CK_PKCS11_FUNCTION_INFO -#endif - default: - ckrv = CKR_ARGUMENTS_BAD; - break; - } - - return ckrv; -} - - -/* - * Feeling ambitious? turn this whole thing into lexx yacc parser - * with full expressions. - */ -Value ** -parseArgs(int index, char * bp) -{ - const Commands *cp = &commands[index]; - int size = strlen(cp->fname); - int i; - CK_ULONG value; - char vname[512]; - Value **argList,*possible; - ConstType constType; - - /* - * skip pass the command - */ - if ((cp->fname[0] == 'C') && (cp->fname[1] == '_') && (bp[1] != '_')) { - size -= 2; - } - bp += size; - - /* - * Initialize our argument list - */ - argList = (Value **)malloc(sizeof(Value*)*MAX_ARGS); - for (i=0; i < MAX_ARGS; i++) { argList[i] = NULL; } - - /* - * Walk the argument list parsing it... - */ - for (i=0 ;i < MAX_ARGS; i++) { - ArgType type = cp->args[i] & ArgMask; - - /* strip blanks */ - bp = strip(bp); - - /* if we hit ArgNone, we've nabbed all the arguments we need */ - if (type == ArgNone) { - break; - } - - /* if we run out of space in the line, we weren't given enough - * arguments... */ - if (*bp == '\0') { - fprintf(stderr,"%s: only %d args found,\n",cp->fname,i); - parseFree(argList); - return NULL; - } - - /* - * look up the argument in our variable list first... only - * exception is the new argument type for set... - */ - if ((cp->args[i] != (ArgVar|ArgNew)) && - (possible = varLookup(bp,vname,sizeof(vname)))) { - /* ints are only compatible with other ints... all other types - * are interchangeable... */ - if (type != ArgVar) { /* ArgVar's match anyone */ - if ((type == ArgULong) ^ - ((possible->type & ArgMask) == ArgULong)) { - fprintf(stderr,"%s: Arg %d incompatible type with <%s>\n", - cp->fname,i+1,vname); - parseFree(argList); - return NULL; - } - /* - * ... that is as long as they are big enough... - */ - if (ArgSize(type) > possible->size) { - fprintf(stderr, - "%s: Arg %d %s is too small (%d bytes needs to be %d bytes)\n", - cp->fname,i+1,vname,possible->size,ArgSize(type)); - parseFree(argList); - return NULL; - } - } - - /* everything looks kosher here, use it */ - argList[i] = possible; - possible->reference++; - - bp = readChars(bp,vname,sizeof(vname)); - if (cp->args[i] & ArgOut) { - possible->type |= ArgOut; - } - continue; - } - - /* create space for our argument */ - argList[i] = NewValue(type, 1); - - if ((PL_strncasecmp(bp, "null", 4) == 0) && ((bp[4] == 0) - || (bp[4] == ' ') || (bp[4] =='\t') || (bp[4] =='\n'))) { - if (cp->args[i] == ArgULong) { - fprintf(stderr, "%s: Arg %d CK_ULONG can't be NULL\n", - cp->fname,i+1); - parseFree(argList); - return NULL; - } - free(argList[i]->data); - argList[i]->data = NULL; - argList[i]->size = 0; - bp += 4; - if (*bp) bp++; - continue; - } - - /* if we're an output variable, we need to add it */ - if (cp->args[i] & ArgOut) { - if (PL_strncasecmp(bp,"file(",5) == 0) { - char filename[512]; - bp = readChars(bp+5,filename,sizeof(filename)); - size = strlen(filename); - if ((size > 0) && (filename[size-1] == ')')) { - filename[size-1] = 0; - } - filename[size] = 0; - argList[i]->filename = (char *)malloc(size+1); - - strcpy(argList[i]->filename,filename); - - argList[i]->type |= ArgOut|ArgFile; - break; - } - bp = AddVariable(bp,&argList[i]); - argList[i]->type |= ArgOut; - continue; - } - - if (PL_strncasecmp(bp, "file(", 5) == 0) { - char filename[512]; - - bp = readChars(bp+5,filename,sizeof(filename)); - size = strlen(filename); - if ((size > 0) && (filename[size-1] == ')')) filename[size-1] = 0; - - if (restore(filename,argList[i]) != CKR_OK) { - parseFree(argList); - return NULL; - } - continue; - } - - if (PL_strncasecmp(bp, "size(", 5) == 0) { - CK_ULONG *ulong = (CK_ULONG *)argList[i]->data; - char tmpname[512]; - - bp = readChars(bp+5,tmpname,sizeof(tmpname)); - size = strlen(tmpname); - if ((size > 0) && (tmpname[size-1] == ')')) tmpname[size-1] = 0; - - if (argList[i]->size == sizeof(CK_ULONG) || ulong == NULL) { - fprintf(stderr, - "%s: size used for non-int argument,\n",cp->fname); - parseFree(argList); - return NULL; - } - *ulong = 0; - varLookup(tmpname, vname,sizeof(vname)); - if (!possible) { - fprintf(stderr, - "%s: %s was not found\n",cp->fname, vname); - parseFree(argList); - return NULL; - } - *ulong = possible->arraySize; - continue; - } - - switch (type) { - case ArgULong: - bp = constLookup(bp, &value, &constType); - *(int *)argList[i]->data = value; - argList[i]->constType = constType; - break; - case ArgVar: - free(argList[i]->data); - size = getEnd(bp); - argList[i]->data = (void *)malloc(size); - argList[i]->size = size; - /* fall through */ - case ArgInfo: - case ArgSlotInfo: - case ArgTokenInfo: - case ArgSessionInfo: - case ArgAttribute: - case ArgMechanism: - case ArgMechanismInfo: - case ArgInitializeArgs: - case ArgUTF8: - case ArgChar: - bp = readChars(bp,(char *)argList[i]->data,argList[i]->size); - case ArgNone: - default: - break; - } - } - - return argList; -} - -/* lookup the command in the array */ -int lookup(char *buf) -{ - int size,i; - int buflen; - - buflen = strlen(buf); - - for ( i = 0; i < commandCount; i++) { - size = strlen(commands[i].fname); - - if (size > buflen) { - continue; - } - if (PL_strncasecmp(buf,commands[i].fname,size) == 0) { - return i; - } - if (size-2 > buflen) { - continue; - } - if (commands[i].fname[0] == 'C' && commands[i].fname[1] == '_' && - (PL_strncasecmp(buf,&commands[i].fname[2],size-2) == 0)) { - return i; - } - } - fprintf(stderr,"Can't find command %s\n",buf); - return -1; -} - -void -putOutput(Value **ptr) -{ - int i; - - for (i=0; i < MAX_ARGS; i++) { - ArgType type; - - if (ptr[i] == NULL) break; - - type = ptr[i]->type; - - ptr[i]->type &= ArgMask; - if (type == ArgNone) { - break; - } - if (type & ArgOut) { - (void) printArg(ptr[i],i+1); - } - if (type & ArgFile) { - save(ptr[i]->filename,ptr[i]); - free(ptr[i]->filename); - ptr[i]->filename= NULL; /* paranoia */ - } - } -} - -CK_RV unloadModule(Module *module) { - - if (module->library) { - PR_UnloadLibrary(module->library); - } - - module->library = NULL; - module->functionList = NULL; - - return CKR_OK; -} - -CK_RV loadModule(Module *module, char *library) { - PRLibrary *newLibrary; - CK_C_GetFunctionList getFunctionList; - CK_FUNCTION_LIST *functionList; - CK_RV ckrv; - - newLibrary = PR_LoadLibrary(library); - if (!newLibrary) { - fprintf(stderr,"Couldn't load library %s\n",library); - return CKR_FUNCTION_FAILED; - } - getFunctionList = (CK_C_GetFunctionList) - PR_FindSymbol(newLibrary,"C_GetFunctionList"); - if (!getFunctionList) { - fprintf(stderr,"Couldn't find \"C_GetFunctionList\" in %s\n",library); - return CKR_FUNCTION_FAILED; - } - - ckrv = (*getFunctionList)(&functionList); - if (ckrv != CKR_OK) { - return ckrv; - } - - if (module->library) { - PR_UnloadLibrary(module->library); - } - - module->library = newLibrary; - module->functionList = functionList; - - return CKR_OK; -} - -CK_RV run(char *); - -/* - * Actually dispatch the function... Bad things happen - * if these don't match the commands array. - */ -CK_RV do_func(int index, Value **a) -{ - int value; - static Module module = { NULL, NULL} ; - CK_FUNCTION_LIST *func = module.functionList; - - switch (commands[index].fType) { - case F_C_Initialize: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Initialize((void *)a[0]->data); - case F_C_Finalize: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Finalize((void *)a[0]->data); - case F_C_GetInfo: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetInfo((CK_INFO *)a[0]->data); - case F_C_GetFunctionList: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetFunctionList((CK_FUNCTION_LIST **)a[0]->data); - case F_C_GetSlotList: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetSlotList(*(CK_ULONG *)a[0]->data, - (CK_SLOT_ID *)a[1]->data, - (CK_LONG *)a[2]->data); - case F_C_GetSlotInfo: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetSlotInfo(*(CK_ULONG *)a[0]->data, - (CK_SLOT_INFO *)a[1]->data); - case F_C_GetTokenInfo: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetTokenInfo(*(CK_ULONG *)a[0]->data, - (CK_TOKEN_INFO *)a[1]->data); - case F_C_GetMechanismList: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - if (a[1]->data) { - a[1]->constType = ConstMechanism; - } - return func->C_GetMechanismList(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM_TYPE*)a[1]->data, - (CK_ULONG *)a[2]->data); - case F_C_GetMechanismInfo: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetMechanismInfo(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data, - (CK_MECHANISM_INFO *)a[2]->data); - case F_C_InitToken: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_InitToken(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data); - case F_C_InitPIN: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_InitPIN(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_SetPIN: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SetPIN(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - *(CK_ULONG *)a[4]->data); - case F_C_OpenSession: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_OpenSession(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data, - (void *)NULL, - (CK_NOTIFY) NULL, - (CK_ULONG *)a[2]->data); - case F_C_CloseSession: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_CloseSession(*(CK_ULONG *)a[0]->data); - case F_C_CloseAllSessions: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_CloseAllSessions(*(CK_ULONG *)a[0]->data); - case F_C_GetSessionInfo: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetSessionInfo(*(CK_ULONG *)a[0]->data, - (CK_SESSION_INFO *)a[1]->data); - case F_C_GetOperationState: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetOperationState(*(CK_ULONG *)a[0]->data, - (CK_BYTE *)a[1]->data, - (CK_ULONG *)a[2]->data); - case F_C_SetOperationState: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SetOperationState(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - *(CK_ULONG *)a[3]->data, - *(CK_ULONG *)a[4]->data); - case F_C_Login: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Login(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data, - (CK_CHAR *)a[2]->data, - *(CK_ULONG *)a[3]->data); - case F_C_Logout: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Logout(*(CK_ULONG *)a[0]->data); - case F_C_CreateObject: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_CreateObject(*(CK_ULONG *)a[0]->data, - (CK_ATTRIBUTE *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_ULONG *)a[3]->data); - case F_C_CopyObject: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_CopyObject(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[0]->data, - (CK_ATTRIBUTE *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_ULONG *)a[3]->data); - case F_C_DestroyObject: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DestroyObject(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data); - case F_C_GetObjectSize: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetObjectSize(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data, - (CK_ULONG *)a[2]->data); - case F_C_GetAttributeValue: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetAttributeValue(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data, - (CK_ATTRIBUTE *)a[2]->data, - *(CK_ULONG *)a[3]->data); - case F_C_SetAttributeValue: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SetAttributeValue(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data, - (CK_ATTRIBUTE *)a[2]->data, - *(CK_ULONG *)a[3]->data); - case F_C_FindObjectsInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_FindObjectsInit(*(CK_ULONG *)a[0]->data, - (CK_ATTRIBUTE *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_FindObjects: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_FindObjects(*(CK_ULONG *)a[0]->data, - (CK_ULONG *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_ULONG *)a[3]->data); - case F_C_FindObjectsFinal: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_FindObjectsFinal(*(CK_ULONG *)a[0]->data); - case F_C_EncryptInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_EncryptInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_Encrypt: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Encrypt(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_EncryptUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_EncryptUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_EncryptFinal: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_EncryptFinal(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - (CK_ULONG *)a[2]->data); - case F_C_DecryptInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DecryptInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_Decrypt: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Decrypt(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_DecryptUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DecryptUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_DecryptFinal: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DecryptFinal(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - (CK_ULONG *)a[2]->data); - case F_C_DigestInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DigestInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data); - case F_C_Digest: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Digest(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_DigestUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DigestUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_DigestKey: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DigestKey(*(CK_ULONG *)a[0]->data, - *(CK_ULONG *)a[1]->data); - case F_C_DigestFinal: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DigestFinal(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - (CK_ULONG *)a[2]->data); - case F_C_SignInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SignInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_Sign: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Sign(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_SignUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SignUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_SignFinal: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SignFinal(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - (CK_ULONG *)a[2]->data); - - case F_C_SignRecoverInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SignRecoverInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_SignRecover: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SignRecover(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_VerifyInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_VerifyInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_Verify: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_Verify(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - *(CK_ULONG *)a[4]->data); - case F_C_VerifyUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_VerifyUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_VerifyFinal: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_VerifyFinal(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - - case F_C_VerifyRecoverInit: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_VerifyRecoverInit(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_VerifyRecover: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_VerifyRecover(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_DigestEncryptUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DigestEncryptUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_DecryptDigestUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DecryptDigestUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_SignEncryptUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SignEncryptUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_DecryptVerifyUpdate: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DecryptVerifyUpdate(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_GenerateKey: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GenerateKey(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - (CK_ATTRIBUTE *)a[2]->data, - *(CK_ULONG *)a[3]->data, - (CK_ULONG *)a[4]->data); - case F_C_GenerateKeyPair: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GenerateKeyPair(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - (CK_ATTRIBUTE *)a[2]->data, - *(CK_ULONG *)a[3]->data, - (CK_ATTRIBUTE *)a[4]->data, - *(CK_ULONG *)a[5]->data, - (CK_ULONG *)a[6]->data, - (CK_ULONG *)a[7]->data); - case F_C_WrapKey: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_WrapKey(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data, - *(CK_ULONG *)a[3]->data, - (CK_CHAR *)a[5]->data, - (CK_ULONG *)a[6]->data); - case F_C_UnwrapKey: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_UnwrapKey(*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_CHAR *)a[3]->data, - *(CK_ULONG *)a[4]->data, - (CK_ATTRIBUTE *)a[5]->data, - *(CK_ULONG *)a[6]->data, - (CK_ULONG *)a[7]->data); - case F_C_DeriveKey: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_DeriveKey (*(CK_ULONG *)a[0]->data, - (CK_MECHANISM *)a[1]->data, - *(CK_ULONG *)a[2]->data, - (CK_ATTRIBUTE *)a[3]->data, - *(CK_ULONG *)a[4]->data, - (CK_ULONG *)a[5]->data); - case F_C_SeedRandom: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_SeedRandom(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_GenerateRandom: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GenerateRandom(*(CK_ULONG *)a[0]->data, - (CK_CHAR *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_C_GetFunctionStatus: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_GetFunctionStatus(*(CK_ULONG *)a[0]->data); - case F_C_CancelFunction: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_CancelFunction(*(CK_ULONG *)a[0]->data); - case F_C_WaitForSlotEvent: - if (!func) return CKR_CRYPTOKI_NOT_INITIALIZED; - return func->C_WaitForSlotEvent(*(CK_ULONG *)a[0]->data, - (CK_ULONG *)a[1]->data, - (void *)a[2]->data); - /* set a variable */ - case F_SetVar: - (void) DeleteVariable(a[0]->data); - (void) AddVariable(a[0]->data,&a[1]); - return CKR_OK; - /* print a value */ - case F_Print: - return printArg(a[0],0); - case F_SaveVar: - return save(a[0]->data,a[1]); - case F_RestoreVar: - return restore(a[0]->data,a[1]); - case F_Delete: - return DeleteVariable(a[0]->data); - case F_List: - return list(); - case F_Run: - return run(a[0]->data); - case F_Load: - return loadModule(&module,a[0]->data); - case F_Unload: - return unloadModule(&module); - case F_NewArray: - (void) DeleteVariable(a[0]->data); - return ArrayVariable(a[0]->data,a[1]->data,*(CK_ULONG *)a[2]->data); - case F_NewTemplate: - (void) DeleteVariable(a[0]->data); - return ArrayTemplate(a[0]->data,a[1]->data); - case F_BuildTemplate: - return BuildTemplate(a[0]); - case F_SetTemplate: - return SetTemplate(a[0], - *(CK_ULONG *)a[1]->data, - *(CK_ULONG *)a[2]->data); - case F_NewMechanism: - (void) DeleteVariable(a[0]->data); - return NewMechanism(a[0]->data,*(CK_ULONG *)a[1]->data); - case F_System: - value = *(int *)a[0]->data; - if (value & 0x80000000) { - systemFlags &= ~value; - } else { - systemFlags |= value; - } - return CKR_OK; - case F_Quit: - return 0x80000000; - default: - fprintf(stderr, - "Function %s not yet supported\n",commands[index].fname ); - return CKR_OK; - } - /* Not Reached */ - return CKR_OK; -} - - -CK_RV process(FILE *inFile,int user) -{ - char buf[2048]; - Value **arglist; - CK_RV error; - CK_RV ckrv = CKR_OK; - - if (user) { printf("pkcs11> "); fflush(stdout); } - - while (fgets(buf,2048,inFile) != NULL) { - int index; - char *bp; - - if (!user) printf("* %s",buf); - bp = strip(buf); - /* allow comments in scripts */ - if (*bp == '#') { - if (user) { printf("pkcs11> "); fflush(stdout); } - continue; - } - - - index = lookup(bp); - - if (index < 0) { - if (user) { printf("pkcs11> "); fflush(stdout); } - continue; - } - - arglist = parseArgs(index,bp); - if (arglist == NULL) { - if (user) { printf("pkcs11> "); fflush(stdout); } - continue; - } - - error = do_func(index,arglist); - if (error == 0x80000000) { - parseFree(arglist); - break; - } - if (error) { - ckrv = error; - printf(">> Error : "); - printConst(error, ConstResult, 1); - } - - putOutput(arglist); - - parseFree(arglist); - - if (user) { printf("pkcs11> "); fflush(stdout); } - } - return ckrv; -} - -CK_RV run(char *filename) -{ - FILE *infile; - CK_RV ckrv; - - infile = fopen(filename,"r"); - - if (infile == NULL) { - perror(filename); - return CKR_FUNCTION_FAILED; - } - - ckrv = process(infile, 0); - - fclose(infile); - return ckrv; -} - -int -main(int argc, char **argv) -{ - /* I suppose that some day we could parse some arguments */ - (void) process(stdin, 1); - return 0; -} diff --git a/security/nss/cmd/pk11util/pk11util.h b/security/nss/cmd/pk11util/pk11util.h deleted file mode 100644 index 7fbc010ae..000000000 --- a/security/nss/cmd/pk11util/pk11util.h +++ /dev/null @@ -1,144 +0,0 @@ - -/* - * Supported functions.. - */ -#include <pkcs11.h> -#include "nspr.h" -#include "prtypes.h" - -typedef enum { - F_No_Function, -#undef CK_NEED_ARG_LIST -#define CK_PKCS11_FUNCTION_INFO(func) F_##func, -#include "pkcs11f.h" -#undef CK_NEED_ARG_LISt -#undef CK_PKCS11_FUNCTION_INFO - F_SetVar, - F_NewArray, - F_NewTemplate, - F_NewMechanism, - F_BuildTemplate, - F_SetTemplate, - F_Print, - F_SaveVar, - F_RestoreVar, - F_Delete, - F_List, - F_Run, - F_Load, - F_Unload, - F_System, - F_Quit, -} FunctionType; - -/* - * Supported Argument Types - */ -typedef enum { - ArgNone, - ArgVar, - ArgULong, - ArgChar, - ArgUTF8, - ArgInfo, - ArgSlotInfo, - ArgTokenInfo, - ArgSessionInfo, - ArgAttribute, - ArgMechanism, - ArgMechanismInfo, - ArgInitializeArgs, - ArgFunctionList, -/* Modifier Flags */ - ArgMask = 0xff, - ArgOut = 0x100, - ArgArray = 0x200, - ArgNew = 0x400, - ArgFile = 0x800, -} ArgType; - -typedef enum _constType -{ - ConstNone, - ConstBool, - ConstInfoFlags, - ConstSlotFlags, - ConstTokenFlags, - ConstSessionFlags, - ConstMechanismFlags, - ConstInitializeFlags, - ConstUsers, - ConstSessionState, - ConstObject, - ConstHardware, - ConstKeyType, - ConstCertType, - ConstAttribute, - ConstMechanism, - ConstResult, - ConstTrust -} ConstType; - -typedef struct _constant { - const char *name; - CK_ULONG value; - ConstType type; - ConstType attrType; -} Constant ; - -/* - * Values structures. - */ -typedef struct _values { - ArgType type; - ConstType constType; - int size; - char *filename; - void *data; - int reference; - int arraySize; -} Value; - -/* - * Variables - */ -typedef struct _variable Variable; -struct _variable { - Variable *next; - char *vname; - Value *value; -}; - -/* NOTE: if you change MAX_ARGS, you need to change the commands array - * below as well. - */ - -#define MAX_ARGS 10 -/* - * structure for master command array - */ -typedef struct _commands { - char *fname; - FunctionType fType; - ArgType args[MAX_ARGS]; -} Commands; - -typedef struct _module { - PRLibrary *library; - CK_FUNCTION_LIST *functionList; -} Module; - - -/* - * the command array itself. Make name to function and it's arguments - */ - -extern const char **valueString; -extern const int valueCount; -extern const char **constTypeString; -extern const int constTypeCount; -extern const Constant *consts; -extern const int constCount; -extern const Commands *commands; -extern const int commandCount; - diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk index a160c3176..68ee0ffab 100644 --- a/security/nss/cmd/platlibs.mk +++ b/security/nss/cmd/platlibs.mk @@ -194,6 +194,17 @@ endif endif endif +ifeq ($(OS_ARCH), SunOS) +EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib' +ifeq ($(BUILD_SUN_PKG), 1) +ifeq ($(USE_64), 1) +EXTRA_SHARED_LIBS += -R '/usr/lib/mps/secv1/sparcv9' +else +EXTRA_SHARED_LIBS += -R '/usr/lib/mps/secv1' +endif +endif +endif + ifeq ($(OS_ARCH), Darwin) EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib endif diff --git a/security/nss/cmd/symkeyutil/symkeyutil.c b/security/nss/cmd/symkeyutil/symkeyutil.c index f1f3d1c41..05df00a0c 100644 --- a/security/nss/cmd/symkeyutil/symkeyutil.c +++ b/security/nss/cmd/symkeyutil/symkeyutil.c @@ -54,20 +54,9 @@ #include <stdio.h> #include <string.h> -#if defined(WIN32) -#include "io.h" -#endif - #include "secutil.h" -#if defined(XP_UNIX) -#include <unistd.h> -#endif - #include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" #include "pk11func.h" #include "secasn1.h" @@ -76,9 +65,6 @@ #include "secoid.h" #include "certdb.h" #include "nss.h" -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> typedef struct _KeyTypes { CK_KEY_TYPE keyType; @@ -119,35 +105,31 @@ static KeyTypes keyArray[] = { static int keyArraySize = sizeof(keyArray)/sizeof(keyArray[0]); int -GetLen(int fd) +GetLen(PRFileDesc* fd) { - struct stat buf; - int ret; + PRFileInfo info; - ret = fstat(fd,&buf); - if (ret < 0) return ret; + if (PR_SUCCESS != PR_GetOpenFileInfo(fd, &info)) { + return -1; + } - return buf.st_size; + return info.size; } -#ifndef O_BINARY -#define O_BINARY 0 -#endif - int ReadBuf(char *inFile, SECItem *item) { int len; int ret; - int fd = open(inFile, O_RDONLY|O_BINARY); - if (fd < 0) { - perror(inFile); + PRFileDesc* fd = PR_Open(inFile, PR_RDONLY, 0); + if (NULL == fd) { + SECU_PrintError("symkeyutil", "PR_Open failed"); return -1; } len = GetLen(fd); if (len < 0) { - perror(inFile); + SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed"); return -1; } item->data = (unsigned char *)PORT_Alloc(len); @@ -156,14 +138,14 @@ ReadBuf(char *inFile, SECItem *item) return -1; } - ret = read(fd,item->data,item->len); + ret = PR_Read(fd,item->data,item->len); if (ret < 0) { + SECU_PrintError("symkeyutil", "PR_Read failed"); PORT_Free(item->data); item->data = NULL; - perror(inFile); return -1; } - close(fd); + PR_Close(fd); item->len = len; return 0; } @@ -172,18 +154,18 @@ int WriteBuf(char *inFile, SECItem *item) { int ret; - int fd = open(inFile, O_WRONLY|O_CREAT|O_BINARY); - if (fd < 0) { - perror(inFile); + PRFileDesc* fd = PR_Open(inFile, PR_WRONLY|PR_CREATE_FILE, 0x200); + if (NULL == fd) { + SECU_PrintError("symkeyutil", "PR_Open failed"); return -1; } - ret = write(fd,item->data,item->len); + ret = PR_Write(fd,item->data,item->len); if (ret < 0) { - perror(inFile); + SECU_PrintError("symkeyutil", "PR_Write failed"); return -1; } - close(fd); + PR_Close(fd); return 0; } @@ -1012,7 +994,7 @@ main(int argc, char **argv) goto shutdown; } - /* WriteBuf outputs it's own error using Perror */ + /* WriteBuf outputs it's own error using SECU_PrintError */ ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data); if (ret < 0) { goto shutdown; diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index 916f09cbe..1743bbb7a 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -695,11 +695,20 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava) } /* Check value length */ - if (avaValue->len > maxLen) { - if (unknownTag) PR_smprintf_free(unknownTag); - SECITEM_FreeItem(avaValue, PR_TRUE); - PORT_SetError(SEC_ERROR_INVALID_AVA); - return SECFailure; + if (avaValue->len > maxLen + 3) { /* must be room for "..." */ + /* avaValue is a UTF8 string, freshly allocated and returned to us + ** by CERT_DecodeAVAValue just above, so we can modify it here. + ** See if we're in the middle of a multi-byte UTF8 character. + */ + while (((avaValue->data[maxLen] & 0xc0) == 0x80) && maxLen > 0) { + maxLen--; + } + /* add elipsis to signify truncation. */ + avaValue->data[maxLen++] = '.'; + avaValue->data[maxLen++] = '.'; + avaValue->data[maxLen++] = '.'; + avaValue->data[maxLen] = 0; + avaValue->len = maxLen; } len = PORT_Strlen(tagName); @@ -720,7 +729,7 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava) PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { - PORT_Strcpy(tmpBuf+len, (char *)avaValue->data); + PORT_Strncpy(tmpBuf+len, (char *)avaValue->data, avaValue->len + 1); rv = SECSuccess; } } else diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 84039ea99..d9cd18449 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -986,6 +986,10 @@ CERT_CheckCertValidTimes(CERTCertificate *c, PRTime t, PRBool allowOverride) PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; + if (!c) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return(secCertTimeUndetermined); + } /* if cert is already marked OK, then don't bother to check */ if ( allowOverride && c->timeOK ) { return(secCertTimeValid); @@ -1136,6 +1140,7 @@ CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA; break; case certUsageAnyCA: + case certUsageVerifyCA: case certUsageStatusResponder: requiredKeyUsage = KU_KEY_CERT_SIGN; requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA | @@ -1336,20 +1341,7 @@ CERT_AddOKDomainName(CERTCertificate *cert, const char *hn) static SECStatus cert_TestHostName(char * cn, const char * hn) { - char * hndomain; - int regvalid; - - if ((hndomain = PORT_Strchr(hn, '.')) == NULL) { - /* No domain in URI host name */ - char * cndomain; - if ((cndomain = PORT_Strchr(cn, '.')) != NULL && - (cndomain - cn) > 0) { - /* there is a domain in the cn string, so chop it off */ - *cndomain = '\0'; - } - } - - regvalid = PORT_RegExpValid(cn); + int regvalid = PORT_RegExpValid(cn); if (regvalid != NON_SXP) { SECStatus rv; /* cn is a regular expression, try to match the shexp */ @@ -1370,13 +1362,6 @@ cert_TestHostName(char * cn, const char * hn) return SECSuccess; } - if ( hndomain ) { - /* compare just domain name with cert name */ - if ( PORT_Strcasecmp(hndomain+1, cn) == 0 ) { - return SECSuccess; - } - } - PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN); return SECFailure; } @@ -2317,7 +2302,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return (fcerts ? SECSuccess : SECFailure); + return ((fcerts || !ncerts) ? SECSuccess : SECFailure); } /* diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index e502bfdda..4eb678bda 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -512,7 +512,9 @@ typedef enum CERTCertOwnerEnum { typedef enum SECCertTimeValidityEnum { secCertTimeValid = 0, secCertTimeExpired = 1, - secCertTimeNotValidYet = 2 + secCertTimeNotValidYet = 2, + secCertTimeUndetermined = 3 /* validity could not be decoded from the + cert, most likely because it was NULL */ } SECCertTimeValidity; /* diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 18957509c..e9cc41ebd 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -75,9 +75,11 @@ const SEC_ASN1Template CERT_NameConstraintSubtreeExcludedTemplate[] = { static const SEC_ASN1Template CERTNameConstraintsTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraints) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CERTNameConstraints, DERPermited), CERT_NameConstraintSubtreeSubTemplate}, + offsetof(CERTNameConstraints, DERPermited), + CERT_NameConstraintSubtreeSubTemplate}, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, - offsetof(CERTNameConstraints, DERExcluded), CERT_NameConstraintSubtreeSubTemplate}, + offsetof(CERTNameConstraints, DERExcluded), + CERT_NameConstraintSubtreeSubTemplate}, { 0, } }; @@ -92,7 +94,7 @@ static const SEC_ASN1Template CERTOthNameTemplate[] = { }; static const SEC_ASN1Template CERTOtherNameTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 0 , + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0 , offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate, sizeof(CERTGeneralName) } }; @@ -120,7 +122,7 @@ static const SEC_ASN1Template CERT_DNSNameTemplate[] = { }; static const SEC_ASN1Template CERT_X400AddressTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 3, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 3, offsetof(CERTGeneralName, name.other), SEC_AnyTemplate, sizeof (CERTGeneralName)} }; @@ -133,7 +135,7 @@ static const SEC_ASN1Template CERT_DirectoryNameTemplate[] = { static const SEC_ASN1Template CERT_EDIPartyNameTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 5, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 5, offsetof(CERTGeneralName, name.other), SEC_AnyTemplate, sizeof (CERTGeneralName)} }; diff --git a/security/nss/lib/certdb/polcyxtn.c b/security/nss/lib/certdb/polcyxtn.c index 507505256..b41e10690 100644 --- a/security/nss/lib/certdb/polcyxtn.c +++ b/security/nss/lib/certdb/polcyxtn.c @@ -178,7 +178,7 @@ CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue) policyInfo = *policyInfos; policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); policyQualifiers = policyInfo->policyQualifiers; - while ( *policyQualifiers != NULL ) { + while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { policyQualifier = *policyQualifiers; policyQualifier->oid = SECOID_FindOIDTag(&policyQualifier->qualifierID); @@ -416,7 +416,7 @@ CERT_GetCertCommentString(CERTCertificate *cert) if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) { policyQualifiers = (*policyInfos)->policyQualifiers; /* search through the policy qualifiers looking for user notice */ - while ( *policyQualifiers != NULL ) { + while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { qualifier = *policyQualifiers; if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) { retstring = diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 3ace0076e..4bada1b40 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -665,10 +665,10 @@ cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert, unsigned int requiredFlags; PRArenaPool *arena = NULL; CERTGeneralName *namesList = NULL; - CERTGeneralName *subjectNameList = NULL; CERTCertificate **certsList = NULL; int certsListLen = 16; int namesCount = 0; + PRBool subjectCertIsSelfIssued; cbd_FortezzaType last_type = cbd_None; @@ -743,32 +743,42 @@ cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert, if (certsList == NULL) goto loser; + /* RFC 3280 says that the name constraints will apply to the names + ** in the leaf (EE) cert, whether it is self issued or not, so + ** we pretend that it is not. + */ + subjectCertIsSelfIssued = PR_FALSE; for ( count = 0; count < CERT_MAX_CERT_CHAIN; count++ ) { - int subjectNameListLen; - int i; PRBool validCAOverride = PR_FALSE; /* Construct a list of names for the current and all previous - * certifcates to be verified against the name constraints extension - * of the issuer certificate. + * certifcates (except leaf (EE) certs, root CAs, and self-issued + * intermediate CAs) to be verified against the name constraints + * extension of the issuer certificate. */ - subjectNameList = CERT_GetCertificateNames(subjectCert, arena); - subjectNameListLen = CERT_GetNamesLength(subjectNameList); - if (certsListLen <= namesCount + subjectNameListLen) { - certsListLen = (namesCount + subjectNameListLen) * 2; - certsList = - (CERTCertificate **)PORT_Realloc(certsList, - certsListLen * sizeof(CERTCertificate *)); - if (certsList == NULL) { - goto loser; + if (subjectCertIsSelfIssued == PR_FALSE) { + CERTGeneralName *subjectNameList; + int subjectNameListLen; + int i; + subjectNameList = CERT_GetCertificateNames(subjectCert, arena); + subjectNameListLen = CERT_GetNamesLength(subjectNameList); + if (certsListLen <= namesCount + subjectNameListLen) { + CERTCertificate **tmpCertsList; + certsListLen = (namesCount + subjectNameListLen) * 2; + tmpCertsList = + (CERTCertificate **)PORT_Realloc(certsList, + certsListLen * sizeof(CERTCertificate *)); + if (tmpCertsList == NULL) { + goto loser; + } + certsList = tmpCertsList; } + for (i = 0; i < subjectNameListLen; i++) { + certsList[namesCount + i] = subjectCert; + } + namesCount += subjectNameListLen; + namesList = cert_CombineNamesLists(namesList, subjectNameList); } - for (i = 0; i < subjectNameListLen; i++) { - certsList[namesCount + i] = subjectCert; - } - namesCount += subjectNameListLen; - namesList = cert_CombineNamesLists(namesList, subjectNameList); - /* find the certificate of the issuer */ issuerCert = CERT_FindCertIssuer(subjectCert, t, certUsage); if ( ! issuerCert ) { @@ -951,9 +961,15 @@ cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert, LOG_ERROR(log, issuerCert, count+1, 0); goto loser; } - if (issuerCert->derIssuer.len == 0 || - !SECITEM_ItemsAreEqual(&issuerCert->derIssuer, - &issuerCert->derSubject)) { + /* The issuer cert will be the subject cert in the next loop. + * A cert is self-issued if its subject and issuer are equal and + * both are of non-zero length. + */ + subjectCertIsSelfIssued = (PRBool) + SECITEM_ItemsAreEqual(&issuerCert->derIssuer, + &issuerCert->derSubject) && + issuerCert->derSubject.len > 0; + if (subjectCertIsSelfIssued == PR_FALSE) { /* RFC 3280 says only non-self-issued intermediate CA certs * count in path length. */ @@ -1867,7 +1883,7 @@ CERT_GetCertNicknameWithValidity(PRArenaPool *arena, CERTCertificate *cert, char *expiredString, char *notYetGoodString) { SECCertTimeValidity validity; - char *nickname, *tmpstr; + char *nickname = NULL, *tmpstr = NULL; validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE); @@ -1890,11 +1906,16 @@ CERT_GetCertNicknameWithValidity(PRArenaPool *arena, CERTCertificate *cert, if ( validity == secCertTimeExpired ) { tmpstr = PR_smprintf("%s%s", cert->nickname, expiredString); - } else { + } else if ( validity == secCertTimeNotValidYet ) { /* not yet valid */ tmpstr = PR_smprintf("%s%s", cert->nickname, notYetGoodString); - } + } else { + /* undetermined */ + tmpstr = PR_smprintf("%s", + "(NULL) (Validity Unknown)"); + } + if ( tmpstr == NULL ) { goto loser; } diff --git a/security/nss/lib/ckfw/builtins/config.mk b/security/nss/lib/ckfw/builtins/config.mk index f4d64b0f0..10146cab3 100644 --- a/security/nss/lib/ckfw/builtins/config.mk +++ b/security/nss/lib/ckfw/builtins/config.mk @@ -56,3 +56,10 @@ endif ifeq ($(OS_TARGET),Darwin) DSO_LDOPTS = -bundle endif + +ifeq ($(OS_TARGET),SunOS) +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. +MKSHLIB += -R '$$ORIGIN' +endif + diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index d1b3f6a05..b9cebc80a 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -514,10 +514,12 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count) (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) && (tag != SEC_OID_SDN702_DSA_SIGNATURE) && (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY) ) { - return SECFailure; + rv = SECFailure; + goto loser; } } else { - return SECFailure; /* return failure if oid is NULL */ + rv = SECFailure; /* return failure if oid is NULL */ + goto loser; } @@ -526,7 +528,10 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count) * pqg parameters with a recursive call to this same function. */ rv = seckey_UpdateCertPQGChain(issuerCert, count); - if (rv != SECSuccess) return rv; + if (rv != SECSuccess) { + rv = SECFailure; + goto loser; + } /* ensure issuer has pqg parameters */ @@ -544,6 +549,10 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count) &issuerSpki->algorithm.parameters); } +loser: + if (issuerCert) { + CERT_DestroyCertificate(issuerCert); + } return rv; } diff --git a/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile b/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile index 44e50063b..cc57d8c5f 100644 --- a/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile +++ b/security/nss/lib/fortcrypt/swfort/pkcs11/Makefile @@ -63,7 +63,7 @@ EXTRA_LIBS = \ -lplc4 \ -lplds4 \ -lnspr4 \ - -lws2_32 \ + -lwsock32 \ -lwinmm \ $(NULL) else # ! NS_USE_GCC diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index eb6e33d78..365cf882e 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -179,26 +179,28 @@ endif # Note: -xarch=v8 or v9 is now done in coreconf ifeq ($(OS_TARGET),SunOS) + +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. +MKSHLIB += -R '$$ORIGIN' + ifeq ($(CPU_ARCH),sparc) ifndef NS_USE_GCC ifdef USE_HYBRID OS_CFLAGS += -xchip=ultra2 -endif -endif -ifeq (5.5.1,$(firstword $(sort 5.5.1 $(OS_RELEASE)))) - SYSV_SPARC = 1 -endif -ifeq ($(SYSV_SPARC),1) +endif # USE_HYBRID +endif # NS_USE_GCC +SYSV_SPARC=1 SOLARIS_AS = /usr/ccs/bin/as ifdef NS_USE_GCC ifdef GCC_USE_GNU_LD MKSHLIB += -Wl,-Bsymbolic,-z,defs,-z,now,-z,text,--version-script,mapfile.Solaris else MKSHLIB += -Wl,-B,symbolic,-z,defs,-z,now,-z,text,-M,mapfile.Solaris -endif +endif # GCC_USE_GNU_LD else MKSHLIB += -B symbolic -z defs -z now -z text -M mapfile.Solaris -endif +endif # NS_USE_GCC ifdef USE_PURE_32 # this builds for Sparc v8 pure 32-bit architecture DEFINES += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD @@ -222,14 +224,13 @@ else DEFINES += -DMP_USE_UINT_DIGIT SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC # ASM_SUFFIX = .S -endif -endif +endif # USE_64 +endif # USE_PURE_32 ifdef NSS_ENABLE_ECC DEFINES += -DECL_USE_FP ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c ECL_HDRS += ecp_fp.h -endif -endif +endif # NSS_ENABLE_ECC else # Solaris x86 DEFINES += -D_X86_ diff --git a/security/nss/lib/freebl/sparcfix.c b/security/nss/lib/freebl/sparcfix.c deleted file mode 100644 index 6ebc41cf0..000000000 --- a/security/nss/lib/freebl/sparcfix.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is a program to modify v8+vis objects for linking. - * - * The Initial Developer of the Original Code is Sun Microsystems Inc. - * Portions created by Sun Microsystems Inc. are - * Copyright (C) 1999-2000 Sun Microsystems Inc. All Rights Reserved. - * - * Contributor(s): - * Netscape Communications Corporation - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - * $Id$ - */ -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#if defined(SOLARIS2_6) || defined(SOLARIS2_7) || defined(SOLARIS2_8) -#define NEW_SYSV_SPARC 1 -#include <gelf.h> -#endif -#include <libelf.h> -#include <sys/elf_SPARC.h> - -int -main(int argc, char *argv[]) -{ - Elf * elf; - off_t size; - int fd; - int count; -#if defined(NEW_SYSV_SPARC) - GElf_Ehdr hdr; - GElf_Ehdr *ehdr = &hdr; -#else - Elf32_Ehdr *ehdr; -#endif - - - elf_version(EV_CURRENT); - fd = open(argv[1], O_RDWR); - if (fd < 0) - goto loser; - elf = elf_begin(fd, ELF_C_RDWR, (Elf *)0); - if (!elf) - goto loser; - -#if defined(NEW_SYSV_SPARC) - gelf_getehdr(elf, ehdr); -#else - ehdr = elf32_getehdr(elf); - if (!ehdr) - goto loser; -#endif - - if (ehdr->e_machine == EM_SPARC32PLUS) { - ehdr->e_machine = EM_SPARC; - ehdr->e_flags &= ~(EF_SPARC_32PLUS | EF_SPARC_SUN_US1); -#if defined(NEW_SYSV_SPARC) - count = gelf_update_ehdr(elf, ehdr); - if (count < 0) - goto loser; -#endif - size = elf_update(elf, ELF_C_WRITE); - if (size < 0) - goto loser; - } - - do { - count = elf_end(elf); - } while (count > 0); - return count; - -loser: - return 1; -} diff --git a/security/nss/lib/nss/config.mk b/security/nss/lib/nss/config.mk index 4ca5480f3..5a82f1696 100644 --- a/security/nss/lib/nss/config.mk +++ b/security/nss/lib/nss/config.mk @@ -103,8 +103,8 @@ SHARED_LIBRARY_DIRS = \ ifeq ($(OS_TARGET),SunOS) -# The -R '$ORIGIN' linker option instructs libnss3.so to search for its -# dependencies (libsoftokn3.so) in the same directory where it resides. +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. MKSHLIB += -R '$$ORIGIN' endif diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 40e959697..ab6388f4c 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -783,3 +783,17 @@ SEC_DupCrl; ;+ local: ;+ *; ;+}; +;+NSS_3.9.2 { # NSS 3.9.2 release +;+ global: +NSS_IsInitialized; +PK11_DestroyGenericObject; +PK11_DestroyGenericObjects; +PK11_FindGenericObjects; +PK11_GetNextGenericObject; +PK11_GetPrevGenericObject; +PK11_LinkGenericObject; +PK11_ReadRawAttribute; +PK11_UnlinkGenericObject; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 70425272f..9df5425a4 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -49,11 +49,11 @@ SEC_BEGIN_PROTOS * The format of the version string should be * "<major version>.<minor version>[.<patch level>] [<Beta>]" */ -#define NSS_VERSION "3.10 Beta" +#define NSS_VERSION "3.9.2" #define NSS_VMAJOR 3 -#define NSS_VMINOR 10 -#define NSS_VPATCH 0 -#define NSS_BETA PR_TRUE +#define NSS_VMINOR 9 +#define NSS_VPATCH 2 +#define NSS_BETA PR_FALSE /* diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index dce2bed09..9468d456b 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -568,6 +568,11 @@ NSS_Shutdown(void) extern const char __nss_base_rcsid[]; +PRBool +NSS_IsInitialized(void) +{ + return nss_IsInitted; +} extern const char __nss_base_sccsid[]; PRBool diff --git a/security/nss/lib/pk11wrap/debug_module.c b/security/nss/lib/pk11wrap/debug_module.c index 34cd54384..62542756d 100644 --- a/security/nss/lib/pk11wrap/debug_module.c +++ b/security/nss/lib/pk11wrap/debug_module.c @@ -149,11 +149,11 @@ static void get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len) } } -static void get_obj_class(CK_OBJECT_CLASS class, char *str, int len) +static void get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len) { #define SETO(objc) \ PR_snprintf(str, len, "%s", objc); break; - switch (class) { + switch (objClass) { #ifndef AIX_64BIT case CKO_DATA: SETO("CKO_DATA"); case CKO_CERTIFICATE: SETO("CKO_CERTIFICATE"); @@ -167,7 +167,7 @@ static void get_obj_class(CK_OBJECT_CLASS class, char *str, int len) case CKO_NETSCAPE_TRUST: SETO("CKO_NETSCAPE_TRUST"); case CKO_NETSCAPE_BUILTIN_ROOT_LIST: SETO("CKO_NETSCAPE_BUILTIN_ROOT_LIST"); #endif - default: PR_snprintf(str, len, "0x%p", class); break; + default: PR_snprintf(str, len, "0x%p", objClass); break; } } @@ -223,8 +223,8 @@ static void print_attr_value(CK_ATTRIBUTE_PTR attr) } case CKA_CLASS: if (attr->ulValueLen > 0 && attr->pValue) { - CK_OBJECT_CLASS class = *((CK_OBJECT_CLASS *)attr->pValue); - get_obj_class(class, valstr, sizeof valstr); + CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue); + get_obj_class(objClass, valstr, sizeof valstr); PR_LOG(modlog, 4, (" %s = %s [%d]", atype, valstr, attr->ulValueLen)); break; diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index a100caca3..163e0eb62 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -327,7 +327,7 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, if (cert == NULL) return PR_FALSE; theClass = CKO_PRIVATE_KEY; - if (!PK11_IsLoggedIn(slot,NULL) && PK11_NeedLogin(slot)) { + if (pk11_LoginStillRequired(slot,NULL)) { theClass = CKO_PUBLIC_KEY; } if (PK11_MatchItem(slot, certID , theClass) != CK_INVALID_HANDLE) { @@ -991,6 +991,21 @@ typedef struct pk11CertCallbackStr { void *callbackArg; } pk11CertCallback; + +/* + * Authenticate to "unfriendly" tokens (tokens which need to be logged + * in to find the certs. + */ +static SECStatus +pk11_AuthenticateUnfriendly(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) +{ + SECStatus rv = SECSuccess; + if (!PK11_IsFriendly(slot)) { + rv = PK11_Authenticate(slot, loadCerts, wincx); + } + return rv; +} + /* * Extract all the certs on a card from a slot. */ @@ -1007,9 +1022,9 @@ pk11_TraverseAllSlots( SECStatus (*callback)(PK11SlotInfo *,void *), /* look at each slot and authenticate as necessary */ for (le = list->head ; le; le = le->next) { - if (!PK11_IsFriendly(le->slot)) { - rv = PK11_Authenticate(le->slot, PR_FALSE, wincx); - if (rv != SECSuccess) continue; + rv = pk11_AuthenticateUnfriendly(le->slot, PR_FALSE, wincx); + if (rv != SECSuccess) { + continue; } if (callback) { (*callback)(le->slot,arg); @@ -1186,13 +1201,11 @@ PK11_FindObjectsFromNickname(char *nickname,PK11SlotInfo **slotptr, return CK_INVALID_HANDLE; } - if (!PK11_IsFriendly(slot)) { - rv = PK11_Authenticate(slot, PR_TRUE, wincx); - if (rv != SECSuccess) { - PK11_FreeSlot(slot); - *slotptr = NULL; - return CK_INVALID_HANDLE; - } + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + PK11_FreeSlot(slot); + *slotptr = NULL; + return CK_INVALID_HANDLE; } findTemplate[0].pValue = nickname; @@ -1272,11 +1285,13 @@ PK11_FindCertFromNickname(char *nickname, void *wincx) NSSCertificate **certs = NULL; NSSUsage usage; NSSToken *token; + NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain(); PK11SlotInfo *slot = NULL; + SECStatus rv; char *nickCopy; char *delimit = NULL; char *tokenName; - NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain(); + usage.anyUsage = PR_TRUE; nickCopy = PORT_Strdup(nickname); if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { @@ -1301,10 +1316,9 @@ PK11_FindCertFromNickname(char *nickname, void *wincx) if (!PK11_IsPresent(slot)) { goto loser; } - if (!PK11_IsFriendly(slot)) { - if (PK11_Authenticate(slot, PR_TRUE, wincx) != SECSuccess) { - goto loser; - } + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + goto loser; } collection = nssCertificateCollection_Create(defaultTD, NULL); if (!collection) { @@ -1413,6 +1427,8 @@ PK11_FindCertsFromNickname(char *nickname, void *wincx) { NSSCertificate *c; NSSToken *token; PK11SlotInfo *slot; + SECStatus rv; + nickCopy = PORT_Strdup(nickname); if ((delimit = PORT_Strchr(nickCopy,':')) != NULL) { tokenName = nickCopy; @@ -1435,12 +1451,11 @@ PK11_FindCertsFromNickname(char *nickname, void *wincx) { nssList *nameList; nssCryptokiObject **instances; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - if (!PK11_IsFriendly(slot)) { - if (PK11_Authenticate(slot, PR_TRUE, wincx) != SECSuccess) { - PK11_FreeSlot(slot); - if (nickCopy) PORT_Free(nickCopy); - return NULL; - } + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + PK11_FreeSlot(slot); + if (nickCopy) PORT_Free(nickCopy); + return NULL; } collection = nssCertificateCollection_Create(defaultTD, NULL); if (!collection) { @@ -1909,7 +1924,7 @@ PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot, CERTCertificate *cert, /* * issue the find */ - rv = PK11_Authenticate(slot, PR_TRUE, wincx); + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); if (rv != SECSuccess) { return NULL; } @@ -1919,7 +1934,19 @@ PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot, CERTCertificate *cert, return NULL; } keyh = PK11_MatchItem(slot,certh,CKO_PRIVATE_KEY); - if (keyh == CK_INVALID_HANDLE) { return NULL; } + if ((keyh == CK_INVALID_HANDLE) && + (PORT_GetError() == SSL_ERROR_NO_CERTIFICATE) && + pk11_LoginStillRequired(slot, wincx)) { + /* try it again authenticated */ + rv = PK11_Authenticate(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + return NULL; + } + keyh = PK11_MatchItem(slot,certh,CKO_PRIVATE_KEY); + } + if (keyh == CK_INVALID_HANDLE) { + return NULL; + } return PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyh, wincx); } @@ -1969,10 +1996,15 @@ PK11_KeyForCertExists(CERTCertificate *cert, CK_OBJECT_HANDLE *keyPtr, /* Look for the slot that holds the Key */ for (le = list->head ; le; le = le->next) { - rv = PK11_Authenticate(le->slot, PR_TRUE, wincx); - if (rv != SECSuccess) continue; - key = pk11_FindPrivateKeyFromCertID(le->slot,keyID); + if ((key == CK_INVALID_HANDLE) && + (PORT_GetError() == SSL_ERROR_NO_CERTIFICATE) && + pk11_LoginStillRequired(le->slot,wincx)) { + /* authenticate and try again */ + rv = PK11_Authenticate(le->slot, PR_TRUE, wincx); + if (rv != SECSuccess) continue; + key = pk11_FindPrivateKeyFromCertID(le->slot,keyID); + } if (key != CK_INVALID_HANDLE) { slot = PK11_ReferenceSlot(le->slot); if (keyPtr) *keyPtr = key; @@ -2060,10 +2092,8 @@ pk11_FindCertObjectByTemplate(PK11SlotInfo **slotPtr, /* Look for the slot that holds the Key */ for (le = list->head ; le; le = le->next) { - if (!PK11_IsFriendly(le->slot)) { - rv = PK11_Authenticate(le->slot, PR_TRUE, wincx); - if (rv != SECSuccess) continue; - } + rv = pk11_AuthenticateUnfriendly(le->slot, PR_TRUE, wincx); + if (rv != SECSuccess) continue; certHandle = pk11_FindObjectByTemplate(le->slot,searchTemplate,count); if (certHandle != CK_INVALID_HANDLE) { @@ -2224,10 +2254,8 @@ pk11_AllFindCertObjectByRecipientNew(NSSCMSRecipient **recipientlist, void *winc /* Look for the slot that holds the Key */ for (le = list->head ; le; le = le->next) { - if ( !PK11_IsFriendly(le->slot)) { - rv = PK11_Authenticate(le->slot, PR_TRUE, wincx); - if (rv != SECSuccess) continue; - } + rv = pk11_AuthenticateUnfriendly(le->slot, PR_TRUE, wincx); + if (rv != SECSuccess) continue; cert = pk11_FindCertObjectByRecipientNew(le->slot, recipientlist, rlIndex, wincx); @@ -2299,10 +2327,8 @@ pk11_AllFindCertObjectByRecipient(PK11SlotInfo **slotPtr, /* Look for the slot that holds the Key */ for (le = list->head ; le; le = le->next) { - if ( !PK11_IsFriendly(le->slot)) { - rv = PK11_Authenticate(le->slot, PR_TRUE, wincx); - if (rv != SECSuccess) continue; - } + rv = pk11_AuthenticateUnfriendly(le->slot, PR_TRUE, wincx); + if (rv != SECSuccess) continue; cert = pk11_FindCertObjectByRecipient(le->slot, recipientArray, rip, wincx); @@ -2344,11 +2370,6 @@ PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slotPtr, return NULL; } - rv = PK11_Authenticate(*slotPtr,PR_TRUE,wincx); - if (rv != SECSuccess) { - goto loser; - } - *privKey = PK11_FindKeyByAnyCert(cert, wincx); if (*privKey == NULL) { goto loser; @@ -2416,11 +2437,6 @@ PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist, void *win /* at this point, rl->slot is set */ - /* authenticate to the token */ - if (PK11_Authenticate(rl->slot, PR_TRUE, wincx) != SECSuccess) { - goto loser; - } - rl->privkey = PK11_FindKeyByAnyCert(cert, wincx); if (rl->privkey == NULL) { goto loser; @@ -2556,25 +2572,32 @@ PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx) CK_OBJECT_HANDLE certHandle; CK_OBJECT_HANDLE keyHandle; PK11SlotInfo *slot = NULL; - SECKEYPrivateKey *privKey; + SECKEYPrivateKey *privKey = NULL; SECStatus rv; certHandle = PK11_FindObjectForCert(cert, wincx, &slot); if (certHandle == CK_INVALID_HANDLE) { return NULL; } - rv = PK11_Authenticate(slot, PR_TRUE, wincx); - if (rv != SECSuccess) { - PK11_FreeSlot(slot); - return NULL; - } keyHandle = PK11_MatchItem(slot,certHandle,CKO_PRIVATE_KEY); - if (keyHandle == CK_INVALID_HANDLE) { - PK11_FreeSlot(slot); - return NULL; + if ((keyHandle == CK_INVALID_HANDLE) && + (PORT_GetError() == SSL_ERROR_NO_CERTIFICATE) && + pk11_LoginStillRequired(slot,wincx)) { + /* authenticate and try again */ + rv = PK11_Authenticate(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + goto loser; + } + keyHandle = PK11_MatchItem(slot,certHandle,CKO_PRIVATE_KEY); + if (keyHandle == CK_INVALID_HANDLE) { + goto loser; + } } privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx); - PK11_FreeSlot(slot); +loser: + if (slot) { + PK11_FreeSlot(slot); + } return privKey; } @@ -2961,13 +2984,15 @@ PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, SECItem *inDerCert, NSSDER derCert; NSSToken *tok; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); + SECStatus rv; + tok = PK11Slot_GetNSSToken(slot); + NSSITEM_FROM_SECITEM(&derCert, inDerCert); - if (!PK11_IsFriendly(slot)) { - if (PK11_Authenticate(slot, PR_TRUE, wincx) != SECSuccess) { - PK11_FreeSlot(slot); - return NULL; - } + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + PK11_FreeSlot(slot); + return NULL; } c = NSSTrustDomain_FindCertificateByEncodedCertificate(td, &derCert); if (c) { @@ -3023,10 +3048,8 @@ PK11_FindCertFromDERSubjectAndNickname(PK11SlotInfo *slot, /* * issue the find */ - if ( !PK11_IsFriendly(slot)) { - rv = PK11_Authenticate(slot, PR_TRUE, wincx); - if (rv != SECSuccess) return NULL; - } + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); + if (rv != SECSuccess) return NULL; certh = pk11_getcerthandle(slot,cert,theTemplate,tsize); if (certh == CK_INVALID_HANDLE) { @@ -3057,12 +3080,15 @@ pk11_findKeyObjectByDERCert(PK11SlotInfo *slot, CERTCertificate *cert, return CK_INVALID_HANDLE; } - key = CK_INVALID_HANDLE; - - rv = PK11_Authenticate(slot, PR_TRUE, wincx); - if (rv != SECSuccess) goto loser; - key = pk11_FindPrivateKeyFromCertID(slot, keyID); + if ((key == CK_INVALID_HANDLE) && + (PORT_GetError() == SSL_ERROR_NO_CERTIFICATE) && + pk11_LoginStillRequired(slot,wincx)) { + /* authenticate and try again */ + rv = PK11_Authenticate(slot, PR_TRUE, wincx); + if (rv != SECSuccess) goto loser; + key = pk11_FindPrivateKeyFromCertID(slot, keyID); + } loser: SECITEM_ZfreeItem(keyID, PR_TRUE); @@ -3252,7 +3278,7 @@ PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert, void *wincx) /* * issue the find */ - rv = PK11_Authenticate(slot, PR_TRUE, wincx); + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); if (rv != SECSuccess) { return CK_INVALID_HANDLE; } @@ -3277,7 +3303,6 @@ PK11_GetKeyIDFromCert(CERTCertificate *cert, void *wincx) goto loser; } - crv = PK11_GetAttributes(NULL,slot,handle,theTemplate,tsize); if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); @@ -3290,7 +3315,6 @@ PK11_GetKeyIDFromCert(CERTCertificate *cert, void *wincx) item->len = theTemplate[0].ulValueLen; } - loser: PK11_FreeSlot(slot); return item; @@ -3319,7 +3343,6 @@ PK11_GetKeyIDFromPrivateKey(SECKEYPrivateKey *key, void *wincx) item->len = theTemplate[0].ulValueLen; } - loser: return item; } @@ -3496,8 +3519,8 @@ PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot, if (slot) { PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data, cert->derCert.len); attrs++; - - rv = PK11_Authenticate(slot, PR_TRUE, wincx); + + rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx); if (rv != SECSuccess) { return NULL; } @@ -4166,6 +4189,7 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url, { CERTSignedCrl *newCrl, *crl; SECStatus rv; + CERTCertificate *caCert = NULL; newCrl = crl = NULL; @@ -4184,7 +4208,6 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url, } if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)){ - CERTCertificate *caCert; CERTCertDBHandle* handle = CERT_GetDefaultCertDB(); PR_ASSERT(handle != NULL); caCert = CERT_FindCertByName (handle, @@ -4220,5 +4243,8 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url, if (crl == NULL) { SEC_DestroyCrl (newCrl); } + if (caCert) { + CERT_DestroyCertificate(caCert); + } return (crl); } diff --git a/security/nss/lib/pk11wrap/pk11func.h b/security/nss/lib/pk11wrap/pk11func.h index ddd968d22..acf33f251 100644 --- a/security/nss/lib/pk11wrap/pk11func.h +++ b/security/nss/lib/pk11wrap/pk11func.h @@ -652,6 +652,21 @@ PK11DefaultArrayEntry * PK11_GetDefaultArray(int *); SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *, PK11DefaultArrayEntry *, PRBool ); +/********************************************************************** + * Functions to look at PKCS #11 dependent data + **********************************************************************/ +PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot, + CK_OBJECT_CLASS objClass); +PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object); +PK11GenericObject *PK11_GetPrevtGenericObject(PK11GenericObject *object); +SECStatus PK11_UnlinkGenericObject(PK11GenericObject *object); +SECStatus PK11_LinkGenericObject(PK11GenericObject *list, + PK11GenericObject *object); +SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object); +SECStatus PK11_DestroyGenericObject(PK11GenericObject *object); +SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object, + CK_ATTRIBUTE_TYPE attr, SECItem *item); + /********************************************************************** * New fucntions which are already depricated.... diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 7998c81e7..38e304294 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -1004,6 +1004,8 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, { PRArenaPool *arena; SECKEYPrivateKey *privKey; + PRBool isPrivate; + SECStatus rv; /* don't know? look it up */ if (keyType == nullKey) { @@ -1024,6 +1026,16 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType, } } + /* if the key is private, make sure we are authenticated to the + * token before we try to use it */ + isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE); + if (isPrivate) { + rv = PK11_Authenticate(slot, PR_TRUE, wincx); + if (rv != SECSuccess) { + return NULL; + } + } + /* now we need to create space for the private key */ arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE); if (arena == NULL) return NULL; @@ -3395,10 +3407,13 @@ PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize) { CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType); + PK11SlotInfo *slot = wrappingKey->pkcs11Slot; - PK11_HandlePasswordCheck(wrappingKey->pkcs11Slot,wrappingKey->wincx); + if (!PK11_HasAttributeSet(slot,wrappingKey->pkcs11ID,CKA_PRIVATE)) { + PK11_HandlePasswordCheck(slot,wrappingKey->wincx); + } - return pk11_AnyUnwrapKey(wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, + return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, wrapType, NULL, wrappedKey, target, operation, keySize, wrappingKey->wincx, NULL, 0, PR_FALSE); } @@ -3413,12 +3428,15 @@ PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey, CK_BBOOL ckTrue = CK_TRUE; CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS]; unsigned int templateCount; + PK11SlotInfo *slot = wrappingKey->pkcs11Slot; templateCount = pk11_FlagsToAttributes(flags, keyTemplate, &ckTrue); - PK11_HandlePasswordCheck(wrappingKey->pkcs11Slot,wrappingKey->wincx); + if (!PK11_HasAttributeSet(slot,wrappingKey->pkcs11ID,CKA_PRIVATE)) { + PK11_HandlePasswordCheck(slot,wrappingKey->wincx); + } - return pk11_AnyUnwrapKey(wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, + return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, wrapType, NULL, wrappedKey, target, operation, keySize, wrappingKey->wincx, keyTemplate, templateCount, PR_FALSE); } @@ -3434,6 +3452,7 @@ PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey, CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS]; CK_ATTRIBUTE *attrs; unsigned int templateCount; + PK11SlotInfo *slot = wrappingKey->pkcs11Slot; attrs = keyTemplate; if (isPerm) { @@ -3443,9 +3462,11 @@ PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey, templateCount += pk11_FlagsToAttributes(flags, attrs, &cktrue); - PK11_HandlePasswordCheck(wrappingKey->pkcs11Slot,wrappingKey->wincx); + if (!PK11_HasAttributeSet(slot,wrappingKey->pkcs11ID,CKA_PRIVATE)) { + PK11_HandlePasswordCheck(slot,wrappingKey->wincx); + } - return pk11_AnyUnwrapKey(wrappingKey->pkcs11Slot, wrappingKey->pkcs11ID, + return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, wrapType, NULL, wrappedKey, target, operation, keySize, wrappingKey->wincx, keyTemplate, templateCount, isPerm); } @@ -3569,7 +3590,9 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash) mech.mechanism = pk11_mapSignKeyType(key->keyType); - PK11_HandlePasswordCheck(slot, key->wincx); + if (!PK11_HasAttributeSet(slot,key->pkcs11ID,CKA_PRIVATE)) { + PK11_HandlePasswordCheck(slot, key->wincx); + } session = pk11_GetNewSession(slot,&owner); if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); @@ -3621,7 +3644,9 @@ PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, * decryption? .. because the user may have asked for 'ask always' * and this is a private key operation. In practice, thought, it's mute * since only servers wind up using this function */ - PK11_HandlePasswordCheck(slot, key->wincx); + if (!PK11_HasAttributeSet(slot,key->pkcs11ID,CKA_PRIVATE)) { + PK11_HandlePasswordCheck(slot, key->wincx); + } session = pk11_GetNewSession(slot,&owner); if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot); crv = PK11_GETTAB(slot)->C_DecryptInit(session,&mech,key->pkcs11ID); @@ -4476,6 +4501,11 @@ PK11_DigestKey(PK11Context *context, PK11SymKey *key) SECStatus rv = SECSuccess; PK11SymKey *newKey = NULL; + if (!context || !key) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + /* if we ran out of session, we need to restore our previously stored * state. */ @@ -5365,9 +5395,12 @@ PK11_UnwrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, if (newKey) { if (perm) { + /* Get RW Session will either lock the monitor if necessary, + * or return a thread safe session handle. */ rwsession = PK11_GetRWSession(slot); } else { rwsession = slot->session; + PK11_EnterSlotMonitor(slot); } crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism, newKey->objectID, @@ -5375,7 +5408,11 @@ PK11_UnwrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, wrappedKey->len, keyTemplate, templateCount, &privKeyID); - if (perm) PK11_RestoreROSession(slot, rwsession); + if (perm) { + PK11_RestoreROSession(slot, rwsession); + } else { + PK11_ExitSlotMonitor(slot); + } PK11_FreeSymKey(newKey); } else { crv = CKR_FUNCTION_NOT_SUPPORTED; @@ -5702,3 +5739,220 @@ PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, void *wincx) return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin, symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/); } + + +/* + * return a linked, non-circular list of generic objects. + * If you are only interested + * in one object, just use the first object in the list. To find the + * rest of the list use PK11_GetNextGenericObject() to return the next object. + * + * You can walk the list with the following code: + * firstObj = PK11_FindGenericObjects(slot, objClass); + * for (thisObj=firstObj; thisObj; + * thisObj=PK11_GetNextGenericObject(thisObj)) { + * /* operate on thisObj */ +/* } + * + * If you want a particular object from the list... + * firstObj = PK11_FindGenericObjects(slot, objClass); + * for (thisObj=firstObj; thisObj; + * thisObj=PK11_GetNextGenericObject(thisObj)) { + * if (isMyObj(thisObj)) { + * if ( thisObj == firstObj) { + * /* NOTE: firstObj could be NULL at this point */ +/* firstObj = PK11_GetNextGenericObject(thsObj); + * } + * PK11_UnlinkGenericObject(thisObj); + * myObj = thisObj; + * break; + * } + * + * PK11_DestroyGenericObjects(firstObj); + * + * /* use myObj */ +/* PK11_DestroyGenericObject(myObj); + */ +PK11GenericObject * +PK11_FindGenericObjects(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass) +{ + CK_ATTRIBUTE template[1]; + CK_ATTRIBUTE *attrs = template; + CK_OBJECT_HANDLE *objectIDs = NULL; + PK11GenericObject *lastObj, *obj; + PK11GenericObject *firstObj = NULL; + int i, count = 0; + + + PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass)); attrs++; + + objectIDs = pk11_FindObjectsByTemplate(slot,template,1,&count); + if (objectIDs == NULL) { + return NULL; + } + + /* where we connect our object once we've created it.. */ + for (i=0; i < count; i++) { + obj = PORT_New(PK11GenericObject); + if ( !obj ) { + PK11_DestroyGenericObjects(firstObj); + PORT_Free(objectIDs); + return NULL; + } + /* initialize it */ + obj->slot = PK11_ReferenceSlot(slot); + obj->objectID = objectIDs[i]; + obj->next = NULL; + obj->prev = NULL; + + /* link it in */ + if (firstObj == NULL) { + firstObj = obj; + } else { + PK11_LinkGenericObject(lastObj, obj); + } + lastObj = obj; + } + PORT_Free(objectIDs); + return firstObj; +} + +/* + * get the Next Object in the list. + */ +PK11GenericObject * +PK11_GetNextGenericObject(PK11GenericObject *object) +{ + return object->next; +} + +PK11GenericObject * +PK11_GetPrevGenericObject(PK11GenericObject *object) +{ + return object->prev; +} + +/* + * Link a single object into a new list. + * if the object is already in another list, remove it first. + */ +SECStatus +PK11_LinkGenericObject(PK11GenericObject *list, PK11GenericObject *object) +{ + PK11_UnlinkGenericObject(object); + object->prev = list; + object->next = list->next; + list->next = object; + if (object->next != NULL) { + object->next->prev = object; + } + return SECSuccess; +} + +/* + * remove an object from the list. If the object isn't already in + * a list unlink becomes a noop. + */ +SECStatus +PK11_UnlinkGenericObject(PK11GenericObject *object) +{ + if (object->prev != NULL) { + object->prev->next = object->next; + } + if (object->next != NULL) { + object->next->prev = object->prev; + } + + object->next = NULL; + object->prev = NULL; + return SECSuccess; +} + +/* + * This function removes a single object from the list and destroys it. + * For an already unlinked object there is no difference between + * PK11_DestroyGenericObject and PK11_DestroyGenericObjects + */ +SECStatus +PK11_DestroyGenericObject(PK11GenericObject *object) +{ + if (object == NULL) { + return SECSuccess; + } + + PK11_UnlinkGenericObject(object); + if (object->slot) { + PK11_FreeSlot(object->slot); + } + PORT_Free(object); + return SECSuccess; +} + +/* + * walk down a link list of generic objects destroying them. + * This will destroy all objects in a list that the object is linked into. + * (the list is traversed in both directions). + */ +SECStatus +PK11_DestroyGenericObjects(PK11GenericObject *objects) +{ + PK11GenericObject *nextObject; + PK11GenericObject *prevObject = objects->prev; + + if (objects == NULL) { + return SECSuccess; + } + + nextObject = objects->next; + prevObject = objects->prev; + + /* delete all the objects after it in the list */ + for (; objects; objects = nextObject) { + nextObject = objects->next; + PK11_DestroyGenericObject(objects); + } + /* delete all the objects before it in the list */ + for (objects = prevObject; objects; objects = nextObject) { + prevObject = objects->prev; + PK11_DestroyGenericObject(objects); + } + return SECSuccess; +} + + +SECStatus +PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec, + CK_ATTRIBUTE_TYPE attrType, SECItem *item) +{ + PK11SlotInfo *slot = NULL; + CK_OBJECT_HANDLE handle; + + switch (objType) { + case PK11_TypeGeneric: + slot = ((PK11GenericObject *)objSpec)->slot; + handle = ((PK11GenericObject *)objSpec)->objectID; + break; + case PK11_TypePrivKey: + slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot; + handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID; + break; + case PK11_TypePubKey: + slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot; + handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID; + break; + case PK11_TypeSymKey: + slot = ((PK11SymKey *)objSpec)->slot; + handle = ((PK11SymKey *)objSpec)->objectID; + break; + case PK11_TypeCert: /* don't handle cert case for now */ + default: + break; + } + if (slot == NULL) { + PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE); + return SECFailure; + } + + return PK11_ReadAttribute(slot, handle, attrType, NULL, item); +} + diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 875495940..d55bea701 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -906,11 +906,23 @@ PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout) } /* + * Returns true if the token is needLogin and isn't logged in. + * This function is used to determine if authentication is needed + * before attempting a potentially privelleged operation. + */ +PRBool +pk11_LoginStillRequired(PK11SlotInfo *slot, void *wincx) +{ + return slot->needLogin && !PK11_IsLoggedIn(slot,wincx); +} + +/* * make sure a slot is authenticated... + * This function only does the authentication if it is needed. */ SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) { - if (slot->needLogin && !PK11_IsLoggedIn(slot,wincx)) { + if (pk11_LoginStillRequired(slot,wincx)) { return PK11_DoPassword(slot,loadCerts,wincx); } return SECSuccess; @@ -2644,7 +2656,7 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts, if (needRW && slot->readOnly) continue; if ((type == CKM_INVALID_MECHANISM) || PK11_DoesMechanism(slot, type)) { - if (slot->needLogin && !PK11_IsLoggedIn(slot, wincx)) { + if (pk11_LoginStillRequired(slot,wincx)) { if (PK11_IsFriendly(slot)) { PK11_AddSlotToList(friendlyList, slot); } else { diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h index 82e9cb2c7..ed245b23f 100644 --- a/security/nss/lib/pk11wrap/secmodi.h +++ b/security/nss/lib/pk11wrap/secmodi.h @@ -114,4 +114,6 @@ extern void pk11sdr_Shutdown(void); SEC_END_PROTOS #endif +PRBool pk11_LoginStillRequired(PK11SlotInfo *slot, void *wincx); + diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index 4d34e87c3..e61030c56 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -62,6 +62,7 @@ typedef struct PK11SlotListElementStr PK11SlotListElement; typedef struct PK11RSAGenParamsStr PK11RSAGenParams; typedef unsigned long SECMODModuleID; typedef struct PK11DefaultArrayEntryStr PK11DefaultArrayEntry; +typedef struct PK11GenericObjectStr PK11GenericObject; struct SECMODModuleStr { PRArenaPool *arena; @@ -212,6 +213,17 @@ typedef enum { PK11_DIS_TOKEN_NOT_PRESENT = 4 } PK11DisableReasons; +/* types of PKCS #11 objects */ +typedef enum { + PK11_TypeGeneric = 0, + PK11_TypePrivKey = 1, + PK11_TypePubKey = 2, + PK11_TypeCert = 3, + PK11_TypeSymKey = 4 +} PK11ObjectType; + + + /* function pointer type for password callback function. * This type is passed in to PK11_SetPasswordFunc() */ diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h index b991b46e8..43d9fa082 100644 --- a/security/nss/lib/pk11wrap/secmodti.h +++ b/security/nss/lib/pk11wrap/secmodti.h @@ -44,6 +44,8 @@ #ifndef NSS_3_4_CODE #define NSS_3_4_CODE +#include "secmodt.h" +#include "pkcs11t.h" #endif /* NSS_3_4_CODE */ #include "nssdevt.h" @@ -189,3 +191,14 @@ struct PK11ContextStr { }; #endif /* _SECMODTI_H_ */ +/* + * structure to hold a pointer to a unique PKCS #11 object + * (pointer to the slot and the object id). + */ +struct PK11GenericObjectStr { + PK11GenericObject *prev; + PK11GenericObject *next; + PK11SlotInfo *slot; + CK_OBJECT_HANDLE objectID; +}; + diff --git a/security/nss/lib/pkcs7/certread.c b/security/nss/lib/pkcs7/certread.c index af5504f94..7a856df64 100644 --- a/security/nss/lib/pkcs7/certread.c +++ b/security/nss/lib/pkcs7/certread.c @@ -294,27 +294,22 @@ CERT_DecodeCertPackage(char *certbuf, void *arg) { unsigned char *cp; - int seqLen, seqLenLen; - int cl; - unsigned char *bincert = NULL, *certbegin = NULL, *certend = NULL; - unsigned int binLen; - char *ascCert = NULL; - int asciilen; - CERTCertificate *cert; - SECItem certitem, oiditem; - SECStatus rv; - SECOidData *oiddata; - SECItem *pcertitem = &certitem; + unsigned char *bincert = NULL; + char * ascCert = NULL; + SECStatus rv; if ( certbuf == NULL ) { return(SECFailure); } - cert = 0; cp = (unsigned char *)certbuf; /* is a DER encoded certificate of some type? */ if ( ( *cp & 0x1f ) == SEC_ASN1_SEQUENCE ) { + SECItem certitem; + SECItem *pcertitem = &certitem; + int seqLen, seqLenLen; + cp++; if ( *cp & 0x80) { @@ -370,6 +365,8 @@ CERT_DecodeCertPackage(char *certbuf, return(rv); } else if ( cp[0] == SEC_ASN1_OBJECT_ID ) { + SECOidData *oiddata; + SECItem oiditem; /* XXX - assume DER encoding of OID len!! */ oiditem.len = cp[1]; oiditem.data = (unsigned char *)&cp[2]; @@ -404,10 +401,32 @@ CERT_DecodeCertPackage(char *certbuf, /* now look for a netscape base64 ascii encoded cert */ notder: - cp = (unsigned char *)certbuf; + { + unsigned char *certbegin = NULL; + unsigned char *certend = NULL; + char *pc; + int cl; + + /* Convert the ASCII data into a nul-terminated string */ + ascCert = (char *)PORT_Alloc(certlen + 1); + if (!ascCert) { + rv = SECFailure; + goto loser; + } + + PORT_Memcpy(ascCert, certbuf, certlen); + ascCert[certlen] = '\0'; + + pc = PORT_Strchr(ascCert, '\n'); /* find an EOL */ + if (!pc) { /* maybe this is a MAC file */ + pc = ascCert; + while (*pc && NULL != (pc = PORT_Strchr(pc, '\r'))) { + *pc++ = '\n'; + } + } + + cp = (unsigned char *)ascCert; cl = certlen; - certbegin = 0; - certend = 0; /* find the beginning marker */ while ( cl > sizeof(NS_CERT_HEADER) ) { @@ -432,7 +451,6 @@ notder: } if ( certbegin ) { - /* find the ending marker */ while ( cl > sizeof(NS_CERT_TRAILER) ) { if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER, @@ -456,20 +474,11 @@ notder: } if ( certbegin && certend ) { + unsigned int binLen; - /* Convert the ASCII data into a nul-terminated string */ - asciilen = certend - certbegin; - ascCert = (char *)PORT_Alloc(asciilen+1); - if (!ascCert) { - rv = SECFailure; - goto loser; - } - - PORT_Memcpy(ascCert, certbegin, asciilen); - ascCert[asciilen] = '\0'; - + *certend = 0; /* convert to binary */ - bincert = ATOB_AsciiToData(ascCert, &binLen); + bincert = ATOB_AsciiToData(certbegin, &binLen); if (!bincert) { rv = SECFailure; goto loser; @@ -481,6 +490,7 @@ notder: } else { rv = SECFailure; } + } loser: diff --git a/security/nss/lib/smime/config.mk b/security/nss/lib/smime/config.mk index cd5c893a5..7bf4898a7 100644 --- a/security/nss/lib/smime/config.mk +++ b/security/nss/lib/smime/config.mk @@ -86,4 +86,9 @@ SHARED_LIBRARY_DIRS = \ ../pkcs7 \ $(NULL) +ifeq ($(OS_TARGET),SunOS) +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. +MKSHLIB += -R '$$ORIGIN' +endif diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk index adf0ea0df..81b5aadd8 100644 --- a/security/nss/lib/softoken/config.mk +++ b/security/nss/lib/softoken/config.mk @@ -84,14 +84,10 @@ EXTRA_SHARED_LIBS += \ endif ifeq ($(OS_TARGET),SunOS) -ifndef USE_64 -ifeq ($(CPU_ARCH),sparc) -# The -R '$ORIGIN' linker option instructs libsoftokn3.so to search for its -# dependencies (libfreebl_*.so) in the same directory where it resides. +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. MKSHLIB += -R '$$ORIGIN' endif -endif -endif ifeq ($(OS_TARGET),WINCE) DEFINES += -DDBM_USING_NSPR diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index 220e897ba..b5ee79231 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -40,6 +40,7 @@ #include "pkcs11i.h" #include "mcom_db.h" #include "cdbhdl.h" +#include "secerr.h" #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } @@ -510,6 +511,19 @@ secmod_FreeData(DBT *data) } } +static void +secmod_FreeSlotStrings(char **slotStrings, int count) +{ + int i; + + for (i=0; i < count; i++) { + if (slotStrings[i]) { + PR_smprintf_free(slotStrings[i]); + slotStrings[i] = NULL; + } + } +} + /* * build a module from the data base entry. */ @@ -518,128 +532,229 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) { secmodData *encoded; secmodSlotData *slots; - char *commonName = NULL,*dllName = NULL,*parameters = NULL; + PLArenaPool *arena; + char *commonName = NULL; + char *dllName = NULL; + char *parameters = NULL; + char *nss; + char *moduleSpec; + char **slotStrings = NULL; unsigned char *names; - unsigned short len; unsigned long slotCount; - unsigned short offset; - PRBool isOldVersion = PR_FALSE; - PRBool internal, isFIPS, isModuleDB=PR_FALSE, isModuleDBOnly=PR_FALSE; - PRBool extended=PR_FALSE; - PRBool hasRootCerts=PR_FALSE,hasRootTrust=PR_FALSE; - unsigned long trustOrder=PK11_DEFAULT_TRUST_ORDER, - cipherOrder=PK11_DEFAULT_CIPHER_ORDER; - unsigned long ssl0=0, ssl1=0; - char **slotStrings = NULL; - unsigned long slotID,defaultFlags,timeout; - char *nss,*moduleSpec; + unsigned long ssl0 =0; + unsigned long ssl1 =0; + unsigned long slotID; + unsigned long defaultFlags; + unsigned long timeout; + unsigned long trustOrder =PK11_DEFAULT_TRUST_ORDER; + unsigned long cipherOrder =PK11_DEFAULT_CIPHER_ORDER; + unsigned short len; + unsigned short namesOffset = 0; /* start of the names block */ + unsigned long namesRunningOffset; /* offset to name we are + * currently processing */ + unsigned short slotOffset; + PRBool isOldVersion = PR_FALSE; + PRBool internal; + PRBool isFIPS; + PRBool isModuleDB =PR_FALSE; + PRBool isModuleDBOnly =PR_FALSE; + PRBool extended =PR_FALSE; int i; - PLArenaPool *arena; arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); - if (arena == NULL) return NULL; + if (arena == NULL) + return NULL; + +#define CHECK_SIZE(x) \ + if ((unsigned int) data->size < (unsigned int)(x)) goto db_loser + + /* ------------------------------------------------------------- + ** Process the buffer header, which is the secmodData struct. + ** It may be an old or new version. Check the length for each. + */ + + CHECK_SIZE( offsetof(secmodData, trustOrder[0]) ); encoded = (secmodData *)data->data; - names = (unsigned char *)data->data; - offset = SECMOD_GETSHORT(encoded->slotOffset); - slots = (secmodSlotData *) (names + offset + 2); - slotCount = SECMOD_GETSHORT(names + offset); - names += SECMOD_GETSHORT(encoded->nameStart); - * retInternal = internal = (encoded->internal != 0) ? PR_TRUE: PR_FALSE; - isFIPS = (encoded->fips != 0) ? PR_TRUE: PR_FALSE; - len = SECMOD_GETSHORT(names); + internal = (encoded->internal != 0) ? PR_TRUE: PR_FALSE; + isFIPS = (encoded->fips != 0) ? PR_TRUE: PR_FALSE; + if (retInternal) + *retInternal = internal; + if (internal) { + parameters = PORT_ArenaStrdup(arena,defParams); + if (parameters == NULL) + goto loser; + } if (internal && (encoded->major == SECMOD_DB_NOUI_VERSION_MAJOR) && (encoded->minor <= SECMOD_DB_NOUI_VERSION_MINOR)) { isOldVersion = PR_TRUE; } - if ((encoded->major == SECMOD_DB_EXT1_VERSION_MAJOR) && (encoded->minor >= SECMOD_DB_EXT1_VERSION_MINOR)) { - trustOrder = SECMOD_GETLONG(encoded->trustOrder); - cipherOrder = SECMOD_GETLONG(encoded->cipherOrder); - isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE; + CHECK_SIZE( sizeof(secmodData)); + trustOrder = SECMOD_GETLONG(encoded->trustOrder); + cipherOrder = SECMOD_GETLONG(encoded->cipherOrder); + isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE; isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE: PR_FALSE; - extended = PR_TRUE; + extended = PR_TRUE; } - if (internal && !extended) { trustOrder = 0; cipherOrder = 100; } + /* decode SSL cipher enable flags */ + ssl0 = SECMOD_GETLONG(encoded->ssl); + ssl1 = SECMOD_GETLONG(encoded->ssl + 4); + + slotOffset = SECMOD_GETSHORT(encoded->slotOffset); + namesOffset = SECMOD_GETSHORT(encoded->nameStart); + + + /*-------------------------------------------------------------- + ** Now process the variable length set of names. + ** The names have this structure: + ** struct { + ** BYTE commonNameLen[ 2 ]; + ** BYTE commonName [ commonNameLen ]; + ** BTTE libNameLen [ 2 ]; + ** BYTE libName [ libNameLen ]; + ** If it is "extended" it also has these members: + ** BYTE initStringLen[ 2 ]; + ** BYTE initString [ initStringLen ]; + ** } + */ + + namesRunningOffset = namesOffset; + /* copy the module's common name */ + CHECK_SIZE( namesRunningOffset + 2); + names = (unsigned char *)data->data; + len = SECMOD_GETSHORT(names+namesRunningOffset); - /* decode the common name */ + CHECK_SIZE( namesRunningOffset + 2 + len); commonName = (char*)PORT_ArenaAlloc(arena,len+1); - if (commonName == NULL) { - PORT_FreeArena(arena,PR_TRUE); - return NULL; - } - PORT_Memcpy(commonName,&names[2],len); + if (commonName == NULL) + goto loser; + PORT_Memcpy(commonName, names + namesRunningOffset + 2, len); commonName[len] = 0; + namesRunningOffset += len + 2; - /* decode the DLL name */ - names += len+2; - len = SECMOD_GETSHORT(names); + /* copy the module's shared library file name. */ + CHECK_SIZE( namesRunningOffset + 2); + len = SECMOD_GETSHORT(names + namesRunningOffset); if (len) { + CHECK_SIZE( namesRunningOffset + 2 + len); dllName = (char*)PORT_ArenaAlloc(arena,len + 1); - if (dllName == NULL) { - PORT_FreeArena(arena,PR_TRUE); - return NULL; - } - PORT_Memcpy(dllName,&names[2],len); + if (dllName == NULL) + goto loser; + PORT_Memcpy(dllName, names + namesRunningOffset + 2, len); dllName[len] = 0; } + namesRunningOffset += len + 2; + + /* copy the module's initialization string, if present. */ if (!internal && extended) { - names += len+2; - len = SECMOD_GETSHORT(names); + CHECK_SIZE( namesRunningOffset + 2); + len = SECMOD_GETSHORT(names+namesRunningOffset); if (len) { + CHECK_SIZE( namesRunningOffset + 2 + len ); parameters = (char*)PORT_ArenaAlloc(arena,len + 1); - if (parameters == NULL) { - PORT_FreeArena(arena,PR_TRUE); - return NULL; - } - PORT_Memcpy(parameters,&names[2],len); + if (parameters == NULL) + goto loser; + PORT_Memcpy(parameters,names + namesRunningOffset + 2, len); parameters[len] = 0; } + namesRunningOffset += len + 2; + } + + /* + * Consistency check: Make sure the slot and names blocks don't + * overlap. These blocks can occur in any order, so this check is made + * in 2 parts. First we check the case where the slot block starts + * after the name block. Later, when we have the slot block length, + * we check the case where slot block starts before the name block. + * NOTE: in most cases any overlap will likely be detected by invalid + * data read from the blocks, but it's better to find out sooner + * than later. + */ + if (slotOffset >= namesOffset) { /* slot block starts after name block */ + if (slotOffset < namesRunningOffset) { + goto db_loser; + } } - if (internal) { - parameters = PORT_ArenaStrdup(arena,defParams); + + /* ------------------------------------------------------------------ + ** Part 3, process the slot table. + ** This part has this structure: + ** struct { + ** BYTE slotCount [ 2 ]; + ** secmodSlotData [ slotCount ]; + ** { + */ + + CHECK_SIZE( slotOffset + 2 ); + slotCount = SECMOD_GETSHORT((unsigned char *)data->data + slotOffset); + + /* + * Consistency check: Part 2. We now have the slot block length, we can + * check the case where the slotblock procedes the name block. + */ + if (slotOffset < namesOffset) { /* slot block starts before name block */ + if (namesOffset < slotOffset + 2 + slotCount*sizeof(secmodSlotData)) { + goto db_loser; + } } - /* decode SSL cipher enable flags */ - ssl0 = SECMOD_GETLONG(encoded->ssl); - ssl1 = SECMOD_GETLONG(&encoded->ssl[4]); + CHECK_SIZE( (slotOffset + 2 + slotCount * sizeof(secmodSlotData))); + slots = (secmodSlotData *) ((unsigned char *)data->data + slotOffset + 2); /* slotCount; */ - slotStrings = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *)); - for (i=0; i < (int) slotCount; i++) { - slotID = SECMOD_GETLONG(slots[i].slotID); - defaultFlags = SECMOD_GETLONG(slots[i].defaultFlags); + slotStrings = (char **)PORT_ArenaZAlloc(arena, slotCount * sizeof(char *)); + if (slotStrings == NULL) + goto loser; + for (i=0; i < (int) slotCount; i++, slots++) { + PRBool hasRootCerts =PR_FALSE; + PRBool hasRootTrust =PR_FALSE; + slotID = SECMOD_GETLONG(slots->slotID); + defaultFlags = SECMOD_GETLONG(slots->defaultFlags); + timeout = SECMOD_GETLONG(slots->timeout); + hasRootCerts = slots->hasRootCerts; if (isOldVersion && internal && (slotID != 2)) { unsigned long internalFlags= pk11_argSlotFlags("slotFlags",SECMOD_SLOT_FLAGS); defaultFlags |= internalFlags; } - timeout = SECMOD_GETLONG(slots[i].timeout); - hasRootCerts = slots[i].hasRootCerts; if (hasRootCerts && !extended) { trustOrder = 100; } slotStrings[i] = pk11_mkSlotString(slotID, defaultFlags, timeout, - (unsigned char)slots[i].askpw, + (unsigned char)slots->askpw, hasRootCerts, hasRootTrust); + if (slotStrings[i] == NULL) { + secmod_FreeSlotStrings(slotStrings,i); + goto loser; + } } nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB, - isModuleDBOnly, internal, trustOrder, cipherOrder, ssl0, ssl1); + isModuleDBOnly, internal, trustOrder, cipherOrder, + ssl0, ssl1); + secmod_FreeSlotStrings(slotStrings,slotCount); + /* it's permissible (and normal) for nss to be NULL. it simply means + * there are no NSS specific parameters in the database */ moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss); PR_smprintf_free(nss); PORT_FreeArena(arena,PR_TRUE); + return moduleSpec; - return (moduleSpec); +db_loser: + PORT_SetError(SEC_ERROR_BAD_DATABASE); +loser: + PORT_FreeArena(arena,PR_TRUE); + return NULL; } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 0d77670f2..31a5f3aec 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2160,6 +2160,7 @@ pk11_mkSecretKeyRep(PK11Object *object) NSSLOWKEYPrivateKey *privKey = 0; PLArenaPool *arena = 0; CK_KEY_TYPE keyType; + PRUint32 keyTypeStorage; SECItem keyTypeItem; CK_RV crv; SECStatus rv; @@ -2212,10 +2213,13 @@ pk11_mkSecretKeyRep(PK11Object *object) /* Coeficient set to KEY_TYPE */ crv = pk11_GetULongAttribute(object, CKA_KEY_TYPE, &keyType); - if (crv != CKR_OK) goto loser; - keyType = PR_htonl(keyType); - keyTypeItem.data = (unsigned char *)&keyType; - keyTypeItem.len = sizeof (keyType); + if (crv != CKR_OK) goto loser; + /* on 64 bit platforms, we still want to store 32 bits of keyType (This is + * safe since the PKCS #11 defines for all types are 32 bits or less). */ + keyTypeStorage = (PRUint32) keyType; + keyTypeStorage = PR_htonl(keyTypeStorage); + keyTypeItem.data = (unsigned char *)&keyTypeStorage; + keyTypeItem.len = sizeof (keyTypeStorage); rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem); if (rv != SECSuccess) { crv = CKR_HOST_MEMORY; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 50788e5c6..e4cb96bdd 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -363,30 +363,17 @@ pk11_InitGeneric(PK11Session *session,PK11SessionContext **contextPtr, } /* get the key type */ att = pk11_FindAttribute(key,CKA_KEY_TYPE); - PORT_Assert(att != NULL); - size = sizeof(CK_KEY_TYPE); - if (att->attrib.ulValueLen < size) { - CK_KEY_TYPE kt; - int i; - int shift; -#ifdef IS_LITTLE_ENDIAN - shift = 0; -#else - shift = (att->attrib.ulValueLen - 1) * 8; -#endif - kt = 0; - for (i=att->attrib.ulValueLen - 1; i>=0; i--) { - kt |= ((unsigned char *)att->attrib.pValue)[i] << shift; -#ifdef IS_LITTLE_ENDIAN - shift += 8; -#else - shift -= 8; -#endif - } - *keyTypePtr = kt; - } else { - *keyTypePtr = *((CK_KEY_TYPE *)att->attrib.pValue); + if (att == NULL) { + pk11_FreeObject(key); + return CKR_KEY_TYPE_INCONSISTENT; + } + PORT_Assert(att->attrib.ulValueLen == sizeof(CK_KEY_TYPE)); + if (att->attrib.ulValueLen != sizeof(CK_KEY_TYPE)) { + pk11_FreeAttribute(att); + pk11_FreeObject(key); + return CKR_ATTRIBUTE_VALUE_INVALID; } + PORT_Memcpy(keyTypePtr, att->attrib.pValue, sizeof(CK_KEY_TYPE)); pk11_FreeAttribute(att); *keyPtr = key; } diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 24e162a23..cfa2ca631 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -688,6 +688,7 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) int keyTypeLen; CK_ULONG keyLen; CK_KEY_TYPE keyType; + PRUint32 keyTypeStorage; switch (type) { case CKA_PRIVATE: @@ -732,25 +733,72 @@ pk11_FindSecretKeyAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) * in host order, with any leading zeros stripped off. Only key types * under 0x1f (AES) were stored. We assume that any values which are * either 1 byte long (big endian), or have byte[0] between 0 and - * 0x1f and bytes[1]-bytes[3] equal to '0' (little endian). All other + * 0x7f and bytes[1]-bytes[3] equal to '0' (little endian). All other * values are assumed to be from the new database, which is always 4 - * bytes in host order */ + * bytes in network order */ keyType=0; keyString = key->u.rsa.coefficient.data; keyTypeLen = key->u.rsa.coefficient.len; - /* only length of 1 or 4 are valid */ - if ((keyTypeLen != sizeof(keyType)) && (keyTypeLen != 1)) { - PORT_SetError(SEC_ERROR_BAD_DATABASE); - return NULL; + + + /* + * Because of various endian and word lengths, the database may have + * stored the keyType value in one of the following formats: + * (kt) <= 0x1f + * length data + * Big Endian, pre-3.9, all lengths: 1 (kt) + * Little Endian, pre-3.9, 32 bits: 4 (kt) 0 0 0 + * Little Endian, pre-3.9, 64 bits: 8 (kt) 0 0 0 0 0 0 0 + * All platforms, 3.9, 32 bits: 4 0 0 0 (kt) + * Big Endian, 3.9, 64 bits: 8 0 0 0 (kt) 0 0 0 0 + * Little Endian, 3.9, 64 bits: 8 0 0 0 0 0 0 0 (kt) + * All platforms, >= 3.9.1, all lengths: 4 (a) k1 k2 k3 + * where (a) is 0 or >= 0x80. currently (a) can only be 0. + */ + /* + * This key was written on a 64 bit platform with a using NSS 3.9 + * or earlier. Reduce the 64 bit possibilities above. When through, + * we will only have: + * + * Big Endian, pre-3.9, all lengths: 1 (kt) + * Little Endian, pre-3.9, all lengths: 4 (kt) 0 0 0 + * All platforms, 3.9, all lengths: 4 0 0 0 (kt) + * All platforms, => 3.9.1, all lengths: 4 (a) k1 k2 k3 + */ + if (keyTypeLen == 8) { + keyTypeStorage = *(PRUint32 *) keyString; + if (keyTypeStorage == 0) { + keyString += sizeof(PRUint32); + } + keyTypeLen = 4; } - if ((keyTypeLen == 1) || - ((keyString[0] <= 0x1f) && (keyString[1] == 0) && - (keyString[2] == 0) && (keyString[3] == 0))) { - keyType = (CK_KEY_TYPE) keyString[0] ; + /* + * Now Handle: + * + * All platforms, 3.9, all lengths: 4 0 0 0 (kt) + * All platforms, => 3.9.1, all lengths: 4 (a) k1 k2 k3 + * + * NOTE: if kt == 0 or ak1k2k3 == 0, the test fails and + * we handle it as: + * + * Little Endian, pre-3.9, all lengths: 4 (kt) 0 0 0 + */ + if (keyTypeLen == sizeof(keyTypeStorage) && + (((keyString[0] & 0x80) == 0x80) || + !((keyString[1] == 0) && (keyString[2] == 0) + && (keyString[3] == 0))) ) { + PORT_Memcpy(&keyTypeStorage, keyString, sizeof(keyTypeStorage)); + keyType = (CK_KEY_TYPE) PR_ntohl(keyTypeStorage); } else { - keyType = *(CK_KEY_TYPE *) keyString; - keyType = PR_ntohl(keyType); - } + /* + * Now Handle: + * + * Big Endian, pre-3.9, all lengths: 1 (kt) + * Little Endian, pre-3.9, all lengths: 4 (kt) 0 0 0 + * -- KeyType == 0 all other cases ---: 4 0 0 0 0 + */ + keyType = (CK_KEY_TYPE) keyString[0] ; + } return pk11_NewTokenAttribute(type,&keyType,sizeof(keyType),PR_TRUE); case CKA_VALUE: return pk11_NewTokenAttribute(type,key->u.rsa.privateExponent.data, diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk index 3917eaba1..cf341b4c0 100644 --- a/security/nss/lib/ssl/config.mk +++ b/security/nss/lib/ssl/config.mk @@ -78,4 +78,10 @@ ifeq ($(OS_ARCH), Darwin) EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib endif +ifeq ($(OS_TARGET),SunOS) +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. +MKSHLIB += -R '$$ORIGIN' +endif + endif diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 1b2cd4fc1..6db9a7641 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -2776,6 +2776,10 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, PORT_Assert( ssl_HaveSSL3HandshakeLock(ss) ); isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0); + if (!spec->master_secret) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } md5StateBuf = PK11_SaveContextAlloc(ssl3->hs.md5, md5StackBuf, sizeof md5StackBuf, &md5StateLen); @@ -3329,7 +3333,7 @@ typedef struct { PK11SymKey * symWrapKey[kt_kea_size]; } ssl3SymWrapKey; -static PZLock * symWrapKeysLock; +static PZLock * symWrapKeysLock = NULL; static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS]; SECStatus @@ -3356,6 +3360,13 @@ SSL3_ShutdownServerCache(void) return SECSuccess; } +void ssl_InitSymWrapKeysLock(void) +{ + /* atomically initialize the lock */ + if (!symWrapKeysLock) + nss_InitLock(&symWrapKeysLock, nssILockOther); +} + /* Try to get wrapping key for mechanism from in-memory array. * If that fails, look for one on disk. * If that fails, generate a new one, put the new one on disk, @@ -3393,9 +3404,7 @@ getWrappingKey( sslSocket * ss, pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType]; - /* atomically initialize the lock */ - if (!symWrapKeysLock) - nss_InitLock(&symWrapKeysLock, nssILockOther); + ssl_InitSymWrapKeysLock(); PZ_Lock(symWrapKeysLock); diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index e373fa28b..115ef4de5 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -2573,7 +2573,7 @@ ssl2_HandleMessage(sslSocket *ss) case SSL_MT_REQUEST_CERTIFICATE: len = ss->gs.recordLen - 2; - if ((len != SSL_MIN_CHALLENGE_BYTES) || + if ((len < SSL_MIN_CHALLENGE_BYTES) || (len > SSL_MAX_CHALLENGE_BYTES)) { /* Bad challenge */ SSL_DBG(("%d: SSL[%d]: bad cert request message: code len=%d", @@ -2617,6 +2617,11 @@ ssl2_HandleMessage(sslSocket *ss) PORT_SetError(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); goto loser; } + if (certLen + responseLen + SSL_HL_CLIENT_CERTIFICATE_HBYTES + > ss->gs.recordLen) { + /* prevent overflow crash. */ + rv = SECFailure; + } else rv = ssl2_HandleClientCertificate(ss, data[1], data + SSL_HL_CLIENT_CERTIFICATE_HBYTES, certLen, @@ -2808,9 +2813,22 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) } } - /* Save connection-id for later */ - PORT_Memcpy(ss->sec.ci.connectionID, cs + csLen, - sizeof(ss->sec.ci.connectionID)); + if ((SSL_HL_SERVER_HELLO_HBYTES + certLen + csLen + cidLen + > ss->gs.recordLen) + || (csLen % 3) != 0 + /* || cidLen < SSL_CONNECTIONID_BYTES || cidLen > 32 */ + ) { + goto bad_server; + } + + /* Save connection-id. + ** This code only saves the first 16 byte of the connectionID. + ** If the connectionID is shorter than 16 bytes, it is zero-padded. + */ + if (cidLen < sizeof ss->sec.ci.connectionID) + memset(ss->sec.ci.connectionID, 0, sizeof ss->sec.ci.connectionID); + cidLen = PR_MIN(cidLen, sizeof ss->sec.ci.connectionID); + PORT_Memcpy(ss->sec.ci.connectionID, cs + csLen, cidLen); /* See if session-id hit */ needed = CIS_HAVE_MASTER_KEY | CIS_HAVE_FINISHED | CIS_HAVE_VERIFY; @@ -3494,7 +3512,11 @@ ssl2_HandleClientHelloMessage(sslSocket *ss) challenge = sd + sdLen; PRINT_BUF(7, (ss, "server, client session-id value:", sd, sdLen)); - if ((unsigned)ss->gs.recordLen != + if (!csLen || (csLen % 3) != 0 || + (sdLen != 0 && sdLen != SSL2_SESSIONID_BYTES) || + challengeLen < SSL_MIN_CHALLENGE_BYTES || + challengeLen > SSL_MAX_CHALLENGE_BYTES || + (unsigned)ss->gs.recordLen != SSL_HL_CLIENT_HELLO_HBYTES + csLen + sdLen + challengeLen) { SSL_DBG(("%d: SSL[%d]: bad client hello message, len=%d should=%d", SSL_GETPID(), ss->fd, ss->gs.recordLen, diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 90a99100e..b17c40672 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1264,6 +1264,10 @@ ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk); /* get rid of the symmetric wrapping key references. */ extern SECStatus SSL3_ShutdownServerCache(void); +extern void ssl_InitClientSessionCacheLock(void); + +extern void ssl_InitSymWrapKeysLock(void); + /********************** misc calls *********************/ extern int ssl_MapLowLevelError(int hiLevelError); diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c index ac79c6d66..9ae45de1a 100644 --- a/security/nss/lib/ssl/sslnonce.c +++ b/security/nss/lib/ssl/sslnonce.c @@ -51,8 +51,8 @@ PRUint32 ssl_sid_timeout = 100; PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */ -static sslSessionID *cache; -static PZLock * cacheLock; +static sslSessionID *cache = NULL; +static PZLock * cacheLock = NULL; /* sids can be in one of 4 states: * @@ -65,14 +65,16 @@ static PZLock * cacheLock; #define LOCK_CACHE lock_cache() #define UNLOCK_CACHE PZ_Unlock(cacheLock) -static void -lock_cache(void) +void ssl_InitClientSessionCacheLock(void) { - /* XXX Since the client session cache has no init function, we must - * XXX init the cacheLock on the first call. Fix in NSS 3.0. - */ if (!cacheLock) nss_InitLock(&cacheLock, nssILockCache); +} + +static void +lock_cache(void) +{ + ssl_InitClientSessionCacheLock(); PZ_Lock(cacheLock); } diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 6604c2896..8d5a853b1 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -1169,6 +1169,8 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries, PRUint32 ssl3_timeout, const char * directory) { + ssl_InitClientSessionCacheLock(); + ssl_InitSymWrapKeysLock(); return SSL_ConfigServerSessionIDCacheInstance(&globalCache, maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE); } @@ -1276,6 +1278,10 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) } return SECSuccess; /* already done. */ } + + ssl_InitClientSessionCacheLock(); + ssl_InitSymWrapKeysLock(); + ssl_sid_lookup = ServerSessionIDLookup; ssl_sid_cache = ServerSessionIDCache; ssl_sid_uncache = ServerSessionIDUncache; diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index e4f01898d..df29616b0 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -459,13 +459,17 @@ SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled) { PRFileDesc * osfd = ss->fd->lower; - int rv; + SECStatus rv = SECFailure; PRSocketOptionData opt; opt.option = PR_SockOpt_NoDelay; opt.value.no_delay = (PRBool)!enabled; - rv = osfd->methods->setsocketoption(osfd, &opt); + if (osfd->methods->setsocketoption) { + rv = (SECStatus) osfd->methods->setsocketoption(osfd, &opt); + } else { + PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); + } return rv; } diff --git a/security/nss/lib/util/nsslocks.c b/security/nss/lib/util/nsslocks.c index ce9072c68..8b158e025 100644 --- a/security/nss/lib/util/nsslocks.c +++ b/security/nss/lib/util/nsslocks.c @@ -60,7 +60,9 @@ __nss_InitLock( PZLock **ppLock, nssILockType ltype ) while (!*ppLock) { PRInt32 myAttempt = PR_AtomicIncrement(&initializers); if (myAttempt == 1) { - *ppLock = PZ_NewLock(ltype); + if (!*ppLock) { + *ppLock = PZ_NewLock(ltype); + } (void) PR_AtomicDecrement(&initializers); break; } @@ -93,7 +95,9 @@ nss_InitMonitor(PZMonitor **ppMonitor, nssILockType ltype ) while (!*ppMonitor) { PRInt32 myAttempt = PR_AtomicIncrement(&initializers); if (myAttempt == 1) { - *ppMonitor = PZ_NewMonitor(ltype); + if (!*ppMonitor) { + *ppMonitor = PZ_NewMonitor(ltype); + } (void) PR_AtomicDecrement(&initializers); break; } diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c index 33aaaa713..421d43d87 100644 --- a/security/nss/lib/util/nssrwlk.c +++ b/security/nss/lib/util/nssrwlk.c @@ -185,7 +185,9 @@ nssRWLock_AtomicCreate( NSSRWLock ** prwlock, while (NULL == (rwlock = *prwlock)) { PRInt32 myAttempt = PR_AtomicIncrement(&initializers); if (myAttempt == 1) { - *prwlock = rwlock = NSSRWLock_New(lock_rank, lock_name); + if (NULL == (rwlock = *prwlock)) { + *prwlock = rwlock = NSSRWLock_New(lock_rank, lock_name); + } (void) PR_AtomicDecrement(&initializers); break; } diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index d1bb335fc..fe78d5989 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -190,7 +190,14 @@ SEC_ERROR_EXTRA_INPUT = (SEC_ERROR_BASE + 140), SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), -SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144) +SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), +/* new revocation errors */ +SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), +SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), +SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), +SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), +SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), +SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150) } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index 693b35110..ffdbddbe4 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -131,6 +131,7 @@ extern void PORT_FreeBlock(void *ptr); extern void *PORT_ZAlloc(size_t len); extern void PORT_Free(void *ptr); extern void PORT_ZFree(void *ptr, size_t len); +extern char *PORT_Strdup(const char *s); extern time_t PORT_Time(void); extern void PORT_SetError(int value); extern int PORT_GetError(void); @@ -168,34 +169,6 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); /* Please, keep these defines sorted alphbetically. Thanks! */ -#ifdef XP_STRING_FUNCS - -#define PORT_Atoi XP_ATOI - -#define PORT_Memcmp XP_MEMCMP -#define PORT_Memcpy XP_MEMCPY -#define PORT_Memmove XP_MEMMOVE -#define PORT_Memset XP_MEMSET - -#define PORT_Strcasecmp XP_STRCASECMP -#define PORT_Strcat XP_STRCAT -#define PORT_Strchr XP_STRCHR -#define PORT_Strrchr XP_STRRCHR -#define PORT_Strcmp XP_STRCMP -#define PORT_Strcpy XP_STRCPY -#define PORT_Strdup XP_STRDUP -#define PORT_Strlen(s) XP_STRLEN(s) -#define PORT_Strncasecmp XP_STRNCASECMP -#define PORT_Strncat strncat -#define PORT_Strncmp XP_STRNCMP -#define PORT_Strncpy strncpy -#define PORT_Strstr XP_STRSTR -#define PORT_Strtok XP_STRTOK_R - -#define PORT_Tolower XP_TO_LOWER - -#else /* XP_STRING_FUNCS */ - #define PORT_Atoi atoi #define PORT_Memcmp memcmp @@ -213,7 +186,6 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); #define PORT_Strrchr strrchr #define PORT_Strcmp strcmp #define PORT_Strcpy strcpy -extern char *PORT_Strdup(const char *s); #define PORT_Strlen(s) strlen(s) #define PORT_Strncasecmp PL_strncasecmp #define PORT_Strncat strncat @@ -225,8 +197,6 @@ extern char *PORT_Strdup(const char *s); #define PORT_Tolower tolower -#endif /* XP_STRING_FUNCS */ - typedef PRBool (PR_CALLBACK * PORTCharConversionWSwapFunc) (PRBool toUnicode, unsigned char *inBuf, unsigned int inBufLen, unsigned char *outBuf, unsigned int maxOutBufLen, diff --git a/security/nss/pkg/linux/Makefile b/security/nss/pkg/linux/Makefile index f25d09f71..a9713342f 100644 --- a/security/nss/pkg/linux/Makefile +++ b/security/nss/pkg/linux/Makefile @@ -8,51 +8,56 @@ CORE_DEPTH = ../../.. NAME = sun-nss -RELEASE = 1 -TOPDIR = /usr/src/redhat +RELEASE = 2 VERSION = `grep NSS_VERSION $(CORE_DEPTH)/../dist/public/nss/nss.h \ - | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//'` + | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//'` +PWD = `pwd` +BUILDROOT = $(PWD)\/$(NAME)-root include $(CORE_DEPTH)/coreconf/config.mk publish: $(MAKE) clean - mkdir -p usr/lib/mps + mkdir -p SOURCES SRPMS RPMS BUILD + mkdir -p opt/sun/private/lib find $(CORE_DEPTH)/../dist/$(OBJDIR)/lib -type l \ \( -name "*.so" -o -name "*.chk" \) \ - -exec cp -L {} usr/lib/mps \; - mkdir -p usr/include/mps - cp -Lr $(CORE_DEPTH)/../dist/public/* usr/include/mps - tar czvf $(NAME)-$(VERSION).tar.gz usr + -exec cp {} opt/sun/private/lib \; + mkdir -p opt/sun/private/bin + (cd $(CORE_DEPTH)/../dist/$(OBJDIR)/bin && tar cphf - \ + certutil cmsutil crlutil modutil pk12util signtool \ + signver ssltap ) | (cd opt/sun/private/bin && tar xvfBp -) + (cd $(CORE_DEPTH)/../dist/public && tar cphf - .) \ + | (mkdir -p opt/sun/private/include && cd opt/sun/private/include && tar xvfBp -) + + tar czvf $(NAME)-$(VERSION).tar.gz opt + echo "%define _topdir `pwd`" >temp.spec sed -e "s/NAME_REPLACE/$(NAME)/" \ -e "s/VERSION_REPLACE/$(VERSION)/" \ -e "s/RELEASE_REPLACE/$(RELEASE)/" \ - <$(NAME).spec >temp.spec + <$(NAME).spec >>temp.spec echo "" >>temp.spec echo "%files" >>temp.spec echo "%defattr(-,root,root)" >>temp.spec - echo "%dir /usr" >>temp.spec - echo "%dir /usr/lib" >>temp.spec - echo "%dir /usr/lib/mps" >>temp.spec - find usr \( -name "*.so" -o -name "*.chk" \) \ - | sed -e "s-^-/-" >>temp.spec + echo "%dir /opt" >>temp.spec + echo "%dir /opt/sun" >>temp.spec + echo "%dir /opt/sun/private" >>temp.spec + echo "%dir /opt/sun/private/lib" >>temp.spec + echo "%dir /opt/sun/private/bin" >>temp.spec + find opt \( -name "*.so" -o -name "*.chk" -o -type f \ + -perm u=rwx,g=rx,o=rx \) | sed -e "s-^-/-" >>temp.spec echo "" >>temp.spec echo "%files devel" >>temp.spec echo "%defattr(-,root,root)" >>temp.spec - find usr -type d | sed -e "s-^-%dir /-" >>temp.spec - find usr -type f ! \( -name "*.so" -o -name "*.chk" \) \ + find opt -type d | sed -e "s-^-%dir /-" >>temp.spec + find opt -type f ! \( -name "*.so" -o -name "*.chk" \) \ | sed -e "s-^-/-" >>temp.spec - cp $(NAME)-$(VERSION).tar.gz $(TOPDIR)/SOURCES + cp $(NAME)-$(VERSION).tar.gz SOURCES rpm -ba temp.spec - if [ ! -d RPMS ] ; then mkdir -p RPMS ; fi - if [ ! -d SRPMS ] ; then mkdir -p SRPMS ; fi - cp -v $(TOPDIR)/RPMS/i386/$(NAME)-$(VERSION)-* RPMS - cp -v $(TOPDIR)/RPMS/i386/$(NAME)-devel-$(VERSION)-* RPMS - cp -v $(TOPDIR)/SRPMS/$(NAME)-$(VERSION)-* SRPMS clean:: - rm -rf $(TOPDIR)/BUILD/$(NAME) - rm -rf RPMS SRPMS usr + rm -rf SOURCES SRPMS RPMS BUILD + rm -rf opt rm -f temp.spec rm -f $(NAME)-$(VERSION).tar.gz diff --git a/security/nss/pkg/linux/sun-nss.spec b/security/nss/pkg/linux/sun-nss.spec index 1c3563332..4c814f36a 100644 --- a/security/nss/pkg/linux/sun-nss.spec +++ b/security/nss/pkg/linux/sun-nss.spec @@ -1,14 +1,17 @@ Summary: Network Security Services Name: NAME_REPLACE -Vendor: Sun Microsystems +Vendor: Sun Microsystems, Inc. Version: VERSION_REPLACE Release: RELEASE_REPLACE -Copyright: MPL/GPL +Copyright: Copyright 2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Also under other license(s) as shown at the Description field. +Distribution: Sun Java(TM) Enterprise System +URL: http://www.sun.com Group: System Environment/Base Source: %{name}-%{version}.tar.gz ExclusiveOS: Linux -BuildRoot: /var/tmp/%{name}-root -Requires: sun-nspr >= 4.3 +BuildRoot: %_topdir/%{name}-root + +Requires: sun-nspr >= 4.1.2 %description Network Security Services (NSS) is a set of libraries designed @@ -18,6 +21,8 @@ and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. See: http://www.mozilla.org/projects/security/pki/nss/overview.html +Under "MPL/GPL" license. + %package devel Summary: Development Libraries for Network Security Services Group: Development/Libraries @@ -26,6 +31,8 @@ Requires: %{name} = %{version}-%{release} %description devel Header files for doing development with Network Security Services. +Under "MPL/GPL" license. + %prep %setup -c diff --git a/security/nss/pkg/solaris/Makefile b/security/nss/pkg/solaris/Makefile index 2d2ff6ff4..3819fa4a8 100644 --- a/security/nss/pkg/solaris/Makefile +++ b/security/nss/pkg/solaris/Makefile @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" @@ -12,26 +12,27 @@ CORE_DEPTH = ../../.. cp $< $@ chmod +x $@ +HEADER_DIR = public/nss -ifeq ($(USE_64), 1) DIRS = \ - SUNWtlsx -else -DIRS = \ - SUNWtls -endif + SUNWtls \ + SUNWtlsu \ + SUNWtlsd + +include Makefile.com PROTO = \ $(ROOT) \ - $(ROOT)/usr \ - $(ROOT)/usr/lib \ - $(ROOT)/usr/lib/mps + $(ROOT)/usr/lib/mps \ + $(ROOT)/usr/include/mps \ + $(ROOT)/usr/sfw/bin -ifdef USE_64 -PROTO += $(ROOT)/usr/lib/mps/sparcv9 +ifeq ($(MACH), sparc) + PROTO += $(ROOT)/usr/lib/mps/sparcv9 \ + $(ROOT)/usr/sfw/bin/sparcv9 endif -include Makefile.com +DIST64 = $(shell echo $(DIST) | sed -e "s|_OPT|_64_OPT|g" -e "s|_DBG|_64_DBG|g") awk_pkginfo: bld_awk_pkginfo ./bld_awk_pkginfo -m $(MACH) -p "$(PRODUCT_VERSION)" -o $@ -v $(PRODUCT_VERSION) @@ -44,13 +45,23 @@ clean clobber:: $(RM) awk_pkginfo bld_awk_pkginfo $(RM) -r $(ROOT) -$(ROOT) $(ROOT)/%: +$(ROOT): mkdir -p $@ -ifdef USE_64 -$(ROOT)/usr/lib/mps/sparcv9: $(ROOT)/usr/lib - $(LN) -sf ../../../../$(DIST)/lib $@ -else -$(ROOT)/usr/lib/mps: $(ROOT)/usr/lib - $(LN) -sf ../../../$(DIST)/lib $@ -endif +$(ROOT)/usr/lib/mps: + mkdir -p $@ + $(CP) -r $(DIST)/lib/*.so $@ + $(CP) -r $(DIST)/lib/*.chk $@ +$(ROOT)/usr/sfw/bin: + mkdir -p $@ + -$(CP) -r $(DIST)/bin/* $@ +$(ROOT)/usr/include/mps: + mkdir -p $@ + $(CP) -r $(SOURCE_PREFIX)/$(HEADER_DIR)/*.h $@ +$(ROOT)/usr/lib/mps/sparcv9: + mkdir -p $@ + $(CP) -r $(DIST64)/lib/*.so $@ + $(CP) -r $(DIST64)/lib/*.chk $@ +$(ROOT)/usr/sfw/bin/sparcv9: + mkdir -p $@ + $(CP) -r $(DIST64)/bin/* $@ diff --git a/security/nss/pkg/solaris/Makefile-devl.com b/security/nss/pkg/solaris/Makefile-devl.com new file mode 100755 index 000000000..372d6e557 --- /dev/null +++ b/security/nss/pkg/solaris/Makefile-devl.com @@ -0,0 +1,33 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# + +MACH = $(shell mach) + +PUBLISH_ROOT = $(DIST) +ifeq ($(CORE_DEPTH),../../..) +ROOT = ROOT +else +ROOT = $(subst ../../../,,$(CORE_DEPTH))/ROOT +endif + +PKGARCHIVE = $(PUBLISH_ROOT)/pkgarchive +DATAFILES = copyright +FILES = $(DATAFILES) pkginfo + + +PACKAGE = $(shell basename `pwd`) + +PRODUCT_VERSION = $(shell grep NSS_VERSION $(CORE_DEPTH)/nss/lib/nss/nss.h | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//') + +LN = /usr/bin/ln + +CLOBBERFILES = $(FILES) + +include $(CORE_DEPTH)/coreconf/config.mk +include $(CORE_DEPTH)/coreconf/rules.mk + +# vim: ft=make diff --git a/security/nss/pkg/solaris/Makefile-devl.targ b/security/nss/pkg/solaris/Makefile-devl.targ new file mode 100755 index 000000000..84283d89b --- /dev/null +++ b/security/nss/pkg/solaris/Makefile-devl.targ @@ -0,0 +1,26 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# + +pkginfo: pkginfo.tmpl ../awk_pkginfo + $(RM) $@; nawk -f ../awk_pkginfo $@.tmpl > $@ + +pkg: $(PKGARCHIVE) prototype + pkgmk -f prototype -d $(PKGARCHIVE) -r $(ROOT) -o $(PACKAGE) + +$(PKGARCHIVE): + [ -d $(PKGARCHIVE) ] || mkdir -p $(PKGARCHIVE) + +$(DATAFILES):: %: ../common_files/% + $(RM) $@; cp ../common_files/$@ $@ + +$(MACHDATAFILES): %: ../common_files/%_$(MACH) + $(RM) $@; cp ../common_files/$@_$(MACH) $@ + +clobber clean:: + -$(RM) $(CLOBBERFILES) $(CLEANFILES) + +.PHONY: pkg diff --git a/security/nss/pkg/solaris/Makefile-tlsu.com b/security/nss/pkg/solaris/Makefile-tlsu.com new file mode 100755 index 000000000..372d6e557 --- /dev/null +++ b/security/nss/pkg/solaris/Makefile-tlsu.com @@ -0,0 +1,33 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# + +MACH = $(shell mach) + +PUBLISH_ROOT = $(DIST) +ifeq ($(CORE_DEPTH),../../..) +ROOT = ROOT +else +ROOT = $(subst ../../../,,$(CORE_DEPTH))/ROOT +endif + +PKGARCHIVE = $(PUBLISH_ROOT)/pkgarchive +DATAFILES = copyright +FILES = $(DATAFILES) pkginfo + + +PACKAGE = $(shell basename `pwd`) + +PRODUCT_VERSION = $(shell grep NSS_VERSION $(CORE_DEPTH)/nss/lib/nss/nss.h | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//') + +LN = /usr/bin/ln + +CLOBBERFILES = $(FILES) + +include $(CORE_DEPTH)/coreconf/config.mk +include $(CORE_DEPTH)/coreconf/rules.mk + +# vim: ft=make diff --git a/security/nss/pkg/solaris/Makefile-tlsu.targ b/security/nss/pkg/solaris/Makefile-tlsu.targ new file mode 100755 index 000000000..2c5db9911 --- /dev/null +++ b/security/nss/pkg/solaris/Makefile-tlsu.targ @@ -0,0 +1,26 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# + +pkginfo: pkginfo.tmpl ../awk_pkginfo + $(RM) $@; nawk -f ../awk_pkginfo $@.tmpl > $@ + +pkg: $(PKGARCHIVE) prototype_$(MACH) + pkgmk -f prototype_$(MACH) -d $(PKGARCHIVE) -r $(ROOT) -o $(PACKAGE) + +$(PKGARCHIVE): + [ -d $(PKGARCHIVE) ] || mkdir -p $(PKGARCHIVE) + +$(DATAFILES):: %: ../common_files/% + $(RM) $@; cp ../common_files/$@ $@ + +$(MACHDATAFILES): %: ../common_files/%_$(MACH) + $(RM) $@; cp ../common_files/$@_$(MACH) $@ + +clobber clean:: + -$(RM) $(CLOBBERFILES) $(CLEANFILES) + +.PHONY: pkg diff --git a/security/nss/pkg/solaris/Makefile.com b/security/nss/pkg/solaris/Makefile.com index 7d445459e..9e4d4fc04 100644 --- a/security/nss/pkg/solaris/Makefile.com +++ b/security/nss/pkg/solaris/Makefile.com @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" @@ -16,7 +16,7 @@ endif PKGARCHIVE = $(PUBLISH_ROOT)/pkgarchive DATAFILES = copyright -FILES = $(DATAFILES) pkginfo +FILES = $(DATAFILES) pkginfo prototype PACKAGE = $(shell basename `pwd`) @@ -24,6 +24,7 @@ PRODUCT_VERSION = $(shell grep NSS_VERSION $(CORE_DEPTH)/../dist/public/nss/nss. | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//') LN = /usr/bin/ln +CP = /usr/bin/cp CLOBBERFILES = $(FILES) diff --git a/security/nss/pkg/solaris/Makefile.targ b/security/nss/pkg/solaris/Makefile.targ index 279a7bca6..bc36eb6c4 100644 --- a/security/nss/pkg/solaris/Makefile.targ +++ b/security/nss/pkg/solaris/Makefile.targ @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" @@ -8,7 +8,12 @@ pkginfo: pkginfo.tmpl ../awk_pkginfo $(RM) $@; nawk -f ../awk_pkginfo $@.tmpl > $@ -pkg: $(PKGARCHIVE) +prototype: prototype_com prototype_$(MACH) + cat prototype_$(MACH) | sed -e \ +'/^!include[ ][ ]*prototype_com/ r ./prototype_com' \ +-e 's/^!include[ ][ ]*prototype_com//g' >prototype + +pkg: $(PKGARCHIVE) prototype pkgmk -f prototype_$(MACH) -d $(PKGARCHIVE) -r $(ROOT) -o $(PACKAGE) $(PKGARCHIVE): diff --git a/security/nss/pkg/solaris/SUNWtls/Makefile b/security/nss/pkg/solaris/SUNWtls/Makefile index 5058a1f68..a299d6321 100644 --- a/security/nss/pkg/solaris/SUNWtls/Makefile +++ b/security/nss/pkg/solaris/SUNWtls/Makefile @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" diff --git a/security/nss/pkg/solaris/SUNWtls/pkgdepend b/security/nss/pkg/solaris/SUNWtls/pkgdepend index 966ba0556..51b7ba8b3 100644 --- a/security/nss/pkg/solaris/SUNWtls/pkgdepend +++ b/security/nss/pkg/solaris/SUNWtls/pkgdepend @@ -1,4 +1,4 @@ -# Copyright 2002 Microsystems, Inc. All Rights Reserved. +# Copyright 2004 Microsystems, Inc. All Rights Reserved. # Use is subject to license terms. # # $Id$ diff --git a/security/nss/pkg/solaris/SUNWtls/pkginfo.tmpl b/security/nss/pkg/solaris/SUNWtls/pkginfo.tmpl index e0a697529..fd2235b9d 100644 --- a/security/nss/pkg/solaris/SUNWtls/pkginfo.tmpl +++ b/security/nss/pkg/solaris/SUNWtls/pkginfo.tmpl @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" diff --git a/security/nss/pkg/solaris/SUNWtls/prototype_com b/security/nss/pkg/solaris/SUNWtls/prototype_com index c5e00d3e2..3e2df6253 100644 --- a/security/nss/pkg/solaris/SUNWtls/prototype_com +++ b/security/nss/pkg/solaris/SUNWtls/prototype_com @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" @@ -26,9 +26,16 @@ i depend=pkgdepend d none usr 755 root sys d none usr/lib 755 root bin d none usr/lib/mps 755 root bin +d none usr/lib/mps/secv1 755 root bin f none usr/lib/mps/libnss3.so 755 root bin f none usr/lib/mps/libsmime3.so 755 root bin f none usr/lib/mps/libssl3.so 755 root bin f none usr/lib/mps/libnssckbi.so 755 root bin f none usr/lib/mps/libsoftokn3.chk 755 root bin f none usr/lib/mps/libsoftokn3.so 755 root bin +s none usr/lib/mps/secv1/libnss3.so=../libnss3.so +s none usr/lib/mps/secv1/libsmime3.so=../libsmime3.so +s none usr/lib/mps/secv1/libssl3.so=../libssl3.so +s none usr/lib/mps/secv1/libnssckbi.so=../libnssckbi.so +s none usr/lib/mps/secv1/libsoftokn3.chk=../libsoftokn3.chk +s none usr/lib/mps/secv1/libsoftokn3.so=../libsoftokn3.so diff --git a/security/nss/pkg/solaris/SUNWtls/prototype_i386 b/security/nss/pkg/solaris/SUNWtls/prototype_i386 index d2718ee05..8c6d62844 100644 --- a/security/nss/pkg/solaris/SUNWtls/prototype_i386 +++ b/security/nss/pkg/solaris/SUNWtls/prototype_i386 @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" diff --git a/security/nss/pkg/solaris/SUNWtls/prototype_sparc b/security/nss/pkg/solaris/SUNWtls/prototype_sparc index d916457c6..649082e5e 100644 --- a/security/nss/pkg/solaris/SUNWtls/prototype_sparc +++ b/security/nss/pkg/solaris/SUNWtls/prototype_sparc @@ -1,5 +1,5 @@ # -# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "$Id$" @@ -32,3 +32,24 @@ f none usr/lib/mps/libfreebl_hybrid_3.chk 755 root bin f none usr/lib/mps/libfreebl_hybrid_3.so 755 root bin f none usr/lib/mps/libfreebl_pure32_3.chk 755 root bin f none usr/lib/mps/libfreebl_pure32_3.so 755 root bin +s none usr/lib/mps/secv1/libfreebl_hybrid_3.chk=../libfreebl_hybrid_3.chk +s none usr/lib/mps/secv1/libfreebl_hybrid_3.so=../libfreebl_hybrid_3.so +s none usr/lib/mps/secv1/libfreebl_pure32_3.chk=../libfreebl_pure32_3.chk +s none usr/lib/mps/secv1/libfreebl_pure32_3.so=../libfreebl_pure32_3.so +s none usr/lib/mps/64=sparcv9 +s none usr/lib/mps/secv1/64=sparcv9 +d none usr/lib/mps/sparcv9 755 root bin +d none usr/lib/mps/secv1/sparcv9 755 root bin +f none usr/lib/mps/sparcv9/libnss3.so 755 root bin +f none usr/lib/mps/sparcv9/libsmime3.so 755 root bin +f none usr/lib/mps/sparcv9/libssl3.so 755 root bin +f none usr/lib/mps/sparcv9/libnssckbi.so 755 root bin +f none usr/lib/mps/sparcv9/libsoftokn3.chk 755 root bin +f none usr/lib/mps/sparcv9/libsoftokn3.so 755 root bin +s none usr/lib/mps/secv1/sparcv9/libnss3.so=../../libnss3.so +s none usr/lib/mps/secv1/sparcv9/libsmime3.so=../../libsmime3.so +s none usr/lib/mps/secv1/sparcv9/libssl3.so=../../libssl3.so +s none usr/lib/mps/secv1/sparcv9/libnssckbi.so=../../libnssckbi.so +s none usr/lib/mps/secv1/sparcv9/libsoftokn3.chk=../../libsoftokn3.chk +s none usr/lib/mps/secv1/sparcv9/libsoftokn3.so=../../libsoftokn3.so + diff --git a/security/nss/pkg/solaris/SUNWtlsd/Makefile b/security/nss/pkg/solaris/SUNWtlsd/Makefile new file mode 100755 index 000000000..3a1bd83b3 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsd/Makefile @@ -0,0 +1,16 @@ +# +# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# + +CORE_DEPTH = ../../../.. +include ../Makefile-devl.com + +DATAFILES += + +all:: $(FILES) +publish:: all pkg + +include ../Makefile-devl.targ diff --git a/security/nss/pkg/solaris/SUNWtlsd/pkgdepend b/security/nss/pkg/solaris/SUNWtlsd/pkgdepend new file mode 100755 index 000000000..fe0695db7 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsd/pkgdepend @@ -0,0 +1,23 @@ +# Copyright 2002 Microsystems, Inc. All Rights Reserved. +# Use is subject to license terms. +# +# $Id$ +# +# This package information file defines software dependencies associated +# with the pkg. You can define three types of pkg dependencies with this file: +# P indicates a prerequisite for installation +# I indicates an incompatible package +# R indicates a reverse dependency +# <pkg.abbr> see pkginfo(4), PKG parameter +# <name> see pkginfo(4), NAME parameter +# <version> see pkginfo(4), VERSION parameter +# <arch> see pkginfo(4), ARCH parameter +# <type> <pkg.abbr> <name> +# (<arch>)<version> +# (<arch>)<version> +# ... +# <type> <pkg.abbr> <name> +# ... + +P SUNWprd Netscape Portable Runtime Development +P SUNWtls Netscape Security Services diff --git a/security/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl b/security/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl new file mode 100755 index 000000000..c47b89069 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl @@ -0,0 +1,34 @@ +# +# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# +# +# This required package information file describes characteristics of the +# package, such as package abbreviation, full package name, package version, +# and package architecture. +# +PKG="SUNWtlsd" +NAME="Network Security Services Development" +ARCH="ISA" +VERSION="NSSVERS,REV=0.0.0" +SUNW_PRODNAME="Network Security Services Development" +SUNW_PRODVERS="RELEASE/VERSION" +SUNW_PKGTYPE="usr" +MAXINST="1000" +CATEGORY="system" +DESC="Network Security Services Files for Development" +VENDOR="Sun Microsystems, Inc." +HOTLINE="Please contact your local service provider" +EMAIL="" +CLASSES="none" +BASEDIR=/ +SUNW_PKGVERS="1.0" +#VSTOCK="<reserved by Release Engineering for package part #>" +#ISTATES="<developer defined>" +#RSTATES='<developer defined>' +#ULIMIT="<developer defined>" +#ORDER="<developer defined>" +#PSTAMP="<developer defined>" +#INTONLY="<developer defined>" diff --git a/security/nss/pkg/solaris/SUNWtlsd/prototype b/security/nss/pkg/solaris/SUNWtlsd/prototype new file mode 100755 index 000000000..16233267e --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsd/prototype @@ -0,0 +1,126 @@ +# +# Copyright 2002 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# +# This required package information file contains a list of package contents. +# The 'pkgmk' command uses this file to identify the contents of a package +# and their location on the development machine when building the package. +# Can be created via a text editor or through use of the 'pkgproto' command. + +#!search <pathname pathname ...> # where to find pkg objects +#!include <filename> # include another 'prototype' file +#!default <mode> <owner> <group> # default used if not specified on entry +#!<param>=<value> # puts parameter in pkg environment + +# packaging files +i copyright +i pkginfo +i depend=pkgdepend +# +# source locations relative to the prototype file +# +# SUNWtlsd +# +d none usr 0755 root sys +d none usr/include 0755 root bin +d none usr/include/mps 0755 root bin +f none usr/include/mps/base64.h 0644 root bin +#f none usr/include/mps/blapi.h 0644 root bin +f none usr/include/mps/blapit.h 0644 root bin +f none usr/include/mps/cert.h 0644 root bin +f none usr/include/mps/certdb.h 0644 root bin +f none usr/include/mps/certt.h 0644 root bin +f none usr/include/mps/ciferfam.h 0644 root bin +f none usr/include/mps/cmmf.h 0644 root bin +f none usr/include/mps/cmmft.h 0644 root bin +f none usr/include/mps/cms.h 0644 root bin +f none usr/include/mps/cmsreclist.h 0644 root bin +f none usr/include/mps/cmst.h 0644 root bin +f none usr/include/mps/crmf.h 0644 root bin +f none usr/include/mps/crmft.h 0644 root bin +f none usr/include/mps/cryptohi.h 0644 root bin +f none usr/include/mps/cryptoht.h 0644 root bin +f none usr/include/mps/hasht.h 0644 root bin +f none usr/include/mps/jar-ds.h 0644 root bin +f none usr/include/mps/jar.h 0644 root bin +f none usr/include/mps/jarfile.h 0644 root bin +f none usr/include/mps/key.h 0644 root bin +#f none usr/include/mps/keydbt.h 0644 root bin +f none usr/include/mps/keyhi.h 0644 root bin +#f none usr/include/mps/keylow.h 0644 root bin +f none usr/include/mps/keyt.h 0644 root bin +#f none usr/include/mps/keytboth.h 0644 root bin +f none usr/include/mps/keythi.h 0644 root bin +#f none usr/include/mps/keytlow.h 0644 root bin +f none usr/include/mps/nss.h 0644 root bin +f none usr/include/mps/nssb64.h 0644 root bin +f none usr/include/mps/nssb64t.h 0644 root bin +f none usr/include/mps/nssbase.h 0644 root bin +f none usr/include/mps/nssbaset.h 0644 root bin +f none usr/include/mps/nssckepv.h 0644 root bin +f none usr/include/mps/nssckbi.h 0644 root bin +f none usr/include/mps/nssckft.h 0644 root bin +f none usr/include/mps/nssckfw.h 0644 root bin +f none usr/include/mps/nssckfwc.h 0644 root bin +f none usr/include/mps/nssckfwt.h 0644 root bin +f none usr/include/mps/nssckg.h 0644 root bin +f none usr/include/mps/nssckmdt.h 0644 root bin +#f none usr/include/mps/nssckp.h 0644 root bin +f none usr/include/mps/nssckt.h 0644 root bin +#f none usr/include/mps/nsscku.h 0644 root bin +f none usr/include/mps/nssilckt.h 0644 root bin +f none usr/include/mps/nssilock.h 0644 root bin +f none usr/include/mps/nsslocks.h 0644 root bin +f none usr/include/mps/nssrwlk.h 0644 root bin +f none usr/include/mps/nssrwlkt.h 0644 root bin +f none usr/include/mps/ocsp.h 0644 root bin +f none usr/include/mps/ocspt.h 0644 root bin +f none usr/include/mps/p12.h 0644 root bin +f none usr/include/mps/p12plcy.h 0644 root bin +f none usr/include/mps/p12t.h 0644 root bin +f none usr/include/mps/pk11func.h 0644 root bin +f none usr/include/mps/pk11pqg.h 0644 root bin +f none usr/include/mps/pk11sdr.h 0644 root bin +f none usr/include/mps/pkcs11.h 0644 root bin +f none usr/include/mps/pkcs11f.h 0644 root bin +f none usr/include/mps/pkcs11p.h 0644 root bin +f none usr/include/mps/pkcs11t.h 0644 root bin +f none usr/include/mps/pkcs11u.h 0644 root bin +f none usr/include/mps/pkcs11n.h 0644 root bin +f none usr/include/mps/pkcs12.h 0644 root bin +f none usr/include/mps/pkcs12t.h 0644 root bin +f none usr/include/mps/pkcs7t.h 0644 root bin +f none usr/include/mps/portreg.h 0644 root bin +#f none usr/include/mps/pqgutil.h 0644 root bin +f none usr/include/mps/preenc.h 0644 root bin +f none usr/include/mps/secasn1.h 0644 root bin +f none usr/include/mps/secasn1t.h 0644 root bin +f none usr/include/mps/seccomon.h 0644 root bin +f none usr/include/mps/secder.h 0644 root bin +f none usr/include/mps/secdert.h 0644 root bin +f none usr/include/mps/secdig.h 0644 root bin +f none usr/include/mps/secdigt.h 0644 root bin +f none usr/include/mps/secerr.h 0644 root bin +f none usr/include/mps/sechash.h 0644 root bin +f none usr/include/mps/secitem.h 0644 root bin +f none usr/include/mps/secmime.h 0644 root bin +f none usr/include/mps/secmod.h 0644 root bin +f none usr/include/mps/secmodt.h 0644 root bin +f none usr/include/mps/secoid.h 0644 root bin +f none usr/include/mps/secoidt.h 0644 root bin +f none usr/include/mps/secpkcs5.h 0644 root bin +f none usr/include/mps/secpkcs7.h 0644 root bin +f none usr/include/mps/secport.h 0644 root bin +#f none usr/include/mps/secrng.h 0644 root bin +#f none usr/include/mps/secrngt.h 0644 root bin +f none usr/include/mps/shsign.h 0644 root bin +f none usr/include/mps/smime.h 0644 root bin +f none usr/include/mps/ssl.h 0644 root bin +f none usr/include/mps/sslerr.h 0644 root bin +f none usr/include/mps/sslproto.h 0644 root bin +f none usr/include/mps/sslt.h 0644 root bin +f none usr/include/mps/swfort.h 0644 root bin +f none usr/include/mps/swfortt.h 0644 root bin +f none usr/include/mps/watcomfx.h 0644 root bin diff --git a/security/nss/pkg/solaris/SUNWtlsu/Makefile b/security/nss/pkg/solaris/SUNWtlsu/Makefile new file mode 100755 index 000000000..bc2795e27 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsu/Makefile @@ -0,0 +1,16 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# + +CORE_DEPTH = ../../../.. +include ../Makefile-tlsu.com + +DATAFILES += + +all:: $(FILES) +publish:: all pkg + +include ../Makefile-tlsu.targ diff --git a/security/nss/pkg/solaris/SUNWtlsu/pkgdepend b/security/nss/pkg/solaris/SUNWtlsu/pkgdepend new file mode 100755 index 000000000..ae7d398c1 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsu/pkgdepend @@ -0,0 +1,22 @@ +# Copyright 2004 Microsystems, Inc. All Rights Reserved. +# Use is subject to license terms. +# +# $Id$ +# +# This package information file defines software dependencies associated +# with the pkg. You can define three types of pkg dependencies with this file: +# P indicates a prerequisite for installation +# I indicates an incompatible package +# R indicates a reverse dependency +# <pkg.abbr> see pkginfo(4), PKG parameter +# <name> see pkginfo(4), NAME parameter +# <version> see pkginfo(4), VERSION parameter +# <arch> see pkginfo(4), ARCH parameter +# <type> <pkg.abbr> <name> +# (<arch>)<version> +# (<arch>)<version> +# ... +# <type> <pkg.abbr> <name> +# ... + +P SUNWtls Netscape Security Services diff --git a/security/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl b/security/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl new file mode 100755 index 000000000..19b7e8766 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl @@ -0,0 +1,34 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# +# +# This required package information file describes characteristics of the +# package, such as package abbreviation, full package name, package version, +# and package architecture. +# +PKG="SUNWtlsu" +NAME="Network Security Services Utilities" +ARCH="ISA" +VERSION="NSSVERS,REV=0.0.0" +SUNW_PRODNAME="Network Security Services Utilities" +SUNW_PRODVERS="RELEASE/VERSION" +SUNW_PKGTYPE="usr" +MAXINST="1000" +CATEGORY="system" +DESC="Network Security Services Utilities Programs" +VENDOR="Sun Microsystems, Inc." +HOTLINE="Please contact your local service provider" +EMAIL="" +CLASSES="none" +BASEDIR=/ +SUNW_PKGVERS="1.0" +#VSTOCK="<reserved by Release Engineering for package part #>" +#ISTATES="<developer defined>" +#RSTATES='<developer defined>' +#ULIMIT="<developer defined>" +#ORDER="<developer defined>" +#PSTAMP="<developer defined>" +#INTONLY="<developer defined>" diff --git a/security/nss/pkg/solaris/SUNWtlsu/prototype_com b/security/nss/pkg/solaris/SUNWtlsu/prototype_com new file mode 100755 index 000000000..48f8387dd --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsu/prototype_com @@ -0,0 +1,36 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# +# This required package information file contains a list of package contents. +# The 'pkgmk' command uses this file to identify the contents of a package +# and their location on the development machine when building the package. +# Can be created via a text editor or through use of the 'pkgproto' command. + +#!search <pathname pathname ...> # where to find pkg objects +#!include <filename> # include another 'prototype' file +#!default <mode> <owner> <group> # default used if not specified on entry +#!<param>=<value> # puts parameter in pkg environment + +# packaging files +i copyright +i pkginfo +i depend=pkgdepend +# +# source locations relative to the prototype file +# +# SUNWtlsu +# +d none usr 0755 root sys +d none usr/sfw 0755 root bin +d none usr/sfw/bin 0755 root bin +f none usr/sfw/bin/certutil 0755 root bin +f none usr/sfw/bin/crlutil 0755 root bin +f none usr/sfw/bin/cmsutil 0755 root bin +f none usr/sfw/bin/modutil 0755 root bin +f none usr/sfw/bin/pk12util 0755 root bin +f none usr/sfw/bin/signtool 0755 root bin +f none usr/sfw/bin/signver 0755 root bin +f none usr/sfw/bin/ssltap 0755 root bin diff --git a/security/nss/pkg/solaris/SUNWtlsu/prototype_i386 b/security/nss/pkg/solaris/SUNWtlsu/prototype_i386 new file mode 100644 index 000000000..7fc238abd --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsu/prototype_i386 @@ -0,0 +1,31 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# +# This required package information file contains a list of package contents. +# The 'pkgmk' command uses this file to identify the contents of a package +# and their location on the development machine when building the package. +# Can be created via a text editor or through use of the 'pkgproto' command. + +#!search <pathname pathname ...> # where to find pkg objects +#!include <filename> # include another 'prototype' file +#!default <mode> <owner> <group> # default used if not specified on entry +#!<param>=<value> # puts parameter in pkg environment + +# +# Include ISA independent files (prototype_com) +# +!include prototype_com +# +# +# +# List files which are i386 specific here +# +# source locations relative to the prototype file +# +# +# SUNWtlsu +# + diff --git a/security/nss/pkg/solaris/SUNWtlsu/prototype_sparc b/security/nss/pkg/solaris/SUNWtlsu/prototype_sparc new file mode 100644 index 000000000..21aaabe32 --- /dev/null +++ b/security/nss/pkg/solaris/SUNWtlsu/prototype_sparc @@ -0,0 +1,41 @@ +# +# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Use is subject to license terms. +# +#ident "$Id$" +# +# This required package information file contains a list of package contents. +# The 'pkgmk' command uses this file to identify the contents of a package +# and their location on the development machine when building the package. +# Can be created via a text editor or through use of the 'pkgproto' command. + +#!search <pathname pathname ...> # where to find pkg objects +#!include <filename> # include another 'prototype' file +#!default <mode> <owner> <group> # default used if not specified on entry +#!<param>=<value> # puts parameter in pkg environment + +# +# Include ISA independent files (prototype_com) +# +!include prototype_com +# +# +# +# List files which are SPARC specific here +# +# source locations relative to the prototype file +# +# +# SUNWtlsu +# +s none usr/sfw/bin/64=sparcv9 +d none usr/sfw/bin/sparcv9 0755 root bin +f none usr/sfw/bin/sparcv9/certutil 0755 root bin +f none usr/sfw/bin/sparcv9/crlutil 0755 root bin +f none usr/sfw/bin/sparcv9/cmsutil 0755 root bin +f none usr/sfw/bin/sparcv9/modutil 0755 root bin +f none usr/sfw/bin/sparcv9/pk12util 0755 root bin +f none usr/sfw/bin/sparcv9/signtool 0755 root bin +f none usr/sfw/bin/sparcv9/signver 0755 root bin +f none usr/sfw/bin/sparcv9/ssltap 0755 root bin + diff --git a/security/nss/tests/ssl/ecssl.sh b/security/nss/tests/ssl/ecssl.sh index 512ed3fbb..f6658d775 100644 --- a/security/nss/tests/ssl/ecssl.sh +++ b/security/nss/tests/ssl/ecssl.sh @@ -131,15 +131,15 @@ is_selfserv_alive() ######################################################################## wait_for_selfserv() { - echo "tstclnt -p ${PORT} -h ${HOST} -q " + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -q " echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \\" #echo "tstclnt -q started at `date`" - tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} + tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} if [ $? -ne 0 ]; then html_failed "<TR><TD> Wait for Server " - echo "RETRY: tstclnt -p ${PORT} -h ${HOST} -q \\" + echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} -q \\" echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" - tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} + tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} elif [ sparam = "-c ABCDEFGHIJKLMNOPQRSTabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then html_passed "<TR><TD> Wait for Server" fi @@ -221,11 +221,11 @@ ssl_cov() fi is_selfserv_alive - echo "tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} \\" + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} \\" echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f \ + tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} -f \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? @@ -252,10 +252,10 @@ ssl_auth() cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` start_selfserv - echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${P_R_CLIENTDIR} \\" + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} \\" echo " ${cparam} < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - tstclnt -p ${PORT} -h ${HOST} -f ${cparam} \ + tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 5af782ac6..d921fb02f 100755 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -127,15 +127,15 @@ is_selfserv_alive() ######################################################################## wait_for_selfserv() { - echo "tstclnt -p ${PORT} -h ${HOST} -q " + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -q " echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \\" #echo "tstclnt -q started at `date`" - tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} + tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} if [ $? -ne 0 ]; then html_failed "<TR><TD> Wait for Server " - echo "RETRY: tstclnt -p ${PORT} -h ${HOST} -q \\" + echo "RETRY: tstclnt -p ${PORT} -h ${HOSTADDR} -q \\" echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" - tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} + tstclnt -p ${PORT} -h ${HOSTADDR} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} elif [ sparam = "-c ABCDEFabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then html_passed "<TR><TD> Wait for Server" fi @@ -214,11 +214,11 @@ ssl_cov() fi is_selfserv_alive - echo "tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} \\" + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} \\" echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f \ + tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} -f \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? @@ -245,10 +245,10 @@ ssl_auth() cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` start_selfserv - echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${P_R_CLIENTDIR} \\" + echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} \\" echo " ${cparam} < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - tstclnt -p ${PORT} -h ${HOST} -f ${cparam} \ + tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? |